Ideally, you submit your own project as https://news.ycombinator.com/showhn.html

Yes, there are also many other lucrative illegal activities.

If you sell something to someone and they do computer crimes, you're going to have to prove that you couldn't've known that they're a computer crimer.

It's the same thing with selling general offensive security tools. You have to proactively make it clear that it's for testing and not criminal use. Otherwise, cops are going to assume you're complicit and make things shitty.

Isn't it also illegal to withhold knowledge of a vulnerability for payment? It sounds like it should fall under some variety of blackmail.

That would be even worse than our already bad system.

The system is already pretty bad because vendors underinvest in security, and then to fix it, researchers have to volunteer their time to investigate with no guarantee of payment. If the vendor could force researchers to hand over findings for free, nobody would want to do security research except hobbyists having fun. They're basically signing up for hours of tedious forced labor to explain vulnerabilities to the vendor.

I wish there was legislation that allowed the government to fine vendors for security vulnerabilities like this where the amount scales based on how much user data they leaked. And it could function like other whistleblower systems where a researcher who spots a leak can report it to the government and collect 50%. That way, if the vendor says, "We're not paying you," the researcher can turn around and collect the money from fines.

Vendors routinely get researchers arrested for breaking into their computers as well.

> The cleanest mitigation is to return results in a canonical order, such as lexicographic sorting.

And hope that the sorting time cannot be used as a side channel.

djbsort is constant-time.

Because most post-quantum cryptosystems need this primitive.

https://sorting.cr.yp.to/

< In Europe...cultural thing.

Go on, which culture is that? Most "cultures" in Europe I know of it would be a breach of many stated and unstated rules and norms (Germany, Norway, Sweden, Denmark, Finland, Poland, and Belgium).

Example Finland. Could you end up in a nude Sauna with your superior? Yes, especially if it is same sex.

Example Germany. Which law would be broken? Internal compliance rules, yes, that would be often the case.

> Example Finland

Example of a very different behavior than the claim above?

> Which law would be broken?

What is that supposed to mean? e.g. eating dogs or cats would be an even more significant taboo and its not even explicitly illegal in quite a few countries

Coming from a European, this is definitely not normal.

I would examine why your acquaintances are normalizing such creepy behaviour.

I agree it’s awkward. But I don’t find it creepy per se. It was a tradeoff to which all parties consented.

In one case there was just that one room available stranded in the middle of nowhere.

In other cases it was due to lack of financial resources.

I don't understand what is Europe-specific in those examples. Curious if it is any less awkward in any other culture?

definitely not a cultural thing in United States.

As you would expect from a state press release, not a tabloid publication.

The 4% rule is considered safe for a 30 year retirement period. So at 50 you might want to withdraw a little less.

Somehow this code lacks the magic I‘m used from rails:

    class BooksController < ApplicationController
    def show
        @book = Book.find(params[:id])
        add_breadcrumb("Home", path: root_path)
        add_breadcrumb("Books", path: books_path)
        add_breadcrumb(@book.title)
      end
    end

Only the title is specific to the show method. Home should be set by the application controller and Books by the books controller code.

I think it depends on how you look at things.

Here is what I like about this code:

1. It is explicit

2. Breadcrumbs are information that this action needs to set. You can set them in the views or in the controller via these helpers. But no matter where you put the data it is custom data that you as developer set and it is specific to this controller.

The information about how to navigate from homepage to this show method is something that either: you can use meta-programming to try to get it if you would for example scope controllers based on paths (not sure it is a good idea) or you have to provided as Rails cannot know if your controllers/views are in the top namespace.

Layer8 DID the thing though, skimmed through the code and thought about security issues.

The requested feature is more like list-unsubscribe headers for mailing lists[1]. Instead of categorizing the mail as spam (blocking) you send a clean unsubscribe back to the sender.

[1] https://www.twilio.com/en-us/blog/insights/list-unsubscribe

Yes, you could use union. But then you have to pad the columns of the other tables with NULLs to arrive at the same output and carefully count. And we all hate counting.