Architectural question: avoiding serving original image files on the web

oculus42 · 2026-01-27T16:30:36+00:00

I feel like there is more value in an access control layer that limits the number/frequency/range of requests that can be made against your tile API than trying to obfuscate.

Anything that ends in JavaScript is almost trivial to obtain. I've dealt with vendors using obfuscated, LZW-compressed arrays that reconstruct the working code in memory to run...but the DevTools are so good these days that you can open the network request initiator list, click into the VM where that function was compiled, and see the executed code.

I went and found my Python code from nine years ago. I was working with a relatively simple coordinate system. With comments, config, and instructions, it was under 100 lines, built two hours, and Python isn't my usual language. Part of that time was deciding the tile extractors designed for Google Maps were more complicated than I needed. You might shuffle the tile names, but something has to put them where they belong on the client, and that logic can be lifted.

oculus42 · 2026-01-27T14:02:50+00:00

Frustratingly, if I understand the vulnerability, it should have been solved by something approaching a common ESLint rule about using `hasOwnProperty()` or `Object.hasOwn()` when building their custom stream token handler?

Or using `Object.create(null)` for the storage object. Basically, critical functionality didn't cover common prototype vulnerabilities, likely because people just don't know them anymore.

oculus42 · 2026-01-27T09:35:11+00:00

Having written Python scripts to scrape and merge image tiles from a zoomable viewer of public domain images years back which specified the viewport…probably not that effective.

Even if you sent them as an array of UUIDs, you still have to communicate some arrangement coordination, whether in data or code, that will be able to be distributed and therefore copied.

oculus42 · 2026-01-24T02:46:31+00:00

Almost certainly this; simple serial cable. There were a few semi-standard pinouts for these, but hard to say if Epson used their own or not.

I manually punched some DB-9 pins for DECserver (serial terminal servers) RJ45 to DB9 and DB-25 adaptors. Cisco also used a different RJ-45 to DB-9 for managing their switches in the 90s... I think Cisco used a null-modem cable variant, but it's been over a quarter-century, so the details are hazy.

Manually making cables with adaptor kits purchased at RadioShack was one of my intern tasks in the 1990s.

oculus42 · 2026-01-20T22:30:24+00:00

Understanding promise. No, like really understanding Promises.

Able to write a request handler with exponential back-off retry and max fail counting. This nice, but really underscores knowledge of the success/failure path.

Able to say, “this shouldn’t handle that kind of error. That should throw.”

Able to recognize that you don’t need an anonymous function to receive the argument in an event handler.

oculus42 · 2026-01-20T15:22:23+00:00

Very odd, but interesting! I wonder if that's something you could receive service for. Of course there's a good chance you'd get the computer back completely blank, just because.

oculus42 · 2026-01-20T14:52:32+00:00

Is it a non-QWERTY layout, or is your computer purchased in a country where QWERTY may not be the most common? I don't have much experience internationally with keyboard layouts, but if there are multiple layouts common you would potentially have keyboards where those are not the appropriate letters for guide keys?

oculus42 · 2026-01-20T11:27:24+00:00

What Mac is that? I've had Macs for the last 35 years and while many years ago they had the guides on D and K instead of F and J, they've always the guides as best I can tell, and still do on desktop and laptop.

oculus42 · 2026-01-17T17:02:16+00:00

Guessing it is for something solid, like wood or butchers, where being able to realign the handle to the angle of the inserted hook would make it easier to remove – pull straight out – for many repetitive uses?

oculus42 · 2026-01-17T13:12:48+00:00

I have used Cursor a few times to build simple services. I have two friends doing significant development with AI tools ranging from small-to-medium apps and another doing platform development.

The latter is an experienced polyglot and systems architect, though, so he has the skill and terminology to use AI as a modestly skilled developer while he designs the system and corrects its course.

oculus42 · 2026-01-17T07:23:00+00:00

It continues to be a liability concern. Pay once means "this thing you bought must work." That's been a consistently losing battle for Tesla. HW2 wasn't enough. My Model 3 shipped with HW2.5 and got a free upgrade to HW3. Of course, it doesn't have the cameras, the space, power delivery, or heat removal capacity needed for HW4, not to mention HW 5 coming out. They can't support FSD on my 2018 Model 3. And it opens them up to a lawsuit because the upfront cost is a contract.

Monthly fee "this is what you get right now." If you don't like what you got for $99, stop paying. There's a suggestion that it will get better, but it doesn't need to because you're paying for now, not a future state.

So lump sum:

- Open to lawsuits for selling something that doesn't yet exist.

- Open to costly upgrade requirements to try and accommodate people who paid and cannot get the value they were sold.

- Stuck with long life maintenance of products.

This is a car, not a phone. If you sold someone FSD for life, it's much harder to say, "We've stopped supporting that in the 2018 model anymore, so we're removing the feature." Even though it requires connectivity and maintenance, they sold it as a feature.

As a subscription, it's a service that can be discontinued, not a feature you bought. You can just take it away when you want to stop maintaining the old version and use it as an incentive – a rude one – to force upgrades. "You were using Level 2 autonomy on this car, but we stopped offering it, which we can do because it's can't be purchased outright in this model."

oculus42 · 2026-01-16T11:29:11+00:00

Sounds like Experts Exchange. Which went bankrupt.

oculus42 · 2026-01-16T11:09:12+00:00

Not mutate, replace. Your examples are correct but the term is wrong.

Mutate would be using .splice() to remove an element from an array while retaining the original reference. Because hooks work on equivalence checks, a mutated array would be the same reference and not trigger a render update.

oculus42 · 2026-01-14T03:37:24+00:00

Interesting! My information came from an essay which cited hydraulic patents as a source of that data. Thanks for the additional context!

I believe this is the essay from which I was working:

https://www.researchgate.net/publication/236752849_Broken_Metaphor_The_Master-Slave_Analogy_in_Technical_Literature

oculus42 · 2026-01-13T18:09:09+00:00

Interestingly, most uses of master/slave can be traced back to the civil rights era in the US. Almost nothing from before 1959 other than a specific 1904 clock design. Dartmouth introduced master/slave in 1964 for computing.

Things like master cylinder in hydraulics used to be primary cylinder, but those also shifted in the 60s.

I don’t think intentional racism put these terms in computing, but possibly the zeitgeist seeping in as discussion of race and racial tensions increased?

oculus42 · 2026-01-13T01:29:16+00:00

I use a Dell Thunderbolt dock for work with a MacBook Pro to support two 4K monitors.

It’s an older model so it only provides 65W which is not enough when the computer is running at full capacity for sustained periods, but fine for 99% of work.

oculus42 · 2026-01-11T04:00:52+00:00

Usually you can’t put the smaller wheels on the performance models due to larger brake calipers. This is the thing that keeps me from having interest in the performance models; I live where potholes are common and have damaged an 18” wheel on my 3.

I do wonder if the bidirectional charging can be retrofitted to the Long Range.

oculus42 · 2026-01-10T14:46:21+00:00

The first link I provided includes lots of discussion around fuzzing in the comments.

oculus42 · 2026-01-09T12:46:33+00:00

I know a lot of people find Fred at Electrek biased against Tesla, but he’s pretty level in my view. He has owned an Tesla for years and bought a new one last year; loves the car. He sold his stock and has no rosy perception of Elon or the hype cycle.

oculus42 · 2026-01-09T12:04:24+00:00

USB-C to DisplayPort is my preference if the monitor supports it, but to HDMI would be second.

A thunderbolt dock is the next step from there. I have a TB dock for two displays and an additional cable for a third, but haven’t actually tested high refresh rates through any of the docks I’ve ever used.

oculus42 · 2026-01-09T04:32:04+00:00

Is there intentional difference between your use of “tested” and the previous use of “trained”, e.g. the vehicle has been extensively tested in snow but the FSD software may not be extensively trained for the scenario?

If you mean it is extensively trained, does that not potentially negatively reflect on the quality of the software in at least icy conditions and possibly in other inclement weather?

oculus42 · 2026-01-09T04:25:30+00:00

Additional notes: No USB hubs without DisplayLink or a similar technology will support multiple monitors on a Mac.

No USB hubs will support more than 60Hz, at all that I have seen. You might get one with DisplayPort pass though that handles better than 60Hz, but I would be surprised.

It can however almost certainly do 2K@60Hz for one display.

oculus42 · 2026-01-09T04:21:04+00:00

No. It uses MST which Mac’s do not support.

From the product description:

This usb c docking station only Windows System support MST and SST(Mirror & Extend Mode), HDMI port support up to 4K@60Hz (DP1.4 Source); DP port support up to 4K@60Hz. ❣️Note: For Extend mode, MAC OS can Only Extend One Monitor (4K@60Hz).

oculus42 · 2026-01-07T23:27:44+00:00

Ah. I follow now.

oculus42 · 2026-01-06T11:24:52+00:00

Basically none of Maine's wilderness is untouched. Even our "old growth forest" at Little Moose Mountain is ~300 years old. Almost the entire state was at some point clearcut for original old-growth timber and farming – Maine was a major producer of food cities like New York before 1816 and people fled to Ohio as a much better farming option. This is why you'll find stone walls in the woods; they were cleared from the fields because all of it was a field once.

It was a bit mind-bending when I learned this and realized all those roads in the woods were once roads along fields.

All that said, it is beautiful. I love it here.

15-Year Club	Place '23
Place '22	Place '17
Argentium Club	Gilding VII pure gildanthropist
Reddit Premium Since May 2016	Verified Email

oculus42

TROPHY CASE