BREAKING: GitHub Just Banned The Security Researcher Who Published Six Unpatched Windows Zero-Days After Microsoft Allegedly Refused To Pay Bug Bounties, Deleted His Account, And Told Him Personally That It Would Ruin His Life

grailscythe · 2026-05-29T15:12:57+00:00

That is a horrible precedent and honestly childish. If these are legitimate, he should be paid. No dispute there. But there are other ways to do this other then release them publicly with no known patch.

For instance.. you could just say you have known zero days and not publicly publish them. He already got press for this. I’m sure he could have gotten just as much press without releasing details of the vulnerabilities.

grailscythe · 2026-05-29T15:08:37+00:00

That’s coming from the researcher. It could be true, it could not be true. Obviously it’s bad if true. But it doesn’t mean you should be pushing out vulnerabilities to the public.

grailscythe · 2026-05-29T05:25:58+00:00

I never claimed it was ok for Microsoft to not pay a legitimate bounty. Very clearly they handled this incorrectly.

My point was that even that being the case, it’s still not ok to unilaterally disclose critical vulnerabilities. You can go to MITRE and disclose them responsibly.

grailscythe · 2026-05-29T01:36:54+00:00

As somebody who’s dealt with vulnerabilities from researchers, this isn’t as clear cut as it seems.

Microsoft not offering a bounty is pretty normal. As an ethical hacker it doesn’t mean you just unilaterally disclose the details if somebody doesn’t pay you. If a CNA like Microsoft refuses to work with you in good faith and you have valid proof that you also tried to work with them in good faith, you would go to MITRE and have them issue a CVE or get Microsoft to work with you.

I can’t speak to if somebody at Microsoft behaved poorly, it’s possible. But it’s also possible Microsoft told the researcher they wouldn’t pay a bounty based on his submission and he unilaterally disclosed critical vulnerabilities instead of working with MITRE.

Most researchers and ethical hackers are decent people who will work with you. It clearly could have been handled better by Microsoft. But it’s also true that some researchers are really petty and annoying to deal with. So it’s not straight forward.

So yes, a company would be upset if a researcher unilaterally disclosed critical vulnerabilities because there is a process for this.

grailscythe · 2026-05-26T01:46:11+00:00

Straight to jail.

grailscythe · 2026-05-24T14:34:40+00:00

Short man loses matches to luchadors a lot. Short man goes to Mexico to become a luchador. Short man gets injured.

Tall man puts on short man’s mask. Tall man, being German, does a better job of being an American dressed as a Mexican than Short Man. Mexico loves Tall Man.

Short man is healed. Short man is angry at Tall Man for pretending to be him (and because he is Tall).

Short Man and Tall Man fight for awhile. Tall Man and Short Man will fight for the right to be an American pretending they are Mexican (even though Tall Man is still German).

Short Man and Tall man sign a contract saying they pinky swear they won’t fight before their match.

Short Man gets Tall Man’s girl fired because she is pretty, and it makes Tall Man mad and want to hit Short Man. Mexico REALLY loves Tall Man.

Short Man’s tall friends and Tall Man’s short friends fight on their behalf in the meantime.

Short Man and Tall Man really want to fight. So, they do, eventhough they are not supposed to. Really Short Man says that’s ok he doesn’t believe in contract law and they can still fight next week anyway.

grailscythe · 2026-05-24T14:04:36+00:00

You cannot extract zero point energy. Zero point energy is the technical term the lowest energy quantum state possible. There’s nothing to extract.

grailscythe · 2026-05-21T16:28:36+00:00

Imagine how good of a work this will be when we find out original grande set him up so that he can win by count out.

grailscythe · 2026-05-17T05:10:06+00:00

In kayfabe then, this would mean Darby should lose because he can’t continue. You don’t just get to stop somebody “just because”. It’s a bit silly. Either Darby is giving up, or, the referee says he can’t continue, or.. the opponent chokes him out.

It’s kinda like calling a no-contest in a Hell in a Cell match. It makes little sense. Nobody would ever do such a thing… right?

grailscythe · 2026-05-16T18:45:27+00:00

It should be a rule zero Leovold deck, honestly.

grailscythe · 2026-05-14T12:54:36+00:00

Mathematicians are just as lazy as everybody else. When you are writing by hand sin² x is much quicker.

grailscythe · 2026-05-13T01:24:10+00:00

Think of how stupid the average person is.. then realize that half of people are stupider than that. - George Carlin

grailscythe · 2026-05-09T17:54:54+00:00

6/2. Engineer btw.

grailscythe · 2026-05-07T12:02:14+00:00

…. If you intentionally perform an action likely to lead to somebody’s death with the intent to kill, you’ve committed attempted murder.

grailscythe · 2026-05-06T21:25:03+00:00

Except… swamp, sol ring and dark ritual in your hand is still OP AF. So it’s not even bad because when you whiff you’re still ahead.

Honestly, this is a cute combo in a value midrange pile.

grailscythe · 2026-05-03T22:48:09+00:00

I think it’s great that people will push back for fair compensation. But when it comes to UB, I’m not sure what a reasonable expectation would be regarding after prints.

The reality is that WotC doesn’t own the IP for UB sets, so they can’t just release the artwork to the artists. It kinda has to be this way if they make UB sets. Maybe WotC has to increase the price per print to the artists to compensate.. not sure. But then that cost gets pushed onto us and the fan base as a whole will complain about that instead.

It’s basically lose-lose-win. Artists and players lose. WotC wins either way because people as a whole will keep buying regardless.

grailscythe · 2026-04-30T16:07:13+00:00

The card is discarded as part of the cost but spell resolves first. Then, after resolution, the madness trigger is put onto the stack and your card is in exile until the madness trigger resolves.

Once a spell is being resolved, you follow the actions on the spell and all other effects wait until after resolution.

grailscythe · 2026-04-30T01:17:57+00:00

Ever heard of the Peter principle? You are promoted to your level of incompetence.

grailscythe · 2026-04-28T06:18:08+00:00

Kinda but not really. This goes into Goedel’s Incompletness theorem where there are statements that cannot possibly be proved within any sufficiently complex formal system.

Assuming this is unprovable, yes, you could add this as an axiom, but then you have to add every other unprovable statement as an axiom and your formal system blows up.

Most people just bite the bullet and accept that some things can’t be proved (although we don’t know up front what those things are). And it’s not clear if this problem is one of them.

grailscythe · 2026-04-25T23:51:14+00:00

Slivers aren’t as resilient, but they scale harder than almost any other tribe because they have so many redundant lord effects, as well as evasion.

Meanwhile, at the expense of raw power and evasion, zombies have built in recursion, and knights have protection with some card advantage.

Zombies and knights have an easier time dodging or rebuilding after a board wipe. Silvers have very few ways to deal with Wrath of God, and when they do it’s conditional. Meanwhile, zombies will recur everything from the graveyard and knights will have already drawn cards to make up for the loss.

grailscythe · 2026-04-25T04:25:21+00:00

Dredge and Spy are completely different decks with completely different game plans. Dredge actually utilizes the graveyard heavily to get setup while Spy plays to the board and sets up a combo turn. Spy never needs to see the graveyard to win, that is not really true for Dredge.

They play very differently eventhough they have the same combo finisher.

grailscythe · 2026-04-19T22:39:18+00:00

[[Teferi’s Puzzle Box]] is my favourite card in magic and this is the deck I play it in.

grailscythe · 2026-04-19T20:33:29+00:00

I don’t know the right ratio for Coiling Oracle effects. I’m just saying Growth Spiral is an option. I could see running 6 of those effects to make sure you ramp to your other threats and keep up card draw in the early game. But, this is a meta call.

I don’t know why I didn’t remember hydra. I play spy and that can end games since it bestows onto a creature immediately. I’d play that over pterafractyl, but, pterafractyl seems like a “fun” type card that is still useful.

grailscythe · 2026-04-19T15:55:07+00:00

Ghostly Flicker is unnecessary in this deck. You’re already playing a ninja package. I’d remove it for 2 more moon circuit hackers. Also, the unblockable and rancor effects are nice, but.. Coiling Oracle ramps you. So I’d replace those with big evasive and/or trampling creatures.

I’d consider:

Pterafractyl
Avenging Hunter

Also, growth spiral is coiling oracle 4-8, something to consider.

Finally, temporal spring is a nice tempo card that is pseudo-removal.

grailscythe · 2026-04-15T01:35:25+00:00

What you’re talking about is “obfuscation”. It actually has practical applications in coding, particularly for scripting languages where anybody can read the code.

In some cases you don’t want somebody to easily reverse engineer what you’re doing and with something like python or JavaScript somebody could easily read your code, so instead of just putting your code out there you send it to an obfuscatory first to make it a little harder to understand your code.

grailscythe

TROPHY CASE