There's a type of side-channel attack you can do to get around CORS but still leak limited information.
Suppose you want to detect whether one of N pre-chosen users of FakeMail (a service I made up) have visited a malicious page you control. Let's also say that in FakeMail:
1. you can see a hi-res version of your profile pic only if you're authenticated
2. only you can see your own hi-res profile pic
3. the path to this private pic is unique to each user, e.g. `/users/{user_id}/private_pic`
The trick then is to embed an `<img>` tag with a `src` to this private, hi-res profile pic for each of the N pre-chosen targets in your malicious page. Then, in `onerror` and `onload` event handlers of `img`, you can implement logic to handle "user X is not here" and "user X is here" respectively.
Of course, this attack could be thwarted by SameSite cookies or browsers with protection against cross-site use of cookies. And it's rather hard to find FakeMail's exact three conditions needed to pull off such an attack. AND just add one more, your targets have to be authenticated to FakeMail. It might seem like an attack that's not viable, but this has happened before, and iirc it was called XS-Leaks for a while when I first heard of it.
Security Innovation has quite a few pentesters who specialize in AWS. In fact, one of their clients _is_ AWS! Despite the generic-sounding name, the pentesters there are bona fide hackers.
The normalization of porn is bizarre once you stop. It's quite eye opening. There's nothing really sex positive about most of not all of the porn available on sites like pornhub. Some of it is straight up racist, too.
You can hold the idea that a certain religion or philosophy is vile and evil, yet respect and even like certain individuals that are followers or adherents of those beliefs, because individuals are often more than just the essentials of those beliefs.
Take a certain popular religion, for instance. This religion can be judged as evil if you are secular or pro-reason (as opposed to faith). But individuals who practice this religion do so as individuals, and may place more emphasis on certain parts of their religion over others according to their own personal values. In fact it's impossible not to place emphasis on certain aspects of a religion or philosophy when adopting it - even religious zealotry implies an emphasis on perfect obedience and adherence. You can tolerate, accept, or even like a person holding an idea that you can't tolerate due to your own beliefs, for the personal values and virtues exhibited by the individual which are reflected in their emphasis of certain parts of their beliefs.
If you'd cared to talk to people outside your bubble, then you might've had a different opinion. And besides, the fact that there are people exploiting a crisis doesn't mean that the crisis was manufactured.
Funny, the other day I was talking to someone about a project I was doing for my Intro to Software Engineering class. We had to make a web application with any tools we want, with the suggestion that we used Django or Rails. I chose Rails. Anyways, when I mentioned "Rails" this guy gave me this incredulous look and said "Rails? Use PHP."
I consider myself at an intermediate level (I guess by my own standards). I've dabbled in PHP. But honestly, I like Rails. Obviously the appeal to it is ease of use, and I'd definitely consider using it in my future projects. Though he never explained why PHP is objectively better. I just thought of it as just another tool to use, like Rails.
If you like rails, I'd stick with it. That means that you're already familiar with the MVC model, and once you grasp that, Ruby and the Rails helpers are easier to implement than PHP.
~ I've worked in Symfony 1.x, Laravel, and Ruby on Rails.
