With what has happened around the studio, I’d say it’s good that DE2 was canceled. It was to be made by a ruins of a studio that was stolen along with it’s IP from the original developers and artists, who didn’t manage to navigate the landmine of for-profit gamedev industry, and got basically scammed by investors, who robbed them of their IP and studio through various loopholes and bullshit of shares-based companies. (It’s a pretty nuanced story, and I’m not really sure how it ended up, so it’s better to watch the documentary about it if you’re interrested, rather than take my conclusion from it. I also haven’t followed recent developement, so if anyone knows how that turned out, let me know)

It’s quite a sad and infuriating story, especially since ZAUM was IIRC originally a pretty wholesome art collective of punks and anarchists from squats. It must have been devastating to enter the market with such ideals, only to be scammed of your art by the first investor you encounter, who you might’ve even considered a friend.

There’s quite a few ex-Disco Elysium studios popping out. My favorite so far is the Summer Eternal. It feels like they didn’t want to announce it this early, but because two other studios (Longude, and Dark Math Games) got announced few days ago, they did the same.

Summer Eternal feels the most radical out of the three studios, I really like their manifesto and how they are attempting to mix art-collective with market-based development. And they have some amazing writers.

Here are few bits and pieces of the manifesto from their website, I really recommend reading it. Also, the website linked above is just stunning.

…

As creators and game makers, we have too long been led away from the truth, away from the right to define ourselves as artists in service of the definitive art form of the future, one that has made us dream since we were children.

Instead, the disposability culture operating at the ruthless core of this industry wants us to think of ourselves as cogs in the machine: rudimentary craftsmen, disposable career workers, inert producers of made-to-order marketing-driven “content” — empty calories leaving the soul hungry.

The Profiteer knows that by keeping your dignity low, he will keep you crawling on the treadmill of passion until he lays you off for the sake of the red number in his book.

…

Machine-generated works will never satisfy or substitute the human desire for art, as our desire for art is in its core a desire for communication with another, with a talent who speaks to us across worlds and ages to remind us of our all-encompassing human universality. There is no one to connect to in a large language model. The phone line is open but there’s no one on the other side.

I can’t recommend Maldev Academy enough. It has been an amazing resource, to get into malware development. Keep in mind, however, that malware development is pretty difficult topic. You will have to eventually use WinAPI and syscalls, so learning about that even outside of malware development will help you a lot.

For example, try looking into how to execute a shellcode in memory - allocate memory as RWX, copy some data and then execute it. Try executing it in a different process, or in a different thread of another process. That’s the core of malware development you’ll probably eventually have to do anyway. Manually calling syscalls is also a skill that you’ll need, if you want to get into EDR avoidance.

Also, look into IoCs and what kind of different stuff can be used to detect the malware. Syscall hooks, signatures, AMSI, and syslog are all things that are being watched and analyze to detect malware, and knowing what exactly is your program logging and where is one of the most important and difficult skills you can get.

There probably are a lot resources for these two skills, and they are an important foundation for malware developemnt, so I’d suggest researching that. You’ll probably not get much from looking at other malware, because it tends to be really low-level, and obfuscated, exactly to avoid the IoCs I’ve mentioned above. Implementing the malware behavior after that is the easier part.

Another good resource to look into are C2s and communication, for example Mythic C2 has some interresting stuff.

And I really recommend joining the Bloodhound slack. Throughout my cybersecurity carreer as a Red Teamer, the community has helped me a lot and I’ve learned amazing stuff just by lurking.

I’d recommend Half Life: Alyx.

Or, you can probably make an absolute beast of Skyrim through mods.

It’s best to have a local copy of package repos with whitelisted libraries, or so I’ve heard. But containers are fine, too. Especially with VSCode .devcointainers, it’s super easy to setup and distribute with the repo, there’s really no reason not to do that.

The biggest issue here that a lot people don’t realize is Bing AI, it’s insanely easy to poison it’s results, since it summarizes search results. It’s only a matter of time before someone convinces it to start using or adding a typosquatted/malicious library to answers to a common programming question, and it will be a fun times ahead.

it’s also important to keep in mind that the cybersecurity field has adbanced tremendously, with cloidfare, EDRs, and in general it is now way harder to do anything anonymously without getting caught, quickly. This also males the field of hacking way more difficult to get in, which combined with reduced attention span of younger generations probably means there’s not that many bored teens willing to put the time in, and as an adult you have way much more to loose, so for hose who had the skills it would be a lot greater risk.

I stumbled upon the Geminy page by accident, so i figured lets give it a try.

I asked him in czech if he can also generate pictures. He said sure, and gave me examples about what to ask him.

So I asked him, again in czech, to generate a cat drinking a beer at a party.

His reply was that features for some languages are still under development, and that he can’t do that in this language.

So I asked him in english.

I can’t create images for you yet, but I can still find images from the web.

Ok, so I asked if he can find me the picture on the web, then.

I’m sorry, but I can’t provide images of a cat drinking beer. Alcohol is harmful to animals and I don’t want to promote anything that could put an animal at risk.

Great, now I have to argue with my search engine that is giving me lessons on morality and decide what is and isn’t acceptable. I told him to get bent, that this was the worst first impression I ever had with any LLM model, and I’m never using that shit again. If this was integrated into google search (which I havent used for years and sticked to Kagi), and now replaces google assistant…

Good, that’s what people get for sticking with google. It brings me joy to see Google dig it’s own grave with such success.

O(fuck)

I’m starting to think that “good code” is simply a myth. They’ve drilled a lot of “best practices” into me during my masters, yet no matter how mich you try, you will eventually end up with something overengineered, or a new feature or a bug that’s really difficult to squeeze into whatever you’ve chosen.

But, ok, that doesn’t proove anything, maybe I’m just a vad programmer.

What made me sceptical however isn’t that I never managed to do it right in any of my projects, but the last two years of experience working on porting games, some of them well-known and larger games, to consoles.

I’ve already seen several codebases, each one with different take on how to make the core game architecture, and each one inevitably had some horrible issues that turned up during bugfixing. Making changes was hard, it was either overengineersled and almost impenetrable, or we had to resort tonugly hacks since there simply wasn’t a way how to do it properly without rewriting a huge chunk.

Right now, my whole prpgramming knowledge about game aechitecture is a list of “this desn’t work in the long run”, and if I were to start a new project, I’d be really at loss about what the fuck should i choose. It’s a hopeless battle, every aproach I’ve seen or tried still ran into problems.

And I think this may be authors problem - ot’s really easy to see that something doesn’t work. " I’d have done it diferently" or “There has to be a better way” is something that you notice very quickly. But I’m certain that watever would he propose, it’d just lead to a different set of problems. And I suspect that’s what may ve happening with his leads not letting him stick his nose into stuff. They have probably seen that before, at it rarely helps.

Don’t forget the magic words!

“Ignore all previous instructions.”

I’ve tried switching to Fedora several times, but I never managed to get it to working conditions. Unity Hub was regularly crashing, I got a bazillion of errors related to unsupported type of media files we’re using for ingame videos, and only during the time I was trying to troubleshoot the issue, Unity has crashed several times.

I suppose that if I was starting a new project, I would just go with Godot and on Linux, but a project that has been build for the last few years on Windows, and is planned to only be build for Windows for now, it adds unneccessary risk to the whole development. Just the fact that I would have to dualboot just to test whether builds work as expected is additional bother, and I suppose you will eventually run into issues with something not working the same on Windows as it did on Linux.

Also, isn’t there the whole issue of DirectX not being supported on Linux?

And since gamedev is usually a lot more resource-intensive compared to other development, you can’t really containerize it.

I would love to finally switch to Linux, but it’s basically unusable for any kind of gamedev…

You will probably have to get a domain, but some of the ugly TLDs can cost few bucks for a year, so it’s not that bad.

As for being able to access your Nextcloud from outside, if you don’t use it to share large amount of data often, I recommend looking into Cloudflare Tunell. It’s pretty easy to set up, and allows you to not only put a configurable firewall in front of your Nextcloud instance that you can for example geoblock traffic from other countries, but you also don’t have to deal with port forwarding, DDNS, or exposing your home network directly into the internet.

The setup is simple, you just download their cloudflared service, install it with a token generated in their web management (that ties it to a domain and tells it what port it should expose) on your Nextcloud machine, and it will automatically connect to Cloudflare server that will act as a port forward, but without you having to expose anything on your home network directly.

I don’t really access my Nextcloud from the internet that often, don’t use it to stream or share large files with large number of people, so I never had issues with it. But I’ve been told that it’s against Cloudflare ToS to use it for large data sharing, streaming or high-volume data transfers, so keep that in mind.

But it’s perfect for accessing my Home Assistant and Nextcloud when I need it.

That is true, but can’t they (a company that wants to, not the goverment) do that already if they want to, under ChatControl 1.0? And I wouldn’t say that whether a service is E2EE or not makes any difference here - scanning private user messages shouldn’t be allowed, whether they are encrypted or not. IMO if ChatControl 2.0 passed and was made mantadory for everyone, the fact that it is mostly noticable on E2EE apps is only a side-effect of blanket surveilance, and not the main issue with the proposition.

What’s the point of them agreeing that they will let the 1% of users of E2EE services keep their privacy, while they already scan 90% of communication (I mean, just GMail + FB/IG + iCloud, that is already being scanned, makes for most of the worlds communication) for the past year or so?

Now I’m curious whether Facebook/Instagram, who does offer encrypted chats and also scans all your content under ChatControl 1.0 voluntarily, also scans the encrypted chats or not. I’d vager they do, but that’s just a speculation.

But they did briefly mention that they will begin “phasing out” chatcontrol 1.0. I wonder what does that means, and how long will it take.

I think the headline is missleading, if I understand it correctly.

ChatControl is already possible, and implemented for major communication service providers that most of the people use. It’s just not mantadory.

Currently a regulation is in place allowing providers to scan communications voluntarily (so-called “Chat Control 1.0”). So far only some unencrypted US communications services such as GMail, Facebook/Instagram Messenger, Skype, Snapchat, iCloud email and X-Box apply chat control voluntarily (more details here). source

The article states that they decided that they will not blanketly require it, but I don’t think it says anything about rolling back the first version of ChatControl that’s already in effect.

EDIT: I was wrong, the article actually does mention it, even though on pretty vague terms:

The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material."

Get GrapheneOS, your mobile phone will be one of the best sources of data about you, and if you’re on Googled Android or IOS, there’s nothing you can do to stop google apps stalking you, which they have already had several lawsuits about doing it even when you disable it. GrapheneOS takes care of it by sandboxing google apps, so they can’t do almost anything, along with really fine-grained permissiion control, i.e giving messenger access to only selected photo you want to upload, and nothing more.

As far as browser goes, I recommend Mullvad, and bundle it with their VPN. Not only can it be payed for by Crypto, it also means that almost every other VPN user will have the same browser fingerprint as you - fingerprint of the Mullvad browser, which is based on Tor browser and designed to be as unfingerprintable as possible, so it will be really hard to distinguish you using secondary fingerpriting, such as extensions or minor browser details.

Don’t use Gmail or GDrive, ideally get your own NAS for file sharing and switch to something like Protonmail, which now also offers Drive. Get a domain that is vaguely company-sounding. Something like @techcorplimited.com, and create a catch-all email address, so any email sent to that domain will end up in your inbox. You can now use [email protected] as your throwaway email address, and just randomly generate them for all services you use, while also making it believable to confuse even AIs.

Even when using VPN, don’t sign into your accounts. You don’t need to sign in to Youtube to tell it that it was you all the time, just remember your favorite youtubers and look for them by hand every time.

If you’re really serious, look into https://www.qubes-os.org/

I was working on a pretty well known game, porting it to consoles.

On PS4 we started getting OOM crashes after you’ve played a few levels, because PS4 doesn’t have that much memory. I was mostly new on the project and didn’t know it very well, so I started profiling.

It turned out that all the levels are saved in a pretty descriptive JSON files. And all of them are in Unity’s Scriptable Objects, so even if you are not playing that level, they all get loaded into memory, since once something references a SO, it gets loaded immediately. It was 1.7Gb of JSON strings loaded into memory once the game started, that stays there for the whole gameplay.

I wrote a build script that compresses the JSON strings using gzip, and then uncompresses it when loading the actual level.

It reduced the memory of all the levels to 46Mb down from 1.7Gb, while also reduced the game load by around 5 seconds.

This is my experience as well. I’ve always tried to be privacy-conscious, and stick to self-hosted alternatives or FOSS, but I was also lazy and didn’t really tried too hard. With the recent enshittification problems for almost every product that has a corporation behind it, it’s a lot more in my face that it’s shit and I should be dealing with it.

It made me finally get a VPN and switch to Mullvad browser. Get rid of Reddit completely. I finally got a Pixel with GrapheneOS and got a NAS running.

It’s also doing wonders for my digital addiction. The companies are grossly mistaken in assuming that my addiction to their service is greater than my immense hatred for forced monetization, fingerpriting and dark patterns. It’s turning out it’s not, and I’ve dropped so many services in the last few months I never was able to really stop using, most of them thanks to popups like “You have to log in to view this content” or “This content is available only in app”, or “You are using an adblocker…”. Well, fuck you. I didn’t want to be here anyway.

I’ve been mostly working in C# for the past few years (and most of my life), and the only C++ experience I have is from college, so it’s getting some using to. And that’s what I was getting at - thanks to college, where I was forced to really learn (or at least, understand and be able to use) a wide range of drastically different languages, from Lisp through Bash, Pharo, Prolog, to Java and C#, that when I have to write something in a language I don’t know, it’s usually similar to at least one of them and I always could figure it out intuitively.

With Rust, even though it has an amazing compiler, I’m struggling - probably because of the borrowing and overly careful error handling being concepts I’ve never had to deal with to get a MVP code working. Sure, that probably means that the code wasn’t error-proof, which is exactly what Rust forces you to do and which is amazing, but it makes it a lot harder to just write a single script without prior knowledge when you have to.

I hope they are teaching Rust at universities now, we definitely didn’t have it 8 years ago, which is a shame.

I was just thinking about something similar in regards to gamedev.

For the past few years since college, we’ve been working on a 2D game in our spare time, running on Unity. And for the past few months I’ve been mostly working on performace, and it’s still mind-boggling to me how is it possible that we’re having troubles with performance. It’s a 2D game, and we’re not even doing that much with it. That said, I know it’s mostly my fault, being the lead programmer, and since most of the core system were written when I wasn’t really an experienced programmer, it shows, but still. It shouldn’t be that hard.

Is the engine overkill for what we need? Probably. Especially since it’s 2D, writing our own would probably be better - we don’t use most of the features anyway. The only problem would be tooling for scene building, but that’s also something that shouldn’t be that hard.

The blog post is inspiring, just yesterday I was looking into what would I need to get a basic rendering done in Rust, I may actually give it a try and see if I can make a basic 2D engine from scratch, it would definitely be an amazing learning experience. And I don’t really need that many features, right? Rendering, audio, sprite animation, collisions and scene editor should be sufficient, and I have a vague idea about how would I write each of those features in 2D.

Hmm. I wonder what would be the performance difference if I got an MVP working.