Pinned toot

I post about technical topics here, especially , , . My other account is for German-language non-technical stuff.

I was pointed towards (thanks @varx) which seems to prove my conclusions incorrect. Hard to tell what the practical implications of this development already are however.

This change of direction in turn is caused by a difference in speed of light when in air and in glass. A perfectly invisible material should have the same speed of light as air, which is an unreasonable expectation for a solid body. So no perfect invisibility with optics alone...

Thinking about it, it's quite obvious: we can always "see" glass because of how it distorts things, especially noticeable if we are moving slightly. The distortion is caused by light slightly changing direction when it enters the glass.

I remembered a very old science fiction story I read a long time ago. Apparently, some hundred years ago it was plausible to assume that people would invent a perfectly invisible material. Yet, while quality glass is quite transparent, real invisibility still doesn't exist today.

I must also say, even having more than a year of usage data, Twitter's deduced interests for me make little sense. There are about as many random associations in there as actual interests. Is it really that hard to distinguish these when I literally say what I like?

One would think, with the amount of data that Twitter has on me they should be able to target ads quite precisely. But somehow the targeting quality is quite underwhelming. It appears that their algorithms have a hard time filtering out the noise.

An insurance company targets anybody linked to Oktoberfest 2019, something that probably makes sense to them. But how did I get into this targeting? Did I retweet somebody talking about Hacktoberfest maybe? Or did liking the tweet suffice?

Oh, and anybody following the news in Germany got Boeing ads apparently. Yes, they have to invest in their public image.

The German beer brewers want to know what I think about alcohol - no additional targeting here because all anybody in Germany is interested in beer of course.

I was chosen for a gaming ad apparently because the modding scene is supposed to be into gaming. You didn't know that I'm into modding? Me neither, but using the phrase "backward compatible" was evidence enough for this ad.

There is also some cryptocurrency account targeting men talking about crypto. But the most weird ad is Yahoo Japan. It's targeted at people similar to the followers of some Japanese news accounts, speaking Japanese, located in Japan and using iOS. How did I get in there?

For example, I got LEGO ads because I mentioned the brand in a tweet once (oops, now I did it again). Yes, that's too obvious. Apparently, I also got Rolex ads because I used keywords related to horse riding? No, according to my tweets archive I didn't, at least not before today.

For me, the most fascinating part of the Twitter data (can be downloaded under are the ad impressions. These list every ad that appeared on my screen at some point and which I usually didn't even see, along with the criteria responsible for choosing me.

It uses Twitter and Mastodon API and compares the current followers list to the old one it stored previously. This won't work for somebody with more than 3000 followers due to Twitter's rate limiting, but that's still pretty far off for me.

Twitter Analytics are perpetually broken, and the notifications don't provide a good overview on who followed you and when, much less who unfollowed you. So I've written a followers.js script that, if run regularly, will log all follower changes for me.

Weird to see these hints listed for specific user groups. I know almost all of these, and I always thought of them as generic rules for creating good user interfaces - not merely good for often overlooked minorities, but rather important for the majority of your users.

I changed both my name and profile image here. I guess that's a sure way to get everybody confused. You are welcome!

Interesting, companies are usually eager to report when they've addressed a vulnerability timely. But with I notice accidentally that they apparently fixed an issue and deployed the fix within 17 days, no communication whatsoever...

Many thanks to, passing --utility-cmd-prefix=calc.exe will indeed run the calculator. I was rather thinking in the direction of using internal Chrome APIs (e.g. the ones used on chrome://settings/) via Remote Debugging but that's definitely simpler.

No shell involved here, it's a regular Windows CreateProcess call. So it has to be something that Chrome itself would do, given the right command line flags.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.