Anything is beatable, hackable and abusable given the time and resources, and it shouldn’t be my system because some idiotic management took the decision to enforce ring0 access anti cheat to ban some percent more hackers.
No one said that anti cheat efforts do not make an impact, but the impact of ring0 anti cheats is massively overrated
Right, completely forgot that locking exists in SVN, and I guess it definitely makes sense if you’re collaboratively editing unmergeable files.
Thanks!
Serious question, why do they use SVN, as in what does SVN better than Git for the department using it?
It’s not surprising per se, but it’s something that people should be more aware of. And a lot of this consumption is not providing global services (like the Google search or workspace suite) but the whole AI hype.
I didn’t find numbers for Google or Microsoft specifically, but training ChatGPT 4 consumed 50 GWh on its own. The daily estimates for queries are estimated between 1-5 GWh.
Given that the extrapolation is an overestimate and calculating the actual consumption is pretty much impossible, it’s still probably a lot of energy wasted for a product that people do not want (e.g. Google AI “search”, Bing and Copilot being stuffed into everything).
Chrome cookies are encrypted, for exactly the reasons stated. If malware gains access to your system and compromises it in a way that DPAPI calls can be replicated in the way Chrome does it, then your sessions will also be compromised. But this is way harder to do, and at least prevents trivial data exfiltration.
Please don’t take personal offense, but you have merely a project scaffold with an unrealistic goal that will be blocked and C&D’d into the ground, without any other projects created.
It doesn’t matter how hard you’re working on your anonymity, this project will be ripped apart by a horde of lawyers in seconds. You’re not only doing something questionable or against ToS, you’re directly attacking and sabotaging their monetization. This will not be taken lightly by the legal team of reddit.
You want to provide a better, cooler, more robust and other random buzzwords API than the own of reddit. So, you alone, want to provide a better API than the whole team of reddit does for their absolute core product, all by scraping. This is simply not realistic.
While we’re at the topic of monetization, scraping, ETL into your own model and providing the API - for the amount of content that reddit has (quantity, not quality) this will be a highly resource intensive task. How do you plan to fund that, since your API will be better than the official one, I can expect at least the same performance as well, right?
And also, most importantly, even if you magically achieve working around all that and get that working - why? Who is your expected user group? Pretty much every software using reddit moved away from reddit or simply has died. AI gen content is rampant, and most discussions seem like bots talking to bots. There is literally nothing to gain from an API to reddit - so why would anyone bother using it?
The third option is to use the native secret vault. MacOS has its Keychain, Windows has DPAPI, Linux has has non-standardized options available depending on your distro and setup.
Full disk encryption does not help you against data exfil, it only helps if an attacker gains physical access to your drive without your decryption key (e.g. stolen device or attempt to access it without your presence).
Even assuming that your device is compromised by an attacker, using safer storage mechanisms at least gives you time to react to the attack.
Yes, in your head, and in your second factor, if possible, keeping derived secrets always encrypted at rest, decrypting at the latest possible moment and not storing (decrypted) secrets in-memory for longer than absolutely necessary at use.
Been a few days since using electron, but AFAIK electron can’t be used as a wrapper for android apps, or can it? Or is their android app a web app wrapped into a “native” android app too?
Also, since this seems to be an issue since 2018, 6 years should be plenty to rewrite using a native secure storage…
Kinda expected the SSH key argument. The difference is the average user group.
The average dude with a SSH key that’s used for more than their RPi knows a bit about security, encryption and opsec. They would have a passphrase and/or hardening mechanisms for their system and network in place. They know their risks and potential attack vectors.
The average dude who downloads a desktop app for a messenger that advertises to be secure and E2EE encrypted probably won’t assume that any process might just wire tap their whole “encrypted” communications.
Let’s not forget that the threat model has changed by a lot in the last years, and a lot of effort went into providing additional security measures and best practices. Using a secure credential store, additional encryption and not storing plaintext secrets are a few simple ones of those. And sure, on Linux the SSH key is still a plaintext file. But it’s a deliberate decision of you to keep it as plaintext. You can at least encrypt with a passphrase. You can use the actual working file permission model of Linux and SSH will refuse to use your key with loose permissions. You would do the same on Windows and Mac and use a credential store and an agent to securely store and use your keys.
Just because your SSH key is a plaintext file and the presumption of a secure home dir, you still wouldn’t do a ~/passwords.txt.
How in the fuck are people actually defending signal for this, and with stupid arguments such as windows is compromised out of the box?
You. Don’t. Store. Secrets. In. Plaintext.
There is no circumstance where an app should store its secrets in plaintext, and there is no secret which should be stored in plaintext. Especially since this is not some random dudes random project, but a messenger claiming to be secure.
Edit: “If you got malware then this is a problem anyway and not only for signal” - no, because if secure means to store secrets are used, than they are encrypted or not easily accessible to the malware, and require way more resources to obtain. In this case, someone would only need to start a process on your machine. No further exploits, no malicious signatures, no privilege escalations.
“you need device access to exploit this” - There is no exploiting, just reading a file.
"We listened to our accounting, and the massive wave of refunds and unbought mtx is hurting our numbers. PR isn’t happy about the reviews either. We’ll keep you updated on future plans for fucking you over!
Do you really think that Sony will actually back down? They are calming down the shitstorm that is going over all media, socials and steam. They’ll reorganize and will move on with their plans. Arrowhead and Helldivers is just one of many assets.
If you could read, you would’ve seen that the article doesn’t even call out your daddy musk specifically, but actually only criticizes the grok and X interaction 🤷♂️
I don’t think that the current tools will be using it internally, since this would require the tools actually supporting the CLI launcher, and in the best case we would have something like the proton config in steam in every tool separately again.
I think that you will need to have your launcher installed, but you will have this new launcher as your entry point, from which you will start your games using proton from the linked project.
But - it’s a PoC right now, maybe both ways will be possible.
From a wishful perspective, it would be super neat if this new launcher would hook into the installed regular tools, and automagically make those use the preconfigured proton runtime it brings. Shouldn’t this be possible using LD_PRELOAD?
Right now it’s a PoC (proof of concept, a rough implementation of an idea), to emulate launching games from other stores as if they were launched from steam using proton.
What this could be used for is to create a new Linux launcher, where you setup proton once, and launch all games using this launcher.
This simplifies usage for you as the end user, since you would only need to install the launcher, and it sets up ProtonGE, and you’re done. It also enables simple Proton usage for other games (Epic, Lutris, whatever).
Additionally it helps unifying development. Windows games under Linux have a lot of moving parts: there’s Proton as a compatibility layer. There’s integration between steam, proton and your system (sniper/vessel). There’s protonfixes which is game specific changes in proton. Each of which itself consists of components and stuff I’ve missed. In short, it’s complicated. Unifying all this components with one tool, with one battle tested installation and compatibility and with a single source of truth in development could be another big step in Linux gaming.
TLDR - potentially a new launcher for games under the Linux, enabling any game to be played using proton, when supported, not only steam games.
Neat, thank you for the hint - only recently got a ccwgtv, and I’m still not used to the fact that you’re able to install apps like this 😂
Same for me on Chromecast, it’s pretty much unwatchable overnight, started probably about a week ago. I’m to lazy to set up adblocking for my full network, and I was fine watching the skippable 15s ads, and the occasional longer ones, but currently I mostly get at least a full minute of ads on my TV.
Before you talked about the Fediverse as a whole, now from a single user perspective.
IMO it affects the Fediverse as a whole by abusing it. The whole idea is an open network, where instances can federate with each other to bilaterally share information and create a seemingly single platform. This is not the case with the planned Threads integration, because they explicitly plan to feed on the content, but hiding sharing their own content behind an (for most of their userbase) obscure opt-in.
From a single user perspective it doesn’t affect you directly. But it affects the platform you are part of with malicious intent.
I am not against Threads joining the Fediverse, and I do actually think it would be great for the growth of the Fediverse if actual big players join, and if it brings content that I personally do not like to see, I can use the tools available (e.g. blocking user/communities/instances) to hide it. But only if they plan on joining as a “regular instance” like any other - but Meta does not intent doing so, since they have chosen the opt-in with obvious intent of simply gaining additional content on their walled platform for their own gain.
This is what OP said, and it’s completely correct. It’s not that much impact in comparison to “regular” anti cheat systems. And both of those only detect either cheap/bad or known hacks.
Server-sided and data based anti cheats is what would actually be a huge step up. You’re running a 8 K/D in a game where the best players are between 1-2? Banned. You just flicked two enemies within 100ms? Banned. Suspicious activity that’s not that blatant needs to be reviewed.
The thing is - that’s fucking expensive, complicated and needs to be done one a per-game basis, and since its just cheaper to throw you under the bus with a kernel anticheat and claim it’s the best one, that’s being done.
Read up on the dangers.