Skip Navigation

Mikina

@ Mikina @programming.dev

Posts
16
Comments
1020
Joined
3 yr. ago

  • Ex-CISA head thinks AI might fix code so fast we won't need security teams 😆️️

    Jump

  • Definitely, but the issue is that even the security companies that actually do the assesments also seem to be heavily transitioning towards AI.

    To be fair, in some cases, ML is actually really good (i.e in EDRs. Bypassing a ML-trained EDR is really annoying, since you can't easily see what was it that triggered the detection, and that's good), and that will carry most of the prevention and compensate for the vulnerable and buggy software. A good EDR and WAF can stop a lot. That is, assuming you can afford such an EDR, AV won't do shit - but unless we get another Wannacry, no-one cares that a few dozen of people got hacked through random game/app, "it's probably their fault for installing random crap anyway".

    I've also already seen a lot of people either writing reports with, or building whole tools that run "agentic penetration tests". So, instead of a Nessus scan, or an actual Red Teamer building a scenario themselves, you get a LLM to write and decide a random course of action, and they just trust the results.

    Most of the cybersecurity SaaS corporates didn't care about the quality of the work before, just like the companies that are actually getting the services didn't care (but had to check a checkbox). There's not really an incentive for them to do so, worst case you get into a finger-pointing scenario ("We did have it pentested" -> "But our contract says that we can't 100% find everything, and this wasn't found because XYZ... Here's a report with our methodology that we did everything right"), or the modern equivalent of "It was the AI's fault", maybe get a slap on the wrist, but I think that it will not get more important, but way, way more depressing than it already was three years ago.

    I'd estimate it will take around a decade of unusable software and dozens of extremely major security breaches before any of the large corporations (on any side) concedes that AI was really, really stupid idea. And at that time they'll probably also realize that they can just get away with buggy vulnerable software and not care, since breaches will be pretty common place, and probably won't affect larger companies with good (and expensive) frontline mitigation tools.

  • Ex-CISA head thinks AI might fix code so fast we won't need security teams 😆️️

    Jump

  • I have worked as a pentester and eventually a Red Team lead before leaving foe gamedev, and oh god this is so horrifiying to read.

    The state of the industry was alredy extremely depressing, which is why I left. Even without all of this AI craze, the fact that I was able to get from a junior to Red Team Lead, in a corporation with hundreds of employees, in a span of 4 years is already fucked up, solely because Red Teaming was starting to be a buzz word, and I had passion for the field and for Shadowrun while also being good at presentations that customers liked.

    When I got into the team, the "inhouse custom malware" was a web server with a script that pools it for commands to run with cmd.exe. It had a pretty involved custom obfuscation, but it took me lile two engagements and the guy responsible for it to leave before I even (during my own research) found out that WinAPI is a thing, and that you actually should run stuff from memory and why. And I was just a junior at the time, and this "revelation" got me eventually a unofficial RT Lead position, with 2 MDs per month for learning and internal development, rest had to be on engagements.

    And even then, we were able to do kind of OK in engagements, because the customers didn't know and also didn't care. I was always able to come up with "lessons learned", and we always found out some glaring sec policy issues, even with limited tools, but the thing is - they still did not care. We reported something, and two years ago they still had the same bruteforcable kerberos tickets. It already felt like the industry is just a scam done for appearances, and if it's now just AIs talking to the AIs then, well, I don't think much would change.

    But it sucks. I love offensive security, it was really interresting few years of my carreer, but ot was so sad to do, if you wanted to do it well :(

  • Decided to try out Bazzite on my desktop PC - Distrobox feels like magic

    Jump

  • I also highly recommend looking into https://www.winboat.app/

    It might be a pain to setup on Bazzite (it's probably better to just use ostree-rpm for the prerequisities), but it's exactly the same kind of magic, but for Windows apps!

  • Ring’s CEO says his cameras can almost ‘zero out crime’ within the next 12 months

    Jump

  • Over 5,000 games released on Steam this year didn't make enough money to recover the $100 fee to put a game on Valve's store, research estimates

    Jump

  • The market situation is really difficult, unless you are really really lucky. We've continued with a college project and eventually managed to release a hand-drawn coop top-down shooter, around 2 hours of story-based gameplay, that was locally pretty successful as far as marketing goes - we were in local national television, have several "best indie game" awards from conferences, even including Czech Game of the Year in student category. We had czech streamers playing the game, had reviews and even were featured in a Microsoft article about student gamedev, and we were featured in the New and Noteworthy on Steam for quite a bit.

    We've eventually managed to get around 6000 wishlists, and the reception was generally positive.

    After almost half a year after realease, we have only dozens of sales.

    We don't have any investors we own money to, and never really made it for profit, but it is still difficult to see 6 years of your work that you though was going pretty well end up like this. I'm not really surprised, because it is local-multiplayer only story based game (although Steam Remote works), which will limit the target audience size by quite a bit, but I definitely won't be ever making a game where I expect that it will sell, and rather focus on smaller experiements, gamejams, and making games for making games sake.

    Tying money into your gamedev is a recipe for disappointment.

  • Over 5,000 games released on Steam this year didn't make enough money to recover the $100 fee to put a game on Valve's store, research estimates

    Jump

  • The best thing I ever done in relation to my gamedev dream/career was to make sure I don't ever get into a situation, where my livelygood depends on the art/games I make. That's a recipe for disapointment.

    It doesn't matter if it's only working in gamedev instead of general software development, because that's where you get way less money for basically the same code-monkey crunching Jira tickets job, only there's now a bunch of exec exploiting your passion and underpaying you, or if it's more bold attempt to save up money and be able to afford to make a game on my own, because then you have to sell it, and that sucks if your livelyhood is on the line.

    The best course of action I could come up with is to just go work to a generic corporate in software development/cybersecurity, get a part time job (which will get you basically the same money as fulltime in a gamedev company), and use the free time for my own personal gamedev projects that I don't have to tie in any way to my income. Finding a comunity of similarly minded students or art collectives also helps.

    I've mostly given up on larger projects, because that exactly a ton more work, and now focus on a short gamejams here and there (usually two to three days, a week or two max). Being extremely limited by time means that the project usually fits into my short attention span, I can experiment with the obscurest of game designs, and you get to meet cool people, especially when the gamejam is onsite. So, if you're at all interrested in trying out gamedev, I highly recommend looking into those - it will take a weekend of your time, and if it doesn't work or isn't fun for you, then you won't loose much.

  • GE-Proton 10-21 brings fixes for Blue Protocol, Black Desert, Battle.net, Ubisoft Connect

    Jump

  • I've been having issues with Battle.net, or rather - WoW getting stuck at endless black screen, in a window that's minimizing and maximizing it.

    Just doing a Bazzite rollback fixed it, but I also tried a lot of different runners to no success, so it might not be it. I was also able to launch the game in dx11, but it did not recognize my NVIDIA card, and only ran on the CPU emulation at like 1 FPS, so it sounds like a deeper driver issue. Other games worked fine, though.

    Hopefully this will fix it, having to rollback all the time, since I CBA to figure out how to rollback permanently isn't fun.

  • The State of AI Adoption in Engineering Teams 📊

    Jump

  • Ugh, hate the emojis and the random bold text. Was this written by an AI? It's so annoying to read.

  • New Jetbrains Update Dropped

    Jump

  • I might be mistaken, but I think that if you use the free version, it's also opt out, because IIRC it's also an individual non-commerecial licence.

    For individuals on non-commercial licenses: Data sharing is enabled by default, but you can turn it off anytime in the settings.

    At least on the prouct page, the free tier is literaly called "Rider Non-commercial", under Individuals tab.

  • ID photos of 70,000 users may have been leaked, Discord says

    Jump

  • Hahaha. Not gonna lie, I really hope we will see as much similar stories as posible. Will make for at least slight case against mandatory age verification for other countries, to not follow in UKs footsteps.

  • New Jetbrains Update Dropped

    Jump

  • For me, the issue isn't as much that they are forcing the data collection (on some/free people, to be clear).

    I have issues with the way they are spending their development money, that I give them for the product. I don't care about the AI hype slop, that apparently can't even get good results (which they outright admit in the blogpost), instead of actually making the core features of the editor better. Everyone knows at this point it's a hype bubble that will never be usable, and they are grasping at straws.

    I don't want to pay 200$ a year only for them to add a dumb chatbot and data collection into my IDE, or make the code completion dumber and random instead of actually being deterministic. So I don't, canceled my subscription and I'm sticking to the perpetual license while slowly switching to nvim. But I can still make fun of them about it. I have been recommending JetBrains products for most of my life, and they have disappointed me with the direction they are going, so I'll make sure to un-recommend it.

  • New Jetbrains Update Dropped

    Jump

  • The context is that they made a blogpost that's written in, at least in my opinion, extremely pleading tone. They are basically crying that they can't make a good AI with public data, and if you please could turn on their new AI data collection that would steal all your code. I've seen a few "we will use your data for AI" posts, and this was just unsettling, with the tone in which it was written.

    I can't really say why, but I find this style of communication pretty unsettling. It does have exactly the same wibe as the picture in the post.

    So, if you pay for their IDEs, nothing changes, but you can opt-in into them using your data for AI training, and they are pleading you do. If you use the free version, it's opt out and turned on by default.

  • New Jetbrains Update Dropped

    Jump

  • I don't think it's misleading, or at leas the point was not to imply that they are forcing the data collection (which they are, for free users, but it is opt-out). The point is that they are actually downright emotionally manipulating in the blogpost. The blogpost in which they announce it, at least in my opinion, is written in exactly the same tone as the picture. They are basically crying that they can't make a good AI without stealing your private data, pleading you to turn it on.

    I've seen a few similar posts of products announcing AI data collection, and this one was the most unsettling, hence the meme.

  • New Jetbrains Update Dropped

    Jump

  • This was one of my biggest issues, but I did manage to succesfully switch to nvim few months ago, by installing ideavim into Rider, vscode-vim into vscode (so I can't easily escape it when I get lazy), but most importantly - setting LazyVim as my default editor, which has been a lifesaver.

    It has a pretty good LazyExtras interface for easily installing a ton of plugins, almost for every language. You just open the LazyVim menu, select a language you want, and it installs LSPs, debuggers and whatnot you may need for it. It's probably using the nvim-lspconfig mentioned in other comments, but it has been pretty seamless.

    But any other pre-made nvim config will work, this one is just more approachable than someone's random plugin list.

  • New Jetbrains Update Dropped

    Jump

  • That's exactly what I did, switching from Rider. LazyVim helped with getting a usable setup (especially LSPs are pain to setup without it), https://www.vim-hero.com/ taught me the absolute basics of navigation, and then I simply installed IdeaVIM into Rider to force myself to use it, and switched my default editor to LazyVim.

    It has already been a few months, and I'm pretty used to it. I still fumble here and there, I still have to stop and think then doing more involved operations, but for the basic editing I wouldn't go back.

    The most important observation I have is that it does not make me more efficient at editting text, the fumbles and mistakes usually offset any gains I have from the many navigation/jump/repeat keys, and reaching for the mouse would be quicker, but -

    It's super fun. Learning new motions is satisfying, you can see progress, and by slowly adding a new motion, then trying to get it to your muscle memory is simply fun. And there's always something to learn, a new motion to add or make more efficient. It's basically gamified text editting, and if you like mastering things in the muscle memory sense, it's awesome. I'd absolutely recommend everyone to make the switch, but not for "being a faster/more efficent at text editting" reason, because if you want that, learning every single IDE keybind will make you faster faster.

    Also, it's surprisingly comfortable not having to reach for a mouse. It has only been a few months, and I'm getting slightly annoyed whenever a program doesn't have a hotkey for proper navigation and I have to touch my mouse, hah.

  • Google Calls ICE Agents a Vulnerable Group, Removes ICE-Spotting App ‘Red Dot’

    Jump

  • SS was also law enforcement.

  • Microsoft 365 Copilot's commercial failure

    Jump

  • If I got a Copilot license, I'd definitely make sure to expend my quota every single day and use it as much as possible. Especially if I was "highly encouraged" to use it.

    Just run a markov chain and let it talk to the thing. It's expensive to make the queries, for MS.

  • A code execution security vulnerabilty has been identified in all games built with Unity 2017 and later

    Jump

  • I see, but still - how is that different from a regular old .dll injection? Or, just replacing the .exe alltogether.

    If you're at the point of R/W/X on a machine, then you have a lot of similar vectors of attack.

    That is, assuming there's no privilege escalation, which the vuln report does not mention.

  • ‘My son genuinely believed it was real’: Parents are letting little kids play with AI. Are they wrong?

    Jump

  • As someone from the first generation that grew up with phones and social networks in school, it will absolutely have a disastrous effect.

    I can compare myself to people few years above me, who only got phones, social networks and short form content later in the life, and the effect is huge. I have been trying for years to get rid of PC addiction, I don't even watch shows or use social networks other than Lemmy, but it's still hard for me to do any kind of project because I simply don't have the attention span and frustration tolerance.

    I also spent up to 17y.o just playing games and not having any other hobbies. I did catch up on ot later, but since I never really had to spend time alone while working on something frustrating, without constant dopamine, I quickly drop projects and need someone else to work on it with me to keep me interrested. It sucks, and even after years of trying to work on it, I still haven't even started most of what I'd want to do.

    I'm lucky I didn't have AI and at least learned to program and make games, I'm already pretty socially anxious, but it's not that bad. If I also had AI during all this, that would summarize or write every text I read/write longer than a paragraph, I can only imagine how worse off I'd be. It's extremely teryfiing.

    And no, it's not ADHD, meds don't help, I had a therapy for a few years. It has pretty much the same symptoms, but it's extremely multiplied by the computer and short-form content. It's basically a "learned ADHD" as in not biological but phsychological, and it sucks. It is only anecdotal, but I believe that a lot of people with adhd are simply in the similar situation as I am, engineered by corporations to only be able to pay attention to their content en masse.

  • Highly disapointed by who adopt an Opt-out model for data sharing.

    Jump

  • I have canceled my subscription the moment they started spending development time on AI hype instead of their core product.

    I can still use the fallback licence (you keep the version you've paid a year for, i.e 2023, forever), and I will do so until it stops working, while transitioning to other editor wherever possible (nvim in my case, which I've already gotten used to pretty well thanks to ideaVim)

    Until they stop with the overhyped AI bullshit, I won't get a new version. And, seeing how they beg for user data in the most uncanny blogpost possible, that'll probably be never.

    It's a shame, I liked jetbrains.