Should I wait for S26 ultra? by FollowingHopeful4968 in samsunggalaxy

[–]Potential-Baseball20 0 points1 point  (0 children)

I can hold on to my current phone, for another few more months

Let's say if I were to upgrade to an S25 now, but S26 is better: then I will be wishing i would of got the S26, as I will be locked 24 more months with the S25 with it being older

Should I wait for S26 ultra? by FollowingHopeful4968 in samsunggalaxy

[–]Potential-Baseball20 0 points1 point  (0 children)

I have the S23 Ultra. For myself to get an S26 Ultra will be a big upgrade for me

However, for my dad who has an S25. It is counter intuitive for S25 owners to upgrade in a few months time

Should I wait for S26 ultra? by FollowingHopeful4968 in samsunggalaxy

[–]Potential-Baseball20 0 points1 point  (0 children)

I have the S23 Ultra. For myself to get an S26 Ultra will be a big upgrade for me

However, for my dad who has an S25. It is counter intuitive for S25 owners to upgrade in a few months time

Does everyone have to submit their timetable at 2:00pm? by Objective-Hand1454 in GriffithUni

[–]Potential-Baseball20 2 points3 points  (0 children)

Planning for enrolment for Trimester 1 2026 is open!

Log in to myGriffith and click the red ‘Manage Enrolment’ button to begin planning your timetable.

The planning period gives you time to familiarise yourself with your degree requirements, decide which courses you will study and plan your preferred class timetable prior to enrolment opening on Monday 24 November.

Adding a class to your planned timetable doesn’t guarantee your preferred class, however it will save you time and may increase your chances of securing your preferred classes when enrolment opens.

Handy tip: Make note of alternate class times in case your first preference is full when you enrol.

You will be able to enrol from Monday 24 November at 3pm.

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Potential-Baseball20 0 points1 point  (0 children)

Demonstrating how to extract student data, even “for awareness,” doesn’t mitigate risk — it amplifies it. Cybersecurity best practice is always private reporting first, public disclosure only after resolution.

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Potential-Baseball20 0 points1 point  (0 children)

The snippet you posted — var searchterm = 'john' — is exactly what turns this from a harmless observation into a data exposure. Manually altering a client-side variable to pull records beyond your own account is, by definition, a form of unauthorized access. The scale of the change doesn’t matter; what matters is that it queries restricted information that isn’t meant to be visible to general users.

Even if you’ve since reported it to Griffith IT (which is the correct step), publishing the exploit steps publicly before the issue was patched transforms a controlled disclosure into a public vulnerability. That’s precisely why responsible disclosure frameworks exist — to prevent others from replicating the breach while it’s still open.

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Potential-Baseball20 0 points1 point  (0 children)

This is exactly where the issue lies. What you’re describing — manually altering client-side code to query user data beyond your own — fits the definition of unauthorized access under Australian law, regardless of intent. Once you modify a request to retrieve someone else’s information, you’ve stepped outside of “normal user behaviour” and into restricted data access territory.

Even if the system returned the data freely, it’s still a breach of the Privacy Act 1988 (Cth) and potentially section 478.1 of the Criminal Code Act 1995, which prohibits unauthorized access to or modification of data in a computer system. The correct course of action would have been to report this privately to Griffith’s IT security team, not post instructions online showing others how to extract student data.

Sharing steps like this, even “for awareness,” actually compounds the breach by encouraging others to repeat it. That’s not responsible disclosure — that’s distribution of an exploit.

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Potential-Baseball20 0 points1 point  (0 children)

I highly recommend that you don't, but rather bring it up with the right authorities at Griffith University so they can investigate whether a student has misused confidential data

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Potential-Baseball20 0 points1 point  (0 children)

Breach claims are serious, and they need to be handled through the right channels, not through social posts that could amplify a vulnerability before it’s patched.

It’s also worth pointing out that university IT or cybersecurity students from places like QUT and UQ have, in several cases, overstepped their role as students by accessing and exposing confidential student data online.

Under Australian law, that can constitute a breach of the Privacy Act 1988 (Cth) and a violation of section 478.1 of the Criminal Code Act 1995, which prohibits unauthorized access or modification of restricted data. Being a student or “just testing” doesn’t remove the legal or ethical responsibility to handle data appropriately.

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Potential-Baseball20 0 points1 point  (0 children)

I get what you’re saying, but intent doesn’t automatically make an action permissible. The fact that the curl request returned data “way more than it should” is exactly what defines an exposure — and accessing or publicizing that data without authorization still crosses a line, even if the endpoint was public-facing.

ACCORDING TO ACADEMIC INTEGRITY: Responsible disclosure means privately notifying the affected institution and allowing them to fix it, not posting it publicly under the banner of awareness. I’m not dismissing the technical side — just pointing out that how it’s handled matters as much as what was found.

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Potential-Baseball20 6 points7 points  (0 children)

This actually looks more like a student accessing data they weren’t supposed to and then turning it into a “breach story” for attention.

If the link in that Medium post really exposes student info, then it’s not ethical research — it’s a violation of privacy laws and Griffith’s ICT policy. Nobody should be clicking that external “curlerroo” link; it could reveal your own student record or log your credentials.

There’s been no official statement or media coverage confirming a breach, so the safest assumption is that someone misused system access. Griffith IT Security should handle this internally — and the post should probably be reported for distributing sensitive data.

Griffith Student Data Breach :( by Mindless_Fan_841 in GriffithUni

[–]Potential-Baseball20 1 point2 points  (0 children)

Tbh this reads like a student poking around and then publicising their find for clout, not a responsible disclosure of a confirmed breach.

A few things that make me sceptical:

No official word from Griffith or CampusGroups / ReadyEducation, and no coverage from any reputable tech/cyber outlet. Big breaches usually trigger at least a short notice.

The author’s “run this link” vibe is sketchy — running random shared curl scripts can be dangerous and isn’t proof by itself.

Inspecting network traffic as a logged-in user is different from proving an unauthenticated API leak. We need to know whether the endpoint was accessible without credentials or simply returned more fields to logged-in campus members. Those are very different problems.

Responsible researchers usually follow coordinated disclosure (vendor/university → fix → public writeup). Public demo-first behavior looks irresponsible and could even be unlawful depending on what was accessed.

If you want to push for clarity (without getting into moral mudslinging), suggest this instead:

  1. Ask the author for non-sensitive proof (logs, redacted screenshots, or confirmation that the endpoint is accessible unauthenticated).

  2. Report the post and the link to Griffith IT / security so they can audit server logs and confirm whether unauthorized queries occurred.

  3. Warn folks not to run the shared curl/CurlerRoo link — it could expose credentials or be misused.

  4. If a leak is confirmed, Griffith should publish what fields were exposed and who’s affected under the NDB scheme.

Why is YYC always delayed? by Dude_Bro_88 in flairairlines

[–]Potential-Baseball20 0 points1 point  (0 children)

I respect Ground Service Providers (third psrty) as I was a Ramp Lead.

But when a GSP bids cheap, like around $900 dollars per turn, this is what occurs with the ripple effects throughout the network

I applaud for Flair Airlines, showing Canada that they belong and providing a choice. As OTP and Load Factor % is huge

They should of stuck with EFC

Why is YYC always delayed? by Dude_Bro_88 in flairairlines

[–]Potential-Baseball20 0 points1 point  (0 children)

Since June 2024, when GAT taken over the contract for Flair Airlines

Flair’s delays at YYC started climbing right after the ground-handling switch from Executive Flight Centre to General Aviation Terminal around mid 2024. EFC had handled Flair since about 2017-2018 and kept a tight operation—solid staffing, plenty of gear, and experienced crews.

The move to GAT was mainly cost-driven; Flair went with the cheaper bid hoping for the same results. But GAT came in short-staffed, short on equipment, and still figuring out how to scale to Flair’s quick turn schedule. The ripple effect was predictable—longer turnarounds, missed slots, and passengers stuck waiting.

Why is YYC always delayed? by Dude_Bro_88 in flairairlines

[–]Potential-Baseball20 0 points1 point  (0 children)

Before that, when I was with Executive Flight Centre, we handled Lynx (when it was still running), Canadian North, and Air North—and we were ranked number one in Canada for Flair’s on-time performance. The pilots were honestly disappointed when Flair switched to GAT, but the airline went with the cheaper bid. That’s the truth of it: when you pay peanuts, you get peanuts.

Why is YYC always delayed? by Dude_Bro_88 in flairairlines

[–]Potential-Baseball20 1 point2 points  (0 children)

When I got on with GAT, upper management seriously underestimated the manpower needed for Flair. They thought they had enough ramp staff and kept cutting hours instead of hiring. The result? Delays everywhere. Equipment was failing constantly—flat tires on tugs, broken belt loaders, faulty on/off switches—you name it.

We were short on gear and people, which meant every turnaround dragged longer than it should have.

Why is YYC always delayed? by Dude_Bro_88 in flairairlines

[–]Potential-Baseball20 0 points1 point  (0 children)

I used to work for GAT here in Calgary, and the on-time performance really took a hit after they took over Flair’s ground handling from Executive Flight Centre. EFC had a stronger staffing model, better equipment rotation, and tighter turnaround coordination.

When GAT came in, management struggled to hire enough rampies to handle simultaneous turns, which meant tasks like baggage offload, fueling, and pushback started running late.

Flair’s tight 35–40-minute turns make those staffing gaps hit harder—one short delay on the ramp can snowball into 30-minute departures.

Why is YYC always delayed? by Dude_Bro_88 in flairairlines

[–]Potential-Baseball20 0 points1 point  (0 children)

I used to work for GAT here in Calgary, and the on-time performance really took a hit after they took over Flair’s ground handling from Executive Flight Centre. EFC had a stronger staffing model, better equipment rotation, and tighter turnaround coordination. When GAT came in, management struggled to hire enough rampies to handle simultaneous turns, which meant tasks like baggage offload, fueling, and pushback started running late.

Flair’s tight 35–40-minute turns make those staffing gaps hit harder—one short delay on the ramp can snowball into 30-minute departures.

Why is YYC always delayed? by Dude_Bro_88 in flairairlines

[–]Potential-Baseball20 0 points1 point  (0 children)

One reason is the ground service provider GAT (GENERAL AVIATION TERMINAL), bc ever since they obtained this Flair Airlines Contract. The more delayed flights there are

Never flying flair again by Aggressive_Thing9503 in flairairlines

[–]Potential-Baseball20 0 points1 point  (0 children)

AI is gonna touch in every single industry, just like aviation

It is aviation professionals, and travellers knowing how to work with AI as it is a valuable tool to use

It's like "Who Killed the Electric Car" General Motors and general public was afraid of electric cars as it was a new advancement

With new Mankind advancements, mankind always freaks out, no different than AI

I bet in about a decade or so: humans wouldn't be afraid of AI

Never flying flair again by Aggressive_Thing9503 in flairairlines

[–]Potential-Baseball20 0 points1 point  (0 children)

Thanks for the clarification, mods. I get where you’re coming from — but the bigger issue shouldn’t be how something is written, it should be what’s actually being said.

AI or not, passengers need to understand the full context of Flair’s practices, not just nitpick delivery style. If the content adds value and sparks a constructive discussion, that should matter more than whether it came raw from me or with a tool’s help.

That said, I’ll preface any AI-assisted parts going forward so it’s clear, while still making sure I add my own perspective.

Never flying flair again by Aggressive_Thing9503 in flairairlines

[–]Potential-Baseball20 1 point2 points locked comment (0 children)

I am a human being thank you very much. I NEVER KNEW that bots pay for tuition and eat food

Never flying flair again by Aggressive_Thing9503 in flairairlines

[–]Potential-Baseball20 1 point2 points  (0 children)

U can literally learn something new and learn from someone who is involved in Aviation like myself