Staff Security Engineer at @Twitter, formerly @Mozilla. Thinks all locks should be green and all spells should be blue. Has β€œ@kateconger” in her profile.

Twin Cities, MN
Joined November 2009
I'm excited to share a project that I've been working on: a brand-new version of @Mozilla's SSL Configuration Generator: ssl-config.mozilla.org/ Configuring TLS is perhaps the most complicated and error-prone of all IT tasks, and this tries to make it as easy as possible.
55
687
63
1,517
A similar question about #golang from @katie_hockman got me curious, so here is a #popquiz about #python: what does this program output? no cheating and no spoilers. print("" in "")
63% True
37% False
194 votes β€’ Final results
6
4
1
10
Growing up, I never imagined days like this.
6
1
0
34
I didn't realize this wasn't well-defined, but what is a "regression" to you?
70% Worked before, broken now
30% Fixed bug now unfixed
406 votes β€’ Final results
17
1
0
6
Followers who work in tech: What is your stance regarding unionization in the field?
78% Pro-unionization
13% Anti-unionization
9% Don’t work in tech
314 votes β€’ Final results
10
2
0
4
dashboard wait, it's all kibana and elastic? guy with gun in spacesuit always has been
2
0
0
22
Do you think WebAuthn and its kind will have largely replaced the password by, say, 2040?
29% Yes
32% No
39% What’s WebAuthn??
266 votes β€’ Final results
6
1
3
9
Me: Thank gosh for internet video future. Cable television is downright unwatchable with all these commercial breaks. @YouTube: *plays eight advertisements over four interruptions in a 10 minute video, with half being the same advertisement*
9
3
0
51
When stuff like this shows up at the top of Google results, I can’t help but wonder if other people recognize how much of the internet is completely fake?
2
0
0
20
April King πŸŒ€ retweeted
What do you find is more strongly correlated with the amount of imposter syndrome you feel?
32% Time in career
37% Time in job
18% I don’t feel it
13% Not applicable
1,079 votes β€’ Final results
23
1
0
18
As someone who went into tech at 16, I foolishly thought that the lack of diversity would improve over time. It hasn’t. It took until I was 39 to be on a security team with more than one other woman. Meanwhile, diversity initiatives have only succeeded at generating hostility.
Replying to @math_rachel
First, what doesn’t work: shallow, showy diversity efforts (even if they are well-intentioned) aren’t just ineffective, they actively cause harm. Spend time thinking through your strategy & making sure you can back it up 2/ medium.com/tech-diversity-fi…
Show this thread
5
6
0
29
β€œThe humanities are unimportant, STEM is all that matters.”
With the holidays around the corner, GoDaddy employees received an email last week offering some welcome financial relief: a $650 holiday bonus. Two days later, they received another email from GoDaddy: β€œYou failed our recent phishing test.” coppercourier.com/story/goda…
Show this thread
2
3
0
18
Anyone have any clue why Cloudflare and Google use Cache-Control "no-store, no-cache, must-invalidate" with "max-age=0" sometimes or why Github uses "max-age=0, private, must-revalidate" instead of just "no-store"? I can't find a single piece of documentation that explains why.
7
4
1
22
Shitty middleboxes: ruining the world wide web since 1996.
5
6
1
57
It's somehow comforting that even @Cloudflare is sending weird Cache-Control headers. I think it's really great that @MozDevNet says that "no-store" alone should disable all caching, and yet not a single person seems to use this Cache-Control pattern in the real world.
4
2
0
12
β€œWhy can’t anyone figure out how to do security correctly?”
15
22
9
199
it's no coincidence that β€œsec review” and β€œsacrΓ© bleu” are homonyms
1
2
1
33