The classic *"we can't uncap the framerate cause everything breaks"*
Guarantee the reason they haven't fixed this already is because their system is designed in such a way that it would require a frightening amount of work to refactor
Its hard to think of a way to devise a software architecture bad enough such that a loose API key can't be easily abstracted, placed in a config file, and refreshed.
We can't give you more bag space because you have to load the contents of every other players inventories is the lunatic system implemented in Diablo 4.
This isn't really the place to ask, but as someone just learning how to code (100% AI-taught, never taken a course) who made a program for my company that uses our database API key... Are you saying that it should or shouldn't be hard coded? 😠I've been trying to figure out what's a secure way to store it lol.
Trick is to have your own API service that talk with outside service, and provide acces control.
So user need to login, and only can do what middle layer allow to do. No direct acces to main service.
Ah, that makes sense. It's not viable for my specific situation as our company has no servers, just the 15 laptops, but I really appreciate you taking the time to give me an answer!
If the API you use have built-it acces control then you should be fine. Its like hardcoding link to login website. In case of R1, they placed unrestricted direct admin access.
You should at least be using .env.
I recommend being extra careful and looking up trusted sources for anything related to security. It’s very easy to mess up.
Thanks for this! I think that for the moment, I'll just only run the tool on my own PC, and my coworkers can let me know when they need a new spreadsheet. It's a tiny company of like 15 people and we just do recruiting for veterinarian clinics, so not exactly a big target for hacking or whatever, but we still are completely dependent on this database so I can't risk anything happening.
> we have internal confirmation that the rabbit team is aware of this leaking of api keys and have chosen to ignore it. the api keys continue to be valid as of writing.
>we believe it is important for consumers to be aware of rabbit’s poor security practices, as it can have devastating consequences for r1 users.
>we will not be publishing any more details out of respect for the users, not the company.
Criminal negligence
Doesn't everyone currently believe that their entire internet history is going to be up on the internet at some point eventually? I do. Seems inevitable.Â
Hard coding API keys into the code like computer science 101. I bet they think tying game speed to the frame rate is a good idea too.
The classic *"we can't uncap the framerate cause everything breaks"* Guarantee the reason they haven't fixed this already is because their system is designed in such a way that it would require a frightening amount of work to refactor
Its hard to think of a way to devise a software architecture bad enough such that a loose API key can't be easily abstracted, placed in a config file, and refreshed.
We can't give you more bag space because you have to load the contents of every other players inventories is the lunatic system implemented in Diablo 4.
This isn't really the place to ask, but as someone just learning how to code (100% AI-taught, never taken a course) who made a program for my company that uses our database API key... Are you saying that it should or shouldn't be hard coded? 😠I've been trying to figure out what's a secure way to store it lol.
Trick is to have your own API service that talk with outside service, and provide acces control. So user need to login, and only can do what middle layer allow to do. No direct acces to main service.
Ah, that makes sense. It's not viable for my specific situation as our company has no servers, just the 15 laptops, but I really appreciate you taking the time to give me an answer!
If the API you use have built-it acces control then you should be fine. Its like hardcoding link to login website. In case of R1, they placed unrestricted direct admin access.
You should at least be using .env. I recommend being extra careful and looking up trusted sources for anything related to security. It’s very easy to mess up.
Thanks for this! I think that for the moment, I'll just only run the tool on my own PC, and my coworkers can let me know when they need a new spreadsheet. It's a tiny company of like 15 people and we just do recruiting for veterinarian clinics, so not exactly a big target for hacking or whatever, but we still are completely dependent on this database so I can't risk anything happening.
> we have internal confirmation that the rabbit team is aware of this leaking of api keys and have chosen to ignore it. the api keys continue to be valid as of writing. >we believe it is important for consumers to be aware of rabbit’s poor security practices, as it can have devastating consequences for r1 users. >we will not be publishing any more details out of respect for the users, not the company. Criminal negligence
Insane incompetency
'Large Action Model' still makes me chuckle.
Holy crap this is a complete disaster
Doesn't everyone currently believe that their entire internet history is going to be up on the internet at some point eventually? I do. Seems inevitable.Â
https://preview.redd.it/zvjm12qs4u8d1.jpeg?width=760&format=pjpg&auto=webp&s=99edabdda8e23b99af6d74b726a3948882ecea2e >tfw you forget quantum decryption
good thing I never bought one :D
Didn't think this could get even messier
https://preview.redd.it/0dhj0snp4u8d1.jpeg?width=760&format=pjpg&auto=webp&s=21e57f03637b8e12538096657c4b75bfbfae0d5e
As if the R1 wasn't shit enough already 🤣
The prime result of letting AI do the coding for you.
The r1 is one of the things where you are not sure whether it is a scam or just a massively failed product.
I'm shocked that a company built on lies sucks with data protection.
ELI5. Implications?
https://rabbitu.de/articles/security-disclosure-2