HackerTrans
TopNewTrendsCommentsPastAskShowJobs

twhb

no profile record

comments

twhb
·4 месяца назад·discuss
Apply the same logical test to freedom of speech, and you’ll get the same result.

You’re not missing anything about what’s likely to happen to you personally. What you’re missing is the manner in which rights shape your life and your society even when you don’t exercise them, and sometimes even when nobody is currently exercising them, and that significant harm can be built out of a vast number of smaller harms that aren’t individually that bad.
twhb
·6 месяцев назад·discuss
This article is misinformed if not intentionally misleading about Apple Pay’s privacy status. It is technically true that Apple does not share your credit card number, but it does share its own unique, persistent identifier.
twhb
·6 месяцев назад·discuss
This is an iOS 26 regression. There are a bunch of soft hyphens in there, which is why it works on other browsers and in previous versions of iOS.
twhb
·7 месяцев назад·discuss
Sorry, fixed link: https://demo.fingerprint.com/playground.

I agree on randomization, but there are other places where it doesn’t stick out like that. I’ll look up specifics if I find the time, but I think reading canvas data without permission is one place it’s utilized, including by Tor.
twhb
·7 месяцев назад·discuss
This tool is deeply flawed. Fingerprinting protection is sometimes done by binning, which this tool rewards, and is sometimes done by randomizing, which this tool harshly punishes. The net result is it generally guides you away from the strongest protection.

The flip side of this, having the complementary flaw of testing only persistence, not uniqueness, is (warning, real tracking link) fingerprinting.com/demo. You can try resetting your ID and seeing if it changes here. Since tracking requires (a degree of) uniqueness AND (a degree of) persistence, the danger signal is only failing both the EFF test and this test.

Failing both is a requirement to derive meaning, not being lax: measuring only uniqueness would fail a random number generator, and measuring only persistence would fail the number 4.
twhb
·11 месяцев назад·discuss
Great post!

Also check out oklch.com, I found it useful for building an intuition. Some stumbling blocks are that hues aren’t the same as HSL hues, and max chroma is different depending on hue and lightness. This isn’t a bug, but a reflection of human eyes and computer screens; the alternative, as in HSL, is a consistent max but inconsistent meaning.

Another very cool thing about CSS’s OKLCH is it’s a formula, so you can write things like oklch(from var(--accent) calc(l + .1) c h). Do note, though, that you’ll need either some color theory or fiddling to figure out your formulas, my programmer’s intuition told me lies like “a shadow is just a lightness change, not a hue change”.

Also, OKLCH gradients aren’t objectively best, they’re consistently colorful. When used with similar hues, not like the article’s example, they can look very nice, but it’s not realistic; if your goal is how light mixes, then you actually want XYZ. More: https://developer.mozilla.org/en-US/docs/Web/CSS/color_value....

Also, fun fact: the “ok” is actually just the word “ok”. The implication being that LCH was not OK, it had some bugs.
twhb
·в прошлом году·discuss
> spacer gifs

Hacker News actually still uses these for comment indentation, check this page’s source code.
twhb
·в прошлом году·discuss
restic’s rest-server append-only mode unfortunately doesn’t prevent data deletion under normal usage. More here: https://restic.readthedocs.io/en/stable/060_forget.html#secu.... Their workaround is pretty weak, in my opinion: a compromised client can still delete all your historic backups, and you’re on a tight timeline to notice and fix it before they can delete the rest of your backups, too.
twhb
·6 лет назад·discuss
What’s the better alternative? What solves “let non-tech people build and administer flexible, dynamic websites” better?
twhb
·7 лет назад·discuss
Thank you for your comment.

Since HTTPS traffic already reveals communicating IPs to nation-state actors, could you clarify what attack vector removing user IP info from authoritative DNS queries protects against?

In what way does Cloudflare publish its PoP geolocation? Is it a Cloudflare-specific API? Why not fake EDNS subnet info by providing the PoP’s?

I notice of course that Google, Facebook, and Netflix still work on 1.1.1.1. Does this mean they’re currently using Cloudflare PoP geolocation in lieu of EDNS subnet information?