> can be a way to signal interest in something, get people to respond, and not necessarily do anything about it.

I can explain my intent, since I asked the question :-).

"Signal interest in something in the hope of starting a discussion with people who share that interest and may have interesting stories to share".

I loved IRC for that. I could join a channel, ask a question and sometimes someone knowledgeable would engage in a discussion with me. Often nobody answered, but because IRC was "ephemeral", I could ask again another time, and another one, hoping to eventually find someone interested.

> I think we should conclude people want to maximize learning while minimizing wasted time

In my case (and I want to believe that in many other cases), it's really just that people (me, here) would like to have some human interaction about a topic.

I know how to learn, I was not asking about that. I was trying to start a conversation with humans, that's all.

> I was trying to start a conversation with humans, that's all.

Totally fair, and I'm sorry you got a hostile response.

My (very low-value) opinion is don't waste your time learning how exploits work. Yeah it's kinda neat seeing clever misuse of components. But there is very little upside to investing in that knowledge.

0. You look at old exploits and marvel at them for a while, but they are long ago patched and technically useless.

1. You waste a bunch of time looking for a sploit but don't find one.

2. You find one but nobody cares, you don't get street cred. The sploit is patched in the next release, and you don't get back your time spent finding it.

3. You find a sploit but all you get is a thanks from the billion dollar company, followed by a patch.

4. You create an exploit and use it maliciously or sell it to a criminal syndicate. you are a criminal. Or you get sued because it's a civil/copyright issue.

5. You find a sploit and other people treat you as a criminal even though you didn't do anything with it. You even intended to help.

6. You find sploits but still can't get a job as a white hat because other people who found more sploits got the job.

The only good outcomes are:

7. You found a very clever sploit and got a bounty for it.

8. You got hired in cyber security and get paid for sploits or countering them.

9. You seriously just love decoding machine instructions and find joy from making it do unintended things.

Overall, I think the risk/reward ratio is suboptimal for this field unless you go black-hat which is obviously fraught with moral and legal hazards.