[fvv]

Just because it's not important to pay attention to CVEs, why not waste the readers' time by creating "fictional" CVEs without a disclaimer in the first line? Just because it's not already difficult to scrape through the information and noise on this internet... especially if it appears on the front page of hackernews

[jmusall]

Could one mistake this

> Status: Resolved (accidentally)

> Severity: Critical → Catastrophic → Somehow Fine

for a real CVE report?

[User-MBAB]

Have you not read CVEs as of late? As a precondition for getting their funding back, all the doge boys get to write the CVEs for their own orgs. Insane parentheticals about trans people is the norm now.

[red-iron-pine]

next level NIST enrichment in action

[dasyatidprime]

The tag list at the top of the page includes “satire”.

[isityettime]

I saw a comment very similar to this on a blog post testing the Copy Fail exploit, where someone was complaining that without a tl;dr at the top, it took too much effort for them to find out whether the blog post documented a new exploit. In fact, reading less than a paragraph already showed that couldn't be the case; the table of contents is enough.

If a glance at the CVE number that isn't a number doesn't do it, a minute or less of skimming this article likewise reveals it to be satire on a blog that's actually pretty thoughtful when it comes to supply chain attacks.

Idk how else to characterize this except as a literacy problem. Learn to skim. It should be unacceptable to characterize a few minutes of reading as unbearable toil. If your time is really so precious that (although you can surf Hacker News) you can't spare 1-3 minutes to read, surely you have someone else to whom to delegate the responsibility of watching for supply chain attacks.

Why am I seeing this crop up over and over?