I don’t think that it’s all that hard to blacklist Fediverse hosts, if that’s the comparison made. You just have a spider that walks the federation network, builds a list of hosts, and update your blacklist accordingly. A larger blacklist will mean more entries to stick on routers or whatever, but I assume that they’re gonna be able to scale pretty well.

Oh, and @PugJesus@lemmy.world has kept a flow of material to !fallout@lemmy.world, for one other game-specific community that has some activity.

For the command line, do what OpenSSH does, take passwords on terminals.

For environment variables, the issue is passing them to all programs; you don’t want to put credentials in a .bashenv or similar.

https://sffa.community/c/sffgaming?dataType=Post&page=0

Sffagaming is for sci-fi games, but I haven’t seen a post in there in a while.

I can’t DNS-resolve sffa.community, either on IPv4 or IPv6. Google’s DNS root can’t see it either:

$ host -t a sffa.community 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

Host sffa.community not found: 2(SERVFAIL)

$ host -t aaaa sffa.community 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

Host sffa.community not found: 2(SERVFAIL)

$

It clearly existed at one point, because lemmy.world has local copies of some stuff from a year back:

https://lemmy.world/c/sffgaming@sffa.community?dataType=Post&sort=New

But I think that the instance is gone now.

EDIT: The last time archive.org’s Wayback Machine was able to successfully index it was September 16, 2024:

https://web.archive.org/web/20240916061246/https://sffa.community/

Another adjacent community that is seeing no real activity: !arcadesticks@lemmy.world

!gamemusic@lemm.ee

Community for sharing game music.

On that note, !gameart@sopuli.xyz for video game artwork.

Communities for Talos Principle and Resident Evil, but again, they aren’t active.

Yeah, there are a bunch of communities for individual video games, but they’re all pretty dead. I think that !pixeldungeon@lemmy.world, where the dev actually shows up, posts, and moderates is probably one of the most alive.

This came up when I originally got on the Threadiverse — I remember suggesting that people post in generic gaming communities, then when the load became too high, move to genre-specific, and then when the load became too high, move to game-specific. Otherwise, the userbase in any one community just isn’t large enough to get much community activity.

https://en.wikipedia.org/wiki/M-DISC

M-DISC’s design is intended to provide archival media longevity.[3][4] M-Disc claims that properly stored M-DISC DVD recordings will last up to 1000 years.[5] The M-DISC DVD looks like a standard disc, except it is almost transparent with later DVD and BD-R M-Disks having standard and inkjet printable labels.

In 2022, the NIST Interagency Report NIST IR 8387[25] listed the M-Disc as an acceptable archival format rated for 100+ years, citing the aforementioned 2009 and 2012 tests by the US Department of Defense and French National Laboratory of Metrology and Testing as sources.

That being said, that’s 100GB a disc. You can stuff a lot more on a typical hard drive, and I appreciate that people want to easily and inexpensively reliably store very large amounts of data for the long term.

EDIT: At least in a quick search on Amazon, while there are plenty of drives rated for M-DISC, I don’t see any kind of “take hundreds of discs, feed them mechanically in and out of a drive” device that’d let one archive very large amounts of data automatically. You’d need 100 of those to fully archive a 10TB hard drive.

This does kind of drive home some points. Obviously, once malware is running with your full user permissions, all bets are off. But there are some things that could have mitigated harm here.

The malware wasn’t just mining cryptocurrency—it was also stealing as much sensitive information as possible. It collected:

• SSH keys from ~/.ssh/

If you password-protect your SSH keys with a decent password, it will help address this. Now, the problem is that any software that can get at your SSH keys probably has a shot at also setting up some kind of keylogger system, but at least it makes it not a one-step process.

• Shell history from .bash_history and .zsh_history

Avoiding using sensitive data as command line arguments is a good habit to be in. They’re visible systemwide to all processes on a normal system, which already creates a meaningful leak on multiuser systems, and various pieces of command-line software go out of their way to avoid having passwords and the similar secrets passed on the command-line.

In this case, I assume that some of the goal may be looking for other hosts that the user might be sshing to, but best not to compromise other credentials here as well.

• AWS and Azure credentials from ~/.aws/ and ~/.azure/

Not familiar with the current forms of these, but I bet that they provide some way not to store unencrypted credentials there.

• Environment variables and system information

Environment variables are a really good place to avoid putting sensitive data, at least if one’s talking variables exported to all processes run by a user, because software that crashes and uploads a crash dump to God-knows-where will also tend to dump environment variables along with it, as it’s important debugging information. Storing credentials in an environment variable is not a good idea.

This experience was a harsh reminder to never blindly trust PoC exploits, especially ones that include random files like PDFs.

I feel like one thing that might help is software making it really easy to create a container that by-default runs in isolation with minimal access to the rest of the system, and then lets a user easily add individual permissions. I’ll sometimes use firejail, but it’s a “default-insecure” model, which really isn’t great for dealing with this sort of thing. Maybe use iptables or something to detect network access attempts and let a user approve per-host network access; you can’t simply block outbound network access for this sort of software, which is presumably demonstrating some kind of network-based exploit.

I haven’t been looking recently, but I assume that most image hosting services have been stripping EXIF metadata, or at least some of it, for years. Imgur strips it; it was used for image hosting for Reddit for a long time.

On lemmy, pict-rs strips EXIF metadata. It’s a real annoyance on !imageai@sh.itjust.works, because the AI image generators I’ve seen attach metadata to indicate that:

• The image was generated via AI

• Prompt keywords used to generate the image, if using something like Automatic1111.

• In the case of ComfyUI, the entire workflow, so that someone can go produce the entire workflow that led to the image.

I’d kind of prefer that there be some software that try to identify personally-identifiable data and have pict-rs run that and only remove that. Or, alternately, let the user opt in to not stripping EXIF metadata.

It sounds like the issue isn’t telling him unpleasant truths, but rather refusing to go along with manufacturing a false narrative of a stolen election.

I mean, a camera is an easy thing to block, as long as you’re aware of it, understand the implications, and have the desire to block it. Just obstruct the lens. Roll of black electrical tape, put a strip over it, done. Now, most people out there may not actually do so…

Only becomes an issue if other services that you actually want are tied to the camera, or if the TV refuses to operate without a usable picture of the viewer or something.

LG TVs will soon leverage an AI model built for showing advertisements that more closely align with viewers’ personal beliefs and emotions. The company plans to incorporate a partner company’s AI tech into its TV software in order to interpret psychological factors impacting a viewer, such as personal interests, personality traits, and lifestyle choices. The aim is to show LG webOS users ads that will emotionally impact them.

“As viewers engage with content, ZenVision’s understanding of a consumer grows deeper, and our… segmentation continually evolves to optimize predictions,” the ZenVision website says.

Going beyond ads, if you start training AIs on human preference based on mass-harvested emotional data, I imagine that you can optimize output quite considerably. Like, say I have facial recognition being converted to emotional response data, maybe something like smartwatch pulse data, some other stuff, and I go train an AI to try to produce a given emotional output in a viewer. I bet that they can do a pretty good job of that. Like, maybe how to piss people off at a target in political campaigns, build an AI that has a potent ability to emotionally-manipulate and flirt with humans, or ensure that interest doesn’t waver in television content by determining at what points people have less interest.

‘within three weeks’

If so, it seems pretty unlikely to me that the people negotiating can be doing much in terms of modifying things from the pre-tariff situation, and Trump is likely to do what he did with NAFTA->USMCA — change very little, and then spend time giving the impression to supporters that he’s drastically modified the trade environment (Fox News: “Trump has solved our trade problems that Biden permitted to happen with the best trade deal ever”). I mean, trying to complete any kind of meaningful free trade agreement tends to take far longer than that.

https://www.piie.com/blogs/trade-and-investment-policy-watch/how-long-does-it-take-conclude-trade-agreement-us

Table 1 Duration of US free trade agreement negotiations (in months)

US FTA partner	From launch date to signing	From launch date to implementation
Jordan	4	18
Dominican Republic	6	37
Bahrain	7	30
Oman	10	45
Korea	13	69
Australia	14	22
Israel	15	29
Morocco	16	35
Costa Rica	18	71
El Salvador	18	37
Guatemala	18	40
Honduras	18	38
Mexico	18	31
Nicaragua	18	38
Canada	20	32
Peru	23	56
Singapore	29	37
Chile	30	36
Colombia	31	96
Panama	38	102
Average	18	45

On top of the fact that this would be off-the-charts short for a meaningful FTA in any case, neither of the two “shortening” conditions that were found exist here; it is not a US election year, and while the UK is nominally a monarchy, the monarch holds no power and Parliament is, no doubt, going to be involved in any substantial change in trading relationship.

Despite the small sample, two variables are significant in explaining the delay between launch and signing.

1. A king. Having a monarch reduces the length of negotiation by about half. Only four agreements took less than a year, and three were with Bahrain, Jordan, and Oman. A king surely has more leeway to carry out reforms he deems reasonable. (The fourth was the Dominican Republic’s negotiation to join the Central American Free Trade Agreement or CAFTA, though it benefited from joining late, which may suggest that late entrants to an already negotiated TPP could also face shorter delays.)
2. An election year. Agreements that are signed in a US presidential election year end up taking about 40 percent less time than agreements signed in other years. This makes sense: Negotiating presidents want to close agreements that they started, which will be part of their legacy. The urge to close is real: More than half of the US agreements were signed in election years and of course the TPP, if implemented, will add to that group.

In the UK’s case, there was some prior discussion about a UK-USA FTA, so maybe they could bootstrap off that to reduce the negotiation time, but I have a hard time believing that even an administration-friendly, Republican-majority Congress is going to sign off on whatever the Trump administration negotiates in a major FTA without having some kind of input.

https://en.wikipedia.org/wiki/United_Kingdom–United_States_Free_Trade_Agreement

The three best games in the series were Puyo Puyo 15th Anniversary (2006), Puyo Puyo 20th Anniversary (2011), and Puyo Puyo Chronicle (2016, this game is 25th in all but name). None of these games were released outside of Japan

kagis

https://puyonexus.com/wiki/Puyo_Puyo_Chronicle

After being defeated, Satan joins the party and promises that the way back home lies at the top of the Color Tower, and all Arle would need to do now is scale it to return home.

Hmm.

I think “Satan as a playable character” might be one of those cultural-issue things that would come up when considering localization.

Black Isle Studios planned to include a dual-combat system in the game that allowed for the player to choose between real-time (Bethesda Softworks’ Fallout games and Micro Forté and 14° East’s Fallout Tactics) or turn-based combat (Fallout and Fallout 2) but real-time was only included due to Interplay’s demands.

I suppose you’re most-likely aware of them, but if you wanted more turn-based Fallout, have you looked into Wasteland 2 and Wasteland 3?

Have to see what happens with Kitten Space Agency.

There’s a sequel Subnautica: Below Zero, and apparently Subnautica 2 is in the works and headed for Early Access.

If you’re super-into it, have you tried Port Royale 2, which also came out in 2004 and is kind of the same sort of game on the age-of-sail combat side?

There’s a lot more ships than the DLC ships. But yes, it’s almost inevitable you will end up buying a couple of them, because the DLCs let you spawn a ship for free every day.

In fairness, I didn’t notice that the game was F2P, no entry fee, so they have to get money from somewhere.

deleted by creator