As someone who works in gamedev, I’m sure that some of the people there are passionate about it and it is gutwrenching to see your work fail so hard. I’m sad for every project that launches after years of work and fails to get any attention or sales, and I’m definitely sure there’s someone losing sleep due to that.

I never worked in super-large projects, but I did work for a AAA studio and even there, you got people invested into the project.

From how I’ve seen it, you wouldn’t work in gamedev unless you are passionate about it, because you can get drastically better pay for the same job in other, more business focused, industries. So, if all you cared about is money, you have better options.

On the topic of Mullvad, what made me choose Kullvad over LibreWolf was the VPN being bundled in. If I’m not mistaken, the whole point of ToR browser is that you have exactly the same fingerprint as any other Tor browser user, making it a lot harder to distinguish you from others using your extensions, browser and other minor stuff your browser reports about you, that combined makes for a pretty unique fingerprint, evej of you are using a VPN.

But, if you have a browser that has the same fingerprint for all users, and it has an accompanying VPN, you can partly expect that most of other users of the same VPN will also be using the same browser, making it a lot harder to track you - because while there may be only a few thousands users of Mullvad in the wild, which renders the same fingerprint not much of an advantage (because you would be one of the few users of i.e Proton VPN with Mullvad), if you also use Mullvad VPN, it’s probable that most of other users who share your Mullvad VPN IP are also Mullvad browser users, making it easier to blend in.

Bit that’s mostly my theory, why (along with being able to pay with Monero) I feel like the combo of Mullvad browser and VPN is the best combination as far as minimizing fingerprint is considered. If someone has more knowledge about the issue, I’d love to hear some counter-arguments or tips how to improve my setup.

https://www.ccpgames.com/

EVE is one of the most unique games I’ve ever seen and I admire it, and CCP in general, from what I’ve seen in their volunteer programs or from streams, seems like a nice workplace.

Also, Island is cool.

Then the book will definitely be up your alley, it’s exaclty about that, and offers a great tips about how to approach it.

I cheated the MFAs by switching what I could to SMS, Yubikey or just copying the MFA private keynto Bitwarden. Kind of defeats the point of MFA, but makes stuff definitely easier.

Anything that’s important however is on yubikey, however.

Also, good luck! Are you going through the Digital Minimalism book? I should refresh on it, every time I try it, it doesn’t last long, but I always get rid of one more stupid online habit that I don’t pick up when I inevitably return to my pre-reading the book intetnet usage. So, after already going through like 4 attempts in the last 3 or 4 years, my internet usage is slowly but surly changing for the better. But it’s more of a long run, rather than being able to get everything on the first try, in my experience at least.

If you’re not doing it because of the book/haven’t heard of it, I definitely recommend reading Digital Minimalism by Carl Newport.

How to best approach starting secops in a small indie gamedev studio. We don’t even have a sysadmin, and our boss mostly also does most of our infra together with one of the programmers.

We would love to start setting up some basic security setup, ideally FOSS based, and while I work there as a programmer, I do have 5 years of experience working as pentester and doing red teamings, so I kind of have an idea about what we could have. But I never did anything from blue team side, and also worked for large corporations, so most of the tools and solutions I’ve encountered are waaay over the budged of 20 man indie gamedev studio.

How would I even start? Are there any frameworks that would help but arent aimed at large corporations? What of the buzzwords we even need? Do I start with hardening group policies, get rid of local admins, then set up some kind of log management/SIEM, then IDS? And it’s so hard to google for, because every blog post I found is just a disguised ad for a company that does Security as a Service. Why isn’t there some kind of easy 10 step program that would tell you “step 1. Harden configuration. Step 2. Install <one of many security tooling acronyms>.”

I vaguely know that most of the buzzwords that are thrown around have some dependencies, but what? Does IDS needs logs from SIEM, or is it the other way around? I’m obviously not qualified for this, but i dolid get time to research it, and some DIY attempts is definitely better than having no security in place at all. And, I know very well how to actually hack and test our security setup, so I can at least tell if something I’ve done is shit or useless :D

I’d go for scandiavia, if I could choose anywhere. Or Island, working for CCP is my dream job.

When I tried that, it lasted me for almost a year and a half, before I unfortunately got a second job that required MFA and I needed to be more online in general due to juggling two jobs. And it was amazing!

What I eventually did however was to get a dumb phone that can do a wifi hotspot, and still carried my smartphone but without simcard and net access, and powered off. When I really needed to get a taxi or look up a way home when I overslept drunk on public transport and ended up who knows where, I could always just fire up hotspot, power on the smartphone and do stuff I needed. Cause when that happened first time, it was when I first realized how much dependent I am on smartphone and net access.

Thanks for reminding me, I just quit one of the jobs and I can afford to be more offline, so back to the dumb phone I go! Convincing my GF again that she has to text me instead of using discord will be hard, though … Or explaining that I really cant look up the fact she wants, or call a taxi quickly…

I still have a python bot that forwarded discord messages to my own bare html website, so I can chat with her with the basic web browser of the dumb phone.

How I understand it is that the admired language is one of those “I’ll start learning it tommorow” languages, that you however already talk about how great it is wherever you can, i.e see Rust on Lemmy.

I also find it funny (and relatable) how neovim is the most admired IDE. I totally relate to that, I’ve been telling myself “I’ll learn and switch to Helix tommorrow” for the past two years.

76% of all respondents are using or are planning to use AI tools in their development process this year, an increase from last year (70%). Many more developers are currently using AI tools this year, too (62% vs. 44%).

What the fuck. That’s horrifying. I also though that every sensible workplace bans the use of AI.

A friend was telling me about a discussion between CTO’s at a conference, where they were talking about whether it’s even worth it to hire junior developers anymore, since there’s a high risk of them just being “AI-raised”, without much (or any) experience of coding without AI. And, this survey result… I can see where they are coming from. The future of programming looks pretty bleak - our job will not be replaced. It will just get worse, with good developers being more of a rarity.

And the amount of people who use vim or neovim as their IDE is surprisingly high. Is it skewed by sysadmins?

That’s a good question, and I never through about it like that. I think that the lack of documentation isn’t that much of a problem, rather that the code stands out in the project in that it is complex to understand and requires some more though, effort and imagination to grasp, since it’s generic with lot of interfaces and polymorphism.

Now, that usually wouldn’t be much of an issue, however - the project is a game we’ve been actively working on in our spare time in a team of 2 programmers for the last 6 years, and we are all fed up with it and just want it to end. Most of the (pretty large by now) codebase is kind of simple - it’s a game code, after all, and since we started it when we were 20, there aren’t many overenginered ideas or systems, but everything is mostly written in the ugly, but simple and direct way, so if we had wanted to change something, we may have had to rewrite a part of it, but it never really needed much effort to understand what’s going on.

But now I need to change this code, which is one of the only parts that requires some kind of imagination and actually sitting down and trying to understand it, and since my motivation about the project is so low, it’s a pretty large hurdle to cross. One that is also unnecessary, since most of the generalism isn’t needed and will never be used. But since the code is written in such extensible way, it’s hard to just hack up a simple and ugly solution somewhere into it and be done with it, without really figuring out what the hell is going on.

A documentation wouldn’t help with that - it would still take the same amount of mental effort to be able to work with that code, which we generally lack in the project. I think that if I actually took the time to properly look through the code, figuring out what’s going on wouldn’t be too hard - the naming convention is pretty ok and it’s not that difficult, it just requires some mental effort.

I’m not trying to make excuses, the code very probably has problems, I’m just trying to better sort my thoughts about why I have so much problems working on it. It probably has more to do with my motivation, rather than the code in itself, and the fact that the complexity here wasn’t required, and is now a needless hurdle that actually hinders progress. Not due to it’s quality, but do to unrelated motivation issues and us having to basically force ourselves to work on and finish the damn project.

There’s a piece of code in our hobby game project that I’ve written after attending classes in college about how to write clean and SOLID code. It’s the most overengineered piece of shit I’ve ever written. I’m not saying it’s the fault of the lectures, of course it’s on me being a little bit over zealous, but it does check all the boxes - It’s a simple “show selectable list of stuff”, follows MVC, it’s extensible without rewriting to adittional data-types and formats, extensible view that can show any part of data you need, generic, and in general it could be used anywhere we need, for any kind of data.

There’s only one place where we need and use such list in our game.

I needed to rewrite a part of it, since the UI changed drastically, to not need this kind of list, while also adding events into the process. I haven’t seen the code for almost 4 years, and it’s attrocious. Super hard to understand what’s going on, since it’s too generic, interfaces and classes all over the place, and while it probably would be possible to rewrite the views for the new features we need, it’s just so complex that I don’t have the mental capacity to again figure out how it was supposed to work and properly wire it up again.

I’m not saying it’s fault of the classes, or SOLID. It’s entirely my fault, because the classes inspired and hyped me with ideas about what a clean code should look like, that I didn’t stop and think whether it’s really needed here, and went over-the-top and overengineered the solution. That’s what I’d say is the danger of such Clean Code books and classes - it’s easy to feel clever for making something that passes SOLID to the letter, but extensibility usually comes at a complexity, and it’s super important to stop and think - do I really need it?

I can’t decide whether this sentence is a joke or not. It has the same tone that triggers my PTSD from my CS degree classes and I also do recognize some of the terms, but it also sounds like it’s just throwing random science terms around as if you asked a LLM to talk about math.

I love it.

Also, it’s apparently also real and correct.

O(fuck)

I mean, if it’s **just ** a normal screen-sized website, that already makes it a lot easier. Not having to deal with responsiveness bullshit would make webdev a lot better experience. That is assuming “normal screen” means 1920*1080, or whatever is the median screen size.

I might be wrong, but from how I understand it it probably wouldn’t help. Kernel drivers have a rigorous QA and cert by Microsoft if you want to get them signed, which is a process that may take a long time - longer than you can afford when pushing updates to AV/EDR to catch emerging threats. What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files. The kernel driver code then doesn’t need to change, so no need for new MS cert, and they can just push new definition files. So, they kind of have to deal with unsafe in this case, since you are executing a new code.

We found a RCE on a server during pentest. In KOBOL.

Learning how to make a reverse shell in KOBOL was pretty unique experience. Thankfully, we found another path to DA ajd didn’t have to continue, but maan, learning KOBOL, especially of your use-case is niche, is borderline esoteric.

I still use Parsec for remote, and I don’t have any issue with it, it works great and I like it. However, they also did offer a free SDK (Unity plugin) to integrate remote play into your game natively (just like you can have “Invite to Steam Remote Play” button from Steam SDK), which was exactly what we needed - and Steam Remote was never working without issues for us, in comparison to Parsec which worked amazingly well every time we tried it.

I found numerous mentions of Parsec SDK and how easy it is to integrate, but after Unity bought it, I couldn’t find it anywhere. Only mention was that if you need it, you should contact them.

So I did that, mentioning that we are a small team of students working on a offline co-op only 2 player game in our free time, and that since Steam Remote wasn’t working for us and I have great experience with Parsec, I asked what we have to do to get access to the SDK/Unity plugin.

Unity’s answer? Sure, no problem, they will be happy to give us access, with first step being that we pay them 1 000 000$ for it.

Like, wtf? Did they even read the email? How out of touch you have to be, to casually ask a small student team to pay 1 000 000$?

My best VCS experience so far was when working with Plastic SCM. I like how it can track merges, the code review workflow is also nice, and in general it was pretty nice to work with.

Fuck Unity, who paywalled it into unusability, though. Another amazing project that was bought and killed by absurd monetization by Unity, same as Parsec.

While I’m not using it, since we started our small-team hobby project in git and moving away from it would be a bother, there is one use-case of SVN that would save us a lot of headaches.

SVN being centralized means you can lock files. Merging Unity scenes together is really pain, the tooling mostly doesn’t work properly and you have no way how to quickly check that nothing was lost. Usually, with several people working on a scene, it resulted in us having to decide whose work we will scratch and he will do it again, because merging it wouldn’t work properly and you end up in a situation where two people each did hundreds or thousands of changes to a scene, you know that the Unity mergetool is wonky at best, and checking that all of those changes merged properly would take longer and be more error prone than simply copying one persons work over the other.

We resorted to simply asking in chat if anyone has any uncommited work, but with SVN (or any other centralized VSC, I suppose) we wouldn’t have to bother with that - you simply lock the scene file and be safe.