1. It most certainly was malicious, if not in outcome, in intent. xach wanted to say "Look, you say you're a coder - look at me I'll show you." There were a multitude of ways he could have presented his case in a manner that would have been - frankly - much more mature.
2. This is pg's personal pet hobby. I don't think holding him responsible for every possible vulnerability is really all that practical, especially when the code is wide open. He's putting it out there with an element of trust that a hacker to be would actually provide a fix instead of being malicious. If xach was such a great positive influence, why didn't he provide a patch?
1. Perhaps we simply have different definitions of malicious. I don't even think it's possible to be malicious with info on HN, unless he were to try to get our passwords or something. I just don't think karma is something to get all upset about.
2. I don't care what this is to pg. If he doesn't want it to be cracked, then he should spend some hobby time doing what every decent web programmer knows to do. There is no "element of trust" on publicly available sites. Further, note that I have not made an argument that xach has been a "great positive influence" - only not a negative one
2. This is pg's personal pet hobby. I don't think holding him responsible for every possible vulnerability is really all that practical, especially when the code is wide open. He's putting it out there with an element of trust that a hacker to be would actually provide a fix instead of being malicious. If xach was such a great positive influence, why didn't he provide a patch?