I don’t want to shame the user, but there was a recent discussion thread on npmplus where someone was using a compose file generated by an LLM and was confused why the hallucinated env variables weren’t working.

The kicker is that npmplus literally gives you a comprehensive and complete compose file with every optional setting commented out with a brief description, so you can just copy and edit to your desire.

Which of course the LLM decided to ignore anyway and come up with its own config options lol.

On a somewhat related note, I feel like bug bounties these days have become sort of under subsidized for well developed applications. All the medium and lower findings payouts are pretty fair, but lots of the high/critical bounties seem a lot less than what I would expect, especially compared to some of the huge prize pools I’ve seen at some conventions (upwards of 50k USD).

I have no idea how much they fetch on the black market, but it seems weird to me that something like an RCE receives less than 10k, which could easily be utilized by some APT to net millions in a more sophisticated ransomware attack.