Deadlock (Valve's Unannounced Title) Passes 12k Peak Players in Closed Alpha by mox in c/games@lemmy.world
[-] mox 3 points 4 days ago* (last edited 4 days ago)

No, that is not what I said at all. Either you've misunderstood, or you're arguing in bad faith. Given that you're now pushing an unrealistic all-or-nothing point of view and putting words in my mouth, I think it's some of both.

Deadlock (Valve's Unannounced Title) Passes 12k Peak Players in Closed Alpha by mox in c/games@lemmy.world
Infamous $30 Logitech F710 called out in $50M lawsuit over Titan sub implosion by mox in c/technology@lemmy.world
[-] mox 2 points 5 days ago

Very informative. Thank you!

Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips by mox in c/technology@lemmy.world
[-] mox 2 points 5 days ago* (last edited 5 days ago)

No, it is misleading. An exploit with no remediation is not remotely comparable to a normal root exploit, which can be fixed with a simple OS reinstall.

Edit: And their follow-up comment, "if somebody has ring 0 access that shouldn’t, you already have problems," is dangerously misleading. While technically true that you would have a problem in both scenarios, presenting it that way is like telling someone not to worry about losing a leg because their sprained ankle is already a problem.

Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips by mox in c/technology@lemmy.world
[-] mox 8 points 5 days ago

anyone with that access can do a lot of damage anyway.

it’s just that there’s no remediation once the flaw has been exploited.

One of these things is not like the other.

Infamous $30 Logitech F710 called out in $50M lawsuit over Titan sub implosion by mox in c/technology@lemmy.world
[-] mox 1 points 5 days ago* (last edited 5 days ago)

it was build into the train by the train manufacturer.

What makes you think the train manufacturer did it? Is that on record someplace? Because the installation and materials don't look at all like the surrounding work. Looks more like a handyman hack job. Now that I've seen the photos, I'm curious about what actually happened there.

Day 24 of posting a Daily Screenshot from the games I’ve been playing until I forget to post Screenshots by mox in c/games@lemmy.world
[-] mox 9 points 5 days ago

Hey, thanks for deciding to do this series. Not all the scenes you've posted have been as striking as this one, but I'm enjoying the visual tour of game worlds in my feed.

Infamous $30 Logitech F710 called out in $50M lawsuit over Titan sub implosion by mox in c/technology@lemmy.world
[-] mox 10 points 5 days ago* (last edited 4 days ago)

Using commercial off the shelf technology without proper testing and certification is absolutely cutting corners. See: Kaprun disaster.

I just read the wikipedia article; thanks for mentioning it.

I'm not sure it's a good example of your point, though. Notably:

the cause was the failure, overheating and ignition of a fan heater in the conductor's compartments which was not designed for use in a moving vehicle.

The onboard electric power, hydraulic braking systems, and fan heaters intended for domestic use increased the likelihood of fire.

The fan heater is the only off-the-shelf technology listed here, and there's no suggestion that it was part of the train's design. It seems likely that a train conductor brought it on board to keep the compartment warm through the workday. Still a bad idea in a train, especially on a 30° slope, but not an example of the designers cutting corners.

Edit:

Thanks to others for linking photos and a report (in German) that show how the heater was installed. It was clearly not a case of a conductor just setting the heater on the floor, but the installation still looks very much out of place. Perhaps corner-cutting was involved, but this doesn't look like something done by the train designers. Even an expensive industrial heater seems like it would be an extraordinarily bad idea in that location, right up against high-pressure hydraulic oil lines. Does someone have the details behind it? It looks more likely a (very foolish) modification made by someone else, like maybe the train operators.

For anyone else following this, those hydraulic oil lines that the heater was nearly touching were apparently pressurized at 190 bar, which I think is about 2700 pounds per square inch.

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections by mox in c/technology@lemmy.world
[-] mox 3 points 6 days ago* (last edited 6 days ago)

No, it does not mean you would need to do that.

The more likely scenario is an attacker using another vulnerability, either in the OS itself or in a vendor-supplied component like a driver or anti-cheat module, to gain a foothold for this one. Chaining exploits is a very common technique. (What "trade" are you in, exactly?)

Apply the mitigations when they become available for your hardware, folks.

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections by mox in c/technology@lemmy.world
[-] mox 25 points 6 days ago* (last edited 6 days ago)

Notable quote:

“It's going to be nearly undetectable and nearly unpatchable.” Only opening a computer's case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.

Let's hope a microcode or BIOS update can prevent it from happening in the first place.

Original source:

https://info.defcon.org/event/?id=54863

Relevant links:

https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/

https://www.youtube.com/watch?v=xSp38lFQeRE

https://www.youtube.com/watch?v=lR0nh-TdpVg&t=2s

https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

(I found the Bleeping Computer article more informative and concise than the Wired one.)

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections by mox in c/technology@lemmy.world
[-] mox 5 points 6 days ago* (last edited 6 days ago)

AMD hadn't published a list when the article was first run, but it has since been updated:

but it pointed to a full list of affected products that can be found on its website's [security bulletin page](but it pointed to a full list of affected products that can be found on its website's security bulletin page..

105
How a little-known tool is sweeping the real estate industry by giving instant access to vast amounts of homebuyer data (therecord.media)
submitted 3 weeks ago by mox to c/privacy@lemmy.ml
9 comments fedilink
92
Dune: Prophecy | Official Teaser 2 (www.youtube.com)
submitted 4 weeks ago by mox to c/sciencefiction@lemmy.world
22 comments fedilink
32
Alien: Romulus | Final Trailer (www.youtube.com)
submitted 4 weeks ago by mox to c/movies@lemmy.world
18 comments fedilink
240
USPS shared customer postal addresses with Meta, LinkedIn and Snap (techcrunch.com)
submitted 4 weeks ago by mox to c/news@lemmy.world
30 comments fedilink
27
SomaFM: Over 30 unique channels of listener-supported, commercial-free, underground/alternative radio broadcasting to the world. (somafm.com)
submitted 4 weeks ago by mox to c/entertainment@beehaw.org
0 comments fedilink
114
Free-threaded CPython is ready to experiment with! (labs.quansight.org)
submitted 1 month ago by mox to c/programming@programming.dev
36 comments fedilink
118
Rivers becoming 'reservoirs of disease' warn Suffolk scientists (www.bbc.com)
submitted 1 month ago* (last edited 1 month ago) by mox to c/world@lemmy.world
2 comments fedilink

Scientists say "a reservoir of disease" is being created after discovering bacteria that naturally occur in rivers are becoming resistant to antibiotics due to the impact of sewage.

Researchers at the University of Suffolk said bacterial strains found on the non-tidal section of the River Deben in Suffolk had acquired resistance by exchanging DNA with antibiotic resistant E. coli.

Some bacteria have become resistant to the antibiotic carbapenem, which is used as the last line of defence in fighting infections already resistant to traditional antibiotics.

51
DXVK Release Version 2.4 (github.com)
submitted 1 month ago by mox to c/linux_gaming@lemmy.world
2 comments fedilink

D3D8 support

D8VK is now part of DXVK, and implements D3D8 largely on top of the existing D3D9 implementation. Please refer to pull request #3411 for further details.

Native WSI changes

dxvk-native now supports multiple window system backends that the application can choose between at runtime. Refer to the corresponding pull request #3738 for details. In addition, proper ABI versioning has been added for native libraries.

Non-native refresh rate emulation

In environments where the display mode cannot be changed (e.g. Proton), it is possible that DXVK reports a different refresh rate to the game than what the display is currently running at. This is problematic for games that require to be run at 60 FPS but do not limit their frame rate when using a 60 Hz display mode.

To work around this, the frame rate limiter will now be engaged automatically if a game runs in full-screen mode with vertical synchronization enabled, and if the detected frame rate over a short period of time is higher than the refresh rate of the selected display mode. This also applies to D3D12 when using vkd3d-proton as of commit 80f6c46 or later.

In case a game runs at a lower rate than expected and does not provide an in-game option to change refresh rate, this behaviour can be disabled by setting d3d9.maxFrameRate = -1 (or the corresponding dxgi option for D3D10+ games). Setting DXVK_FRAME_RATE also overrides this behaviour as usual.

Bug fixes and Improvements

  • Fixed various issues with D3D9 fixed-function texture coordinate processing (PR #4015, PR #4026).
  • Fixed pipeline layout compatibility issues when using graphics pipeline libraries, which would cause crashes or rendering issues on AMD's official drivers with pipeline libraries enabled.
  • If supported, VK_NV_descriptor_pool_overallocation will now be used to potentially save small quantities of descriptor memory.
  • Improved descriptor pool management in general to save memory in case a game renders without ever presenting to the screen.
  • Improved video processor blit functionality (PR #3970 PR #3984)
  • Improved compatibility to third-party mods hooking various DXGI entry points (PR #3966, #3968).
  • Battlefield 2, 2142: Work around hang on alt+tab (PR #4109).
  • Dead Space 2: Work around issues caused by the game's Vsync implementation (PR #4071).
  • Dragonshard: Work around performance issues (PR #4079).
  • Fallout 4: Work around an issue with the game locking itself to 45 FPS on Steam Deck OLED.
  • Fallout New Vegas: Fix rendering issues when using certain mods (PR #4079).
  • Ghostbusters Remastered: Work around flickering character faces (#4045, PR #4046).
  • Gothic 3: Fix shadow rendering issues caused by incorrectly reported format support (#3980, PR #3991).
  • Guild Wars 2: Work around a flickering issue (PR #3992).
  • Prototype: Work around broken shadow rendering if the game detects an AMD or Intel GPU (#4008, PR #4011).
  • Star Citizen: Work around an issue with the game's UMD version check (PR #3985).
  • The Sims 2: Work around low CPU-bound performance in some situations.
  • Tomb Raider Legend: Work around flickering character issues (PR #4105).
  • Red Faction Guerrila Remastered: Work around sky box rendering issues (#3696, PR #3972).
  • Rise of Nations: Work around crash on alt+tab (PR #4117).
  • Watch Dogs, Watch Dogs 2: Work around flickering character issues (PR #4059, PR #4090).
  • WRC 4: Enable 60 FPS limit to work around audio issues (PR #4099).
86
Selfie-based ID raises eyebrows among infosec experts (www.theregister.com)
submitted 1 month ago by mox to c/technology@lemmy.world
2 comments fedilink

cross-posted from: https://lemm.ee/post/36566249

The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Some banks – and even governments – have begun requiring live images over Zoom or similar in order to participate in the modern economy. The question must be asked, though: is it cyber smart?

Just last Monday the Southeast Asian nation of Vietnam began requiring face scans on phone banking apps as proof of identity for all digital transactions of around $400 and above.

The nation's residents are not able to opt out of the banking rules, despite Vietnam regularly finding itself ranked poorly when it comes to internet privacy or cyber security.

Local media has weighed in to suggest that selfies will not improve security. And just days into the new regime, some apps have already been called out for accepting still photos instead of a live image of the individual.

92
bash-dungeon: An educational dungeon crawler in the shell (github.com)
submitted 1 month ago by mox to c/linux_gaming@lemmy.world
5 comments fedilink
8
A Git story: Not so fun this time (blog.brachiosoft.com)
submitted 1 month ago* (last edited 1 month ago) by mox to c/programming@programming.dev
0 comments fedilink

I found this an interesting read about Git's history and design.

71
Linux's DRM Panic "Screen of Death" Sees Patches For QR Code Error Messages (www.phoronix.com)
submitted 1 month ago by mox to c/linux@lemmy.world
12 comments fedilink
What are the craziest misconceptions you’ve heard about programming from people not familiar with it? by mox in c/programming@programming.dev
[-] mox 195 points 5 months ago

The notion that creating a half-decent application is quick and easy enough that I would be willing to transform their idea into reality for free.

view more: ‹ prev next ›

mox

joined 6 months ago