Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
yan Profile picture
yan
@bcrypt
security engineering @brave / @defcon talk reviewer / makes music software. ex-@eff, @w3c, @mit physics. @bcrypt on https://t.co/TK6N0yOcsL
Apr 11 10 tweets 3 min read
in january 2023, i had a simple ultrasound done at SimonMed. they sent me 4 bills totaling $5137 for it.

after a year of emails and phone calls, they finally admitted today that i only owed $140.53 and are mailing me a refund check!

here's how i did it 🧵 Image 2/ the first bill they sent was for $484.92, which i paid promptly. a few months later they sent a bill for $3378.69! i contacted my insurance and they sent me an updated EOB saying i only owed an additional $140.53.
Mar 6, 2022 6 tweets 2 min read
when reading text in a non-native language & wondering how it's pronounced, u can enter this in devtools to have the browser pronounce it:

u=new SpeechSynthesisUtterance(getSelection().toString());u.lang='ru-RU';speechSynthesis.speak(u)

(replace 'ru-RU' with any BCP 47 tag) assuming you've highlighted the text you want pronounced
Oct 13, 2021 4 tweets 3 min read
i…. just received a children’s book about a rabbit who travels back in time to medieval europe and gets everyone hyped about blockchain ImageImageImageImage some of the blockchain applications that the poor bunny serfs come up with: ImageImageImageImage
Sep 14, 2020 4 tweets 2 min read
my friend sophie got fired from her job at Facebook and turned down a $64,000 severance package in order to leak this, so u better read it. buzzfeednews.com/article/craigs… my biggest takeaway from this article is that FB could be doing a lot more to prevent politically-motivated bot activity, but they choose not to because they don't see any immediate revenue or PR benefit from doing so.
Apr 9, 2020 6 tweets 3 min read
why is it not common knowledge that u can make perfect japanese-style croissants from scratch with like 20min of effort?? thx @MimeeXu for enlightening me

(recipe in thread👇) 1/ mix 400g bread flour & 6g salt

microwave 240g milk for 30s
dissolve 8g dry yeast in it
add 50g honey
add 40g softened butter
mix together

mix wet mix into dry mix to form a well-combined dough

cover and rest overnight in fridge
May 8, 2019 4 tweets 2 min read
1/ in this thread i'll summarize some differences between SameSite=Lax (Chrome's new proposed default policy; see mikewest.github.io/cookie-increme… for more technical details) and third party cookie blocking (Brave's default policy unless user turns it off for a site) 2/ SameSite=Lax is more strict than 3p cookie blocking in the sense that it also blocks requests using unsafe HTTP methods. For instance if X contains a form that POSTs to Y, cookies to Y would be blocked by SameSite=Lax but not most 3p cookie block implementations AFAIK
May 11, 2018 6 tweets 3 min read
Signal Desktop just pushed out a fix for a remote XSS vuln: github.com/signalapp/Sign…

demo: a lot of @electronjs devs have the attitude that their app doesn't need sandboxing or keeping up-to-date with Chromium bc "it doesn't execute untrusted code". the problem is that falls apart as soon as you get XSS. github.com/signalapp/Sign…

(at least Signal has sandboxing)