The guy running the twitter account is incompetent but the actual devs are a lot saner I think.

I agree it reflects poorly on them though

Drew should include himself on that list, he’s earned it.

Is it cheap? `chat-latest` on https://developers.openai.com/api/docs/pricing is showing $5/$30 input/output which is the same price as gpt-5.5

Anyone know if this is available in the Gemini CLI with a subscription (not api key)? Still seeing only Gemini 3 pro preview

Google is known for not giving you an option to give them your money for AI tools. Maybe they will fix this soon.

Is there a way to use Gemini CLI with a $20 plan, like it is with Anthropic or OpenAI CLI agents?

Yes I have the "Google AI Pro" plan from here https://gemini.google/subscriptions/ and you can login to the Gemini CLI with oauth

Is it AI generated though?

I've been doing some reverse engineering recently and have found Gemini 3 Pro to be the best model for that, surprisingly much better than Opus 4.5. Maybe it's time to give Codex a try

Curious what your workflow is for reverse engineering with LLMs? Do you run the LLM in an IDE?

Out of interest, how much does ZDI pay for a bug like this?

They probably don't accept something like this. Not that many Posthog self-hosted instances out there...

That's what I thought too, but the article says it was submitted to ZDI and they handled the communication with Posthog

All of these vulnerabilities accepted by ZDI.Feel free to search the following codes. ZDI-CAN-25351. ZDI-CAN-25352. ZDI-CAN-25350. ZDI-CAN-25358.

They do scan but they miss a lot. The frequency decreased after Github started scanning all repositories but I still report leaked secrets to bug bounty programs pretty often. Unfortunately Home Depot don't have a bug bounty program so I don't scan them.

No because it allows you to set the bozo bit on them and completely disregard anything they say in the future

You can find a dozen projects on Github that do this, it's not sensitive information that needs protecting