Programmer Humor

28126 readers

536 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

505

You can do anything at Zombocom (sopuli.xyz)

submitted 2 weeks ago by Gork@sopuli.xyz to c/programmer_humor@programming.dev

74 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] einkorn@feddit.org 26 points 2 weeks ago (3 children)

You are braver than I am because here in Germany usually people get sued for reporting security vulnerabilities.

[–] MonkderVierte@lemmy.zip 15 points 2 weeks ago

Yep, don't do that if you live in a Internet ist Neuland country.

[–] victorz@lemmy.world 7 points 2 weeks ago (1 children)

tf? They should offer you a job if anything.

[–] einkorn@feddit.org 10 points 2 weeks ago (1 children)

That is if you'd live in a place with an open attitude toward new technologies.

[–] victorz@lemmy.world 1 points 2 weeks ago (1 children)

But the technology is already there in place, and you get sued if you point out security flaws in it? Crazy.

[–] einkorn@feddit.org 3 points 2 weeks ago (2 children)

Yes, because any circumvention of any form of security, be it as useless as a hardcoded default password, is considered a crime in German law. So even the discovery of a security flaw puts you with one foot in jail, because technically you did something you are not supposed to.

[–] CompassRed@discuss.tchncs.de 1 points 1 day ago

Interestingly, I didn't have to circumvent any security measures to uncover the vulnerability. They had a page that was leaking api keys - all you had to do was watch the network requests. That's why I chalk it up to luck and not my prowess in cyber security.

[–] victorz@lemmy.world 3 points 2 weeks ago (1 children)

Time for some reform. Finding security holes is very important and benefits everyone.

[–] einkorn@feddit.org 2 points 2 weeks ago

Not like there have been no initiatives. But given that our biggest party also sued after someone pointed out their technical fuck-ups it is not likely to happen.

[–] EldenLord@lemmy.world 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I know a guy who did exactly that and got sued. The security failure he reported even was a Straftatbestand committed by the company and so he won the process. German companies really love shooting themselves in the foot.

[–] bless@lemmy.ml 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Over here, not just sued, but sued for extortion because they had the audacity to ask for bug bounty. Ok then, if I ever find a security hole that exposes sensitive data, filing a gdpr report it is

[–] CompassRed@discuss.tchncs.de 2 points 1 day ago (1 children)

For the record, I didn't bring up a bounty, but I still received payment. It helps that it is a small company, and that the CEO is also a developer. They were so grateful for the discovery that the bounty was freely offered without me asking.

[–] bless@lemmy.ml 2 points 18 hours ago

I'm glad that it worked out for you. May you always encounter levelheaded proper in life