The EU is mostly clamping down on asylum seekers that are abusing the procedural rules, despite not having a solid claim on asylum.
Think of someone from a place that isn't nice enough, but well above the threshold of absolute shitshow with genocidal aftertaste that allows protection. Such people, by virtue of claiming to require asylum get temporary protection and right to residence and then clog the system by appealing everything ten times with the obviously foreseeable result of not being granted anything. The current idea that is supposed to solve everything is hosting the immigration ghettos offshore (surprise surprise) to not upset the local population until the positive decision is made.
Right populists are mostly riding the racist feeling and the idea that the actual legitimate asylum seekers are undesirable, because they are Muslim, because immigrants leech on the system and all that, plus the actually observable existence of ethnic (organized) crime.
All at the same time, the tech immigration is very easy as long as you get an offer. No quotas, no 100k shakedown, not even a degree requirement or a language test, just someone willing to fill the form and pay like 500 bucks in processing fees and pay you the above media salary. Family immigration isn't restricted either and partners of citizens and immigrants get right to work (because what else they would do here, lol).
But the actual non-fancy low-skilled low-paid immigrants are either EU citizens from less affluent side of the continent or the (former) asylum status holders (which is straight path to citizenship most of the time). Packages have to sorted, garbage trucks have to be driven and cheaply. But sure, anti-immigration attitudes we have.
So yeah, the only sure way to fly in a Thai cook is to marry her or give her husband a tech job.
Yeah, before open borders became a left thingy, it was called free market so local business gets that cheap labor. Now, once the profits are booked is the time of the classic switcheroo -- put the negative externalities on the society and blaming the left for trying to deal with them.
> asylum seekers that are abusing the procedural rules, despite not having a solid claim on asylum.
Out of curiosity, isn't that the same case as what happened with the Biden immigration surges, at least Venezuela? And now the current administration is taking action?
I'm not familiar with the American context enough to answer that. My understanding is that US was always very lax with immigration enforcement, where a lot of people are neither given the legal rights nor deported, while EU (mostly Western part of) was more willing to give some sort of legal residence, so people can pay taxes, fines and have incentive to learn the language. I don't really understand what was the problem with giving residence permits to the refugees from Venezuela in the first place, but again, I'm not familiar with this circus.
They weren’t that lax with immigration enforcement, Biden was the exception, Obama deported a ton of people, enough so to get the “deporter in chief” moniker.
Also, you can pay taxes without legally residing in the us it seems.
You are looking for a good job, not any job. Capital allocator decided that you do not deserve a good one anymore. Time to shake the fist at the sky and blame the times.
>it takes effort to familiarize yourself with new features, decide what should be enabled and what should be disabled, etc.
What features? I update my rolling release once a month and nothing changes for the last 10 ish years. Maybe pipewire/pulse thingy was annoying and bluetooth acted a bit. With docker on rpi I even upgrade the whole zoo of things by just rebooting.
exactly. it is something you genuinely never need to think about, except for once in a blue moon. or, more like once in a leap year. and completely unmeasured by the "we will update it when our [horrific] business processes say it's okay" crowd is the cumulative angst of shit being broken FOR NO REASON. and that is to say nothing of the security vulnerabilities and all the other reasons that exist for updating your software.
No, it’s completely wrong. It’s a very minor refinement of a terrible yet sadly common design that merely mitigates one specific way that the terrible design can fail.
See my other comment here. By the time you call the OP’s proposed verify API you have already screwed up as a precondition of calling the API.
So another lesson had been relearned from asn.1. I'm proud of working in this industry again! Next we will figure out to always put versions into the data too
I would say two problems with the asn.1 approach are: (1) it seems like too much cognitive overload for the OIDs to have semantic meaning, and it invites accidental reuse; I think it matters way more that the OIDs are unique, which randomness gets you without much effort; and (2) the OIDs aren't always serialized first, they are allowed to be inside the message, and there are failures that have resulted (https://nvd.nist.gov/vuln/detail/cve-2022-24771, https://nvd.nist.gov/vuln/detail/CVE-2025-12816)
(edit on where the OIDs can be, and added another CVE)
OIDs have to be unique just enough to not fall into the wrong parsing/validating path in the same system, which isn't that hard.
>Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure
That's on brand for the javascript world, yes.
With asn1 being a can of worms, at least it's a can of worms with a reputation, unlike this nice magic trick.
Disclaimer: there exists a PR filled under my name into an asn.1 parser that fixes a bug, which is not merged since October 2022.
Those CVEs seem a little more subtle than OID serialization issues. In the first example there are actually two distinct problems in concert that lead to the vulnerability, one of which is when a "low public exponent" is used.
It seems like in that PR, the fact that the OID wasn't checked is part of the problem. I think a better system wouldn't compile or would always fail to verify if the OID (domain separator) is wrong, and I think you'd get that behavior in the posted system.
This is Bleichenbacher's rump-session e=3 RSA attack. It's pretty straightforward, and is in Cryptopals if anyone wants to try it. If you don't check all the RSA padding, and you use e=3, you can just take an integer cube root.
>suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years.
Which is not that unreasonable even. If a person is flagged for making scam apps, them having publishing rights in a reputable place makes taints the reputation of such place.
You should be able to appeal of course and the oauth should not be towards google in the first place, but being associated with known fraudsters and scammers is not what you want.
That seems at odds with how our society is structured. We treat employees as interchangeable cogs. If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices.
It's even more nefarious when it comes to BigTech because you can be blacklisted without having committed any actual crime and without anything resembling a trial.
Individual accounts and employee accounts are conceptually distinct. Permitting anything less gives large companies free reign to run roughshod over the individual by unilaterally depriving him of his livelihood.
> If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices.
This is no longer the case, see the example of Hüseyin Dogru, a journalist who faces political EU sanctions (no trial) and now cannot transact with EU citizens or travel. Authorities have now siezed the bank account of his wife and are treating her as if she is sanctioned, even though she is not, so their family is now broke and cannot even pay for food. Because they are not allowed to travel they cannot return to Switzerland.
This kind of blacklisting also comes up in non-sanctioned contexts with de-banking and political de-platforming based on government pressure. The world is headed to a very dark place.
>It's even more nefarious when it comes to BigTech because you can be blacklisted without having committed any actual crime and without anything resembling a trial.
Crime is not the only thing that exists in a law. One can work in a regulated profession and lose a license for not adhering to the rules. Such person can in theory go and do something that doesn't affect the society negatively and this isn't exactly a punishment for a crime. Now if someone employs such person again after they lost their license, that new employer maybe be sanctioned as well. All of that usually comes with some kind of appeal mechanism.
The bank has to perform the authorization and identity checks, but the bank will not make them for you, they do them for themselves based on their own risk analysis. The scope of authorization could also be different based on who it's presented to.
The authorization is not transitive so to say.
>As an aside, I suspect that leaving it to the bank would also provide additional legal protection
If it would, they will have to pay the bank for it and the bank should also be willing to accept the liability (spoiler alert -- the will not be willing to accept the liability)
That's all fine, they can want their wants, but then, once the bad cop writes them strongly worded letter and they start throwing tantrums over "regulation".
> The bank has to perform the authorization and identity checks, but the bank will not make them for you
We aren't talking about authorization, only about identity verification. I'm no domain expert but it is my understanding that banks provide these sorts of services. They certainly already have all the necessary information on hand both for practical reasons (security) as well as legal (KYC and AML laws).
> If it would, they will have to pay the bank for it ...
For the identity verification? Probably, depending on how you went about it. What's the issue? This is already a paid process we're talking about here.
For the additional legal assurance that I described? No, that doesn't cost extra. Please read what I wrote more carefully. It's a transitive property due to the penalties involved in addition to the degree to which the legal system and the bank care (at least assuming my understanding of that legal environment is correct).
From the point of view of the bank the problem is usually defined as
"how do we asses a complex situation where identity of the person X is one of the signals (but maybe not the strongest one) with enough certainty to balance a probability Y of bad something happening that will cost us Z and still make money"
Most of the time Y and Z are defined because the other department said so and we trust our colleagues, dus the answer is computable (somebody somewhere has it open in a spreadsheet right now).
If you add a transitive property to the system, then, unless there is some regulatory magic that caps the possible value space of Y and Z, the answer is (by default) no.
Think of someone from a place that isn't nice enough, but well above the threshold of absolute shitshow with genocidal aftertaste that allows protection. Such people, by virtue of claiming to require asylum get temporary protection and right to residence and then clog the system by appealing everything ten times with the obviously foreseeable result of not being granted anything. The current idea that is supposed to solve everything is hosting the immigration ghettos offshore (surprise surprise) to not upset the local population until the positive decision is made.
Right populists are mostly riding the racist feeling and the idea that the actual legitimate asylum seekers are undesirable, because they are Muslim, because immigrants leech on the system and all that, plus the actually observable existence of ethnic (organized) crime.
All at the same time, the tech immigration is very easy as long as you get an offer. No quotas, no 100k shakedown, not even a degree requirement or a language test, just someone willing to fill the form and pay like 500 bucks in processing fees and pay you the above media salary. Family immigration isn't restricted either and partners of citizens and immigrants get right to work (because what else they would do here, lol).
But the actual non-fancy low-skilled low-paid immigrants are either EU citizens from less affluent side of the continent or the (former) asylum status holders (which is straight path to citizenship most of the time). Packages have to sorted, garbage trucks have to be driven and cheaply. But sure, anti-immigration attitudes we have.
So yeah, the only sure way to fly in a Thai cook is to marry her or give her husband a tech job.
reply