• 0 Posts
  • 37 Comments
Joined 1 year ago
cake
Cake day: August 18th, 2023

help-circle

  • neatchee@lemmy.worldtoProgrammer Humor@lemmy.mlAbout 90% of all problems
    link
    fedilink
    arrow-up
    36
    arrow-down
    1
    ·
    edit-2
    5 days ago

    It’s a charicature. I’m not laughing because I think it’s real (which would be kind of mean, anyway, since I’d just be laughing at someone screwing up). I’m laughing because it’s relatable to real experiences many people have had, and because of the added commentary about software development.

    Your hyperfocus on reality in media, and failure to see the comedy for what it truly is, is far more cringe than the video 😉

    EDIT: it’s like asking why people laugh at the obviously fake stories stand-up comedians tell because they’re made up. Like, yeah, no shit, that’s not the point.


  • My solution for this type of situation is MicroBin running on my home network from a non-standard port, with a port knocker to open and close the port when needed.

    My router handle DDNS so I can always contact my home network easily. I port-knock to trigger an iptables command on the router to forward traffic to the MicroBin host.

    I also have my phone set up to connect via openvpn to my home network so that I can remotely do things like start and stop services, set port forwarding rules, etc.




  • neatchee@lemmy.worldtoSelfhosted@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    4 months ago

    Oh boy, let’s take this piece by piece…

    DISCLAIMER: I AM NOT A LAWYER AND THIS IS NOT LEGAL ADVICE

    First: let’s talk about the difference between copyright, patents, and trademark

    A patent protects a method of doing something - like a novel piece of code, or a newly invented drug formula - from being duplicated and used or sold without your consent.

    Copyright protects creative works - like art, books, and computer software - from being mimiced. It literally deals with the rights to copy something

    Trademark protects brands - like a logo or company name - from being used by other people for profit. It usually deals with marketplace confusion, as when someone creates a competing product with a similar logo to try to benefit from the logo’s recognition and popularity.

    So, with that said, what are YOU dealing with?

    Well, since you’re not selling software or utilizing anything from the WatchDogs game universe, you’re pretty much free and clear on both patent and copyright.

    What about trademark?

    Well, on the one hand, you are not competing with Ubisoft in any way, nor are you attempting to represent yourself as related to WatchDogs. So, by the letter of the law (in the US), they don’t have a valid complaint.

    However, trademark under US law has this funny feature where an entity that holds a trademark is required to vigorously defend it when they become aware of potential infringement. This is to prevent the selective application of trademark. That is, if I know John is using my trademark and I don’t go after him, then Steve uses my trademark too, I can’t suddenly claim to have an interest in defending it when I didn’t care before. Steve can point at the fact that I didn’t go after John and say “you already gave up your trademark by failing to enforce it”.

    So how does this impact you? Well, unfortunately, even if you are technically allowed to use “dedsec” under US law, if Ubisoft has a trademark on the term “dedsec” specifically, AND if someone at Ubisoft became aware of your use of their trademark, they would likely come after you for trademark infringement just to cover their ass. You might even win in court, but it would cost a whole lot of money that you would likely never be able to recover.

    The good news is that the very first step in a trademark dispute is a cease and desist letter. They’ll demand you stop using their trademark. At that point you can either comply, refuse, or offer to settle the matter by selling them the domain.

    What you do with this information is up to you.


  • Except we know what the lifecycle of physical storage is, it’s rate of performance decay (virtually none for solid state until failure), and that the computers performing the operations have consistent performance for the same operations over time. And again, while for a car such a small amount can’t be reasonably extrapolated, for a computer processing an extremely simple format like JSON, when it is designed to handle FAR more difficult tasks on the GPU involving billions of floating point operations, it is absolutely, without a doubt enough.

    You don’t have to believe me if you don’t want but I’m very confident in my understanding of JSON’s complexity relative to typical GPU workloads, computational analysis, computer hardware durability lifecycles, and software testing principles and best practices. 🤷


  • Imagine you have a car powered by a nuclear reactor with enough fuel to last 100 years and a stable output of energy. Then you put it on a 5 mile road that is comprised of the same 250 small segments in various configurations, but you know for a fact that starts and ends at the same elevation. You also know that this car gains exactly as much performance going downhill as it loses going uphill.

    You set the car driving and determine that, it takes 15 minutes to travel 5 miles. You reconfigure the road, same rules, and do it again. Same result, 15 minutes. You do this again and again and again and always get 15 minutes.

    Do you need to test the car on a 20 mile road of the same configuration to know that it goes 20mph?

    JSON is a text-based, uncompressed format. It has very strict rules and a limited number of data types and structures. Further, it cannot contain computational logic on it’s own. The contents can interpreted after being read to extract logic, but the JSON itself cannot change it’s own computational complexity. As such, it’s simple to express every possible form and complexity a JSON object can take within just 0.6 MB of data. And once they know they can process that file in however-the-fuck-many microseconds, they can extrapolate to Gbps from there


  • Let em figure it out. Wasting their time is a core strategy in reducing their impact and will to continue cheating

    I certainly didn’t share it myself but it’s possible my old boss did!

    TBH, in my very personal opinion the third party anti-cheat apps are like 50% placebo. Just makes people feel better. They are very protective of their “secret sauce” but I can say none of them are anywhere close to perfect. The thing they’re best at is taking the easy stuff off our plates so we can focus on the more difficult problems of hardening the game itself and analyzing telemetry.






  • Oh yeah don’t get me wrong, I think change.org as a product is hot stinky garbage. I don’t take anything they produce seriously lol

    I just don’t expect them to do anything differently under the current circumstances is all heh. And their business is married to the design at this point, so I don’t see them pivoting any time soon. As you suggest, they need a competitor that can do it right to come along and actually produce some kind of meaningful results in the political arena, but that’s a whole other can of worms.

    I literally have an idea for this, and am kinda just sitting on it until I find the right people. I’ve been on the lookout about 10 years now for a) someone with a comprehensive understanding of constitutional law and b) someone with a comprehensive understanding of political finance and lobbying, both of whom also need to be progressive and interested in 501©(3) work. A bit of a unicorn :p


  • As it ever will be, much as it may pain our moral sensibilities.

    Re: CoD - I loved it. Laughed my ass off. Absolutely a big fan of creative approaches to getting cheaters to tell on themselves. I proposed something similar to my team when we had a problem with players manipulating the position of objects in the world so they were directly in front of the player: add an object of the same type inside map geometry and attach a “kill volume” to it, so it was like a landmine. Move the object in front of the player and they instantly die :P Wish we’d done it but couldn’t get the level designers’ time to implement it unfortunately

    One we did do though: back when the product I worked on was on PS3 one of the big problems was hacked consoles spoofing platform entitlements (the thing that tells the game what purchases they should have access to). So we added an entitlement that couldn’t be acquired in any legitimate way, and gave you a specific item in game. Then we just checked player inventories once a week for anyone with that item and banned their account, their console, and any account that played on that console for a meaningful amount of time. Did the same thing with an item you could only get to by clipping through geometry. Even put the word “intrusion” in the item’s name haha.

    The cheats are so technically complicated at this juncture that the creative stuff is often the most effective. I mean, people are literally voluntarily installing hypervisor rootkits to run the cheats, so they can talk to their drivers below even the kernel. It’s so hard to come to with technical solutions to a problem like that that doesn’t wind up costing massive server processing power to validate every input.


  • Funny you mention the robocall thing… I’m literally leaving a company that works on that problem (though not as their primary business) Wednesday. It was a short stint - mostly because they are resistant to solving massive technical debt problems and I’m not trying to doom my future self - but what I witnessed was…depressing. Getting anything done was like pulling teeth, and that’s with the recent FTC pivot to taking this stuff more seriously. STIR/SHAKEN is a reasonable start but it still has almost no teeth behind it.

    I’m with you on the identity issue. I mean, if we’re being really honest, the only people losing out by not implementing strong personal identification verification are the legitimate end users because the threat actors have gotten so unbelievably good at fingerprinting user behavior. And it’s only going to continue getting worse. With ML growth as unfettered as it is, there is nothing we can do. So I’d much rather take the reigns and make identity verification a robust feature instead of a bug we can’t squash.



  • You’re not wrong, but this isn’t really a security matter, it’s an “apparent uniqueness” matter. Their goal, I assume, is to satisfy critics enough that a given petition’s participants are sufficiently unique while keeping the barrier to filling out the form as low as possible. So they end up in a situation where neither of perfect, but they’re both “good enough” for what the business needs.

    I dealt with this in the anti-cheat space: my goal was never to remove all cheating, because that’s too expensive (insanely so). My goal was to make the public believe they weren’t playing against cheaters too often. If the solution was forcing the cheaters to perform at a level that was just below the most skilled human players, that was actually a success, because if the players can’t differentiate between cheaters and pro players, then they can’t effectively determine how prevalent cheating actually is.

    Part of me hated that we had to treat it that way, but another part of me understood that if I pushed too hard on “eliminating cheating” my department would become more costly than it was worth and they’d pivot away from gameplay that needed anti-cheat at all


  • Requiring SMS validation is a massive barrier to entry and not a viable option for a service like Change.org that relies on a certain level of participation.

    There’s literally another comment made at almost the same time as yours complaining blocking the use of + and such is too high a barrier to entry and just the devs being lazy. Meanwhile your suggestion is raise the barrier to entry even higher if you care about uniqueness of submissions

    It’s a no-win situation for Change.org so they went with something that meets their business needs. Can’t really expect much else from them tbh


  • neatchee@lemmy.worldtoMildly Infuriating@lemmy.worldFor security reasons
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    2
    ·
    6 months ago

    I don’t think the reason they’re being used is relevant to their problem though. “Think like an attacker” wins the day here: as an attacker, I don’t care what it’s meant for, only how I can use it to my advantage. If it’s something they observed as a problem, I understand why they would want to stop it.

    As for “-”, yeah, I don’t have a particularly good explanation for that one except the assumption that it’s something similar to + addressing on a different service.