Latest 30 Comments

Reserve button appeared at EXACTLY 6pm and I hit it, and was instantly told I was reserved. Simples.

View this comment - View article - View full comments - Report this comment

Quoting: Kimyrielle

Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.

They're being blown up out of proportion, if you ask me. And I'm not happy at all about the tools used to find them or the methods to reveal them before a patch could be written and distributed.

I would caution against calling this "out of proportion". I think people wrongly assume that a "local" user has be at your keyboard to do damage. This is NOT the case. Everything you run is a "local" user, namely the account you typically work with. In this world of dependency hell, all it takes is a supply-chain attack. Someone could easily sneak some code into something you download and execute with your local privileges, and boom, you're toast.

Out of proportion is still fair as there are articles/headlines everywhere that absolutely are doing that - you're not wrong that it's still important to deal with. The kind of important to update when you are able and not really wait, but no reason to cancel plans or act like the sky is falling sort of thing either - unless you run a web server of any type or are otherwise more susceptible than an average desktop user. I will also always beat the drum about caution regarding supply-chain in general as well, and remind people that rolling distributions and languages that download 50 billion modules to do anything in a similar manner are and always will be a risk nobody actually has to take.

View this comment - View article - View full comments - Report this comment

The way the game dumps solo players in with teams of three put me me right off it. The lobby scaling was broken too - I managed to buy 3 healing potions once, and considered myself well equipped for being 3 or 4 hours into the game - inspected a team of three in the lobby and each player in that team had filled around 10 inventory slots with healing potions - so they had around 30 to 40 each. Why is this team playing with literal newbies?

And the game UI is like something out of the 90's. So many flaws. I'm gobsmacked by its popularity.

View this comment - View article - View full comments - Report this comment

Quoting: NagezahnJust a week ago or so I was thinking "wouldn't it be cool to play in a destroyed world and have the ability to gradually rebuild it and bring it back to life?". So. Yeah. Will check out the demo.

almost sounds like the classic Playstation game Legend of Mana might be up your alley if you haven't played that. emulation has come a long way since I last played it and it was already near perfect. lots of quirky, deep (mildly obtuse) mechanics to dig into if you get really hooked.

View this comment - View article - View full comments - Report this comment

What annoyed me with first game is that they removed splitscreen co op on pc (believe it has it on consoles)

Though this one doesn't even have a single player tag? Assuming it won't even have bots this time around?

View this comment - View article - View full comments - Report this comment

Offline doesn't seem so bad, as far as avoiding experimenting on live human beings.

I imagine they will work on cloning the world state, having a replayable archive, and simulating the protagonists.

I'm not sure how to make it useful: if you simulate one faction, or even just one player, you'll diverge from the recording, so you'll have to simulate some interactions and third parties as well. At which point, you could contain the modified events at the cost of simulation accuracy, or end up having to simulate everything, with the rest of the historical record becoming not so useful.

There might also be a promotional angle if they can manage something like the famous emerging stories EVE is famous for; but that would require simulating social relationships that are outside the game in many cases.

View this comment - View article - View full comments - Report this comment

Quoting: NezchanHave you tried Wildmender? It's pretty good, albeit not flawless, and the whole idea is re-growing a world.

I wish there were more games like it.

No, haven't had that on my radar, but it's now on my wishlist. Thanks for the recommendation! 😊

View this comment - View article - View full comments - Report this comment

Quoting: LoudTechie

Quoting: Caldathras

Quoting: tohur

Quoting: eggroleWhen these things happen (I suspect it is only a matter of time) IMHO the only valid response is to boycott the companies restricting access. Petitions and voting new "leaders" in doesn't seem to work. Violence is always an option, but a terrible one.

Boycotting a few companies into bankrupcy sends a clear message. And given how much hemming and hawing goes on about economics and GDP, I think it is the only language these people understand. Want to restrict the internet, suffer economic losses. All of a sudden the legislature becomes much more receptive and the companies themselves will start actually pushing back because it will now be existential.

people that think voting folks out doesn't work is why we have lazy a$$ people UNWILLING to hold their representatives accountable.. those fools get paid to be in office you threaten their livelihood they will listen when enough people are threatening them

You'll have to correct me if I'm wrong, as I am writing from a Canadian perspective, but there are a lot of countries whose politics are based off the British parliamentary system, just like Canada. At least for Canada, there is no recall option. In other words, the voters can only hold their representative accountable at election time. The politicians know that voters have short memories and tend to gamble quite confidently that the voters' anger will have cooled off by the time the election rolls around. It usually does.

Other issues come up, some politically manufactured, that distract the general voting population from the offense of an individual politician. Generally, the political parties are very careful not to stir up the voters' ire close to election time. So, it is not as simple as "lazy people being unwilling to hold their representatives accountable" -- although it does happen from time to time that a constituency's memory is longer than expected.

There's for most countries no recall option(for obvious stability reasons), but there're several control options, which does affect their ability to function and often even their income.
There're the spread out elections on different levels of government, which all preform checks and balances on each other.(on average 1 par year in Canada)
There's the ability to appeal to the other arms of the trias political.
There's the ability to track how your government has wronged you and remind others when the election does come up(freedom of speech), I'm actually quite surprised how few people do that, since everybody can write and people are quite publicly opiniated.

Your boss can't fire you any moment he likes, yet you still fear his power.
The same is true for politicians.

The accusation here's not laziness, but fatalism. I don't have absolute power, so I have no power, so I should take all the abuse.

It's a continuum, of course. Somewhere on one end would be full direct democracy or at least some kind of perfect representation of what people really want, based on excellent information, somewhere on the other end would be an illusion of choice that is completely ephemeral, with the fix in before anyone got close to a polling station, and the question is how close we are to the bad end. Not close enough to make the political process completely pointless, but certainly close enough to be uncomfortable.

A lot of European countries have proportional representation, which is nice; we should have that in Canada, but don't. The US of course has a less democratic system than most places that call themselves democracies, with just two parties holding a stranglehold on the political process. With only two political parties, and until the loonies took over the Republicans almost no daylight between them on economic issues, it becomes very hard to say that meaningful political choice is on offer. Add in all the money, and, well.

One thing we direly need in Canada is media reform--there is very little choice, most of the newspapers are owned by one company which in turn is owned by a US hedge fund, there's like, what, two private TV stations, and then you've got social media which is the same billionaire-algorithm-skewed doomscape as everywhere else, except on top of that Zuckerberg has explicitly dumped Canadian news sources from the algorithm. Such a media landscape puts a lot of "soft" constraints on what kind of policy can be offered.

View this comment - View article - View full comments - Report this comment

I've played the demo. It was enjoyable: not too difficult not too easy.
The only thing holding me back to buy is the early access.

View this comment - View article - View full comments - Report this comment

Quoting: buckysrevengeI live in a city 1½ hours south of Seattle, I remember buying the Steam Deck when it first came out and was so excited to get it in a couple days... then I found out it was shipping from Chicago and took over a week to get to me.

That's a kick in the butt, ain't it?

View this comment - View article - View full comments - Report this comment

Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.

They're being blown up out of proportion, if you ask me. And I'm not happy at all about the tools used to find them or the methods to reveal them before a patch could be written and distributed.

I would caution against calling this "out of proportion". I think people wrongly assume that a "local" user has be at your keyboard to do damage. This is NOT the case. Everything you run is a "local" user, namely the account you typically work with. In this world of dependency hell, all it takes is a supply-chain attack. Someone could easily sneak some code into something you download and execute with your local privileges, and boom, you're toast.

View this comment - View article - View full comments - Report this comment

Quoting: Phlebiac

Quoting: Cesare BeauteI payed for a 320Hz 1440p monitor but can only use 144Hz

Does it not have DisplayPort? That's the better choice, when available. Odd that such a monitor would not have it.

It has ports for DisplayPort, but the monitor didn't come with the cable, it only came with an HDMI cable.

View this comment - View article - View full comments - Report this comment

Quoting: NagezahnJust a week ago or so I was thinking "wouldn't it be cool to play in a destroyed world and have the ability to gradually rebuild it and bring it back to life?". So. Yeah. Will check out the demo.

Have you tried Wildmender? It's pretty good, albeit not flawless, and the whole idea is re-growing a world.

I wish there were more games like it.

View this comment - View article - View full comments - Report this comment

I use Mupen64-Next in Retroarch cause i can get game capture to play nicely with it when parallel is set the plugin. That way it plays with Vulkan and game capture can capture it. I just set my Retroarch to run with OpenGL in general so that the UI won't interfere with the capture.

Gopher seems to lack cropping of the image so you get black bars in top and bottom. Also it seems that you can't just do a folder for games to be picked. It seems to run in Vulkan though which is nice for game capture.

Also it seems that the CPU overclocking does not play that nicely compared to Retroarch Mupen64-Next's fullspeed setting which makes it 60fps constant.

I think i will still stay with Retroarch Mupen64-Next as it has much more verbose options.

View this comment - View article - View full comments - Report this comment

Copy Fail was for me a big thing, because it's for so far I can remember the first Linux specific n-day vulnerability that showed commoditization.

Explanation:
I've seen many attacks and attack attempts on Linux specific things.
The others all used zero-days.
This is the first time I see miscreants use an n-days in the Linux ecosystem.
I suspect this proofs I don't run an anti-virus scanner company, because it probably has happened before.
Yet, I don't know these examples.

View this comment - View article - View full comments - Report this comment

Quoting: Ehvis

Quoting: ShabbyXHowever that something must be untrustworthy for there to be a threat. Most of what you use is from distro packages, so should be fine. Steam games aren't (closed source), so you just have to cross your fingers and trust the developer.

True, but the funny thing is. Can those really do much more damage with a "Fail" or a "Frag" than they could do without it? If you're serious about security and do everything you can to separate things, the answer would be yes. But in practice it is most likely a no.

If you run a virus scanner it will most likely keep the Anti-virus killer at bay.
Tor-browser and if I remember correctly firefox have their own download folder sandboxing.
Apache sandboxes itself.
Python enforces sandboxing beyond calling user.
All flatpacks are sandboxed beyond calling user.
It's true that not all sandoxed perectly and obtaining user access is already a great breach, but if you want to have an indication what it limits simply run
 cat /etc/passwd
Each of the lines is a seperate user, which when it obtains root access suddenly can read your files.

Edit:
With the exception of root and your personal account ofcourse.

View this comment - View article - View full comments - Report this comment

Quoting: Caldathras

Quoting: tohur

Quoting: eggroleWhen these things happen (I suspect it is only a matter of time) IMHO the only valid response is to boycott the companies restricting access. Petitions and voting new "leaders" in doesn't seem to work. Violence is always an option, but a terrible one.

Boycotting a few companies into bankrupcy sends a clear message. And given how much hemming and hawing goes on about economics and GDP, I think it is the only language these people understand. Want to restrict the internet, suffer economic losses. All of a sudden the legislature becomes much more receptive and the companies themselves will start actually pushing back because it will now be existential.

people that think voting folks out doesn't work is why we have lazy a$$ people UNWILLING to hold their representatives accountable.. those fools get paid to be in office you threaten their livelihood they will listen when enough people are threatening them

You'll have to correct me if I'm wrong, as I am writing from a Canadian perspective, but there are a lot of countries whose politics are based off the British parliamentary system, just like Canada. At least for Canada, there is no recall option. In other words, the voters can only hold their representative accountable at election time. The politicians know that voters have short memories and tend to gamble quite confidently that the voters' anger will have cooled off by the time the election rolls around. It usually does.

Other issues come up, some politically manufactured, that distract the general voting population from the offense of an individual politician. Generally, the political parties are very careful not to stir up the voters' ire close to election time. So, it is not as simple as "lazy people being unwilling to hold their representatives accountable" -- although it does happen from time to time that a constituency's memory is longer than expected.

There's for most countries no recall option(for obvious stability reasons), but there're several control options, which does affect their ability to function and often even their income.
There're the spread out elections on different levels of government, which all preform checks and balances on each other.(on average 1 par year in Canada)
There's the ability to appeal to the other arms of the trias political.
There's the ability to track how your government has wronged you and remind others when the election does come up(freedom of speech), I'm actually quite surprised how few people do that, since everybody can write and people are quite publicly opiniated.

Your boss can't fire you any moment he likes, yet you still fear his power.
The same is true for politicians.

The accusation here's not laziness, but fatalism. I don't have absolute power, so I have no power, so I should take all the abuse.

View this comment - View article - View full comments - Report this comment

i have sunk a couple of hundreds of hours into first one. I loved it. But community died way too early.
and it was a bit limited.

Just add more content and hopefully this game will be better than first one.

View this comment - View article - View full comments - Report this comment

Quoting: ShabbyXHowever that something must be untrustworthy for there to be a threat. Most of what you use is from distro packages, so should be fine. Steam games aren't (closed source), so you just have to cross your fingers and trust the developer.

True, but the funny thing is. Can those really do much more damage with a "Fail" or a "Frag" than they could do without it? If you're serious about security and do everything you can to separate things, the answer would be yes. But in practice it is most likely a no.

View this comment - View article - View full comments - Report this comment

Just a week ago or so I was thinking "wouldn't it be cool to play in a destroyed world and have the ability to gradually rebuild it and bring it back to life?". So. Yeah. Will check out the demo.

View this comment - View article - View full comments - Report this comment

This looks so fluid, and the 3D effect is pretty sublime. The only thing holding me back from an insta-buy is that there's only around 10 hours of content so far, and the EA is around 2 years, I think. Reckon I'll still buy it, but I have a tendency with this style of release to play the 10 hours, then never play them again! But it looks so good, I think I'll pull the trigger on it anyway. Great devs too, and as the article notes, Linux native.

View this comment - View article - View full comments - Report this comment

Quoting: Ehvis

Quoting: Eike

Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.

Isn't that what privilege escalation is all about?
You got to local user, then you enhance your rights and become root.
I mean, it's not like "local user" means someone has to sit at your keyboard...

No, but someone still needs to have a local user account. So this is a big problem for multi-user systems. But I imagine most of us operate their home machine for themselves only, so for most of "us" it's not immediately exploitable.

It means someone has to run something locally, which you the single user do all the time.

However that something must be untrustworthy for there to be a threat. Most of what you use is from distro packages, so should be fine. Steam games aren't (closed source), so you just have to cross your fingers and trust the developer.

What you should never do, is download random binaries off of the internet and run them (because what is this, windows?)

View this comment - View article - View full comments - Report this comment

Still waiting for MK1 cutscene stutters to be fixed

View this comment - View article - View full comments - Report this comment

Quoting: Renzatic GearFortunately, I was able to get in just ahead of the rush, and grab one for myself. It's currently sitting in a box somewhere in Washington state. I bet it has a label on it and everything.

No, I'm not impatient at all.

I live in a city 1½ hours south of Seattle, I remember buying the Steam Deck when it first came out and was so excited to get it in a couple days... then I found out it was shipping from Chicago and took over a week to get to me.

View this comment - View article - View full comments - Report this comment

Quoting: Eike

Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.

Isn't that what privilege escalation is all about?
You got to local user, then you enhance your rights and become root.
I mean, it's not like "local user" means someone has to sit at your keyboard...

No, but someone still needs to have a local user account. So this is a big problem for multi-user systems. But I imagine most of us operate their home machine for themselves only, so for most of "us" it's not immediately exploitable.

View this comment - View article - View full comments - Report this comment

I got mine yesterday and am loving it. It's pretty comfortable to hold, and it's definitely my main controller from now on.

View this comment - View article - View full comments - Report this comment

On the nested desktop mode, while it does run within Game Mode, you need to make a tweak to the OS to prevent it from corrupting the Steam client.
When the Steam client fails to start on Steam Deck, it wipes the home folder and reinstalls itself.
To avoid this, you have to disable the autostarting of the client, which requires unlocking and modifying the OS partition.
I made a symlink in the system partition which I start the nested desktop mode from in game mode, so it fails after an OS drive update.
And I reapply this patch after OS updates with a quick script, which I'll share here if I remember.

View this comment - View article - View full comments - Report this comment

Quoting: MakiNote that both vulnerabilities are for a local user to gain root access.

Isn't that what privilege escalation is all about?
You got to local user, then you enhance your rights and become root.
I mean, it's not like "local user" means someone has to sit at your keyboard...

View this comment - View article - View full comments - Report this comment

Finally. Now I might be able to get one.

View this comment - View article - View full comments - Report this comment

From the [issues](https://github.com/V4bel/dirtyfrag/issues) it seems Debian 12 is not affected, 13 and 14 are. I cannot say how trustworthy. The one-line-command also deletes the compromised cache, so infected systems should be clean after that command (if no malware got installed) if I understand it correctly. After this command it is still required to update once your distro delivers a patch. It seems the disclosure went wrong and got published too early, so distros may take a bit longer to deliver a patch than usual.

View this comment - View article - View full comments - Report this comment