andyburke @ andyburke @fedia.io

Posts

1

Comments

838

Joined

2 yr. ago

Their children and children's children forgot everything.

Mprotect stops any read and write and execute access to memory in both user and kernel lands (only rx or wx). Stuff like web browsers won't work unless you have a program to mark it in elf to not use pax. However, this kills a lot of exploits with that turned on by itself (though there are probably work arounds if you are developing exploits which the other features would hopefully catch). That's why people installed 3rd party unmainlined security patches, but that's just me maybe idk.

I am having a hard time following what this does or why this is desirable. You're saying there's a patch this thing provides that .. disables memory access ... unless a flag is set in an executable ... which will then bypass the security?

Client side anti-cheat faces similar issues, and there unlike your server you don't control the hardware.

There are lots of options such that you can tune your false positive/negative rate. 🤷‍♂️ Tons of ways you can structure this depending on your game's tech.

There are ways to detect and stop that, but they can and should happen on the server, not on the client.

No it doesn't. We have any number of free and open source operating systems to choose from that are already more secure. The number of people in a situation where they absolutely need to run Windows specifically is small.

This is already true for the vast majority of games. 🤷‍♂️

Why would anyone want to run unmainlined security patches from a company?

This is how CrowdStrike happened.

This feels like security via business decision which is always the opposite of security. At least this would be open source now? 🤷‍♂️

You sound like me almost 25 years ago.

This is how things are. This is how they will always be. We will ALWAYS have to fight to keep people from being hated and excluded, especially in ourselves as we look at the people trying to do the excluding and our knee-jerk is to exclude them.

I wish I had the answer so we could skip the hard work and live together in harmony. I worry there just is never an easy answer or change in tactics or shift in messaging - it's just living your whole life with bravery and kindness, as hard as that gets at times.

It's not. That's an Israeli propaganda push, not reality.

What Israel is doing is unconscionable, and has been rightly identified as genocide.

Don't let anyone call you antisemitic for saying that. You have said nothing about Jewish people, you have only said that a nation is committing war crimes, which is plain as day.

I mean, vendor lock-in and lack of resiliency to a vendor-specific outage, maybe caused by some piece of their stack you have never nor will ever touch, or maybe the platform CEO decides your kind of company isn't expedient for their business anymore, are among the reasons why a company should never have ended up in that situation in the first place.

You can continue along that road of least resistance while ignoring all of the risks. That is up to you. You'll probably be fine. (Not joking, you'll be fine. But don't pretend like this is all necessary.)

If you join a company where you have no voice, then you're going to have a bad time and you may compromise your own morality to get that paycheck.

You can say that there are no other jobs to be had out there, but the current employment rate says you are wrong.

You don't have to let the business people make you into an amoral cog in a machine.

The "business" people in charge. Aka the people who don't contribute and mostly fuck shit up.

It's on us engineers to fix their shit thinking. You know they won't.

It does not have to be this way. Stop pretending it does so that you don't have to worry about it.

There are alternatives with better APIs. Or, you know, don't buy into the bullshit and rack up a few servers yourself.

Tired of this "oh, but I can't 😢😢😢."

At better prices, with better service and APIs.

It's like people enjoy the abuse? 🤷‍♂️

That road leads to the same place.

And I like the dude running to help immediately as well.

Unsubbed.

Don't need to be giving my dollars to the spineless, or worse, to a fascist-supporting media owner.

I am referring tp The New Colossus.

He has no idea what's inscribed on the Statue of Liberty, does he?

Do any of his supporters?

Not a fuckin patriot among them, it seems.