Category Archives: Code

  • 0

Cookie Tester

Tags :

Category : Code

Introduction

So, tell me, have you ever wondered what would happen if you one day decided to set a cookie with the same name with a domain specified and without a domain specified.
Why in the world would anyone do such a thing you ask? Because reasons!

Now the question is how does IIS and various different browsers behave when we some how find ourselves in this horrible mess of a situation?
To help test out what the exact behavior is I decided that I should put together a proof of concept that would help determine the behavior.

Introducing the Cookie Tester. For all of your useless cookie testing needs!
I created it so that we could see what cookies get set in various ways.
You are free to look at the code at github https://github.com/GeekGirl1024/cookie-tester

(I hacked this together so please do not judge me too harshly for the sloppy code!)

Setting Cookies with and without domains

Cookies without domains specified gets set with the specific current domain. So if the full domain for the page is subdomain.cookietester.com, that is the domain that gets set for the cookie if no domain is specified.

If cookies are set with a domain that domain gets used.

 

Setting Cookies with the same key on different domains

Now if you do sloppy coding it is possible to fall into this situation where you will have 2 copies of the same cookie and you need to know which one takes priority. Which is why I had my cookie tester able to show how if we set multiple cookies across different domains which ones will apply first.

 

According to the cookie tester for Chrome and Firefox, the cookies are read in a first in first out order.

But what happens for IE and Edge?

 

As you can see on Edge and IE the cookies are not read first in first out but the no domain cookies in this case www.cookietester.com domain cookies were given higher priority than the cookies set with the domain cookietester.com.

Conclusion

Neither of these are wrong behaviors, it is just a lack of specifics within the standards. And the people writing the standards just never thought to specify this…
And really, there is no reason to specify this behavior because no one is silly enough to do this… Right?

 


  • 0

Twitter’s Conservative Ban

Tags :

Category : Code

Recently Twitter has been accused of targeting conservative users of it’s platform and censoring them. But let’s dig into what happened from a technological standpoint…

The algorithm that Twitter used to tell what is a bot vs a normal user is most likely a neuro network. Neuro networks are unique in that often times not even the programmers of the neuro network knows how it actually works. The neuro network essentially learns how to tell the difference between a bot and a human by taking tests. The longer the test the more intelligent the neuro network can become. The neuro network slowly becomes better and better at telling the difference between a normal user vs a bot.

If the programmer is a teacher, a neuro network is a student. The teacher could create a complex lesson plan that is intended to teach the student as well as possible and the student does learn reasonably well. But the teacher does not have full control over the student and how it learns. In the end the student learns for themselves and the teacher only has a vague high level of control in how the student learns. Now ask the teacher if they have an understanding of how the student’s brain thinks. This is similar to the level of understanding that a programmer eventually has of how the neuro network thinks.

Now then what went wrong at Twitter? Twitter apparently has built a neuro network that is good at telling the difference between a normal user vs a bot within an acceptable level of false positives but then failed to notice that these false positives contained a higher than normal percentage of conservative users. The most likely reason for this scenario is that the people who created the test that the neuro network was trained upon couldn’t tell the difference between bots and conservative users also. In the end what happened here was the neuro network learned to profile conservative users. And now the question is, is there someone to blame? And if there is who would it be?

So is it the responsibility of the programmer for not creating a good enough test to train the neuro network against? Is it the responsibility of the bot creators for creating bots that resemble conservative Twitter users? Is it the responsibility of the bots for emulating the conservative Twitter users? Is it the responsibility of the conservative Twitter users for having behaviors too similar to the bots? Is it the responsibility of the neuro network for not being able to tell the difference?

But for now I will sit back and enjoy watching conservatives, a group of mostly cisgender, heterosexual, white or male fret over their first instances of getting profiled.