> the pcTattletale client api returns raw aws credentials. it's intended to allow screenshots to be directly uploaded to the storage bucket, which is already terrible enough on its own, but it's worsened by the fact that these credentials are the same for all devices and provide full unscoped access to Fleming's aws infrastructure
(From the Maia arson crimew blog post linked in the article)
This is my favorite part of the story. This is one of the worst decisions you can make when developing an app that uses cloud resources.
It's so pathetic that it makes me wish that we could revoke someone's license to write code.
(From the Maia arson crimew blog post linked in the article)
This is my favorite part of the story. This is one of the worst decisions you can make when developing an app that uses cloud resources.
It's so pathetic that it makes me wish that we could revoke someone's license to write code.