Seems like it would quite easy to game the system. Make contributions with known vulnerabilities and then submit an anonymous bug report when the contribution is approved.
And most open source projects run a fairly transparent dev process - almost by necessity. Doing something like that as an individual dev might be possible, but hard and likely impossible to do structurally (no guarantee to get it in, no guarantee for the project to be picked next year(s), no guarantee for nobody else to find it first, and upon discovery, risk that your scam becomes apparent).
But as a team, the only way to really pull this off involves inserting such vulnerabilities intentionally and out of sight, which means a closed dev process. Even if you orchestrate via some other medium - assuming you're using a VCS, the vulnerability will be publicly traceable to a core contributor - and if you do that regularly, you'll at the become known as a project that's a security nightmare; that might kill the project in the long run. And you might even raise suspicions purely base on the frequency and nature of vulnerabilities.
All in all: abusing this sounds like a fairly risky fraud.
Lots of fraud is risky. And often very worth it if you are very poor and live in a country where laws against fraud aren't enforced. I think the potential for abuse deserves a closer look.
If you look at the question, you can see that some people don't make the connection that the motivation behind code signing is figuring out who committed suspicious code. Code that has security bugs is one interest, another is code which the committer didn't have permission to commit, for example proprietary code.
Thanks for the link. So I submit some code that is signed and it's a good contribution that closes an issue. I intentionally include a subtle bug. My friend who lives in a different country uses the bug bounty program to fix the bug and he collects the money. How do you detect that scenario with code signing?
Follow up: This situation is similar to when England wanted Delhi to be rid of cobras so they started offering rewards for dead cobras. The citizens of Delhi responded to this incentive by farming cobras.
What's the difference? It's a systemic flaw.
If there exists an incentive for finding vulnerabilities, there exists an incentive for introducing vulnerabilities. Bug bounties work great for closed source companies because there doesn't exist a misalignment of incentives. If Johnny keeps writing buggy code, he gets fired. If anonymous234 gets his buggy pull request approved, confederate anonymous456 gets to make a few bucks.
Follow up #2: For the skeptical downvoters, I'll put my money where my mouth is and attempt to capture the bounties using the method described above.
> Follow up #2: For the skeptical downvoters, I'll put my money where my mouth is and attempt to capture the bounties using the method described above.
Asking for a prescription for a painkiller will make doctors label you as a drug seeker.
Asking for a referral for an x-ray/ultrasound for your back pain will often make them go "Here, why don't you try this opioid first and see if it gets better?"
Right, which is why Bloomberg published a story about China inserting backdoor hardware on its chips. A story that was refuted by the CEOs of the companies supposedly hit by the attack and by the very sources cited in Bloomberg themselves. A story that hasn't produced a single physical compromised chip as evidence despite Bloomberg claiming that there were tens of thousands of units affected.
At one point in college I stayed awake consistently for 4-4.5 days without any caffeine or other stimulants. By the second/third day the feeling of being "tired" was entirely gone, and I felt energetic and almost intoxicated. There was definitely euphoria, as well as some auditory/visual hallucinations. Afterwards I slept for about 20 hours straight. It was an odd experience
I managed 53 hours once over a weekend of a big LAN party, drove home and slept for 26 hours after that. Apparently my mother called the doctor who just said to check I was still breathing and that I'd probably wake up soon.
I woke up thinking it was Monday but it was Tuesday. That took some explaining at work.
Felt amazing after about 30 hours of being awake and after the sleep's "jet lag" wore off.
I had a similar experience after a week long camp where I only slept a couple of hours a night, if that. On returning home I went to sleep and distinctly recall waking up about an hour later, only to discover I'd actually been asleep for ~25 hours.
I never experienced euphoria then, but in my younger years when I could still successfully pull all-nighters I found myself re-energized once the sun rose in the morning and this lasted typically until later that afternoon. This lead to a general rule where if I was planning on staying up that late I always tried to go to bed before the sun came up.
I was initially skeptical, but your video made me change my mind. Why the hell is the flood illuminator going off when you're just looking at the Control Center?
This is one of the most hilariously wrong things I've ever heard of. So if I send an invoice to billing@facebook.com and reply from (my account) uh_what@facebook.com agreeing to the terms, Facebook legally owes me the amount on the invoice?
Clearly not. It's a general principle of law, not an ATM machine.
E.g. employers are on the hook for damages due to sexual harassment among their employees, but that doesn't mean you can sexually harass yourself and then automatically collect free money.
Your response is ridiculous. As a native New Yorker, his comments are spot-on.
His post (and this thread) is a good resource for weighing the pros and cons of moving to any city. Many people move to NYC with ridiculous expectations of living their dream and become despondent when they realize the subways smell like urine and the people can be as cold as the weather.
His comments are not spot on. I’ve lived here for years (not native) and much of what he’s saying is overblown. Where are these $25 watermelons? I hauled them home all summer for like $8. Why can’t he find entrees for cheaper? My lunch today was $10. How jaded do you have to be to not recognize that NYC has a world class food scene if you want it? Chicago is cheaper but not 1/4 of the price. The list goes on.
NYC isn’t easy but it’s not anywhere close to as bad as OP is making it out to be.
This entire post is nothing more than a chance for OP to bitch about his frustrations with NYC. And I get it, I really, really do. But his complaints are overblown.
The very fact that his building has a garage and a doorman is a good indication that his experience is not representative of the entire NYC experience, and that he’s probably trying to live a lifestyle that just isn’t compatible with NYC and he’d probably be happier elsewhere. This city isn’t for everyone.
Most of the people in NYC I've come across have been fairly nice or neutral, although that could be entirely dependent on the neighborhood. Having said that, just the other day we saw a guy in a taxi get out and yell at a student struggling to get onto a special education yellow school bus. That was pretty heartless.
Free for now with the future hope they will make money. So it's free but with the same incentives as any early company that launches for free to grow the user base.
