Despite the official bug bounty page for OpenAI having "accounts and billing" as a valid category, when I reported a bug that lets anyone subscribing to ChatGPT a) choose any country, that doesn't have to match billing address, to pay a lower price (since some countries they charge considerably less than the equivalent US price), and b) set the sales tax to 0%, even if both the country selected for price AND the country of the billing address both have legally mandated sales tax / VAT - and their response was that it was considered out of scope and not valid for any bounty.
There's no point in trusting any company's bug bounty programs any more. They all weasel out of paying. Do what you will with the knowledge you find, just know that you will never be dealt with fairly by the companies.
2-@C-suite, look what y’all wrought saving a penny, pls fix
(btw #1 is my polite way of saying “don’t do it!” - plea as I might, if the thinking gains traction people will sell more 0days anyway, so might as well fix bounty programs now before it’s in the news)
I'm not advocating for any behavior in particular. It could be anything from telling the company, to saying nothing, to doing something evil with it. It's each individual's choice. I just wanted to reiterate it so the folks in the back of the room hear that it is a matter of routine for companies to deny paying out legitimate bug bounties at this point and that should be known to the bug finders when deciding what to do. Whether or not or how it affects or influences their decision is up to them.
Probably because the goal is to have more users, not necessarily profit per user. Netflix once had that "problem" and every lockdown increased the stock price.
To be fair, I suspect real life is a bit like that too - there will be a big enough % of potential customers who want one of "the classics" for where you are (margherita etc in Italy, pepperoni etc in the UK, whatever) that basically every place that serves pizza will have the same first few options even if they get creative with the rest of the menu.
It's extremely rare for any part of government to have that as an intended purpose.
But it's extremely common, unfortunately, for people involved to be willing to accept that as a side effect in pursuing whatever their goals are - whether that's gaining funding for their police department, or raising political donations from the owners of a private prison, or keeping poor people away from their beautiful upper middle class neighbourhood, or environment-ruining chemical company, or... whatever.
It does make sense, because if you were developing a bad or evil system then you would obviously want to obfuscate that as much as possible. The first thing you'd do, clearly, is proclaim that the purpose of the system is something good.
This is a common fallacy or I guess maybe shoddy reasoning I see often. Because someone or something either does not announce their intentions or says their intentions are good, then the thing they are using must also be good. Or, we must assume it is good until they announce they're going to use it for not-good purposes.
Like with Flock. There's a lot of people who think the simple defense that Flock thinks it is used to fight crime means it's good. Or DOGE. The simple defense that the people behind DOGE say it's to prevent fraud means it's good.
But what people say and what actually happens are two different things, and the what actually happens part is 1000x more important. Anyone can say anything, and obviously bad actors will lie. That's just a given. So you can't use the stated purpose of something as a defense for that something. You just can't, it makes no sense.
I never said the stated purpose is a defense. The purpose is the purpose not the outcome. Just because you can’t know the true intent of every actor involved does not mean you’re justified in assuming the purpose is what it does. That is lazy broken epistemology.
I agree what a system does is what is important, so why dilute that fact with assumptions of intent and glib moralizing thought terminating cliches?
Will say every benefactor of people not thinking that way. The rest of us, on the other hand, look at the objective results and realize if you want them to change, you have to change the system.
Well duh. “A system will do what it does” is true, but that should not be conflated with its intent or purpose or design which require understanding of human intent. And humans produce unintended results all the time.
A systems purpose depends on its creator. Creators regularly fail to produce intended results. It’s absurd to say an unintended result is the intended result
How long is it ok to produce “unintended” results without changing anything, before you can say that’s now an expected part of the system? Because i think that’s the issue. It’s not that the US has a goal to criminalize poverty - the constitution doesn’t say anything about that - but since it’s been that way for so long it seems the system is unwilling to do what needs to be done to prevent that. It’s part of the expected behavior of the system.
Intent - what someone wanted or expected the system to do.
Purpose - what the system does in practice. The reason, or primary function for it.
Some classic examples -- post it notes were intended as a aerospace adhesive, but found their purpose as low tack papers.
If you want a classic systems example, standardized testing is a good example of difference between purpose and intent. It was intended to be a mechanism for measuring schools and ensuring every kid got an equal education. But now its purpose could be described as the metric schools game. It narrows curricula, encourages teaching to the test. Those outcomes are not the original intent. Or even desirable.
So I wasn't being flippant (maybe a little flippant) when I was saying intent and purpose are different.
Other classic examples -- the US senate, social media algorithms, animal bounties (paying people per head bounties on killed rats, frogs, or snakes results in people breeding those animals), war on drugs, zoning laws, etc.
It's very closely related to the idea that "the road to hell is paved with good intentions".
But one last question to help me understand your position then I’ll leave you alone.
Why do people post this saying as if it has import? What point are they trying to make?
IME I have only ever heard this phrase used as a reaction against single failures as a way of maligning the operators of a system without any associated analysis or consideration of how the system actually works. Do you disagree this is the rhetorical purpose?
This quote says to me that we need to think about outcomes early AND late in the life of designing and operating a system. We have unintended consequences, and when we elect to not (or ineffectually) address the side effects of a system, we are making a choice to adopt the purpose of that system.
It's a way of reminding us that the behavior we ignore is the behavior we accept. That outcomes matter more than intent.
Personally, I think people are too permissive towards mistakes in large systems, categorizing them as "a few bad apples" or "an occasional error". Yes, i deploy this quote when single failings happen, but I also deploy it in broad critique of structural failings. It also prompts thoughts about why -- systems are built on top of systems, on top of systems.
As an example, our Justice system has both specific incidents (e.g. George Floyd) and structural failings (racial bias, high incarceration rates). Those are both cases where I would use this quote. It might seem that a single incident is wrong to deploy this quote, but the George Floyd incident doesn't happen in isolation. We need to look at the whole system. How are police trained? How are Americans trained to interact with police? How does the Justice system interact with minority and poor communities? How do we address mental health in this country? All of those questions are complex and nuanced, and are themselves contributors to the purpose of the police.
So, for me, it's not meant to be quippy or punchy or malignant. It's meant to highlight failures aren't isolated incidents, they are part of a system that is failing to prevent this outcome. Probably for complex reasons, but we as a society are choosing not to address those complex reasons.
See, this is the funny thing; I agree with everything you said, except that this phrase helps in those ways.
In other words, IME, the purpose of the system of the phrase “the purpose of the system” is to cause thought terminating moral superiority, even if _you intend_ for the phrase to highlight complexity and unintended consequences. ;)
Anyways, thanks for the full explanations of your position.
Organizations such as OSF/OSI (Open Society Foundations, not Open Software Foundation) have successfully placed their preferred candidates in positions of power in many major US jurisdictions. If you research, you'll see many cases of OSF DAs prosecuting or not prosecuting based on their political ideology. Many prosecutions are politically motivated, but now we have foundations funding activist candidates who are all pushing the same agenda. The result is diminished trust in government, which the activists will exploit to eventually make things even worse, because "capitalism is not working."
You make it sound like they are doing corruption. I.e. don’t prosecute your friends, do prosecute your enemies. But this is more like using the power at your jurisdiction level to oppose unjust laws.
I.e. where i live the city council long ago directed police to stop arresting people for marijuana possession - on the grounds that this is an unjust law and criminalizing it is tying up resources and doing more harm than good, and because the majority of the city’s population supports legalization. City gov doesn’t have the power to change those laws, but they can fix it locally by directing enforcement away from them. A decade later, it was legalized - imo proving that it was the right decision.
This did not “diminish trust” in the gov. In fact, laws that the majority disagree with but stay on the books do far far more damage to the credibility of gov, in my opinion
If you want to effect change, then change the laws through the approved processes. Do not install a DA that ignores the laws. Doing so WILL diminish trust in government.
Actually, DA discretion is a normal part of the functioning of government. There are a thousand laws on the books that get ignored every day [1]. And every election, candidates run on platforms promising to “crack down” on this or that crime (read: selectively increase enforcement).
Gov enforcing laws that the majority of people do not want is a subversion of democracy that alienates people from the idea that gov can be responsive instead of oppressive. I don’t trust a gov that claims to represent the will of the people, but charges people for crimes most don’t see as criminal.
So maybe you trust a gov less when you see laws you want enforced being set aside, but you’re in the minority here. How do i know? Because these DAs are getting elected (not installed) to do this.
Prosecutorial discretion is a normal part of a DA's job. If extenuating circumstances exist, a DA can charge a lessor crime. If exculpatory or insufficient evidence exists, a DA can decline to bring charges.
These circumstances are altogether different from a DA making blanket declarations that they will not bring charges for certain crimes. The latter indicates a dereliction of duty. They're not doing their job.
Elections are a dirty business. The candidates who spend the most money are often the winner.
Nefarious foundations donating large sums of money with the intent to install DAs who will subvert justice could be seen as a threat (and a conspiracy) to the US justice system and prosecuted as a crime.
I agree with your thinking in the context of "keeping drug policy broadly the same but improving policing of it".
But fuck current drug policy. If someone is high on cannabis, or MDMA, or even "harder" drugs like cocaine and heroin, as long as it's not causing them to be violent or to commit other crimes such as theft then why should that become a legal problem for them any more than if they were intoxicated from spending a few hours drinking beers? And with the odd exception like keeping existing "driving under the influence" laws, we don't need dedicated "violent because of drugs" or "theft because of drugs" legislation, those crime should be treated the same regardless of whether drugs were involved or not.
The current "war on drugs" has been a failure at preventing people from buying and using recreational drugs, and it's been a failure at protecting society and members of society from themselves and from others, because evidence and experts all points towards better results coming from investing in being able to offer medical treatment services (rehab, therapy, etc) than policing and prison services.
I very much think there will come a time in the future, if we haven't accidentally killed our species by then, that we look back on this time the same way as most of us currently look at historic types of slavery, or stoning homosexuals to death, as both idiotic and incredible immoral. I hope we reach that point in the coming years/decades, rather than needing centuries.
(To be clear, I wrote "historic slavery" not to imply there are some forms of modern slavery that I think are OK; but because sadly there is still modern slavery ongoing all around the world, so we can't say that it's a universally condemned thing of the past. Hopefully one day it will be, too.)
For just $199, I'll sell you my PDF explaining exactly how to do this well enough to make WAY more than only "some cents here and some cents there". Special limited time offer for HN readers, reduced from my normal price of $1,489!
P.S. Or get it free when buying my $499 "how to make money selling people how to make money guides" guide!
(/s. I generally think HN comments should avoid jokes unless they're genuinely really cleverly funny, which this comment isn't - I only justified it to myself by the fact that the sort of people selling these trashy guides are the same people doing what you're talking about, and I feel they deserve mockery and shaming.)
I agree with you about the majority of "SEO content marketing", but a small minority of it is done by companies who genuinely care about doing good content, that doesn't only act as lazy SEO benefit but also as good marketing for people who read it.
It's a lot harder / more expensive to produce, as it needs (at least before AI, and I guess still to some extent even using AI for now) to be written by someone on the team who genuinely understands the company's technology/product/whatever well enough to educate other people about it in an interesting way, rather than it being written by low wage SEO writers who just need a list of keywords to include in the drivel that is the sort of content you're talking about. So it makes sense that most companies go with the cheap option, but it's always nice to come across ones who produce actual interesting articles.
(It's what I've always opted for when I've overseen marketing budgets, and I think the ROI is usually worth it since balancing the extra cost is the fact that the benefits go from just SEO, to SEO + word of mouth of people sharing the interesting article they read, and the awareness of the brand that comes with it. So I recommend anyone who normally chooses lazy, low quality content for SEO to consider the upgrade!)
> So clocks on the ISS, for example, tick slower than Earth clocks; but clocks on the GPS satellites (orbiting at 4.2 Earth radii) tick faster (and there is an adjustment made for this on each satellite so that the time signals they send out match Earth clock rates)
I'm curious, and hope you or somebody else might be able to answer this: is it a single adjustment for each thing, where they just set it to always adjust by X ratio, or does it vary (enough to matter) as it orbits, such that the adjustment needs to be constantly varying slightly?
The exact difference in clock rates is not constant, because the orbits are not perfectly circular and the Earth is not a perfect sphere. So both the altitude and speed of the satellite, and the Earth's gravitational potential, are varying with time, and that means the clock adjustments will vary with time as well.
For the GPS satellites, their time signals are constantly compared with ground clocks, and adjustment signals are sent up to the satellites as needed to keep their clock corrections in sync with ground clocks.
I'm not sure what, if any, adjustments are made to clocks on the ISS, or how they're done.
Thanks! I figured the orbital paths not being exact circles meant they'd be slight variance in the difference, just wasn't sure if it was enough to matter or if they could treat it as if it was exactly the same all the way around without it mattering.
When the two submissions aren't the exact same link, it becomes a subjective question as to whether they're similar enough to count as a dupe or not. They aren't automatically always a dupe just because the overall general topic is the same, but nor are they automatically considered not a dupe just because they're not identical.
In this case the consensus (that I agree with) certainly seems to be that they're similar enough to be considered a dupe. Though that doesn't force the moderators to have to treat it like a dupe and merge comments.
I often do to, so this reply is not a criticism of your general point, however in this case your would have been better informed to read the actual thing and not the comment you replied to!
Yeah. But with a finite lifetime, and an effectively infinite supply of content on the internet - quick & dirty attention-rationing algorithms are unavoidable.
Your claims about vaccine trials are not true. I’m not an expert and don’t have time to go and find citations to argue each of your points one by one, but I’ve read enough studies to know that vaccine trials aren’t nearly as sloppy / poorly designed as you believe.
For example, even when speed was extremely important and everyone was trying to get Covid vaccines out as fast as possible a few years ago, they still ran large randomised placebo-controlled trials (in places with high infection rates so they could get good comparison data relatively quickly).
So please stop spreading false claims about this stuff / spend time actually learning the facts. Claims like these do real harm by undermining trust in vaccines and helping fuel avoidable outbreaks of diseases like measles.
reply