• 2 Posts
  • 508 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle





  • Anti-cheat is an arms race. We just find ourselves at a point where the arms race has progressed to the point where the best known strategy for securing a play session means ostracising custom hw/kernel configurations.

    But I have to think it’s only a matter of time before even that’s not enough, (since there already exist ways around kernel level anticheat, including AI-based techniques that are entirely undetectable).

    My guess is the logical conclusion involves a universal reputation based system, where you have an account with some 3rd party system (maybe VAC) that persists across all games you play. It will watch your gameplay, and maintain a (probably hidden) “risk of cheating” score. Then matchmaking for each game will use this score to always pair you against other accounts with a similar score.

    Actually, it might not be a “risk of cheating” score so much as a “fun to play with” score. From a gameplay perspective, it’s just as fun to play against a highly skilled non-cheating human, as it is a bot that plays identically. But it’s less fun to play against a bot that uses info or exploits that even the best non-cheating players don’t have access to (ex. wallhacks). So really, the system could basically maintain some playstyle-profile for each player, and matchmaking wouldn’t be skill-based, but rather it would attempt to maximize the “fun” of the match-up. If a player is constantly killing people unrealistically fast, or people who play with them tend to drop early, this would degrade their “fun” score and they would tend to be matched only with other unfun players.

    I think this would be the only practical way to fight cheating without even more invasive methods that will involve just deanonymizing players (which I think some studio will inevitably try in the near future).


  • I disagree that it’s the same for multiple reasons: first off the project and telemetry were never profit-driven. Their goal was always to use modern methods of software development to make the software better.

    The fact is, these days all for-profit projects gather a ton of info without asking, and then use that data to inform their development and debugging (and sell, but that’s irrelevant to my point). To deny open source software the ability to even add the option of reporting telemetry is to ask them to make a better product than for-profit competition, with fewer tools at their disposal, and at a fraction of the pay (often on a voluntary basis). That’s just unreasonable.

    Which is why the pushback wasn’t that they were using telemetry, it was that they were going to use Google Analytics and Yandex, which are “cheap” options, but are obviously for-profit and can’t be trusted as middlemen. They heard the concern over that and decided to steer away to a non-profit solution.

    But as a software dev and a Linux user, I often wish I could easily create bug reports using open source, appropriately anonymized telemetry reporting tools. I want to make making a better system for me to use as easy as possible for the saints that are volunteering their time.

    As for the issues in tenacity, it was likely specific to what I was doing. I was rapidly opening and closing a lot of small audio clips, and saving them to network mounted dirs under different names. I remember I had issues with simple stuff like keyboard shortcuts to open files, and I had to manually use the mouse to select a redundant option every single time (don’t recall what it was), and I think it would just crash trying to save to the network mounted dir, so I had to always save locally and copy over manually. So I just switched back and continued my work.


  • Afaik, back when it all went down, they heard the public reaction about the telemetry thing and completely reversed course. On top of that, many distros would be sure to never distribute a build with telemetry enabled anyway. So there has never been any cause for concern. Would love to be proven wrong, though.

    Also, Audacity is handy, but it’s not perfect, and I’ll gladly use a better alternative. But the last time I tried Tenacity, it had a bunch of little differences that made the tool just a bit harder to use. So I still default to audacity.



  • Yeah, but I think it can feel too much like a circle jerk around here sometimes. I get that people want to win over new users, but some of it goes too far I think. The fact is Linux isn’t perfect, and while no OS is, there are some critical things you can do on Windows that are still a pain in the ass on Linux. Some of that is a vendor/proprietary software problem, but a good chunk of it is just people being willing to overlook a thin layer of jank in their normal workflows.

    I think we’d all be better off to all acknowledge and clean up the jank rather than try to pretend it’s fine as is.


  • There was a time when there was an annual “Linux Sucks” presentation that I liked because it was a roundup of candid, yet constructive criticism of Linux (and then at some point the person running that went off the deep end and started yelling about woke agendas).

    I wouldn’t mind there being a whole community devoted to pointing out shit that is poorly designed or just broken when running linux, and we as a community then try to fix them or find workarounds.

    But as others have pointed out, that community isn’t a community, it’s literally just one account hanging out by themselves.


  • On top of all the other informative comments answering a plethora of questions you understandably have when entering the Linux ecosystem, I want to express: don’t feel like you need to learn all this stuff if it doesn’t interest you, or otherwise turns you off the idea of Linux.

    It’s perfectly fine to ignore all the terminology, install whatever new-user friendly version of Linux you can, and just start using it. If it’s not to your taste, or it asks too much of you, maybe try a different one. But I’m of the firm belief that immediately inundating a new user with a bunch of new vocab and unfamiliar workflows is the mark of a bad new user experience, and you shouldn’t feel required to put up with that.

    The fact is, unlike MSFT who has a bunch of terminology internal to the windows dev teams, Linux is developed in the open, so all the terminology leaks into the user world too. And you just need to get good at saying, “if this doesn’t help me use my PC better for what I need it to do, I don’t care”.




  • It doesn’t matter if virality is the goal, unless you’re suggesting it be actively prevented, virality is just a natural phenomenon of the internet. The term viral generally implies uncontrolled exponential spread. To this day, stuff goes viral without people intending it to.

    And if you architect the system to scale a p2p network proportional to virality (ex. as people share it, they also self-host) you run into a ton of security and abuse challenges. We’re also stretching the definition of “self-hosting” at this point.




  • In the last 10 years there has been a seemingly noteworthy uptick in hardware bugs in both intel and amd CPUs. Security researchers find and figure out potential attack vectors that rely on these bugs (ex. Specter/Meltdown). Then operating systems have to put workarounds in their kernel code to ensure that these hypothetical attack vectors are accounted for, at the cost of performance and more complicated code.

    Linus is saying how annoyed he is with all this extra work they have to do, resulting in worse performance, all to plug vulnerabilities that we’ve never actually seen any real attackers use. He’s saying instead we should just write the code how it should be, and if the hardware is insecure, let it be the hardware company’s problem when customers don’t use the hardware.

    The problem is, customers will continue to use the hardware and companies who need a secure OS (all of them) will opt to not use Linux if it doesn’t plug these holes.


  • Agreed with using keepass. If you’re one person accessing your passwords, there’s no reason you need a service running all the time to access your password db. It’s just an encrypted file that needs to be synced across devices.

    However, if you make frequent use of secure password sharing features of lastpass/bitwarden/etc, then that’s another story. Trying to orchestrate that using separate files would be a headache. Use a service (even if self-hosted).


  • I intended for you to think about it, and if you disagree, offer a thought out response. There’s still time for that, just scroll back up.

    I’m willing to bet I’m older than you.

    Given your responses so far, it’s much less embarrassing for you to say you’re either 15 or a troll bot.

    Regarding the state of the climate, human kind is an ant hill, a game of factorio, a manufacturing pipeline. We’re in a race to generate enough energy to escape the grave of our own making that started over a hundred years before any of us were born. We’ve already crossed the threshold where, if we stopped emitting any greenhouse gasses whatsoever, we will still see a massive population decline due to heat, weather, food shortage, etc, most in poorer countries who are neither responsible for the problem, nor capable if dealing with it.

    Our best bet to save as many lives as possible is to continue research into cutting edge power generation, food production, clean water generation, and sustainable and durable housing/cooling technologies.

    The strategy of telling the wealthy to stop consuming energy cold turkey is no longer a viable strategy, as it’s not beneficial for anyone. It’s also not practical unless you’re a fictional, superhuman character who can zip around and force humankind to your benevolent will (or you have globally powerful military and are willing to enact martial law, but good luck).

    To win the race, to reduce the ensuing death and destruction and minimize unnecessary casualties to the human (and other) species, we need to put as much research as possible into new renewable tech (solar, wind, water, nuclear, and fusion if possible). It’s unclear what AI has to offer, but it is already being used to solve manufacturing challenges that neither a single human capable of, nor a group of humans can effectively abstract and communicate about. If this can be leveraged to develop new sustainable energy or bioengineering solutions that were never before known to be possible, that is how we save the most lives.

    What doesn’t save any lives is rallying behind the same absolutist strategy we’ve tried for over 50 years and making no progress. But I get it, memes travel further and faster than measured thought. That’s also a problem for us.