On Firefox, web accessible resources are available at "moz-extension://<extension-UUID>/myfile.png" <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
Doesn't the idea of swapping extension specific IDs to your browser specific extension IDs mean that instead of your browser being identifiable, you become identifiable?
I mean, it goes from "Oh they have X, Y , and Z installed" to "Oh, it's jim bob, only he has that unique set of IDs for extensions"
Let's go a step further and just iterate through them on the client. I plan on having this phone well past the heat death of the universe, so this is guaranteed to finish on my hardware.
function* uuidIterator() {
const bytes = new Uint8Array(16);
while (true) {
yield formatUUID(bytes);
let carry = 1;
for (let i = 15; i >= 0 && carry; i--) {
const sum = bytes[i] + carry;
bytes[i] = sum & 0xff;
carry = sum > 0xff ? 1 : 0;
}
if (carry) return;
}
}
function formatUUID(b) {
const hex = [...b].map(x => x.toString(16).padStart(2, "0"));
return (
hex.slice(0, 4).join("") + "-" +
hex.slice(4, 6).join("") + "-" +
hex.slice(6, 8).join("") + "-" +
hex.slice(8, 10).join("") + "-" +
hex.slice(10, 16).join("")
);
}
Doing it on restart makes the mitigation de facto useless. How often do you have 10, 20, 30d (or even longer) desktop uptime these days? And no one is regularly restarting their core applications when their desktop is still up.
yes thats how browser fingerprinting works and it is impossible to defeat because there are just too many variations in monitors (relevant for fonts), simple things like user agent, etc.
And just in case the magnitude of that isn't obvious to people, that means there are 340,282,366,920,938,463,463,374,607,431,768,211,456 total possible UUIDs. Good luck.
Tesla’s “autosteer” is significantly more advanced than the “lane keeping” feature I’ve seen in rental cars, or my own 2023 Jeep. My understanding is that autosteer will actively keep the car centered in the middle of the lane, while the “lane keeping” I’ve experienced will only adjust the steering when you approach the lane edge, which pin balls you back and forth like a drunk driver.
In mid tier and premium tier cars, lane keeping is generally either implicitly or explicitly lane centering. My Navigator calls it lane keeping but it is centering, and my Audi specifically calls out lane centering.
Both my late model Japanese cars have two systems capable of steering the car toward the middle of the lane. One is an always-on (unless disabled) passive safety system that only kicks in when you actually appear to be drifting off the road, and the other is a system that actively tries to keep the car in the middle of the lane. The latter system has to be toggled on and off and is meant to be complementary with adaptive cruise.
What you're describing sounds like the former system, while the latter one is what should be compared to Tesla's "autopilot" or "FSD" or whatever the fuck. It works very well on both my cars and is a game changer for longer drives.
I consider good implementations of this and adaptive cruise to be basic equipment now, and asking $99/month for them is absolutely wild, especially since what you're getting isn't the "full self driving" we were promised. You still have to be fully engaged with what the car is doing and ready to take over in a fraction of a second.
> I consider good implementations of this and adaptive cruise to be basic equipment now, and asking $99/month for them is absolutely wild
The article doesn't mention it but other articles say that their version of adaptive cruise control (Traffic Aware Cruise Control or TACC) that was part of Autopilot is becoming a standard feature.
I went with that example because I had a Kia Sportage from Hertz and it had lane centering (not just the thing that detects you are deviating from the lane). It did want you to touch the steering wheel but that's just cheaper driver monitoring.
That would make modern Subaru from I don't know how many years back, 'autosteer'. My Impreza does not behave in the least like 'pinballing', it behaves like it too can drive down the road, but wants to be holding your hand while doing it. This is on some pretty sketchy roads and road conditions, so it won't keep doing it unless it's identified at least one if not two lines on the road.
Seems like Subaru lane assist is considerably better than when it first came out in 2013 or so. I was able to experience it back then and it could have pinballed, certainly wasn't as steady and capable as it is more than ten years of development later.
I have a 2020 Alfa Romeo (interestingly also a Stellantis car like your Jeep), it has "follow the lane" feature. For the edge of the lane, it can either vibrate as a warning or force you off it, I have it set to vibrate.
Jeep and all the other Stellantis brands have the worst lane assist and worst tech options on the market, and the trim level on any rental is going to be as basic as they can get away with.
My company has a policy limiting the number of high level execs traveling on a plane at a time. I wonder if plane manufacturers have similar restrictions. It’d be an ironic to for them to simultaneously assert that their planes are safe for the general public, and also believe the risk is too high for a planeload of their execs to fly in one.
What’s the maximum range to your phone to get notifications? I’ve been trying to cut back on my reflex to look at my phone every few minutes. It’d be great if I could keep my phone on a charging stand and be able to walk around my house and still get notifications.
Exactly the killer use-case for pebble! It's "blue-toothy" range, so it'll mostly work in adjacent rooms but might have difficulty going diagonally upstairs v. downstairs, or ranging too far outside.
IIRC, pebble had a "vibrate on BT-loss", which could remind you to go retrieve the phone when ranging outside to rake leaves (or forgetting your phone in a restaurant or something).
I think Eric posted about this, and it was an impressive distance. Obviously YMMV based on the size of your house and how thick the walls are, but my old Pebble worked in much of my house and I would expect that as BT has gotten better (on both the phone and watch) in the last decade, the new versions will have even more range.
also probably depends on the building you live in.
not trying to start a flame-war, but i can imagine that you get quite some range in the US, if you live in one of those cardboard-inner-walls houses.
in the 30cm thick solid wall apartment i live in my pebble looses connection the next room over, i almost need line-of-sight for it to work. working at my desk, get up, walk 5 meters to the bathroom, watch looses connection.
maybe my smartphone has a weak bluetooth receiver, compared to other models, who knows...
Huh interesting, those have new BT guts, so should have as good of performance as any. I guess 30cm thick solid walls are not common enough for BT to be designed to go through them?
i think it's the by now internet-meme worthy difference between walls in the US compared to most of Europe. i've never lived somewhere which didn't have thick brick or concrete walls. 30cm was a bit high, more like 20cm.
i've seen tons of americans making holes in their walls by punching or falling into them. could never relate myself, i'd have a broken hand or concussion :D
my phone is not very powerful, maybe that's a factor.
It’s also running virtualized in a lot of cars! Although I’ve seen more and more US car companies switching from QNX to Linux. Chinese car companies I’ve worked with all use Linux instead of QNX, so perhaps that is the future.
I would open a new bug for each of those questions and say “we will evaluate this after the MVP is implemented”. Give the person credit in the bug description. That will usually satisfy their concerns. Set the priority on the bugs to low and I’ll never even have to look at them again, unless one of them actually becomes a problem.
There is never a need to store a pin in the database, store it in temporary storage like redis. Set the TTL to the expiration date. You can hash if needed, but I’m less concerned that someone hacks into your reds instance and steals your pins from the last 10 minutes, bc everything else is gone.
There should never be a need to return a pin to the client. You’ve already texted/emailed it to them. They are going to send it back to you. You will check against your temporary storage, verify/reject, and delete it immediately after.
That's where VPN obfuscation is the play, imo. A lot of people nowadays are leaving streaming platforms or watch YT on smart TVs, so it does have a place. You can always exclude a device from the VPN coverage too.
Obfuscation only protects you from your own ISP messing with VPN connections. Streaming services (etc.) can't see what protocol you're using between yourself and the VPN in any case, they just see the VPN's exit IP address. Which is likely on their list of known VPN IPs.
If you start countering geolocation blocking with vps rental and VLESS vray etc then its still good to obfuscate at the endpoint. Passing VPN traffic off as something else is good policy wherever your tunnel goes.
This works by looking for web accessible resources that are provided by the extensions. For Chrome, these are are available in a webpage via the URL chrome-extension://[PACKAGE ID]/[PATH] https://developer.chrome.com/docs/extensions/reference/manif...
On Firefox, web accessible resources are available at "moz-extension://<extension-UUID>/myfile.png" <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
reply