this post was submitted on 30 Mar 2025
410 points (98.6% liked)

Technology

68130 readers
3792 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
410
Privacy disaster as LGBTQ+ and BDSM dating apps leak private photos. (cybernews.com)
submitted 2 days ago by [email protected] to c/[email protected]
48 comments fedilink hide all child comments
 

BDSM, LGBTQ+, and sugar dating apps have been found exposing users' private images, with some of them even leaking photos shared in private messages.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 2 days ago (3 children)

That would require us to manually remake this user account

That sounds fine? Just add it to the script when down-syncing. Or keep auth details in a separate DB and only sync that as needed (that's what we do).

The customer is paranoid, as the project is their public facing website, so they want testing against the actual prod environment.

That's the main problem then, not this testing engineer. We do test directly on prod, but it's not our QA engineers doing the testing, but our support staff and product owners (i.e. people who already have prod access). They verify that the new functionality works as expected and do a quick smoke test to make sure critical flows aren't totally busted. This covers the "paranoid customer" issue while also keeping engineers away from prod.

Maybe you're doing something like that now, idk, but I highly recommend that flow.

[–] [email protected] 1 points 2 days ago (2 children)

We resolved it by making him use pipeline vars for his scripts. Like we told him to do in the beginning.

He fought it because he wanted his scripts the same for all projects. Including hard coded usernames and passwords. So, it was mostly his fault.

[–] [email protected] 1 points 2 days ago (1 children)

Ah, makes a ton of sense. We do the same, basically use a .env file for local dev and OPs overrides the vars with whatever makes sense for the environment.

[–] [email protected] 3 points 2 days ago

Yeah. Since he was a subcontractor, he wanted all his scripts to be the same, no matter who the customer was.

I was like jesus christ, I'm lazy too and want to automate everything, but edit your stupid scripts to use env vars.