top | item 47123041

(no title)

So purely from a hacker perspective, I'm amused at the whining.

Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.

Then someone shares the exploit with a bunch of script kiddies, they exploit it to the Nth degree, and the company immediately notices and shuts everyone down.

Like, my dudes, what did you think was going to happen?

You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.

And instead, you integrate your exploit into hip new thing, share it at scale, write blog posts and short form video content about it, basically launch a DDoS against the service you're exploiting, and then are shocked when the exploit gets patched and whine about your free thing getting taken away?

Like, what did you expect was going to happen?

discuss

miroljub|6 days ago

> So purely from a hacker perspective, I'm amused at the whining.

> Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.

From a pure hacker perspective, I'm surprised there are people calling a legitimate usage a "weakness you could exploit"?

What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.

Then Google unilaterally changed the TOS of a product people already purchased and started pulling the rug. And again, there are people who call themselves hackers who approve of that? Even worse, they call people calling out Google for their monopolistic behavior whining.

novaleaf|6 days ago

Arn't they yoinking an OAuth token for replay in the Claw app?

If so, I don't think anybody who knows how auth works could feign complete innocence.

rolymath|6 days ago

Google changed the ToS to disallow this usage? I'm pretty sure it was disallowed from the beginning

saalweachter|6 days ago

I mean, the "exploit" is really "we have an access key with overly-broad permissions and poor monitoring", but that's ... also kind of like 70% of old hacker stories?

"The gate code is 1234" "If you punch in this code it tricks the phone network into thinking you're an operator" "The credentials 'guest'/'guest' work on this network".

You probably could have had five, ten people using the Antigravity API key for whatever and even if someone noticed it probably wouldn't have been worth the time to fix.

But it's like you learn the gate code for the employee parking lot and instead of just quietly enjoying free parking you start punching in the code and waving more and more cars into the lot until it's jammed full, and then complain when the code's changed and they post a guard outside checking IDs.

ValentineC|6 days ago

> What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.

It's technically possible, but Google didn't provide a feature allowing the creation of Antigravity or Gemini CLI API keys for use outside the respective apps.

bigyabai|6 days ago

> they call people calling out Google for their monopolistic behavior whining.

Google's monopoly is not in AI, it's advertisement. When you accuse them of ridiculous and unfounded crimes, you're diluting the chance of Google being held accountable. As someone that wants to see Google ripped apart by the FTC, we can't just lie and say everything Google does is criminal.

RobotToaster|6 days ago

> you could exploit to get free/cheap thing

$249/mo isn't cheap

panarky|6 days ago

If you pay $249 to get $1,200 of compute, "cheap" seems like the right word.

mschuster91|6 days ago

> You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.

It's the same with vulnerabilities in slot machines. Damn rare but they exist - in 2014, when I worked in that industry, one gang made a big bang: in a single night, casinos across Germany had to say goodbye to probably 10 million € [1]. Of course, that vulnerability made massive waves... but from what I heard back then, it had been circulating for many months beforehand. Of course, 10 million € is nothing to sneeze at, but keeping a low profile could have made everyone in the know far more profit.

[1] https://www.t-online.de/digital/aktuelles/id_68982394/softwa...

plorg|6 days ago

Back in maybe 2017 there was a YC startup called Audm that hired professional audiobook narrators to read magazine articles. I found them through their embeds in The New Yorker. The app was pretty mediocre and I wanted to use it in my podcast app, so I started writing a scraper. Very quickly I realized that the page embeds were making calls directly to their production database with no authentication whatsoever. So I pivoted to dumping the entire archive, hosting it on my LAN, and serving it as RSS over my VPN. It was cool, and I found that articles from some publications would post as much as 2 weeks before publication. Eventually they were bought by the NYTimes, and in 2020 they either set up permissions or moved the infrastructure. I gave up on the project, and I understand that most of the content is no longer available. I unfortunately lost my archive with a lot of data when my storage array died a couple of years later. I think the product space got commoditized very quickly by AI readers (none of which, to my ear, are as engaging as the human professionals). I think maybe 4 other people knew about my project when it existed.

tda|6 days ago

I fondly remember finding and exploiting a buggy slot machine on the night the Euro got introduced. A classmate (I never played slot machines) made some money but didn't understand what was going on. I observed and it became apparent (in my slightly intoxicated state) the machine would pay out 2 Euro coins where is should pay out 20 cents. And when playing a 1 Euro game, you would often "win" 80 cents. Pay-out immediately and you got 8 Euro. Of course after a few rounds, the 2 Euro coins ran out and it would do some RNG to pay out 1 Euro with 80% chance. Don't know if I tried feeding it back the 2 Euro coins, I recall just made enough to have a free new years eve

JKCalhoun|6 days ago

Kind of a built-in feature of a Cool Thing is that it will get found/shared/widespread.

(See Napster.)

lucky-rathore|3 days ago

wise. couldn't agree more. I

newalexandria|6 days ago

literally this is why we can't have nice things.