back to article Curl project founder snaps over deluge of time-sucking AI slop bug reports

Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated "slop" bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers' time. Stenberg said the amount of time it takes project maintainers to triage each AI-assisted vulnerability report made via …

  1. Anonymous Coward
    Anonymous Coward

    It's the bug bounty

    "Curl offers bounty rewards of up to $9,200 for the discovery and report of a critical vulnerability in the project, and has paid $16,300 in rewards since 2019."

    I think these "bug reports" aresern as free lottery tickets for the bug bounty.

    You have an LLM running on you hardware or some free subscription to an AI. What is easier than to deluge every bug bounty project with bug reports.

    It is like Spam, if one in a million pays out, you send two million. The costs are lower than the expected payouts.

    That is, assuming they are actually able to do that math. Or they can get others to pay for bandwidth, electricity, and subscriptions.

    1. Dan 55 Silver badge

      Re: It's the bug bounty

      I'm starting to understand why MS demand videos now (and we all complained).

      1. Philo T Farnsworth Silver badge

        Re: It's the bug bounty

        Precisely my thought.

        By now the spammers will know to deepfake a video, too.

        And so the karmic wheel of slop rolls on.

        1. theblackhand

          Re: It's the bug bounty

          If you "deepfake" the video, MS can get a team of relatively low skill security people or potentially even AI, to review your submission and if the steps provided do not match your results downgrade or reject the submission.

          Potentially they could even create a submission "cost" that involves no cost for actual submissions but could be offset against any bounties you do legitimately claim in the future.

      2. Rich 2 Silver badge

        Re: It's the bug bounty

        The irony there, of course, is that it is the actions of MS (and Google etc) in creating the tools to generate this mess are to blame

        A bit similar to making an OS with Swiss-cheese security and then selling anti-virus applications to keep it upright. Rather than fixing the actual OS

        God, I hate MS

      3. JoeCool Silver badge

        Re: It's the bug bounty

        Unless they accept "F*CK OFF" as a response proving legitimacy, it's a crap solution.

    2. captain veg Silver badge

      Re: It's the bug bounty

      How about issuing fines for "plausible but wrong" reports?

      -A.

      1. MiguelC Silver badge
        Facepalm

        Re: It's the bug bounty

        Under whose power?

        No one would ever consider paying. Even if they get banned unless they pay the 'fine', what's the difference between that and directly banning them?

        1. captain veg Silver badge

          Re: It's the bug bounty

          Other's have (below) suggested possible mechanisms. But that's entirely beside the point. Offering reward for doing good ought to be balanced by some kind of penalty for taking the piss. Call it "moral hazard", if you like.

          Let's be creative.

          When you submit a report you make a punt on how real and/or severe it is by laying a stake. Instead of a flat bounty, they pay out some multiple of your stake. If it turns out to be a waste of time then you lose your stake.

          I'm sure you could come up with something better.

          -A.

      2. JulieM Silver badge

        Re: It's the bug bounty

        That is much more easily said than done.

        Asking for money is one thing, but how are you going to collect what you are owed?

        1. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: It's the bug bounty

      Are seen as free lottery tickets

      Take the "free" out of equation and require a deposit of USD10 or EUR10 for each bug submission refunded with a bounty for a legitimate submission otherwise surrendered to fund curl maintenance and development.

      1. Doctor Syntax Silver badge

        Re: It's the bug bounty

        Not necessarily with every report. Just a deposit on joining HackerOne, refunded after a genuine report. If, subsequently, slop reports are sent a new, double deposit will be required to be refunded after 2 genuine reports, otherwise the submitter is banned. Double up again as necessary.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's the bug bounty

          Now you have to deal with all of the claims of "genuine report". For example, Microsoft said that creating a folder was a viable security patch. How many lawsuits will they get for declining to refund the fee?

          Regardless, if the fee is paid by credit card, the payer can contest the charge (for at least six months) and get the card co. to refund it, at considerable additional cost to the depositor.

          Damned if you do, damned if you don't, damnit this country needs serious reform.

          1. Anonymous Coward
            Anonymous Coward

            Re: It's the bug bounty

            Making a $10 donation for anti-malaria bed nets, lets you make a bonus bug report.

    4. Anonymous Coward
      Anonymous Coward

      Re: It's the bug bounty

      I don’t get why Open Source projects like Curl rely on free developer time goodwill…. yet pay cash bug bounties.

      1. Teal Bee

        Re: It's the bug bounty

        The bounties are awarded by a third party, not by the Curl project.

        https://internetbugbounty.org/

        1. Rich 2 Silver badge

          Re: It's the bug bounty

          Maybe they should stop the bug bounty?

          It’s why people (in most places) are not paid to donate blood. There is no incentive for someone to give blood even if they know they have some horrible disease (which they may otherwise be tempted to - yea, I know!)

          Removing the bounty shouldn’t stop genuinely concerned people from submitting reports. But it would remove the incentive to submit crap

          1. Robert Carnegie Silver badge

            Re: It's the bug bounty

            One or more excluded blood donor groups demanded to give blood as by right, even without being paid AFAIK. Said it was discrimination. Would it be better to say excused not excluded?

            I suppose that a scenario is if your workplace encourages giving blood, you are in an excluded group but you fear being discriminated against if the employer knows.

          2. hohumladida

            Re: It's the bug bounty

            People are not paid for blood because then it will attract drug cartels to start trafficking blood or even worse.

            This is a false equivalence. The effort required to find bugs can be significant (can take thousands of hours). Donating blood is just an hour spent at the clinic.

          3. Anonymous Coward
            Anonymous Coward

            Re: It's the bug bounty

            It's much, MUCH harder to get people to donate blood in countries where paying them is illegal. As long as screening for disease is effective, the social downsides to paying for blood donations are minimal.

            Contrast to bogus bug reports - they're dirt-cheap to create at massive scale, relatively expensive to refute, and one report resulting in a bounty pays for the creation of a massive number of false reports.

            Maybe a $100 penalty for each false report submitted, used against any future bounty?

      2. doublelayer Silver badge

        Re: It's the bug bounty

        In addition to the points others have raised, there are two theories for why paying works better than just having an unpaid reporting mechanism, one of which I believe and the other I don't.

        The good reason: it convinces people to look for security problems. There are people who will work actively to try to find a problem if they can get paid, whereas if they're working for free, you may only get reports they stumble on by accident. It can be quite cheap, because if they don't find anything, you don't have to pay them. I have not tested this, but I certainly have seen more reports sent when payment was offered, even if many of them were crap.

        The less convincing reason: fears that the bad guys will pay for a vulnerability, so profit-oriented people will sell it to them unless they can make money by reporting it. I don't buy this. All of the parts of that are true, but I don't think bug bounty programs make a difference to any one of them. A criminal group will spend more for a good vulnerability than any bug bounty program will pay out. Most people who find one would be unwilling to sell to criminals because they don't like criminals. Most who would be willing don't know how to find them. Those who are willing and able have other reasons to choose not to, such as not having a reliable way of trading their vulnerability for cash when, if they send the details up front, the criminals don't have to pay because they have the vuln now, and if they don't send enough details, the criminals don't pay because they're not sure the thing is real. Someone who can get through all of those hoops will probably not bother trying to see if the company will outbid here.

  2. OllieJones

    It's the spam effect

    When it costs nothing to send an email offering a low price on a counterfeit drug, people will send lots of emails.

    When it costs nothing to send a bug report in hopes of getting a bounty, people will send bug reports. Another commenter got it right "free lottery tickets".

    I suggest Hacker One and other bug-bounty clearing houses revisit their business models. Charge money for the lottery tickets. Refundable after triage, or something like that.

    The current system isn't resilient. And defect detection schemes need to be resilient.

    1. CowHorseFrog Silver badge

      Re: It's the spam effect

      This is why third party advertising needs to be made be made illegal.

      These big problems will fade and become smaller problems.

      1. CowHorseFrog Silver badge

        Re: It's the spam effect

        Amazing how much people have been brainwashed into believing propaganda sorry advertising is a necessity or beneficial to them.

        1. doublelayer Silver badge

          Re: It's the spam effect

          No, your downvotes are because nothing related to this has anything to do with advertising. The article and most comments are talking about spam security reports. Those are not adverts. The comment you replied to got closer to adverts, since it was talking about spam email. Yes, those are adverts, but banning all advertising wouldn't do a thing about it because the spam is already not allowed and the spammers are doing it anyway. Thus, whatever we may think about advertising, it isn't relevant.

          Also, you have followed your typical pattern and gone too extreme on the negativity. I don't like advertising either, hence why I have a multilayer blocker in place to filter out as much as I can. There's a difference between that and justifying making it illegal, let alone making it illegal and actually enforcing that law to block it. It's much harder to justify that, but I'm not going to bother arguing on either side since you've not tried to do so either. You just called for it without providing reasoning.

          1. CowHorseFrog Silver badge

            Re: It's the spam effect

            doublelayer: No, your downvotes are because nothing related to this has anything to do with advertising. The article and most comments are talking about spam security reports. Those are not adverts.

            cow: Spam exists because of the money that can be made. No spam, then most of this spam security reports thing fades away.

            Cause and effect.

            Not claiming its a perfect solution, please grow up nothing is ever that simple, just saying you are feeding many monsters that do nasty things because they can make money from advertising.

            Try again and tell me how banning advertising doesnt help reduce this problem.

    2. Cliffwilliams44 Silver badge

      Re: It's the spam effect

      Fight the AI with AI!

      In the given example, the report referenced function that didn't even exist within the curl source. If you trained an AI on your source, run all bug reports through that AI and if it is obviously bogus, throw it out with a warning that any future bogus reports would result in a ban. It's not fool proof but it could filter out a lot. Yes, it would require an investment.

  3. DanielsLateToTheParty

    Sorry to nitpick, but...

    "He went on to say that the project has never received a single valid bug report that was generated using AI"

    If a report points to a real bug how do you know it wasn't an AI all along? Isn't this confirmation bias? It's like people who say "I can always spot a liar" when they have no way of knowing when they've been lied to.

    1. bombastic bob Silver badge
      Devil

      Re: Sorry to nitpick, but...

      could an AI screen/filter reports as having been written by an AI...?

      1. doublelayer Silver badge

        Re: Sorry to nitpick, but...

        AI filters for AI text have been tried for a long time and the answer is usually no. You can make a model that takes a guess, and in many cases, that guess will be reliable, but that's all it will ever be. If people realize you're doing it, they can easily make the guess less correct. For example, comparing real bug reports to AI-generated ones, there's often a significant stylistic difference between the two* so I can assume which are which, but if I am a spammer after a bounty, I can customize my prompt to make the AI write its text less professionally and more laconically, and then it will look more like the human-written ones.

        * People write bounties in a lot of forms, but they are often writing more informally, meaning more acronyms, a little less jargon, and slightly worse grammar, than the ones LLMs often produce. They are also written more formally, including the reverse of all three of those differences, than human-written ones that turn out to be crap. I can often guess based on the style how likely one is to be useful, but I have to read and test it anyway because the well-written one could be from someone who just likes to speak formally when they're sending a message to someone they don't know and the one with worse grammar might be someone who isn't a proficient speaker of the language they're writing the report in. All you could do with an AI is try to sort them so the useful ones are higher in the stack.

    2. joepie91

      Re: Sorry to nitpick, but...

      If you actually get to talk to the reporter, it's pretty easy to figure out whether it's an "AI" submission or not; because if it is, they will be unable to credibly answer questions about the process by which they came to their conclusion, or the technical details that led them there.

      Anyone who has worked with 'developers' who let an LLM write their code for them, will probably recognize this phenomenon, and the "I don't know, that's what the AI said" answers that accompany it.

  4. Brl4n

    The cons of this round of "AI" outweigh the pros. when will the nonsense stop?

    1. Jason Bloomberg Silver badge

      When will the nonsense stop?

      Hard to say.

      I am distrustful of AI but have been keeping an eye on Google's AI Overviews as I encounter them and was slowly being suckered into thinking it's not as bad as I had believed. Until it claimed, with it's usual confident certainty, that something I knew was absolutely wrong was a fact.

      Maybe that's what it takes; experiencing its bullshit, lies, fake facts and hallucinations first hand?

      1. Displacement Activity

        I am distrustful of AI but have been keeping an eye on Google's AI Overviews as I encounter them and was slowly being suckered into thinking it's not as bad as I had believed

        I occasionally ask Physics questions, and I recently asked one about the meaning of a failure in a specific theorem (Bell's inequality). It gave a plausible summary, and then produced exactly the wrong conclusion. I think it got confused about the meaning of what was basically a double negative : a failure of an inequality. It had a choice of two answers, and picked the wrong one.

        OTOH, I'm constantly typing in simple questions about software packages ("how do I generate an email invoice in Stripe" yesterday, and similar), and Google always chimes in with its own answer. And, most, of the time, they're so accurate that it makes my head spin. That particular one wasn't quite right because the software has changed since the AI learnt the answer, but it was a good start. You still have to read the proper hits, but I'm coming to the conclusion that the AI is actually very good with this sort of simple question, and undoubtedly better than most of the slop you find on the net.

        1. Anonymous Coward
          Anonymous Coward

          FFS !!!!!

          YET AGAIN ... THE THIN END OF THE WEDGE !!!

          If you need to examine the answer to decide if the answer is correct or not then AI is useless !!!

          AI is sold as being able to give people who 'do not know' the 'correct' answer.

          As more and more people use AI the number of people who 'do not know' increases and NOT all of them WILL be able to filter out the 'correct' answers.

          The 'interWebs' are already full of bad data and mis-informed opinion that is taken as fact/truth, Current AI is not improving the situation.

          People who are able to filter out the bad answers 'NOW' should NOT not be fooled into giving credence to AI, as it encourages other not so gifted to accept the answers from AI as 'good.

          You should use your ability to recognize the flaws and weaknesses of AI to educate the masses to the scam that is being perpetrated.

          AI is not going to improve as it is NOT intelligent, therefore we are hoping for better 'Clever pattern matching' to somehow happen and improve to the level that the 'wrong' answers are removed.

          Hope, in this instance, is magical thinking !!!

          If this level of 'almost but not quite correct' guesswork is allowed to be accepted as AI, and is further pushed on the masses, we are responsible for a societal harm that we may never recover from.

          The greed of the Tech Behemoths behind this scam is out of control, it must be constrained before it is too late !!!

          :)

          1. JulieM Silver badge

            Re: FFS !!!!!

            Exactly. If you cannot be sure whether what came out of AI is any good or not, there's no point having the AI; because you had to get the right answer using traditional methods anyway just to check the AI answer, so you might as well never have bothered with the AI!

            It's like having a faster-than-light communication channel and the only way to check for errors being to use a separate, slower-than-light back channel.

    2. kahara

      In this specific case it will stop once the project goes to full meltdown, and we're no longer getting updates for curl(1).

  5. Tron Silver badge

    Stop offering bounties.

    If you are Google you have unlimited resources and can deal with AI noise, so let them carry on with the bounties.

    When it comes to smaller/FOSS projects, most people will report bugs because it is the right thing to do and because they care about good software.

    No bounties, no AI noise.

  6. Someone Else Silver badge

    "All of these feelings can add to burnout of likely highly trusted contributors to open source projects.

    Are you sure that is not the point?

    <tinfoil_hat>Say, for example, some hypothetical less-than-ethical for-profit software firm decides that maybe Python is a competitor to a scripting language that said less-than-ethical firm charges for. This less-than-ethical firm could turn its own AI on to SPAM the livin' shit out of the Python devs so as to tie them in knots, all the while the same less-than-ethical firm's Marketing department starts blathering to the rooftops about how Python is so unreliable, or insecure, see all these bug reports that are going unanswered, while our less-than-ethical firm's Python wannabee, uh... competitor doesn't have anywhere near this number of problems.</tinfoil_hat>

    Any resemblance between the above scenario and any real persons or firms, living or dead, is purely coincidental. (But if it weren't coincidental, you could probably guess who that person or firm was. And, as Malcolm Nance likes to remind us," Coincidence takes a lot of planning".)

  7. martinusher Silver badge

    Well, you shouldn't really be using this tool

    The entire mechanism for transferring files using web protocols is a perverted form of FTP, one of those "quick and dirty" hacks that's persisted because everybody needs something like this but nobody seems able to think up a simple, reliable, secure and efficient mechanism to do the job. But since its so widely used any replacement mechanism should conform to the existing API regardless of what's going on underneath.

    1. IGotOut Silver badge

      Re: Well, you shouldn't really be using this tool

      Feel free to write something better.

      Must be

      Simple

      Reliable

      Low resource consumption

      Cross platform compatible.

      Off you go.

      1. Lee D Silver badge

        Re: Well, you shouldn't really be using this tool

        Also:

        Work through corporate firewalls

      2. ChoHag Silver badge

        Re: Well, you shouldn't really be using this tool

        In response, something open sores developers should learn how to say:

        No.

        Besides, we already have ssh.

      3. martinusher Silver badge

        Re: Well, you shouldn't really be using this tool

        Look, I know curl is simple and convenient, I use it myself. Its also horribly inefficient and has all the potential security issues that come with web protocols. All I'm saying is that all too often we'll take a quick and dirty implementation of something and then it gets used for all sorts of things it was never designed for and being stretched, extended, patched, re-patched in the process until it becomes a mountain of kludges.

        Have you ever stopped to ask what those characters at the top of a web page actually mean? Have you ever asked yourself how this maps onto network traffic?

    2. that one in the corner Silver badge

      Re: Well, you shouldn't really be using this tool

      > a perverted form of FTP

      Well, yes, it does do TFTP as well:

      From cURL man page

      curl is a tool for transferring data from or to a server using URLs. It supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS.

      Sorry, what was your point supposed to be about why we shouldn't be using cURL?

      If you do happen to have a better protocol up your sleeve, please share it with us - as soon as it proves its worth enough to get a URL prefix, guess which tool will allow us mere mortals to make easy use of it...

      > any replacement mechanism should conform to the existing API regardless of what's going on underneath

      Yup, as you say, the same API (cURL and/or libcurl) will play the role.

      1. Anonymous Coward
        Anonymous Coward

        Re: Well, you shouldn't really be using this tool

        > IMAP, IMAPS, ... POP3, POP3S

        Oh, it can read e-mail! I guess it's complete. Good job!

    3. kmorwath

      Re: Well, you shouldn't really be using this tool

      HTTP was fine for what it was designed for, it was when it became "the only" transport protocol and especially an RPC one that things started to go pear-shaped....

      1. CowHorseFrog Silver badge

        Re: Well, you shouldn't really be using this tool

        What do you think of multiparts ?

  8. Henry Wertz 1 Gold badge

    Misused tool

    Definitely a misued tool. Use AI to find some code tro take a look at? Sure. Autofile a bug report? Well, no, at least make sure it's not hallucinating non-existant code, or code from an out of date version, or that the report ultimately makes sense.

    Perhaps a solution would be to have the bounty, BUT subtract off the payment for invalid bug reports (no, paying a deposit to report bugs or a fine expecting to be paid won't work. But getting nothing if you spray them with invalid bug reports and happen to get one valid one would stop this behavior in it's tracks I think.)

    1. joepie91

      Re: Misused tool

      The tool is misdesigned, not merely 'misused'. If LLM companies truly cared about building a responsible tool, it wouldn't have a conversational interface that does its damnedest best to make it feel like you're talking to a human. But it does, and that should tell you a lot about what these tools are really meant to be used for; and it isn't anything responsible.

  9. Anonymous Coward
    Anonymous Coward

    POC

    Make any AI “researchers “ submit a working proof of concept exploit that demonstrates the bug.

    That should weed out all the slop and grifters.

    1. Anonymous Coward
      Anonymous Coward

      Re: POC

      The problem is, they can do - at least, they can provide something that *looks* like a PoC, complete with code and shell script to run it.

      Then the triage team wastes time building it, checking the script to see it it is going to try the old "rm -r /"...

      Same result, maintainer's time wasted, maybe even worse because it looked sort of more convincing so they dutifully persisted with the compile errors "because the environments were not identical"...

      1. Anonymous Coward
        Anonymous Coward

        Re: POC

        and the bar increases.

        - a Dockerfile

        - that can be built with "docker build ."

        - that demonstrates the problem when you execute it

        This isn't a complete solution, but ? A start? what are the drawbacks?

        Some will claim it only happens on third party services that they can't docker-ize, but for things like an HTTP/3 vulnerability in a CLI app, it seems reasonable that it can be dockerized. Reporters will complain about the extra effort, but honestly unless they're including a potential patch they're shifting work - and validation work. [Valid] Security reports will be fewer, but that's the trade-off . . .

        Maybe this will result in 100x LD_PRELOAD=... causing memory errors, "See look, it's a memory corruption bug that crashes the program!"

        1. Ken Hagan Gold badge

          Re: POC

          If you raise the bar that high then I, for one, will not report bugs that I find. I'm a developer, so at least I could, but if you want that much of my time then you need to pay me.

          You may be happy with that, but if so then why do you have a public bug tracker?

          1. Anonymous Coward
            Anonymous Coward

            Re: POC

            Agreed, it is a burden.

            (Just a note: I don't have a public bug tracker. I'm not a curl dev, and *way* too many real bugs in the projects that I make for myself!)

            Considering the public bug tracker, should they make it not public? Stop accepting bugs from the public? Or, close it and switch to mailing list reports only? In the case of spam bug reports coming to the mailing list, should they move the mailing list private as well?

            It seems like the maintainer(s) are taking that the stance that Not Nothing will be done, so something is going to change. But: what's an appropriate bar to set to exclude bogus, grammar-correct, casual-glance logically correct submissions?

            Requiring a dockerfile with bug reports would result in fewer legitimate bug reports. Perhaps those devs would find a way to work-around the problem, maybe raise it on a bunch of forums, until word-of-mouth gets back to a dev and it gets fixed. Probably, `curl` in particular is too ubiquitous and necessary for it to actually go away as a project, so from here . . . what are the options? What other options can others use, other than Microsoft's "Send us a video"?

  10. SonWon

    Why not charge a fee to submit a bug report? If the bug is valid then payback the fee plus a reward. The reward could be based on the severity of the bug. If the bug is not valid then the fee is forfeit.

    1. Anonymous Coward
      Anonymous Coward

      You wont get *any* bug reports.

      1. rgjnk Bronze badge

        You charge a nominal amount for a bug report that comes via the mechanism that offers a reward, if it comes altruistically via a route that offers no reward then no charge applies.

        It's a quick & easy filter for the bottom feeders chasing the money not a bug fix.

  11. Anonymous Coward
    Anonymous Coward

    Downside

    I recently had a bug with a piece of software or module, can't remember which. I went onto the bug report website to be faced with a zillion (ok exaggeration) questions, most of which were irrelevant to the issue. They wanted endless logs etc. It was a simple issue, a 3rd party library dependency warning. It worked, just kept complaining I didn't have an old enough library. I wanted to say hey are you aware but gave up. Ironically the software I was installing was part of an AI setup.

    Offering rewards for bug reports is probably going to cause problems with AI, maybe give people the option of requiring lots of logs, video etc if after a prize. If just being a good citizen a box to tick so it's more freeform. It can be as useful to have a thousand simple reports as one detailed. At least you know there is a real issue affecting lots of people to focus on.

  12. Mishak Silver badge

    AI "Facts"

    I "love" the way you can get an AI to change its opinion.

    For example, I recently asked a well-know one to give me an example for MISRA C Rule 15.2. It replied that the rule stated "An unconditional break or continue shall not be used."

    Wrong! When I told it so, it "changed its mind" and declared that it meant to say "The goto statement shall jump to a label declared later in the same function", which is correct. However, it then proceeded to give non-compliant and compliant examples that were exactly the same.

    And people actually let these things write code or find vulnerabilities?

  13. Microbe

    AI Generated Work For Humans

    Looks like the idea AI would do away with human labour was wrong. :-)

  14. Don Jefe

    Using AI to report bugs in software, including AI, only to have it waste everyone’s time is the most effective use of AI I have seen so far. They should probably build another data center with its own nuclear power station to support this endeavor.

  15. regadpellagru

    biggest gripe on AI

    is this:

    "AI reports look legitimate at first, but take time to reveal issues like hallucinations."

    It indeed looks legit. until you realize it's BS, and will have wasted your time.

    Anyone who is sending me something, those days, which is AI generated without telling me has their reputation score down to literally 0 for me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like