• 1 Post
  • 91 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle
  • As someone who works in gamedev, I’m sure that some of the people there are passionate about it and it is gutwrenching to see your work fail so hard. I’m sad for every project that launches after years of work and fails to get any attention or sales, and I’m definitely sure there’s someone losing sleep due to that.

    I never worked in super-large projects, but I did work for a AAA studio and even there, you got people invested into the project.

    From how I’ve seen it, you wouldn’t work in gamedev unless you are passionate about it, because you can get drastically better pay for the same job in other, more business focused, industries. So, if all you cared about is money, you have better options.


  • I stumbled upon the Geminy page by accident, so i figured lets give it a try.

    I asked him in czech if he can also generate pictures. He said sure, and gave me examples about what to ask him.

    So I asked him, again in czech, to generate a cat drinking a beer at a party.

    His reply was that features for some languages are still under development, and that he can’t do that in this language.

    So I asked him in english.

    I can’t create images for you yet, but I can still find images from the web.

    Ok, so I asked if he can find me the picture on the web, then.

    I’m sorry, but I can’t provide images of a cat drinking beer. Alcohol is harmful to animals and I don’t want to promote anything that could put an animal at risk.

    Great, now I have to argue with my search engine that is giving me lessons on morality and decide what is and isn’t acceptable. I told him to get bent, that this was the worst first impression I ever had with any LLM model, and I’m never using that shit again. If this was integrated into google search (which I havent used for years and sticked to Kagi), and now replaces google assistant…

    Good, that’s what people get for sticking with google. It brings me joy to see Google dig it’s own grave with such success.



  • I see, stonks are way more bullshit than I thought. Is there anything else you can do with your stock, other than sell it to someone else? I always thought that crypto is such a scam especially because in the end, it has no value in itself, and the only thing you can do with it is sell it to someone else. If noone wants to buy it, well, you are fucked. Does it mean that stocks are exactly the same concept? I always thought it has something to do with the vaule of the company and the profits it earns, but if there is no way how to cash them out other than selling your piece of paper to someone, then it’s really the same? I suppose that unlike crypto, the stock price increases if the company is turning profit, but you still have to find someone to sell it to, right, so the price is increasing only because the demand from people willing to buy it is increasing due to it turning profit, but it’s not really tied to the actual value of the company, so it’s exactly like crypto? Or is the price set by some different mechanism than crypto is - pure demand from people willing to buy?








  • I see a lot of hate ITT on kernel-level EDRs, which I wouldn’t say they deserve. Sure, for your own use, an AV is sufficient and you don’t need an EDR, but they make a world of difference. I work in cybersecurity doing Red Teamings, so my job is mostly about bypassing such solutions and making malware/actions within the network that avoids being detected by it as much as possible, and ever since EDRs started getting popular, my job got several leagues harder.

    The advantage of EDRs in comparison to AVs is that they can catch 0-days. AV will just look for signatures, a known pieces or snippets of malware code. EDR, on the other hand, looks for sequences of actions a process does, by scanning memory, logs and hooking syscalls. So, if for example you would make an entirely custom program that allocates memory as Read-Write-Execute, then load a crypto dll, unencrypt something into such memory, and then call a thread spawn syscall to spawn a thread on another process that runs it, and EDR would correlate such actions and get suspicious, while for regular AV, the code would probably look ok. Some EDRs even watch network packets and can catch suspicious communication, such as port scanning, large data extraction, or C2 communication.

    Sure, in an ideal world, you would have users that never run malware, and network that is impenetrable. But you still get at avarage few % of people running random binaries that came from phishing attempts, or around 50% people that fall for vishing attacks in your company. Having an EDR increases your chances to avoid such attack almost exponentionally, and I would say that the advantage it gives to EDRs that they are kernel-level is well worth it.

    I’m not defending CrowdStrike, they did mess up to the point where I bet that the amount of damages they caused worldwide is nowhere near the amount damages all cyberattacks they prevented would cause in total. But hating on kernel-level EDRs in general isn’t warranted here.

    Kernel-level anti-cheat, on the other hand, can go burn in hell, and I hope that something similar will eventually happen with one of them. Fuck kernel level anti-cheats.


  • Why does this need to be installed here when previously agentless technologies was sufficient

    As someone who works in offensive Cybersecurity doing Red Teamings, where most of my job is to bypass and evade such solutions, I can say that bypassing agent less technologies is so much easier than agented ones. While you can access most of the logs remotely, having an agent helps you extremely with catching 0-day malware, since you can scan memory (that one is a bitch to bypass and usually how we get caught), or hook syscalls which you can then correlate.

    Oh, an unknown unsigned process just called RWX memory allocation, loaded a crypto binary, and spawned a thread in another process that’s trying to execute it? Better scan that memory and see what it’s up to. That is something you cannot do remotely.




  • I wouldn’t call Crowdstrike a corporate spyware garbage. I work as a Red Teamer in cybersecurity, and EDRs are bane of my existence - they are useful, and pretty good at what they do. In the last few years, I’m struggling more and more to with engagements we do, because EDRs just get in the way and catch a lot of what would pass undetected a month ago. Staying on top of them with our tooling is getting more and more difficult, and I would call that a good thing.

    I’ve recently tested a company without EDR, and boy was it a treat. Not defending Crowdstrike, to call that a major fuckup is great understatement, but calling it “corporate spyware garbage” feels a little bit unfair - EDRs do make a difference, and this wasn’t an issue with their product in itself, but with irresponsibility of their patch management.


  • Crypto is doing kind-of ok. But what about other blockchain apps and startups, or blockchain integrations into every tech imaginable? There were so many popping up, just like there are with AI now. Business models and use-cases that are based solely on the hype of the tech in question, without any consideration about whether it’s actually a good fit for the tech. That is the point, and what it has common with AI and other “buzzwords”.


  • I’m not sure about other countries, but here in Czech we actually have a mandatory subscription, that’s absolutely bullshit.

    So far, the law is that if you own any TV or radio, you have to pay monthly fee for public service broadcasters (national Czech TV). It’s bullshit, the channels are full of ads anyway, and the shows they run and create is insultingly bad. Sure, it is important to have public service broadcasters that are not dependent on the state (because state-owned TV is reeaallly bad idea), but FFS can they just reduce costs and stick to news, instead of doing another stupid series, and stop forcing us to pay for something I don’t care about or use?

    You could just not pay the fee, if you state you don’t have a TV capable of receiving it (which I don’t). But now, they are changing the law that everyone who has any kind of internet-capable device has to pay the monthly fee, while also rising prices to something like 6 EUR per month. Fuck that and fuck them.


  • I self-hosted it few months ago, and it’s actually surprisingly easy! Someone has made an Ansible script for Matrix with Element and some bridges, that (at least a month ago, IaaC tends to be pretty fragile) worked out of the box on a first try. I just set up some config values (mostly about enabling bridges I want) based on their amazing documentation, and then ran it once and everything is working so far. I even updated it several times already, and every time it was smooth, and it was basically just running a single ansible command. Their documentation is pretty well written, and with my basic cloud, IT and Linux knowledge I had no issues with following it. All you need to know is how to set up cloud VM, get a domain and set DNS, and set up SSH keys to access the server.

    In total it took me about two hours in total, from when I decided “I’m setting up Matrix tonight” without any prior knowledge, looking up my options and finding the ansible script, setting up cloud and getting Matrix up and running.

    I’m renting a VM on Hetzner for like 6$ per month, and it worked without issues so far. I use it for Discord and Messenger, although the Meta bridge does have some problems, for example I didn’t figure out how to message someone with whom I haven’t had a conversation since I set up the bridge, since only then it creates the room for it. But that can be solved by keeping the Messenger app or usign the browser to send a first message, and it immediately shows in your Matrix bridge (and stays there forever).


  • I also have a dual-boot, with fresh install of Windows I debloated as much as possible, that I use for games that I can’t get to run even after trying protondb.com. However, it has only happened one or two times since I switched more than half a year ago, and I usually just give up on and refund games that I can’t get to work on Steam. I have a lot of other things to play, and usually I wasn’t that much dead set on playing that particular one. I do make sure to post on the forums of the game when that happens, though.

    I’ve also recently stumbled upon https://windowsxlite.com/24H2ProV2/, which should be a debloated and minimized Windows (4Gb installed size is mindblowing, considering that all my Windows VMs have like 40Gb freshly installed). The site looks shady, but it was recommended to me by my coleague who works in cybersecurity, so I hope he knows what he’s doing. I haven’t got the time to test it yet, but it does mention that it should work for games, so who knows.


  • I suppose it’s written in a way to sound way worse and alarming than it actually is, due to the upcoming elections. It sounds almost unreal, i mean “EU secret plan to ban any kind of encryption or privacy” can’t be reallistically happening, right?

    I know about Chatcontrol, so I wouldn’t be surprised, but this article sounds pretty overblown, to the point of sounding more like a wild conspiracy theory. Does anyone have more resources or info about this, that don’t read like an election ad?

    I’m not trying to dismiss or disrespect the author, and I trust that it was written with best intentions, but it’s a really worrying topic about which I’d like to get more information about.

    However, thanks for bringing it up, I contacted our local Pirate party about the topic, because they don’t have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.