• 0 Posts
  • 421 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle







  • But that is the point. Most people do not use VPNs, you harm very few legitimate customers and save yourself the headache of dealing with all those who use VPNs for scams, attacks, exploits,…

    The trade-off is entirely different from dynamic IPs.

    Also, the admins running those things don’t do stuff to look like they are doing things, they wouldn’t care if you use a VPN if there was no downside to treating VPN IPs like any other.



  • the info required was there already, just you needed to put effort in

    Not really. This is mostly what this is all about. The companies are insisting that open source projects should do analysis of security impacts in addition to fixing the bugs whenever some “security researcher” runs some low effort fuzzing or static analysis thing that produces large numbers of bug reports and assigns CVEs to them without the consent of the project. The problem is that such an impact analysis is significant effort (often orders of magnitude more than the fix itself) by people with deep knowledge about the code bases and only really useful to the customers of those companies who want to selectively update instead of just applying all the latest fixes.