23 June 2023

BingBang: AAD misconfiguration

An AAD configuration flaw with a catchy name. Also a catchy name for a class of flaws: “Shared Responsibility confusion”.

The Modern Guide To OAuth

A very long article about OAuth. Maybe if the Bing people had read this they wouldn’t have made the mistake above!

Migrating Critical Traffic At Scale with No Downtime — Part 2

Another great blog post from Netflix. And another catchy name: “Sticky Canaries” - a way to ensure that A/B testing persists for the same user for a longer period of testing.

The modern way of serving images

Seems like I missed a fairly crucial improvement to the <img> tag that makes it responsive. As an alternative to the simple <img> tag that you know and love, the best thing to do is to use a <picture> tag instead. Or, if you want to keep it a bit simpler, use <img srcset...>.