ChairmanMeow
@ChairmanMeow@programming.dev
- Comment on Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code 1 week ago:
One of the NPP maintainers responded with:
Notepad++ & its plugins are installed in “Program Files” directory by default, which means hackers would need admin privileges to replace any plugin. If a hacker gains such privileges, they could also replace all the DLLs in the system32 folder. By the same logic, once Notepad++ is compromised in this way, any applications or executable binary (*.exe & *.dll) on the system could potentially be replaced. Or am I missing somethings?
Which I suppose is true. You could argue it is a way to persist malicious code once you do have access, but it seems unlikely and not that useful. Low severity if anything.
You’d need to have some general attack script that can adjust (or create proxies for) dlls maliciously on the fly, without prior knowledge of which dlls are encountered. Only in that case could the exe maybe detect malicious changes to the dll and stop execution. But a targeted attack using a compromised NPP distribution wouldn’t be covered with such a check.
- Comment on Disney going places... 1 week ago:
IIRC there were also some trademark issues?
- Comment on Borderlands 4 Dev Gearbox Asks PC Gamers to Wait 15 Minutes for Shaders to Compile in the Background While Playing After Reports Indicate Recent Update Causes Stuttering - IGN 1 week ago:
UE5 by default uses a lot of flashy tech that is supposed to improve performance, but a lot of it only does so in scenarios that are already extremely unoptimized. Using more traditional methods tends to achieve the same fidelity at a fraction of the performance cost. But there’s no time for optimization, and these fancy options “just work”, so there ya go.
The end result is a poorly running blurry mess of a game, but at least it’s on schedule I guess.
- Comment on The Pokémon Company confirms that no, its imagery was not granted for use in disturbing US Department of Homeland Security video | Eurogamer 2 weeks ago:
There’s something about that meme that just works better in low resolution.
- Comment on Uh oh lol 2 weeks ago:
Given the vastness of space, this is a lot less likely than you might think, and the process itself would likely take millenia anyway.
- Comment on Silent Courier: UK intelligence service MI6 launches dark web portal to recruit foreign spies 2 weeks ago:
Money.
- Comment on Keir Starmer in crisis as Labour drops to 16% in devastating new poll 2 weeks ago:
I wonder how many Labour PMs we’ll see before the next GE.
- Comment on I fixed Borderlands 4's stuttering issue by upping my shader cache size to 100 GB, which feels like something I shouldn't have to do in a well-optimised game 3 weeks ago:
UE5 can run well, but all the defaults that Epic suggests devs use are really quite bad for performance. They improve performance on horribly unoptimized scenes, but actually optimizing the scene would allow a 10x performance improvement at no reduction in visual fidelity. But devs don’t tend to optimize much anymore because those Epic-suggested defaults “take care of optimization”.
- Comment on 'Borderlands 4 is a premium game made for premium gamers' is Randy Pitchford's tone deaf retort to the performance backlash: 'If you're trying to drive a monster truck with a leaf blower's motor, you're going to be disappointed' 3 weeks ago:
It’s poorly optimized UE5 slop. Looks like shit, plays like shit.
Hard pass.
- Comment on Nightmare blunt rotation... or killer rotation? 3 weeks ago:
It’s also a dlc song for Hearts of Iron 4, which in and of itself isn’t a game that promotes fascism but there is a weird far-right subculture that does use it to praise stuff like Nazi Germany.
- Comment on 'An embarrassing failure of the US patent system': Videogame IP lawyer says Nintendo's latest patents on Pokémon mechanics 'should not have happened, full stop' 3 weeks ago:
It may surprise you to know that people produced music before IP laws existed.
- Comment on Reddit lost it 4 weeks ago:
AIs specifically are designed to “please” with their responses, so it’s going to affirm you every step of the way and tell you your ideas are great (just like you of course).
- Comment on Paper and mobile train tickets to be replaced with GPS tracking in new travel trial 5 weeks ago:
In the Netherlands there’s a simple pillar you scan your card on. Employees on the train occasionally just check if you checked in or not.
- Comment on 1 month ago:
Count the fingers on the hand holding the bottle.
The blinds are slightly changed from the original, but that one does also have an admittedly poor view on the window behind it.
- Comment on 1 month ago:
I mean her hands do look a little strange, especially the one holding the bottle. And there’s no window behind the blinds it seems. So it ain’t perfect yet.
- Comment on 1 month ago:
AI generated
- Comment on Game prices should have increased with every new generation, former PlayStation US boss says 1 month ago:
There’s a handful of people out there cracking Denuvo games.
- Comment on Debatable 1 month ago:
No, his lip looks larger in the right but it’s actually his gums showing behind.
This image appears to he real.
- Comment on AI Eroded Doctors' Ability to Spot Cancer Within Months in Study 1 month ago:
Hmm, seems I replied to the wrong root comment.
Regardless, the overall point still stands. These tools are great for assistance, but relying on them completely can cause problems. Even these tumor-spotting ML tools aren’t perfect, and they too miss things. Combined with a doctor’s skill this is fine, but if one begins replacing the other the net benefit will be lower.
- Comment on AI Eroded Doctors' Ability to Spot Cancer Within Months in Study 1 month ago:
I was responding to a thread by RgoueBananas who is clearly talking about LLMs as he drew a parallel with IT.
- Comment on AI Eroded Doctors' Ability to Spot Cancer Within Months in Study 1 month ago:
It’s true that if a tool is objectively better, then it makes little sense to not use it.
But LLMs aren’t that good yet. There’s a reason senior developers are complaining about vibecoding juniors; their code quality is often just bad. And when pressed, they often can’t justify why their code is a certain way.
As long as experienced developers are able to do proper code review, the quality control is maintained. But a vibecoding developer isn’t good at reviewing. And code review is an absolutely essential skill to have.
I see this at my company too. There’s a handful of junior devs that have managed to be fairly productive with LLMs. And to the LLMs credit, the code is better than it was without it. But when I do code review on their stuff and ask them to explain something, I often get a nonsensical, AI-generated response. And that is a problem. These devs also don’t do a lot of code review, if any, and when they do they often have very minor comments or none at all. Some just don’t do any reviews, stating they’re not confident approving code (which is honest, but also problematic of course).
I don’t mind a junior dev, or any dev for that matter, using an LLM as an assistant. I do mind an LLM masquerading as a developer, using a junior dev as a meat puppet, if you get what I mean.
- Comment on AI Eroded Doctors' Ability to Spot Cancer Within Months in Study 1 month ago:
If you’re doing it once, then that’s fine. But if you have to do it loads of times, and things keep getting more complex, you’ll find that you won’t be able to correctly use the tools anymore and spot its mistakes.
AI raises your skill level a bit, but also stumps your growth if used irresponsibly. And that growth may be necessary later on, especially if you’re a junior in the field still.
- Comment on California is debating whether or not to remove the bike lane on the Richmond-San Rafael Bridge. During the public hearing, a politician was driving his car 1 month ago:
MTC data has different numbers: reports.mysidewalk.com/3374a0ca74
Regardless, adding a lane won’t work. The bottleneck is the 101, so you just get extra lanes to stand still in. And the toll gate as well.
The lane was already there btw, but it was an emergency pullover lane. It didn’t cost a lot of carbon to turn it into a bike lane.
- Comment on Uncovering the Deceptive Logic That Exposes Jordan Peterson - YouTube 1 month ago:
Working under the assumption that something is likely true is not the same as having faith that it is.
- Comment on Uncovering the Deceptive Logic That Exposes Jordan Peterson - YouTube 1 month ago:
That refers to duty or people, a scientific theory is neither of those.
- Comment on Battlefield 6 cheats day 1 of early access. Depite kernel level anti cheat, forced secure boot TPM 2.0 1 month ago:
Machine learning doesn’t necessarily require a centralized cluster. Usually running those kinds of models is pretty cheap, it’s not an LLM basically. They usually do better than human moderators as well, able to pick up on very minute ‘tells’ these cheats have.
I understand your point about edge cases, but that’s not something the average player cares about much. E-sports is a pretty niche part of any game, especially the higher ranks. You just want to filter out the hackers shooting everyone each game that truly ruin the enjoyment. Someone cheating to rank gold instead of silver or whatever isn’t ruining game experiences; they’re usually detectable too, but if you get a false negative on that it’s not the end of the world. A smurf account of a very highly ranked player probably has a bigger impact on players’ enjoyment.
- Comment on Battlefield 6 cheats day 1 of early access. Depite kernel level anti cheat, forced secure boot TPM 2.0 1 month ago:
Didn’t Microsoft stop this in a recent-ish update? I remember trying it on a machine without TPM and it just didn’t work.
Bazzite worked fine though (after some headaches setting it up).
- Comment on Battlefield 6 cheats day 1 of early access. Depite kernel level anti cheat, forced secure boot TPM 2.0 1 month ago:
These tricks may make it indistinguishable to a human moderator, but machine learning is actually really good at detecting that. But most companies don’t have the expertise, resources or training data to build a proper model for it.
- Comment on She's a keeper 2 months ago:
This does assume that these are independent variables, which may not necessarily be the case.
- Comment on [deleted] 2 months ago:
That’s true, those happened when Israel was funding and using Hamas to deliberately destabilize the more secular PLO, and followed decades of Israeli occupation.