[Gys]

> I asked ASUS if they offered bug bounties. They responded saying they do not, but they would instead put my name in their “hall of fame”. This is understandable since ASUS is just a small startup and likely does not have the capital to pay a bounty.

:(

[eterm]

It's understandable for such small companies, like Cisco, that does the same for the myriad of online offerings they've acquired over the years.

Cisco have gone even further, by forgetting about their security announcements page, so any recognition is now long lost into the void.

[ang_cire]

Cisco pays bounties, tho?

https://sec.cloudapps.cisco.com/security/center/resources/ci...

[eterm]

When I reported something, and this was probably around 8 years ago, they only had bounties for their equipment, not for "online properties".

I reported a vulnerability in some HR software they owned, but alas I can't even find where it used to live on the internet now.

[ang_cire]

The 2 that are live there definitely cover software (one doesn't deal in hardware at all).

[Xelbair]

no bug bounty, onto black market of exploit it goes.

that or full public disclosure.

[LadyCailin]

I wonder how worried they would get if more people actually started selling exploits on the black market, instead of reporting and not getting a bug bounty. If you don’t offer a bug bounty program in the first place, my gut feeling is that they probably wouldn’t care in that case either. Either way, this is a super good reason to not do business with such a company.

[NooneAtAll3]

I wonder if centralized "sell program vulnerabilities here" government shops can be set up

While intelligence agencies are an obvious benefitiary, this would also give leverage of government over capital

[Xelbair]

if the fire it lit under them, after their software leads to widespread hack - they will care.

that's the point - to put pressure on them to CARE.

[hypercube33]

Maybe something for gamers Nexus to light a fire

[throaway920181]

This makes me never want to buy another ASUS product again.

[pohuing]

For me it's them lying about providing a way to unlock the bootloader of my soon to be 1000€ paperweight(2 android updates only) called an Asus zenfone 10.

[jeroenhd]

If they actually lied about it, that kind of money could be worth it to take them to (whatever your local equivalent of) small claims court over.

[pohuing]

I'm in Germany which makes it a bit harder. Someone in the UK went through the trouble and all they got was an offer for a refund or an insanely outpriced option to downgrade the os iirc.

About the lie, they've repeated multiple times this would be an option a year ago...

See https://www.reddit.com/r/zenfone/comments/1ccy11g/asus_is_wo...

[FirmwareBurner]

Out of curiosity, what got you to spend 1000 Euros on a Zenphone 10 phone when Samsung S23 was net superior and cheaper and provides like 5 years of updates? It's not like previous phones from Asus had a better track record. I kept waring people to stay away form the Zenphone yet the online community kept overhyping it for some reason as the second coming of Christ or something.

[campl3r]

Zenfone is smaller and has a headphone jack. It's the superior phone

[FirmwareBurner]

It is virtually the same size[1] as the era equivalent S23.

I don't think a headphone jack which you can get via a super cheap USB-C adaptor, makes the justification for a 1000 Euro paperweight.

[1] https://www.gsmarena.com/size-compare-3d.php3?idPhone1=12380...

[dvratil]

The problem I found about the adaptors is that you can't charge your phone and listen to music at the same time.

I have an older car with an old stereo where the only external input is via jack. Worked perfectly fine with my old phone. When I got a new Samsung, I went through the hassle of trying several "combined usb-c charger and audio jack adaptor" only to eventually find out they can only work in on mode or the other, not both at the same time. I ended up throwing away my old phone holder and spending even more money on one with built-in wireless charging so I could both listen to a damn music and charge my phone at the same time while driving.

[lucb1e]

I bought several of those adapters. The issues are these:

0. They don't work on all models. Not product lines, e.g. not "all Pixel phones" or so, no, reviews mention "works with Pixel 3 but not Pixel 3a". You need to either waste a bunch of resources sending various ones back and forth, or scour listings until you find one where a review mentioned it works with the model you have. It turns out that all the ones I ordered work on the two USB-C phones I have by now (one from work, one privately) but...

1. The quality of the mic conversion is so bad that people cannot understand what I'm saying. It's described as though I'm speaking while holding the phone under water. Plugging the headphones into my work laptop makes it clear that the mic itself is not the problem, nor the meeting software or my WiFi or anything

2. Loose contacts in most of the converters, if not from the start then after a handful of uses. The headphone cable itself somehow doesn't have that problem, so I don't think that's a me problem (many reviews also mentioned it)

3. You can't charge at the same time. I've tried wireless charging but that makes the device overheat. There are adapter models that will let you also plug in a power cable, but I didn't buy one for some reason. Probably all of them had bad reviews about all of the aforementioned problems and I didn't find a single one that sounded like it was worth a try

4. You need to plug it in at the right time. One of the converters needed to be plugged in before joining the meeting. Another one after. The OS or meeting software (not sure) wouldn't route the audio correctly otherwise

And cheap phones manage to include headphone jacks somehow. It's just a status symbol when manufacturers exclude it from more expensive models, it doesn't seem to serve any purpose as the Zenphone 10 shows by having it and also being great on all other fronts -- except one.

> a 1000 Euro paperweight

It's actually 700€.

It does everything I want. After searching a few days for what models are small, have a headphone jack, and are capable of running Android 14 or so, I was so happy to find that the Zenphone 10 checked all boxes. Then I found out why it didn't initially show up: Asus was the manufacturer that I had previously excluded because you can't root the device. It's not your device: the manufacturer maintains control over what you can and cannot do with it. You can't make full-system backups, for example, because access to your apps' data folders isn't part of what they allow you. The device was easily worth the 700€ because it sounded like I could finally stop wasting my time on choosing which compromise I wanted to make (huge size, no jack, or old chipset were the main options). Finding out there was a dealbreaker after all felt like an ice bath. I just won't buy something where I can't access my own data and make a fricking backup

[pohuing]

What cempler said. I tried the dongle approach when the jack in my pixel 4a was failing but found I didn't like it. Having the cable go out the bottom in the center is a terrible place for me, as I rest my phone on my outstretched pinky. The zenfone ticked all boxes on paper and in reviews. Great chipset, solid build, a form factor fitting my tiny hands(though in retrospect it's so heavy that my pinky hurts after a couple hours of reading). And a headphone jack which I use to plug my phone in my stereo and my Sennheiser headphones. Really the jack is the primary reason I got this phone. Coupled by the fact that until now all zenfones had a hassle boot loader unlock and a decent rom community it really was the best choice on paper. God damn it Asus, I wasn't aware they're that dodgy :/

[nubinetwork]

> Asus is just a small startup

I'm not sure where they got that from, Asus have been making motherboards and other pc parts since at least the 90s...

[int_19h]

The words "small startup" in the TFA are a link to https://companiesmarketcap.com/asus/marketcap/

[rendaw]

It's sarcasm

[tankenmate]

It's Poe's Law in action