Twitch has been compromised

  • Like
  • Feels
  • Agree
Reactions: DogPlant, Scarface1, Mooger Meng and 2 others
I wonder how long until someone sets up LeakedSource 2 and just throws all the code up, I'm sure alot of people don't have 128GB of free space or don't wanna get glowed downloading a torrent of this
 

Attachments

  • 1632655148464.gif
    1632655148464.gif
    2.2 MB · Views: 81
  • Agree
  • Feels
  • Like
Reactions: Korpon, Scarface1, Foreverial and 6 others
Panzerfrau said:
Come on, from what I've seen, these people haven't heard of env variables, don't expect too much. A lot of this code is like Udemy-pajeet-education levels of bad.
Click to expand...
It could be (like i'm suffering from right now) is that they know how to do it, but they're all super-agile and the PMs are dangling bonuses over their head, so half-assed design decisions become the norm. This is characteristic of agile development, because every agile shop i've been to eventually turns into a valiant effort to fight code smells.

Twitch's biggest hardware consumption is video encoding and that's probably mostly done by another department at AWS.
 
  • Like
Reactions: Justa Grata Honoria
I'm going to be the unpopular viewpoint of the thread and say I'm not really mad or disappointed at the majority of these people on this list. I might not be a fan of their content, but that doesn't mean I harbor any personal ill wills against them. I'm generally pretty happy if people win the lottery or they manage to strike gold in the most unlikely of places I don't really care or have a problem. I don't do content creation or twitch streaming because I just don't like it. I don't like sitting all day on a computer and playing video games for hours at a time my ADHD would make me want to blow my brains out.

With that said, a lot of people who win the lottery do end up falling into debt or running themselves dry. So, in the long term, I'm curious how well they can manage this money they're earning or if they'll end up slipping through the cracks and falling into unpayable expenses. They also never have business prospects so what ends up happening is that money in their bank account stagnates and all those purchases and long term monthly expenses begin to collapse on them and they inevitably fall into irrelevancy and then they never can reclaim that income. So I'm more curious about what they do with that money, do they plan for the long term? Or do they CONSOOM?
 
  • Agree
  • Like
  • Feels
Reactions: make_it_so, lurking for the deets, Korpon and 17 others
Bill The Fucker said:
It's a sql query. It's declarative. Theres no "clean" way to fuzzy match that amount of variability in the search, and you should never do fancy regex matches on the DB level. A proper gist index will have that shit flying.
Click to expand...
Oh, shit. Yeah that makes sense, although that begs the question, why is the potentially offensive username in the database already? Wouldn't you do those checks before even touching the DB?
 
Just a Retard said:
Let's be honest tho, if I was being paid just to deliver code and I wasn't invested in the project (that being restricting offensive usernames on a shitty website) I'd write whatever bullshit passed the unit tests (if they even really ran those) as well. It's easy to shit on crap programmers if it's not your 9-17 job, but I can't imagine twitch really deserves or cultivated the time love and care required to craft quality code.

Specially if your workplace is being flooded by newcomers that barely meet the bar, although idk how bad diversity hires really are, I'm more of a hobbyist programmer.
Click to expand...
Well, yes and no, because there's a difference between "I don't care that much about elegance and optimisation, I just want to get paid" and "I'm so incompetent I'm going to make a maintenance of this code a lot harder for myself, even if it can be easily prevented". Hardcoding every single thing will make it cumbersome to maintenance and edit, and in case of API keys and tokens it's a security risk on top of that.
 
  • Agree
Reactions: Just a Retard
Bill The Fucker said:
It's a sql query. It's declarative. Theres no "clean" way to fuzzy match that amount of variability in the search, and you should never do fancy regex matches on the DB level. A proper gist index will have that shit flying.
Click to expand...
I didn't even notice but yeah, I guess it probably is SQL, which does make it pretty retarded. Man, if that developer had to pay what AWS charges non amazon people for RDS services, they'd probably be obligated to seppuku on the spot. Why the fuck is Twitch not using dynamodb and other serverless shit for their authentication? Amazon does.
 
Panzerfrau said:
in case of API keys and tokens it's a security risk
Click to expand...
I've seen that screenshot from /g/ but I didn't download the leak so I couldn't verify. Did they really leak API keys etc?
If they did, then we really have to wonder how long they've been compromised for and what could you accomplish with those, because it could be quite a lot.
Yeah I have to agree, if you're that irresponsible then you absolutely should be sacked lmao
 
Just a Retard said:
I've seen that screenshot from /g/ but I didn't download the leak so I couldn't verify. Did they really leak API keys etc?
If they did, then we really have to wonder how long they've been compromised for and what could you accomplish with those, because it could be quite a lot.
Yeah I have to agree, if you're that irresponsible then you absolutely should be sacked lmao
Click to expand...
I just found a full creds for some AWS db right now (host, user and pass) right now so... yeah
 
  • Informative
  • Like
  • Feels
Reactions: exhausted, FlappyBat, Free Dick Pills and 5 others
Kanye Omari West said:
I didn't even notice but yeah, I guess it probably is SQL, which does make it pretty retarded. Man, if that developer had to pay what AWS charges non amazon people for RDS services, they'd probably be obligated to seppuku on the spot. Why the fuck is Twitch not using dynamodb and other serverless shit for their authentication? Amazon does.
Click to expand...
DynamoDB is a bit of a mess and I feel like a GSI for usernames would be in the terabytes (this is where we get into the part where the costs aren't practical). I'm guessing nobody bothers to fix this shit because they don't have the time to fix this shit because of mismanagement.
Major Discord said:
Twitch is not taking the leak very well, it seems.
Click to expand...
I tried to turn on 2FA this morning, its down. The bed has been shit in, and its still shitting.
 
  • Informative
Reactions: WhoBusTank69 and 419
Kanye Omari West said:
I didn't even notice but yeah, I guess it probably is SQL, which does make it pretty retarded. Man, if that developer had to pay what AWS charges non amazon people for RDS services, they'd probably be obligated to seppuku on the spot. Why the fuck is Twitch not using dynamodb and other serverless shit for their authentication? Amazon does.
Click to expand...
Nah, that's about as good as you're going to get for that kind of query. Dynamo would be fucking awful for this, as it looks like they're doing relatively complex queries with presumably normalized data. Not dynamo's strongsuit.

It might look ugly, but the optimization should be entirely handled via the planner. Good sql is deadass simple sql.
 
  • Like
Reactions: awoo, Mullti Port RDRAM and FlappyBat
Finally finished downloading the torrent after six hours. I'll try to stay seeding for as long as possible. I will also be unpacking all those zips and running grep -ir nigger on them, because what kind of massive source leak goes without finding the every single instance of word "nigger" being used?
 
  • Like
  • Feels
Reactions: kabbublor0r0, Walmart Kart, ApeBass and 11 others
You must log in or register to reply here.
Back