
Ender [1]
2024-06-18 22:36:51 🔗
[261 days ago]

There were some complaints on a recent bug thread (http://bots4.net/forum/3/7677) about how I'd given a star reward for that bug report, but not another. I deleted the posts because they were cluttering up an otherwise unrelated thread (see http://bots4.net/forum/3/4432 policy), but I wanted to address what was raised because transparency is important to me.

I helped fix a star logo error that people actually use and he gets a star for records of old bots from 2011 that nobody gives a shit about, yeah, very fair Ender -_-

I'm guessing this is referring to how star logos didn't have cache-busting when custom uploads were fixed earlier this year (http://bots4.net/forum/10/7903). I outlined in the original announcement post about how and why I was giving stars out for security issues specifically because I was worried about people being able to upload arbitrary files to the game server. I also linked to the game's responsibile disclosure policy (http://bots4.net/forum/3/6646) which is primarily about security to further emphasize that point. I generally do not award stars for non-security bugs, but there are definitely exceptions.

Just discussing why one bug isn't worth a star but this other one is that Ender randomly noticed and nobody other than Gpof/Nos cared to talk about or probably even look at is.

This is explained in the first post of the bug thread:

  • I was not the one that noticed the bug. I started the thread because it was a problem reported over bmail (from Gpof I'm guessing, but I didn't check) and I generally prefer bug reports to be in this subforum where everyone can see them and they can be linked to easily.
  • I stated at the start of the thread that I would be giving a star to anyone that pointed me in the right direction, just like I was upfront about requirements for security bugs with logo uploads.

Fine go ahead and delete my posts then, who cares. Just don't be surprised if nobody cares to help fix anything if one to a few person gets special treatment and others get nothing.

Suggesting that special treatment was involved doesn't make sense because I stated at the start that I would be giving a star if someone pointed me in the right direction. I do this occasionally when I'm stumped by something. It was open to anyone... That said, I am happy that Gpof was the one to figure it out because he has a good attitude, which is something I value a lot.

I genuinely appreciate you taking the time to report bugs, but if your primary motivation for doing so is monetary reward, then there are better places than this game. I've made some money from HackerOne myself if you want to give that a try. That has actual corporations paying out (sometimes significant) money to people. In this game, you (usually) just get (a) my genuine thanks and appreciation and (b) a better game. I'm sorry if you felt misled about my policies because I definitely didn't intend that and try to be upfront with expectations as much as possible.

Ender [1]
2024-06-18 22:39:50 🔗
[261 days ago]

I'm going to lock this thread because I don't want to potentially create a public back-and-forth, but I did want to make my policy clear to anyone that might have had similar questions. If the person with the complaint wants to discuss further privately (genuinely and in good faith), feel free to bmail me and we can chat some more.