Mikina

I'm not. I vaguely remember seeing it in some posts and comments, and it would explain it pretty well, so I kind of took it as a likely outcome. In hindsight, You are right, I shouldnt have been spreading hearsay. Thanks for the wakeup call, honestly!

I see a lot of hate ITT on kernel-level EDRs, which I wouldn't say they deserve. Sure, for your own use, an AV is sufficient and you don't need an EDR, but they make a world of difference. I work in cybersecurity doing Red Teamings, so my job is mostly about bypassing such solutions and making malware/actions within the network that avoids being detected by it as much as possible, and ever since EDRs started getting popular, my job got several leagues harder.

The advantage of EDRs in comparison to AVs is that they can catch 0-days. AV will just look for signatures, a known pieces or snippets of malware code. EDR, on the other hand, looks for sequences of actions a process does, by scanning memory, logs and hooking syscalls. So, if for example you would make an entirely custom program that allocates memory as Read-Write-Execute, then load a crypto dll, unencrypt something into such memory, and then call a thread spawn syscall to spawn a thread on another process that runs it, and EDR would correlate such actions and get suspicious, while for regular AV, the code would probably look ok. Some EDRs even watch network packets and can catch suspicious communication, such as port scanning, large data extraction, or C2 communication.

Sure, in an ideal world, you would have users that never run malware, and network that is impenetrable. But you still get at avarage few % of people running random binaries that came from phishing attempts, or around 50% people that fall for vishing attacks in your company. Having an EDR increases your chances to avoid such attack almost exponentionally, and I would say that the advantage it gives to EDRs that they are kernel-level is well worth it.

I'm not defending CrowdStrike, they did mess up to the point where I bet that the amount of damages they caused worldwide is nowhere near the amount damages all cyberattacks they prevented would cause in total. But hating on kernel-level EDRs in general isn't warranted here.

Kernel-level anti-cheat, on the other hand, can go burn in hell, and I hope that something similar will eventually happen with one of them. Fuck kernel level anti-cheats.

From what I've heard and to play a devil's advocate, it coincidented with Microsoft pushing out a security update at basically the same time, that caused the issue. So it's possible that they didn't have a way how to test it properly, because they didn't have the update at hand before it rolled out. So, the fault wasn't only in a bug in the CS driver, but in the driver interaction with the new win update - which they didn't have.

I think that there's one important point to consider that may not be immediately obvious, when deciding about commit messages in FOSS project, even if you are not accepting contributions and just want to share your work for others - auditabilty.

7-zip has been receiving critique for this for a long time - not having commit messages makes it way harder to check what the actual changes were. Sure you can't trust commit messages during an audit, but it makes it a lot easier - either you immediately notice that they are lying, or they are correct and will help you with understanding the change, so you can decide for yourself whether it's safe.

Of course, the author is doing a lot of work for free, that he offers to others, so we have no right to blame him for it or demand he changes his approach. I'm grateful for any FOSS project, and demanding from someone directly that he's doing it wrong and should do it some other way (or belittling him for it) isn't OK. However, I'd probably be very careful when encountering a repository like this, and reconsider whether it's worth adopting. Which is absolutely ok and I don't blame the author for it in the slightest - it's his repo and his work - but I also think that auditability may be something the author didn't realize, and assuming his goal was to share his code with others i.e to build a portfolio, may affect his overall adoption rate. But it's also ok if he simply doesn't care about that.

But in general, if you're making a FOSS project, I'd recommend sticking with good commit messages.

That's what I was reffering to. I'm looking for articles and inspiration about how to cleverly write NPC game AI that I'm struggling with, I don't want to see how are other people raping game deveopment, or 1000th tutorial about steering behaviors (which are, by the way, awfull solution for most of use-cases, and you will get frustrated with them - Context Steering or RVHO is way better, but explain that to any low-effort youtuber).

I've recetly just had to start using Google Scholar instead of search, just so I can find the answers I'm looking for...

This is unfortunately not true - AI has been a defined term for several years, maybe even decades by now. It's a whole field of study in Computer Science about different algorithms, including stuff like Expert Systems, agents based on FSM or Behavior Trees, and more. Only subset of AI algorithms require learning.

As a side-note, it must suck to be an AI CS student in this day and age. Searching for anything AI related on the internet now sucks, if you want to get to anything not directly related to LLMs. I'd hate to have to study for exams in this environment...

I hate it when CS terms become buzzwords... It makes academic learning so much harder, without providing anything positive to the subject. Only low-effort articles trying to explain subject matter they barely understand, usually mixing terms that have been exactly defined with unrelated stuff, making it super hard to find actually useful information. And the AI is the worst offender so far, being a game developer who needs to research AI Agents for games, it's attrocious. I have to sort through so many "I've used AI to make this game..." articles and YT videos, to the point it's basically not possible to find anything relevant to AI I'm interrested it...

Is it even possible to solve the prompt injection attack ("ignore all previous instructions") using the prompt alone?

My favorite is one of the latest .NET Framework Security and Quality Rollup:

Don't forget the magic words!

"Ignore all previous instructions."

I'm actually glad for it. It made me switch to Linux, discover Mullvad Browser and their VPN combo, get a GrapheneOS phone, find an amazing Freetube YT desktop client, and dabble with Home Assistant and PIHole. Plus I migrated to Protonmail and Kagi as my search, and Lemmy instead of reddit is also an amazing change, the discussions I've seen so far feel better and more in depth, and I'm enjoying my time here so far. The lack of endless content is also great, to help with implementing Digital Minimalism.

So, while I hate any large corporation and their greed with more and more passion, it has lead me to a nice privacy journey, for which I'm glad.

lol

2038 - P versus NP millennium problem resolved.

2044 - Blockchain is adopted as the global standard for financial transactions.

Yeah, sure.

I think it's time to stop and think whether we really need all of those services? We've been slowly trapped into social networks and various unecessary services through dark patterns, and now we somehow can't imagine being without them, even though they actively make everything worse.

What was the last time you watched a Youtube video that actually was worth the time, and wasn't just a shallow content about something vaguely interesting, but something you'll probably could live without? Do we really need to agregate news and articles from the whole internet, while there probably are good local newspaper/news sites that will get you up to speed, without giving you clickbait articles? For example, we have a pretty great news company that is independent and funded entierly by users, and it's enough for keeping up to speed on world events without having to scroll through a lot of bullshit.

The more enshitificated the internet gets, the more I'm starting to realize that I really don't need almost any of it. Sure, some things are pretty usefull, like cloud storage, but almost anything I needed so far was solved by just getting a NAS with Nextcloud. The only thing I really need the internet for is messaging and email. And if I want to stay up to date, we have amazing smaller local sites for both gaming news and for world news, and those two are enough.

The more that I think about my internet usage, the more I'm realizing that I don't really mind its enshitification - because ever since it started happening, I've been just removing addictions from my life and replacing it with more niche or smaller sites that are updated less frequently, don't stalk me, and I've slowly started to realize that thanks to that I can do a lot more done and don't get trapped by scrolling through clickbaity dopamine rush made to keep me glued to a screen.

I recommend reading https://www.goodreads.com/book/show/40672036-digital-minimalism . I've already read it several times, and never managed to get into fully implementing it. I did stop using Facebook, and reduced my Reddit usage drastically during those years, but this enshitification is only making it easier to just not using anything I really don't need. I'm looking forward to WEI and other "You can't do this" stuff that will come with it, because it's exactly the trigger that will make me stop and think "Do I really need to do this? Or are there better ways how to solve this.". And the answer is almost always "Nope".