- 48 Posts
- 273 Comments
1·10 hours agoYou might want to read my other comments elsewhere on this post.
Please keep in mind that no matter what technical measures you take, accepting Epic’s “free” games requires agreeing to their terms and conditions, which they can change after you get the games. I really don’t recommend it.
I do not recommend running Epic software at all.
Perhaps he could order Immigration and Customs Enforcement to deport the weather.
You could download and play the games on a machine that is never used for any other purpose, but it would still be able to collect biometric data (mouse movement, keystroke patterns, voice if you have a microphone, etc.) and probe/fingerprint your network.
Short of a dedicated machine, the closest you’re likely to get is a hypervisor-based virtual machine. Of course, that won’t safeguard your biometrics or (in most cases) your network, either.
Such a machine would be safer if you never gave it network access, so it couldn’t exfiltrate any data that it had collected, but downloading games requires network access at some point, and it would only take milliseconds for a “helper” process (perhaps quietly installed/launched with the game) to leak the data.
In general, hostile code will always be unsafe. If it concerns you, it’s best to avoid it entirely.
Flatpak permissions are famously coarse, and its sandboxing mechanism is weak and full of holes. It can be useful for guarding against damage caused by programming mistakes, but I would not recommend it to anyone wanting protection from adversarial software.
66·1 day agoThe Calyx statement explains it.
Google released the Android Open Source Project code for this new version of their OS, but not device-specific code for the new Pixel models. GrapheneOS targets only Pixel devices, so they cannot continue development without access to that code, at least not as they have been so far.
Heroic Games Launcher doesn’t change the code in the game executable itself, so yes, it is still an issue when using Heroic.
One catch is that Epic’s mystery code is allowed to execute on your computer.
Note that I don’t mean just their launcher. Often, if not always, the games themselves are linked with Epic code, ostensibly for license checks and/or integration with Epic services. This gives them the ability to snoop on stored data, installed/executing processes, biometrics, etc.
Running those free games with an alternative launcher does not protect against this.
It’s not just a theoretical concern, either. Epic has already been caught copying Steam files, collecting friends play history, and scanning running processes.
https://old.reddit.com/r/fuckepic/comments/wakewr/epic_games_spyware_vs_steam_vs_as_comparision_ea/
https://www.pcgamesn.com/epic-launcher-spyware
I don’t trust them, their CEO, or Tencent (which owns a significant chunk of Epic), so I don’t run games that come from them.
Tencent owns a substantial portion of the company, and therefore has substantial access and influence. Nitpicking about the percentages is irrelevant.
The site shows rallies nearest to you:
Let’s be careful how we phrase things here. JavaScript form submission and navigation are choices, not needs.
Also, progressive enhancement / graceful degradation exists. When competent developers (or bosses) want script effects on our sites, we can include them and make the sites continue to function with scripts disabled. It might require more work, but it is absolutely possible.
Framing the script-based approaches to these things as if they were needs contributes to the problem, IMHO.
(I am referring to the vast majority of web sites, of course, not special-purpose web applications like games.)
Web developers are complicit in browser fingerprinting, by insisting that sites require JavaScript (or WASM).
All of us are complicit in browser fingerprinting, because we tolerate this script dependence.
IMHO, a web site being allowed to execute arbitrary code on visitors’ hardware should be an anomaly. The vast majority of them could be built to deliver the same information without requiring that inherently dangerous permission.
I don’t consider Pavel Durov, Tucker Carlson, or X/Twitter to be trustworthy sources of information…
…but I do find it plausible that gag orders could target individual engineers, which would be even more concerning than those targeting an organisation. If a project’s leaders don’t know about a back door, then not even a warrant canary will help.
If this is already happening in the US, what regulation or law is being used to justify it?
15·3 days agoIt’s important not to get caught up in the “constantly upgrade everything” hype, even though it gets the spotlight a lot more than solid midrange gaming gear. As far as I’m concerned, four years is nothing; a gaming system that can’t hold up for that long would have been a poor system even on day one.
Glad you’re still enjoying your Steam Deck. I would be surprised if you don’t get another four years out of it. :)
The raids are part of a coordinated response across the U.S. after President Donald Trump vowed to instigate mass deportations of undocumented migrants.
Response? Response to what? It looks to me more like a military force invading a city and attacking civilians.
7·3 days agoFalse.
And Colossal claims it has turned grey wolves into dire wolves by making just 20 gene edits?
That is the claim. In fact, 5 of those 20 changes are based on mutations known to produce light coats in grey wolves, Shapiro told New Scientist. Only 15 are based on the dire wolf genome directly and are intended to alter the animals’ size, musculature and ear shape.
Debian’s installer accepts a preseed file that will automate answering the questions it normally asks.
You can also ask Debian’s package manager for a list of packages marked as manually installed (
apt-mark showmanual) and then use it to install those same packages on a fresh system. I think there’s a more formal way to do this as well, but I haven’t needed it in so long that I forgot the details. :PAs for why most distros don’t consolidate all the configs for all system components in a master text file, I expect the main reason is the Unix heritage: A great many of those components have been around for longer than Linux has existed, or derive from those that have, and their configurations evolved separately. (Almost all of them are configured with text files, though.)