▲ 10 r/opsec

my two "separated" browser profiles had identical canvas and audio fingerprints

I have read the rules.

Threat model: adversary is commercial tracking and fingerprinting infrastructure. Asset is identity separation between two Firefox profiles for different research contexts, each routed through a separate proxy. Goal is preventing any passive observer from linking profile A to profile B.

I set up both profiles with separate containers, separate proxies, resistFingerprinting enabled, WebRTC disabled in about:config, DoH on different resolvers per profile. Thought I was probably fine, but I realized I had never actually tested any of it. I found an open source eight surface scanner on GitHub, read the source to confirm fingerprint checks run locally, and pointed both profiles at it.

WebRTC was bad. One profile had an extension that silently re enabled peerconnection. The STUN probe returned my real IP behind the proxy. HTTP was routing correctly so nothing else surfaced it.

Canvas and audio were worse in a way. Both profiles produced identical Canvas 2D hashes and identical AudioContext signatures. resistFingerprinting was on. Did not matter. Enough to link both profiles to one machine. I honestly do not know how to fix the audio surface without breaking playback.

DNS leaked on one profile because the OS resolver grabbed DoH fallback before Firefox did. Font enumeration, WebGL, automation flags, and egress ASN all came back clean.

Three of eight surfaces were quietly burning my separation model and I had no idea until I measured.

reddit.com
u/nona_jerin — 11 days ago

Silk scarves look so chic on everyone else, but somehow awkward on me

I’m trying to style this green floral silk scarf with a light green floral dress and unsure whether the tonal match feels chic or a bit too coordinated. I love the soft, romantic vibe of the colors together. The scarf feels like it could elevate the outfit, but I don’t want the whole look to read too matchy or predictable.

Would this same-color-family pairing still feel fresh and modern, or would a contrasting scarf color give the look more personality? Looking for ways to make it feel intentional and stylish for spring and summer outfits.

u/nona_jerin — 16 days ago

My EZGO barely made it to the mailbox so I threw a lithium pack in it

Bought a 2018 EZGO TXT last spring for hauling stuff around my property and running the kids to the neighbors. Decent cart. Nothing fancy, but it did the job all summer.

This spring I pulled it out for the first time and it would barely make it to the end of the driveway. Voltage sagging on any tiny hill. Opened it up and two of the six lead acid cells were basically dead, dated 2019. The other four look like theyre on life support too.

I was going to just replace the lead acids. Then my cousin says hes moving to lithium and swears I will never go back. I thought he was just showing off. Looked into it anyway because honestly the idea of filling water every month sounds terrible.

Ended up going with a Vatrer Power Lithium Golf Cart Battery, 48V 105Ah. Drop in for my EZGO, same tray footprint. Me and my kid lifted it together, which was wild because the old setup was probably over 300 pounds and we needed both of us just to wrestle it out.

Install took an afternoon because I was being careful. Cleaned the tray, dropped in the new pack, wired it up. Had to upgrade to a lithium charger but that was not hard. First test run the torque difference was obvious. My kid asked why the cart felt faster and I told him to stop asking questions while I drive.

Did about 8 miles yesterday around the neighborhood with stops and hills and the battery was showing 78% when I got back. Old setup would have been dead by the third hill. I am not babying it anymore.

Cost is higher upfront but the math over time works out. 4000+ cycles versus the 500 I would get from another set of lead acids. Plus I never have to check water levels again.

The one thing I underestimated was how much fun it is to drive without range anxiety. That part surprised me the most.

reddit.com
u/nona_jerin — 25 days ago

My dad finally started turning the AC on by himself

Earlier this year I helped my parents get a Costway mini split installed. The funny thing was that after it was installed, they almost never used it. Every time I visited, the house would be warm and there'd be a fan running somewhere. My mom would say she forgot. My dad would say it wasn't hot enough yet.

A while back I stayed with them for a couple of weeks and kept turning it on whenever the house got stuffy. We'd sit in that room talking, watching TV, having fruit after dinner. Over time they started spending more time there too. A few days ago I called home and my mom casually mentioned that my dad had started turning it on in the afternoons. For some reason that made me really happy. Not because of the AC. Just because he's finally letting himself be comfortable.

reddit.com
u/nona_jerin — 28 days ago

dumped WBA at $21, cut followed

I wrote a script that flags stocks when the trailing payout ratio crosses 100%. Last January WBA showed up at 148%. I almost ignored it because, I mean, WBA. Everyone holds WBA. But 148% is 148% so I sold at $21. Eleven days later Walgreens cut the dividend almost in half. Stock cratered. Honestly the script is one for one so far, but that one kept me out of a position that's down something like 40% so I'll take it.

reddit.com
u/nona_jerin — 1 month ago

Knitted weighted blanket vs glass bead, what are the downsides?

I’ve been looking at weighted blankets on ynm and noticed they have both knitted weighted blankets and the more traditional glass bead filled ones.

The knitted ones look more comfortable to me. They seem softer, more breathable, and less like a heavy flat blanket just sitting on top of you. I also like that they look more decorative on a bed or couch, and there’s no risk of beads shifting around or leaking. But I’m wondering what the tradeoffs are compared with the glass bead style.

For people who have used both, are knitted weighted blankets harder to wash or keep clean? Do they stretch out over time, feel less evenly weighted, or is the pressure just different compared with the glass bead ones? I like the look of the knitted one, but I’m not sure if it’s actually the more practical choice for everyday sleep.

reddit.com
u/nona_jerin — 1 month ago

Build log: AI made 3 prototypes easy, validation was still hard

Tiny confession. Last quarter I built three little apps with AI. Not huge SaaS things, just weekend size projects. One was a tiny bug triage helper, one was a landing page checker, one was basically a habit tracker I got bored of.

One got a handful of users. Two got basically nothing. They worked. Login worked, Stripe worked, the UI was fine enough. The embarrassing part is that working was never the problem.

I skipped validation because building felt so cheap. Instead of talking to people, I opened the editor and started prompting. A day later I had a product shaped object, and my brain treated that as evidence that the idea was good.

That is the trap. AI removed the pain of building, so I removed the discipline before building.

My current rule is that I am not allowed to generate code until I can write the problem in one sentence and name five people who actually have it. Sometimes I put the idea through a planning pass in Verdent first. Not because it validates the idea. It just makes it painfully obvious when the plan is mostly vibes.

The tool stack is not the hard part anymore. The hard part is not lying to yourself just because the prototype exists.

reddit.com
u/nona_jerin — 1 month ago
▲ 5 r/mlops

Anthropic 529s in production, what we tried and what actually worked (with numbers)

We run a doc processing pipeline on Claude Sonnet, has been pretty steady for ~9 months. Then Opus 4.7 dropped on April 16 and our 529 rate went from basically zero to 12-15% during peak hours. Some hours worse. Shared cluster capacity, classic story, Sonnet eats it whenever a new flagship lights up the fleet. Pager went off enough that I started losing sleep over it.

A few things we tried, in order, in case anyone is fighting the same fire.

First was just respecting Retry-After headers properly and adding jitter to our backoff. Helped a bit. The problem is that 529 is not really a rate limit, it is the cluster is on fire, so even with backoff our p95 latency tanked because individual requests sat there waiting 30+ seconds before deciding to give up.

Second was leaning harder on the GPT-4o fallback we had wired up since this pipeline first shipped last summer. Sounds easy until you actually try to load-bear with it. Anthropic Messages and OpenAI Chat Completions have different schemas, different tool call formats, different ways to count tokens. We ended up with two parallel codepaths that had to stay in sync any time either provider shipped a change. Our SDK upgrade Slack thread became a horror movie. Bonus: GPT-4o is on its own sunset runway now (chatgpt-4o-latest already gone, the dated snapshots not far behind), so the fallback we built last summer is itself something we have to plan to migrate off. Great.

What's actually working better is pushing all of that into a gateway and letting application code keep speaking the Anthropic Messages API. We've been trialing TokenRouter for the last couple of weeks because it meant we didn't have to rewrite our tool-use logic for an OpenAI-shaped adapter. Failover routing happens at the gateway level instead of in our code, which is the part I like. So far we haven't run into the same kinds of issues we saw with the other approaches, but two weeks isn't long enough to call it bulletproof.

Two things I am still not happy with. One is observability, the gateway logs failover events but correlating them back to our OTel traces is fiddly, currently I am just attaching a header and joining on it later. Two is that we have not actually exercised the deeper fallback path under a real multi-provider outage, so I have no idea how it behaves when both Anthropic and OpenAI degrade at the same time. That feels like the next pager event waiting to happen.

Still figuring out the caching side. Specifically the request de-duplication across teams piece, where two services are asking near-identical questions of the same model and we are paying for both. Cache key design when prompts are 95% the same but not byte-identical is harder than I expected, and I am not happy with what we have so far.

reddit.com
u/nona_jerin — 1 month ago