this post was submitted on 10 Oct 2025
802 points (99.8% liked)

Programmer Humor

26799 readers
2644 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
802
Vibecoding is the future (lemmy.ml)
submitted 13 hours ago by cm0002@sh.itjust.works to c/programmer_humor@programming.dev
44 comments fedilink hide all child comments
 
top 44 comments
sorted by: hot top controversial new old
[–] prettybunnys@sh.itjust.works 4 points 34 minutes ago

This could also be a funny translation issue.

My bank sends a text message to me with the first code and a second code I enter.

They tell me the first code in a similar way so I can verify they sent it to me, then I enter the other code in the text.

[–] Treczoks@lemmy.world 8 points 2 hours ago

This could be vibe coding, or just an intern "doing the web site".

Neither should have write access to production code.

[–] cows_are_underrated@feddit.org 14 points 3 hours ago (1 children)

Assuming this is real, how the fuck do you fuck up so badly?

[–] mcv@lemmy.zip 8 points 2 hours ago

What!? It's more user friendly this way. No need to make the user switch to a totally different when you can tell them right here!

/s

(I hate pointing out sarcasm, but it's better not to risk it these days.)

[–] Evil_Shrubbery@thelemmy.club 18 points 6 hours ago (1 children)

Feels like testing feature, hopefully the screenshot isn't from production.

[–] AmbiguousProps@lemmy.today 20 points 6 hours ago (3 children)

We test in production, silly.

[–] VonReposti 3 points 2 hours ago

Everyone has a test environment. Some are just lucky enough to have a separate production environment.

[–] OppaGundamStyle@discuss.tchncs.de 2 points 3 hours ago

It's the only way to fly.

[–] aarRJaay@lemmy.world 32 points 8 hours ago (1 children)

That's up there with: "You cannot use this password, it's already in use by ... "

[–] SethTaylor@lemmy.world 4 points 2 hours ago

But that's so practical. Maybe I can contact them and ask them if we can swap. Haha

[–] elvith@feddit.org 25 points 8 hours ago

IIRC the screenshot in the tweet is from a shitpost in reddits r/badUIbattles

[–] scrubbles@poptalk.scrubbles.tech 148 points 12 hours ago* (last edited 12 hours ago) (1 children)

You're absolutely right! It doesn't make sense to show the user the 2fa code! removes 2fa completely

[–] Uli@sopuli.xyz 108 points 12 hours ago (2 children)

Oh, I get it! You still want 2fa, you just don't want the code to be shown! colors the text white

[–] ThePancakeExperiment@feddit.org 26 points 11 hours ago (1 children)

No, no, make it ultra secure and display none it, every website will be a database of important information, you just have to put everything into a hidden table!!

[–] PattyMcB@lemmy.world 14 points 10 hours ago

Font size 0

[–] Redjard@lemmy.dbzer0.com 12 points 10 hours ago

Oh you want the code not rendered into html!
Drops the code in javascript when it is received from the backend.

[–] aberrate_junior_beatnik@midwest.social 84 points 12 hours ago (2 children)

It took me way too long to figure out what was wrong with this screenshot

[–] Ilovethebomb@sh.itjust.works 46 points 12 hours ago (1 children)

Yeah, same here. I was counting the boxes thinking they'd got the wrong amount of numbers.

[–] shalafi@lemmy.world 10 points 11 hours ago

I counted the boxes 3 times. :(

[–] Darkmuch@lemmy.world 7 points 9 hours ago (2 children)

I need help. I don’t get it…

[–] moriquende@lemmy.world 2 points 3 hours ago

No point sending the code to your phone when it's displayed right there. The idea of doing this is making sure nobody has stolen your password, because they still need access to your phone before they can access your account.

[–] teegus@sh.itjust.works 18 points 9 hours ago

The "secret" code sent to your phone is spelled out in the text

[–] exu@feditown.com 12 points 9 hours ago

Just delay accepting the numbers for 10 seconds to simulate the time needed to check SMS and type them.

[–] idunnololz@lemmy.world 14 points 9 hours ago (1 children)

Sike! That's the wrong number! /s

[–] Psythik@lemmy.world 20 points 9 hours ago* (last edited 9 hours ago) (2 children)

It's spelled "psych", as in you're psyching them out.

[–] guy@piefed.social 2 points 3 hours ago

Nitpicking words like this makes me psich

[–] idunnololz@lemmy.world 5 points 9 hours ago* (last edited 9 hours ago)

It's ok I'm oot of academia.

[–] undefined@lemmy.hogru.ch 59 points 12 hours ago (4 children)

SMS/email-based 2FA should die.

[–] null@lemmy.nullspace.lol 1 points 22 minutes ago

It's wild how standard SMS is given how (relatively) trivial it is to exploit.

[–] nogooduser@lemmy.world 6 points 7 hours ago (2 children)

It’s better than nothing and some people would really struggle to do other types of 2FA.

[–] djsoren19@lemmy.blahaj.zone 3 points 2 hours ago

I'll be homest with you, some people really struggle with email 2fa. The amount of working Americans I have spoken with who don't understand how to have two tabs open at once is genuinely frightening.

[–] Natanael@infosec.pub 7 points 7 hours ago

As a reset method it's worse than having nothing

[–] ColdSideOfYourPillow@anarchist.nexus 43 points 12 hours ago (1 children)

Luckily, you don't even need to check SMS or input a valid number with the “verification” in the screenshot!

[–] bamboo@lemmy.blahaj.zone 27 points 12 hours ago

mission failed successfully

[–] dharmacurious@slrpnk.net 2 points 8 hours ago (1 children)

What's the best alternative?

[–] nogooduser@lemmy.world 9 points 7 hours ago (2 children)

App based 2FA is better. Either the app generates a time based code that you enter into the site or the site sends a push notification to the app asking you to verify the login attempt.

Passkeys are good too as they replace the password completely and leave the 2FA part to the device.

[–] djsoren19@lemmy.blahaj.zone 1 points 2 hours ago (1 children)

Okay, but then you have to develop an app

[–] nogooduser@lemmy.world 1 points 2 hours ago

You don’t for the one time codes because there is a standard that is supported by many authenticator apps.

[–] victorz@lemmy.world 4 points 5 hours ago (2 children)

Passkey or notification please. So sick of entering these codes on a daily basis.

[–] RaivoKulli@sopuli.xyz 1 points 2 hours ago

I just save the cookies tbh

[–] Opisek@piefed.blahaj.zone 2 points 5 hours ago (1 children)

If it's alright with your threat model, you can put the time-based OTPs into your password manager of choice, like Bitwarden. Upon filling your username and password, it places your OTP in your clipboard, so that you can simply paste it in. This does of course reduce the security of the system slightly, since you centralize your passwords and your OTPs. When opting for this method, it is therefore imperative to protect your password manager even more, like via setting up 2FA for the password manager itself or making sure your account gets locked after something like 10 minutes of inactivity. The usability aspect is improved by using a yubikey or another similar physical key technology.

[–] victorz@lemmy.world 1 points 4 hours ago

Very good point. I have Bitwarden set up as a passkey for at least one account. I should remove that. 👍

[–] MonkderVierte@lemmy.zip 1 points 5 hours ago

Repost.