It’s Harder to solve than you think. I came upon a documentary a while ago where they go a bit more in depth on the subject and what cheaters can do nowadays.
No company has solved the problem tbh. Even games like counter strike are riddled with cheaters and even on faceit there’s plenty of people that are dodgy AF and likely cheat.
It’s not an easy problem to solve and it is, AFAIK, still an unsolved problem in shooters. So your comment is a bit salty. Might as well claim every game engineer worldwide isnt good at their job because nobody has solved this yet. Not that I’m defending riot.
The rootkit “solution” is complete bullshit. It is completely disproportionate and a massive security/privacy risk. And to top it off it’s not even a solution that’s good enough.
The rootkit isn’t a solution. It’s a bandaid - and a bad one at that. Moba and FPS hacks have already moved outside the hardware of the PC or into the virtual space. It’s a beware of dog sign on the fence meant to scare users… while ultimately doing very little (besides providing a vector real hackers and tools can exploit to gain access to your system.)
Seriously anyone willing to install a rootkit on their system that that company is behind deserves whatever comes their way next.
Given the user always has a deeper access to the client (i.e. hardware access) than the anticheat dev does, eliminating cheating is probably unsolvable.
Best bet is probably always going to be a decently funded team dedicated to find and ban cheaters, rather than attempting to prevent them all with a rootkit.
First of all, you can’t solve a problem you’re not willing to work on.
Second, no one is expecting a solution that bans 100% of cheaters and has zero false positives. We all know that’s unrealistic. So saying no one has solved it yet is kind of misleading. There are existing solutions that work well enough for most people.
Third, there are solutions that can run entirely on the server side that would work for every system. Riot just isn’t willing to use them.
My comment stands. Bad engineers that can’t solve a problem other people have already come up with solutions for.
The beauty of the federated platform is that you get to choose the version of the person you want to follow: would you rather follow the President Biden on Threads, or the President Biden on Femboy Breeding College? It’s a multiple choice question.
Of course, it’s probably best if the US government setup their own domain like mastodon.whitehouse.gov if they really cared to have an official account that they have full control over.
this is why we invented responsible disclosure, which is a thing companies like apple do even. Although in this case, this was the very beginning of what seemed to be a rollout, so if it does effect systems, it’s not very many. And if they are affected. The solution is pretty obvious.
Even in open source, responsible disclosure is generally possible.
See, e.g. Spectre/Meltdown, where they worked privately with high level Linux Kernel developers for months to have patches ready on all supported branches before they made the vulnerability public
If your security relies on hidden information then it’s at risk of being broken at any time by someone who will find the information in some way. Open source security is so much stronger because it works independently of system knowledge. See all the open source cryptography that secures the web for example.
Open source poc and fix increases awareness of issues and helps everyone to make progress. You will also get much more eyes to verify your analysis and fix, as well as people checking if there could other consequences in other systems. Some security specialists are probably going to create techniques to detect this kind of sophisticated attack in the future.
This doesn’t happen with closed source.
If some system company/administrator is too lazy to update, the fault is on them, not on the person who made all the information available for your to understand and fix the issue.
This is literally how I make my living and this is the only comment I’ve made so I’m not sure where you get the idea I think publishing vulnerabilities and PoC are bad … again I literally do this for a living.
Finding vulnerabilities and reporting them is literally what pays my mortgage. Open Source, Closed Source, they both have their merits but to say one is inherently more secure because of the reasons you’re specifying is tacitly false.
I don’t need to repeat myself but that’s all I’d be doing.
You’re making the argument that open source software inherently does this better and I’m telling you that you’re wrong. I’m going to cite myself, a 20 year veteran in the field.
It can do it better and often times it does work out this way.
Closed source software also has value and use and for its own set of reasons could make the argument that it is more secure because of access controls and supply chain management and traditional security mechanisms.
I think you read what I wrote as a “no you’re entirely wrong” whereas what I said was “you’re asserting things that aren’t true which is weakening the argument”
Frankly though given the lack of response to what I actually said by anyone I’m just going to rest on knowing in the real world my input is considered valid, here where we’re being fanatics … idk for all you know I’m a bot spewing AI generated drivel.
Maybe the disconnect here is I’m talking about practical application because of experience vs theoretical application because of ideology.
No I don’t think you said I was entirely wrong, that part was clear enough.
My issue is more with your argument from authority and personal experience. It is very easy to be biased by personal experience, especially when it brings good money.
access controls and supply chain management and traditional security mechanisms.
So I’ll put my personal experience too (which is also a low value argument). From the outside it may seem this is well done in big companies. But the reality is that this is often a big mess and security often depends on some guy, if any, actually having some standards and enforcing them, until they leave because the company doesn’t value those tasks. But since it’s closed source, nobody knows about it. With open source, there’s more chance more people will look at this system and find issues.
I don’t doubt some ultra sensitive systems like nuclear weapons have a functional closed source security process because the government understands the risk well enough. But I think there are way more closed source systems, at lower danger level but which still impacts people’s security, that are managed with a much lower standard than if they were open-sourced.
You have provided no valuable argument except “believe my experience”, so I am answering with an equally weak one. Provide me some good quality study and I will be happy to change my mind. I recognize this lack of enlightening information is pretty aligned with closed source philosophy.
I think you asking me for “quality study” informs me that I don’t want to talk to you about this anymore.
I understand ideologically you’re all for open source software (so am I, but you can’t see that) and you believe there is no merit to close sourced software. You believe open source software is inherently more secure and nothing will convince you otherwise and to be honest I just don’t care.
In the real world your argument falls flat, the ideology is great but practically it doesn’t shake out that way. If you’re incapable of recognizing the merits AND flaws in both systems then I don’t have any desire to continue talking to myself.
I’ve not at one moment argued against anything other than your narrow view, I am a proponent of open source software and am a contributor to a project I guarantee impacts your life every day. I’m not shitting on open source and never would.
All of the things you say CAN make it better and many times do. That said it doesn’t inherently make it better and just because you crowdsource doesn’t mean you got it right. There is nuance. Democracy always fails on the idea that 1 Million Voices are smarter than 1, which isn’t always the case.
Open Source Software ought to be used EVERYWHERE IT MAKES SENSE and not used where it doesn’t.
The problem is when people make statements that just aren’t true to push for something that can stand on its own without false narratives.
That’s a good point, but wasn’t the micro benchmarking possible, published and analyzed because it is open source? Also the vulnerability analysis, impact analysis and fix can be peer reviewed by more yes.
It does, because many more eyes can find issues, as illustrated by this story.
This story illustrates that some eyes can find some issues. For proper discussion we need proper data and ratios, only then we could compare. How many issues there are in open and closed source software? How many of them are getting fixed? Unfortunately, we don’t have this data.
I think some of this data is actually available for open source projects by scanning public repositories, although it would be a lot of work to collect it.
In this case, downgrading to the not affected version. If there’s no possible downgrade, stopping the compromised system until it is fixed.
Keeping the vulnerable system up because you think nobody else should know is a bet, I don’t think it’s sound. State actors are investing a lot to find and exploit those vulnerabilities, in this case probably even funded the implementation of the vulnerability, so I think you should assume that any vulnerability you discover is already used.
In this case it seems the backdoor is only usable with someone who has the correct key. Seeing and reverting something fishy is in some cases, like this easier than finding an exploit. It takes a lot of time in this case to figure out what goes on.
Fixing a bug never automatically give an easy to use exploit for script kiddies
Pretty standard right wing whataboutism lol “bu-bu-but what about this thing that happen 150 years ago??? Clearly the Democratic party still wants slavery!!!”
Even though the names of the two major parties haven’t changed since 1854 (when the Republican Party replaced the Whigs), the ideological alignment of them has continued to shift, at least five times in total (or maybe six, if you count MAGA christo-fascism as separate from what the party was before).
I’ve always thought the MAGA phase was just an extension of what the party became during the George W and Obama years. Trump just exploited what was already there.
Since when is reading newspapers your government doesn’t agree with a right? Since when is communicating with people your government doesn’t like a right? Since when is publishing whatever you want a right? Since approximately 1776. It’s such an important right that it’s literally the first one in the constitution. Because our ability to speak freely and criticize the government is one of the rights that underpins all others. The medium shouldn’t matter, speech is speech whether it’s an app, website, chat server, newspaper, bulletin board, code, painting, drawing, whatever. If the government can just shut down any medium or venue they don’t like because “it’s propaganda”, that basically closes the door to any open criticism of the government.
We’ve tried not having those rights for the sake of convenience, expediency, or social pleasantness. Tends to not end well. Ask people in Russia or Iran how that “government gets to dictate where and how you speak” thing is going for them. Insane bootlicking going on in this thread.
I mean I’m not saying that this is being gone about the right way or for the right reasons, but when an adversarial nation-state is working to undermine US economic interests within its borders is there really anything wrong with punching back? I personally don’t think so, but I’m fully aware that I’m probably in the minority on this here.
The govt can do anything it wants to punch back so long as it’s not infringing on the rights of its citizens. Our plan to stop China from “influencing us” is to… become more like China?
If China is going prevent US companies from doing profitable business within its economic borders I don’t see why the US should allow Chinese companies to engage in profitable businesses ventures within its country.
Blocking a company from doing business in the US is not the same as the US Government infringing on citizens rights. The better way to do it imo would be to toss ByteDance on the Sanctioned Entities list and block any US financial institution from servicing their US subsidiary. ByteDance wouldn’t stay in the US market for long if they couldn’t get any ad revenue, then it’s their choice to pull out instead of the US Government kicking them out.
It’s really not an infringement of rights either way though.
If China is going prevent US companies from doing profitable business within its economic borders I don’t see why the US should allow Chinese companies to engage in profitable businesses ventures within its country.
They get to do whatever they want because they’re a dicatorship. Saying the US government should be allowed to do something “because China does it” is a real slippery slope. 2. We aren’t talking about oil extraction or car sales here, we’re talking about something which is explicitly a speech platform. They are different.
It’s not just a “company” being banned, it’s the government telling you that you can’t use that companies services for your speech. Imaging the US government banning the The Guardian because it’s not owned by US citizens. That’s the same thing as banning TikTok because it’s not owned by US Citizens. The government has no right to ban newspapers or websites which are otherwise engaging in legally-protected speech. You have a right to hear what they have to say.
They get to do whatever they want because they’re a dicatorship. Saying the US government should be allowed to do something “because China does it” is a real slippery slope.
It’s a weird blend of trade war and cyber warfare, but for all intents and purposes it’s a trade war right now. No one was complaining that the US is blocking the sale of H100s in China are they? No.
We aren’t talking about oil extraction or car sales here, we’re talking about something which is explicitly a speech platform. They are different.
Except it’s not, it’s an ad platform.
It’s not just a “company” being banned, it’s the government telling you that you can’t use that companies services for your speech.
Nope, absolutely incorrect, it is indeed just a company being banned. I don’t think you fully understand what “speech” is, or really who the Constitution applies to. You do realize that the First Amendment means that the government may not jail, fine, or impose civil liability on people or organizations based on what they say or write, right? You also realize that preventing a company from doing business in the US because they’re beholden to an openly antagonistic nation-state is decidedly not the same as banning a company from doing business in the US because of its speech right?
Freedom of speech and the press has literally nothing at all to do with this.
Right. So if they sell ads on it, it’s not a speech platform right? Reddit, not a speech platform? The Washington Post? The Guardian? Lemmy, when lemmy instances start running ads, Not a speech platform? Gmail? Not a speech platform?
Nope, absolutely incorrect, it is indeed just a company being banned.
It’s not. This isn’t a company that sells cars, they provide an online speech platform. It’s my ability to use the speech platform that gets banned in the process. They can ban TikTok from being able to “do business” in the US, that is different from pulling it from the app store or installing a great firewall to prevent US citizens from accessing their site. And frankly, “doing business” has been an inherent part of speech platforms for decades, selling advertising on speech platforms is how they can exist, all the way back to the days of newspapers and radio.
or installing a great firewall to prevent US citizens from accessing their site.
Literally no one is suggesting this, but keep firing yourself up I guess.
Right. So if they sell ads on it, it’s not a speech platform right? Reddit, not a speech platform? The Washington Post? The Guardian? Lemmy, when lemmy instances start running ads, Not a speech platform? Gmail? Not a speech platform?
It’s not a speech platform, at best it could be loosely defines as “press”. Even if I’m generous and concede that, pretty sure there’s Supreme Court precedent for allowing the government to block the publication and dissemination of foreign press. Also no, Gmail is not a speech platform in this context lol.
It’s my ability to use the speech platform that gets banned in the process.
You need to stop picking the things in my comment you want to argue with and ignoring the rest. The First Amendment prevents the government from criminalizing or penalizing you, an American citizen, from engaging in protected speech. It does not prevent them from forcing a foreign company to divest or cease local US operations. Doing so does not infringe on your speech. Infringing on your speech would be something like criminalizing the act of downloading a tiktok apk and using the app after ByteDance was forced to shutter US operations.
You see the difference right? You’ll still be able to use TikTok after the (probably not happening) ban without any criminal or civil liability. If ByteDance says fuck it and geoblocks the US, you still haven’t been blocked from your speech by the US government, you’ve been blocked by ByteDance, and if you felt like suing them in China you could full send it if that was for you.
They can ban TikTok from being able to “do business” in the US, that is different from pulling it from the app store
Ban TikTok from earning any revenue in the US and they will pull the app themselves. Do you think TikTok is a charity or a non-profit or something?
And frankly, “doing business” has been an inherent part of speech platforms for decades, selling advertising on speech platforms is how they can exist, all the way back to the days of newspapers and radio.
Sure, press publications sell ads, no one said otherwise, not really sure what purpose stating the obvious serves. Ultimately, the US government is under no obligation to allow a foreign company to offer goods or services within its borders, regardless of whether it’s a “press” good or service.
To recap:
Banning tiktok does not ban your speech specifically.
As no entity protected by the Constitution is being censored, the government isn’t violating the Constitution.
There is no 3, that’s it. Congress is free to swing the ban hammer.
Unless you think that the Constitution applies to everyone in the entire world, in which case I guess I’ll need to buy some stock in Northrop and Lockheed.
Sorry to say if your views are closer to true libertarianism and the principles favored by those links you would likely be considered distinctly leftist. Dbzer0 is a primarily anarchist community, on the far-left.
You have views that are independently more left or right, but say if your views were a political party, it would be placed on a spectrum from left to right based on how many of these positions fall on either side of the spectrum. Typically the views that are seen as far left and far right are mutually exclusive, like authoritarian centralized governance versus decentralization, increased immigration vs decreased, but it’s true there is a lot of nuance lost when things are viewed that way.
but it’s true there is a lot of nuance lost when things are viewed that way.
Exactly. In truth, I hate ALL sides, ALL PARTIES , just for differing reasons. I vote for the shit I vote for, no political party has the power to sway me to be a blind follower that just accepts whatever bullshit they do. I’m very openly critical of all political parties in general, and don’t really have anything good to say about any of them. They’ve all done shit I greatly disagree with.
Racists? Omg. 😱 that’s literally most parties in the US. Democrats have a racist history just the same. Welcome to America, all parties are racist in one way or other, because this country breeds extremism and corruption. Even liberalism has perpetuated systemic racism on several occasions despite trying to dismantle it. All the parties in the US are guilty. Corruption runs deep, and corruption is corpo profit margins.
lemmy.ml
Top