april.social
Staff Security Engineer at some random tech company, previously Mozilla, Dropbox, and (pre-Elon) Twitter. Has read @kateconger.bsky.social’s autobiography.
web @ grayduck.mn // also github.com/april
1,423 posts
13,768 followers
203 following
Regular Contributor
Active Commenter
comment in response to
post
and since they’re already living there, maybe we should pay them in special company dollars that they can use to spend at the company stores?
comment in response to
post
this is still agonizingly painful to me, Twitter had the _best_ culture of any place I've ever worked at.
there were definitely some outliers (cough cough former Periscope team) but I've never seen a tech employer with a culture like that, either before or after.
comment in response to
post
I live next to a freeway, I-94 in particular, because that location is one of the very few where I can walk to most anything without driving. It’s genuinely diabolical to design a city this way.
(I have multiple air purifiers running into my house as a result.)
comment in response to
post
yes there are common feeds that are based on things that your followers like. but you can have systems where the algorithm knows who liked a thing but anyone but the person who posted it does not.
comment in response to
post
(also there’s a button directly next to it, the retweet button, that is expressly designed for publicly supporting a thing)
comment in response to
post
mostly that it has ruined countless numbers of lives of people who don’t realize
comment in response to
post
you can make it opt-in
comment in response to
post
phishing training 🤢🤢🤮
comment in response to
post
humans will do literally anything besides bring back hypercard
comment in response to
post
there's a pretty solid trans / non-binary / GNC discord, if they fall under that.
comment in response to
post
from my report? if so, I'm very sorry about that. 😅
comment in response to
post
I made it while I was working at Mozilla!! *flails her arms widely*
comment in response to
post
i have an electrolysis tank! i can fix it!
comment in response to
post
blame the way that money works on the internet, sadly there isn’t any of it to be found in short technical blog posts.
comment in response to
post
thanks for the kind words! i love any article where i get a chance to hand-draw doodles.
this one was a question a developer at my company asked me and my answer was long enough to turn into a blog post. :)
comment in response to
post
thanks for all your hard work and for implementing the feature request that i’m about to make on github. 😂
comment in response to
post
if the President of Nintendo of America can be named “Doug Bowser,” then truly anything is possible.
comment in response to
post
hah, no kidding. this was all handwritten, like a love letter from the 1920's.
and thanks for letting me know, the typos have been fixed now. :)
comment in response to
post
ooooooo thanks!!
comment in response to
post
haha awesome! hello! 👋
comment in response to
post
Your article is SO GOOD, I can't believe I hadn't seen it before.
It's very fun to see how some things (e.g. cookie overwriting) have been solved, but despite all that time so much behavior has continued to be left undefined.
Compared to modern web specs, it is downright embarrassing.
comment in response to
post
got it, no worries! i'll see if I can fit it in sometime this afternoon!
comment in response to
post
oooo do you have a quick test case that I could throw into a playground of some sort?
i’d be happy to add it if so.
comment in response to
post
they’ve been aware of my research for a couple years now, and really do want to try to fix it.
i don’t envy them the task because it’s such an old and bad specification and any changes will break a lot of people’s workflows.
even google was afraid to make changes here.
comment in response to
post
I tried to open up a security bug with Netflix about a year back but ran into issues because it’s a security risk only so much as it would affect availability.
Personally this stuff would scare me at least a little, especially given the history of it actually happening.
And thanks for sharing!
comment in response to
post
This was an incredible story! Thank you so much for sharing!
It's kind of wild that it's almost a decade later and yet a malformed cookie can still break Netflix.
comment in response to
post
Thank you!! 💛
comment in response to
post
it’s really quite delightful too, i’ve never before seen a specification that disagrees with itself.
comment in response to
post
Thanks, and that's very kind of you to say. :)
It's been over two years from start to finish, it was quite the dive and I hope you enjoy the write-up.
comment in response to
post
I’m in one of the at-risk groups for mpox and golly has it been a giant pain to get the vaccine at a place covered by insurance.
comment in response to
post
do you think companies find this to be a feature or a bug? 🤔
comment in response to
post
Yup they inject it directly into your video stream. 🫠
comment in response to
post
yeah but then we have nothing left but a useless and broken web
comment in response to
post
It arguably already has
comment in response to
post
Yes but no ray tracing unfortunately.
comment in response to
post
oh, I get “bet,” simply saying how don’t get other people not intuited them.
comment in response to
post
the only that’s not immediately obvious is “bet,” I don’t get it either.