A friend of mine would always put `<blink>` around his middle name as a quick and dirty way to test for missing escaping and possible xss. Back in the day this was surprisingly effective at uncovering problems :-)
A friend of mine recently let the domain used for documentation of Pykka, a Python actor library, expire. Some of course registered the domain, resurected the content and injected ads/spam/SEO junk.
Since the documentation is Apache License 2.0 there isn't much one can do, other than complain to the hosting about misuse of the project name/branding. But so far we haven't heard back from the hosting provider's abuse contact point (https://github.com/jodal/pykka/issues/216 if anyone is interested).
The plan for mopidy-spotify was to move towards web-api for everything we could to be on the official APIs where possible. So the end state would have been only streaming left on libspotify, then figure out how to get librespot and GStreamer to play well enough together (there is a plugin but it's missing at least one feature we need).
But as you can see in issue #110 this goal hasn't been reached yet.
The way auth tokens are setup for Mopidy-Spotify you hold the encryption key for the blob with the OAuth data, and the intermediate server just has an id and the encrypted data. Note that the id is not a Spotify OAuth client-id but an internal one. This is done so we don't have to ship Mopidy-Spotify with the client-secret for the App registration (this was pre PKCE auth).
Having gotten a Swiss C-permit (permanent residency) myself on the five year fast track it was rather easy. But looking at previous interactions it all feels very dependent on what privilege you have in the form of your nationality.
If you are from a "good" country things are a lot easier. E.g. I didn't have the TELC B1 test done when I sent in all the papers. So I had a co-worker help write a formal letter explaining I would forward the test results when ready and got the permit before the results.
There is even a set of countries that are exempt from the language requirement (Austria, Belgium, Denmark, France, Germany, Italy, Netherlands, Portugal, Spain,
Greece, and Liechtenstein). Some of which make sense as they share a language with Switzerland while others I wonder what the story really is...
In contrast, friends from a "bad" country would be stringed along on 6 month L-permits, also for the spouse (who didn't get the right to work) while I brought my partner (we still aren't married) and got her a B-permit that could easily be upgraded to a working visa from the get go.
There are very few people from 'good' country list that want to go to Switzerland (or any rich country) for nefarious reasons. Be it running from law or wanting to live off benefits. So there is less hoops to check those people.
There are far more incentives to try to get to rich country from a poorer country, if you make the process too easy you will get an increase of people wanting to come in. And those are hardly going to be only doctors and engineers. It will be poor and low income in general, willing to bet all.
This isn't fair, its discriminatory and racist approach. But it is also reality of this planet. Life is unfair.
The thing to watch out for though is that the parchment paper is not suited for baking (mainly thinner and cheaper), we once baked a pizza on the matpakke type and it was a pain to get the paper off the crust.
Note that the tool does not seem to filter out revoked keys, or take expiration into account. You have to cross check against what (sub)keys you still have in use.
I actually had a lot of luck creating such a timetable website[0] for NTNU in Trondheim, Norway. Initial version did hacky scraping, eventually I found a database, after the site site gained traction the IME Faculty (IT, Maths, Electrical engineering) got in touch about the site.
At this point they actually paid me to opensource the code and hired me to setup a copy for them. We never got their version to take off, as mine was to well established. So eventually we shut their instance down, and mine lives happily on despite the fact that I've long since left the university.
IME also did some great follow up putting quite a bit of effort in creating an API for "me". The problem was that the central IT services could only provide payed access to their WSDL based XML service. So IME basically payed them for access and then reexported it with their own API[1] + caching.
On a side note, most of the code[2], except for the importers should be generic enough to use at other schools :-)
