Didn't give read but don't want to just by it's incompetent title

And it's substack, the official site of dumb hot takes.

You mean toyota putting bmw engine (supra). Your statement is contradicting as Toyota has TRD, which focuses on the track performance. They just couldn't keep up with the straight six perf+reliability when comparing to their own 2jz

> toyota putting bmw engine (supra).

Or Toyota using a Subaru engine (Scion FRS, Toyota GT86)

So are the staright sixes from BMW. Running one generation behind B58.

Who dis Sasha? clearly not disciplined, also works for Nvidia. How is Linus tolerating this?

Why the hell refer a good term, ouroboros than feeding itself dogfood

According to the latest data from the firm, Windows 10's market share is dropping

Yea right..

Want you really want is a caretaker ai

I’m unclear what it is you’re describing. I’m describing UI affordances.

more like why was not there a solution to a problem that existed for 9yrs? Uptime shoikd never be a problem in a controlled system..

Yes but why not just docker?

Why not disclose it as a responsible dev with contacts and move on.

If a company is not responsible enough to follow up on security reports you should not follow up, but instead disclose it to the world.

tbh, I agree.

I've sent 2 big bugs like this, one Funimation and one for a dating app.

Funimation you could access anyones PII and shop orders, they ignored me until I sent a linkedin message to their CTO with his PII (CC number) in it.

The "dating" app well they were literally spewing private data (admin/mod notes, reports, private images, bcrytped password, ASIN, IP, etc) via a websocket on certain actions. I figured out those actions that triggered it, emailed them and within 12 hours they had fixed it and made a bug bounty program to pay me out of as a thank you.

Importantly, I also didn't use anyone else's data/account, I simply made another account that I attacked to prove. Yes it cost me a monthly sub ~$10 to do so. But they also refunded that.

I think it took so long that I moved on, but you are right and I should have done that. Probably I'll take a look again to see if I can do it now :)

Been there. Nagged the city of Seattle for nearly two years about fixing their insecure digital wallets, and in return they just acted weird to me and never really fixed the problem. Wouldn't tell me anything not even the vendor so I could communicate to them that this issue could exist elsewhere. The goal of these tactics is to delay long enough that you give up on publishing. So publish. Just be ethical and stay within the bounds of the law on what you access and release.

I did a quick test and seems like the full admin access that I used to get is slightly fixed/changed. I'm wondering if there was an issue and I have enough data to show there were full compromised of all users data, but it is changed now (might still be vulnerable but let's say it's not). should I still release something? they should have notified their users of such an issue right?

Sounds worthy of a blog post to me