all of that crap you quoted about custom firmware and open recovery mode has zero to bearing on their financial status and problems. the employee is right, almost no one, relatively speaking, is going to base their decision to purchase an Ouya on whether it supports custom firmware.
the truth is that it was some amount of engineering and support to give customers the whole enchilada, and they were already struggling and didn't have the resources. don't start reading malice into the situation.
sounds like you purchased on ouya, so welcome to the world of broken promises that is kickstarter.
really? what message would paying him send?! if you find 3 vulnerabilities, go ahead and expose 2 of them. ruin our business. no problem. we'll pay you big bucks for the one you didn't release.
and IMHO, why would they? he did them wrong, very wrong. they shouldn't reward him for that. consider it this way. the potential harm of publicly exposing the issue is massive. you seem to be claiming it's a zero. it isn't. it's a negative -1,000,000,000. 30 - 1,000,000,000 is a negative number. he's far from being in the black in the good will department.
the bug bounty program isn't a formal agreement bound by law. it's completely at the discretion of the sponsor company. that means that if they don't like your actions, or just the cut of your jib, they don't *have* to pay you. maybe the CEO saw your dog poop on his lawn. yep, no payment. welcome to life.
i've had an android wear watch for 3 months. the biggest thing i use it for? a watch. it is interesting and fun being able to pick / design your watch face. is it worth $300? very dubious.
he fact that the disclosure post was removed quickly may indicate wrongdoing, that he realized he messed up. So, fine, remove the disclosed vulnerabilities from the bounty, but still pay the bounty for the others.
sometimes when you f-up you just have to eat it. accept responsibility and the outcome of YOUR mistake. behavior like this is a side affect of the having parents that never let your learn lessons the hard way. lost your iPod little Johnny? we'll buy you a new one. i don't blame him for being upset. anyone would be upset. but it's his mistake.
If he had submitted each issue separately they would have paid the others that he didn't disclose.
almost certainly not. they are not paying him because he did something very irresponsible. he did exactly what that the bounty program is trying to prevent. it's like if you offered someone $20 to wash your car, which they did, but then threw a bucket of mud on it. would you still pay them the $20?
for one exploit that was refused, how is it legitimate to deny the bounty for the other 29?
because life's not completely disconnected like that? because you don't pay someone that publicly exposed exploits without giving you a chance to fix them.
say you paid a guy to mow your lawn for $20 and wash your car for $20. he does a fine job mowing your lawn, but in the process of washing your car he breaks your windshield and slits your tires (maliciously, and offering no compensation). would you pay him for mowing your lawn?
Except this only works a couple times. Who is going to spend their time on Groupon now that they know they'll weasel out of paying?
groupon would rather bugs not be reported at all than having them posted openly on the internet before they have a chance to fix them. anyone would. this guy did them a major disservice.
Groupon could hire people themselves to find the vulnerabilities, but they chose not to, instead they offer a bounty for security bugs, which apparently is very cost effective when they don't pay up, so it's a double win
maybe you aren't familiar with how bug bounties work. it's when a company pays a finder for *privately* reporting issues before they are discovered publicly. this guy did both. he reported it privately when went on to disclose it publicly. you think a company should reward someone for disclosing security vulnerabilities publicly before they have a chance to fix them?
You mean "thing", right? Only one, only by mistake, only for a short period of time.
you new to the internet? you can't expose something for a "short period of time". once it's posted, it lives on. anyone could have copied it. maybe you'd like to post your credit card card info for a "short period of time". you okay with that? it's only one "thing" after all.
that's the whole point of a bounty system: to get folks to report bugs to you *privately* before they are discovered publicly. he got what he deserves. this is nothing more than sour grapes. he wanted his bounty, and the public fame of posting to xssposed.org. well, can't have both.
I can't believe that after all these years there are still people who believe that Swartz faced a 35 year sentence. He did not.
^^^ this. and mr. swartz most certainly knew that also. as another post stated, he was likely to get somewhere between a few months and a few years. after which he'd be a folk hero and have his choice of employment or continued studies.
You're a fucking moron. How does "access without authorization" warrant a 35 year sentence?
it doesn't, and note that he was never sentenced to that was he? let me tell you how it works. prosecutors throw the book, defenders ask for community service, and they meet in the middle.
also, you should learn some words >4 letters. if you actually want to sway people to your point that is. if you're just trolling, then by all means, keep up the good work.
create a pipeline from the PNW down to southern CA. done.
of course it'd be expensive, but this is either an emergency, or it isn't. at least there aren't (as many) environmental concerns as there are for oil pipelines. if it leaks / breaks you get a... water spill?
If it works this will drive google out of Europe, but it won't help Microsoft because then Bing will become the number one European search engine and 100% of Bing's revenue
i suspect microsoft would love to be in their position right now, lawsuit and all.
ironically, the fact that google is being sued like this is a good for them. not directly, but if you are big and powerful and lack competitors, that's a darn good problem to have as a business.
it's simple undercutting strategy. no matter how favorable an environment for business nation A provides, there's always a nation B that will undercut them. not because nation A is unfairly taxing business, and not because it's economically viable for nation B in the long run, but to get business to move their and then raise taxes to a point where they can break even in the long run. once businesses are entrenched, they are less likely to leave. and if you don't offer the carrot, they'll never come in the first place.
relative to other western nations, overall the US is extremely favorable to business, to the detriment of it's citizens in many cases.
Once MS had the original product, they decided to give it away... as a zero cost. Thus they didn't pay Spyglass their percentage. And in the process put Spyglass nearly out of business, and stole the browser.
they either broke a contract, or they didn't. either way, if the outcome is what you say, it's spyglass that messed up.
Now that I see the video, it looks like it was coming down really well until that last moment.
no way. for a gigantic fragile rocket it came in extremely hot. it was probably moving at 50+ MPH when reached 50 feet of the platform. it didn't slow down much until it was less than 10 feet away. it was also wobbling as it came in.
as much as i'd like to say that was close, it wasn't.
Especially because he put GAY GUYS on the computer, the horrors. If he had changed the wallpaper to a cat picture this would not have happened I guarantee it.
when you are 14, that's the pinnacle of humor.
anyway, good job trying to turn this into an issue of sexism. if you read into this that homosexuality had anything to do with it, you are the one with the problem.
You failed to back your assertion regarding another person's thoughts.
nothing i said is contradicted in the article. end of story. you can read between the lines about what the author meant or really thinks. that's up to you, have fun.
Lacking citations to back your seemingly false assertions, I do hope to see an apology for the slander. I have no expectation mind you, but I am occasionally incorrect judging character.
^^^ you said that.
no, i'm not submitting this to a journal of science. you caught me. just my opinion based on reading the article.
the fact that you are suggesting i apologize for slander either means you are being ironic, or you are very out of touch with reality.
i stand by what i wrote. the article is a capitalist rant about how workers don't need or deserve any rights written by an out-of-touch elitist. i don't claim to know that this applies to Ellen Pao, i suspect it doesn't.
yeah, i read that article. it's kind of baseless. she uses the term "frivolous" over and over, but that would imply she knew that facts and evaluated the situation. there's no facts in the article all. she's calling it frivolous because,
"A job is an exchange of services on one side for compensation on the other. If that exchange is not working for either side, then move on. If you don't like how you are being treated, what you are getting paid, your opportunities, your co-workers or any other aspect of where you are working, leave and get a new job or start your own business."
basically, she an extreme capitalist that doesn't believe in "workers' rights" at all. she's saying "hey, being discriminating on? just leave and work somewhere else. it's a free country." while that probably was an option for Ms. Pao, it's not an option for everyone. there's got to be a balance.
and this,
"leave and get a new job or start your own business."
that's just a little elitist. assuming everyone has the capital to start their own business.
Slashdot Mirror
all of that crap you quoted about custom firmware and open recovery mode has zero to bearing on their financial status and problems. the employee is right, almost no one, relatively speaking, is going to base their decision to purchase an Ouya on whether it supports custom firmware.
the truth is that it was some amount of engineering and support to give customers the whole enchilada, and they were already struggling and didn't have the resources. don't start reading malice into the situation.
sounds like you purchased on ouya, so welcome to the world of broken promises that is kickstarter.
really? what message would paying him send?! if you find 3 vulnerabilities, go ahead and expose 2 of them. ruin our business. no problem. we'll pay you big bucks for the one you didn't release.
and IMHO, why would they? he did them wrong, very wrong. they shouldn't reward him for that. consider it this way. the potential harm of publicly exposing the issue is massive. you seem to be claiming it's a zero. it isn't. it's a negative -1,000,000,000. 30 - 1,000,000,000 is a negative number. he's far from being in the black in the good will department.
the bug bounty program isn't a formal agreement bound by law. it's completely at the discretion of the sponsor company. that means that if they don't like your actions, or just the cut of your jib, they don't *have* to pay you. maybe the CEO saw your dog poop on his lawn. yep, no payment. welcome to life.
And you can always just take a standard gun and bend the barrel. Yes, it works.
so all that R&D on the corner-shot weapon was for nothing? common sense to the rescue.
if it were 30 separate exploits, you would pay him for 30 exploits, and charge him damages for the 1 that got away.
man, life, you're new to it huh? good luck when you leave you mom's basement and discover that's not how life works.
you're driving
big negative there. it's more distracting to try to read a text on an ultra small screen than it is to just pull our your phone.
i've had an android wear watch for 3 months. the biggest thing i use it for? a watch. it is interesting and fun being able to pick / design your watch face. is it worth $300? very dubious.
he fact that the disclosure post was removed quickly may indicate wrongdoing, that he realized he messed up. So, fine, remove the disclosed vulnerabilities from the bounty, but still pay the bounty for the others.
sometimes when you f-up you just have to eat it. accept responsibility and the outcome of YOUR mistake. behavior like this is a side affect of the having parents that never let your learn lessons the hard way. lost your iPod little Johnny? we'll buy you a new one. i don't blame him for being upset. anyone would be upset. but it's his mistake.
If he had submitted each issue separately they would have paid the others that he didn't disclose.
almost certainly not. they are not paying him because he did something very irresponsible. he did exactly what that the bounty program is trying to prevent. it's like if you offered someone $20 to wash your car, which they did, but then threw a bucket of mud on it. would you still pay them the $20?
for one exploit that was refused, how is it legitimate to deny the bounty for the other 29?
because life's not completely disconnected like that?
because you don't pay someone that publicly exposed exploits without giving you a chance to fix them.
say you paid a guy to mow your lawn for $20 and wash your car for $20. he does a fine job mowing your lawn, but in the process of washing your car he breaks your windshield and slits your tires (maliciously, and offering no compensation). would you pay him for mowing your lawn?
Except this only works a couple times. Who is going to spend their time on Groupon now that they know they'll weasel out of paying?
groupon would rather bugs not be reported at all than having them posted openly on the internet before they have a chance to fix them. anyone would. this guy did them a major disservice.
Groupon could hire people themselves to find the vulnerabilities, but they chose not to, instead they offer a bounty for security bugs, which apparently is very cost effective when they don't pay up, so it's a double win
maybe you aren't familiar with how bug bounties work. it's when a company pays a finder for *privately* reporting issues before they are discovered publicly. this guy did both. he reported it privately when went on to disclose it publicly. you think a company should reward someone for disclosing security vulnerabilities publicly before they have a chance to fix them?
You mean "thing", right? Only one, only by mistake, only for a short period of time.
you new to the internet? you can't expose something for a "short period of time". once it's posted, it lives on. anyone could have copied it. maybe you'd like to post your credit card card info for a "short period of time". you okay with that? it's only one "thing" after all.
that's the whole point of a bounty system: to get folks to report bugs to you *privately* before they are discovered publicly. he got what he deserves. this is nothing more than sour grapes. he wanted his bounty, and the public fame of posting to xssposed.org. well, can't have both.
I can't believe that after all these years there are still people who believe that Swartz faced a 35 year sentence. He did not.
^^^ this. and mr. swartz most certainly knew that also. as another post stated, he was likely to get somewhere between a few months and a few years. after which he'd be a folk hero and have his choice of employment or continued studies.
You're a fucking moron. How does "access without authorization" warrant a 35 year sentence?
it doesn't, and note that he was never sentenced to that was he? let me tell you how it works. prosecutors throw the book, defenders ask for community service, and they meet in the middle.
also, you should learn some words >4 letters. if you actually want to sway people to your point that is. if you're just trolling, then by all means, keep up the good work.
drought map shows no drought in PNW.
http://droughtmonitor.unl.edu/
sorry, we're taking your water.
create a pipeline from the PNW down to southern CA. done.
of course it'd be expensive, but this is either an emergency, or it isn't. at least there aren't (as many) environmental concerns as there are for oil pipelines. if it leaks / breaks you get a ... water spill?
If it works this will drive google out of Europe, but it won't help Microsoft because then Bing will become the number one European search engine and 100% of Bing's revenue
i suspect microsoft would love to be in their position right now, lawsuit and all.
ironically, the fact that google is being sued like this is a good for them. not directly, but if you are big and powerful and lack competitors, that's a darn good problem to have as a business.
that does not correctly paint the picture.
it's simple undercutting strategy. no matter how favorable an environment for business nation A provides, there's always a nation B that will undercut them. not because nation A is unfairly taxing business, and not because it's economically viable for nation B in the long run, but to get business to move their and then raise taxes to a point where they can break even in the long run. once businesses are entrenched, they are less likely to leave. and if you don't offer the carrot, they'll never come in the first place.
relative to other western nations, overall the US is extremely favorable to business, to the detriment of it's citizens in many cases.
Once MS had the original product, they decided to give it away... as a zero cost. Thus they didn't pay Spyglass their percentage. And in the process put Spyglass nearly out of business, and stole the browser.
they either broke a contract, or they didn't. either way, if the outcome is what you say, it's spyglass that messed up.
Now that I see the video, it looks like it was coming down really well until that last moment.
no way. for a gigantic fragile rocket it came in extremely hot. it was probably moving at 50+ MPH when reached 50 feet of the platform. it didn't slow down much until it was less than 10 feet away. it was also wobbling as it came in.
as much as i'd like to say that was close, it wasn't.
Especially because he put GAY GUYS on the computer, the horrors. If he had changed the wallpaper to a cat picture this would not have happened I guarantee it.
when you are 14, that's the pinnacle of humor.
anyway, good job trying to turn this into an issue of sexism. if you read into this that homosexuality had anything to do with it, you are the one with the problem.
You failed to back your assertion regarding another person's thoughts.
nothing i said is contradicted in the article. end of story. you can read between the lines about what the author meant or really thinks. that's up to you, have fun.
Lacking citations to back your seemingly false assertions, I do hope to see an apology for the slander. I have no expectation mind you, but I am occasionally incorrect judging character.
^^^ you said that.
no, i'm not submitting this to a journal of science. you caught me. just my opinion based on reading the article.
the fact that you are suggesting i apologize for slander either means you are being ironic, or you are very out of touch with reality.
i stand by what i wrote. the article is a capitalist rant about how workers don't need or deserve any rights written by an out-of-touch elitist. i don't claim to know that this applies to Ellen Pao, i suspect it doesn't.
yep, you caught me. what i wrote is my opinion. you're new here then?
yeah, i read that article. it's kind of baseless. she uses the term "frivolous" over and over, but that would imply she knew that facts and evaluated the situation. there's no facts in the article all. she's calling it frivolous because,
"A job is an exchange of services on one side for compensation on the other. If that exchange is not working for either side, then move on. If you don't like how you are being treated, what you are getting paid, your opportunities, your co-workers or any other aspect of where you are working, leave and get a new job or start your own business."
basically, she an extreme capitalist that doesn't believe in "workers' rights" at all. she's saying "hey, being discriminating on? just leave and work somewhere else. it's a free country." while that probably was an option for Ms. Pao, it's not an option for everyone. there's got to be a balance.
and this,
"leave and get a new job or start your own business."
that's just a little elitist. assuming everyone has the capital to start their own business.
GitHub is the only practical solution to the problems of decentralization.
did you mean git? or github? you don't need github to setup a git remote.