Yes, yes, ignore the catastrophic consequences of climate change and the political unrest that we're already seeing because of it. "We've had all this before, it's fine". Oh fuck off.
Funny, I agree with him because of things like Covid being self-inflicted. We're so unable, as a species, to avoid even known risks (yes, we've known about the risk of new Coronaviruses since SARS), prepare for them, or deal with them when they've actually occurred. Even now, a not insignificant part of the US population thinks Covid is a hoax. Or that climate change is a hoax. We're reaching a point where catastrophic failure is just a stone's throw away, and we're already seeing the system buckle (rise of the Republican's hold over Congress, the rise of Trump, the rise of far right activists across Europe, growing environmental issues causing things like surges of refugees and civil war, unrest across the globe, etc.). It's only going to get worse from here as problems go unsolved and people's suffering grows.
It's hard to determine what our ancestors actually did. I'm sure you could argue any number of solutions they might have used. I'm wondering though what the prevalence is of these afflictions were back then or now in modern hunter-gatherer societies. The latter is not proof of anything, but it would be an indication of what a possibility might be like.
I don't think Biden could do that. It would be as bad as, if not worse, than another 4 years of Trump as president. It would mean that there are no standards by which a president is held accountable, and considering how many lives he has cost and the corrupt things he has done betraying the country, it would make the next Republican presidency that much worse.
Why is there a statute of limitations for government officials? This shouldn't be a thing when you're entrusted with the responsibilities that you are concerning an entire country and its citizens.
Currently working part-time as a PC technician. Recently had a 10 year old PC here that had to be upgraded to W10. Did Microsoft complain? Nope. I replaced the HDD with an SSD and it ran fine. I've done this with 10 year old laptops too. I simply prefer a platform that doesn't decide for me whether I'm allowed to install it or not. And any device that runs fine on W10 now will most likely run it fine in the future too. Microsoft isn't going to "drop support" for old devices just because they're tired of supporting it. It's like you Apple guys literally have Stockholm syndrome, rationalizing this crap to yourselves.
And you'd be surprised what kind of old hardware still works on W10.
Unless you're on a device that can only be upgraded to 10.13, after which it won't get security updates anymore after 11 is released. Meanwhile, I can still put W10 on 10-12 year old PCs and it'll run fine (if the hardware wasn't particularly terrible even for back then). It might not support some of the latest features, but it works and you're not subject to some arbitrary decision by Microsoft as to whether you're allowed to use W10 or not.
Afaik, there's an offline mode. It seems like you're forced to complete an online update before you're allowed to start the game proper though and you might be stuck with the original data on the discs even if you could skip that, which would sort of suck.
> However, bug bounties are not a job. Nobody is forced or obligated to do anything. I'm giving them 'a pass' in the future :) It's great people are discussing this and surely it will improve things for future researchers.
Shouldn't people like you be able to do this for a living if you want to? It's valuable work. It has real market value. It seems like you're doing this for fun and genuine interest and I do admire that. Maybe you don't want to taint your motivation with the idea of "how much money can I get for this?" I get that too. But as an outsider, I see this low pay-out and I see exploitation under the guise of "doing the right thing". I genuinely want you to be paid more. You deserve it.
I feel like the only way this kind of thing will change is if people are more vocal about how inappropriate the low compensation is for a company like Slack. Public criticism is necessary and, unfortunately, the only tool we have nowadays to effect change. I understand if this isn't a hill you want to die on, but I hope that other people (particularly people who aren't in bug hunting) are willing to pressure Slack to reconsider its policies.
The problem with "others will ignore it in the future and ultimately they lose" is that it's a passive signal that is too easily overlooked and ignored. It never reaches anybody with any kind of influence who can make changes. If a big exploit happens and somebody does a root cause analysis, it's never going to lead to the conclusion that "well, it's because we haven't been paying enough in our bug bounty program, we need to change that", if only because there's no data about how many people passed on helping them out because of the low payouts.
This might be unpopular, but if you don't feel like the compensation adequately reflects your effort, then you're free to do whatever you think is fair. It's your work. Slack isn't entitled to that work. Ideally, you'd check beforehand what a bug bounty program usually pays out and then decide whether to work on some other company's product that pays better. But you're always going to have people who are interested in doing this stuff and you're always going to have people who will look for the best pay-out for the work they've done.
The problem with starting with the baseline of "the right thing to do is always to disclose the vulnerability to Slack regardless of how little they pay" is that it perpetuates the exploitation of legitimate and important work by skilled workers. The onus should be on Slack to provide fair compensation, not on people doing this important work to "do it out of the good of their hearts".
Unfortunately, we live in a world governed by money as a motivator. While you might not be in it for the money, many people are, to a certain degree (you know, to make a living and to be able to afford a decent life). If companies are unwilling to pay anything remotely close to what researchers' time is worth, then they shouldn't wonder when people prefer to sell the exploits that they find to those who do value their work appropriately.
And frankly, we shouldn't be giving companies a pass for being cheap because "reporting it responsibly" is the right thing to do. These companies are benefiting to a great degree by offloading vital security research onto unaffiliated and unknown third-parties. Your time, as well as the time of any other hacker or researcher, is valuable and needs to be compensated. I don't see why it's fair to any of us that we should have to work for free or for low pay-outs just because we might be doing the right thing. Same goes for any other career that is badly paid just because "they're helping people".
What in god's name is with all the bootlickers in this thread? I have no love for Apple or Epic. But if this lawsuit leads to better treatment of third-party developers on the platform and Apple not being able to arbitrarily control what apps consumers get to download, I don't see why Epic is being painted as the "bad guy" by so many people here. Apple has been behaving in crazy anti-competitive ways (just look at how they historically treated any developer that dared make an app that competed with their own) for years now. It's time for the hammer to fall.
This is great, but to use it I need to sticky the bookmarks bar to the top of my screen when vertical space is already precious. Does anybody know something else that does the same thing without this issue?
I'm sure there are civilian experts and they absolutely should be involved, as well as elected representatives who are (preferably) guided by experts. Your average citizen has no business chiming in.