pulsewidth

@pulsewidth@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Why are people using the "þ" character?⁩ ⁨⁨13⁩ ⁨hours⁩ ago⁩:
Yeah, I blocked em because it was too annoying trying to parse their posts - and the comments weren’t very contributory anyway
⁨Comment⁩ on ⁨What are some good uses the new ballroom can have after the Trump regime is over?⁩ ⁨⁨14⁩ ⁨hours⁩ ago⁩:
Remember that scene in Inglorious Basterds where they lock the cinema full of Nazi officers and set it on fire?

Cool scene, just thought I’d bring it up.
⁨Comment⁩ on ⁨Mom they're fighting again⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
I’m so sorry that you have chosen to argue with people who have little knowledge but have decided they do.

Coconut milk and coconut water are distinct products. Coconut water is just the liquid from the center of a (usually green) coconut, its unprocessed. Coconut milk is more an analogue to to soy milk than fruit juice, it is heavily processed by blending the pulp of the fruit with coconut water and added ingredients.
⁨Comment⁩ on ⁨'This is definitely my last TwitchCon': High-profile streamer Emiru was assaulted at the event, even as streamers have been sounding the alarm about stalkers and harassment⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
“Assault drama is great for algorithmic engagement” - Twitch prolly
⁨Comment⁩ on ⁨'This is definitely my last TwitchCon': High-profile streamer Emiru was assaulted at the event, even as streamers have been sounding the alarm about stalkers and harassment⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
I mean it’s mostly teen to 20s gamers, who are not known for their empathy or socialisation skills. So yeah…
⁨Comment⁩ on ⁨King Charles hopes nature film will 'inspire' viewers⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
‘Hopefully someone with power will watch my documentary and make positive policy changes for the environment’, lamented the literal king.
⁨Comment⁩ on ⁨Wear your seatbelt⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
They’d been taught the reason for seatbelts, then they had to learn a lesson about being disrespectful and ungrateful.
⁨Comment⁩ on ⁨Steam, Riot Games hit by disruptions: massive DDoS attack suspected⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I played a few DoTA games with friends while this was occurring and twice during gameplay approximately 10 seconds of play experienced some server-side lag for everyone in the game - there were moments of confusion that rapidly passed. Steam ops team did well.

Truly a tremendous impact and a fantastic use of the attackers time and resources.
⁨Comment⁩ on ⁨Motion sensors in high-performance mice can be used as a microphone to spy on users, thanks to AI — Mic-E-Mouse technique harnesses mouse sensors, converts acoustic vibrations into speech⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Sadly no. The only way is to come up with countermeasures.
- play music through speakers while using mouse
- leave rumble gamepad playing demo of game on desk
- put vibrator set to ‘random pulse mode’ on the desk
⁨Comment⁩ on ⁨At least 16 injured as shots fired in Sydney's inner west [no reported deaths]⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Angry old white man ~~shouts at clouds~~ shoots at crowds.
⁨Comment⁩ on ⁨Y = -x²⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Someone with colourblindness and also regular blindness.
⁨Comment⁩ on ⁨Does more expensive phones have better reception?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Not a great example of the improved reception of metal frame phones, because it was the iPhone 4 that lost reception quality significantly when it was held on the metal sides and your finger/hand happened to be near the lower left corner. This was a perfectly natural way to hold the phone and most impacted left-handers.

Apple famously responded by saying “you just need to not hold it like that”, rather than admitting an engineering mistake.

cnet.com/…/iphone-4-signal-problems-apple-says-do…
⁨Comment⁩ on ⁨Is Star Trek Discovery that bad?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Cool. Power to you - we clearly have differing tastes. OP was on the fence and asked for an opinion so I gave mine, not sure who else I’d be speaking for. Now you’ve given yours, so they’ve even wider opinions 👍
⁨Comment⁩ on ⁨Is Star Trek Discovery that bad?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Go ahead. Watch it. 🤷🏻
⁨Comment⁩ on ⁨Is Star Trek Discovery that bad?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
If you’re a fan of older Star Treks it’s bad, real bad. I watched until the end of season 2 with my partner and had to bail. Everyone above has given good reasons why, I’ll add one I haven’t seen: the lead actress (Soneqa Martin-Green?) overacts Michael Burnham. She overdramatizes almost every scene, to the detriment of the believabolity of the in-universe world, I tried to overlook it but found it grating. I told my partner that half-way into season two, and she responded that she doesn’t really see it. Then about five seconds later Burnham is raising her voice to a senior officer and on the verge of tears over nothing… a minor misunderstanding. Partner laughs and goes, “ok yeah I see it”.

I’d rewatch Enterprise 100 times over ever watching Discovery again, and Enterprise is probably my least favourite pre-2010 Trek, if that helps you.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
The difference is that passworded zip files are used to distribute malware regularly. For a few reasons such as they’re very simple to use (malware creators are often lazy) and they can be generally be unpacked with preinstalled libraries or programs on the OS. A random encrypted file will require a DLL or runtime that can unpack the blob, and antivirus engines find that kind of stuff packaged together very sus.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Thanks for the effort digging. This does not actually point out any game doing it in particular though, and it’s actually a perfect example of a working antivirus picking up a suspect file (a password protected archive) in a game’s install tree.

This is from Aug 2024 and could even be from one of the games that distributed malware. Its absolutely something that Steam should be blocking/flagging for manual review, and a huge red flag that any developer would use this as a tool for distributing their game content.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Good it is not when the recommendation from security experts and reporters is to avoid any Steam games with low numbers of installs / reviews and betas from small companies. That’s where we’re at now.

bleepingcomputer.com/…/verified-steam-game-steals…

Nobody reviews game code, as game code is not supplied, only binaries with their relevant resources. There are many security providers that would be able to provide better service that whatever Valve is doing - but who knows, because they keep tight-lipped about it every time there’s an issue, and just patiently await their defenders to hand-wave any concerns.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
It literally contained a known version StealC malware in its payload, and had basic python scripting with the Telegram bot code and access tokens left visible to researchers (very bad OSINT). This was not sophisticated scripting, nor novel malware, just some script kid that sourced the whole setup on Telegram. The malware would easily have been captured by a competent security company’s automated scanner.

bleepingcomputer.com/…/verified-steam-game-steals…
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Citation please for any indie dev using passworded zip files to lock game content. That would be a pretty dumb approach given all retail security suites / antiviruses will flag a password-protected archive as suspect by default (because they’re so commonly used in the past to distribute malware).
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
All they’re expected to do is pay for upstream providers to scan their submissions (eg third party security providers), no need to hire new staff. This is the fourth instance publicized this year! They should communicate regarding issues like OPs - but like usual, it’s crickets.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
They’ve already missed four instances of malware this year that have been publicly reported. How many have other storefronts missed?

I don’t see why asking them out to improve is an unbalanced response or unfair, given the enormous budget they have and the market dominance.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Who said you need to pay more for games? Steam already takes thirty percent of sales (for the vast majority of sales), they are a $10b+ game distribution company… They’re worth more than several leading security/antivirus companies combined.

I just don’t understand the mindset people get around Steam. They are a business that makes a fortune distributing games, run by a billionaire - they are not a little indie company struggling under the weight of their success.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Well since Steam provide absolutely zero details about their scanning process (or even if it exists), seems like conversely people are making a lot of really complementary assumptions about Steam, no?

This is certainly not the first malware distributed by Steam - this is in fact the fourth publicly-known instance just this year.
Seems like they need to step up their game if you ask me.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.

Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.

(See comments about for explicit details regarding the malware)
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Dumb take. There are many ways to scan software without needing access to the source code.

Do you think retail antivirus providers approach every developer of every program version to request a copy of their source code for review before they can verify it’d safe?
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
A password-protected zip file should have been flagged by Steam as suspect before they approved the update, its a very old and very common method for detection bypass.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
And there are so many ways to detect the bypasses. It’s an arms race, and the most profitable games store of all time should really have a cutting edge system to deal with it is all I said.

Windows should have better security too, but the two thoughts can be held in the mind at the same time.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Its “not feasible to do a full scan of every update of every game”?

My friend the scans are automated. Is Steam strapped for cash this month?

Honestly the apologia here for Steam is pretty rank.
⁨Comment⁩ on ⁨Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Its also trivial for apps detecting any trivial attempts at scanning if they’re running in a VM to be detected, and masked.

Those are also valid concerns, but in an environment where admin rights are granted to games installers the vendor of the games (Steam) needs to adopt a highly curated and protective stance. To this date they provide zero details of their protection - their entire FAQ on malware on their store boils down to ‘if you find malware, please flag it on the store page for us to investigate’.

If anyone is gonna claim the steam store is highly curated… I’d point out to them that a very large amount of their store is shovelware asset flips with very few purchases and installs. There are over 150,000 games on Steam, and tens of thousands of them would fall into that category.