From their bounty program page at https://bughunters.google.com/... :

"Insecure customer configurations (such as unconditionally injecting shared secrets or misconfiguring security-related settings) rather than a product vulnerability.}

If their published standards indicate that giving the connector that level of admin permissions is excessive, and the access needed to exploit this is as clearly a set of poor security management as the last paragraph of the summary implies, then, "Yes, it should be corrected, and no, it's not bounty worthy" seems a reasonable stance to take. It sits right in the zone of that definition.

You could have the argument, but it's not clear to me that Google has it wrong.

In my life I have owned... let's see... 11 cars. Since 1996 I've owned exclusively new cars - 6 of them. Three were distributed in my country in limited numbers so I had no haggling power.

But I'm driving my current car until it falls apart. And I won't be buying another new car. My next car will not be one that tells constant stories about me to data brokers:

My apologies. Bad nesting. Was intended for 66197052.

You're saying that examples of self policing in the absence of laws can't be trusted because they're self regulated and not enforced by laws.

Well, I guess I can't argue with that. But it's meaningless.

Not so much "glossing over" as resigned to it. The stack of malfeasance with this guy would crush a small animal if it fell over sideways.

When the bulk of his ill gotten gains is now measured in billions, some five hundred dollar phones with misleading country of origin provenance seems not worth dwelling on.

Yeah, that ain't good... but here we are.

I apologize. I checked the nesting three times, though, and was sure you were referring to my post. I really hate that about slashdot.

But I still maintain the point that it's only slightly scammy. It's a functioning phone and the feeling they're buying is real. They've only been scammed a little. As I said, as his grifts go, this one is pretty penny ante.

Nope. No idea how you got there.

This isn't much of a grift, anyway, Sure, they're overpaying, but what you need to realize is that they're buying two things - a phone and a feeling of contributing to, and participating in, the cause. Valuing the second part at zero is to misunderstand human nature.

Some would say policing others over what you perceive to be incorrect, unintelligent behaviour makes YOU the socially incompatible misfit who needs to be corrected. For instance, I would say that. I am saying that.

Pick your battles. That should't be one of them, Otherwise you'll spend your whole life getting angry at people who bought beanie babies before the crash.

Watches, guitars, maga hats... all Chinese products sold with fake patriotism to gullible twits. Just don't be one of those twits and move on with your life. My dad bought monster cables. He wasn't getting his money back so I kept my opinion to myself. In the grand scheme of DJT grifting this doesn't begin to move the needle.

Teens will find a way, like they always have. You can't stop the tide completely, but that's not necessary. Probably not desirable, either. You just need to slow it down. Moderate it. Like we've done for decades on other problematic things in society, I couldn't buy a playboy back in the early eighties... at least until I found the Chinese corner store owner who would look the other way. No shade - he just happened to be Chinese. Interesting factoid... it was usually easier for kids to get pot than booze...

There is not much of a downside here. Being identified might even curb the "asshole in waiting" inside of angsty teens and shave off the worst online behaviours.

I'd like to think that old maxim carries some weight... but when it comes to the US, it doesn't - at least, not now. They're going to walk away. The good news is that no matter how they end up doing it, there will indeed be a price to pay. Not immediately... but pretty quickly. It has already started to manifest. And they won't be prepared to deal with it. When their leader exits, they're left with a shell of an organization, populated by incompetent sycophants with no idea how to run the show. When the world continues to turn away and build around the US, the utter lack of diplomatic capability will leave them an island. A prickly one, to be sure... but a hopelessly indebted, broke island.

Five years ago I started telling my direct reports that they'd better start planning their exit strategy from coding and simple BA work. Get started on business and managerial skills. Prepare to go upward or out. I didn't know it would be AI specifically, but I knew that the tools were already getting sophisticated enough to signal that the front line jobs would be under threat.

Some took the advice, some didn't. Other managers were willing to tell them not to worry, which took away the sense of urgency.

I've since met with some of those folks who were looking for advice on upcoming interviews or the job search, and I've been helping as best I can, but also telling them to have Plan C figured out. Nobody wants to exit the industry and reinvent themselves... but that is the world some of them are finding themselves inhabiting.

Like it or not, we have more technical people than roles for them to fill. And the math is heartless.

If there's any lesson to learn in all of this, it's that making confident predictions on things like large percentage changes in oil prices isn't just foolhardy... it's silly. It's exactly the kind of mistaken prognostication that made Russia think they had an unbreakable stranglehold on Europe through natural gas provisioning. That power evaporated in their hands when the world reorganized around them. I've been hearing about $150-$200 oil from pundits since the start of this conflict. It may arrive, it may not. But to be so sure as to specify a date seems wildly overly optimistic.

Film at 11:00.

Throw in a decline in the use/abuse of alcohol, and you've got declining fertility, which should surprise nobody. :)

There's a difference between new major versions not supporting something and just blanket not supporting something.

Will the last version still be supported with patches - particularly security updates? My guess is, probably. In which case that's a pretty good asterisk. If that's true, then every OS eventually drops some hardware off the back end, and this isn't really any different.