this post was submitted on 10 Oct 2025

1280 points (99.5% liked)

Programmer Humor

27933 readers

236 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

1280

Vibecoding is the future (infosec.pub)

submitted 2 months ago by cm0002@sh.itjust.works to c/programmer_humor@programming.dev

75 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] scrubbles@poptalk.scrubbles.tech 217 points 2 months ago* (last edited 2 months ago) (2 children)

You're absolutely right! It doesn't make sense to show the user the 2fa code! removes 2fa completely

[–] Uli@sopuli.xyz 150 points 2 months ago (3 children)

Oh, I get it! You still want 2fa, you just don't want the code to be shown! colors the text white

[–] ThePancakeExperiment@feddit.org 38 points 2 months ago (2 children)

No, no, make it ultra secure and display none it, every website will be a database of important information, you just have to put everything into a hidden table!!

[–] PattyMcB@lemmy.world 20 points 2 months ago

Font size 0

[–] Schmoo@slrpnk.net 5 points 2 months ago

*Includes it in the URL

[–] Redjard@lemmy.dbzer0.com 18 points 2 months ago

Oh you want the code not rendered into html!
Drops the code in javascript when it is received from the backend.

load more comments (1 replies)

[–] pure_bliss@discuss.tchncs.de 13 points 2 months ago* (last edited 2 months ago)

[–] aberrate_junior_beatnik@midwest.social 113 points 2 months ago (2 children)

It took me way too long to figure out what was wrong with this screenshot

[–] Ilovethebomb@sh.itjust.works 56 points 2 months ago (1 children)

Yeah, same here. I was counting the boxes thinking they'd got the wrong amount of numbers.

[–] shalafi@lemmy.world 13 points 2 months ago

I counted the boxes 3 times. :(

[–] Darkmuch@lemmy.world 9 points 2 months ago (2 children)

I need help. I don’t get it…

[–] teegus@sh.itjust.works 27 points 2 months ago

The "secret" code sent to your phone is spelled out in the text

[–] moriquende@lemmy.world 5 points 2 months ago

No point sending the code to your phone when it's displayed right there. The idea of doing this is making sure nobody has stolen your password, because they still need access to your phone before they can access your account.

[–] 8000gnat@reddthat.com 82 points 2 months ago

no factor authentication

[–] undefined@lemmy.hogru.ch 80 points 2 months ago (4 children)

SMS/email-based 2FA should die.

[–] ColdSideOfYourPillow@anarchist.nexus 54 points 2 months ago (1 children)

Luckily, you don't even need to check SMS or input a valid number with the “verification” in the screenshot!

[–] bamboo@lemmy.blahaj.zone 31 points 2 months ago

mission failed successfully

[–] nogooduser@lemmy.world 13 points 2 months ago (2 children)

It’s better than nothing and some people would really struggle to do other types of 2FA.

[–] djsoren19@lemmy.blahaj.zone 8 points 2 months ago

I'll be homest with you, some people really struggle with email 2fa. The amount of working Americans I have spoken with who don't understand how to have two tabs open at once is genuinely frightening.

[–] Natanael 6 points 2 months ago

As a reset method it's worse than having nothing

[–] null@lemmy.nullspace.lol 5 points 2 months ago (1 children)

It's wild how standard SMS is given how (relatively) trivial it is to exploit.

load more comments (1 replies)

[–] dharmacurious@slrpnk.net 3 points 2 months ago (2 children)

What's the best alternative?

[–] nogooduser@lemmy.world 13 points 2 months ago (4 children)

App based 2FA is better. Either the app generates a time based code that you enter into the site or the site sends a push notification to the app asking you to verify the login attempt.

Passkeys are good too as they replace the password completely and leave the 2FA part to the device.

[–] victorz@lemmy.world 6 points 2 months ago (5 children)

Passkey or notification please. So sick of entering these codes on a daily basis.

[–] Opisek@piefed.blahaj.zone 4 points 2 months ago (2 children)

If it's alright with your threat model, you can put the time-based OTPs into your password manager of choice, like Bitwarden. Upon filling your username and password, it places your OTP in your clipboard, so that you can simply paste it in. This does of course reduce the security of the system slightly, since you centralize your passwords and your OTPs. When opting for this method, it is therefore imperative to protect your password manager even more, like via setting up 2FA for the password manager itself or making sure your account gets locked after something like 10 minutes of inactivity. The usability aspect is improved by using a yubikey or another similar physical key technology.

load more comments (2 replies)

load more comments (4 replies)

load more comments (3 replies)

load more comments (1 replies)

[–] aarRJaay@lemmy.world 54 points 2 months ago (1 children)

That's up there with: "You cannot use this password, it's already in use by ... "

[–] SethTaylor@lemmy.world 11 points 2 months ago

But that's so practical. Maybe I can contact them and ask them if we can swap. Haha

[–] Sam_Bass@lemmy.world 44 points 2 months ago (2 children)

They were called scriptkiddies back in the day

[–] _stranger_@lemmy.world 20 points 2 months ago (2 children)

Has the general discourse settled on a proper epithet for this new version?

"vibe coders" doesn't feel derogatory enough.

[–] glitchdx@lemmy.world 6 points 2 months ago (2 children)

"vibe coding" was supposed to be derogatory?

[–] SpaceCowboy@lemmy.ca 4 points 2 months ago (2 children)

Yes. The original post that coined the term was using "vibe coding" to indicate how problematic it is to build software by generating code based on vague prompts.

But a lot of people didn't read the entire post and just thought the term sounded cool and used it as if it was positive thing.

Now we're seeing the negative impacts of vibe coding, just as the original post predicted. So it started as derogatory, somehow became something positive, but it's going back to being derogatory again.

load more comments (2 replies)

load more comments (1 replies)

[–] 2deck@lemmy.world 6 points 2 months ago

Agreed, they're getting off light. I've worked with people who felt the code, but werent always able to communicate their ideas. I'd say theyd fit the idea of vibe coding without ai.

The concept is taken, and doesn't describe the intent well. How about "pseudocoders".

[–] REDACTED 9 points 2 months ago

At least they had real intelligence, doing stuff like this is basically so stupid you'd be clinically braindead

[–] elvith@feddit.org 35 points 2 months ago (1 children)

IIRC the screenshot in the tweet is from a shitpost in reddits r/badUIbattles

load more comments (1 replies)

[–] pineapplelover@lemmy.dbzer0.com 27 points 2 months ago (3 children)

I will be honest, it took me a good while to figure out what's wrong

load more comments (3 replies)

[–] Treczoks@lemmy.world 26 points 2 months ago (2 children)

This could be vibe coding, or just an intern "doing the web site".

Neither should have write access to production code.

[–] cupcakezealot@piefed.blahaj.zone 6 points 2 months ago (3 children)

i mean either one of those fucked up but it's also on the qa/testing team and the deployment team that they let it GET to production.

[–] melfie@lemy.lol 4 points 2 months ago (1 children)

You mean the QA teams a lot of companies laid off because management decided the developers (and now AI) can just write all the automated tests?

load more comments (1 replies)

load more comments (2 replies)

load more comments (1 replies)

[–] cupcakezealot@piefed.blahaj.zone 20 points 2 months ago

i'm ashamed to say that took me a while to figure out what was wrong mostly because i didn't think someone would be that dumb.

[–] cows_are_underrated@feddit.org 20 points 2 months ago (3 children)

Assuming this is real, how the fuck do you fuck up so badly?

[–] mcv@lemmy.zip 17 points 2 months ago* (last edited 2 months ago) (1 children)

What!? It's more user friendly this way. No need to make the user switch to a totally different device when you can tell them right here!

(I hate pointing out sarcasm, but it's better not to risk it these days.)

[–] Cevilia@lemmy.blahaj.zone 5 points 2 months ago

(you don't need to apologise for using tone tags, they're a useful accessibility tool and hurt nobody)

[–] rumba@lemmy.zip 6 points 2 months ago

When I first added 2fa to page, I had a bug and made it do that to compare the values.

production or test, it's likely debug code.

load more comments (1 replies)

[–] prettybunnys@sh.itjust.works 16 points 2 months ago

This could also be a funny translation issue.

My bank sends a text message to me with the first code and a second code I enter.

They tell me the first code in a similar way so I can verify they sent it to me, then I enter the other code in the text.

[–] idunnololz@lemmy.world 15 points 2 months ago (1 children)

Sike! That's the wrong number! /s

[–] Psythik@lemmy.world 22 points 2 months ago* (last edited 2 months ago) (2 children)

It's spelled "psych", as in you're psyching them out.

[–] idunnololz@lemmy.world 7 points 2 months ago* (last edited 2 months ago)

It's ok I'm oot of academia.

[–] guy@piefed.social 3 points 2 months ago

Nitpicking words like this makes me psich

[–] exu@feditown.com 13 points 2 months ago

Just delay accepting the numbers for 10 seconds to simulate the time needed to check SMS and type them.

load more comments