What's wrong about filtering before saving, is that if you forget about one rule, you have to go back and re-filter already-saved data in the db (with some one-off script).

I think "normally" we should instead filter for XSS injections when we generate the DOM tree, or just before (such as passing backend data to the frontend, if that makes more sense).

Don't forget that different clients or view formats (apps, export to CSV, etc) all have their own sanitization requirements.

Sanitize at your boundaries. Data going to SQL? Apply SQL specific sanitization. Data going to Mongo? Same. HTML, JSON, markdown, CSV? Apply the view specific sanitizing on the way.

The key difference is that, if you deploy a JSON API that is view agnostic, that the client now needs to apply the sanitization. That's a requirement of an agnostic API.

Please don’t use the word sanitising for what you seem to be describing: it’s a term more commonly used to mean filtering out undesirable parts. Encoding for a particular serialised format is a completely different, and lossless, thing. You can call it escaping or encoding.

Sanitizing is just a form of encoding that prevents data from becoming executable unintentionally.

I don’t like how you’re categorising things. Sanitising is absolutely nothing to do with encoding. You can sanitise without encoding, you can encode without sanitising, or you can do both in sequence; and all of these combinations are reasonable and common, in different situations. And sanitising may operate on serialised HTML (risky), or on an HTML tree (both easier and safer).

Saying sanitising is a form of encoding is even less accurate than saying that a paint-mixing stick is a type of paint brush. You can mix paint without painting it, and you can paint without mixing it first.

I used to feel the same before having a kid.

Nowadays, the scope of what I can care about is drastically reduced. But one area where I don't allow care to be dissolved (apart from my family) is the work I do.

I had to leave a job where co-workers wouldn't care and it was about to influence my own level of care by the end.

Her biography on Elon Musk is also pretty good as far as depicting someone who did hard things. I was quite impressed by his tenacity.

Seeing the articles penned by "Alain Plouffe", "André Lafrenière" and "Serge Vaillancourt" makes me realize they were _french_ canadians.

Funny to imagine a clique of – old like my parents – québécois geeking out about Atari computers and making a floppy zine about it.

So far, I find Ansible Vault to be good enough for this (when using Ansible at least): https://docs.ansible.com/ansible/latest/vault_guide/index.ht...

You still have to "manage" the vaults' passwords, though.

I see this pattern coming where we're still able to say:

"It's not AGI - it's X, driven by Y-driven heuristics",

but that's going to effectively be an AGI if given enough compute/time/data.

Being able to describe the theory of how it's doing its thing sure is reassuring though.

Yes.. we have 60% that inception will happen within 24 months.

Good point. But is there an oligopoly in the Canadian real estate market though?

I assume the premise of Project Hammer is that transparency applied on the food industry would underline some collusion and invite for a debate on whether there's some legislation to apply against such an oligopoly.

What would demonstrate collusion? Very similar prices could be a sign of close competition, and razor-thin margins. Varying prices could also be a sign of close competition, with grocers choosing loss-leaders to lure customers into the store.

Look at the data for Austria presented in the link in the article. Supermarkets raised and lowered prices on the same day to the exact same amount and lots of other pretty damning evidence.

Supermarkets often publish upcoming sale prices in advance, and matching your competitor’s prices is not collusion. On the contrary, it’s a sign of healthy competition!

If supermarkets are getting together and forming handshake agreements like “we will not change prices between November and February”, like Canadian supermarkets apparently did, then that could constitute collusion.

Lowering prices together makes sense. But why would you raise your prices of a commodity product to match your competitor's? If they are going to raise, you hold and rake in the extra sales.

Do people really go comparison shop between stores? Like, I recognize that I'm coming from a more privileged economic position to not do so, but I still go to the cheap grocery store because it's the closest to me.

I'd imagine that even for low-income people, it's the cost/benefit of comparison shopping has been squeezed out by how much prices change on a day-to-day basis. Like sure, if you're buying a lot of something all at once it might make sense to do on that occasion, but once you do that a few times you either learn:

1. Which store usually has the lowest price (and if they have coupons for store X, they might just only go there, because... they can't use the coupon at the competitor's)

2. The difference in price doesn't offset the time-cost of going to multiple stores (and the consolidation of stores means that going to two different stores will take even more travel time).

So, if most people aren't really doing comparison shopping anyway, then you make more money by matching your prices to your competition.

Some people do, based on what I hear from my parents. It could be that seniors have more free time and are more astounded by higher food prices that the spend their time shopping at multiple supermarkets to get everything they want at low(er) cost.

Of course the time it takes to do this makes it all but impossible to actually save money, so it has to be a small portion of their customers.

I have heard that only something like 10% of customers actually give a shit about prices at all, and it is them who keep the prices in check for everyone else. i.e. with razor margins, the retailers can’t afford to lose that 10% customer base

Why are stores changing prices so frequently if it has no impact on sales?

Yes, the vast majority of people don't comparison shop. But people do decide to not buy something if it seems it is too expensive and vice versa, and the effects are seen on the statistical level.

Your past data shows you sell 100 apples every day, despite the cost. Then it shows that you may sell other 100 if the price is considered "low" by the clients or 30 if the price is "high". Then you know how many are in stocks, from how many days, and how many are arriving. And you fix the price accordingly

It's pretty easy for things to not be actual collusion to end up looking like it, and having the very same negative effects" You don't need handshakes in backrooms.

This will be even more popular in situations like supermarkets, where a significant part of the stock has an expiration date that isn't so far from today. Turning your inventory too fast is just as bad as turning it too slowly, so there can be immediate reactions to make sure things are being consumed at just the right speed. And the more uniform the models of consumption the supermarkets are running, the more similar their decisions will be anyway.

So I wonder if we even need to focus on needing damning evidence, or on whether there is collusion, and instead aim for what we want: Dynamics that put negative pressures on prices. If we aren't seeing that, I don't care much about how much is collusion, and how much is models that have tacit agreements because, as market players optimize for what is best for them, there are solutions where high prices across the board makes all sellers win.

Those instances do look suspicious, though it’s likely that both vendors were sourcing from the same supplier and/or one was matching their competitor’s pricing. I’d be interested to see what proportion of the own-brand goods this had happened for, whether the same store was always first to raise prices, and what their supply chains looked like.

I'm afraid it might have the opposite effect - made collusion easier.

Is the premise that the bread scandal is just the tip of the iceberg?

  Location: Montreal, Canada
  Remote: No preference
  Willing to relocate: No
  Technologies: PHP, React, JavaScript, Ruby, PostgreSQL, Go.
  Résumé: https://www.linkedin.com/in/juliendesrosiers/
  Email: julien AT desrosiers DOT org

I did mostly Web app development but also some systems programming with Ruby and Go.

You might also want to apply some dithering[1] to your images for an extra retrocomputing effect.

[1]: https://ditherit.com/

This is a nice UX experiment. What I'd like to see though, is the ability to choose whether the link opens in the current tile, or open on the right.

IMO, this behavior should be the default on Web browsers when middle-clicking a link.

Especially since people tend to have wide screens and websites don't always constrain text narrowly enough to make it readable.