Mastodawn

hey remember the other day when that story came out that google API keys, previously considered non-sensitive information because you couldn't do anything too awful with them, turned out to be usable arbitrarily with gemini, which retroactively caused them to be very sensitive indeed?

https://www.theregister.com/2026/03/03/gemini_api_key_82314_dollar_charge/?td=rt-3a

Dev stunned by $82K Gemini bill after unknown API key thief goes to town

: Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed

The Register

Show thread

Fi 🏳️‍⚧️Mar 4

google seriously shat the bed with that dipshit decision.

whatever fucking chowderheads decided to make keys issued before the addition of gemini retroactively usable by it were obviously not capable of extremely basic systems thinking concepts, something that the elaborate fucking bullshit interview process at google was supposed to suss out.

turns out that shit's all performance art and not actually useful.

Show thread

Fi 🏳️‍⚧️Mar 4

"A Google representative allegedly cited the company’s shared responsibility model – Google secures its platform and users must secure their own tools – and said the Chocolate Factory had to charge the developer for the unauthorized API costs."

So evidently, in their infinite wisdom, Google has decided to use the Darth Vader line to pull the rug out from under its users, allow massive charges to accrue, and then punish the users for -having done what was previously correct practice as recommended by Google- by charging them money.

Lawyer friends, would this be considered fraud, negligence, or what?