This is a Canadian case. The Queen is presupposed to be free of error. Those aren't bugs. They're undocumented features. Citizens are not to be punished for making use of undocumented features unless they are specifically endangering the Queen's Peace (don't fight me on this I'm an oathed-in Queen's Peace Officer.) I wouldn't have arrested this guy, though, unless he was specifically doing something with that information that is specifically illegal. What he did isn't quite there yet, and should be recognized as such.
However "Responsible Disclosure" only applies when you actually find a vulnerability. This was not a vulnerability. It was coded to work that way, and it did. He didn't break anything, and hence there was no break for him to report.
Conversely, once this "feature" is poplar, you can just produce a "screenshot" of whatever shit you want, and then claim it was sent as an "expiring email." No need to prove it was actually sent anymore. Anyone who uses "expiring email" willingly opens themselves up to whatever fakes other people desire to produce.
Other than the fact that all bugs are security bugs, yes: it allowed you to post content direct to other users' walls, who were not your friends but in the same group as you, and to do so with no attribution, so the other users could see that you posted it to their wall, but not why you had access to their wall. It was a way to clearly violate their user compartmentalization organization, but they argued that since users had joined groups willingly, their rights hadn't been violated and so it wasn't really "security" related. But they still fixed it right away.
I reported a bug under their last bounty program and they said "while this is a bug, and we will fix it, it's not a 'security bug' so we won't be paying you for reporting it." I hope they die in a fire.
I was on the team for Intel Labs Europe/Toshiba Europe when they decided to take the MHz rating off of new CPUs to make it "easier for customers" who "don't want to read numbers." I told them from the very start that it was a bad idea that was clearly done for marketing, not user friendliness, but they told me to shut the fuck up and write it up as though it was the greatest thing since sliced bread.
Fucking idiots.
Nah, the DoJ was far too heavy-handed with Microsoft and forced them to fuck up windows 95 by making Explorer and Internet Explorer different things so that Netscape could continue to compete with Internet Explorer for some reason that was never really explained. Imagine if we had actually got seamless local and distant URLs in one Explorer in Windows 95, instead of the garbage that Microsoft was forced to ship.
Capitalism is inherently abusive, so I guess I can see your point. But why even make it? Do you want to pay monthly for your OS? That is where this is going.
Slashdot Mirror
Being first into a pyramid scam doesn't make you an "early investor."
and ethics only apply to regulated professional societies in Canada. He shouldn't have done this if he is a doctor or lawyer but he isn't.
This is a Canadian case. The Queen is presupposed to be free of error. Those aren't bugs. They're undocumented features. Citizens are not to be punished for making use of undocumented features unless they are specifically endangering the Queen's Peace (don't fight me on this I'm an oathed-in Queen's Peace Officer.) I wouldn't have arrested this guy, though, unless he was specifically doing something with that information that is specifically illegal. What he did isn't quite there yet, and should be recognized as such.
Yeah but he didn't break the law.
However "Responsible Disclosure" only applies when you actually find a vulnerability. This was not a vulnerability. It was coded to work that way, and it did. He didn't break anything, and hence there was no break for him to report.
Conversely, once this "feature" is poplar, you can just produce a "screenshot" of whatever shit you want, and then claim it was sent as an "expiring email." No need to prove it was actually sent anymore. Anyone who uses "expiring email" willingly opens themselves up to whatever fakes other people desire to produce.
https://medium.com/s/the-futur...
I once literally died in the street in front of Holt Renfrew. I was on 1000mg of DXM powder and the cops & paramedics both reported no signs of life.
So we should kill them?
lawsuit time
Other than the fact that all bugs are security bugs, yes: it allowed you to post content direct to other users' walls, who were not your friends but in the same group as you, and to do so with no attribution, so the other users could see that you posted it to their wall, but not why you had access to their wall. It was a way to clearly violate their user compartmentalization organization, but they argued that since users had joined groups willingly, their rights hadn't been violated and so it wasn't really "security" related. But they still fixed it right away.
I reported a bug under their last bounty program and they said "while this is a bug, and we will fix it, it's not a 'security bug' so we won't be paying you for reporting it." I hope they die in a fire.
this
This is pretty fucked coming from the company that invented the bullshit notion of corporate code IP. Eat a sack of dick-meat sammiches.
Got to go to Bendigo, get me my green cube, Marty!
I was on the team for Intel Labs Europe/Toshiba Europe when they decided to take the MHz rating off of new CPUs to make it "easier for customers" who "don't want to read numbers." I told them from the very start that it was a bad idea that was clearly done for marketing, not user friendliness, but they told me to shut the fuck up and write it up as though it was the greatest thing since sliced bread. Fucking idiots.
Nah, the DoJ was far too heavy-handed with Microsoft and forced them to fuck up windows 95 by making Explorer and Internet Explorer different things so that Netscape could continue to compete with Internet Explorer for some reason that was never really explained. Imagine if we had actually got seamless local and distant URLs in one Explorer in Windows 95, instead of the garbage that Microsoft was forced to ship.
College degrees and Bitcoin are both Positional Goods from an economic standpoint, so either of them is a poor thing to gamble on with debt financing.
Capitalism is inherently abusive, so I guess I can see your point. But why even make it? Do you want to pay monthly for your OS? That is where this is going.
Most cord cutters I know don't pay for shit they use pirate torrents or else streaming set-top boxes.
Subscription model is user abuse. Well done.
not 20 20,000
That is what the market needs, honestly. The BTC deflation is out-of-control exponentially-irrational in a hyperbolic manner.
Remember when they sold the 700,000 BTC they seized from silk road for $13m? Good times...
Right? Fucking september that never ended, man.