There are somewhat obvious explanations. Coding is only one subset of the skills to launch a successful software business, and not even the most important one. There's also a huge element of randomness and luck, especially for a single given project and especially for any type of free b2c social app. Also, people outside Silicon Valley bubble have access to unique social circles that can serve as community "bootstrapping", which would be especially important for a social app
Even knowing all that, there's an element of surprise when you see it happen.
I do suspect another big factor is that experienced people overthink things a bit, much like a child seems to learn a language faster than an adult but may only be more willing to make silly mistakes. Many of the best startups and indie projects would never be started by many experienced engineers because they're perceived as too simple, the market is too saturated, or simply they feel they'd look foolish for trying and failing to do something simple instead of trying and failing something complex.
The term for "failed to implement any kind of authorization in the API" isn't "silly mistakes", it's "professional negligence".
It's unethical to learn 101-level stuff by playing around with a million people's personal information. These guys should turn Hive off and never, ever turn it back on.
Case in point, why did you first learn programming? Probably because you wanted to build something, maybe because you thought it could be a success. Everybody starts as a non-tech person getting into it with a specific goal, really what makes you a programmer is the fact you failed, and unless you gave up you tried again and learnt and became better at your craft. Not to say that those that succeed the first time don't, but its not as much as natural process.
I started programming, as a lot of people do, because I wanted to make a game (and still do), and like a lot of people that first get into game dev, my first goal was to avoid doing that messy programming work myself and find someone that can do it for me. Again, like many, I tried this for a while, until someone reminded me that everyone who does this got into it for the same reason as me, and if they know what they're doing why would they drop their dream game for mine (unless I was paying).
It's no surprise that things like Hive, Mastodon and Cohost have exploded in popularity recently.
Of course, whether these products will be the ones that do well in the long run is still an unanswered question. Hive's security issues and temporary shut down came at the exact wrong time, Cohost's invite system is probably crippling it and people are still not 100% sure how to use Mastodon in some cases, so only time will tell which if any takes off.
Sounds like a lot of it is just being in the right place at the right time. Apparently most of the growth consists of people trying to flee Twitter due to Musk. Though doing that sounds like jumping from a sinking ship into a toy paper boat.
NB, I don't use Hive and have no interest, I moved to Mastodon because I want to be in control of my data moving forward.
I wonder if I'll be able to determine the real Hive of Twitter if things switch.
If that (Mastodon or other implementations) are not good enough, make your own or get involved with the W3C to standardize AP v2.
2. According to the post, Hive responded and said the issues had been fixed. Obviously they haven't, and at this point OP seems to have decided that the most responsible thing to do was to warn users of the platform that they aren't safe.
I don't really see a problem with this.
I also don't believe this is "responsible" disclosure, but I also don't think it's fair to say this information is of no use.
To me this clearly signifies that there is no back-end authentication on their API. The whole app is probably written in JS with a simple database on the backside with no serious middleware on the server side. It would probably not be difficult to reverse engineer this hack by monitoring requests using simple dev tools, and then simply replaying them with altered content.
But with the Hive there is nothing unique, its a Twitter clone, which doesn't offer any technical or operational benefits, and also no major features.
if we are still going to use a centralized network, might as well just continue using Twitter, a network with an existing social circle.
Is it? From what I've seen it's more of a Instagram clone and I am stumped as to why folks are switching to it as a Twitter alternative.
But whatever you thought of the old Twitter policy, that obviously changed. And they could’ve made that change without a new owner if they had chosen to.
He who owns the server sets the rules.
$3M seems small potatoes for Andreessen unless he’s trying to do a Tab vs Diet Coke thing and corner all the options.
I mean, would be quite sad for Elon if those non-US nations pulled Twitter from their markets.
> The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login.
> Attackers can also overwrite data such as posts owned by other users
In the video of the post you can see an option of run a script in an iPhone.
What's that option?
It's really an iPhone?
What are the capabilities of that functionality?
Snark aside, I think the current platforms are going to be the only ones folks use; and then there’s going to be stuff that is entirely different.
These clones are getting just silly.
 Just read they took the server down, we will never know now.
[edit2] Astonishing how supportive the users are. I don't think a lot of users want to understand that all their data is on the streets. It's like they're actually deciding in what they want to believe. Seems to be a trend in society.
its a bit unfair to imply they engaged in some kind of irresponsible disclosure, they haven't disclosed any of the exploits.
"People"? No. Server operators, yes, but that's true of Twitter as well.
The disclosure, here, is that anyone can read private messages. Oh, and also edit posts.
And no, this is not equal. The Hive authors seem to have completely failed to implement authorization for their API, allowing (it seems) anyone with a valid auth token to make a request as any other user, granting everyone access to everyone else's data.
This is a "car company doesn't know what seat belts are" level of incompetence.
Steem/Hive was the first web3 offering and a lot of new 'web3' projects that are getting a lot of publicity have yet to catch up the basics that Steem/Hive had in place 6 years ago.
This is a social network that has recently exploded. My understanding is a ton of games industry people moved to it off Twitter.
It has nothing to do with “Web3”. It’s not a front end.
It’s a native iPhone app. No web presence at all at the moment.