Network Guardian Angel. Infosec.



Personal Website

You should hide scores on Lemmy. They are bad for you.

  • 13 Posts
Joined 6M ago
Cake day: Jan 11, 2022

GnuPG signature spoofing via status line injection

How many nails does that coffin need?..

Should scores be hidden by default?

Lemmy implements a scoring system allowing people to upvote or downvote posts. You know that since you are using Lemmy :) …

Thank you for your answer. It clearly challenges my position regarding f2p games. I completely forgot about piracy, now having the chance of earning enough to pay for stuff, but you are correct and that is a very good argument.

Again, very good argumentation. Thank you. Your comments are much appreciated.

Some people may say “having access to candy crush has made me happier” but what’s actually increased there happiness isn’t access to a video game but distraction from the world around them as an example. That can be accomplished through several means and none of them require exposing oneself to potential manipulation for profit by a company.

That particular argument gives me much to think about. 👍

Those are good arguments. I need to take some time and think on them. Thank you.

The world is objectively worse because of free to play video games.

That was not my argument. I did not say it was all pink and that nobody suffered from f2p. I talked about the overall happiness. The same utilitarian approach can be used when talking about vaccines. Some people die because they took a vaccine shot. However the overall population is better because of the vaccine.

I’m not saying that f2p games are comparable to vaccine. I’m just trying to make clear that my argument is utilitarian, and that I’m not disregarding people having issues because of f2p games.

I respect your argumentation, but I believe you slightly twisted mine. By “people with income”, I wanted to say “people with enough income to spend some on recreational activities”.

Concerning the “insane potential for returns”, I’m sorry to say that the company that I worked for and for which I developed a f2p game was a small company of 5 employees that never took off all that much. It is a business model. It is not a miraculous business model.

by your assessment its fine to exploit people for profit if they have an income

That’s the basic concept of a salary. I would agree that there are unfair salaries, sure. That’s when we can start talking about exploitation. I’m ok with salaries. I’m not ok with exploitation.

it preys the most not on the people who have money to burn but on neurodivergent folks predisposed to addictive behaviors

I would be really interested in reading studies on the classification of whales. If that assertion is true, this would change my mind about f2p in a split second.

Thank you for your answer.

Diablo Immor(t)al is a pretty terrible case when it comes to trying to squeeze as much money as possible from people. We, players, are harassed by the notifications for paying features. And it is not just a “pay to skip”/“pay to fast” system: it is also a pay to win game for the competitive scene. That’s bad.

On the other hand, it has at least 120 hours of free content…

My arguments are not in defense of Diablo Immor(t)al, though. They are in defense of Free to play in general, with reserves.

I don’t get the downvotes on this message. I can understand why the other posts might be NOK for some people, but this one? Please explain it to me.

Artists need an income. Are we all in an agreement on this? You would not ask for a musician to play a full concert every night for free, right? Why would it be fair to ask a developer to develop a game for free? Do they not deserve a salary? And where would the money come from if not from people having money to spend on games?

Yes I fully agree games should have options to allow those with jobs and busy lives to skip progression (outside of any competitive sphere) but they shouldn’t have to pay for it?!

I totally agree with that. If the game is not free, this should be considered an accessibility feature.

If the game is free, developers need to find ways to get money from the game. People with income are good targets, both on the economical and ethical standpoint :)

Maybe I am biased. I worked in the gaming industry and developed a F2P game 18 years ago… And of course we added features that encourage habit forming behavior and manipulative marketing. F2P are free but developers have to earn money at some point. I am all for OSS gaming but let’s face it: they cannot rival with games developed by for-profit gaming companies… not because they have no talent but because developing a game is a huge investment and requires a lot of people that deserve a salary.

Now the honest question is: is the world worse because there are F2P games? Sure, some people will have problems, but at the same time, many people will be happy to play the game for free.

To phrase it as a utilitarian question: does the overall happiness increase or decrease because of these games? My opinion is that overall happiness increases. YMMV :)

Why? Because they allow poor people to have fun?

“Pay to fast” allows people with jobs and not much free time to play with their jobless friends. What’s wrong with that?

"sq feature comparison with gpg"

2022, people still use and make new implementations of OpenPGP. In 2015, I was already describing OpenPGP as a horror show for cryptographers. People need to move on! The format is wrong. The implementations are wrong. The mandatory ciphers are outdated. The web of trust is mostly dead since the key…

A bit old, but an amazing read. Kudos to the author!..

Wow, perfect timing. I am currently struggling with efficient disk usage in my application. Thank you!

Thank you. I did not know that the state events were not encrypted. That’s very unfortunate. I think I still prefer Element/Matrix over Signal, but slightly less than before reading your message 👍

That’s a problem. But federation at least helps by giving you the choice of who will see these metadata leaks.

I would not use either of them.

Currently, a better solution, for me, is Element/Matrix, because the crypto is mostly OK and there is federation. And it is quite featureful.

Yeah, that’s what I thought. Thank you for playing 🙂

Can you provide a link to that “age signature plugin”, please?

Still bossing people around, I see. “You should not answer” “Your post belongs elsewhere”. You never change :) Your intimidation attempts are ineffective on me. You should move on.

Age plugins are not Age. Minisign is an excellent tool. It is not a replacement for Age.

Can you explain how you intend to use minisign as a replacement for age, please ? 😂

Does anybody know about a Linux distro that enforces strong firewall rules (that’s one of the control points of that linux distro security assessment) by default? I mean other than Tails which I expect does it. RFI vuln, such as log4shell, rely on outgoing connections. A linux distro with a strict firewall by default would have to be purposely poked to let such queries out. Sounds interesting to me.

It doesn't work

An inspired blogpost by Frank Denis on the depression that may be felt by FOSS maintainers…

Secure large file decryption using Linux, Go and Nacl

In this article, I explain the challenges of decrypting large files that do not fit in RAM and some possible solutions leveraging Linux and a good high-level crypto library written in Go…