Hacker Newsnew | past | comments | ask | show | jobs | submit | cbsks's commentslogin

I’ve been using the Dygma Defy daily for over 2 years. Highly recommend.

That’s Simon’s goal. “All I’ve ever wanted from life is a genuinely great SVG vector illustration of a pelican riding a bicycle. My dastardly multi-year plan is to trick multiple AI labs into investing vast resources to cheat at my benchmark until I get one.”

https://simonwillison.net/2025/Nov/13/training-for-pelicans-...


So once that's achieved, I wonder how well it deals with unsuspected variations. E.g.

"Give me an illustration of a bicycle riding by a pelican"

"Give me an illustration of a bicycle riding over a pelican"

"Give me an illustration of a bicycle riding under a flying pelican"

So on and so forth. Or will it start to look like the Studio C sketch about Lobster Bisque: https://youtu.be/A2KCGQhVRTE


“Let’s spend thousands of dollars on lawyers to avoid donating to a good cause”. Large corporations can be so ridiculous.


Big companies can be incredibly penny wise and pound foolish because their beancounters make them obsess over the wrong metrics. My current company has spent the last year cost cutting every single way to stay afloat and now you need a chain of approvals up the management ladder with detailed explanation for every paperclip you want purchase.

I can't prove it, but I am willing to bet my entire salary that the costs of all the new extra bureaucratic overhead introduced for small purchases, nullified or even exceeded all their savings, when the remaining engineers and managers paid six figures have to spend more of their time writing, reviewing and approving paperclip orders instead of you know, running the company, fulfilling customer demands and innovating.

I'm pretty new to this, but I have a feeling these are all the signs of a company it's worth jumping ship from ASAP as there's no chance of things improving back from this. Sure, AMD managed to turn the ship around with cost cutting, but our CEO is not Lisa Su, he's a boomer who cuts where the clueless $BIG_4 consultants tell him to cut, and big_4 doesn't care about innovation or the company being relevant in 10 years, they care about showing some immediate results/positive cash to justify their outrageous rates.


And they're probably feeling the need to pinch because they are moving slow and falling out of relevance.

When you're being outcompeted and outmaneuvered it's important to slow down and make sure you save a few dollars wherever possible, apparently.


You write "wherever possible", but: Have you ever seen the beancounting itself having been under scrutiny?

I'd wager a big part of it is also the same politics based asymmetry that's visible everywhere; like nobody ever got fired for buying IBM or people only get credit for managing a crisis, not preventing it in the first place.


Wow. I had a visceral reaction to the “we’re being attacked!” clip. Haven’t heard that for a long time, but it still got my heart racing.


Looks like Firefox is immune.

This works by looking for web accessible resources that are provided by the extensions. For Chrome, these are are available in a webpage via the URL chrome-extension://[PACKAGE ID]/[PATH] https://developer.chrome.com/docs/extensions/reference/manif...

On Firefox, web accessible resources are available at "moz-extension://<extension-UUID>/myfile.png" <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...


And they said that using a browser with sub-5% market share would cause us to miss out on the latest and greatest in web technology!


The latest and greatest is not great for you, but for them.


The real friction in browser hopping isn't features — it's keeping your workflow portable. Bookmarks especially. Each browser has its own sync silo (Chrome → Google, Firefox → Mozilla, Safari → iCloud).

For multi-browser setups (Firefox for fingerprint resistance, Chrome for the sites that only work there), cross-browser bookmark sync is weirdly undersolved. Xbrowsersync, marksyncr, and a few others exist but most people don't know about them.


Anecdote: yesterday i exported my bookmarks into an html file and then asked for a script that will make a webpage out of them. with a search. and favicon download from domain. better than any bookmark bar imho.


This is a great idea, thanks. I built an IPv6 only webhost in Digital Ocean a while ago as a learning exercise and it’s been sitting idle. Making a personal portal sounds like a fun project.


I use floccus.org to sync between Chrome and Zen browser, works flawlessly! It wasn't that difficut to find, once I had the two browser setup (as in the end I refufsed to fully switch to Zen), just searched extensions, and setup this up in a minute. It also syncs to google drive and bunch of 3rd party bookmark apps.


Checkout marksyncr.com for bookmarks


chrome was made by ex-firefox devs, chrome is still not as good!


Anecdotally, I sometimes notice my computer fan spinning ferociously... it's almost always because I have left a firefox tab with linkedin open somewhere.

Are they bit coin mining or are they just incompetent?


Judging from GP's description of how extension IDs work in Firefox, I wouldn't be surprised if LinkedIn were trying to brute-force those UUIDs!


If the two are indeed "Linked", I see a case for users-first browsers to show system metrics right along the page.


I've noticed similar issues with the web version of MS Teams.

You can actually see what tabs are hogging CPU by pressing SHIFT-ESC to open the task manager (about:processes) inside Firefox.


Considering the app was a battery catastrophe I’m confident in the latter, even if your question could be read as rhetorical.


It’s probably some feature they sell to recruiters to grab your attention. :)


Maybe it's trying (and failing) to access your browser extensions? In a loop?


It's ok, they can fingerprint you for using Firefox.


Yeah, but they don't know which specific one of Firefox's last dozen users I am.


Yes, is it now?

    https://fingerprint.com/
    https://coveryourtracks.eff.org/
    https://abrahamjuliot.github.io/creepjs/
I don't have Firefox or another browser installed right now, but the last time I checked, every browser was detected, especially on the first link.

Further, When I used Tor, a few sites, like Google, showed me Captchas for a while afterward, when using my _normal_ browser.

Further I heard that sites like PayPal are giving me black karma when I try to avoid Fingerprinting by using e.g. Tor.


I actually don't even care too much if they try to detect, that I am the X from last time.

The issue is them selling the data, or using it in unrelated locations, or trying to detect me as a person. And their programmers are not enforced and rewarded when they report such behavior to law agencies / the public. And the law is not punishing it.


This is probably a naive question, but...

Doesn't the idea of swapping extension specific IDs to your browser specific extension IDs mean that instead of your browser being identifiable, you become identifiable?

I mean, it goes from "Oh they have X, Y , and Z installed" to "Oh, it's jim bob, only he has that unique set of IDs for extensions"


It's not a naive question. This comment says it's not possible to do that: https://news.ycombinator.com/item?id=46905213


Oh, it's (re)randomised upon each restart, whew, thanks for the heads up

edit: er, I think that that also suggests that I need to restart firefox more often...


The webpage would have to scan the entire UUID space to create this fingerprint, which seems unlikely.


Just have a database of UUIDs. Seems pretty trivial to generate and sort as it's only 16 bytes each.


That's actually a bright idea! Have you ever thought about applying for VC funds?

Once you deliver that, you can also think about a database of natural numbers!


But that has no moat. Anyone can generate a database of natural numbers using SOTA models.


lol

Let's go a step further and just iterate through them on the client. I plan on having this phone well past the heat death of the universe, so this is guaranteed to finish on my hardware.

  function* uuidIterator() {
   const bytes = new Uint8Array(16); 
   while (true) {
     yield formatUUID(bytes);

     let carry = 1;
     for (let i = 15; i >= 0 && carry; i--) {
       const sum = bytes[i] + carry;
       bytes[i] = sum & 0xff;
       carry = sum > 0xff ? 1 : 0;
     }
 
     if (carry) return;
   }
 }
 
 function formatUUID(b) {
   const hex = [...b].map(x => x.toString(16).padStart(2, "0"));
   return (
     hex.slice(0, 4).join("") + "-" +
     hex.slice(4, 6).join("") + "-" +
     hex.slice(6, 8).join("") + "-" +
     hex.slice(8, 10).join("") + "-" +
     hex.slice(10, 16).join("")
   );
 }
This is free. Feel free to use it in production.


What license is this? Company policy says we can't use Apache licensed stuff.


Free space heater



The write-up for it is surprisingly interesting! https://eieio.games/blog/writing-down-every-uuid/#toc:entrop...


Woosh


someone took your joke and made it real


16 bytes is a lot. 4 bytes are within reach, we can scan all of them quickly, but even 8 bytes are already too much.

Kolmogorov said that computers do not help with naturally hard tasks; they raise a limit compared to what we can fo manually, but above that limit the task stays as hard is it was.



"Just" have a database, and then what? I can set up a database of all UUIDs very easily, but I don't think it's helpful.


Where are you storing them, a black hole?


All you need is basic compression, like storing the start and stop points of each block of UUIDs in the database.

Wait, you already linked to everyuuid. Do you think the server it's on uses black hole storage?


Fast writes, very slow reads.


I would store them as offsets within the digits of pi.



I don't think that's the case. I have the Earth View extension installed which shows a random google earth image.

I have this set as my homepage in Firefox as moz-extension://<extension-id>/index.html, and this has not changed since installing the extension. The page still works.


Doing it on restart makes the mitigation de facto useless. How often do you have 10, 20, 30d (or even longer) desktop uptime these days? And no one is regularly restarting their core applications when their desktop is still up.

Enjoy the fingerprinting.


I restart my browser basically every day.


yeah I close out everything as a mental block against anything I'm working on.

I think there's a subset of people that offload memory to their browsers and that's kinda scary given how these fingerprint things work.


There isn't enough energy in the solar system to count to 2^128. Now a uuid v4 number "only" has 2^122 bits of entropy. Regardless, you cannot realistically scan the uuid domain. It's not even a matter of Moore's law, it is a limitation of physics that will stand until computers are no longer made of matter.


You just need to open so many instances and tabs in each instance that it crashes every couple days


Umm, I restart my PC about once a week for security and driver updates.

If you don't, you have a lot more to worry about beyond fingerprinting...

Oh and I'm on LINUX (CachyOS) mind you.


Why does the browser even allow a website to query for installed extensions? I really don't see what the point of that would be.

The website should never be able to tell what's running in my browser, or on my computer in general. The browser renders the page, maybe runs a little Javascript, but there's no reason why it should be able to query anything about my environment.

I wonder how much stuff would break if the Chrome sandboxing was extended to preventing access to chrome-extension:// from Javascript loaded of random websites.


Maybe, but how long are the extension ids? And if they are random, how long to scan a trillion random alphanumeric ids, to find matches?

I presume the extension knows when it wants to access resources of its own. But random javascript, doesn't.


The extension IDs are UUIDs/GUIDs, so 128 bits of entropy. No site is going to be able to successfully scan that full range.


UUIDs are 128 bit long but generally have a bit less entropy than that as they are not just a random number. Still more than enough to make enumeration infeasible though.


And just in case the magnitude of that isn't obvious to people, that means there are 340,282,366,920,938,463,463,374,607,431,768,211,456 total possible UUIDs. Good luck.


ChatGPT told me it can be done though.

It won't disclose how, as it says it has had several users report it. And that it expects 50% of the bounty, and will use it for GPU upgrades.


yes thats how browser fingerprinting works and it is impossible to defeat because there are just too many variations in monitors (relevant for fonts), simple things like user agent, etc.


And browsers trying to mitigate fingerprinting are miserable to use (fixed window size with only Arial available, etc) and probably fingerprintable anyway.


Though LinkedIn in Firefox with uBlock Origin allowing just enough (not sure if that's relevant, just haven't run it without) does not last long without rocketing CPU & memory usage, fan spinning up, etc. (ime, anyway)


In my case LinkedIn consistently crashes Firefox the first time I navigate there on a given day. After I restart FF, all is fine.


Nothing drives more creativity from me than a tool in need of a project.


Tesla’s “autosteer” is significantly more advanced than the “lane keeping” feature I’ve seen in rental cars, or my own 2023 Jeep. My understanding is that autosteer will actively keep the car centered in the middle of the lane, while the “lane keeping” I’ve experienced will only adjust the steering when you approach the lane edge, which pin balls you back and forth like a drunk driver.


In mid tier and premium tier cars, lane keeping is generally either implicitly or explicitly lane centering. My Navigator calls it lane keeping but it is centering, and my Audi specifically calls out lane centering.


My experience with that brand specifically is they should call it "lane oscillating".


That is not universally true. It's lane keeping in my wife's Volvo, and it sucks in exactly the way described up-thread.


Both my late model Japanese cars have two systems capable of steering the car toward the middle of the lane. One is an always-on (unless disabled) passive safety system that only kicks in when you actually appear to be drifting off the road, and the other is a system that actively tries to keep the car in the middle of the lane. The latter system has to be toggled on and off and is meant to be complementary with adaptive cruise.

What you're describing sounds like the former system, while the latter one is what should be compared to Tesla's "autopilot" or "FSD" or whatever the fuck. It works very well on both my cars and is a game changer for longer drives.

I consider good implementations of this and adaptive cruise to be basic equipment now, and asking $99/month for them is absolutely wild, especially since what you're getting isn't the "full self driving" we were promised. You still have to be fully engaged with what the car is doing and ready to take over in a fraction of a second.


> I consider good implementations of this and adaptive cruise to be basic equipment now, and asking $99/month for them is absolutely wild

The article doesn't mention it but other articles say that their version of adaptive cruise control (Traffic Aware Cruise Control or TACC) that was part of Autopilot is becoming a standard feature.


I went with that example because I had a Kia Sportage from Hertz and it had lane centering (not just the thing that detects you are deviating from the lane). It did want you to touch the steering wheel but that's just cheaper driver monitoring.


That would make modern Subaru from I don't know how many years back, 'autosteer'. My Impreza does not behave in the least like 'pinballing', it behaves like it too can drive down the road, but wants to be holding your hand while doing it. This is on some pretty sketchy roads and road conditions, so it won't keep doing it unless it's identified at least one if not two lines on the road.

Seems like Subaru lane assist is considerably better than when it first came out in 2013 or so. I was able to experience it back then and it could have pinballed, certainly wasn't as steady and capable as it is more than ten years of development later.


I have a 2020 Alfa Romeo (interestingly also a Stellantis car like your Jeep), it has "follow the lane" feature. For the edge of the lane, it can either vibrate as a warning or force you off it, I have it set to vibrate.


Jeep and all the other Stellantis brands have the worst lane assist and worst tech options on the market, and the trim level on any rental is going to be as basic as they can get away with.


My company has a policy limiting the number of high level execs traveling on a plane at a time. I wonder if plane manufacturers have similar restrictions. It’d be an ironic to for them to simultaneously assert that their planes are safe for the general public, and also believe the risk is too high for a planeload of their execs to fly in one.


Controlled flight into terrain is a thing


On Linux, if the blocks are page aligned, you could use mremap(2) to swap blocks very efficiently without using any additional physical memory.


What’s the maximum range to your phone to get notifications? I’ve been trying to cut back on my reflex to look at my phone every few minutes. It’d be great if I could keep my phone on a charging stand and be able to walk around my house and still get notifications.


Exactly the killer use-case for pebble! It's "blue-toothy" range, so it'll mostly work in adjacent rooms but might have difficulty going diagonally upstairs v. downstairs, or ranging too far outside.

IIRC, pebble had a "vibrate on BT-loss", which could remind you to go retrieve the phone when ranging outside to rake leaves (or forgetting your phone in a restaurant or something).


I think Eric posted about this, and it was an impressive distance. Obviously YMMV based on the size of your house and how thick the walls are, but my old Pebble worked in much of my house and I would expect that as BT has gotten better (on both the phone and watch) in the last decade, the new versions will have even more range.


also probably depends on the building you live in.

not trying to start a flame-war, but i can imagine that you get quite some range in the US, if you live in one of those cardboard-inner-walls houses.

in the 30cm thick solid wall apartment i live in my pebble looses connection the next room over, i almost need line-of-sight for it to work. working at my desk, get up, walk 5 meters to the bathroom, watch looses connection.

maybe my smartphone has a weak bluetooth receiver, compared to other models, who knows...


bluetooth is 2.4ghz so if you're in a super congested area(lots of wifi) bluetooth can often struggle.


Is this an old Pebble or a new one?


One of the new ones. Or I guess old ones? I mean I bought it new from Core Devices / RePebble, but it's the OG model. Pebble 2 Duo.


Huh interesting, those have new BT guts, so should have as good of performance as any. I guess 30cm thick solid walls are not common enough for BT to be designed to go through them?


i think it's the by now internet-meme worthy difference between walls in the US compared to most of Europe. i've never lived somewhere which didn't have thick brick or concrete walls. 30cm was a bit high, more like 20cm.

i've seen tons of americans making holes in their walls by punching or falling into them. could never relate myself, i'd have a broken hand or concussion :D

my phone is not very powerful, maybe that's a factor.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: