
Twitter Thinks My Gender Is [EICAR String] (Or “Server-Side Checks Matter”) - some_furry
https://soatok.blog/2020/04/27/why-server-side-input-validation-matters
======
rwmj
As an aside I like the idea of using the EICAR anti-virus test file[1] as a
way to "auto-delete" your data.

I suspect this plan might even work. I happen to maintain the libmspack
library[2] in RHEL, it's a library for extracting Microsoft CABinet files.
Part of the source contains regression tests. Some of those tests are flagged
by AV software because they contain past exploits for the library: the idea of
these regression tests is to ensure that they don't reintroduce the
vulnerability by accident.

Well, the libmspack source RPM causes all kinds of problems, both internally
at Red Hat and at customer sites. It is constantly being flagged by AV
software. Every release I have to manually waive the package through our AV
checks, and we've had feedback from customers that we're "shipping a virus"
which had to be handled very diplomatically.

AV software is crazy, but let's make it work for us :-)

[1]
[https://en.wikipedia.org/wiki/EICAR_test_file](https://en.wikipedia.org/wiki/EICAR_test_file)

[2]
[https://www.cabextract.org.uk/libmspack/](https://www.cabextract.org.uk/libmspack/)

~~~
ryanlol
> As an aside I like the idea of using the EICAR anti-virus test file[1] as a
> way to "auto-delete" your data.

Nobody detects EICAR when it’s surrounded by other data.

Strings like

    
    
      <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>
    

will work much better.

------
RL_Quine
What does their backend look like that a 30 character string for gender could
end up containing a limitless amount of text?

~~~
londons_explore
As long as their backend isn't going to fail under a limitless amount of text,
it's fine for this to be a front-end only limit...

But unless they've tested the backend against a 64 gigabyte gender...

------
knolax
The ML based guessing of people's genders sounds extremely tactless. You'd
think given the demographics of their userbase Twitter would've known better.

~~~
tinus_hn
Not the entire world consists of ‘did you just assume my gender’ people. Most
people don’t care at all.

Stereotypes exist because they model people pretty well.

If you enter that your gender is unicorn you probably just get slightly more
generic ads.

Here’s a scary thought: if you walk the street everyone who sees you will
assume your gender.

~~~
pasabagi
Eh - if you're trans and experiencing dysphoria it can be pretty painful when
people misgender you. The whole 'did you assume my gender' thing is a sort of
weird take on the fact that yes, it is pretty hurtful when somebody's going
through a really hard and vulnerable time in their lives, then some douchebag
is determined to make a political point that a complete stranger is 'really'
x, or y.

It's also just really bizarre and rude. Imagine referring to a cis woman with
a beard as an 'it', or 'he'. For whatever reason, people go out of their way
to commit this kind of absurd faux-pas with trans people.

~~~
abjKT26nO8
_> It's also just really bizarre and rude. Imagine referring to a cis woman
with a beard as an 'it', or 'he'._

I do that sometimes, unintentionally (regardless of the person in question
having a beard or not). It's just that gender in language is most of the time
redundant and it only introduces noise into conversation. For most topics, the
gender of the persons involved is irrelevant. But many languages force you to
choose one, which just creates confusion if this piece of information is
crucial or if it's just this bloat that the language forced you to include in
your sentence.

Oh, and genders are much more prevalent in my native language. English is
actually better than most languages in this respect. But let's go a step
further and just get rid of it. I've heard the Swedes chose to move to
"person/thing" pronouns, as opposed to "male/female/thing".

In my native language, verbs change their forms based on subject's gender. And
then when you have sentences like "if I were in your shoes, I would _verb_ ",
my brain tells me to assume the gender of the other speaker when I say _verb_.
I mean, it's only logical: if I were in your shoes, I would be of your gender.
But the language works otherwise. It's just stupid.

As to people's reactions to my occasional misnamings, most people don't care
at all, some are amused. Because, really, this part of language is ridiculous.
And making an issue out of it is immature.

~~~
sascha_sl
Oh C'mon, have some empathy. Of course cis people are just going to be amused
to mildly annoyed. Trans people however are in a daily grind to be recognized.
From personal experience, it always depends how deliberate a misgendering is,
once with subsequent correction stings but is fine, not putting in any effort
is quite uncomfortable and deliberately doing the opposite is "fuck off and
never talk to me again" territory. The later happens not as infrequently as
you might think, so the second might be misunderstood for the the later (and
really, it costs nothing to not make people feel like trash).

While most people will eventually be recognized - at least if they fit within
the binary somewhere and medically transition - a few will not, and almost
nobody will on the long way there.

To insist it is not a big deal because you can't relate, that is immature.

------
jbj
Interesting, twitter correctly guessed my gender, but incorrectly what
languages I speak.

