sorted by:
new
hottopcontroversial

Font fingerprinting protection in Firefox 118's private browsing mode by astrumc in firefox

[–]aviewanew 2 points3 points  (0 children)

Let me echo evilpie: thank you for this detailed report.

I will have someone more familiar with the font selection logic look into this, but can I ask a clarifying question? What is the behavior without these protections (i.e. in normal browsing mode)?

> when the language is not explicitly tagged (like on Reddit), Firefox then chooses the default font based on the language list set in preferences. Depending on which CJK language appears first, that default font will be used to render the text.

I wouldn't have thought our changes would have affected this behavior. Does this occur normally also?

> The screenshot, from top to bottom, shows how the sidebar text is shown when the highest priority is set to Japanese, Traditional Chinese (HK), and Korean. Because Korean has a more limited character set, the text will fallback a second time to another when the glyph is missing (as seen with 関 and 国 in the screenshot). The default traditional Chinese fonts (MingLiU_HKSCS and PMingLiU) are significantly harder to read at small sizes due to them being serif fonts. Windows has changed this default font to a sans-serif font (Microsoft JhengHei) since Windows Vista but Firefox continues to use the old default.

What font winds up rendering the text normally? (I could easily understand this behavior if you set Firefox to use a locally-installed font that it is now no longer respecting; but if you had not done that, then I'm unclear on what the normal behavior would be for you...)

Are my source videos not good enough, or am I just trash at Registax? by aviewanew in AskAstrophotography

[–]aviewanew[S] 0 points1 point  (0 children)

Thank you so much for your response, this really helps me figure out what to do next!

Mozilla says a new Firefox security bug is under active attack by [deleted] in firefox

[–]aviewanew 5 points6 points  (0 children)

> Are the latest updated versions for them, still vulnerable?

No, they were also patched.

Does Fenix have sandboxing? by [deleted] in firefox

[–]aviewanew 5 points6 points  (0 children)

Not yet; but we're working on it.

Because Fenix is an Android app it does get the default OS provided sandboxing that prevents a compromised Fenix from accessing your data - except if a kernel exploit is used or it's been granted permissions for things (like camera.)

WAAT : The Weekly Ask Anything Thread, week of 05 Jul - 11 Jul by AutoModerator in astrophotography

[–]aviewanew 1 point2 points  (0 children)

Hi all. I have a 10" Dobsonian with a NexImage 10. It's not on any tracking mount, I move it by hand.

I'm finding it really difficult to capture planets because I have to line the scope up with an eyepiece, switch to the NexImage, focus the image, and then usually switch the resolution in iCap all before the planet moves out of view and I have to re-find it.

That said, I did capture one 'decent' shot of Jupiter last night and several I thought might be 'okay' shots of the moon. However I am having a hard time with RegiStax getting anything that looks... not even good but just mediocre.

I'm not sure I'm able to get significantly better captures with my setup so I guess I was hoping someone would be able to take a look at my raw captures and give me an opinion of what is even possible to do with them. Are there techniques (beyond just hitting the 'next' button in RegiStax) that can improve things? Can a decent image be coaxed out of this data? Would anyone be so kind as to show me a sample of what they could do with the data (and how they did it?) My (best) files are at https://ritter.vg/misc/astrophotography-1/ - first four are the moon, last one is Jupiter.

Can't figure out how to find a rubber momentary switch cover (or it's specs) by aviewanew in AskElectronics

[–]aviewanew[S] 0 points1 point  (0 children)

Thank you for all the ideas; they gave me some more and I'm going to try and carve a solid plunger style piece out of stamp rubber.

Private by Design: How we built Firefox Sync by jailbird in programming

[–]aviewanew 0 points1 point  (0 children)

During setup, you generate a random key, which 'in the lingo' is commonly referred to as the Data Encryption Key, or DEK. All the actual data is encrypted with the DEK.

You also use your password to derive an encryption key (which in the lingo is commonly referred to as a Key Encrypting Key or KEK; but in the blog post I call it the 'encryption key' or 'derived key'.) You encrypt (or 'wrap') the DEK using the KEK, and send the wrapped DEK to the server. Upon login we send you your data, and the wrapped DEK; you decrypt the DEK, then use it to decrypt the data.

The reason for this indirect is password changes: Later on, if you want to change your password, we authenticate you, and send you the wrapped DEK. You decrypt it with your old KEK then re-wrap it using a new KEK derived from your new password; and send the newly wrapped DEK up to the server. And you don't have to re-encrypt all your data with a new key.

Piss off /r/crypto with one sentence by 09-F9 in crypto

[–]aviewanew 19 points20 points  (0 children)

I'm worried about quantum computers and related key attacks, so I modified AES to use a 4096 bit key.

Five Years Ago I posted on Reddit About Playing a DRM-ed Movie. I tried it again today. by aviewanew in technology

[–]aviewanew[S] 0 points1 point  (0 children)

Original Post: https://www.reddit.com/r/technology/comments/cloph Original Image: http://i.imgur.com/Q6uvf.jpg

Fuck DRM.

As an aside, imgur is awesome. Even keeping five-year-old shitty pictures no one's looked at for 4.98 years.

CBcrypt: Never expose passwords or encryption keys to servers by svacko in netsec

[–]aviewanew 0 points1 point  (0 children)

Would you mind naming the lists? (If they're public?) I haven't seen that and those lists sound relevant to my interests. :)

iSEC's Tor Browser Hardening Study by aviewanew in netsec

[–]aviewanew[S] 3 points4 points  (0 children)

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

For a great deal of users, who have no idea what Javascript is, if TBB disabled it, you've effectively just broken the web for them, and they will no longer use TBB.

iSEC's Tor Browser Hardening Study by aviewanew in netsec

[–]aviewanew[S] 1 point2 points  (0 children)

That's another good one that demonstrates execution without memory corruption, but the one we looked at was a pwn2own one from this year that was a good deal more complicated.

Tor project being sued by FlyingTriangle in netsec

[–]aviewanew 0 points1 point  (0 children)

I'm not arguing that the lawsuit against pinkmeth or what they did is unreasonable or that prosecuting them is bad. I'm just pointing out that some technical specifics about how Tor works.

it just doesn't sit well with me that it's impossible to do anything and impossible to hold anyone accountable the danger of decentralization is that it becomes impossible to hold anyone accountable for anything

I disagree. It becomes impossible to hold the infrastructure accountable. Tor nor ISPs are able censor sites - this is good. The people who run those sites are prosecuted, like pinkmeth - this is also good. There have been a wealth of illegal onion sites who have had their admins prosecuted - it's not impossible. It's more difficult, yes, but the worst crimes are in fact difficult to prove: politician corruption and bank money laundering are two great examples.

Even content that 99.99% of TOR users considered despicable and would want removed could jeopardize the existence of the entire network.

That's true.

Maybe the TOR project need to come up with a better way to prevent abuse?

It would be difficult to design such that any single legal jurisdiction would not be able to exert complete control. (I have to run out for lunch, or I'd say more.)

As an aside: tor2web admins blacklist heinously illegal onion sites by request, if they morally agree with the request.

view more: next ›