You pay red hat for compliance reasons (availability of a support you'll never call, mostly).

My wording was bad, sorry; but try to install their app just once. After that, I'd bet you won't ever be able to go back to SMS validation (which is what I was talking about at the end of my comment).

If not, I'd be curious to know the banks you're talking about (to consider switching to them, for one thing). What I said above is true of Caisse d'Epargne, HSBC, CCF, among others.

Close to every bank in the EU requires their user to have an app, for MFA (both for logging in and for validating transactions - transfers, payments). They use the smartphone's TPM. I have yet to see one that allows you to use your own MFA app.

The few I've seen that don't require it will validate the same through text messages (not everyone has a smartphone); though if you associate their app even once, you're screwed - the app it is from now on.

As an alternative, I've found methylcellulose to be pretty good for thickening my vegan homemade sauces (mainly tried it because I use it for other stuff, like fakemeat homemade protein sources). That's for homemade mayo or the like; for sauces in stews and similar, flour does the job - though US cooks seem obsessed by cornstarch instead for that use case.

Even revealing enough details, but not everything, about the flaw to convince a potential buyer would be detrimental to the seller, as the level of details required to convince would likely massively simplify the work of the buyer should they decide to try and find the flaw themselves instead of buying. And I imagine much of those potential buyers would be state actors or organized criminal groups, both of which do have researchers in house.

The way this trust issue is (mostly) solved in drugs DNM is through the platform itself acting as a escrow agent; but I suspect such a thing would not work as well with selling vulnerabilities, because the volume is much lower, for one thing (preventing a high enough volume for reputation building); the financial amounts generally higher, for another.

The real money to be made as a criminal alternative, I think, would be to exploit the flaw yourself on real life targets. For example to drop ransomware payloads; these days ransomware groups even offer franchises - they'll take, say, 15% of the ransom cut and provide assistance with laundering/exploiting the target/etc; and claim your infection in the name of their group.

I'd be surprised if it's above 20K$.

Bug bounties rewards are usually criminally low; doubly so when you consider the efforts usually involved in not only finding serious vulns, but demonstrating a reliable way to exploit them.

Indeed, we'll see.

As for your question, I don't know about the person you're replying to, but for me any software where part of the source was provided by a LLM is a no-go.

They're credible text generators, without any understanding of, well, anything really. Using them to generate source code, and then using it, is sheer insanity.

One might suggest it means I soon won't be able to use any software; fortunately the entire fever dream that is the ongoing "AI" bubble will soon stop, so I'm hoping that won't be the case.

Religion maybe, and Wikipedia is indeed pretty awesome for many topics, but politics is THE bad example here.

Much of the political - especially geopolitical - content on Wikipedia has a tremendous atlanticist bias.

Tech as an industry already had an atrocious reputation but the moment the insanely stupid "AI" bubble pops I suspect it'll get much worse. Ultimately it's pretty deserved, though. At this point the bullshit is so strong one almost wishes for a new AI winter.

Although this, from the page linked, was pretty fun: https://www.youtube.com/watch?v=urcL86UpqZc

Oh gods, the painful flashbacks.

At +5C, there is no growing food in any substantial amount outside of high tech, low yield approaches; approaches that depend on complex planetary supply chains (both for initial deployment and maintenance), which will have disappeared by then.