Mikina

Mikina , 13 days ago

I used TS for the first time in like 15 years litterally two days ago, funny timing.

Yeah, I lost EVE. Again.

Mikina , 12 days ago

Serious EVE players are something else. The mention about IT security isn't a hyperbole, some EVE players take the espionage meta-game very seriously, and even though it's not only against the rules but also illegal, that's not gonna stop them. I mean, once they literally got someone to turn off electricity for a whole town just so they can win a fight (I tried to find a link to the article, because I'm 90% sure I did read about it somewhere, but I can't manage to find it anywhere, if anyone has a link. Maybe it was just a rummor, or an unexecuted plan?)

Mikina , 1 month ago

Some kernel anticheats work too, I had no issues playing Helldivers and Hell Let Loose, both of which use EAC. Developers have to enable Linux support, which AFAIK is just one checkbox, so you still get games that don't allow it (like EVE Vanguard), but most of them are OK.

League and Valorant is a different story, those don't work.

Mikina , 1 month ago

But... They said that privacy is the most important thing for them 0_0
https://about.meta.com/actions/protecting-privacy-and-security/

Mikina , 1 month ago

I do feel kind of simillarly betrayed. Watch Dogs were my forst point of reference into what hacker subcultures look like, and it has shaped a large part of my life - next month i's going to be 5 years I've worked as a Red Teamer in a cybersec company. I'm also mostly a poser, and the aesthetics simply makes it way more fun - making art that's tied into what you do is great, assuming you dont take it too seriously, of course. Not that I do it, but the way Watch Dogs portraied it, it was fun.

Is it neccessary? Of course not. Is it a shame there aren't many hackerspaces with cool street art, and hacktivists making over the top manifests ajd cool streetart around our town? A little bit.

Mikina , 1 month ago

First thing I did after I got Kagi was to set lower priority for Reddit results. My search experience has been way better ever since.

Mikina , 1 month ago

What's really unhinged is the amount of resources invested into gaslighting Meta does.
https://about.fb.com/news/2024/01/investing-in-privacy/

They even have a "Chief Privacy Officer". They have brainwashed entire departments into believing that Meta actually cares about privacy, it's so terrifying. I wonder if people working there realize that, or they have simply fell for the gaslighting.

Mikina , 1 month ago

Max Schrems, the Austrian activist lawyer whose 13-year legal crusade against Meta is what gradually removed those options

I wonder, does anyone know how would one go about acomplishing something like this? One of major websites here in Czech, and a major search engine, has started doing exactly the same thing - pay or agree. And I really don't like that. Are there organizations you can contact, or do you have to have the resources to just sue them?

Mikina , 1 month ago

I tried reading the website, but Im not really sure I get it. What it's supoosed to be? A way how to make FIAT payments thats open-sourced and private (so you dont have to pay stupid fees to banks), and it integrates into the current banking system, or is it some kind of digital currency that's not blockchain based?

If it's the former - isnt any kind of payment without KYC almost impossible, since its heavily regulated? So, you can't really have private payments in environment where there's stupid amount of laws about how much you can actually pay without it being identifiable, for example the super small monthly limit on anonymous prepaid debit cards?

Mikina , 1 month ago

Oh, I see. Oh well.

Can I send money to my friends with Taler?
Taler supports push and pull payments between wallets (also known as peer-to-peer payments). While the payment appears to be directly between wallets, technically the operation is intermediated by the payment service provider which will typically be legally required to identify the recipient of the funds before allowing the transaction to complete.

Mikina , 2 months ago (edited 2 months ago)

I can't really imagine how would this work in practice. While "I'm using industry standart AES encryption" may mean the cypher and the key itself will not be breakable, the bigger issue is how to get the 256b key from the player. Does he expect them to actually figure out and manually input 265b of data? That would be a pretty hefty game design challenge to make something like that possible.

I'm betting there's probably something that generates the key from a vastly smaller player input, i.e what gameobjects you interacted with, in what order, or what did you press/place somwhere. But that also means that the entropy is probably in the bruteforcable range, and once you find the function that decrypts the secrets, it should be pretty easy to find the function that generates the key, and the inputs it takes.

The only A solution to keeping data from data-miners I can imagine would require just storing the key on the server - which could generally also be bypassed, since then you probably need a way to request the key, which could be data-mined and faked, so you're back at step one - how to validate requests for the key.

Or just make the secret puzzles so difficult, that they can't be brute-forced and the result really is 256b or more of data. Thinking about it, having specified 256 inputs you either have to make or are red-herrings that shouldn't be interacted with isn't really that much, but then the data-miner can just check the location of each one and filter out the inaccessible, and bruteforce the rest. And if all are accessible, it would make for a really difficult secret to discover properly.

Mikina , 2 months ago

Most of cyphers have some kind of decryption key, mostly between 256 to 4098 bits long. That means the (256 bit) key is 256 ones or zeroes (where order is important), so there's 2^256 combinations you have to try. To quote a stack overflow question about it:

You'd expect to find it after going through (on average) half of the keys, so average expected number of attempts would be 2^255. This is a Really Big Number. If every atom on earth (about 1.3 * 10^50 atoms) was a computer that could try ten billion keys a second, it would still take about 2.84 billion years.

But, remembering and imputing 256 ones or zeroes (or one number between 0-2^255, if you convert it from binary to decimal, which is around 78 digits) is really difficult and infeasible in practice. Due to that, when you want to encrypt something for example with a password that is easier to remember, you somehow have to generate the 256b key from the password, usually using a hash function. Because hash functions are designed to convert mostly any input into a 256b (or other size) bit keys, while making sure that the 256b are randomly distributed - so if you for example change one letter in the password, the hash will be absolutely random (but still the same for the same input), with no way to tell that it has anything in common with the hash of the previous password.

However, this introduces a problem - if for example you only used 4 digit PINs for the password, all anyone needs to do now is to 1) figure out how you generate the 256b encryption key from the PIN (which is usually doable by reverse-engineering the code), and 2) try every 4 digit combination, generate a key from it and then see if that key decrypts the data. That's only 6561 combinations, and can be done pretty quickly. So, by using the password that's limited to 4 digit PIN, even though you are using a 256b key for encryption, you have reduced the number of keys that can be valid - because there's only 6561 valid passwords, which only map to 6561 encryption keys out of the 2^256.

EDIT: I've realized that I've explained something you didn't ask for, I'll just keep it up for others, I didn't read your question properly, sorry about that :D

For the game development, assuming the author wants to use AES, it would mean that either there is some kind of "password", be it having to input a number, interact with game objects in certain order, or do some actions in order, out of which the key is generated. But then the answer has to be really complex (super-large number, or interacting with tens to hundreds of objects, or a long string), so the number of possible answers is large-enough that it can't be brute-forced - which would make for a really hard puzzle. Even if you for example required the player to input a text password of some kind, it could get frustrating, since it would have to be pretty long to not be bruteforcable.

The other solution I was thinking about is that you would have 256 objects or puzzles, where represents one "digit" in the key. If you solved the puzzle, the digit would flip to 1. However, it would be easy to check from code which puzzles are connected to the key - because that's what you are generating the key from. That would mean that unless you want the key to be all 1, some of the puzzles that are connected would have to be unreachable by the player (which can also be data-mined with some effort) or intended to NOT be solved, which does add more complexity and makes the puzzle even harder - those would be the red herrings.

could the game designed in theory put those 256 bits of key into 256 puzzles - with several hundred more puzzle pieces being red herrings?

Not exactly, because if you wanted to generate the key by solving 256 puzzles, it would mean that either the key is 256 ones, or each puzzle has a value - one or zero - it adds to the key. If that's the case, then you can simply take the values from the puzzle code and generate the key like that. Having more red herrings wouldn't help, because in code (which you can dissasemble and reverse-engineer with enough skill), there will have to be a function "UnlockSecret(key)", and probably something like "key = CreateKey()". And in the CreateKey function, you have to have only the puzzles that are not red herrings - otherwise the code has no way of knowing which puzzles to use for building the key. So a dataminer would just check the CreateKey function, and then check what exact puzzles are used for the key. That's why the only option in this case is to have a 256 puzzles, where each is either completed (1) or uncomplete(0), and out of the 256 puzzles, some are red herrings that should not be completed (and stay at 0), and some that should be - and those add 1s into the key.

However, now that I think about, just having some kind of a cypher puzzle which gets you a password of 10-20 characters (that's 10^29 options) would probably be enough. But then again - that's not that much fun, and it greatly limits what you can actually design.

Mikina , 2 months ago

Most of the costly algortihms I know of are still reasonably fast, i.e you can try thousands of checks per second, so it would definitely help, but you would then still have to design a puzzle that has a large number od possible answers or combinations - which I still think really limits what you can create with it.

He could design a check/hash that would take a lot longer than common algs like bcrypt, but then theres a risk of someone reverse engineering it and simplyfiing it, or even finding a vulnerabilty that makes guessing the key easier. Because its suprisingly really difficult to make a hash that is matematically ok and doesnt have side-effects. Especially since crypto is dealling with some obscure advanced math, and some of the vulnerabilities in existing algorithms are pretty mind-blowing - especially since the more math you stack up, the more chances are there of you unknowingly using some kind of obscure math laws that can be used to simlplyfi or predict the results of your algorithm.

For a really bad and simple example (that kind of illustrates the point) from the top of my head, if i was just multipliing the input by 2 to get the key, and i did it 1000 times, it would mean that 1) the attacker could make it faster by multiplying it just once by 2^1000, and 2) the result would always be even, so now he knows he only has to bruteforce half of the keys, since it cannot be any odd key.

Mikina , 2 months ago (edited 2 months ago)

Anti viruses won’t care as it won’t be injecting executable code.

When I first started working on malware for my offensive cybersec job, I felt pretty at loss about how the fuck are you supposed to execute anything, if you simply have to 1) allocate memory with READ_WRITE_EXECUTE, and then 2) execute the memory.

I thought that's something that legit programs don't have any reason to do - why would you ever need to allocate RWX memory? I've never done that in my entire programming career, and every bit of your code is already loaded into memory once you start the program - at a special, protected part of memory. There's no reason to ever allocate anything manually. And I spent a lot of time trying to figure out how to deal with this issue when writing malware, since I kind of expected that once you try to allocate RWX memory manually, and god-forbid execute it the AV will simply not allow it and flag it as highly suspicious.

Well. It turned out that actually almost everything I've ever written does use this call. A lot. That's when I learned what "JIT compilation" means, and that I've really misunderstood the basic concepts of C#.

So, surprisingly, most of programs you run (that are in C#) actually inject executable code at runtime. Although, I'm not sure if Unity actually doesn't compile into something that's not JIT C#. I guess only if you use ILL2CPP?

Mikina , 2 months ago

It was a really interesting food for though, especially since both cybersecurity and game development are my main areas of focus (I work part time in offensive security, and part time as game dev). I has actually motivated me to start considering that I might give data-mining this game a try, because I'm really interested in how he wants to solve the many issues present.

I'm betting it would probably be mostly leaning into "security by obscurity", but if that's the case, throwing a gauntlet like this wasn't a good idea. Because every technically sound solution I came up with was a nightmare from game design standpoint, and I couldn't came up with any puzzles or secrets that wouldn't be extremely complex, mostly because you just require a really large problem and input space for it to not be brute-forcable at any of the reverse-engineerable stages.

Also, I have a soft spot for clever marketing tactics, and this one is amazing.

Mikina , 2 months ago

I was always aiming towards just being a gamedev, but since there weren't many Bachelors degrees at the time focused on that, I went for Software Engineering, and then Masters in gamedev. However, experience working for alongside school in QA for a bigger gamedev company has kind of made me realize that corporate and AAA gamedev isn't really art, and you're basically the same code-monkey as you would be anywhere else, just for a lot less money. And since at the time I just played Watch Dogs 2 and was running a Shadowrun campaign, I was pretty into hacking at the time, solving CTFs and generally researching into it, which was prompted by one optional class on pentesting.

So I decided that since working in gamedev will probably leave me burnt out and with lot less money, I just applied for part-time cybersecurity job so I could finance my hobby gamedev career that's not limited by the fact that it's my livelyhood and I have to make money - and that makes every kind of art so much better. I still went for Masters in Gamedev, though. And after several years, the cybersec company started to turn more and more corporate, and I was offered a job at a small indie studio made of mostly friends, so I switched from full to part-time, and took another part-time for a lot less money but with an amazing work environment.

Besides that, Red Teaming is basically just LARPing Shadowrun, it sounded like the perfect job, just trying to talk and hack you way into banks and corporations, I couldn't say no to that :D

Mikina , 2 months ago

If you don't use Discord for voice much, Matrix has a pretty solid bridges you can use.

Hosting your own Matrix server is suprisingly way easier than I though - got a VM on hertzner for like 5$ a month, and there is an Ansible script that takes care of the setup for you. It's also one of those rare cases where someone made an Ansible script that actually works, instead of you getting stuck in dependency-hell (seriously, fuck npm. Not a single docker or ansible tool that has used it ever worked for me out of the box. Python can get simillarly annoying).

They have a pretty easy to follow guide, and the whole setup took me like 20 minutes. I only edited a few options in config.yml (mostly to add Messenger and Discord bridge), and ran the ansible, and it worked at first try.

So I could at least ditch both messenger and discord apps from my PC and phone, without having to convince anyone to quit their poison - with only issue being that you can't use Discord voice. And that the messenger bridge is still unreliable sometimes, but those are still minor inconviniences in comparison to my deep-seated hate for Meta.

Of course - Meta still gets my chat data and content, same as Discord. But at least they don't get anything else from my phone or PC.

Mikina , 2 months ago

you need to do it not only for every Discord server you want to use on matrix, but every channel as well. It’s a huge chore. And ofc it doesn’t work with Discord DMs.

This wasn't my experience at all - all I had to do was message the Matrix bot with servers I want to join (I'm not a mod on any of them), and it bridged all channels in that server. Also, Discord DMs are working fine.

I'm using the mautrix bridge, which doesn't use a bot or anything like that, but uses your Discord session instead.

Mikina , 2 months ago

Same issue. I guess I'm never going back there. I've already stopped doing it, but from time to time a question I was researching let me to Reddit.

What's the best tool to delete your account, while also overriding all of your posts and comments?

Mikina , 2 months ago

Why, though? I have helpful answers in many threads, giving support about arcane issues people have been dealing with. I don't want this content to be monetized further.

Mikina , 2 months ago

I'm glad to see my instance is part of the FediPact! Thanks for the link.

Mikina , 2 months ago

I think that EEE would not be as impactfull here - I mean, at this stage, without Meta and already at small numbers, if they went through the EEE cycle we'd probably just be in the same position. Meta people came, and then left, nothing really changes. The people who are here are already decided to avoid Meta and other platforms, and they already have features Fediverse doesn't.

My issue is that by Federating, Meta is stealing and monetizing our content we post here, to fill their bullshit Threads with content, which its severely lacking. I hate that and don't want that in the slightest.

Mikina , 2 months ago

Few recommendations from the top of my head, from skimming the post.

I'd recommend checking out QubesOS (https://www.qubes-os.org/), especially since it seems you switch between ToR and already use Silverblue, which is AFAIK similar, but why not go all the way in?

Also for VPN - I've switched Proton for Mullvad VPN, because I really like the idea they are going for - if you pair Mullvad browser, that is designed to have the same fingerprint for all users, with a VPN that's from the same company, you can kind of expect that most of the Mullvad VPN users will also be users of Mullvad Browser. Which means you will not be one of the few Proton VPN users with Mullvad fingerprint, but will have the same fingerprint as most of other users of Mullvad VPN. This will make it harder to fingerprint you based on your browser. One word of warning, though - don't install extensions to Mullvad. If you do, you break the "same fingerprint" premise, and the more extensions you install, the more identifiable you are. Mullvad should be used without any extensions.

Another thing I see is music streaming - I think that in general I'd recommend just getting a cheap laptop/NAS and run your own Jellyfin, and slowly start building your own music collection. You can also run Matrix server as a bonus, and bridge all your communication (including Signal, even though that may not help that much) - but it does help if you need to use some kind of service, i.e Messenger, for group or work related purposes.

My approach to music was to cancel my subscription, and then use the money I save to spend on albums on Bandcamp, so I still support the artists I want. I make sure to do that every month. Since there's just wast amount of music to get, I use Headphones with an account on redacted.ch to fill my library, but I still make sure to buy albums I like even if I already have them downloaded. The added bonus is that you actually don't loose any of your music, if the artist decides to pull it off the streaming service, which has aready happened to me several time.

If you want hosting your own LLM, take a look at https://refact.ai. But note that it's not really cheap, I've recently upgraded my computer and decided to use my NVIDIA 1060 to run refact, and it still didn't work well - 8Gb of GPU memory is borderline usable, and I couldn't do the finetuning.

Mikina , 2 months ago (edited 2 months ago)

My own setup from the top of my head would be:

• Browser: Mullvad with Mullvad VPN, LibreWolf for stuff that breaks. Brave if I really have no other choice.
• Phone: Pixel with Graphene, main profile is Google-less, second profile with Sandboxed GServices for apps that don't work without it but I need them, downloaded through fresh gmail profile. Third profile linked to my old gmail with credit card for the two apps I bought and sometimes need to use.
• Mail: I use Protonmail, with my own domain that sounds vaguely corporate. I have a catch-all address, and generate random name.surename@mycorpdomain.com addresses for each service.
• File storage: I have a NAS, that I use for most file sharing I need.
• Music: Jellyfin server with Headphones and redacted.ch account, and I also make sure to support artists every month by spending what would be my Spotify subscription price on Bandcamp albums
• Desktop: I run Nobara, too lazy to run QubesOS - plus I game a lot, so it would be infeasible. I mostly try to get stuff on GoG and back it up on my own NAS. I have a ZeroTier network set up for streaming through Sunshine/Moonlight when I need to game from a laptop.
• VPN: I use Mullvad paid for with Monero, because it plays nicely with the Mullvad Browser fingerprint.
• Home automation: I have a few basic stuff made for Home Assistant that is running on RockPI I have at home, everything local and without any cloud, mostly through ESP32s.
• Messaging: This is the one I hate the most - most of the groups I'm working with or volunteering for use Messenger, so I have a Matrix server hosted that bridges it and Discord. It's not ideal, but better than having anything Meta on my phone.
• Payments: This one is the one I'm struggling with the most. I pay by card almost everywhere, because cash is so much effort. I've tried looking into crypto or prepaid cards, but it's really hard to find anything without KYC in Europe, so I've given up. I'm looking for advice regarding this, but I'm afraid that aside from switching to cash I'm out of luck.
• Passwords: I just use Bitwarden with YubiKey setup, same as using YubiKey for every important MFA I can. I have two backup keys stored at home, so I don't need to use other recovery methods that would render it useless.

Mikina , 2 months ago

That's seriously impressive. I wonder, what is your threat profile for all of these? It seems to me like some of the things you do have a drastic impact on user experience, while also not providing that much of a benefit unless you have some really sensitive data.

Mikina , 2 months ago

If I have more items with club price that would make a larger difference, I just quickly register a new one-use account with disposable email and random address in the app, and delete it afterwards

Mikina , 3 months ago

If you use nvidia, make sure to choose a distro that deals with their drivers by default. I havent manage to get Nvidia drivers and ingame cutscenes to work on Fedora, but after switching to Nobara all is well now. (And switching to KDE on X11, since wayland was freezing occasionally and some apps wouldnt work)

Aside from HDR, I still havent managed to get HDR working and its starting to look like it wont really be possible. And Unity. Unity simply doesnt work both in a VM and on Linux, so I annoyongly still have to dualboot.

Other than that, ive switched around two months ago, and aside from the first pains caused by me choosing Fedora instead of Nobara, everything mostly works without issues.

Mikina , 3 months ago

I did switch around a month ago due to a thread similar to this, and I have booted windows like twice since then, and im really glad I made the switch. So, yes, threads like this did help me, while also providing good starting tips.

Mikina , 4 months ago

Is that second factor, though? If I understand it right, you are basically generating your MFA from your password manager, is that so?

Mikina , 4 months ago

I see. IIRC from school, "factor" actually has a definition - it's either something you have (keycard, phone), something you are (biometrics) or something you know (password).

For authentication to be truly an effective MFA, it would have to require at least two of those factors. And that's also why I.e email isn't really a MFA.

So, I guess it boils down to where are you storing your passwords. If they are also in the password manager, then, its only 1FA, because knowing your password manager password is enough to defeat it. (Or, if someone finds a zeroday in the pass manager).

Mikina , 4 months ago

This is so sad to read... It makes me so angry that even when they won several lawsuits, Sony could just drive them out of business by suing them some more, and threatening stores that wanted to sell their software.

Mikina , 4 months ago

Wouldn't this, along with the other numerous talks on ECS that were made before Unity copyrighted it, be enough to challenge the copyright and have it revoked? Or is that not how copyright works?

Mikina , 4 months ago

They did that to Parsec. Their SDK was once an openly accessible and amazing alternative for Steam Remote, which (In my experience) worked better and was easy to integrate into Unity.

Then Unity bought them, closed-sourced, and if you want access to the SDK, you have to ask for it and they have to approve it.

We tried that three years ago, mentioning that we're just a team of students working in school on a two-player only coop project that could really use a multiplayer we can't implement.

This is their response, and I'm still salty about it to this day:

Thanks for reaching out about Parsec! You mentioned in your comments that you were interested in SDK. SDK starts out at $1million. I think upgrading to our Teams plan might assist with the lag issues you're experiencing with your team.
Our Teams subscription starts art $35 per user.
Please let me know if you have any further questions you have.

Mikina , 4 months ago

I disagree with this. There is one glaring issue with AI-powered weapons, in comparison to other traditional ones - the skill ceiling required to make massive damages at scale.

Sure, you can probably level a whole town if you get your hands on some kind of advanced artillery. But it's still vastly more complex machine, that probably requires extensive training just to operate. You need an army for that, and army is made of people who will hopefully tell you "No, we're not doing that", if your request is not reasonable. And if you somehow try to do it yourself, good luck getting more than a few shots out before someone notices and tries to stop you.

If you have an army of hundreds or thousands of AI powered suicide drones, where you just slap an explosive on them, set a target and the whole fleet will start running, you only need one person with a computer. And once you send the fleet, it's vastly more difficult to stop it. Hell, you probably don't event need to physically get to the drones, if you can hack into the system that controls them.

And that's the biggest issue with any AI-powered weapon, and a reason why they shouldn't exist.

Mikina , 4 months ago

That is true, and not exactly what I was getting at. I was more talking about stuff like coups or domestic terrorism, where you can cause a way more wast amount of damage if you have autonomous AI weapons.

Also, there was that one time in the cold war (I think) where the Russian guy refused to launch a nuke, and it turned out it was a false alarm, which has probably saved the world.

Should i.e. Putin decide to hold onto his power at all costs and started leveling cities in Russia, where most people don't agree with him, you'd probably get a lot of people in the army who wouldn't be OK with that. Maybe, I don't know. But should he have an army of autonomous AI weapons, all he needs is a few guys who do, and know how to launch it.

Mikina , 4 months ago

You are probably right, it wasn't really a great example. I think that's probably because Russia is already deep into dictatorship and indoctrination, so the fear-inspired loyalty is deep enough for them to not really need an AI autonomous weapons to do whatever evil they need.

But the point I was trying to make is that with AI weapons, it's definitely easier in a more stable and democratic army to get there and cause massive amount of damages, stage a coup or just do domestic terrorism, because you don't need to convince large amount of people to fight for you. You just need a few who can operate the swarm, and getting loyalty of few people is way easier than convincing an entire army.

The same can be said about weapons of mass destruction, but most of them are also really difficult to get, and pretty hard to operate - or you can be easily stopped. If you unleash a swarm of murderous autonomous drones, it will not be pretty. And that's why I hope they will get treated with the same level of respect as nukes do, and not used as a part of common conventional warfare.

Mikina , 4 months ago

This made me wonder - is there any active Best Of community on any instance? This would be a perfect candidate.

Mikina , 4 months ago

I've been having a pretty good experience with Mullvad, however I don't hear many people talking about it. I wonder why is that, IIRC it's being developed with Tor Foundation, and is basically a Tor browser for clear web, and that sounds perfect. So far, I didn't run into any issues, so is there a catch, or are they just not well enough known yet? Or, maybe people are turned away by their optional VPN?

Mikina , 4 months ago (edited 4 months ago)

I was using LibreWolf before, but I really like the idea of bundling VPN + Browser, and also the way they handle payments - not only is Mullvad VPN kind of cheap, I can just pay with crypto and don't need any account (kind of - you just generate username that also serves as an password, without any other contact information required).

But what I like the most about it is the idea of making a browser with the goal of having the same fingerprint between users (as much as possible), and offering it with a VPN - becuase that means that most of other users of the VPN will probably also have the same fingerprint from the browser, so you will blend in with them. I wasn't really sold on the idea of VPN before that and didn't use one, but this was what convinced me.

But tbh I haven't done much research into the company, or into the effectivness of their implementation. I'm kind of betting on their cooperation with Tor Browser, which should have most of this stuff already figured out. But it's possible that other browsers are just better at it, I never checked.

I do however still use LibreWolf for the occasional site that breaks with Mullvad, but it's not something that happens too often.

I use(d) the VPN alongside it and found the add-on “hints” regarding the correct DNS settings more frustrating than helpful, too.

Hmm, I don't think I've ever noticed anything about DNS. I think I've actually never click on the browser vpn extension, though :D Is it the encrypted DNS hint?

EDIT: Found this, apparently it's doing pretty well https://privacytests.org/

Mikina , 4 months ago

But then you are risking an actual reprecussion for your actions, and would have to deal with consequences of several really pissed of corporations with a recipe about how much money did your actions costed them in damages, that would be pretty hard to wriggle yourself out of.

Which is exactly why (proper) protesting isn't easy to do in the slightest, and you have to really believe in the cause to resort to such things. And that is how it should be. It's also why you only end up with with random people blocking inconsequantial roads or ruining glass-protected paintings. Because they want attention, they want to feel good that they're doing something, and protesting is the edgy thing to do that nobody understands. But at the end of the day, they want to go back to their instagram so they can post about it, instead of dealing with the consequences.

If you resort to such a drastic action, and protesting definitely is a drastic action, at least the kind the post is talking about, you should sacrifice something other than your free time and a pocket change in fees, otherwise it has no value. That's why demonstrations held at a weekend or holidays feel so cheap, if you aren't even willing to take your time off for it, whats the point?

I wouldn't for most of them. So I don't attend. But all these "feel-good" demonstrations and protests are only succeeding in undermining the grave nature of protests and demonstrations, to the point where no-one really needs to take them seriously.

Mikina , 4 months ago

I've had this conversation so many times with my partner. She's on an older laptop in a room that's directly through a pretty thick wall from the router, but its still a short distance to bring an Ethernet over, and she's always using her laptop only at her desk there anyway.

She's always yelling at me (who have my desk right next to the router, and everything I use has Ethernet ) that the internet is down again and that she really needs it right now, because work.

But no, getting angry at me that I should do something about it is fine, but that something apparently shouldn't mean the most feasible solution.

I'm not dealing with a WiFi extender for a spot that's literally like 8 meters from the router, for her 100mbs WiFi card.

But it's her loss, at least I have the remaining 900mbps for myself from our plan...

Mikina OP , 4 months ago

I love this so much :D That reads like something I'd expect from ZA/UM, but it also thankfully alleviates most of the major issues I had with the game, which I've already talked about here on Lemmy. I really liked the game, but there was a lot of red flags point to it being just a quick corporate cash grab, where they decided to basically re-skin heir previous game based on with as low effort as possible, to quickly sell it and cash in on the Pokemon thing. It just smelled with corporate greed, and that they did not really cared about the game too much.

But assuming this screenshot is true, I'd say that it's clear that it wasn't development driven and pushed by corporate greed, but really just a few of guys trying their best.

Mikina OP , 4 months ago

It turned out it's not true, they did use VCS. However, they mention a pretty horrifying story about VCS nonetheless.

They were a team without prior or professional gamedev experience, and they were using git. The first senior engineer, and first member of the team who actually was a professional game developer, was someone who ranomly contacted them due to liking Craftopia. But he didn't have experience with Unity, only Unreal, so they just said mid-development "Ok, we'll just throw away all we have so far, and we'll switch to Unreal - if you're willing to be a lead engineer, and will teach us Unreal from scratch as we go."

And then, they also mention this:

Surprisingly, [the new engineer] had no experience using the version control system git.

According to him, Perforce seems to be a better match for Unreal Engine.

But Perforce is too expensive. This is not the amount that a company like us would pay.

If you can't use Perforce, you should at least use svn instead of git.

Fully trusting his words, I also migrated my version control system from git to svn.

Mikina OP , 4 months ago

It turns out that most info from the screenshot is false, there's a better article that's written by the actual developer linked in the updated post.

He did talk about them not having a budget plan, which was a fairly long part of the article, but can be summed up like this:.

Figuring out budget is too much additional work, and we want to focus on our game. Our budget plan is “as long as our account isn’t zero, and if it reaches zero, we can always just borrow more money, so we don’t need a budget

He also further down mentioned actual numbers of how much went into the development:

Judging from Craftopia's sales, it's [the budget] probably around 1 billion yen...
Because all those sales are gone.

Mikina OP , 4 months ago

On the other hand, now that I think about it, SVN may actually be better for Unity projects than git is, at least in some areas.

One major issue with Unity and VCS are the scene and asset files. Trying to mere scene changes when multiple people have worked on the same scene is hell, to the point where it's usually better to just choose one changset and manually re-do the other. I know there is a unity merge tool for that, but since you have no idea what exactly it did, it's been pretty hit or miss.
SVN could solve that issue, since you can just lock files.

However, that still doesn't outweights the benefits of virtually every other feature of VCSes.

It's such a shame that Unity are greedy bastards that tend to buy out and heavily paywall amazing projects. I've worked with Plastic on one project, and it's amazing. I've really enjoyed the workflow, and the way the merging works is awesome. But then, Unity came and now it's unaffordable for anyone but larger teams.

Same with Parsec. Parsec has been an amazing alternative for Steam Remote, that had open source SDK and libraries to integrate directly into games. It was a perfect alternative for smaller teams that can't make proper multiplayer. And once Unity bought them, they've removed access to SDK only for companies that directly ask for it - which we (being a small student project done on our free time, that really could use MP since it's two player only local coop game) have done, mentioning that we're really just students and hobbyist.

They response? They basically said "Sure, we can give you access to the SDK, no problem. The first step is to pay us 1 000 000$ for it.". How can anyone be so out of touch?

Maan, I hate Unity.

Mikina OP , 4 months ago

I had no idea git-bisect exists, and we've been doing binary search for broken stuff by hand every time. Thank you for this mention!

We're just in the middle of investigation a performance issue, and this will definitely make it a lot easier.

Mikina OP , 4 months ago

I prefer Plastic way more than Perforce, from a brief experience I had with it on one project. Too bad it's been a victim of the Unity's "buy it, paywall it" strategy, where getting a license is mostly unaffordable for smaller team.

Mikina , 4 months ago

I haven't really looked into it too much, but... Aren't they actually right in this case?

Sure, reading "we can't protect your privacy because you're using privacy-centric extension..." feels like bullshit, but from how I understand it based on the screenshot, the issue is that you have blocked the cookie permissions pop-up, whose main reason is to give you an option to opt-out of any tracking cookies, thus protecting your privacy. While also being required by law.

However, this depends on how exactly is the law formulated. How does it deals with a case where you don't accept, nor decline any cookies, and just ignore it? Are they not allowed to save any cookie until you accept it and specify what exactly can they save? Or should they not let you use the site until you accept it?

I vaguely remember that it used to be enough to just have a OK-able warning that this site is using cookies, but then it changed to include a choice to opt-out. Which could indicate that unless you opt-out, which they are required to give you a chance to, they can use whatever tracking cookies they want. And if that is the case, this message is actually correct.