Kata1yst

Kata1yst, 29 days ago

And why they dismantle the systems they're tasked with protecting the moment they can.

Kata1yst, 1 month ago

Most debt actually can't be inherited, instead debt collectors get first dibs on inheritance assets until they're made whole or the estate runs out of assets, whichever comes first.

That doesn't mean that debt collectors won't try to convince family members to pay. Just tell them where they can shove it.

Kata1yst, 1 month ago

It’s a tough pivot to make, but what else are fans of the genre gonna play hahahah

Sins of a Solar Empire 1

And hey, we get to hope Sins 2 remains great.

Kata1yst, 1 month ago

On a server, it allows you to track who initiates which root season session. It also greatly minimizes the attack surface from a security perspective to have admin privileged accounts unable to be remotely connected to.

Kata1yst, 1 month ago

Wouldn’t separate SSH keys achieve the same?

Separate ssh keys for the user and the admin? Yeah, see point 2, admins should not be remotely accessible.

Really? How, exactly? Break the ssh key authentication? And wouldn’t that apply to all accounts equally?

Keys aren't perfect security. They can easily be mishandled, sometimes getting published to GitHub, copied to USB drives which can easily be lost, etc.

Further, there have been attacks against SSH that let malicious actors connect remotely to any session, or take over existing sessions. By not allowing remote access on privileged accounts, you minimize risk.

Forcing a non privileged remote session to authenticate with a password establishes a second factor of security that is different from the first. This means a cracked password or a lost key is still not enough for a malicious actor to accomplish administrative privileges.

A key is something you have

A password is something you know

So, by not allowing remote privileged sessions, we're forcing a malicious actor to take one more non-trivial step before arriving at their goals. A step that will likely be fairly obvious in logs on a monitored machine.

Kata1yst, 1 month ago

I strongly disagree with your premise. Separating authentication and privilege escalation adds layers of security that are non-trivial and greatly enhance resilience. Many attacks are detected and stopped at privilege escalation, because it happens locally before a user can stop or delete the flow of logs.

If I get into your non-privileged account I can set up a program that acts like sudo

No you cannot. A non privileged user doesn't have the access necessary to run a program that can accomplish this.

And even if they do it’s too late anyway because I’ve just compromised root and locked everybody out and I’m in there shitting on the filesystems or whatever. Because root can do anything.

Once again, you didn't privilege escalate, because once you have a foothold (authentication) you don't have the necessary privileges, so you must perform reconnaissance to identify an exploitable vector to privilage escalate with. This can be any number of things, but it's always noisy and slow, usually easy to detect in logs. There is a reason the most sophisticated attacks against well protected targets are "low and slow".

And if I can’t break into your non-privileged account then I can’t break into a privileged account either.

You're ignoring my points given regarding the risks of compromised keys. If there are no admin keys, there are no remote admin sessions.

These artificial distinctions between “non-privileged” and “superuser” accounts need to stop. This is not good security, this is not zero trust. Either you don’t trust anybody and enforce explicit privilege escalation for specific things, or just accept that you’re using a “super” paradigm and once you’ve got access to that user all bets are off.

Spoken like someone who has never red teamed or purple teamed. Even admin accounts are untrusted, given only privileges specific to their role, and closely monitored. That doesn't mean they should have valid security measures thrown away.

Kata1yst, 1 month ago

That's called 'privilege escalation', and replacing system level calls with user level calls is closely watched for and guarded against with many different security measures including SELinux.

You've already outed yourself multiple times in this thread as someone who doesn't understand how security in the real world works. Take the L and try to learn from this. It's okay not to understand something. But it's very important to recognize when that happens and not claim to understand better than someone else.

Kata1yst, 1 month ago

They even literally have a section of the article that says they "see Fair Software as an alternative model to the free and open source software model", and they think it's superior because the "developers can profit".

Newsflash: the developers usually see fractions of those cents while most of the money goes to the management and shareholders of the company that employs them. Hmm, doesn't seem fair to me.

Also, developers can and do profit from FOSS in many ways, but the most popular models are with commercial support, SaaS offerings, and additional functionality (like providing a web interface, clustering manager or other external piece of the puzzle to solve the problem at scale in enterprise).

Like you said so succinctly: propaganda website to make rug pullers like Elastic and Hashicorp look better.

Kata1yst, 1 month ago

No no you don't understand. The evil corporate overlords abused their power to force a choice on a developer, even though that choice was objectively the right choice and the developer was throwing a tantrum.

This is truly awful. We must not let evil corporations, no matter their credentials, expertise, and decades of beneficial partnership with open source, tell immature and short sighted developers how to develop.

Kata1yst, 1 month ago

Accurate, but not bad, yes. It turns out standardized base systems and ABIs are important to an ecosystem.

Linux tried the disorganized free-for-all for two decades, and what we got was fragmented "Ubuntu admins", "debian admins", "redhat admins", "suse admins", and a whole shitload of duplicated effort in the packaging ecosystem, only for half the packages out there to be locked to Ubuntu or RHEL. So the corporate interests, and a fair number of the community efforts, centralized their problems and solutions into a small standardized suite in Mesa+Wayland+systemd+Pipewire+flatpak, etc

The result is a ton more interoperability, a truly open ecosystem where switching your distro doesn't mean hiring different people and using different software, and a lot more stability and maturity.

And hey, if a user or distro wants to do their own thing, they can make and own their niche, same as before. Nothing lost.

It's been kind of wild to watch over the past 15 years or so, makes me very hopeful for the next 15.

Kata1yst, 2 months ago

“We had a huge chunk of our engineering staff spending time improving FreeBSD as opposed to working on features and functionalities. What’s happened now with the transition to having a Debian basis, the people I used to have 90 percent of their time working on FreeBSD, they’re working on ZFS features now … That’s what I want to see; value add for everybody versus sitting around, implementing something Linux had a years ago. And trying to maintain or backport, or just deal with something that you just didn’t get out of box on FreeBSD.”

I still hold much love for FreeBSD, but this is very much indicative of my experience with it as well. The tooling in FreeBSD, specifically dtrace, bhyve, jails, and zfs was absolutely killer while Linux was still experiencing teething problems with a nonstandard myriad of half developed and documented tools. But Linux has since then matured, adopted, and standardized. And the strength of the community is second to none.

They'll be happier with Linux.

Kata1yst, 2 months ago

If you're trying to use it as a workstation or a laptop, you won't find much compelling. It's built with the intent to act as a server. In fact, as a web server or networking server it's second to none.

Administrating BSD is lovely. It's well documented and everything is very stable, understandable, and predictable.

Kata1yst, 2 months ago (edited 2 months ago)

I was actually surprised to find out QUIC is fairly close to being default.

Wikipedia

HTTP/3 uses QUIC, a multiplexed transport protocol built on UDP.

HTTP/3 is (at least partially) supported by 97% of tracked web browser installations (thereof of 98% of "tracked mobile" web browsers), and 29% of the top 10 million websites.

Kata1yst, 2 months ago

https://en.wikipedia.org/wiki/HTTP%2F3?wprov=sfla1

Kata1yst, 3 months ago

https://github.com/Genymobile/scrcpy

Kata1yst, 3 months ago

My favorite city builder in decades. A few notes.

Pros:

• Easy mode is relaxing and quite easy.
• Medium mode is a fun challenge at first, eventually becoming fairly chill as you advance in skill and confidence.
• Hard mode is always fairly hard, especially on harder maps.
• There are many resources to manage, but none that feel burdensome.
• The game is extremely thematic, it feels alive with charm.
• Graphics are excellent, though sometimes graphical glitches can still be encountered.
• The water. It's so hard to explain to someone who hasn't encountered this system before, but water is life in this game, and it's both beautiful graphically, and extremely well simulated by physics. Learning to control the water, and see the shortest paths to end water scarcity with beaver engineering is an amazingly fun and unique aspect of the game.
• Mods are well supported and the community is vibrant.

Cons:

• Not a ton of content. They've been very good about adding new mechanics (badwater, extract, etc) but there's still just 2 races of beaver and a dozen or so maps.
• No directed experience. In similar games I've enjoyed a campaign, challenge maps/scenarios, weekly challenges, a deeper progression system, just... Something to optionally set your goals. There's nothing of the sort in the vanilla game. It's fully open ended and there's only one unlock outside of your progress though the resource tree in a map.

All in all, I highly recommend it, especially at the modest asking price. If you love city builders, charming and beautiful art, thematic settings, dynamic challenge, and solution engineering, this is a fantastic game for you.

Other games I've enjoyed that scratch similar itches:

• KSP
• Cities: Skylines (but Timberborn has been far more compelling)
• Factorio
• Mindustry
• Planet Zoo (Timberborn has less of a directed experience, but is otherwise completely superior)
• Gnomoria
• Banished
• Tropico series (though I view this as more casual)

Get it and have fun is my recommendation.

Kata1yst, 3 months ago

Seriously. This guy thinks that regulators would have stepped in to stop OpenAI or Microsoft from acquiring a no-name 2 year old startup with two rounds of funding?

Please.

Kata1yst, 3 months ago

Used to be the best way to get performant graphics on Linux.

Like, 8 years ago.

Kata1yst, 3 months ago

I like kitty, but it's configuration system is completely nuts.

Alacritty was good, but had weird issues with fonts for me.

I ended up on Wezterm. Lots of modern features, performance, stability, and awesome configurability.

Kata1yst, 4 months ago

Sin's is a game my friends and I always come back to. Such a dynamic rts with so many ways to win.

The expansions are fairly priced and also one person having an expansion is enough to host an expansion game for everyone who has any version installed.

Kata1yst, 4 months ago

Apparently that wasn't one of his MBOs, so we can infer the board is a bunch of dumbasses.

Kata1yst, 4 months ago

In my experience, nope. I tried so hard to use Logseq, but I had massive issues with speed, stability, and database corruption.

Really I think the root of the issue is their database. The database causes so many problems and makes their synchronization methods dirty hacks at best.

Kata1yst, 4 months ago

Zettlr for technical writing into any format.

Obsidian for a second brain based on the molecular notes method. And yes, I've tried all of the FOSS alternatives. None are ready to replace Obsidian yet.

Wallabag for saving resources offline for easy and permanent reference.

Lunarvim for actually sitting down to work instead of fiddling with and optimizing my setup.

Kata1yst, 4 months ago

Why not a K8s cluster? Much more appropriate for modern software.

Kata1yst, 5 months ago

Amazing how many products just don't.

Kata1yst, 6 months ago

The owner is a piece of shit who's convinced he's smarter than everyone else and has been hostile to Linux for decades.

Kata1yst, 6 months ago

You're talking about two very different technologies though, but both are confusingly called "AI" by overzealous marketing departments. The basic language recognition and regressive model algorithms they ship today are "Machine Learning", and fairly simple machine learning at that. This is generally the kind of thing we're running on simple CPUs in realtime, so long as the model is optimized and pre-trained. What we're talking about here is a Large Language Model, a form of neural network, the kind of thing that generally brings datacenter GPUs to their knees and generally has hundreds of parameters being processed by tens of thousands of worker neurons in hundreds of sequential layers.

It sounds like they've managed to simplify the network's complexity and have done some tricks with caching while still keeping fair performance and accuracy. Not earth shaking, but a good trick.

Kata1yst, 6 months ago

Hard disagree on them being the same thing. LLMs are an entirely different beast from traditional machine learning models. The architecture and logic are worlds apart.

Machine Learning models are "just"statistics. Powerful, yes. And with tons of useful applications, but really just statistics, generally using just 1 to 10 variables in useful models to predict a handful of other variables.

LLMs are an entirely different thing, built using word vector matrices with hundreds or even thousands of variables, which are then fed into dozens or hundreds of layers of algorithms that each modify the matrix slightly, adding context and nudging the word vectors towards new outcomes.

Think of it like this: a word is given a massive chain of numbers to represent both the word and the "thoughts" associated with it, like the subject, tense, location, etc. This let's the model do math like: Budapest + Rome = Constantinople.

The only thing they share in common is that the computer gives you new insights.

Kata1yst, 6 months ago

When some rando with a mod package plugging into an undocumented ABI can dramatically improve the performance... Yeah, it's not optimized at all. Don't let them excuse themselves from due diligence.

Kata1yst, 6 months ago

Against the Storm (More city building focused)
Northguard (nearly a direct Warcraft clone)
Beyond All Reason (TA clone)

All magnificent.

Kata1yst, 6 months ago

Well that's fair I suppose. The feel is very similar.

Kata1yst, 7 months ago

Fuckin Golden Sun was super legit. I even loaded up an emulator and replayed just a few years ago. It holds up perfectly well.

Kata1yst, 7 months ago

If you want something competitive, Legion TD2

Kata1yst, 7 months ago

They did make it more powerful. 6nm APU instead of 7nm. They definitely updated it.

Kata1yst, 7 months ago

We'll have to see. Usually transistor count isn't a valid measure of performance unless the chips have identical clock, IPC, and architecture. It's possible they made the same chip on two different lithographies with the same clocks, but it's pretty rare.

Kata1yst, 7 months ago

But... boost clocks often directly impact performance? And why only increase boost clocks when after a lithography switch they'd gain so much headroom? Seems a weird place to draw a line in the sand.

But all of this is speculation. What we do know is that RAM speeds are increased, and that will directly impact performance with or without CPU improvements.

Kata1yst, 7 months ago

Single nm in this case is a 15% improvement. The number of nm isn't the important part.

And Valve isn't Nintendo. Their hardware strategies, developer strategies, and manufacturing strategies are wildly different and really shouldn't be directly compared

Kata1yst, 8 months ago

Did you ever get into Supreme Commander? It's a true, updated TA successor. Otherwise now there's Beyond All Reason, which the community has largely migrated to.

Kata1yst, 8 months ago

If you liked Total Annihilation, Supreme Commander, or were able to see the interesting game behind all of Planetary Annihilation, you should check out https://www.beyondallreason.info/ instead of continuing to support this company after all the BS of PA.

Kata1yst, 8 months ago

Others can probably add more, but PA started as a Kickstarter back in the wild West days of Kickstarter. Lots of promises made, lots of concepts shown. Biggest failures I can recall from that hazily distant time:

1. Last minute they added an always-online requirement to play. This was in the early 2010s, and was very frowned upon considering the local-first nature of TA. Also lead to enormous stability issues for months after launch.
2. The promise was for a TA/SC successor, but what we got was far more cartoony and watered down than TA/SC and what was shown during Kickstarter. A lot of the core game loops of TA/SC were simply missing or so simplified they no longer mattered.
3. While the game was still in a fairly immature, broken, buggy, incomplete state, they released Planetary Annihilation: Titans. This was probably done to duck all the poor reviews they had on their Steam page, which stemmed from the issues with the Kickstarter campaign promises and the mentioned bugs/incompleteness on release. Titans was significantly better, but required a new purchase (begrudgingly discounted if you had bought PA early enough) and offered a lot of improvements that should have been brought to the original game for free.

All of that said, since the Titans release, Uber has generally done right by the community, but it was a painful and bumpy road. Most of the community turned their focus to work on Beyond All Reason, rather than continue to depend on Uber.

Kata1yst, 8 months ago

Obsidian Livesync

Pros:

• bullet proof
• Simple
• FOSS
• Selfhosted

Cons:

• password/secrets manager nearly required to setup new devices
• fails to make my morning coffee

Kata1yst, 8 months ago (edited 8 months ago)

A thousand times. And I say that as a fan of Syncthing, I use it for half a dozen other use cases.

Kata1yst, 8 months ago

It's not modifying binaries. It's redirecting dll calls, and they already allow for Nvidia's version of the same. Honestly curious why Nvidia is allowed but AMD isn't.

Kata1yst, 9 months ago

Grim Dawn! Successor to TQ and measurably better than any other arpg on the market (in my opinion).

Kata1yst, 9 months ago

What a tone-deaf response, yikes.

Kata1yst, 11 months ago

It's truly a bastion of old school gaming goodness. Infrequent, but extremely impactful and rich DLC, offline, online, PvP, PvE, or private servers, responsive and thoughtful devs committed to the long haul.

I revisit for a playthrough or 3 every 6 months or so. It's like a warm hug every time.

Kata1yst, 11 months ago

LoL

Kata1yst, 11 months ago

You can link the makeMKV libs to handbrake so it's a one step process disk -> compressed form.

#!/bin/bash

# Intention: replace aacs decoding with makemkv's superior libmmbd programatically

# elevate privilages to sudo
[ "$UID" -eq 0 ] || exec sudo bash "$0" "$@"

# test if libmmbd is installed already, exit otherwise
libmmbdpath=$(find /usr -name libmmbd.so.0)
echo "libmmbd path is $libmmbdpath"
if [[ ! $libmmbdpath == *"/lib/"* ]]; then
    echo "libmmbd not found, please install makemkv first"
    exit 0
fi

# test if libaacs is installed already, set desired path otherwise
libaacspath=$(find /usr -name libaacs.so.0)
echo "libaacs path is $libaacspath"
if [[ ! $libaacspath == *"/lib/"* ]]; then
    libaacspath="/usr/lib/libaacs.so.0"
else
    echo "libaacs found, you must uninstall libaacs"
    exit 0
fi

# test if libbdplus is installed already, set desired path otherwise
libbdpluspath=$(find /usr -name libbdplus.so.0)
echo "libbdplus path is $libbdpluspath"
if [[ ! $libbdpluspath == *"/lib/"* ]]; then
    libbdpluspath="/usr/lib/libbdplus.so.0"
else
    echo "libbdplus found, you must uninstall libbdplus"
    exit 0
fi

# if we made it here, it's time to take action

# softlink mmbd to aacs
ln -s $libmmbdpath $libaacspath

# softlink mmbd to bdplus
ln -s $libmmbdpath $libbdpluspath

echo "successfully set up libmmbd as the system decrypter"
exit 0