Another example is Old School Runescape, who reverted back to an earlier save and has now diverged as an entirely separate game running with older systems as they lost a ton of players with their "Evolution of Combat" update. While nostalgia is definitely a powerful tool, I agree with the previous commenter that the original WoW was a very different game than the modern version and it seems like that is one of the core aspects of what people desired.

This comes entirely down to the scope of the agreement for the assessment. Some teams are looking for you to identify and exploit vulns in order to demonstrate the potential impact that those vulnerabilities could have.

This is oftentimes political. The CISO wants additional budget for secure coding training and to hire more security engineers, let the pentesting firm demonstrate a massive compromise and watch the dollars roll in.

A lot of time, especially in smaller companies, it's the opposite. No one is responsible for security and customers demand some kind of audit. "Don't touch anything we don't authorize and don't do anything that might impact our systems without explicit permissions."

Wiz is a very prominent cloud security company who probably has incredibly lucrative contracts with AWS already, and their specialty, as I understand it, is identifying full "kill chains" in cloud environments. From access issues all the way to compromise of sensitive assets.

I'm sure you are correct about being able to do some clever prompting or tricks to get it to print inappropriate stickers, but I believe in this case it may be OK.

If you consider a threat model where the threat is printing inappropriate stickers, who are the threat actors? Children who are attempting to circumvent the controls and print inappropriate stickers? If they already know about topics that they shouldn't be printing and are trying to get it to print, I think they probably don't truly _Need_ the guardrails at that point.

In the same way many small businesses don't (most likely can't even afford to) opt to put security controls in place that are only relevant to blocking nation state attackers, this device really only needs enough controls in place to prevent a child from accidentally getting an inappropriate output.

It's just a toy for kids to print stickers with, and as soon as the user is old enough to know or want to see more adult content they can just go get it on a computer.

It sounds like that's a possibility, but why on earth would you take the time to setup a 3 node cluster of object storage for reliability and ignore one of the key tenants of what makes it reliable?

"If you select those people, what’s to keep them from creating a system that gives them ever more amounts of money, to the detriment of their constituents?"

That is literally the system that exists today, except instead of in the open (e.g. salary) it's through stocks with insider information and who knows how else.

The point isn't to optimize for people who are most incentivized through money, the point is to make the position more accessible for anyone who actually wants to do the "service" part, and to minimize the reasons that it's hard. As the previous commenter pointed out, right now independently wealthy people are some of the only ones who are actually capable of running, and someone who isn't independently wealthy who wins is even more susceptible to bribes because they may be in a tenuous financial position.

I would agree with you that we want individuals who's goal is to do "service" for their society, but our current system obviously isn't working and there are a lot of solid reasons why something like this _could_ improve the situation, what alternatives would you recommend?