It's a really nice and wholesome use of HackerOne. Nice that they acknowledged and awarded as opposed to some companies that try their best to push a security disclosure out of scope and not pay out a bounty [0] [1]
The original post, analysis and the actual fix of this bug is beyond impressive. Strangely, Rockstar awarding $10k for that is like someone searching for lost treasure, identifies historical references which leads to finding a ton of it and somehow leaves with 1/8th of it, even though they did 98% of all the work.
For that detailed effort, analysis and with a fix, I'd say that is worth around $80k. At least Rockstar was generous enough to award them in the first place; so I'll give them that.
> For that detailed effort, analysis and with a fix, I'd say that is worth around $80k.
No good deed goes unpunished. Rockstar went out of their way to thank this person and send them a check equivalent to several weeks of median developer salary. Can we not shame them for this goodwill gesture?
$80K would be on the order of half of the annual salary of most developers outside of SFBA.
I think this is a great example of a fallacy that's pretty popular on HN: That work should be rewarded based on "value created" rather than effort.
I don't think this line of thinking is helpful. Should Amazon increase the price of their VMs if you made more money with them? Should a doctor charge a lawyer a higher price for a flu shot because their time is worth more?
Of course not. Because in all these cases, the clients would just go buy someone else's service.
Of course it is helpful to consider the value of the work you produce, and you can use that in negotiations. But you are not entitled to a higher rate just because your client is big or successful.
If the developer had offered a two day consultation for $80.000 to Rockstar they would most likely have declined and said, sorry, for that money we can hire someone else to do a lot more performance improvements.
If you want to get paid based on value created, you need to negotiate. But you don't have a moral right to get more money for the same effort just because your client is rich.
>For that detailed effort, analysis and with a fix, I'd say that is worth around $80k.
Do you think the fix is actually worth 80k in terms of additional revenue for Rockstar? I wouldn't be so sure. If not though then no it's not worth $80k.
"I'm a developer and I'm paid a lot to do my job, therefore everything I do must be very valuable" is not the right line of reasoning to use here.
This reminds me of my 13 year old sibling yelling at our mother when we were teenagers for not buying them the exact item they wanted, but something pretty close. Disappointing.
One should not hold people responsible for acting "non-perfectly". Any behavior exceeding "average" should be met with admiration and gratitude, average behavior with "respect and appreciation", and anything somewhat sub-average with "mild disappointment but no surprise and some understanding".
Having a company spend money they are technically obligated to allocate to share holders, to a developer who, without any pre-existing contract or even verbal or commonlaw understanding, helped them, is way beyond "average response" for modern businesses.
Please, don't hate on the vanishingly small number of counter-examples blazing a trail in this space.
He got paid a good month salary for spending a bit of time fixing an issue (which is tricky but not extreme if you know re). I feel like people having strong opinions that's not enough should just open a GFM campaign to give him more and add their own money. It easier to say how others should spend.
The only reason he got paid at all IMO was the widespread exposure the original article got. When you find something this significant you’re almost obligated to do a song and dance and tell the world about it, so you can get the attention you need and be paid.
Frankly for an introvert with no public online presence or audience that’s just not very appealing. There’s easier ways for software developers to make $10k: just wait for two paychecks.
I think the author was motivated by intellectual curiosity rather than money. Thankfully he was enthusiastic enough about it to share it with the rest of us.
dang|5 years ago
How I cut GTA Online loading times by 70% - https://news.ycombinator.com/item?id=26296339 - Feb 2021 (697 comments)
anonytrary|5 years ago
sdfhbdf|5 years ago
[0]: https://news.ycombinator.com/item?id=9278832
[1]: https://news.ycombinator.com/item?id=16000550
sundvor|5 years ago
tinus_hn|5 years ago
user32456|5 years ago
dmix|5 years ago
Still I’d give him more for the significance and PR. But these things tend to be fixed rather than subjective for a reason.
https://github.com/tostercx
nootropicat|5 years ago
that's insulting tbh
Quillbert182|5 years ago
rvz|5 years ago
The original post, analysis and the actual fix of this bug is beyond impressive. Strangely, Rockstar awarding $10k for that is like someone searching for lost treasure, identifies historical references which leads to finding a ton of it and somehow leaves with 1/8th of it, even though they did 98% of all the work.
For that detailed effort, analysis and with a fix, I'd say that is worth around $80k. At least Rockstar was generous enough to award them in the first place; so I'll give them that.
PragmaticPulp|5 years ago
No good deed goes unpunished. Rockstar went out of their way to thank this person and send them a check equivalent to several weeks of median developer salary. Can we not shame them for this goodwill gesture?
$80K would be on the order of half of the annual salary of most developers outside of SFBA.
yarcob|5 years ago
I don't think this line of thinking is helpful. Should Amazon increase the price of their VMs if you made more money with them? Should a doctor charge a lawyer a higher price for a flu shot because their time is worth more?
Of course not. Because in all these cases, the clients would just go buy someone else's service.
Of course it is helpful to consider the value of the work you produce, and you can use that in negotiations. But you are not entitled to a higher rate just because your client is big or successful.
If the developer had offered a two day consultation for $80.000 to Rockstar they would most likely have declined and said, sorry, for that money we can hire someone else to do a lot more performance improvements.
If you want to get paid based on value created, you need to negotiate. But you don't have a moral right to get more money for the same effort just because your client is rich.
yanderekko|5 years ago
Do you think the fix is actually worth 80k in terms of additional revenue for Rockstar? I wouldn't be so sure. If not though then no it's not worth $80k.
"I'm a developer and I'm paid a lot to do my job, therefore everything I do must be very valuable" is not the right line of reasoning to use here.
gustavpaul|5 years ago
One should not hold people responsible for acting "non-perfectly". Any behavior exceeding "average" should be met with admiration and gratitude, average behavior with "respect and appreciation", and anything somewhat sub-average with "mild disappointment but no surprise and some understanding".
Having a company spend money they are technically obligated to allocate to share holders, to a developer who, without any pre-existing contract or even verbal or commonlaw understanding, helped them, is way beyond "average response" for modern businesses.
Please, don't hate on the vanishingly small number of counter-examples blazing a trail in this space.
Havoc|5 years ago
viraptor|5 years ago
hypertele-Xii|5 years ago
You are forgetting the game which Rockstar made. A loading times fix is not 98% of the final product.
httpsterio|5 years ago
unknown|5 years ago
[deleted]
f430|5 years ago
xwdv|5 years ago
Frankly for an introvert with no public online presence or audience that’s just not very appealing. There’s easier ways for software developers to make $10k: just wait for two paychecks.
jgwil2|5 years ago