![](https://lemmy.zip/pictrs/image/f8786eb2-82f5-4e00-bd37-157be49f0074.jpeg)
![](https://lemmy.world/pictrs/image/8f2046ae-5d2e-495f-b467-f7b14ccb4152.png)
As much as I like the spirit of the idea, it honestly sounds pretty hard to enforce. What constitutes a mistake, bad memory, or a polished turd of a statement versus an act of deception?
As much as I like the spirit of the idea, it honestly sounds pretty hard to enforce. What constitutes a mistake, bad memory, or a polished turd of a statement versus an act of deception?
Nothing wrong with a little sunshine.
Well, yes. But we can still make fun of whoever bought it.
And it’s a weird article, because about half the article is also (named) people saying the exact opposite during the same timeframe. So at best people close to him can’t even agree. Headline seems like bait.
Then I guess “dox” in this context is resolving your name to other PII? I originally read it as more of a way to unmask people online.
You take that back
Don’t think they’re saying it negates the non-selfish part of the act.
Needless to say it’s powerful and thorough.
I mean, this does need to be said. It’s important details I was hoping to learn from the article. Otherwise it’s spooky stories we can’t actually build defenses for.
My hot take: You shouldn’t downvote comments you disagree with in a thread asking for hot takes.
Bio-neural gel packs here we come.
Article doesn’t really go into how TLOxp can dox/unmask people.
How is this boring?
Surely that will help with your declining population issues.
Even if you’re poking at a black box and are reporting that “it acts funny when I poke it this way.” I’m my opinion, a reporter should send along a script or at least explicit instructions on how to repro.
I take the report more serious since it demonstrates you have an understanding of the issue or exploit. It will also save my time and it’s likely a trivial effort for the reporter since they’ve the context and knowledge of the issue loaded up and ready to go.
Missing key info. Read the article.
Being a 3rd place you can’t even walk to because you have to cross those huge parking lots and all the traffic they bring. Not to mention none of them had decent places to actually collect and hang out.
Ah, I thought you were using the shower as a way to cool down the air for your house. This makes way more sense.
Any tips other than the fan…
Agree that people like to fluff the severity of bugs they report. It’s better for prestige and bounty payouts. But this is a little more nuanced.
“While I didn’t really intend the module to be used for any security related checks, I’m very curious how an untrusted input could end up being passed into ip.isPrivate or ip.isPublic [functions] and then used for verifying where the network connection came from.”
It’s interesting, that it would be hard to make a case that there was a “vulnerability” in the ip
package. But it seems like this package’s entire purpose is input validation so it’s kind of weird the dev thinks otherwise.
Recurring incidents like these raise the question, how does one strike a balance? Relentlessly reporting theoretical vulnerabilities can leave open-source developers, many of who are volunteers, exhausted from triaging noise.
The researchers need to provide proofs of concept. Actual functional exploits.
Sounds like you’re living in the year 3024.