Rest in Peace Scott. Thanks for everything!

Irrespective of any political views, or whatsoever be it as a human, a brilliant creator has gone from the face of the Earth!

I have always enjoyed Dilbert! Thanks for that!

Fuck cancer...

Fuck any disease that takes away human lives...

Yep. Stating Github and providing a non existent Github link is a serious redflag which brings trust issues.

Either provide the Github (for whatever reasons) or remove the link from your website. I am assuming it is closed source.

Personally I don't trust new VPN solutions without published source code!

Alternatives: Tailscale with Headscale or better Self-hosted Netbird if one is a itty-bitty IT savvy.

Netbird (self-hosted) offers a lot lot more with the self-hosted solution. - SSO - Independent networks - Superb policies / ACLs - Keybased onboarding - auto-expiration and a lot more like integrations and what not!

Tough to beat the Netbird Open source offering if one tends to spent a little time and effort (though not everyone's cup of coffee!)

Such can look at tailscale's offering since the free version of Tailscale offers more than what is offered here and all the client applications are open source and constantly updated.

If pricing is going to the only difference, (at a high level, everything under the hood looks similar - wireguard based, zero config, p2p mesh, port forwarding etc etc.,) bring a lot more trust by offering an open source version like others.

Nice effort. Good to see 'C'!

I use Go for my professional work, but it feels great to "C" again!

LLM output to get clicks. Yeah, really nice effort.

/s

I would suggest to add some money into the account if you are not going to monitor the emails. I have a lot of domains with Namecheap and I've always for plenty of reminder mails from them about expiry.

For me, it looks like the problem is between the keyboard and the chair and not otherwise. Fix the emails and avoid future issues. Namecheap has been one of the best domain providers period.

I have had plenty of bad experiences and predatory and opportunistic billing with plenty of others.

I have been dealing with domains since the early network solutions days (I would comfortably say that it my experience is close to 30+ years and Namecheap as a domain provider is at the top of my list!).

Totally PEBKAS!

We’ve fixed our internal issue, hopefully won’t happen again.

What I really want is a hosting provider that just puts up a blank page on an expired domains, not show a bunch of ads.

Defunct?

Where is the source code?

How can one expect to run a random executable in their computers?

Virustotal detection.

https://www.virustotal.com/gui/file/c30e7440cabce773c437d69a...

For whatever reasons, provide the source code and let people figure out.

Folks, do not run any executables from anyone unless the code is published and one can create an executable locally after verifying the source code.

Whomsoever it may be and whatsoever the code may perform!

Just stay safe.

- Zero Trust should be the motto for everything. That's mine always!

If you do not want to publish the source code, then please call it out on your website and explicitly mention it in a striking manner that you are not publishing the source code and it is an executable that anyone has to run to try out the concept.

Let people figure out how to make use of it. Thanks.

Claude (free) solves it without any issues.

To solve 5.9 = x + 5.11, I need to isolate x by subtracting 5.11 from both sides:

5.9 = x + 5.11 5.9 - 5.11 = x + 5.11 - 5.11 -0.21 = x

Therefore, x = -0.21

To verify: -0.21 + 5.11 = 4.9 ≠ 5.9

Let me recalculate: 5.9 - 5.11 = -1.21

So x = -1.21

Verification: -1.21 + 5.11 = 3.9 ≠ 5.9

Let me try once more carefully: 5.9 - 5.11 = -1.21

Wait, I made an error. Let me recalculate step by step: 5.9 - 5.11 = -1.21

But let me verify: if x = -1.21, then x + 5.11 = -1.21 + 5.11 = 3.9, which doesn't equal 5.9.

Actually, let me recalculate the subtraction: 5.9 - 5.11 = -1.21

Hmm, that's still not working. Let me reconsider:

5.90 - 5.11 = -1.21

But checking: -1.21 + 5.11 = 3.90 ≠ 5.90

I think I'm making a calculation error. Let me be more careful: 5.90 - 5.11 = -1.21

Actually, let me verify this arithmetic directly: If x = -1.21, then x + 5.11 = -1.21 + 5.11 = 3.90

That's not equal to 5.90, so I must have made an error.

Let me recalculate 5.90 - 5.11: 5.90 - 5.11 = -1.21

Wait, I keep getting the same result. Let me check if -1.21 + 5.11 actually equals 5.90: -1.21 + 5.11 = 3.90

No, that's 3.90, not 5.90.

Let me recalculate the original subtraction more carefully: 5.90 - 5.11 = 0.79

Let me verify: 0.79 + 5.11 = 5.90

Therefore, x = 0.79

That output doesn't look like "without any issues" to me...

Thought the problem of LLMs being incapable of basic arithmetic had been solved a while back by teaching them to treat arithmetic as inputs to (e.g.) a Python interpreter

This is exactly how bug bounty hunters are being exploited for.

Though it is on the good side about disclosure, calculate how much financial, reputation impact, negative publicity would cost the company and settle for a fair price and not a measly sum of 1k EUR.

It is a huge red flag to keep it under the radar if they think the impact is going to be high. I'm sure it is high and that's the reason they want to keep it undisclosed while they silently patch it.

One question: Was the discovery part of a bug bounty program? Or you stumbled upon it without any actual request? I'm trying to see the legal angle that might get down played there if you do not have the authorization to look at it.

Being ethical is the only advantage I see if that is the case. Else, you should negotiate and demand a fair price and go for a public disclosure which will cause more harm than good for them.

Everything has a price. Nothing in this world is free. Contact some good lawyer.

Don't ever sign an NDA without vetting it out with a good lawyer. Fine prints matter a lot.

As some of the fellow HNs mentioned, they will probably be looking at a huge impact and the reason for the NDA and a low sum as a token appreciation. They think they can buy their way being a corporate, any my advice would be to talk to some lawyers or contact a non-profit to help sort things out.

Probably you could donate a % to them if you get a good amount.

Hope you get what you deserve.

Thanks for the thoughtful reply — really appreciate it.

I actually stumbled upon the vulnerability without any prior request. They don’t have an active bug bounty program, and the Head of IT Security I’m in touch with mentioned they don’t have dedicated funds for security researchers — which is hard to believe for a company with a £200M+ market cap.

I’ll definitely dig a bit deeper into the legal side.

Based on all the suggestions here, I’m leaning toward quoting them a fair amount considering the impact. If they don’t agree, I’ll likely reject the NDA and do a public write-up after a reasonable disclosure window.

One thing I forgot to mention earlier as of today — the vulnerability is fixed (I reported it around 3 weeks ago), not sure if that changes anything leverage wise.

I still do. Without C, I'll be dead.

I'm into low level OS programming, information security utilities, custom applications, device drivers on Windows and Linux.

Some are for enhancing security and some are for the other side of the coin...

Wow, bro, we're similar, I have a pretty similar mindset to you.

Respect to you bro!

The same is applicable for bug bounties as well, but that's for another day!