I still don’t get it. Some code may use .value, store it, parse it, send as a part of a form, etc. How is that a security issue? If you meant that evaluating strings (as in eval(s) or el.innerHTML = s) is dangerous, then okay, but why this exact location - disabled inputs? One can eval(from_any_source) if they are unaware.
Your description about the issue is sketchy, there is nothing wrong with disabled input fields but it it sounds like you are making that an issue while the actual issue would be parsing those fields in the backend.
Maybe I was not able to make it clear - what I meant was "if you can inject arbitrary code in disabled fields and the system is using those JSON data elsewhere, it can lead to injection attacks"
The whole idea is validate the user inputs - be it disabled fields or normal inputs
It is more “sanitize” than “validate” then. Saying that you need to sanitize disabled or normal fields in “crypto websites” is like saying that you need to put handrails on 7th floor of a red building to prevent falling down. But in reality you may fall from any height that has no handrails, and 7th floor and a red decoration aren’t specific requirements for falling.
I’m not trying to nitpick here, my confusion was genuine. These sorts of statements are hugely misleading even for seasoned folks (“what if I missed something in disabled inputs? why crypto suffers from that?”), and in novice developers it creates magic recipe thinking instead of generic awareness that you never want to execute(user_input).
A nuance here is that China's nationality laws forbid dual-citizenship and border officials have been (anecdotally) cracking down on it in recent years. There are a lot of grey areas in enforcement, and I'm not sure how it would play out for the rich and powerful, but the general idea is that once you get a second passport, the first one ceases to exist, along with one's hukou, right to property and capital, etc.
Thus, as with other countries that don't allow dual citizenship (e.g., Japan, India, Austria, Malaysia, Singapore) getting another nationality is probably a stronger exit signal.
Of course, most schemes start by giving permanent residency, which is different and sort of the best of both worlds.
> The United States will not ask naturalizing citizens to take any steps to formally renounce the citizenship of their home country. Nor will it stop U.S. citizens from later adopting citizenship in another country – though if their intention is to give up U.S. citizenship, they can certainly do so. You may continue to vote in your home country, if it allows it.
> All this does not mean that the U.S. will tolerate divided loyalties. Dual citizens must obey U.S. laws, uphold the U.S. Constitution, and in every other way adhere to the naturalization oath that they take. They are also required by the I.N.A. to carry their U.S. passport when leaving the U.S., and to present it upon reentry.
There's a bit of doublespeak going on here. What could they mean by "take any steps to formally renounce their citizenship" that doesn't include (from the naturalization oath):
> I absolutely and entirely renounce and abjure all allegiance and fidelity to any foreign prince, potentate, state, or sovereignty of whom or which I have heretofore been a subject or citizen;...
They won't require you to formally tell the other country you are renouncing it, which is good enough for practical purposes, since most other countries don't allow you to renounce your citizenship simply by telling some US bureaucrat you renounce and abjure it.
What the State Department (probably, I don't work for them) means is that naturalizing as a United States citizen may be done with no input from a person's other country of citizenship. Contrast with, for example, Germany, wherein a naturalization certificate may not be delivered to an applicant before the applicant shows that he or she affirmatively renounced any other citizenships or received permission from the German government to proceed with naturalization absent that step being taken.
China has the population and to some extent tech advantages but the Chinese government is very strict, unpredictable and favor individuals who are on their side.
Not everyone has an equal opportunity to make it big in China. If you care about freedom and a better future for your children, make money and move out!
The gov sometimes has these campaigns that sweep through and affect both guilty and innocent. Some try to keep a “get out of jail card” so to speak, if need ever be. That’s what much of this is.
Would this the same Peter Thiel who bought himself[1] a New Zealand citizenship, just in case things go south in his home country? Sounds like an expert on that playbook.
It depends if it was Thiel’s argument or not. I’m not quite sure because of the thread history, there was something about his book and another about people who have multiple passports.
Calling something an ad hominem attack doesn't make it less valid in the context of the discussion.
This is a thread about immigration. If Thiel's opinions on immigration are to be considered, then his own behaviour in that regard are absolutely relevant.
> This is a thread about immigration. If Thiel's opinions on immigration are to be considered, then his own behaviour in that regard are absolutely relevant.
No, it's not. It might be germane if (1) his behavior demonstrated that he was particylt untrustworthy on this topic and (2) fact claims were being made that could only be accepted based on trusting Thiel.
It might also be germane if we were discussing the credibility of his claim to believe in the position he lays out rather than the merits of that position (this is actual a special case of the preceding.)
It's also potentially useful as a filter as to whether it's worthwhile to both considering his opinions and participating in the discussion in the first place; many fallacies are pragmatically useful in terms of whittling down the universe of ideas to decide which one are more likely to ve worth spending more time analyzing. But once you jump into the discussion on the merits, well, there is a reason fallacies have been identified.
In 2013 Facebook paid me $5000, because of it I was able to pay my education loan(in India) and avoided all those compound interest.
I started way before when it was popular and actually got my current job from this thread
“list of YC companies I’ve worked with(Hacked)”
https://news.ycombinator.com/item?id=10463286
Bug bounty is really hard these days, you are competing with the whole world - whoever report first, wins(even when you have put equal efforts)
It’s good for side hustle but you can’t do it full-time these days.
It seems like it may be possible to live on the bug bounty rewards in places with cheaper cost of living, but you would need to get, like, 10 $5,000 bounties a year to survive in the US wouldn't you?
> you would need to get, like, 10 $5,000 bounties a year to survive in the US wouldn't you?
More like 2 $5k bounties a year for me. Where I live in the U.S., I could rent a house for $500/mo ($6,000 a year), and I eat about $200 of food per month ($2,400 a year). So the cost of living per year is $8,400.
But yes, it entirely depends on where you live. For me, I specifically chose this place so that I could live comfortably on bug bounty income
Assuming you don't need to pay for health insurance and can handle financial ruin if you break your leg.
Assuming you don't need to pay for electricity, water, trash service, internet, phone service, medicine, toilet paper, detergent, need to leave your house ever, buy a computer to actually work with.
So you a pseudonymous stranger have heard from an anon stranger that somewhere there is an apartment for rent with undefined qualities and location that is "super nice" for near 1/3 the median rent. A rate that wont rent a yurt in most places.
you're right, i didn't include that stuff. I was trying to price it out for someone who is renting a house/apt, but neglected the utilities bit. I actually bought a house here for $20k (in cash from bug bounties) so all I pay for is utilities. This place has an acre of forest and FIOS internet, 3 br and next to the lake. I pay about $300 a month for the services you mentioned, save health care, which I don't pay for at all at the moment.
There are still folks doing it full time in expensive cities.
The main aim of the game is to have extensive infrastructure and code to do asset identification & delta. When Facebook puts a new host live without ACLs, you’ve gotta wake at 3am and hit it.
In US, workers making minimum wage with full-time schedule make around $15,000 a year. Many people have fewer hours or lower hourly rate. They survive. It's not a great standard of living, though.
On the plus side, the bug hunter would have the advantages of being their own boss. On negative side, their finance and tax situation might be worse or at least more complicated. Probably also better to save money in case they have a stretch where bug finds or payouts drop. Someone doing that would need even lower cost of living.
I came across this 'STOP words' https://en.wikipedia.org/wiki/Stop_words yesterday. Wiki says these word list can vary from services to services. There is hardly any chance you'll find a complete list, maybe common words are available.
I made this simple Instagram image downloader. Just copy image link of any Instagram image and save that in Full HD and size using right click. Still used by many for social media marketing as you can't save images from other's profile on Instagram, only way is to screenshot which obviously reduce the quality of the image.
