Mikina

joined 1 year ago
[–] Mikina@programming.dev 4 points 3 months ago

How to best approach starting secops in a small indie gamedev studio. We don't even have a sysadmin, and our boss mostly also does most of our infra together with one of the programmers.

We would love to start setting up some basic security setup, ideally FOSS based, and while I work there as a programmer, I do have 5 years of experience working as pentester and doing red teamings, so I kind of have an idea about what we could have. But I never did anything from blue team side, and also worked for large corporations, so most of the tools and solutions I've encountered are waaay over the budged of 20 man indie gamedev studio.

How would I even start? Are there any frameworks that would help but arent aimed at large corporations? What of the buzzwords we even need? Do I start with hardening group policies, get rid of local admins, then set up some kind of log management/SIEM, then IDS? And it's so hard to google for, because every blog post I found is just a disguised ad for a company that does Security as a Service. Why isn't there some kind of easy 10 step program that would tell you "step 1. Harden configuration. Step 2. Install ."

I vaguely know that most of the buzzwords that are thrown around have some dependencies, but what? Does IDS needs logs from SIEM, or is it the other way around? I'm obviously not qualified for this, but i dolid get time to research it, and some DIY attempts is definitely better than having no security in place at all. And, I know very well how to actually hack and test our security setup, so I can at least tell if something I've done is shit or useless :D

[–] Mikina@programming.dev 2 points 3 months ago (2 children)

I'd go for scandiavia, if I could choose anywhere. Or Island, working for CCP is my dream job.

[–] Mikina@programming.dev 8 points 3 months ago* (last edited 3 months ago) (4 children)

When I tried that, it lasted me for almost a year and a half, before I unfortunately got a second job that required MFA and I needed to be more online in general due to juggling two jobs. And it was amazing!

What I eventually did however was to get a dumb phone that can do a wifi hotspot, and still carried my smartphone but without simcard and net access, and powered off. When I really needed to get a taxi or look up a way home when I overslept drunk on public transport and ended up who knows where, I could always just fire up hotspot, power on the smartphone and do stuff I needed. Cause when that happened first time, it was when I first realized how much dependent I am on smartphone and net access.

Thanks for reminding me, I just quit one of the jobs and I can afford to be more offline, so back to the dumb phone I go! Convincing my GF again that she has to text me instead of using discord will be hard, though ... Or explaining that I really cant look up the fact she wants, or call a taxi quickly...

I still have a python bot that forwarded discord messages to my own bare html website, so I can chat with her with the basic web browser of the dumb phone.

[–] Mikina@programming.dev 9 points 3 months ago (1 children)

Yeah, I know and that's what I'm afraid of. I guess I'll just have to come to terms with most websites not working in some obscure web browser that's not feature-complete. Would actually help with my addiction, so it won't be so bad, I guess.

[–] Mikina@programming.dev 14 points 3 months ago

You are right, it was unfairly harsh wording, I apologize for that. Most of those products are super cool and important, I've kind of extrapolated it from what I've read in other posts about them spending too much on stuff like events and other, non-developemnt, related stuff that I actually never checked, while also not realizing that they also have a ton of other projects, which mixed with the dissapointment with the recent development about the Meta partnership led to me choosing that wording unfairly.

[–] Mikina@programming.dev 153 points 3 months ago (13 children)

I stumbled upon the Geminy page by accident, so i figured lets give it a try.

I asked him in czech if he can also generate pictures. He said sure, and gave me examples about what to ask him.

So I asked him, again in czech, to generate a cat drinking a beer at a party.

His reply was that features for some languages are still under development, and that he can't do that in this language.

So I asked him in english.

I can't create images for you yet, but I can still find images from the web.

Ok, so I asked if he can find me the picture on the web, then.

I'm sorry, but I can't provide images of a cat drinking beer. Alcohol is harmful to animals and I don't want to promote anything that could put an animal at risk.

Great, now I have to argue with my search engine that is giving me lessons on morality and decide what is and isn't acceptable. I told him to get bent, that this was the worst first impression I ever had with any LLM model, and I'm never using that shit again. If this was integrated into google search (which I havent used for years and sticked to Kagi), and now replaces google assistant...

Good, that's what people get for sticking with google. It brings me joy to see Google dig it's own grave with such success.

[–] Mikina@programming.dev 10 points 3 months ago* (last edited 3 months ago) (8 children)

If it keeps going on like this, it won't be long before I'll just say fuck it and switch to elinks...

Hmm, on that note - is there any CLI web browser that can do javascript and css? Because iirc, elinks doesn't, though I havent used it in years.

[–] Mikina@programming.dev 9 points 3 months ago (2 children)

IIRC, only like 2% of Mozilla spending goes towards FF (I may be misinterpreting something, but I remember 2% being thrown around), so funding FF without rest of Mozilla bullshit shouldn't be that hard. Of course, since Mozilla did spend so little on FF, it's a question how much they actually care about FF and what would happen if they lost access to their golden goose. They shouldn't have problem funding FF, but they probably have other bullshit they don't want to let go and that has more priority for them.

[–] Mikina@programming.dev 13 points 3 months ago (4 children)

I'm not sure what Mullvad is based on - i think it's on Tor, which is Firefox based?

I do use mostly LibreWolf, but if FF also went to shit, I wonder if Tor, and thus Mullvad, would keep on going or not. Because I suppose LibreWolf would have troubles with keeping up, if Mozilla would enshitify FF, since they would probably have to fork and continue development on their own.

[–] Mikina@programming.dev 0 points 3 months ago* (last edited 3 months ago) (1 children)

76% of all respondents are using or are planning to use AI tools in their development process this year, an increase from last year (70%). Many more developers are currently using AI tools this year, too (62% vs. 44%).

What the fuck. That's horrifying. I also though that every sensible workplace bans the use of AI.

A friend was telling me about a discussion between CTO's at a conference, where they were talking about whether it's even worth it to hire junior developers anymore, since there's a high risk of them just being "AI-raised", without much (or any) experience of coding without AI. And, this survey result... I can see where they are coming from. The future of programming looks pretty bleak - our job will not be replaced. It will just get worse, with good developers being more of a rarity.

And the amount of people who use vim or neovim as their IDE is surprisingly high. Is it skewed by sysadmins?

[–] Mikina@programming.dev 1 points 3 months ago

From time to time I watch some scam-hunting youtubers for fun, because some of them have really perfected their game and listening to scammers raging is fun, but it's also super unsettling when you realize they also talk like that to real victims. It's unhinged.

[–] Mikina@programming.dev 5 points 3 months ago (7 children)

This is the first time ive heard about microg. How is the app support with it? Can you run every app that needs play service? I have Google Sandbox installed only on a second Graphene profile, and use it for bare minimum of apps that dont work without it, Bolt app, mostly weird MFA for work or package tracking apps i use once per month, while disabling most of their permissions. Will microg improve my situation in this case to be worth switching over? Does it work without root?

view more: ‹ prev next ›