Anti-cheat drivers are just as much of rootkits, and in practice, they have vulnerabilities that get a lot more hosts pwned than cheats do. Let's get Microsoft to stop loading their drivers.
I agree. Microsoft should provide proper integrity APIs to apps so they don't need such drivers. The fact that the PC ecosystem is so far behind XBox's for platform integrity is a big failure on Microsoft's part towards the PC gaming market.
Integrity is needed for a fair playing field. Their is consumer demand for such a fair playing field so it is a good thing for an operating system to respond to customer demand.
Newsom signed a law that places those requirements on every operating system in California, and in practice, organizations tend to comply with California's terrible laws no matter where you are, rather than stopping doing business there or making two variants of their products.
With software it's trivial to have a switch for "California compliant" mode, but in any case, that makes it clear that such criticisms should be directed at California. Other (generally "red") states already had a more reasonable solution: make the sites offering the restricted service liable for their actions just like other businesses.
The problem is that you could face liability if you do business in the United States and permit a minor in California to use an OS in non-California-compliant mode. If you're an "OS provider" in Wichita, KS, California will find that its jurisdiction still applies because the minor was in California and sue you in its courts. If you fail to turn up that's a judgement for the state by default. (And if you do turn up, it's a judgement for the state as soon as they prove a kid ran your non-age-checking OS.) And, thanks to the "full faith and credit" clause of the Constitution, California will be able to collect on its judgement against you in Wichita.
Hardware vendors are not going to want that kind of liability, in California, Colorado, New York, or anywhere else. So they will switch to selling hardware with locked bootloaders and only allowing approved operating systems within that locality (which for end-user PCs will mean pretty much just Windows). There is still foreign hardware, but those chinesium PCs are going to be confiscated by ICE unless the Chinese manufacturers also play ball.
Besides all this... federal legislation is coming.
The full faith and credit clause does not apply if the court lacks jurisdiction, which California clearly would. There's a reason "California compliant" already exists as a phrase; you can buy and sell things that break California law outside of California. If you bring it in that's on you.
If you'd humor me, or just read the last paragraph for a tldr...
So let's say a PC builder(an individual; not a company) were to donate a PC to charity. Let's say it's built with a fairly recent MSI motherboard(https://www.amazon.com/dp/B0BRQSWSFQ/) 'MSI PRO B760-P' if you'd prefer to avoid amazon.
I remove all my internal SSDs and NVME drives but buy a new 1tb SSD for whoever receives the PC. I also install a Linux OS, as well as sign the secure boot keys via sbctl myself, setup ukify, efibootmgr, etc. Everything the recipient would need to switch over to another OS if they so choose.
But oh no, the donated PC landed in the hands of Johnny, a 17-year old in California.
So who's at fault here, MSI for creating a BIOS that allows for non-windows EFI images to be installed? The PC Builder(donator) for knowingly installing Linux(though not knowing where it would end up)?
This is kind of what confuses me and I'm curious what this means for future hardware sold in the US and those who build PCs for their own use or others. Most modern motherboards are "locked down" by default, but can easily be unlocked by the end-user, it may take a few extra steps or be a bit harder to find but still pretty simple for someone moderately tech-savvy.
Measured boot isn't any better. Look at Android phones, where it's technically possible to unlock your bootloader, but a ton of apps (e.g., McDonald's and most banking apps) use remote attestation to see whether you did so and will refuse to work if you did.
Individual TCP connections don't need to live that long. Once a macOS system reaches 49.7 days of uptime, this bug starts affecting all TCP connections.
If the count it returns keeps growing, you're seeing a slow leak. At some point, new connections will start failing. How soon depends entirely on how quickly your machine closes new connections.
Since a lot of client traffic involves the server closing connections instead, I imagine it could take a while.
It's unclear if it'll leak whenever your mac closes or only when it fails to get a (FIN, ACK) back from the peer so the TCP_WAIT garbage collector runs. If it's the latter, then it could take substantially longer, depending on connection quality.
You can run `sysctl kern.boottime` to get when it was booted and do the math from there.
I also can't reproduce. I want to say I have encountered this issue at least once, yesterday I before rebooted my uptime was 60 days.
But it's not instant, it just never releases connections. So you can have uptime of 3 years and not run out of connections or run out shortly after hitting that issue.
I'm just going from the bug description in the article, but it seems that depending on your network activity, the exact time you will actually notice an impact could vary quite a bit
if it's in keepalive or retransmission timers, desktop use would mask it completely. browsers reconnect on failure, short-lived requests don't care about keepalives. you'd only notice in things that rely on the OS detecting a dead peer — persistent db connections, ssh tunnels, long-running streams.
> Am I supposed to be having issues with TCP connections right now? (I'm not.)
If my skim read of the slop post is correct, you'll only have issues on that machine if it hasn't spent any of that time asleep. (I have one Macbook that never sleeps, and I'm pretty sure it hit this bug a week or two back.)
I meant that having a connection live that long isn't necessary to trigger this bug. I know that for some workloads, it can be important for connections to live that long.
Hah, I submitted the same story here just a few hours before you posted that. I don't know whether that's actually an example of this particular problem or not, though, since I'm not sure whether they have a website that can display the tickets.
Linkedin is the worst offender of them all. My feeds don't get updated for days when I use the web mobile version and I start seeing new posts only when I switch to desktop mode (switching to mobile shows the same old feed). They also don't even let you reply to comment replies or see reactions. They even scroll you all the way to the top if you dismiss their annoying "linkedin is better on app" pop-up just to punish you for not using their app. I'll never install apps of these companies that are actively hostile towards those that don't want to be constantly spied on by them.
They are so paranoid against scraping or someone building automations on top of their app they don't want you to have, that they are willing to make their actual application borderline unusable for the power users who would actually be willing to pay for their first party upsells and features.
It's infuriating. I have literally tried all of their paid products in various forms (they are expensive but the value is clearly there if you're a business). If only they invested as much in making them actually good as they did in preventing you from using extensions or other tools to implement the features they can't or won't, I'm sure they'd get a lot more business.
> SeatGeek won't let you attend events without their app (no mailed tickets, will call, print at home, or mobile web)
Wow. I guess it's been a few years since I've used SeatGeek but this is news to me. Stuff like this and MSG's facial scanning regime (I'm sure the venues are all doing it to differing extents) make me not even want to bother with big concerts. Club shows are almost always a better time, anyways.
After abandoning all my reddit accounts [1] (some back into the aughties), I eventually found hackernews. Here is now the only place online which I write publicly.
Still, I love sharing tips for navigating reddit (you can do these without logging in):
1) old.reddit.com allows you to use Reddit's built-in link shortener,
I fully expect it to get retired in the wake of the forthcoming de-anonymization of the web. But I’m frankly shocked they haven’t already given how aggressively bad the “new” one has become.
Robinhood gets double shame points for naming the app "Banking" (previously "Credit Card"), no Robinhood or RH in the name. I love the card but hate everything about that app.
I wish this kind of behavior were punishable under the "reckless disregard for the truth" doctrine. (And also that perjury for lying on DMCAs was better enforced in general.)
It does need it, but who would do that? It’s not a public enough issue that the average voter would care, and the people who abuse dmca will inevitably be large companies.
That's one of the reasons I'm not a fan of extrajudicial processes like YouTube's Content ID: they don't give any court the opportunity to point things like that out.
IIUC, the fee is just to use their instance, and hosting your own instance is actually free. Also, it looks like the client side of it runs in a browser, so it will support pretty much any OS.
Hmm, for the longest time, the Flatpak version of the app in my Linux OS was warning me that a particular older org.freedesktop.Platform runtime was end of life, and that OBS project should update their compatibility hence OBS was being classified as a security risk during the update process.
Having said that, and reading your reply, I stand corrected and I take it back as I did an update and the error is nowhere to be found. Not sure how the runtime was updated to the latest, 25.08, but assume it was the obs project.
Speaking as someone who has used both: yes. OBS is a general-purpose recording/streaming system. It gives you a lot of flexibility, but it can take some work to make things look "nice."
Screen Studio (and so OpenScreen as well) are "opinionated" and are designed to create aesthetic videos with minimal configuration. They can't do a lot of the things that OBS can do, but if all you want is to record your desktop with a webcam overlay, it's a lot easier.
Yes. For me personally, I am only interested in creating short demo videos in as little time as possible. OBS is an advanced software that requires me to learn to use it.
I just downloaded this and had a zoom effect video from the first attempt. The learning curve is roughly zero.
OBS + kdenlive can also get you here, but this product is meant to be purpose-built and time-saving specifically for the computer instructions use case
reply