With what has happened around the studio, I’d say it’s good that DE2 was canceled. It was to be made by a ruins of a studio that was stolen along with it’s IP from the original developers and artists, who didn’t manage to navigate the landmine of for-profit gamedev industry, and got basically scammed by investors, who robbed them of their IP and studio through various loopholes and bullshit of shares-based companies. (It’s a pretty nuanced story, and I’m not really sure how it ended up, so it’s better to watch the documentary about it if you’re interrested, rather than take my conclusion from it. I also haven’t followed recent developement, so if anyone knows how that turned out, let me know)

It’s quite a sad and infuriating story, especially since ZAUM was IIRC originally a pretty wholesome art collective of punks and anarchists from squats. It must have been devastating to enter the market with such ideals, only to be scammed of your art by the first investor you encounter, who you might’ve even considered a friend.

There’s quite a few ex-Disco Elysium studios popping out. My favorite so far is the Summer Eternal. It feels like they didn’t want to announce it this early, but because two other studios (Longude, and Dark Math Games) got announced few days ago, they did the same.

Summer Eternal feels the most radical out of the three studios, I really like their manifesto and how they are attempting to mix art-collective with market-based development. And they have some amazing writers.

Here are few bits and pieces of the manifesto from their website, I really recommend reading it. Also, the website linked above is just stunning.

…

As creators and game makers, we have too long been led away from the truth, away from the right to define ourselves as artists in service of the definitive art form of the future, one that has made us dream since we were children.

Instead, the disposability culture operating at the ruthless core of this industry wants us to think of ourselves as cogs in the machine: rudimentary craftsmen, disposable career workers, inert producers of made-to-order marketing-driven “content” — empty calories leaving the soul hungry.

The Profiteer knows that by keeping your dignity low, he will keep you crawling on the treadmill of passion until he lays you off for the sake of the red number in his book.

…

Machine-generated works will never satisfy or substitute the human desire for art, as our desire for art is in its core a desire for communication with another, with a talent who speaks to us across worlds and ages to remind us of our all-encompassing human universality. There is no one to connect to in a large language model. The phone line is open but there’s no one on the other side.

I can’t recommend Maldev Academy enough. It has been an amazing resource, to get into malware development. Keep in mind, however, that malware development is pretty difficult topic. You will have to eventually use WinAPI and syscalls, so learning about that even outside of malware development will help you a lot.

For example, try looking into how to execute a shellcode in memory - allocate memory as RWX, copy some data and then execute it. Try executing it in a different process, or in a different thread of another process. That’s the core of malware development you’ll probably eventually have to do anyway. Manually calling syscalls is also a skill that you’ll need, if you want to get into EDR avoidance.

Also, look into IoCs and what kind of different stuff can be used to detect the malware. Syscall hooks, signatures, AMSI, and syslog are all things that are being watched and analyze to detect malware, and knowing what exactly is your program logging and where is one of the most important and difficult skills you can get.

There probably are a lot resources for these two skills, and they are an important foundation for malware developemnt, so I’d suggest researching that. You’ll probably not get much from looking at other malware, because it tends to be really low-level, and obfuscated, exactly to avoid the IoCs I’ve mentioned above. Implementing the malware behavior after that is the easier part.

Another good resource to look into are C2s and communication, for example Mythic C2 has some interresting stuff.

And I really recommend joining the Bloodhound slack. Throughout my cybersecurity carreer as a Red Teamer, the community has helped me a lot and I’ve learned amazing stuff just by lurking.

I’d recommend Half Life: Alyx.

Or, you can probably make an absolute beast of Skyrim through mods.

If anyone visiting this thread has any non-C# but code-bullet like videos, I’m interrested in those too. Never thought about looking for more simillar content, but now that I think about it, I should.

It’s best to have a local copy of package repos with whitelisted libraries, or so I’ve heard. But containers are fine, too. Especially with VSCode .devcointainers, it’s super easy to setup and distribute with the repo, there’s really no reason not to do that.

The biggest issue here that a lot people don’t realize is Bing AI, it’s insanely easy to poison it’s results, since it summarizes search results. It’s only a matter of time before someone convinces it to start using or adding a typosquatted/malicious library to answers to a common programming question, and it will be a fun times ahead.

it’s also important to keep in mind that the cybersecurity field has adbanced tremendously, with cloidfare, EDRs, and in general it is now way harder to do anything anonymously without getting caught, quickly. This also males the field of hacking way more difficult to get in, which combined with reduced attention span of younger generations probably means there’s not that many bored teens willing to put the time in, and as an adult you have way much more to loose, so for hose who had the skills it would be a lot greater risk.

I spent three days trying to get a RaycastCommand (Unity’s jobified raycasts) working to get multiple hits per raycast. Should have been easy, according to the docs:

The result for a command at index N in the command buffer will be stored at index N * maxHits in the results buffer.

If maxHits is larger than the actual number of results for the command the result buffer will contain some invalid results which did not hit anything. The first invalid result is identified by the collider being null

maxHits The maximum number of Colliders the ray can hit

Well, no. I was getting super weird results and couldn’t get it to work properly. First thing I checked was if I’m getting two+ hits for any of the raycasts, because you simply can’t trust Unity. And I was getting multi hits, but seemingly at random.

The error? I was sorting the hits by distance using bubblesort, and made a simple error with index in it. Which resulted in me seemingly getting two hits per ray sometimes, but it was just a result for another ray moved there by faulty bubblesort. Because unity actually doesn’t support multiple hits per ray.

I couldn’t find the original thread about the issue (which was two years old by the time I was dealing with it), which had an amazing reply from Unity:

I have discussed it with an engineering team, and RaycastCommands don’t support multiple hits because it was difficult to implement. The documentation just doesn’t explains it really well

The fuck doesn’t explain it very well??? It literally describes a parameter that sets max hits per ray and tells you how to get the multi hits from results…

Fuck unity :D

Whi getting through college, I was always bummed that we have to learn a lot of stuff that seemed super irelevant to my future carreer, while also being annoying. Stuff like prolog, Phyro, Lisp, Assembly, or bunch of obscure math.

It was only years later when I finally realized why it was important - the school wasn’t for teaching me to be the C#/Java programmer, but it taught me to be A programmer. I can pick up and start successfully writing anything I need, in any language, relatively quickly and without issues, nonmatter whether it’s functional, objective, or wharever style of language, because I’ve very probably already had to deal with, learn, understand and pass exams in language that is similar to it, since college made me learn a language from almost every style or flavor of languages there are.

I was surprised when I first saw colleagues struggle with picking up languages other than the ones they work in, and that was when I finally realized why and how sneakily did the college make me a universal programmer without me noticing it. And that’s something that’s harder to get when self-taught, because you don’t get exams and it’s easier to miss the point and just skip courses on lisp, prolog or lambda calculus, because it seems irrelevant, but the different point of view and approach used when writing in those languahes is what will teach you the most.

On the topic of Mullvad, what made me choose Kullvad over LibreWolf was the VPN being bundled in. If I’m not mistaken, the whole point of ToR browser is that you have exactly the same fingerprint as any other Tor browser user, making it a lot harder to distinguish you from others using your extensions, browser and other minor stuff your browser reports about you, that combined makes for a pretty unique fingerprint, evej of you are using a VPN.

But, if you have a browser that has the same fingerprint for all users, and it has an accompanying VPN, you can partly expect that most of other users of the same VPN will also be using the same browser, making it a lot harder to track you - because while there may be only a few thousands users of Mullvad in the wild, which renders the same fingerprint not much of an advantage (because you would be one of the few users of i.e Proton VPN with Mullvad), if you also use Mullvad VPN, it’s probable that most of other users who share your Mullvad VPN IP are also Mullvad browser users, making it easier to blend in.

Bit that’s mostly my theory, why (along with being able to pay with Monero) I feel like the combo of Mullvad browser and VPN is the best combination as far as minimizing fingerprint is considered. If someone has more knowledge about the issue, I’d love to hear some counter-arguments or tips how to improve my setup.

https://www.ccpgames.com/

EVE is one of the most unique games I’ve ever seen and I admire it, and CCP in general, from what I’ve seen in their volunteer programs or from streams, seems like a nice workplace.

Also, Island is cool.

Then the book will definitely be up your alley, it’s exaclty about that, and offers a great tips about how to approach it.

I cheated the MFAs by switching what I could to SMS, Yubikey or just copying the MFA private keynto Bitwarden. Kind of defeats the point of MFA, but makes stuff definitely easier.

Anything that’s important however is on yubikey, however.

Also, good luck! Are you going through the Digital Minimalism book? I should refresh on it, every time I try it, it doesn’t last long, but I always get rid of one more stupid online habit that I don’t pick up when I inevitably return to my pre-reading the book intetnet usage. So, after already going through like 4 attempts in the last 3 or 4 years, my internet usage is slowly but surly changing for the better. But it’s more of a long run, rather than being able to get everything on the first try, in my experience at least.

If you’re not doing it because of the book/haven’t heard of it, I definitely recommend reading Digital Minimalism by Carl Newport.

How to best approach starting secops in a small indie gamedev studio. We don’t even have a sysadmin, and our boss mostly also does most of our infra together with one of the programmers.

We would love to start setting up some basic security setup, ideally FOSS based, and while I work there as a programmer, I do have 5 years of experience working as pentester and doing red teamings, so I kind of have an idea about what we could have. But I never did anything from blue team side, and also worked for large corporations, so most of the tools and solutions I’ve encountered are waaay over the budged of 20 man indie gamedev studio.

How would I even start? Are there any frameworks that would help but arent aimed at large corporations? What of the buzzwords we even need? Do I start with hardening group policies, get rid of local admins, then set up some kind of log management/SIEM, then IDS? And it’s so hard to google for, because every blog post I found is just a disguised ad for a company that does Security as a Service. Why isn’t there some kind of easy 10 step program that would tell you “step 1. Harden configuration. Step 2. Install <one of many security tooling acronyms>.”

I vaguely know that most of the buzzwords that are thrown around have some dependencies, but what? Does IDS needs logs from SIEM, or is it the other way around? I’m obviously not qualified for this, but i dolid get time to research it, and some DIY attempts is definitely better than having no security in place at all. And, I know very well how to actually hack and test our security setup, so I can at least tell if something I’ve done is shit or useless :D

I’d go for scandiavia, if I could choose anywhere. Or Island, working for CCP is my dream job.

When I tried that, it lasted me for almost a year and a half, before I unfortunately got a second job that required MFA and I needed to be more online in general due to juggling two jobs. And it was amazing!

What I eventually did however was to get a dumb phone that can do a wifi hotspot, and still carried my smartphone but without simcard and net access, and powered off. When I really needed to get a taxi or look up a way home when I overslept drunk on public transport and ended up who knows where, I could always just fire up hotspot, power on the smartphone and do stuff I needed. Cause when that happened first time, it was when I first realized how much dependent I am on smartphone and net access.

Thanks for reminding me, I just quit one of the jobs and I can afford to be more offline, so back to the dumb phone I go! Convincing my GF again that she has to text me instead of using discord will be hard, though … Or explaining that I really cant look up the fact she wants, or call a taxi quickly…

I still have a python bot that forwarded discord messages to my own bare html website, so I can chat with her with the basic web browser of the dumb phone.

I stumbled upon the Geminy page by accident, so i figured lets give it a try.

I asked him in czech if he can also generate pictures. He said sure, and gave me examples about what to ask him.

So I asked him, again in czech, to generate a cat drinking a beer at a party.

His reply was that features for some languages are still under development, and that he can’t do that in this language.

So I asked him in english.

I can’t create images for you yet, but I can still find images from the web.

Ok, so I asked if he can find me the picture on the web, then.

I’m sorry, but I can’t provide images of a cat drinking beer. Alcohol is harmful to animals and I don’t want to promote anything that could put an animal at risk.

Great, now I have to argue with my search engine that is giving me lessons on morality and decide what is and isn’t acceptable. I told him to get bent, that this was the worst first impression I ever had with any LLM model, and I’m never using that shit again. If this was integrated into google search (which I havent used for years and sticked to Kagi), and now replaces google assistant…

Good, that’s what people get for sticking with google. It brings me joy to see Google dig it’s own grave with such success.

How I understand it is that the admired language is one of those “I’ll start learning it tommorow” languages, that you however already talk about how great it is wherever you can, i.e see Rust on Lemmy.

I also find it funny (and relatable) how neovim is the most admired IDE. I totally relate to that, I’ve been telling myself “I’ll learn and switch to Helix tommorrow” for the past two years.

76% of all respondents are using or are planning to use AI tools in their development process this year, an increase from last year (70%). Many more developers are currently using AI tools this year, too (62% vs. 44%).

What the fuck. That’s horrifying. I also though that every sensible workplace bans the use of AI.

A friend was telling me about a discussion between CTO’s at a conference, where they were talking about whether it’s even worth it to hire junior developers anymore, since there’s a high risk of them just being “AI-raised”, without much (or any) experience of coding without AI. And, this survey result… I can see where they are coming from. The future of programming looks pretty bleak - our job will not be replaced. It will just get worse, with good developers being more of a rarity.

And the amount of people who use vim or neovim as their IDE is surprisingly high. Is it skewed by sysadmins?

That’s a good question, and I never through about it like that. I think that the lack of documentation isn’t that much of a problem, rather that the code stands out in the project in that it is complex to understand and requires some more though, effort and imagination to grasp, since it’s generic with lot of interfaces and polymorphism.

Now, that usually wouldn’t be much of an issue, however - the project is a game we’ve been actively working on in our spare time in a team of 2 programmers for the last 6 years, and we are all fed up with it and just want it to end. Most of the (pretty large by now) codebase is kind of simple - it’s a game code, after all, and since we started it when we were 20, there aren’t many overenginered ideas or systems, but everything is mostly written in the ugly, but simple and direct way, so if we had wanted to change something, we may have had to rewrite a part of it, but it never really needed much effort to understand what’s going on.

But now I need to change this code, which is one of the only parts that requires some kind of imagination and actually sitting down and trying to understand it, and since my motivation about the project is so low, it’s a pretty large hurdle to cross. One that is also unnecessary, since most of the generalism isn’t needed and will never be used. But since the code is written in such extensible way, it’s hard to just hack up a simple and ugly solution somewhere into it and be done with it, without really figuring out what the hell is going on.

A documentation wouldn’t help with that - it would still take the same amount of mental effort to be able to work with that code, which we generally lack in the project. I think that if I actually took the time to properly look through the code, figuring out what’s going on wouldn’t be too hard - the naming convention is pretty ok and it’s not that difficult, it just requires some mental effort.

I’m not trying to make excuses, the code very probably has problems, I’m just trying to better sort my thoughts about why I have so much problems working on it. It probably has more to do with my motivation, rather than the code in itself, and the fact that the complexity here wasn’t required, and is now a needless hurdle that actually hinders progress. Not due to it’s quality, but do to unrelated motivation issues and us having to basically force ourselves to work on and finish the damn project.