Does "publication" refer to the software or to something documenting the existence of the bug? Because I thought zero-day meant the bug was exploited the same day the software containing the bug was released, but your phrasing sounds like if you exploit a bug before the maintainers know about it then it's a negative day.

Zig raises overflow. There are +|= and +%= operators for clamped and wrapping addition.

Rust doesn't raise overflow by default. But you can just 123.checked_add(321). Now your code is unreadable, but it's overflow safe.

Honestly, based on the way I write code I'd rather something like an end of line comment. Like:

   var x = y + z; # wrapped

Because I'm very unlikely to mix wrapped/checked/clamped arithmetic in a single line. It can't be a compiler state like doing(wrapped) { x + y } because in Zig every line must be "compilable" by itself, without requiring context from other parts of the code. Function names are too verbose. Casting is too verbose. Having a statement-level modifier would be a good compromise.

Nobody is going to write "checked_add" because that's too long and people are too lazy. The checked addition should be "+" operator.

Agreed, the option that sacrifices security in search of performance should be the more verbose one. There's a reason Rust doesn't have `safe {}` blocks and there's a reason it chose immutable-by-default semantics.

>They may be trying to vilify Yoti, they may be farming karma, they may be trying to discourage people from using GrapheneOS

I don't understand why you draw that conclusion. Based on:

>The OP of this reddit post has a lot of other posts (now hidden) about age verification, bypassing it, and privacy. They even got called out about this in the reddit thread and responded by hiding their profile

That just sounds like a privacy-conscious person doing things privacy-conscious people would do.

If they are faking emails, which is what we are speculating, causing an uproar like this, they are not doing normal privacy things.

What if they aren't faking the e-mails, and it's Yoti who is lying? Then it's just a privacy-conscious person.

What if neither is lying? The e-mail was sent, but this was never recorded on Yoti's customer support records, or the record was deleted? Do we know what kind of customer support system Yoti is running? What if there was a bug or hardware failure? What if someone saw it being deleted but they figured it's better for them if they didn't say anything, so Yoti isn't aware of its own internal cover up?

What if PalDuck was actually paid by Yoti to publish a fake e-mail screenshot as part of a PR campaign? What if the screenshot is real, but it comes from a different timeline and Yoti did nothing wrong in this timeline?

With this "he said she said" situation, considering nobody is going to open an investigation over a reddit post, I think we might have more fun speculating about time-travelling screenshots. We'll never know the truth either way.

If the email is DKIM signed it could be easily proven

It's been a while since I last used IRC, but afaik one of the issues with it was that servers revealed the IP address of users to every other user by default. Since the IP is geographic that's one piece of information you could use to doxx someone.

IP addresses aren't linked to a complete street address, and many times don't even show the right town, especially those on CG-NAT or a plain ol' direct public dynamic address. I have seen some IPs, like on AT&T and Comcast home Internet, showing a different state.

So in many cases, you don't need a VPN to prevent revealing your actual geographic location.

And some IPs stick to users for over a decade, and over time the data pieces add up and connect the dots.

Libera gives all registered users a cloak to hide their ip.

It'd be trivial (TM) for someone to make a web interface, and the connections would say "Connecting from some-data-center.aws-cloud.bl"...

There are many ways to mask your "real" ip address, VPN being an easy start.

The fact that this is needed at all is a serious problem. Making people who aren't aware of some obscure details accidentally doxx themselves is incredibly user-hostile.

One time I clicked "I forgot my password" on a website and they e-mailed me my password.

Ever since I don't trust online services.

Nothing gives me less confidence that something is a genuine question than opening the question with the phrase "genuine question." :(

Did you really ask this hoping to reevaluate your perspectives from the answers, or did you only ask this in hope to make OTHERS reevaluate their perspective by making them ask themselves "why am I anti-AI?"

They should add a feature called "auto-really" that just automatically says "really?" after the chatbot answers a question to check if it's going to 180 upon this tiniest bit of scrutinity.

You joke but this is almost literally what Chain-of-Thought does, at least in the early days. They basically just added "Wait," to the model's output and fed it back to the model iirc

This can't be a trillion dollar industry...

It's the ELIZA effect.

"Really?"

You know, Google has an index so it doesn't crawl the whole web every time you type something in the search box, because that would be massively wasteful.

Seeing every chatbot instantly turn into a scraper every time you type anything into it was a "uh oh" moment in the sense it was very lamentable.

If there is one thing AI has "democratized" it is scraping.

Indeed. The best endorsement is done explicitly by obnoxious users.

I use Linux, btw.

Youtube implemented the same sort of thing for channels. If you have a youtube channel and someone comments on one of your videos, there is an AI-generated "reply" that you can click to avoid having to actually think about interacting with commenters on your videos.

The weird thing is, if I commented on a channel and they sent me an AI-generated reply, I'd just hate them forever.