Mikina

joined 1 year ago
[–] Mikina@programming.dev 5 points 1 month ago* (last edited 1 month ago)

With what has happened around the studio, I'd say it's good that DE2 was canceled. It was to be made by a ruins of a studio that was stolen along with it's IP from the original developers and artists, who didn't manage to navigate the landmine of for-profit gamedev industry, and got basically scammed by investors, who robbed them of their IP and studio through various loopholes and bullshit of shares-based companies. (It's a pretty nuanced story, and I'm not really sure how it ended up, so it's better to watch the documentary about it if you're interrested, rather than take my conclusion from it. I also haven't followed recent developement, so if anyone knows how that turned out, let me know)

It's quite a sad and infuriating story, especially since ZAUM was IIRC originally a pretty wholesome art collective of punks and anarchists from squats. It must have been devastating to enter the market with such ideals, only to be scammed of your art by the first investor you encounter, who you might've even considered a friend.

[–] Mikina@programming.dev 5 points 1 month ago* (last edited 1 month ago)

There's quite a few ex-Disco Elysium studios popping out. My favorite so far is the Summer Eternal. It feels like they didn't want to announce it this early, but because two other studios (Longude, and Dark Math Games) got announced few days ago, they did the same.

Summer Eternal feels the most radical out of the three studios, I really like their manifesto and how they are attempting to mix art-collective with market-based development. And they have some amazing writers.

Here are few bits and pieces of the manifesto from their website, I really recommend reading it. Also, the website linked above is just stunning.

...

As creators and game makers, we have too long been led away from the truth, away from the right to define ourselves as artists in service of the definitive art form of the future, one that has made us dream since we were children.

Instead, the disposability culture operating at the ruthless core of this industry wants us to think of ourselves as cogs in the machine: rudimentary craftsmen, disposable career workers, inert producers of made-to-order marketing-driven "content" — empty calories leaving the soul hungry.

The Profiteer knows that by keeping your dignity low, he will keep you crawling on the treadmill of passion until he lays you off for the sake of the red number in his book.

...

Machine-generated works will never satisfy or substitute the human desire for art, as our desire for art is in its core a desire for communication with another, with a talent who speaks to us across worlds and ages to remind us of our all-encompassing human universality. There is no one to connect to in a large language model. The phone line is open but there’s no one on the other side.

[–] Mikina@programming.dev 5 points 1 month ago* (last edited 1 month ago)

I can't recommend Maldev Academy enough. It has been an amazing resource, to get into malware development. Keep in mind, however, that malware development is pretty difficult topic. You will have to eventually use WinAPI and syscalls, so learning about that even outside of malware development will help you a lot.

For example, try looking into how to execute a shellcode in memory - allocate memory as RWX, copy some data and then execute it. Try executing it in a different process, or in a different thread of another process. That's the core of malware development you'll probably eventually have to do anyway. Manually calling syscalls is also a skill that you'll need, if you want to get into EDR avoidance.

Also, look into IoCs and what kind of different stuff can be used to detect the malware. Syscall hooks, signatures, AMSI, and syslog are all things that are being watched and analyze to detect malware, and knowing what exactly is your program logging and where is one of the most important and difficult skills you can get.

There probably are a lot resources for these two skills, and they are an important foundation for malware developemnt, so I'd suggest researching that. You'll probably not get much from looking at other malware, because it tends to be really low-level, and obfuscated, exactly to avoid the IoCs I've mentioned above. Implementing the malware behavior after that is the easier part.

Another good resource to look into are C2s and communication, for example Mythic C2 has some interresting stuff.

And I really recommend joining the Bloodhound slack. Throughout my cybersecurity carreer as a Red Teamer, the community has helped me a lot and I've learned amazing stuff just by lurking.

[–] Mikina@programming.dev 5 points 1 month ago

I'd recommend Half Life: Alyx.

Or, you can probably make an absolute beast of Skyrim through mods.

[–] Mikina@programming.dev 2 points 1 month ago

It's best to have a local copy of package repos with whitelisted libraries, or so I've heard. But containers are fine, too. Especially with VSCode .devcointainers, it's super easy to setup and distribute with the repo, there's really no reason not to do that.

The biggest issue here that a lot people don't realize is Bing AI, it's insanely easy to poison it's results, since it summarizes search results. It's only a matter of time before someone convinces it to start using or adding a typosquatted/malicious library to answers to a common programming question, and it will be a fun times ahead.

[–] Mikina@programming.dev 13 points 1 month ago

it's also important to keep in mind that the cybersecurity field has adbanced tremendously, with cloidfare, EDRs, and in general it is now way harder to do anything anonymously without getting caught, quickly. This also males the field of hacking way more difficult to get in, which combined with reduced attention span of younger generations probably means there's not that many bored teens willing to put the time in, and as an adult you have way much more to loose, so for hose who had the skills it would be a lot greater risk.

[–] Mikina@programming.dev 4 points 2 months ago

As someone who works in gamedev, I'm sure that some of the people there are passionate about it and it is gutwrenching to see your work fail so hard. I'm sad for every project that launches after years of work and fails to get any attention or sales, and I'm definitely sure there's someone losing sleep due to that.

I never worked in super-large projects, but I did work for a AAA studio and even there, you got people invested into the project.

From how I've seen it, you wouldn't work in gamedev unless you are passionate about it, because you can get drastically better pay for the same job in other, more business focused, industries. So, if all you cared about is money, you have better options.

[–] Mikina@programming.dev 10 points 3 months ago* (last edited 3 months ago) (1 children)

Whi getting through college, I was always bummed that we have to learn a lot of stuff that seemed super irelevant to my future carreer, while also being annoying. Stuff like prolog, Phyro, Lisp, Assembly, or bunch of obscure math.

It was only years later when I finally realized why it was important - the school wasn't for teaching me to be the C#/Java programmer, but it taught me to be A programmer. I can pick up and start successfully writing anything I need, in any language, relatively quickly and without issues, nonmatter whether it's functional, objective, or wharever style of language, because I've very probably already had to deal with, learn, understand and pass exams in language that is similar to it, since college made me learn a language from almost every style or flavor of languages there are.

I was surprised when I first saw colleagues struggle with picking up languages other than the ones they work in, and that was when I finally realized why and how sneakily did the college make me a universal programmer without me noticing it. And that's something that's harder to get when self-taught, because you don't get exams and it's easier to miss the point and just skip courses on lisp, prolog or lambda calculus, because it seems irrelevant, but the different point of view and approach used when writing in those languahes is what will teach you the most.

[–] Mikina@programming.dev 4 points 3 months ago* (last edited 3 months ago)

On the topic of Mullvad, what made me choose Kullvad over LibreWolf was the VPN being bundled in. If I'm not mistaken, the whole point of ToR browser is that you have exactly the same fingerprint as any other Tor browser user, making it a lot harder to distinguish you from others using your extensions, browser and other minor stuff your browser reports about you, that combined makes for a pretty unique fingerprint, evej of you are using a VPN.

But, if you have a browser that has the same fingerprint for all users, and it has an accompanying VPN, you can partly expect that most of other users of the same VPN will also be using the same browser, making it a lot harder to track you - because while there may be only a few thousands users of Mullvad in the wild, which renders the same fingerprint not much of an advantage (because you would be one of the few users of i.e Proton VPN with Mullvad), if you also use Mullvad VPN, it's probable that most of other users who share your Mullvad VPN IP are also Mullvad browser users, making it easier to blend in.

Bit that's mostly my theory, why (along with being able to pay with Monero) I feel like the combo of Mullvad browser and VPN is the best combination as far as minimizing fingerprint is considered. If someone has more knowledge about the issue, I'd love to hear some counter-arguments or tips how to improve my setup.

[–] Mikina@programming.dev 1 points 3 months ago

https://www.ccpgames.com/

EVE is one of the most unique games I've ever seen and I admire it, and CCP in general, from what I've seen in their volunteer programs or from streams, seems like a nice workplace.

Also, Island is cool.

[–] Mikina@programming.dev 2 points 3 months ago

Then the book will definitely be up your alley, it's exaclty about that, and offers a great tips about how to approach it.

[–] Mikina@programming.dev 3 points 3 months ago (2 children)

I cheated the MFAs by switching what I could to SMS, Yubikey or just copying the MFA private keynto Bitwarden. Kind of defeats the point of MFA, but makes stuff definitely easier.

Anything that's important however is on yubikey, however.

Also, good luck! Are you going through the Digital Minimalism book? I should refresh on it, every time I try it, it doesn't last long, but I always get rid of one more stupid online habit that I don't pick up when I inevitably return to my pre-reading the book intetnet usage. So, after already going through like 4 attempts in the last 3 or 4 years, my internet usage is slowly but surly changing for the better. But it's more of a long run, rather than being able to get everything on the first try, in my experience at least.

If you're not doing it because of the book/haven't heard of it, I definitely recommend reading Digital Minimalism by Carl Newport.

 

Hello!

When I was creating a CTF for a conference, I've finally got to learn about how blockchain and smart contracts actually works in practice, and the whole concept is simply brilliant. A quick introduction for those unfamiliar with it would be in this summary, but just to summarize how I basically understand it, blockchain is simply a VM that runs code (smart contracts) a both the code, and result of every execution of it is calculated by a bunch of users (so, mining is basically running a VM) and appended into the blockchain based on some kind of consensus and proof of work. This means that you get a single source of truth and history of every execution of a smart contract that is decentralized and you can rely on it.

But, almost every use of blockchain or smart contracts I have seen has pretty large issues either in sustainability in the long term, or in cases where you simply need some form of an authority to prevent and punish misuse. While I'm not really that much familiar with every use of blockchain so far, I will first list what I've already thought about or seen, and the main issues that I think are a deal-breaker for choosing blockchain for that kind of tasks. It's possible that some of the issues are wrong or have already been solved, so please correct me if I'm wrong - my knowledge of blockchain isn't really that in-depth.

First and the most common use is the one you are probably most aware of - cryptocurrencies. If I ignore the biggest and most unfortunate issue of cryptocurrencies turning into an investment-only product, with hugely volatile and inflated price that is not backed by any kind of real value (sure, you can pay with BTC, but it's slow, expensive and super volatile to be useful, so the only real use is to literally sell it to others for a profit - which also basically means you are scamming someone out of their money down the line), I see the following problems with using blockchain for currencies:

  • Longevity - The ledger size is already getting massive, only after a few year. It's not sustainable, and it will eventually be really hard to keep the whole ledger at a large enough number of places to not run into problems of integrity. It's growing exponentionally, and is at around 500Gb after around 10 years.
  • Gas cost - It's getting harder and harder to mine and confirm new transactions, which increases the cost while also making less people able to mine new transactions without being at a loss. This will only get worse, and eventually lead to the 50% problem (if someone controls 50%+ of mining nodes, he can confirm fake transactions or do whatever he wants with the blockchain) being a real issue.
  • Lack of moderation - This may be one of the more controversial issues, because it goes directly against the whole idea of cryptocurrencies, but is one of the biggest problems I see that are in the way of crypto being able to be considered for wider use. We live in a world where some people are dicks that are not afraid to steal and cheat, and something like a currency simply has to be moderatable. You need to be able to punish criminals, and take back what they have stolen. If someone doesn't pay their debts and owns me money, the government should be able to just take the money if they have them. If someone uses an account for scamming and stealing, it should be possible to freeze it.

The last issue will eventually show in most of the other uses of blockchain as well, and while I have included it, I'm still not sure how I feel bout it. In an ideal world, you would not have to deal with something like this. I would also really like to have an option to do my transactions privately, without anyone being able to profile my behavior and data, but such a system would have to allow for some safeguards against missuse to be widely adoptable. (Which is an interresting off-topic question - would it be possible to create a system that is private, but also has the possibility for trusted authorities to freeze accounts and force transactions?) And the more that I think about it, the more I'm certain that I'd rather have a centralized system where you can punish criminals and scammers, than a system where lives of people are regularly ruined by someone stealing all of their savings unpunished. But it is a thin line - I only say that because I live in a country that is all-right and I can trust my government - for now. But I definitely agree that such a private unmoderated option should exist - but can't be considered for widespread use, which I've heard some people say that "crypto will replace cash in a few years". And this is why it never will, IMO. But this discussion shouldn't be about whether this is a good opinion or not - but more about "what blockchain is a good tool for".

Next one are NFTs. I will just quickly gloss over them, because they are even bigger scam than crypto is. Ever heard someone say "Someone has copied and minted my NFT?". Well, it's a shame that there isn't some kind of centralized authority that could, you know, not allow them to do that.

Another use I've heard someone praise as "the future" was lending money. I'm not sure what were they talking about, but the whole point was that you can... Escrow an amount you are borrowing, and then borrow the same amount? It didn't make any sense, so I guess I'm missing something, but then again - we have the same issues as above, while also it being just a bizare idea - why simply not use the amount you already have? The person tried to explain it to me, but it just feels gimmicky. And if you escrow a lesser amount, you then have the same problem with moderation as above - nothing can force you to return the money (unless it is already escrowed, but then, why??)

So far, every use of blockchain I have heard about would be better done in a centralized fashion, especially as far as longevity is concerned. The growing ledger size and increasing gas cost, along with the 50% problem simply makes most of these kind of uses too impractical to work on a larger scale.

But I really like the concept and idea of smart contracts, and I'm sure there has to be some kind of use that is not as "revolutionary" or large scale. I'm just having hard time coming up with any.

I have only one - voting, and maybe transparent randomization (i.e lottery). Smart contracts are an amazing way to collect votes transparently but privately, since you can be sure that no-one can cheat, if you set it up properly. It's also something that doesn't suffer from the longevity problem, because it's more of a one-shot use of blockchain, rather than something ongoing - which also justifies the price.

(tl;dr feel free to start here:) Which is what I'm interested in - does any of you have similar ideas for use of smart contracts and blockchain, that would be practical in a daily live? Be it one-shot smart contracts for a small task, such as voting or random winner selection, maybe some kind of escrow. It doesn't have to be a "society changing system", or something revolutionary. A common small code snippets or apps that would solve the trust issue inherent to a centralized task is what I'm after - but have hard time coming up with.

And just a disclaimer - I don't plan on building anything and am not fishing for the next blockchain thing, I barely even understand it. I would just like to incorporate blockchain into my programming repertoire as a tool, because the concept feels so clever, but is also misused or misunderstood due to hype, but it has to have it's uses that are overshadowed by people jumping on the blockchain bandwagon without considering whether it's really the best tool for the job.

But is has to be a good tool for some kind of problems, right? And I would like to start a discussion about what would that be, without it being affected by the hype and reputation surrounding blockchain. I feel like that would be an interesting though exercise, and I'm sure we can come up with some interesting little uses here and there, without it being gimmicky but actually the best tool for the job.

Thank you!

EDIT: And I'd like to add that I never got into the blockchain hype, and my opinion on how it's used so far is mostly negative. If a product mentions blockchain, I usually just avoid it as a gimmick. But that's why I'm genuinely interested in this discussion - I don't judge a tool about how people misuse it.

 

Hello!

One of the things I really enjoy is unique, interesting or out-of-the box game design. It doesn't have to be AAA game, it doesn't have to be a perfect game, it can be pretty rough - but if it has a mechanic or design element that is somehow unique or original, I'm instantly in love with the game.

The problem is that such games do not usually get a lot of exposure, since it is after all a niche. And that is really a shame - in the past few years the most fun had with video-games was playing such smaller and shorter indie games with something unique or pretty clever, where I can obsess over the design and more importantly - get inspired. That leads me to my question - are there any communites or blogs or content curators that are about this kind of smaller, maybe unpolished, but original games? Or what games would you recommend that would fit into this description? I don't mind if it's a 5 minute experience. It's ok if it's more interactive art than a game.

To better illustrate what I'm looking for, I'd compare it to modern art - the kind where you get a single colored square on a canvas. I never got it, and it always felt just weird - until I had to start doing flyer design and started researching and reading about composition, space and all that stuff. And now I see there's so much going on even on a picture with a single line, that it's really interesting to think about why the square is where it is, and what kind of composition rules was he working with.

And I think it's the same for game design - sometimes you see a clever mechanic or design on otherwise really ugly and unpolished game, and it still gets you inspired and thinking.

I understand that my question is a little bit vague, so I'll give you a list of some games I consider unique, some of them are well known, some of them not-so-much:

  • Immortality - you probably know about this one, but a game where the plot twist is discovering a hidden game mechanic, you could've done all the time? And the fact that you watch three movies at once in random scene order is also a really good experience.
  • Against the Storm - I really like how they solved the issue with management sims - that they tend to get boring once you set everything up, by making it a roguelike.
  • Different Strokes - an online persistent collaborative museum of art, where you can either leave a new painting, or edit someone's else. Each painting can be edited only once, so there are always two authors of a single piece.
  • Sayonara Wild Hearts - I really like the idea of making what's basically an interactive music album. While the game design isn't anyting that interresting, the focus on music is cool - there should be more music albums with video-games instead of video-clips.
  • Project Forlorn - Again, not really a game - this time I think there's no actuall gameplay, but it's the best interactive music album presentation I've ever seen. And again - I like the idea of exploring music and games together.
  • Playdate - Not exactly a single game, but rather a console - but the idea behind giving you a game per day (which is I think how it started, they may all be available now looking at it) sounds amazing - which I'd also consider a game design (or rather, experience design?).
  • Baba is You - Another probably well known game, but the puzzle mechanic is just mindblowing.
  • Before Your eyes - In this game, the main mechanic is that you go through the memories of someone who has just passed away, but the time advances every time you blink - physically blink, because the game can use your camera. That is such a clever idea, that it definitely fits onto this list.
  • Nerve Damage - This is my favourite recent discovery. The game is trying so hard to be uncomfortable to play, with it's main design build around just being unplayable. But it somehow works and once you get into the flow, it's such an unique experience.

So, does anyone has some recommendations about where to look for more experimental games? A curated list, blog would be awesome - since clicking through pages of games on itch.io is pretty hit and miss. Also, feel free to share some of your favourite unique design or experimental experiences and games!

 

Hello!

While discussing about privacy on Lemmy and in the Fediverse, I've stumbled upon an idea that would solve some of the issues inherent to the fact that you need to have a home instance, that is under control of someone you have to trust. But my knowledge about ActivityPub is lacking, and I'm not sure if something like this would be possible or not. Also - it possible that something like that already exists, but I didn't manage to find anything.

So, would it be possible to create a Fediverse/ActivityPub app that is just a self-hosted frontend for interacting with other apps, such as Lemmy or Mastodon, that only hosts your own personal data related to your account, but not the content you post to other instances?

The main thing I'm unsure with is how Fediverse works in this regard - who hosts the content. If my home instance is programming.dev, and I create a Post or a Comment on lemmy.ml, who is the source of truth for that post? Does the content get saved on my home instance, and Lemmy.ml only gets an ID that it queries if an user requests it, or do I send the content to Lemmy.ml to live on their server?

Depending on this, it would make such a self-hosted app easier or harder. If the content lives on the instance I post it to, it would mean that you can create a fediverse app that only stores your personal user information and DMs, and you don't have to deal with serving your posts to others - because they live on the other instance you posted it to. Then all that would be left is to create an UI for displaying and querying content from other instances, and you have a way how to interact with the Fediverse without risking any of your personal private data.

On the other hand, if the content would have to live on my instance, I would have to deal with serving it to whoever requests it, which would make it a lot harder to self-host.

I kind of hope it's the first option, because then it would allow for public communities of content-only servers while also letting users have their own personal-data only instances that allows them to interact with the rest. And I really like that idea, because it would allow you to for example have reliable E2E for messages, since you have the code that generates and stores the private certificate under absolute control, and only need to share your private key with others.

In general, it seems like a great solution to many privacy problems on the Fediverse, and if something like that would be possible (without having to serve the content, because then it may get too resource-intensive for a regular user), I would definitely try to come up with such a solution.

And now that I think about it - if you actually have to host the content, then it maybe be possible to create a combination of user-data / content servers, where you select a public community run content server to host your data, and have the personal user-data server self-hosted. And if a request comes to your user-data server for content, you just redirect it to the community-ran server. But that's just brainstorming.

 

Hello!

Ever since I've seen the screenshot of permissions that the Threads app requires, I've been thinking that it would be a great idea if you could have an app that would give them the permission, but kept feeding it random and bullshit data.

This could extend to other fingerprinting tools on the web - I can make my browser have limited fingerprinting, but as far as I know, it's usually static. Using letterboxing will set your pixel size to a common value, and privacy focused browsers are using constant User Agent that includes everything.

But that's not going to help too much - I want my fingerprint to be random, and totally wrong. Feed them unusable data, something that not only isn't useful for them - but also actively sabotages their analytics. Pair that with a VPN, and now they have no way how to track you across sites, and also get a lot of bullshit data.

Another great thing would be an Adblock extension that not only hides every ad, but also click on it. Multiple times. Sure, it would be giving money to the websites you visit (which may be good), but it will also cost advertisers who pay for clicks (and will probably get you banned anyway).

I'm assuming that nothing like that exists, but I suppose that forking UBlock or forking LibreWolf could work, and just adding a Random here and there into their anti-fingerprinting code could maybe not be so hard.

 

There is one argument I've seen missing in most of the de/federation discussions, that I think should be mentioned, and warrants it's own discussion.

I've seen a lot of people mentioning that defederating with Meta means we have broken the promise of Fediverse, that you can use one account to interact with whatever service you choose, and that it should be inclusive.

But I don't agree that's the main idea. There is something that's more important, and to make sure I'm not misinterpreting it, I'll just directly quote various websites about the Fediverse I've found (I was just taking top results for Fediverse on DuckDuckGo, but I did select only the parts that are the most important point for me personally). But I do concur, I was not able to find a single source of truth, and I'm not really sure how credible the resources are, so please disagree with me if it's wrong or I've chosen some no-name site that just matched my rethorics.

https://www.fediverse.to/ has the following sentence as the main hero header:

The fediverse is a collection of community-owned, ad-free, decentralised, and privacy-centric social networks.

Each fediverse instance is managed by a human admin. You can find fediverse instances dedicated to art, music, technology, culture, or politics.

Join the growing community and experience the web as it was meant to be.

Another search result is for fediverse.party, which has the following quite in https://fediverse.party/en/fediverse/ :

Fediverse (also called Fedi) has no built-in advertisements, no tricky algorithms, no one big corporation dictating the rules. Instead we have small cozy communities of like-minded people.

The page also mentions some link for knowledge about the fediverse. Some of them are only tutorials about how to join, but there's also https://joinfediverse.wiki/What_is_the_Fediverse%3F , with the following part:

How does it compare to traditional social media?

...

Morals

  • Traditional social media is neither social nor media. It is not made for you, it is made to exploit you and it is full of misleading ads and fake news.
  • This is because the aim of traditional social media is to make a whole lot of money.
  • The aim of the Fediverse is to benefit the people.
  • The aim of traditional social media is to control and steer the users.
  • The aim of the Fediverse is to empower the users to control the Fediverse.

I wasn't able to find more websites directly about the fediverse, and I did not want to quote random articles. But for completion sake, here is a list of FAQ/About sections of websites that are about the Fediverse, but don't directly support or imply the point of view I was trying to make (one that can be best summarized by the Morals in the last quite):

The split seems to be 50:50, but at least for my DuckDuckGo search results, the https://www.fediverse.to/ is the first result you find, and that one is pretty clear about what Fediverse should be. I wanted to start a discussion about what do the users here see as a main selling point of the fediverse, and whether morals and non-profit nature of the instances is important to most of the users as it is to me, or whether you'd rather have interconnectness and inclusivness.

view more: next ›