This is awesome! Been waiting for something like this to replace the bloated SDK Amazon provides. Important question— is there a pathway to getting signed URLs?
FYI, you can add browser support by using noble-hashes[1] for SHA256/HMAC - it's a well-done library, and gives you performance that is indistinguishable from native crypto on any scale relevant to S3 operations. We use it for our in-house S3 client.
For now, unfortunately, no - no signed URLs are supported. It wasn't my focus (use case), but if you find a simple/minimalistic way to implement it, I can help you with that to integrate it.
From my helicopter perspective, it adds extra complexity and size, which could maybe be ideal for a separate fork/project?
Signed URLs are great because it allows you to allow third parties access to a file without them having to authenticate against AWS.
Our primary use case is browser-based uploads. You don't want people uploading anything and everything, like the wordpress upload folder. And it's timed, so you don't have to worry about someone recycling the URL.
I use presigned urls as part of a federation layer on top of an s3 bucket. Users make authenticated requests to my api which checks their permissions (if they have access to read/write to the specified slice of the s3 bucket), my api sends a presigned url back to allow read/write/delete to that specific portion of the bucket.
Have been a proud better auth user for the last 6 months! Loved it so far, especially the fact that it's FOSS. Now that it's a venture-funded YC company, I am worried about using it. Should I be?
As I mentioned in the post, our goal is to help developers own their Auth. And now that we’re funded, it’d help us pursue this goal even more aggressively and give people more confidence.
We're entering the age where having private, personal space is becoming almost impossible. If you have a conversation around your phone, you best believe that government actors can tap that mic. If you have a conversation at home, either your "smart" TV, fridge, or Google Home / Alexa is listening. Now, cars are just becoming tablets on wheels.
In my Tesla, I am quite literally, being watched every time I drive. There is a tiny camera behind the rearview mirror. I have to assume that my vehicle will collect data that could be used against me in court. It's a weird shift, going from a completely analog & disconnected vehicle now to an internet-connected tracking device. You truly think about every move -- e.g. "Gee, I hope my insurance company doesn't misinterpret this 'hard braking event' as me being an irresponsible driver."
Tesla does not divulge your location to law enforcement without a warrant, and stands out amongst other automakers who simply hand it over. They also were one of few automakers who wasn't selling your data to LexisNexis Risk Solutions for insurance pricing.
(own Teslas, have submitted comments to Senator Wyden and the FTC on the topic, responsible for data security and privacy at a fintech, thoughts and opinions are my own)
On the other hand, Tesla has some notably, egregious incidents, including the reportedly-regular sharing of videos on internal messaging until at least 2022.
I'm not going to boil the ocean in a single thread, but recognize that there is nuance, lots of work ahead, and that consumer rights must be robust with punitive costs for willful negligence. There will always be control failures. If you're fine losing the functionality, pull the RF on your Tesla until laws catch up. I have managed the risk within my threat model, and accept the remaining risk. If all else fails, I will complain loudly to regulators and my representatives when needed to seek recourse, while also continuing to apply pressure as a citizen activist to keep moving towards better statute and regulatory rules around consumer data, data privacy, and so forth.
> They also were one of few automakers who wasn't selling your data to LexisNexis Risk Solutions for insurance pricing.
I don't understand how this practice is legal. There really should be a way to request that my driving data is deleted, or at least opt-out from having it sold.
I've also been trying to get LexisNexis to share a copy of my consumer file with me - which they refuse to do because of "identity verification" purposes, even though they don't ask any questions on the form to establish identity. I feel like they're intentionally making it hard for individuals to see what data they have on them.
I've encountered the same difficulty trying to get my data from LexisNexis Risk Solutions, and I too suspect this is intentional. Though my recollection is the form allowed me to enter some identity verification info like ssn or dob, but whatever I entered wasn't sufficient for them.
You have that right if you are a EU citizen - under GDPR you can serve a subject data request (to first learn what they have on you) and then a deletion request ("right to be forgotten").
my bike manufacturer does not divulge my location either, but in a much easier to trust way and without a possibility for circumvention.
Cars knowing their own location can be really useful, but why does the manufacturer need to know about it? and to begin with, why are they allowed to know about it?
I can only speak to Tesla; they can display the location of my vehicles in the mobile app, I can log my vehicle location constantly with a third party app (Teslascope, Tessie, etc), and other similar location based functionality. I want this functionality, I am willing to opt in to it, but I still expect robust controls (both internal and external) around the data they store and process. I understand some people may wish to opt out; they should be provided the option to do so, along with an acknowledged loss in capabilities that rely on those location services. Protect the consumer's choice and their data.
Similar to Apple's Find My, to know where the asset and family members (with their consent) are, where they're headed, or their ETA to me. Vehicle speed and location logging has gotten me out of more than one traffic violation.
> I have to assume that my vehicle will collect data that could be used against me in court.
They always have, for a long time. Exploring event data recorders is an interesting art to get into and put together how crashes play out, sensor-by-sensor.
To play along at home: https://crashdatagroup.com/ -- amusingly, one of the referrals mentioned on the page was essentially "Someone hit my parked car and then claimed I was driving it at the time" -- the EDR sounds like it saved them from a fraudulent claim.
My stepdaughter was involved in a he-said, she-said collision in a lighted intersection. "I believe I had the green light", "no, I believe I had".
So me, thinking, talking to insurer, "While not definitive, if the EDR shows that she was a complete stop for 30s before moving, that might show she was stopped at a red, and then went when it turned green".
Insurer: unless we're looking at six digits in a claim, we're not pulling EDR data.
They did treat it as a not-at-fault collision, because fault could not be determined, but still.
Tesla will make you fight them to get access to your own EDR data. But will hold press conferences where they'll tell the world all about your EDR data if they think it will move the spotlight away from AP/FSD (fatal accident a few years ago where they were suspected to be involved. Tesla holds a press conference, "Akshually, the vehicle had told the driver to be more attentive". And it had. But Tesla didn't mention that it had only done that once. And that that one time was EIGHTEEN MINUTES prior to the collision. They just wanted to make it sound like an irresponsible driver.)
It's also a gamble. Money and labor to retrieve the data, possibly out of a seriously damaged vehicle (making it difficult to get to it). And then if you're in a situation where EDR is your best source of verifiability (no eyewitnesses, etc.) you're also gambling that the story coming from your customer was accurate and doesn't increase the liability that you've helpfully provided evidence of.
The scale at which data collection now happens is unprecedented. The fact that data collection and sharing is now a continuous process is unprecedented.
claiming that this has always been the case is disingenuous.
It's not almost impossible. You're choosing to buy a Tesla and connect your "smart" appliances to the internet. You have other options.
The only person to blame is yourself.
I'm not saying companies should be allowed to do this, we really need a comprehensive privacy bill of rights, but you don't have to buy this crap that tracks you.
What I hope for is what amazon has done with the mic controls on a few devices (fire tv cube, echo, others?) where a teardown has proven that the hardware button to disable the mic physically disables the mic from possibly working while the light is on, and additionally makes it impossible for the software to enable it (until power cycle, where they have the firmware re-set it during boot and can verify it by seeing the light on again)
Making this kind of circuit mandatory and hopefully a default that you have to switch on is the solution to keep both groups happy.
I can dig up the article that shows the schematic if anyone needs evidence
One option that’s not great, is to follow the Amish —though the feds like irritating them from time to time. Maybe another is Indian lands, but who knows, they will likely find ways around that too.
The natives using their sovereignty to sell us our freedom back from a tyrannical government. You might be on to something, if they could sell colocated rack space on the reservation that was somehow immune to government snooping.
That's a good point, though keep in mind in some countries older cars are taxed heavily and some jurisdictions are considering phasing out older cars (not allowed to repair major components). Probably won't be the case in the US, but who knows...
> Gee, I hope my insurance company doesn't misinterpret this 'hard braking event' as me being an irresponsible driver.
Oh man, I had one of those boxes insurance companies send out to record you so you can qualify for lower rates for a couple weeks (my wife signed us up for it) and I felt like I was driving so much more dangerously with it on. But all my graphs would have been reeeeeal smooth.
> You truly think about every move -- e.g. "Gee, I hope my insurance company doesn't misinterpret this 'hard braking event' as me being an irresponsible driver."
This reminds me of the "Thought Police" from 1984.
Because in the novel "1984", the slogan "Big Brother is watching you." literally contradicts that statement of yours.
Wikipedia writes:
> The ubiquitous slogan "Big Brother is watching you" serves as a constant reminder that Party members are not entitled to privacy. They are subject to constant surveillance to ensure their ideological purity. This is primarily through omnipresent telescreens that provide two-way video communication and constantly blare propaganda.
> The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment.
Yes. That was my point. But then recording got cheap enough to record everything, and now AI is getting good enough to analyze all the data. Orwell didn't see that coming.
I built www.letselectrify.org as a side project to make it easier for people in multifamily buildings (condos, apartments, and HOAs) to get their own dedicated EV chargers.
In multifamily buildings, such as my 85-unit condo, there isn’t any at-home charging. At best, there is one shared charger for the community to use.
This sucks for several reasons: 1. You have to remember to move your car when it’s done charging, 2. The HOA is stuck paying the bill for all the electricity, and 3. As more and more people get electric cars, shared chargers don’t scale.
The most common Homeowner Association (HOA) objections to adding more charging: 1. It costs too much, and 2. Nobody wants this.
HOAs are generally risk-averse and don’t want to spend money on discretionary things like EV charging. This means that the only way for residents to conveniently own an electric car is to pay out of pocket (sometimes up to $20k) to install a single charger, which usually also requires the HOA to approve on a case-by-case basis.
Instead of all these one-off installs, letselectrify.org combines everyone that wants a charger into one campaign and lets them split the cost of installation, which ends up being much cheaper.
Broadly speaking: IP Transit is the relaying of bandwidth towards the rest of the world.
Dark fiber is a fiber optic connection where you shine light in and get it out on the other end, no other party on the physical fiber strand.
one annoying one that's notably missing: There's no way to get rid of the Music.app, and the play/pause hardware button on my M2 macbook is always mapped to that app.
I inadvertently press this button all the time and it launches Music.app, taking about 1/4th of the 8gb of shared memory
I noticed this most recently when having selected "restart and update" for a system upgrade, and seeing the white apple on a black background with a progress bar, I bumped the play/pause key.
Sure enough, music.app launched in the background somehow and started playing!
agree, it seems inefficient. I have friends that use YouTube as their main music subscription platform though. With YouTube premium I think you can close out of the app and still have it play music. I would hope that YouTube is smart enough to not buffer video when you're out of the app for long enough.
