Readit NewsCAPTCHA isn't just a matter of protecting your site. One of the most evil attacks nowadays is "Distributed Spam Distraction", where you spam your victim with thousands of emails per second so an important email (e.g., fraudulent purchases) gets lost in the noise.
How do you do this in a world with decent spam filters? By using the victim's email to sign up for real services so they get hit with a welcome email. Because these are real services, spam filter won't catch it. This can only be done with services that have sign up forms that are easily automated.
The most evil thing here is your email is crippled even after the attack is over because these real companies will keep sending you newsletter and it's impossible to unsubscribe to them all.
zawerf commented on Data Structures Part 3: Arrays of Arrays ourmachinery.com/post/dat... · Posted by u/dmit
Assuming you ignore the constant. And if you're willing to ignore the constant, you can get O(c) access, O(N^(1/c)) insert and delete at arbitrary indices, and O(c) insert at head and tail, for any constant c. The trick is to make the array into a B-tree of width N^(1/c) and depth c. Note that the insert/delete time is amortized: the worst-case time is O(cN^(1/c)).
Yea someone else also mentioned that generalization (called a tiered vector) in that thread: https://news.ycombinator.com/item?id=20873110
> Completely opt out of DNS prefetching by setting to "off"
Why is this included in these guidelines?
EDIT: See reply. Thanks!
Express Helmet also turns it off by default and included a rationale for why (tldr: privacy leaks when there are random external links posted on a page):
https://helmetjs.github.io/docs/dns-prefetch-control/
zawerf commented on Data Structures Part 3: Arrays of Arrays ourmachinery.com/post/dat... · Posted by u/dmit
There was a really interesting post on this topic recently where you have a circular array of circular arrays of size sqrt(n). [1]
The result is you can do O(1) access, O(sqrt(N)) insert and delete at arbitrary indices, and O(1) insert at head and tail.
In terms of big O this is strictly better than:
- arrays: O(1) access, O(N) insert/delete in middle, O(1) insert/delete at tail.
- circular arrays: O(1) access, O(N) insert/delete in middle, O(1) insert/delete at head and tail.
- fixed page size chunked circular arrays such as the c++ implementation of std:deque which is still O(N) for insert and delete. [2]
[1] https://news.ycombinator.com/item?id=20872696
[2] https://stackoverflow.com/questions/6292332/what-really-is-a...
zawerf commented on A.I. researchers are making more than $1M, even at a nonprofit nytimes.com/2018/04/19/te... · Posted by u/alphagrep12345
So his effective salary is double that.
I think people are supposed to report their salary with the stock price at grant, not after appreciation (at least on levels.fyi). But yea it's a lot more because google stock is half their comp and it keeps doubling every 3-4 years.
Ironically, that could be portrayed as gaslighting on your part - not that I think it is.
It's no secret that content moderators moderate content. Most of the stuff on HN is shaped by a few people who gets to decide what's interesting enough to get a boost or not.
It definitely feels like gaslighting when you notice it happening. For example a few times I know I made a comment on an old article the day before but it didn't get traction. But then it would be on the frontpage again the next day with all the timestamps manipulated to seem fresher, including on my own comments! I know I was sleeping at that time so then I start questioning my sanity and whether I was sleepwalking or not!
Deleted Comment
zawerf commented on DOMPurify, Security in the DOM, and Why We Really Need Both [pdf] usenix.org/sites/default/... · Posted by u/_vvhw
Make it a whitelist. :)
It wouldn't help if new features extend the capabilities of existing stuff (which is done all the time). For example the CSS Shader example from before adds new syntax to the existing 'filter' css style, which you might've already whitelisted because it is safe today.
For example e-hentai.org serve their images from a p2p system called hentai@home and their total network is only using ~4Gbit/sec:
https://e-hentai.org/hentaiathome.php
(or https://imgur.com/a/1H04buw if you don't want to login)