It's hilarious when companies use Box because when someone left the company, you see their name as 'a previous collaborator'. It's sad, but yeah. lol

...or imagine if it's a startup with immature software - it might say 'NULL uploaded a document 3 years ago'. lmao

ouch they take your name off

one thing I regretted is I didn't write doc comments everywhere in my job code. you know the ones that state the author? I thought that was silly at the time but I think it actually would've resulted in greater fame and probably a bunch of networking

you have to git blame to find my name instead which is poor advertising! should be in everyone's face! YOU SHOULDNT BE ABLE TO RUN AWAYYY

@jestdotty Yes, in big corp you're just a number, sadly.

We had a policy where we wouldn't be allowed to put PI or PII in code. Yes, @author.

lmao. And we had a policy as well where the dev's data would be completely erased, like they never existed.

I want to run awayyyy ♫

tbf if I have to look up who wrote a piece of code, it's probably not a good thing for them.

@jestdotty That's a shame. I bet

```

/***********************

* v1.0

* Created by jestdotty

***********************/

```

would've looked so nice in the code.

hmmm base64 it is ;P

But it's always been my thing to get everyone added to the contributors section in the project's manifest

@BordedDev So easy to decryptz that. lol

@CaptainRant Of course, but most bots doing that check won't find it, but any dev worth talking to will be. It's very easy to steal secrets from CI that way as well

@BordedDev But.. tf. What dev puts secrets in a public place that's not extremely reinforced, e.g. in the ultra-protected private cloud, or better yet, offline? lol

@CaptainRant You mean one where I could get automated crash report with the stacktrace message? ;P Let's be honest here, if I can start putting code in to your system to print things it's not going to matter where they are stored. My favourite one at the current place is going to the task definitions in AWS... ENV everywhere

@BordedDev If you have physical access, then it can be compromised easier, but what if you don't? Do you know all the network layers to such a degree that you can bypass a series of updated hardware firewalls, dip into a VLAN past its security and then finally find the env locations? The atomic clock has its systems offline so no one can connect to it, if I recall. Heheh.

@CaptainRant Do I need to? In this hypothetical, I already have access to the source code, so opening a TCP socket outward wouldn't be the hardest thing to do (since your code needs the secret at some point, it's very easy to hook in from there). But also I guarantee what you're describing isn't how I'd get in XD

@BordedDev But it would not allow x-domain connectionzzzzz. Ok anyway lol.

@CaptainRant Hahha, domain, you funny ;P just hard code the IP and set the host header ;P

Or if it accepts connections you can create an endpoint that conditional does bad things (or just pretends to be an endpoint and switches to full tcp socket after a specific payload).

But just find it funny how often it's easy for a dev to steal creds (especially with how anal PM can be about it)