April King's Avatar

April King

@april.social

Staff Security Engineer at some random tech company, previously Mozilla, Dropbox, and (pre-Elon) Twitter. Has read @kateconger.bsky.social’s autobiography. web @ grayduck.mn // also github.com/april

14,802
Followers 203
Following 1,426
Posts 23.04.2023
Joined
Posts Following

Latest posts by April King @april.social

My adoptive dad was guilty of DWB, and he would have more interactions with the traffic police every year than I’ve had my entire life.

If you’ve ever ridden with someone who follows every single traffic rule, it is agonizing, but that’s him.

25.01.2026 13:53 👍 13 🔁 3 💬 1 📌 0

oops, sorry! fixed!

08.11.2025 20:39 👍 1 🔁 0 💬 1 📌 0

One of my favorite things about the Twin Cities is that every single stadium -- NFL, MLB, AAA MLB, NBA, CFB, NHL, MLS -- are in the middle of the cities, all serviced by a single rail line.

07.11.2025 00:15 👍 4 🔁 0 💬 0 📌 0

and since they’re already living there, maybe we should pay them in special company dollars that they can use to spend at the company stores?

07.02.2025 15:08 👍 8 🔁 0 💬 0 📌 0

this is still agonizingly painful to me, Twitter had the _best_ culture of any place I've ever worked at.

there were definitely some outliers (cough cough former Periscope team) but I've never seen a tech employer with a culture like that, either before or after.

29.01.2025 16:01 👍 15 🔁 2 💬 1 📌 0

I live next to a freeway, I-94 in particular, because that location is one of the very few where I can walk to most anything without driving. It’s genuinely diabolical to design a city this way.

(I have multiple air purifiers running into my house as a result.)

23.01.2025 13:52 👍 31 🔁 0 💬 1 📌 1

yes there are common feeds that are based on things that your followers like. but you can have systems where the algorithm knows who liked a thing but anyone but the person who posted it does not.

20.12.2024 22:02 👍 3 🔁 0 💬 0 📌 0

(also there’s a button directly next to it, the retweet button, that is expressly designed for publicly supporting a thing)

20.12.2024 19:23 👍 7 🔁 0 💬 0 📌 0

mostly that it has ruined countless numbers of lives of people who don’t realize

20.12.2024 19:21 👍 9 🔁 0 💬 1 📌 0

you can make it opt-in

20.12.2024 19:21 👍 4 🔁 0 💬 1 📌 0

as someone who used to work at twitter and who spent the last half-decade working with T&S teams, this whole aaron thing (where the bluesky head of trust liked a porn scam post) almost stretches incredulity.

imagine designing a social media network in the 2020’s with public likes.

20.12.2024 19:02 👍 64 🔁 5 💬 2 📌 0

phishing training 🤢🤢🤮

10.12.2024 16:19 👍 6 🔁 0 💬 2 📌 0

was asked a really interesting question in an interview yesterday: given a budget, which areas of security spending produce the greatest and worst (or negative) ROI?

my answer:

positive: SSO/OAuth, hardware keys

worst: DAST, DLP, honorable mention to poorly configured IDS’s

what’s your answer?

10.12.2024 16:07 👍 71 🔁 6 💬 12 📌 1

humans will do literally anything besides bring back hypercard

01.12.2024 02:44 👍 6 🔁 1 💬 2 📌 0

there's a pretty solid trans / non-binary / GNC discord, if they fall under that.

28.11.2024 18:08 👍 2 🔁 0 💬 0 📌 0

from my report? if so, I'm very sorry about that. 😅

28.11.2024 18:07 👍 1 🔁 0 💬 0 📌 0

I made it while I was working at Mozilla!! *flails her arms widely*

28.11.2024 18:06 👍 1 🔁 0 💬 1 📌 0

i have an electrolysis tank! i can fix it!

26.11.2024 18:31 👍 11 🔁 0 💬 1 📌 0

blame the way that money works on the internet, sadly there isn’t any of it to be found in short technical blog posts.

26.11.2024 14:54 👍 1 🔁 0 💬 1 📌 0

thanks for the kind words! i love any article where i get a chance to hand-draw doodles.

this one was a question a developer at my company asked me and my answer was long enough to turn into a blog post. :)

25.11.2024 14:26 👍 3 🔁 0 💬 1 📌 0

thanks for all your hard work and for implementing the feature request that i’m about to make on github. 😂

24.11.2024 19:31 👍 7 🔁 0 💬 0 📌 0

if the President of Nintendo of America can be named “Doug Bowser,” then truly anything is possible.

23.11.2024 11:48 👍 31 🔁 0 💬 1 📌 0

hah, no kidding. this was all handwritten, like a love letter from the 1920's.

and thanks for letting me know, the typos have been fixed now. :)

22.11.2024 20:13 👍 2 🔁 0 💬 0 📌 0

ooooooo thanks!!

22.11.2024 06:58 👍 2 🔁 0 💬 1 📌 0

haha awesome! hello! 👋

22.11.2024 02:31 👍 2 🔁 0 💬 0 📌 0

Your article is SO GOOD, I can't believe I hadn't seen it before.

It's very fun to see how some things (e.g. cookie overwriting) have been solved, but despite all that time so much behavior has continued to be left undefined.

Compared to modern web specs, it is downright embarrassing.

21.11.2024 21:08 👍 4 🔁 0 💬 0 📌 0

got it, no worries! i'll see if I can fit it in sometime this afternoon!

21.11.2024 20:26 👍 1 🔁 0 💬 0 📌 0

oooo do you have a quick test case that I could throw into a playground of some sort?

i’d be happy to add it if so.

21.11.2024 20:20 👍 1 🔁 0 💬 1 📌 0

they’ve been aware of my research for a couple years now, and really do want to try to fix it.

i don’t envy them the task because it’s such an old and bad specification and any changes will break a lot of people’s workflows.

even google was afraid to make changes here.

21.11.2024 20:19 👍 7 🔁 0 💬 0 📌 0

I tried to open up a security bug with Netflix about a year back but ran into issues because it’s a security risk only so much as it would affect availability.

Personally this stuff would scare me at least a little, especially given the history of it actually happening.

And thanks for sharing!

21.11.2024 20:17 👍 1 🔁 0 💬 1 📌 0