chat

7976 readers

57 users here now

Chat is a text only community for casual conversation, please keep shitposting to the absolute minimum. This is intended to be a separate space from c/chapotraphouse or the daily megathread. Chat does this by being a long-form community where topics will remain from day to day unlike the megathread, and it is distinct from c/chapotraphouse in that we ask you to engage in this community in a genuine way. Please keep shitposting, bits, and irony to a minimum.

As with all communities posts need to abide by the code of conduct, additionally moderators will remove any posts or comments deemed to be inappropriate.

Thank you and happy chatting!

founded 3 years ago

MODERATORS

[email protected]

Has anyone ever done those bug bounty things? (hexbear.net)

submitted 10 months ago by [email protected] to c/[email protected]

14 comments fedilink hide all child comments

Is it actually possible to make any good money doing that or am I better off doing surveys or some shit for money on the side lol

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 8 points 10 months ago* (last edited 10 months ago) (1 children)

CW: stimulant abuse

I was on way too high of a Vyvanse prescription for a short time in college (80mg IIRC) and once that much Vyvanse kicked in, I felt compelled to break things (in a hacker nerd way). It always felt like I was "still in the middle of making progress on X" whenever the Vyvanse was winding down, so I would take spaced 12 hours apart, doing this to stay awake days at a time (I would sometimes go to bed after 72 hours awake, but I wasn't productive by that time and I hallucinated if I looked at anything for longer than a second).

The cost of tuition was a big stressor to me, so taking that much Vyvanse inevitably made me feel driven to make money by doing bug bounties, and I would spend all of my time while on Vyvanse trying to break software that had bug bounties (I focused on 1 application in particular, but opsec). I ended up collecting bug bounty rewards for 2 separate vulnerabilities I found while staying awake on Vyvanse like this and submitted, about 6 months apart. I put all of it towards tuition, which was a big part of why my family could afford my tuition that year.

That said, IIRC I got all Ds during the semesters when this happened, and my parents threatened to stop paying for college until I convinced them the first bug bounty would pay out and look good on my resume. My teeth would hurt frequently because I would grind them while catching up on sleep after being awake for days. I also kept trying to find more vulnerabilities after the first 2, but I didn't know how to turn the crashes I found into vulnerabilities (or how to prove that they could be used for vulnerabilities, which would be necessary for a bounty), and nothing additional I found would qualify for a bug bounty (though having those first 2 on my resume ended up landing me my first internship). But bug bounties are real, and depending on the company offering them, they'll probably pay out.

Side note: Instead of a stimulant like Vyvanse the med combo that ended up working for me is Strattera/atomoxetine for ADHD and Wellbutrin/bupropion for depression (which is relevant because Strattera by itself makes me feel a little depressed), which I should be able to take my entire adult life without risk of long-term affects or tolerance.

[–] [email protected] 6 points 10 months ago* (last edited 10 months ago)

cw: drug use

Thanks for sharing your story. I'm really tired rn so please forgive any nonsense I may write lol. I have had some similar experiences in my life (but I rarely have access to legit monoaminergic stims so mainly caffeine or whatever research chems I can find lol) where I just feel compelled to hack on something for days/weeks at a time to the detriment of the rest of my life/health. That is really cool though that you made significant money (enough to help pay tuition) and got some cred to get a internship! Particularly to me cuz I have both of those problems too lol. The comments here have convinced me to try the bug bounty thing out. I've been working with operating systems, compilers, etc for years so hopefully it won't be too hard for me to move from thinking about exploit mitigation to the other side. Some of those wild techniques people use these days to, for example, subvert the usual control flow of programs seems like dark magic to me though lmao. Mostly gone are the days when you could just dump your return addresses on to someone else's stack and expect to have easy control or whatever :3 People think writing C is like walking across a minefield but it is actually really hard to turn these oversights/mistakes (particularly in memory management) into actual working exploitable security flaws because of all these nice mitigations we have in place now.

I'm actually finally getting assessed for ADHD soon after having doctors dismiss my concerns for years so maybe I'll get some meds for that idk lol. I'm glad you found a more sustainable way to help with your ADHD and depression.