HackerLangs
TopNewTrendsCommentsPastAskShowJobs

ChocolateGod

3,465 karmajoined 9 anni fa

comments

ChocolateGod
·l’altro ieri·discuss
External HDDs.
ChocolateGod
·4 giorni fa·discuss
Nearly every law pushed by the EU Commission has support from the EU Council.

Chat control is no different.
ChocolateGod
·4 giorni fa·discuss
You can use system APIs to get the memory space of another application in Windows as long as their run by the same user.

However iirc processes can opt out of this so only administrators can.
ChocolateGod
·4 giorni fa·discuss
> In my opinion, the debate about kernel anti-cheat on Windows is fear-mongering

I don't think a lot of people who complain about kernel anti-cheat actually play competitive games.
ChocolateGod
·4 giorni fa·discuss
If you're in the kernel you at least have raw access to the USB controller and input events, thus can try pick out real mouses from fake ones.
ChocolateGod
·4 giorni fa·discuss
> Riot went as far as pushing a UEFI firmware update to Valorant players to close a hardware attack — the first time an anti-cheat has reached below the operating system to change your firmware

I don't believe Vanguard did this at all? It told users they need to update their firmware to play, it didn't touch the firmware itself.

> Cheats started in user space, so anti-cheat moved into the kernel to see them. Cheats followed into the kernel, and then below it into hypervisors

I think cheats moved into kernel space before anti-cheats did.
ChocolateGod
·4 giorni fa·discuss
> Even with a rooted phone you can't mess or snoop on data in the trusted execution environment

A rooted phone can have a modified runtime/kernel that can inject code into whatever processes it sees fit, including Google Pay.

Which can expose information being sent to and read from the TEE by the app.

> Plain wrong. PSD3 does not apply to "digital wallets" [1] ("This Directive also does not cover, in its scope, the provision of technical services including processing or the operation of digital wallets.").

The legislation still applies to the bank behind Google Pay.
ChocolateGod
·4 giorni fa·discuss
Compared to some other cc TLDs (like .ly, .ga) that are used for domain hacks, at least the ones for the BoTs (.sh, .ai, etc) are politically stable.
ChocolateGod
·5 giorni fa·discuss
How many people would have played if it wasn't on Game Pass though? I doubt many.

Expedition 33 was on game pass and still sold 8 million copies.
ChocolateGod
·5 giorni fa·discuss
I think some of these game studios got so content with Microsoft constantly paying that they forgot to make games that would actually sell.

South of Midnight took 7 years to make and cost $100 million to make... yet sold hardly any copies and I'm not even sure who they were trying to make it for.

Meanwhile you have studios like Sandfall and Warhorse pumping out games on a fraction of the budget that ship millions (and imho, make better games).
ChocolateGod
·5 giorni fa·discuss
PCI-DSS (enforced by banks/payment processors) means the EMV token store on your Android phone must be in an isolated uncompromised location (usually the TEE).

If your phone is rooted or has an unlocked bootloader then it's possible that trusted store is no longer secure or can be snooped on by a third party. Given Google Wallet/Pay handles EMV tokens and stores them on the phone, it has to pass PCI-DSS before banks will allow it.

This is the biggest reason why Google tries as much as possible to block Google Pay on rooted/unlocked devices. If a device fails compliance (a rooted phone certainly does), as far as banks are concerned it's not safe.

But people just find it easier to say "Google is Evil".

You also have the EUs Payment Services Directive (so a law) which require strong customer authentication, rooted devices can also fail up here. If anyone else than the user is able to unlock the screen (and thus authenticate a payment), you've failed the Payment Services Directive.
ChocolateGod
·5 giorni fa·discuss
Are the batteries in the Nintendo switch locked in anyway? Wonder if its viable that third party batteries could have an increased capacity.
ChocolateGod
·5 giorni fa·discuss
> Still leaves the attestation API though. Which makes using a non-Google sanctioned device a non-viable option

The attestation API isn't Google 'being evil', it exists as part of legal requirements that exists, namely for financial and banking applications.

Any alternative platform that wanted similar kind of apps would almost certainly have to implement a similar system.

> Ok, that's some good news

The fact you thought wrong shows the confusion being caused by these factually incorrect articles.
ChocolateGod
·5 giorni fa·discuss
It does as much good for the cause as those climate activists who glue themselves to motorways and block ambulances.
ChocolateGod
·5 giorni fa·discuss
It's part of Google Play Services, so it's already integrated into Xiaomi, OnePlus etc phones.
ChocolateGod
·5 giorni fa·discuss
> ...if you wait 24 hours.

False.

ADB is not restricted at all, the moment you enable developer options and enable ADB you can install an APK.

The Google "wait 24 hour" flow only triggers if you install an APK off the web.

https://www.reddit.com/r/Android/comments/1rzd0is/mishaal_ra...
ChocolateGod
·5 giorni fa·discuss
I lost a lot of sympathy for these campaigns when they started to use hyperbole.

ADV is not a virus, nor a trojan horse.

> killing the ability to install your own software on your phone

But you can still install whatever you want over ADB...
ChocolateGod
·6 giorni fa·discuss
So it's effectively a clone of Nebula minus the need for a lighthouse.
ChocolateGod
·6 giorni fa·discuss
It doesn't run GNOME Shell, which is the main memory hog of GNOME.

It uses some GNOME services, namely so it doesn't have to invent it's own. None of these services are memory heavy and all have a purpose (e.g. managing Bluetooth)
ChocolateGod
·7 giorni fa·discuss
> but good news, Nebula Security found it before attackers do.

Which is why they released the code to the exploit before it's been patched, meaning bad actors now likely have months to profit off it before a meaningful % of devices are patched.

Good news I guess?