i’m lizard

  • 0 Posts
  • 24 Comments
Joined 5 months ago
cake
Cake day: June 21st, 2024

help-circle

  • It’s not and I’m not sure how that article arrived at that conclusion. Their E2EE crypto is problematic homebrew crypto, but that’s very, very different from being closed. The whole desktop client including the implementation of that crypto is fully open source and lives right on GitHub. Plenty of people have independently reviewed it and came back with a very iffy impression of the whole thing.

    Really the only difference is that Telegram doesn’t publish their backend, but the one Signal publishes is missing a couple of bits related to their “spam filter”, which happens to take in the source & destination of messages and do anything it wants with them. That doesn’t matter for either platform’s E2EE properties in any case, since distrusting the server is the whole point of E2EE.


  • I don’t know if the Atari Lynx counts as non-major. Anything from Atari should probably count as major, the thing supposedly sold 2 million units, but I can’t remember the last time I’ve seen anyone mention it and that’s still less than 2% of the Game Boy’s 110m+.

    I got the original model as a hand-me-down towards the end of the 90s and I wasn’t super fond of it. The thing looks and feels like a brick and ate batteries for breakfast, the internet says 5 hour battery life but I remember getting like 2. The “left-hand mode” is a cool concept but putting two pairs of A/B buttons on the device feels like something they could’ve done better. It had color, a couple of arcade ports were really great games and there was Chip’s Challenge, but younger me got exhausted just using the damn thing.



  • Crimzon Clover, any version’s good but World EXplosion is the most recent. It’s a fairly difficult and chaotic bullet hell, but the novice mode should be reasonably approachable as long as you’re willing to learn, and the design is superb.

    Similarly, the whole CAVE backlog. Not all of them have novice modes or the like, and there’s quite a few games not really available outside of MAME. The original DoDonPachi is/was considered the best starter bullet hell for a long, long time and still holds up pretty well, but is more difficult than a lot of modern games on their respective novice modes.

    On the indie side of things: Star of Providence (formerly Monolith) is an indie roguelite bullet hell twin-stick-ish shmup with a pretty good amount of depth. ZeroRanger is a much more story-based game that I really enjoyed.




  • The main reason many sub-communities are stuck on Telegram (and Discord) are the public group chat/broadcast channel related features. Signal still has a 1000 member group size limit, which is more than enough for a “group DM” but mostly useless for groups with publicly posted invite links. Those same groups would also much rather have functional scrollback/search on join instead of encryption.


  • Gonna add a dissenting “maybe but not really”. YT is really aggressive on this kinda stuff lately and the situation is changing month by month. YT has multiple ways of flagging your IP as potentially problematic and as soon as you get flagged you’re going to end up having to run quite an annoying mess of scripts that may or may not last in the long term. There’s some instructions in a stickied issue on the Invidious repo.


  • You can’t pretend an open port is closed, because an open port is really just a service that’s listening. You can’t pretend-close it and still have that service work. The only thing you can do is firewalling off the entire service, but presumably, any competent distro will firewall off all services by default and any service listening publicly is doing so for a good reason.

    I guess it comes down to whether they feel like it’s worth obfuscating port scan data. If you deploy that across all of your network then you make things just a little bit more annoying for attackers. It’s a tiny bit of obfuscation that doesn’t really matter, but I guess plenty of security teams need every win they can get, as management is always demanding that you do more even after you’ve done everything that’s actually useful.



  • It’s absolutely not the case that nobody was thinking about computer power use. The Energy Star program had been around for around 15 years at that point and even had an EU-US agreement, and that was sitting alongside the EU’s own energy program. Getting an 80Plus-certified power supply was already common advice to anyone custom-building a PC which was by far the primary group of users doing Bitcoin mining before it had any kind of mainstream attention. And the original Bitcoin PDF includes the phrase “In our case, it is CPU time and electricity that is expended.”, despite not going in-depth (it doesn’t go in-depth on anything).

    The late 00s weren’t the late 90s where the most common OS in use did not support CPU idle without third party tooling hacking it in.



  • Eh, no. “I’m going to make things annoying for you until you give up” is literally something already happening, Titanfall and the like suffered from it hugely. “I’m going to steal your stuff and sell it” is a tale old as time, warez CDs used to be commonplace; it’s generally avoided by giving people a way to buy your thing and giving people that bought the thing a way to access it. The situation where a third party profits off your game is more likely to happen if you don’t release server binaries! For example, the WoW private/emulator server scene had a huge problem with people hoarding scripts, backend systems and bugfixes, which is one of the reasons hosted servers could get away with fairly extreme P2W.

    And he seems to completely misunderstand what happens to IP when a studio shuts down. Whether it’s bankruptcy or a planned closure, it will get sold off just like a laptop owned by the company would and the new owner of the rights can enforce on it if they think it’s useful. Orphan works/“abandonware” can happen, just like they can to non-GaaS games and movies, but that’s a horrible failing on part of the company.


  • Pretty much every form of these scams is some kind of advance fee fraud. Two more possible avenues:

    • “Upgrade to a business account”. They send you an email purporting to be from the payment provider you used saying you need to upgrade to business to receive a payment that large, and the upgrade page is a fake website run by the scammer that asks for a “refundable deposit” or the like (with a little helping of credit card fraud and of course a business account will require all kinds of personal info useful for identity theft too).
    • “But I want it as an NFT” was popular for a bit, they want you to “pre-pay the minting fee but it’s ok I’ll add it to your payment” and then they disappear. But they want it on a website ran by them and the moment you put the crypto in they disappear. Not sure this scam is popular nowadays because NFT screams scam to just about everyone for a lot of different reasons. But “rich guy spends $5000 on dumbass NFT” was a legitimate genre of news for a little moment.

    It’s all preying on someone that thinks they got an easy paycheck for work that they’ve already done, on a populace of artists that could really use said paycheck to pay for food and are thus willing to overlook weirdness or principles. They also tend to pick on newer and younger artists that haven’t quite figured out how to run a business yet, hoping that they haven’t heard of scams specifically targeted to their sector.





  • Personally, I do believe that rootless Docker/Podman have a strong enough security boundary for personal/individual self-hosting where you have decent trust in the software you’re running. Linux privilege escalation and container escape exploits fetch decent amounts of money on the exploit market, and nobody’s gonna waste them on some people running software ending in *arr when Zerodium will pay five figures for a local privilege escalation or container escape. If you’re running a business or you might be targeted for whatever reason (journalist or whatever) then that doesn’t apply.

    If you want more security, there are container runtimes that do cooler security stuff under the hood, like Firecracker/Kata Containers implementing a managed VM, or Google’s gVisor which very strongly intercepts kernel syscalls and essentially reimplements Linux in userspace. Those are used by AWS and Google Cloud respectively. You can integrate those into Docker, though not all networking/etc options are supported.