Same. My work laptop has a touch screen and every now and then, when I remember that fact, I’ll use it to scroll through a few pages of a PDF. It gives me a chuckle because it’s so inefficient and inaccurate… then I immediately revert to my click-wheel mouse.
I really don’t want to work for the defense industry, but I have to admit that they do have very fun problems to solve. You know there are people at NRO who are dedicated to ship tracking via satellite. I assume they can easily track ships without cloud cover, but how do they do it when it’s cloudy? Heat signatures? Synthetic Aperture Radar? Wake detection?
For the first one, just look at wikipedia lists of government says that fly as little triangular constellations, like Yaogan 9A, 9B, 9C on this list: https://en.wikipedia.org/wiki/Yaogan
Those are ELINT birds that use multilateration to spot emitters globally.
SAR can spot wakes far, far, larger than ships using the same techniques as SAR measuring ground erosion, etc.
I'd be mildly surprised if they not using SAR for this all the time, not only during cloud cover. The Soviet Union was using radar satellites (the RORSATs) to track carriers decades ago.
Bandwidth and processing are substantial bottlenecks with SAR; Only targeted and stationary applications have been broadly useful so far, and more focus has been put on planes than satellites for this. SAR is not as simple as taking a static image with a fixed resolution, your sensing window has got a target velocity and distance in mind and the antenna and processing needs to be tuned for that.
I would think that medium and high orbit optical tracking (daytime, cloudless sky) is probably used, because with video you can reasonably track subpixel targets if they're high contrast, without a lot of data transmission requirements.
> Bandwidth and processing are substantial bottlenecks with SAR; Only targeted and stationary applications have been broadly useful so far, and more focus has been put on planes than satellites for this.
I'm not sure why you assume this, this is factually incorrect. Satellite based SAR has been successfully used for civilian ship detection applications (traffic management, illegal fishing, smuggling detection, etc) for over three decades. I am sure its military use goes back much further.
> SAR is not as simple as taking a static image with a fixed resolution, your sensing window has got a target velocity and distance in mind and the antenna and processing needs to be tuned for that.
No? SAR satellites take thousands of SAR images of stationary scenes every day. It's true that object motion in the scene introduces artifacts, specifically displacement from true position - this is often called the "train off track" phenomenon, as a train moving at speed when viewed with SAR from the right angle will look like it's driving through the adjacent field rather than on the track. However, this isn't a significant problem, and can actually be useful in some situations (eg: looking at how far a ship is deflected from its wake to estimate its speed).
40 years ago the USN was working on using SAR with a elliptical kalmann filter to detect _submarine_ wakes. I assume things haven't digressed since then.
IME here in Colorado, a lot of them pay as well, or better, than run of the mill tech companies. I suspect the AI and "FAANG" companies may pay more, but I personally wouldn't work for any of those. In any case, I'd take $160k in Colorado over $240k in California any day.
And the problems are definitely a lot more interesting.
That’s Simon’s goal. “All I’ve ever wanted from life is a genuinely great SVG vector illustration of a pelican riding a bicycle. My dastardly multi-year plan is to trick multiple AI labs into investing vast resources to cheat at my benchmark until I get one.”
Big companies can be incredibly penny wise and pound foolish because their beancounters make them obsess over the wrong metrics. My current company has spent the last year cost cutting every single way to stay afloat and now you need a chain of approvals up the management ladder with detailed explanation for every paperclip you want purchase.
I can't prove it, but I am willing to bet my entire salary that the costs of all the new extra bureaucratic overhead introduced for small purchases, nullified or even exceeded all their savings, when the remaining engineers and managers paid six figures have to spend more of their time writing, reviewing and approving paperclip orders instead of you know, running the company, fulfilling customer demands and innovating.
I'm pretty new to this, but I have a feeling these are all the signs of a company it's worth jumping ship from ASAP as there's no chance of things improving back from this. Sure, AMD managed to turn the ship around with cost cutting, but our CEO is not Lisa Su, he's a boomer who cuts where the clueless $BIG_4 consultants tell him to cut, and big_4 doesn't care about innovation or the company being relevant in 10 years, they care about showing some immediate results/positive cash to justify their outrageous rates.
You write "wherever possible", but: Have you ever seen the beancounting itself having been under scrutiny?
I'd wager a big part of it is also the same politics based asymmetry that's visible everywhere; like nobody ever got fired for buying IBM or people only get credit for managing a crisis, not preventing it in the first place.
On Firefox, web accessible resources are available at "moz-extension://<extension-UUID>/myfile.png" <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
The real friction in browser hopping isn't features — it's keeping your workflow portable. Bookmarks especially. Each browser has its own sync silo (Chrome → Google, Firefox → Mozilla, Safari → iCloud).
For multi-browser setups (Firefox for fingerprint resistance, Chrome for the sites that only work there), cross-browser bookmark sync is weirdly undersolved. Xbrowsersync, marksyncr, and a few others exist but most people don't know about them.
Anecdote: yesterday i exported my bookmarks into an html file and then asked for a script that will make a webpage out of them. with a search. and favicon download from domain. better than any bookmark bar imho.
This is a great idea, thanks. I built an IPv6 only webhost in Digital Ocean a while ago as a learning exercise and it’s been sitting idle. Making a personal portal sounds like a fun project.
I use floccus.org to sync between Chrome and Zen browser, works flawlessly! It wasn't that difficut to find, once I had the two browser setup (as in the end I refufsed to fully switch to Zen), just searched extensions, and setup this up in a minute. It also syncs to google drive and bunch of 3rd party bookmark apps.
Anecdotally, I sometimes notice my computer fan spinning ferociously... it's almost always because I have left a firefox tab with linkedin open somewhere.
Are they bit coin mining or are they just incompetent?
I actually don't even care too much if they try to detect, that I am the X from last time.
The issue is them selling the data, or using it in unrelated locations, or trying to detect me as a person. And their programmers are not enforced and rewarded when they report such behavior to law agencies / the public. And the law is not punishing it.
Doesn't the idea of swapping extension specific IDs to your browser specific extension IDs mean that instead of your browser being identifiable, you become identifiable?
I mean, it goes from "Oh they have X, Y , and Z installed" to "Oh, it's jim bob, only he has that unique set of IDs for extensions"
Let's go a step further and just iterate through them on the client. I plan on having this phone well past the heat death of the universe, so this is guaranteed to finish on my hardware.
function* uuidIterator() {
const bytes = new Uint8Array(16);
while (true) {
yield formatUUID(bytes);
let carry = 1;
for (let i = 15; i >= 0 && carry; i--) {
const sum = bytes[i] + carry;
bytes[i] = sum & 0xff;
carry = sum > 0xff ? 1 : 0;
}
if (carry) return;
}
}
function formatUUID(b) {
const hex = [...b].map(x => x.toString(16).padStart(2, "0"));
return (
hex.slice(0, 4).join("") + "-" +
hex.slice(4, 6).join("") + "-" +
hex.slice(6, 8).join("") + "-" +
hex.slice(8, 10).join("") + "-" +
hex.slice(10, 16).join("")
);
}
16 bytes is a lot. 4 bytes are within reach, we can scan all of them quickly, but even 8 bytes are already too much.
Kolmogorov said that computers do not help with naturally hard tasks; they raise a limit compared to what we can fo manually, but above that limit the task stays as hard is it was.
I don't think that's the case. I have the Earth View extension installed which shows a random google earth image.
I have this set as my homepage in Firefox as moz-extension://<extension-id>/index.html, and this has not changed since installing the extension. The page still works.
Doing it on restart makes the mitigation de facto useless. How often do you have 10, 20, 30d (or even longer) desktop uptime these days? And no one is regularly restarting their core applications when their desktop is still up.
There isn't enough energy in the solar system to count to 2^128. Now a uuid v4 number "only" has 2^122 bits of entropy. Regardless, you cannot realistically scan the uuid domain. It's not even a matter of Moore's law, it is a limitation of physics that will stand until computers are no longer made of matter.
Why does the browser even allow a website to query for installed extensions? I really don't see what the point of that would be.
The website should never be able to tell what's running in my browser, or on my computer in general. The browser renders the page, maybe runs a little Javascript, but there's no reason why it should be able to query anything about my environment.
I wonder how much stuff would break if the Chrome sandboxing was extended to preventing access to chrome-extension:// from Javascript loaded of random websites.
UUIDs are 128 bit long but generally have a bit less entropy than that as they are not just a random number. Still more than enough to make enumeration infeasible though.
And just in case the magnitude of that isn't obvious to people, that means there are 340,282,366,920,938,463,463,374,607,431,768,211,456 total possible UUIDs. Good luck.
yes thats how browser fingerprinting works and it is impossible to defeat because there are just too many variations in monitors (relevant for fonts), simple things like user agent, etc.
And browsers trying to mitigate fingerprinting are miserable to use (fixed window size with only Arial available, etc) and probably fingerprintable anyway.
Though LinkedIn in Firefox with uBlock Origin allowing just enough (not sure if that's relevant, just haven't run it without) does not last long without rocketing CPU & memory usage, fan spinning up, etc. (ime, anyway)
reply