Obviously the way to prevent this is by bounds checking, which is literally in the `770594e` patch. It's just a bug and they happen routinely in all languages. Since this is doing pointer arithmetic, it could just as easily happen in unsafe Rust, for example.
If static analysis could actually find these issues with a reasonable false positive rate, the companies behind them would be running them on Linux to get the publicity of having found the issues like all the AI companies are doing now. Imo the good static analysis heuristics are already built into compilers or in open source linters.
The cheap, low-hanging "fruit" lint rules have been added to today's C/C++ compilers. But these rules can be fragile, depending on what level the static analysis scan occurs - source-code-level-textual pattern matching or use of an AST/parse tree.
Possible problems within a function should be discoverable.
This particular bug would be hard to discover for a typical linter unless they knew/remembered that there are two execution paths for cleanup of a given element.
It's possible I had seen that blog post and not remembered! I was intending to reference the Onion though (and even googled to make sure I had the wording right), but seeing someone else make the same joke and forgetting is certainly something I would do
"static analysis" is usually deterministic rules you can e.g. put in CI. AI is also somewhat dynamic in that it can execute commands to try stuff out. The best AI vuln finding harnesses work that way, by essentially putting the AI inside of a fuzzer-like environment and telling it to produce a crash.
Technically, the kernel team is sufficiently competent to design and build bespoke tools for themselves. It‘s probably a question of risk assessment and priorities.
sure, but with unsafe Rust you have a very clear marking for the section of code that requires additional care and attention. it is also customary to include a "SAFETY" comment outlining why using unsafe is OK here
You actually kind of don't, I use like a zillion crates which have unsafe Rust in them and it's not like I'm sitting here reading every single line of their code. I like Rust for various reasons, but its memory safety is (imo) overstated, especially when doing low-level stuff.
Almost all rust (95%) is safe rust. You can opt out of array bounds checks with unsafe { array.get_unchecked(idx) } instead of just typing array[idx]. But I can't remember the last time I saw anyone actually do that in the wild. Its not common practice, even in most low level code.
Rust is bounds checked by default. C is not. Defaults matter because, without a convincing reason, most people program in the default way.
But one would have to explicitly choose to use unsafe Rust for this instead of ordinary safe Rust. And safe Rust has no particular difficulty writing to slots in an array or slice or vector specified by their index.
Based on the raw number of assorted crates, which has no bearing on kernel code. The more relevant question is, can a performant, cross-architecture, kernel ring-buffer be written in safe Rust?
Hubris, an embedded RTOS-like used in production by Oxide, has ~4% unsafe code in the kernel last I checked. There’s a ring buffer implementation that has one unsafe, for unchecked indexing: https://github.com/oxidecomputer/hubris/blob/master/lib/ring... (this of course does not mean that it is the one ring buffer to rule them all, but it’s to demonstrate that yes, it is at least possible to have one with minimum unsafe.)
It’s always a way lower number than folks assume. Even in spaces that have higher than average usage.
I've always had the impression that people who haven't actually tried to write low-level code in Rust to try to find out where the actual boundary of where they would need unsafe is tend not to realize how far you can push something and build safe abstractions on top of it. Almost every time I've had to wrap an unsafe API, I've been able to find a way to eliminate at least one of the invariants that are documented as needed for safety from propagating upwards, and there have been plenty of times that the specific circumstances of my use-case allowed me to eliminate it entirely.
The entirety of safe Rust is built upon unsafe Rust that's abstracted like this. The fact that you sometimes need unsafe isn't a mark against Rust, but literally the entire premise of the language and the exact problem it's designed to solve.
I doubt it, but you can probably get pretty close.
This is something a lot of people misunderstand about unsafe rust. The safe / unsafe distinction isn't at the crate level. You don't say "this entire module opts out of safety checks". Unsafe is a granular thing. The unsafe keyword doesn't turn off the borrow checker. It just lets you dereference pointers (and do a few other tricks).
Systems code written in rust often has a few unsafe functions which interact with the actual hardware. But all the high level logic - which is usually most of the code by volume - can be written using safe, higher level abstractions.
"Can all of io_uring be written in safe rust?" - probably not, no. But could you write the vast majority of io_uring in safe rust? Almost certainly. This bug is a great example. In this case, the problematic function was this one:
"unsafe Rust" is not a binary; you don't opt into it for every single line of code. Given that the entire premise behind the idea that using C instead of Rust is fine is that people should be able to pay close attention and not make mistakes like this, having the number of places you need to look be a tiny fraction of the overall code that's explicitly marked as unsafe is a massive difference from C where literally every line of the code could be hiding stuff like this.
Really? Why? I've not used Rust outside of some fairly small efforts, but I've never found a reason to reach for unsafe. So why is "nearly everyone" else using it?
Let's say you want to call win32 (or Mac) OS functions, all of a sudden you're doing all kinds of wonky pointer stuff because that's how these operating systems have been architected. Doing unsafe stuff is pretty inevitable if you want to do anything non-hello-world-ish.
And even if you do end up writing an unsafe block, that should be a massive flag that the code in said block should deserve extra comments on why it is safe, and extra unit tests on verifying that it does not blow up.
How do you know the unsafe operation is safe? What are the preconditions the code block has? Write it down, review it, test it.
Exactly; I feel like a lot of people seem to misunderstand what Rust is trying to solve. It's fundamentally not trying to make unsafe code impossible; it's making the number of places you need to audit it a tiny fraction of your codebase compared to needing to audit the entirety of a C or C++ codebase. When I'm doing code reviews, you'd better believe I'm going to spend some extra time on any unsafe block I see to figure out if it's necessary and if so, if it's actually safe safe (with the default assumption for both of those being that they're not until I can convince myself otherwise).
The thing is you can actually write quite good C code (see OpenBSD project). The power of C is that it's pragmatic. It lets you write code with you taking the full responsibility of being a responsible person. To err is human, but we developed a set of practices to handle this (by making sure the gun is unloaded and the safety is on before storing it to avoid putting holes in feet).
I like type checking and other compile time checks, but sometimes they feel very ceremonial. And all of them are inference based, so they still relies on the axiom being right and that the chain of rules is not broken somewhere. And in the end they are annotations, not the runtime algorithm.
It may, but it still requires careful annotations. So you should hope that you have not made an error there and described the wrong structure for the code.
It seems like you have this backwards. Messing up lifetimes in safe Rust can't cause unsafety; the compiler checks if the lifetimes are valid, and if they're not, you get a compiler error. You don't need to "hope" you did it right because the entire point is that you can't compile if you didn't.
On the other hand, when you're relying on your ability to "actually write quite good C code"...you'd better hope that you have not made an error there. In practice, some of the most widely used C libraries in the world still seem to have bugs like this, so I don't really understand why you'd think that's a winning strategy.
And even in those programs, only a fraction of the code in them is actually directly making calls to those APIs! Having everything else in safe code still makes it easier to audit than if the entire codebase is in C or C++.
So what? Just because you used the keyword `unsafe` to call an unsafe API does not mean that you are going to use unsafe pointer access to write to a vector.
Kind of funny how something that used to be routinely self-written has been outsourced to libraries. I must’ve written auth like a few dozen times back in the PHP days, not particularly hard or complicated. There’s a million tutorials on how to salt and store passwords. I’ve had my sites attacked many times, but never breached. (JWT, OAuth, etc. has added a ton of surface area, however. So these days it’s inevitably harder to do.)
Username and password as the only option to authenticate is really getting obsolete. You need to support social login, passkey, email links, maybe SMS or some other less secure methods depending on your target market… and more often also new standards like verifiable credentials with wallets managing credentials, including logins. Good luck writing your own implementations.
I'd like to have an honest conversation about this, but imo Valve is no better than the iOS app store: it aggressively rent seeks and has essentially destroyed the shareware model (which was the best way to discover software in the 80s-90s). It has also willingly been complicit in underage gambling via loot boxes for more than a decade now.
I think Gabe Newell is a visionary for building Steam in 2003, way before Jobs had the same idea, but absolutely everyone and their mother hated Steam back then. I remember the memes on IRC and various forums (and I've been on Steam for a very[1] long time, the first or second day it came out I think). Two decades later, props to them and their useful acolytes for gaslighting the entire gaming community. No idea how Gaben is regarded as some sort of Christlike figure these days, but here we are.
Maybe it's just a "lesser of two evils" thing, as companies/platforms like EA and Ubisoft are the absolute scum of the earth.
I don't know about the rest of your claims ("shareware was the best way to discover software" is really a personal opinion), but this is just factually false.
Unlike iOS, where you cannot publish an app unless you pay the 30% cut, there is nothing that prevents you from developing and a Windows/MacOS/Linux game yourself. You can simply choose to not use Steam - but the benefits of developing and publishing with it (myriad SDKs, game servers, networking, social features, trading cards, anti-cheat, achievements, payment methods, reviews, discovery, forums, launchers, updates, CDN, and on and on and on...) are so overwhelming that it is simply worth it for the vast majority of gamedevs.
Fact: Steam is not rent-seeking - the value that they provide is tremendous, and you are not forced to use them, which makes them non-rent-seeking by definition.
> you are not forced to use them, which makes them non-rent-seeking by definition.
That's not how it works. Those two things aren't mutually exclusive. Plenty of businesses engage in rent seeking without having a captive (by most definitions) audience. All that's required is a very modest barrier (ex network effect, non-zero switching cost, etc) and a sufficiently large audience.
Rent seeking isn't even mutually exclusive with adding value. A business can do both simultaneously by virtue of being able to multitask. Most businesses offer more than a single product or service after all.
So first off, you start out by lying about my words, so we immediately know you're not operating in good faith.
What I said:
> Steam is not rent-seeking - the value that they provide is tremendous, and you are not forced to use them, which makes them non-rent-seeking by definition.
That's a compound statement that you cut off to change the substance of. What you quoted:
> you are not forced to use them, which makes them non-rent-seeking by definition.
And now that we've called out your lie, we can move on to the substance, which is also incorrect.
The definition of rent-seeking disagrees with everything that you've said:
"The attempt to profit by manipulating the economic or political environment, especially by the use of subsidies."
> Rent seeking isn't even mutually exclusive with adding value.
This is factually incorrect - both according to the dictionary definition of the phrase, and according to the way that it's used casually, which is extraction of value without creation of it.
I'm glad that this is happening in the open - when people have to actively lie to try to push a narrative about Steam, it really shows that they have no legitimate points - every thread where these lies are exposed just (justly) boosts Valve's reputation.
You are not assuming good faith, nor are you interpreting what I wrote in the most plausible manner.
I did not misrepresent you. You made two claims and I objected to the second. My objection stands regardless of the presence or absence of the claim about Steam providing value.
Notice that I took no position on whether or not Steam is rent seeking, instead merely disputing the reasoning that you expressed.
However even if I had taken a position to the contrary, I don't see how the definition you quoted would be at odds with that. I think it is fairly reasonably to see a dominant player with network effects as possessing sufficient economic power to meet the criteria you laid out. For that matter it's quite presumptuous on your part to assume that everyone else is on board with the particular definition that you selected there.
And it goes without saying that I disagree with your latter assertion of factual incorrectness. No dictionary disputes the ability of a business to multitask.
Actually interestingly enough if we use your definition then you can rent seek while simultaneously adding value to the same product just so long as you're also engaging in unreasonable market manipulation to increase your profit in the process. Amusingly my working definition had been somewhat more restrictive.
> I did not misrepresent you. You made two claims and I objected to the second.
I made a single claim with two parts:
1. the value that they provide is tremendous
2. you are not forced to use them
And then my conclusion was: these make them non-rent-seeking by definition.
You intentionally rewrote my argument to change its meaning, you know that you are, and you're continuing to lie about it.
I don't need to argue with you further - I've pointed out that you're fundamentally dishonest to other readers, and that's all I need to do from here on.
As someone who worked in game dev in 2008, we loved Steam, for the same reason we loved the iOS App Store. We take it for granted these days but the ability to self-publish on a first class platform and receive 70% of the sales revenue literally redefined the indie game dev industry.
Use of the term ‘rent seeking’ is, in my experience, often correlated with a sense of entitlement and a lack of appreciation for what is actually provided. It’s only rent seeking if no additional value is added which is clearly not the case here.
I'm surprised you haven't been flagged or just a dead comment. Any signals that Apple is not pure evil for taking 30% is not part of the echo chamber group think around here. People never want to admit that it costs money to retail your product no matter where it is. In the physical world, there's manufacturing and delivery costs. Getting shelf space at a retailer takes a lot of negotiating where you have very very little room to bargain. Retailers will even force you to buy back unsold product. Yes, software doesn't have all of that but have their own nuances. A lot of indie game devs don't have time/skill/want to do a lot of what an app store can do. Expecting to get all of that for free because it is software is just not sane. If you are self-hosting all of it, it will not be free as you will be paying for payment processors and a hell of lot more in attracting eyeballs.
You can sponsor a promotion; sales on a bunch of games - but it's not "Brought to you by the cool refreshing taste of Pepsi" it's like "Berlin Game Developers".
Steam as DRM is basically the best case scenario. It is opt-in for developers, meaning there is no DRM at all for some games on Steam. You can download it, back it up, run it without Steam. The games that do use Steam's DRM are trivial to "crack" by replacing a DLL in game folder with a stub (you can find open source ones on GitHub). If Steam had no DRM I think publishers would lean more on other options which are worse for customers.
Shareware died before Steam. Steam launched in 2003 and didn't sell any 3rd party games until 2005. Nobody gave a shit about shareware in 2003. Nobody gave a shit about shareware in 2010 when Steam seriously became useful as a place to play more than the Orange Box and Counter-Strike.
I hated Steam when I first encountered it, but it's not a requirement to publish a game on PC/Mac/Linux. Nor is the process to install non-Steam games full of scary warnings like Google Play even on their own platform SteamOS. And they do let publishers give keys to 3rd party stores to sell unlike virtually every other platform. They aren't perfect but they are nowhere near what Apple does with iOS.
"destroyed the shareware model". You know that they only sell games, and just have the games that they made in the list too(them just being amazing and popular). It's not some easy task as recovering old systems when there are every type of games imaginable. Even if valve made a option to do that, no one will since other companies don't do anything like that.
Wouldn't the Steam digital demo system be the modern evolution of the shareware model? For free you can access a limited portion of the game to try it and consider eventually buying it.
Steam is just a storefront. They hold no monopoly position or power. It's not comparable to iOS app store. Devs are free to list their game on any other storefront concurrently.
This is the same argument Microsoft used ("we're just an OS, totally not a monopoly"). I think to anyone that spends any time doing any PC gaming, it's obvious that Steam is the only relevant storefront by a country mile.
Or did they just get there first, and stayed first due to network effects? Initially, nobody wanted steam. People definitely don't want a second steam - which in practice means sticking to the first one.
I can see why you might think that but I believe that's actually insurance against Microsoft going the Apple route and hamstringing Steam in the process. They needed a near first class platform that would never be used against them to exist and they needed the switching cost for end users to be near zero. By leveraging pre-existing FOSS projects they managed to avoid the vast majority of the development costs which would otherwise have been prohibitive.
Could say the same thing about AT&T, Bell Labs, etc. There’s a lot of precedent here, but most saliently, how you become a monopoly is not really relevant. They absolutely are one. But I’m being already aggressively downvoted with no counter arguments so the Gaben fanboys are here. (Defending a deca-billionaire is hard work, after all.)
What’s your solution then to them being a monopoly? How would you meaningfully break them up? While they outperform the sales of Epic and Gog I’m not sure how they’re abusing their position or how they’re keeping others from entering?
You could separate the storefront from the distribution platform / client. Valve's ~30% cut is often justified by the visibility being on the Store gives you but you can't opt out of that while still reaching the captured audience that definitely don't want yet another client software bloating up their system.
> Could say the same thing about AT&T, Bell Labs, etc.
No, you cannot. AT&T/Bell Labs was a monopoly - they physically controlled distribution networks that made it so you had to use them.
Valve does not. There is nothing that prevents you from simply selling your game without Steam.
And even if there wasn't, claims that Valve is a monopoly are factually false - there are many other storefronts that exist, and many games are published on more than one storefront at once. And, Steam does not gate an OS or platform like Microsoft and iOS do.
> But I’m being already aggressively downvoted with no counter arguments
Every one of your arguments is being countered (such as the claim that "relevance is anticompetitive" which isn't even false, it's nonsensical). Including this one.
> Defending a deca-billionaire is hard work, after all.
...and there's the emotional manipulation. It's pretty clear you're just a propagandist who has a grudge against Steam (maybe you work for Epic?), given that you're going up and down the thread with emotional non-arguments that try to redefine words, pull at peoples' emotions (like the billionaire comment), or just flat-out lie.
Except they do. They control the Steam distribution network. It may not be physical but you still have to use it to reach a large portion of PC Gamers due to network effects and no one wanting to run multiple clients.
Currently you have to also make use of their other services like the Store, and pay for them with a large sales cut, in order to use the distribution network, no matter if you want those services or not.
Tautologically true and therefore irrelevant. That's exactly the same as saying "Walmart has a monopoly over Walmart's physical stores" - that's not a meaningful statement and it has nothing to do with either monopoly status or consumer harm.
> It may not be physical
...and therefore it's categorically different. Don't be dishonest.
> you still have to use it to reach a large portion of PC Gamers
It's called a "distribution channel". You only "have" to use it, in the sense that most people look for stuff in Steam before they do anywhere else, but it is factually different than a telecom monopoly, where you cannot get internet from more than one provider in your neighborhood. This comparison is irrelevant and highly dishonest.
> due to network effects
No, network effects are secondary. People do not install Steam because their friends are there, they install Steam because they want to buy a game or download the games they already have. That's not "network effects" - that's using the tool.
> no one wanting to run multiple clients
Also untrue - almost every single person that I know uses multiple clients, and I've only ever once heard someone refuse to install an additional client, and it was on principle (Epic Games).
> Currently you have to also make use of their other services like the Store, and pay for them with a large sales cut, in order to use the distribution network, no matter if you want those services or not.
...and because it's one of the largest digital distribution networks in the world, this is entirely fair.
You're very clearly trying to stretch the definition of "monopoly" and manufacture harm, without actually knowing anything about Steam or how people use it.
Disagreeing with someone either ideologically or about the definition of a word or some other criteria does not mean that the other party is being dishonest. It is not reasonable to bandy about such accusations.
Steam does control the vast share of desktop gaming. But has no influence on console (Xbox, playstation, switch) or mobile (android, ios). They are a monopoly.
But they don’t abuse their monopoly so they haven’t broken any laws.
Your partitioning between those two things is good, but I still don't think that either label applies to them:
> Steam does control the vast share of desktop gaming.
Between the Epic Games Store, GOG, Humble Bundle, Xbox, Origin, Itch, and a few others, I don't believe their control is anywhere close to the fraction needed for Steam to be a "monopoly", either legally or in casual speak.
> Steam does control
...and, what's more, they don't "control" anything - what prevents you from either using multiple clients (on the player side) or selling on multiple storefronts (on the developer side)?
A monopoly has to monopolize some limited resource or market - you can't really have a monopoly if there's no limiting or exclusivity. That's like saying that Fortnite is "monopolizing" the battle royale genre because it's the most popular - it is the most popular, but there's no exclusivity because you can always play another battle royale in addition to Fortnite.
Monopolies need pie charts (limited resources that are taken by a single actor), but Steam is a bar in a bar chart.
Google controls 90% of the search market and the browser market. There is nothing preventing anyone from searching on Bing. Yet, the correct terminology is control of the market.
Google has a monopoly on search. Have they abused that monopoly? That’s a legal question that’s currently in court.
Steams share is somewhere in the 70s and it is far stickier than Google. A gamer can’t abandon their steam library easily. Have they abused this monopoly position? IMO no, but my knowledge is limited.
You're being downvoted because you're pushing punishing a company for having a better product. They do not engage in anticompetitive practices, there is no enforced barrier to entry in the market nor do they gate entry like the companies you have listed. They are only a monopoly because they have the best product.
That a really silly comparison. An OS is a big deal, you can't just switch off. Steam is a video game store. You can install shit from anywhere. People stick to steam because it's good. It's not morally wrong to have the best product on the market.
If you want the audience as an indie developer, it would behoove you to launch on Steam (because they're a monopoly). Again, MS used all these cute arguments, and they don't really work. There's a reason Valve is always playing very nicely with regulators (especially w.r.t. the gambling stuff). They don't really want to rock the boat, but a benevolent monopoly is still a monopoly and I do think that a 30% cut for running a distribution platform is pretty predatory, especially as bandwidth has been commoditized.
Again, it is not wrong to make the best product. It behooves any manufacturer to sell to distributors with largest reach, especially if it is a non-exclusive agreement, and this is perfectly normal market activity. You seem unaware of the legal definition of monopoly; Valve is nowhere near it. The made up internet definition, having a majority of sales in a market, is just what happens when the product is good. Actually it would be a bit of a market failure for the best product to not have the most sales.
Also please don't point to the failure of Epic or other stores; they're just bad products. Epic store didn't even have a shopping cart for years. No one competent is competing, and that's not Valve's problem.
> If you want the audience as an indie developer, it would behoove you to launch on Steam
Correct, because they're a huge distribution channel, and literally anyone who has ever tangentially touched business knows this and accepts that it is fair to pay for this.
> (because they're a monopoly)
Factually incorrect. Nobody forces you to use Steam. You can create and launch and sell a Windows or Mac or Linux game without ever touching steam. You can self-publish and run your own game servers and CDN, or you can use the Epic Games Store, or you can use GOG, Humble Bundle, Xbox, Origin, Itch, or any of a dozen others.
> Again, MS used all these cute arguments
This is extremely dishonest. Microsoft controlled an operating system, only one of which can run at a time. If you are running Windows, you're not running Linux. And Microsoft entered into distribution deals with OEMs to pre-install Windows, leading to massive default-choice effects. Neither of these are true for Steam - you can install and run every single platform I listed above at the same time, and I've never seen a computer come pre-installed with Steam ever.
> I do think that a 30% cut for running a distribution platform is pretty predatory, especially as bandwidth has been commoditized
So, you have no idea what Steam actually does.
Steam is, in addition to being one of the largest digital distribution platforms in the US (if not the world) - which is by itself worth paying a 30% cut for, a SDK and networking provider that gives you a social network, input (gamepad/keyboard/mouse) library, achievements, digital trading cards, update system and CDN, real-time voice comms, product key redemption, license tracking, DRM, anti-cheat, user forums, and many other things.
If you only criticize things that you actually understand, you'll end up looking a lot less foolish, and undercutting your own points as a result.
What? You can literally just download an exe from any website and run it.
If you're complaining that Valve owns a big list of games and a ton of eyeballs, and not being on that list means those eyeballs don't see you when they look at that list, idk what to tell you because they seem to have earned that part of their business pretty fairly.
This is not true. The canonical way to prevent access is via PAGE_NOACCESS[1]. Obviously, running as admin or in kernel mode breaks the whole thing since you can re-call `VirtualProtect` on that page and open it up.
This is accurate as far as page protection goes. The problem is the largest threat model.
If Process A and Process B are running in the same user context on a desktop OS, PAGE_NOACCESS is not a strong boundary by itself. Process B may be able to obtain PROCESS_VM_OPERATION/PROCESS_VM_READ, change the page protection with VirtualProtectEx, inject code that calls VirtualProtect inside Process A, load a DLL, attach as a debugger, duplicate useful handles, or tamper with the executable. That's the problem with same-user process isolation, it is a hugely leaky abstraction. There is no magical "just set this bit" fix.
On a desktop OS, once an evil process runs under the same user context, you are relying on process DACLs, integrity levels, code-signing, anti-injection hardening, and file-system protections. You can plug one path and still have several others.
This comment feels like it's written by AI. Anyway, PAGE_GUARD helps you get around VirtualProtectEx, which is a very common way of detecting userspace cheats.
I'm not the other commenter (and I believe you that it's not AI), but I'd guess it's mostly the first line: a short affirmation followed by "The problem is ...." feels like the sort of formula the LLMs love to use. (Not trying to imply that there's anything inherently wrong with it, of course.)
While we're at it, I'm under the impression that the recent LLMs have also co-opted "genuinely", which I'll never forgive them for—first they stole my em-dashes, and now they're stealing my adverbs too?!
I do see how your comment is similar to AI writing (a couple other comments explain) but it did NOT set off my AI trigger. I think it's just clear writing.
Without context, sentences like this mean nothing. So it's borderline a non sequitur. A threat model can be literally anything. Me giving my PC to someone at Best Buy, letting my grandma write assembly, or throwing my PC out the window can be a "large threat model." Nonsense sentence.
> If Process A and Process B are running in the same user context on a desktop OS, PAGE_NOACCESS is not a strong boundary by itself. Process B may be able to obtain PROCESS_VM_OPERATION/PROCESS_VM_READ, change the page protection with VirtualProtectEx, inject code that calls VirtualProtect inside Process A, load a DLL, attach as a debugger, duplicate useful handles, or tamper with the executable.
To the uninitiated this seems right, but really there's so much glossing over, it feels written by a non-expert that just read the first chapter of a "hacking for dummies" book. I've written anti-cheats and have even done some some hardware stuff, so I say this with some degree of experience: writing a userspace hack/cheat is pretty hard without a zero-day. Most stuff won't easily get PROCESS_VM_OPERATION permissions, also those are (afaik) logged by the kernel, so you can easily see if some weird "DefinitelyNotACheat.exe" executable or "NotABadLibrary.dll" requested them, so it's a pretty janky way of getting access to memory you shouldn't.
> That's the problem with same-user process isolation, it is a hugely leaky abstraction. There is no magical "just set this bit" fix.
Again, this is a non sequitur. No one said (or at least I didn't) that there's a "magical" bit. You're not even arguing against a strawman, it's almost like we're having two different conversations.
> On a desktop OS, once an evil process runs under the same user context, you are relying on process DACLs, integrity levels, code-signing, anti-injection hardening, and file-system protections. You can plug one path and still have several others.
Also seems right, and it kinda' is, but code signing is notoriously easy to circumvent, "anti-injection hardening" can mean like three million different things, etc. I dunno, just sounds like someone that's never done this stuff before. Like, not bringing up Detours[1] when talking about "anti-injection" just seems like weirdly avoiding the ONE canonical way of doing this, which just about every single hacking/cracking book covers. Idk, weird omission.
Also, no one in their right mind would attach a debugger, as that's trivial to detect[2]. I guess it could be a decent proof of concept, but no serious hacker would ever go that route. (Also, if I remember correctly, you also need to ship some special DLLs that have the actual debugging helpers—and same with Detours, so might as well do that).
Just wanted to give my justification for the accusation. Maybe I'm wrong and maybe that's why I'm getting the downvotes, so my bad.
I think you are viewing this with your anti cheat experience where detection is key. Can a regular process protect against another regular process reading its memory through PROCESS_VM_READ or can it at best only detect that it happened?
They also act as access alarms[1]. Why even comment if you didn't bother to read the docs?
> The PAGE_GUARD protection modifier establishes guard pages. Guard pages act as one-shot access alarms. For more information, see Creating Guard Pages.
Absolutely wrong. Are we writing the same code here? Page guards are for all userspace access. (In fact, I think kernel space might also trigger them, but can be circumvented. PS: I'm being polite :) Kernel space 100% triggers them, but can be cleverly circumvented by fucking with logs.)
Thankfully our recent experiences with OpenClaw have given us all a lot of faith that users are extremely diligent in what processes they allow access to what information.
This is 100% that case. Basically every form (like this very one I'm typing in) is held in userspace memory un-encrypted. And yet lawyers and doctors and CIA operatives all use forms to type very sensitive stuff in.
It would be stupid, wasteful, and overly-complex to encrypt forms just in case some malicious process somehow got ring0 access. In that case, a keylogger is likely more useful anyway. And you're fucked even if you are encrypting stuff (as keys are likely also somewhere in memory[1] and they need to be—gasp—unencrypted). There's no free lunch.
Stupid Twitter thread meant to rage-bait for engagement.
[1] They could also be on disk or on some peripheral, but still fully readable by a motivated-enough hacker.
Curious as to why people think this (other than partisan trend-following). I've been on Twitter since 2009, and it's arguably in the best spot it's ever been, apart from Grok being pushed so aggressively. A lot of people still build publicly on Twitter. If you're conservative you can follow conservatives, if you're liberal you can follow liberals. I find Elon annoying, so I just muted his account because it seems like it was being algorithmically pushed, especially during the DOGE days. But I do follow politics pretty closely, and it seems relatively balanced overall.
Not sure if it turned into Musk's idealistic "town square," but it's certainly more interesting than it was before.
So, I suspect the key to your experience is buried in this sentence: "I do follow politics pretty closely, and it seems relatively balanced overall."
Balance doesn't mean much by itself. Doesn't mean "informative" or even "accurate". Extremists from every walk of life screaming at each other might be in balance, but isn't much fun to be around. Note that the person you're replying to didn't even mention politics as such, much less a lack of "balance".
I watched twitter for years, starting in 2007. It was never what I'd call "good", but for quite a lot of years you could reasonably use it to follow people or topics that interested you without consuming an inordinate amount of time or attention. In fact, for most of its history you could do this without even bothering to log in - for a long time, that made it fairly useful as sort of an alert system. And that is long gone, so gone there's a good chance most folks using it now don't even remember (or never knew) that was ever a draw.
What's left is people who are logged in, _engaging_. And man, that was always the worst part of Twitter, the constant posturing and troll-baiting for clicks, pushing every viewpoint toward its extreme.
> What's left is people who are logged in, _engaging_. And man, that was always the worst part of Twitter, the constant posturing and troll-baiting for clicks, pushing every viewpoint toward its extreme.
I do agree that engagement farming is—and has been—a problem, but as someone that worked in social media (mostly on the data side, fwiw), it's been a problem for like a decade+ now, long predating "modern" Twitter. And it's a consistent problem on all platforms (I mostly use Instagram, and it's annoying on there as well).
I'm well aware; I previously worked "adjacent" to this sphere, and a non-trivial part of my work life was spent trying to forestall precisely this outcome.
The difference between Twitter now and Twitter a decade ago isn't in the quantity of vapid interactions; it's the proportion of that to anything else. The slide started a long, long time ago and at some point effectively no one was trying to stop it anymore. I'm sure there are still corners where useful information gets passed on in a timely manner, but like the citizens of so many venues before it those corners have been diminished and isolated to an extent that it no longer feels worthwhile for those not already entrenched in them to bother seeking them out
And my point was that, from what I can tell, that proportion of trash::value has been increasing on all social media in (more or less) lockstep. If anything, I'd say Facebook has seen the most precipitous drop in quality, not Twitter. So much so that I don't even log in anymore, and I was veritably addicted during college.
It's increased in lockstep here on HN as well. It used to be that I came here for the comments, but more and more the comments are going the way of everywhere else: Inflammatory, polarising, and more and more botted (both automated and human bots) -- no proof, but I've been around the internet since the early 90's, I see the patterns.
I even get sucked into contributing at times, which is why that descent into trash _works_ so well. I hate it, and I visit HN less and less as a result.
>arguably in the best spot it's ever been, apart from Grok being pushed so aggressively
So the best ever except for one of the biggest crap parts that didn't exist at all just a few years ago?
Though actually I think it's just more people figuring out how the interests of social media companies aren't the same as their own interests, and Musk's very-visible fiddling with things drove home the "people are trying to to addict you and influence you" point MUCH more quickly than anything ever did in the past to a wide chunk of the population. Not new in essence, but now highlighted with a giant neon sign pointing at it.
The ability to click the Grok button and have it privately research a claim in a post to see if there's anything else backing it up in realtime is extremely helpful.
That and the real time translation aspect leading to true global conversations right now is absolutely awesome.
I stopped using it because offensively stupid drivel from morons who paid for blue checks started getting upranked everywhere, pushing down the tweets I actually wanted to see. I have no problem talking to people with different ideologies and political views (actually I tend to enjoy it), but what the site was showing me was consistently not worth my time.
That's because most liberals don't like to be questioned or defend their positions, in general. On X they are forced to confront or actively block people. Note that the your comment is downvoted for essentially saying "twitter is still good" with no malice, and parent is still totally fine after saying (speciously) "twitter is for horny cryptobros". They have no actual response other than to downvote or leave for an echo chamber. This has been hashed out here many time before. Truth does not mind being questioned. A lie does not like being challenged.
I spent at least 10 hours testing it yesterday. I got a lot of relief when the number badge incremented telling me that some commented on this post. Thank you.
To me the most interesting thing is the different red team adversary agents I'm using. There is a Jony Ive design critic agent which is surprisingly very good, a red team agent that does normal code review and bug hunting by injecting logging into the code running it in isolation in the /tmp/ folder, a red team agent that code reviews and find bugs in the test harnesses, and an agent that does mutation testing by breaking the code creating regressions to make sure that the test harness catch them -- I wanted to call it the trickster agent but did didn't want to drift from training and density in the LLM model.
I did a huge amount of experimentation last week discovering that if a model misses a bug or gets something wrong, running an adversary agent using the same model or family of models will not surface it. Everyone has the intuition about that but I can describe why using data. So Claude writes code that is orders of magnitude better than any project I inherited in the past 15 years and I'd have ChatGPT run all the adversaries.
In order to surface replies to posts and comments it requires huge amounts requests so I needed to figure out what the optimal request rate is based on frequency of replies over time. First posts get replies after a week so there isn't any reason to surface them. After analysis, I can conclude a request every 5 minutes in the background is enough. What is that 288 (pollComments) + 144 (author-sync) = 432 requests/day per user? I spent a couple hours on that. Actually, I started with the Hacker News API and then realized that I should check the https://hn.algolia.com/api but wanted to know which is optimal including using both. After experimentation and research I discovered that ~432 requests a day at Algolia is enough.
This is an amazing test and it's kinda' funny how terrible gpt-2-image is. I'd take "plagiarized" images (e.g. Google search & copy-paste) any day over how awful the OpenAI result is. Doesn't even seem like they have a sanity checker/post-processing "did I follow the instructions correctly?" step, because the digit-style constraint violation should be easily caught. It's also expensive as shit to just get an image that's essentially unusable.
Essentially yes (bottom got distorted), but Gemini uses Nano Banana Pro or Nano Banana 2 so it's not a surprising result. The image I linked uses the raw API.
You are comparing ChatGPT to a raw image model. These are two completely different things. ChatGPT takes your input, modifies the prompt and then passes it to the image model and then will maybe read the image and provide output. The image model like through the API just takes the prompt verbatim and generates an image.
reply