andyburke

Timelines change based on interest.

Servo is a new browser rendering engine in Rust - seems interesting and gathering steam.

Don’t be too fatalistic - every time the corpos have come for the internet they have been circumvented. I don’t see it stopping now - especially since people like us are tired of this brand of bullshit.

Yep, and to the person justifying the IT department’s invasion of privacy: they’ve been lying to us for years, there are breaches ALL THE TIME. Workers will give up every right in the face of corporate excuses? 🤷‍♂️

You are a fintech dev using floating point? And your advice is to encode things as strings?

…

This is why I got out of fintech.

(I am sorry, I know there are horrors and I am sure I am not familiar with your exact scenario.)

Edit: just for anyone who passes by: try to stick with integers in a currency’s smallest unit of division. (This is only one small bit of this problem, but the number of times I have seen currency values in floating point makea me psychotic.)

These JSON memes got me feeing like some junior dev out there is upset because they haven’t read and understood the docs.

🤷‍♂️ I could spend that two hours with my kids.

You aren’t wrong, but as a community I think we should be listening carefully to the pain points and thinking about how we could make them better.

Gonna just stream of consciousness some stuff here:

Been thinking lately, especially as I have been self-hosting more, how much work is just managing data on disk.

Which disk? Where does it live? How does the data transit from here to there? Why isn’t the data moving properly?

I am not sure what this means, but it makes me feel like we are missing some important ideas around data management at personal scale.

Can you elaborate a bit on your setup? As someone running Jellyfin, curious how you’ve configured everything.

We have an almost total lack of real discipline and responsibility in software engineering.

“Good enough” is the current gold standard, so you get what we have.

If we were more serious there wouldn’t be 100 various different languages to choose from, just a handful based on the requirements and those would become truly time worn, tested and reliable.

Instead, we have no apprenticeships, no unions, very little institutional knowledge older than a few years. We are pretending at being an actual discipline.

Or, if I can extract that key from the hardware, I can pretend to be that hardware whenever I want, right?

I think by the end of your message you were starting to arc around a little bit to the right way you need to think about clients: as outside your security envelope. (TPM is a joke in my mind, just like client side anti-cheat.)

There are many ways to try to identify and stop cheating on the server side that have not been explored because executives have directed use of off-the-shelf anti-cheat because they do not understand why it is snake oil.

You don’t necessarily need to detect the cheat itself, you can look at things like players having suddenly higher kill rates and put them into a queue for observation by either more advanced (more expensive) automation to look for cheating or eventually involve a human in the loop.

Even on consoles after a while it becomes obvious that you cannot control the hardware, let alone the software on the client side. Those are the very best argument for this kind of approach and they get cracked eventually.

Actually, I am.

Using rootkit anti-cheat is a shortcut that reduces cost for both dev time and hosting time at the expense of your customers’ security and CPU. You also have to lay your cards on the table for those who are attacking you. It is not the right solution for this problem.

Authoritative servers. Never trust the client, especially with information the player shouldn’t have right now. Look at behaviors and group players based on if you think they cheat or not - let the cheaters play together, no need to spoil their fun and let them realize you know they cheat.

People do some or all of this on the server now, but root kitting all machines to try to solve this problem to play video games is one of the dumbest approaches ever and we will realize it one day when a state level actor pops their zero day against a big install base.

Stop stealing our CPU cycles for high risk rootkits and start mitigating and detecting cheating on the server.

It’s that easy.

I stopped playing games that want this bullshit. Don’t need that shit in my life.

👍

I am who my name says and I have a degree in CS if that’s what you are asking.

There are still some errors where you just need to know the fix. In that case it’s a baseball bat.

I get the joke.

But if, like me, you actually feel this here’s how I got away from it: make sure you actually understand things.

Read the error message over and over again, look up the words, understand what it is saying.

If something isn’t working, start reading the code and making sure you understand what each line is doing.

It will feel incredibly slow and painful at first. Eventually you will strengthen those.muscles, however, and it’ll become second nature.

Then you can cut and paste with confidence! 🤣

I enjoyed the facts spit above.

Gently, I would ask you to think about yourself in a future role where you have too little time, and are under too much pressure, and you haven’t gotten enough sleep, and you’re distracted on this particular day, and you happen to make a mistake, leave out a line, forget to fix a section of code you were experimenting with…

And even if you, a paragon of programming power and virtue, would never find yourself able to be hurt by your tools, you must surely know that mortals have to work with them as well, right?

Amen, I am migrating back to self-hosted as much as I can.