🦋 @aaroncarson.co.uk

hello if you're new here, expect a lot of gay along with a lot of 3am nerd it's quite the wild ride on twitter dot com slash acar321 🏳️‍🌈🏳️‍🌈🏳️‍🌈

@EliMcCann They’re all lovely! I think 4 you look the most comfortable and happy in though 😄

My husband made me take new headshots for my upcoming book because I've been using the same one for like seven years. I hate pictures of myself. Please just tell me which one of these to use for the back of the book.

@dampheil @uwukko Why’s that?

@uwukko It's a red flag when people let git use 'main' over 'master'.

fully clauded 1 million line PR merged directly into main, what could possibly go wrong

@stanrunge @DylanMcD8 You aren’t missing much…

@DylanMcD8 still not in EU :(

iPhone Mirroring is legitimately a useless feature at this point

@JenMsft About time! 😄 I can see the argument for keeping the KB value but also… we could just have both

We're rolling out a change in Experimental so file sizes in the File Explorer Details view now display using appropriate units (KB, MB, GB) instead of KB-only, to make them easier to understand at a glance Do you like it? 😊 learn.microsoft.com/windows-inside…

@weezerOSINT people is to make sure we don't make anything worse, regardless of nothing.

@weezerOSINT @zack0x01_ @astrarce Yes, they were. But they weren't just *right there* in your face. You had to choose Reframe out of all the millions of apps, extract the IPA and go digging through the files to actually find them. Don't get me wrong - Reframe royally screwed up here! But our job as security(1/2)

if you've ever used Reframe to get sober, your private journals, your craving logs, what triggered you, how bad it got, your name, your email, all of it is sitting in a database that anyone can read without logging in i unzipped the app and found a database key in a config file. thats it. thats all it took 357,939 users exposed. disclosed april 7, no response

@weezerOSINT @zack0x01_ @astrarce In those few hours though, you don't know what happened with the keys you exposed. Before you publicised it, only you knew those keys were there to be found. Sure, they were there but people wouldn't think to look. Afterwards though? More than enough time to download everything.

@acar321 @zack0x01_ @astrarce Nope i prevented harm, the key was rotated within hours of my tweet and the founder finally responded to me via email thanking me.

@weezerOSINT @zack0x01_ @astrarce I'm glad it's fixed, and I hope this doesn't put you off of security research going forwards.

@weezerOSINT @zack0x01_ @astrarce There are a lot of other ways to reach out to companies for something like this - and in this case, you have to consider the ultimate outcome and harm you could cause to vulnerable people. It doesn't matter if it takes a year for them to respond.

@phyrexian_grace @Chey_ttv to be fair, as a survivor main, if i do something stupid and the killer shakes their head at me, i'd be howling laughing

@Chey_ttv I think as always context is key. Because on the flipside is it BM to shake your head as the killer when the survs do something royally stupid? Id argue “it depends” i think its annoying and frustrating in most contexts but there are times where bagging is done lovingly, so

Since I'm seeing this discussed a lot with the grimoire: Does being tbagged in a game genuinely upset you?

@weezerOSINT @zack0x01_ @astrarce appreciate where you're coming from ("it needs to be fixed asap to protect people"), but other people wouldn't have known this was an issue had you not posted about it (and would likely not have found it). you've likely caused actual harm to people by publicising this; be careful

@weezerOSINT @zack0x01_ @astrarce > i emailed them april 7 that is not a reasonable timeframe for responsible disclosure. 30 days at minimum! and you told people exactly where to find it (even down to the file in the IPA!) so the fact that you blocked out the personal data/API key doesn't matter.

@ThiccumsNickums @oatmilkin genuine question actually - I’ve never really played as a killer so don’t see that perspective much

@ThiccumsNickums @oatmilkin but why target the one person when the other had an equal chance of being caught?

I’m not tunnelling I’m hook rushing. there is a difference.

@ThiccumsNickums @oatmilkin idk, when a killer actively chooses to target one particular player thats pretty shitty. say they’re chasing two survivors and the survivors fork off in two directions, then the killer stays chasing the one they’ve already hooked twice rather than the one they haven’t at all yet

@oatmilkin Im playing the game as intended. Tunneling is a term made up by butthurt babies

@PokeRaidApp The Gigantamax Charizard’s white belly makes the text impossible for pokeraid to read 😭 although, using the X app’s text feature I got it to work hahaha

#Gigantamax #Kanto #Pokémon have now arrived on #PokemonGoRaids! Open the #PokeRaidApp now and find a #RemoteRaid instantly. #GigantamaxVenusaur #Venusaur #GigantamaxCharizard #Charizard #GigantamaxBlastoise #Blastoise #GigantamaxGengar #Gengar

@notbasetwo AHHHH

@acar321 pinbob alert pinbob alert whoop whoop

PinBob

me: “this will be a quick deploy” my CI/CD pipeline:

Claude Status Page vs Whole Foods Three Pepper Blend Who wore it better?