• addie@feddit.uk
    link
    fedilink
    English
    arrow-up
    25
    ·
    12 hours ago

    Oh sweet baby Jesus. That is some astonishing code for validating the title and body of a PR.

          - name: Create PR message file
            run: |
              mkdir -p /tmp
              cat > /tmp/pr-message.txt << 'EOF'
              ${{ github.event.pull_request.title }}
              
              ${{ github.event.pull_request.body }}
              EOF
    

    Put a single-line EOF in your pull request body, follow it up with a completely arbitrary set of Bash commands, whatever you damn well like, put all the environment variables with the repository secrets into a webhook request and send them off somewhere, make sure you terminate it with another cat > /dev/null << 'EOF' to match the other EOF. Now you can compromise the entire project by raising a pull request.

  • PattyMcB@lemmy.world
    link
    fedilink
    English
    arrow-up
    32
    ·
    15 hours ago

    I’ve been saying it since day one. Vibe coding will result in vulnerable software.

  • AllNewTypeFace@leminal.space
    link
    fedilink
    English
    arrow-up
    84
    arrow-down
    1
    ·
    edit-2
    20 hours ago

    The people who believe in keeping their wealth in imaginary computer money also being into vibe-coding is the most hilarious possible outcome. It’s an inexhaustible cavalcade of clownfuckery.

    • Technus@lemmy.zip
      link
      fedilink
      English
      arrow-up
      65
      ·
      20 hours ago

      Having just left a job in the crypto space, the venn diagram of crypto bros and vibe coders is a single fucking circle.

      These people hop from one hype train to the next like moths to a flame.

      • If Only@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        8 hours ago

        I’m no authority on the subject but when I use “imaginary” to refer to money I mean it isn’t backed by anything. Most currencies are backed by a government, stocks are nominally backed by the profitability of the business that issued the stock, futures by commodities, etc. Crypto is traded like securities but has nothing backing it at all other than people’s willingness to buy it from you at a given price.

        Like many things it boils down to how you define your terms, “imaginary” in this case.

  • jaybone@lemmy.zip
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    17 hours ago

    Funny how crypto hype and AI hype both rely so heavily on nvidia hardware.

  • josefo@leminal.space
    link
    fedilink
    English
    arrow-up
    5
    ·
    13 hours ago

    I love how bad shit keeps layering to comical extents, until we reach the cyberpunk stage