vanderbilt

vanderbilt, 1 month ago

I’m agree, but game pass has been offering meh value in the long run for me. Sure there are a few new titles, but once your run through your backlog it’s just ok. Problem is that Xbox lacks the blockbusters that appeal to the masses this generation, coupled with an utterly confusing naming scheme that I still don’t understand. What Xbox should I buy? No idea, because the names mean nothing.

vanderbilt, 1 month ago

Ding-ding. It so long as the shareholders of today get their gains, they could care less. The Ford lawsuit absolutely destroyed free enterprise in this country.

vanderbilt, 1 month ago

I’m guessing he is referring to the fact we aren’t going to see tailored updates like the Steam Deck has gotten over the years. Updates that improve performance and the experience. It’s windows so beyond device drivers and their terrible ArmorCrate software there isn’t much room to grow better. It’s not a bad device though, it just misses the point.

vanderbilt, 1 month ago

A lot (and I mean a lot) of criticism can be leveled at systemD. One of the upsides of it becoming popular is the standardization of much of things from the developers’ perspective. It’s easier to target multiple distros when you can rely on systemD’s single implementation of the feature. Over the next decade, I forsee systemD eating more and more of the userspace, until you are only left with managing the differences between DEs and which display server they are using. We’re already headed towards immutable base systems with apps shipping with their own dependencies, which we reduce the differences between distros even further.

vanderbilt, 1 month ago

Don’t give them ideas 😂

If Canonical and RedHat weren’t backing different horses (Snap vs Flatpak), I could see the app containerization system coming under systemD as well fairly soon. The Cosmic DE project uses functionality from systemD to overlay changes onto the system that are reversible, so that alpha versions of Cosmic can be tested without permanently changing the base system. Imagine apps shipping on whatever container runtime, and dynamically overlaying system-level changes as needed for things that tap into the host system via systemd-sysext.

vanderbilt, 1 month ago

Christian missionaries and post-Korean War Americanization have wrought some truly terrible things on Korea.

vanderbilt, 1 month ago

Micro-financing is a concept that should be violently uninvented.

vanderbilt, 1 month ago

I used to have a black XBox sitting beneath the TV gathering dust. I think it is a One by the shape. As for the new ones I have no idea off the top of my head which is the best. I’ve seen some on sale in places, but the impulse buy isn’t there because I have no idea what I would be getting. I don’t own a PlayStation, but if I wanted one I know that 5 is the newest, and you can get the small slim one or the big Pro one.

vanderbilt, 1 month ago

At an old company I joined they had rolled them out to all employees. Six months before me getting onboard they had already given up, but we still had to support the ones out in the field. Fun fact about Surfaces, despite it being MS hardware running an MS operating system, the Windows 10 and 11 base system does not have drivers for the keyboard or mouse. You have to use a special image for the Surface devices. That meant maintaining two custom WIM images for deployment and keeping them in sync. We scrapped the remaining Surfaces and gave people the choice of Macs or ThinkPads instead. You can guess which was more popular among the office folk.

vanderbilt, 2 months ago

Good. Stop locking game content behind increasingly high paywalls. It used to be when you paid $60 for a game you got something that could stand on its own. Now if you aren’t getting the GOTY you’re getting half a product.

vanderbilt, 2 months ago

Man I wish FreeBSD hadn’t fallen to the wayside. It’s really cohesive and feels put together in a way not Linux distro ever has.

vanderbilt, 2 months ago

Honestly it isn’t. Support for anything front-end related is way more sparse compared to Linux.

vanderbilt, 1 month ago

“hello system” is pretty nice to look at, and has some Mac-isms I find helpful. FreeBSD has a new release recently, so maybe Nomad or GhostBSD could be worth trying. You’ll find FreeBSD is a lot more “consistent” compared to Linux, but be prepared for random hardware to not work.

vanderbilt, 2 months ago

Valve can go into the negative selling Decks, something that their competitors can’t reasonably do because they will get money from Steam store sales made on the Deck. I for one went from buying 3-4 games a year to like a dozen because it’s been so convenient.

vanderbilt, 2 months ago

Incredible how OEMs keep fumbling this. Just give me a Steam Deck with prosumer performance and decent battery. Accomplish that how you want. Slap SteamOS on it then let me buy it. No, I don’t want to figure out Armor Crate or MSI launcher or whatever. I just want to play games without having to babysit the thing.

vanderbilt, 2 months ago

Haha Mint was my first distro! I wiped Windows 7 and installed Mint, then quickly learned that a tarball is in fact more work than an exe. Good times and a great learning experience! Back then it was the only thing not slow, ugly, or wildly unfamiliar.

vanderbilt, 2 months ago

True that. There have been so many wins in just a few years.

vanderbilt, 2 months ago

And MD5 for package integrity checking, and not using per-package PKI signatures.

vanderbilt, 2 months ago

Did they ever make good on this plan?

RPM must accept SHA-1 hashes and DSA keys for Fedora 38, ideally with a deprecation warning that it will be disabled in F39.

vanderbilt, 2 months ago

The use of MD5 becomes a bigger issue when paired with the lack of package signatures. You can inject code into a package and find a colliding digest absurdly fast. I and a friend from Threatlocker created a Metasploit module to use Deb packages for local privesc based on the concept. If it touches the filesystem outside of the APT cache it becomes a vector.

vanderbilt, 2 months ago

In theory (whitepaper is still being written), if you MITM the connection to the APT mirror it’s using you can also carry out the attack over the network by injecting it into the package on the fly. Cert pinning might be a blocker, but local (LAN) package mirrors might still be valid attack targets. Enterprises often use MITM certs for things like DLP and packet inspection we might be able to leverage at least.

vanderbilt, 2 months ago

To save you some effort, they do not consider it a priority to fix. Code was attempted to merge that would make package signatures the default, but it was removed because it “was a waste of cpu cycles” when “md5 and the https was just as good”. I’m not kidding, you can find the whole conversation in the Debian mailing archives. So instead I’m going to make it known how dumb it is, and encourage people to use something else.

vanderbilt, 2 months ago

I admire your gusto! I think it’s doable, and you can definitely pull it off if you want to. To replace MD5 and implement signatures you need to do the following, as a high level overview:

Extend dpkg to know what SHA2 is, and reliably detect it. (maybe measure hash length or specifying a new version using the control file?)

dpkg must also know what a signature is. More on that below.

Providing automatic/mandatory signing will require code to handle PKI as well as a place to store the signing information. I would do it by signing the two archives found within Deb packages, then placing information about the signing in the top-level of the package. Existing tools need to be able to ignore or handle whatever you implement as a rule of thumb.

Note that this is just my approach and maybe you can do better.

I also recommended looking into lists.debian.org/debian-dpkg/…/msg00024.html. This is the thread I mentioned earlier, in which package signatures were discussed and ultimately turned down. Maybe the easiest approach is to re-implement what the contributor was trying to do back then, but with modern code and standards? If you want more resources, including my presentation on the topic to HackCFL and CitrusSec, let me know. I am here for whatever technical assistance or industry contacts I can provide. The white paper might be done in a month, minus peer review. I’m very busy and so is he. Good luck in any case!

vanderbilt, 2 months ago

They chose an interesting time to switch licensing. MS introduced Garnet, and now the LF has Valkey as a direct descendent. Strange times ahead.

vanderbilt, 2 months ago

日本にもう子供はいません。

It`s not as bad as Korea, but this is no surprise. Things will get worse as the population of elderly people grows. Housing isn’t expensive like in the west, so that’s not the cause, but rather jobs are hard work and the yen is becoming less valuable. I have some hope in the さとり generation to break the toxic work cycle, but that won’t solve the affordability issues.