• 4 Posts
  • 162 Comments
Joined 2 years ago
cake
Cake day: July 1st, 2023

help-circle
  • Naw, This is honestly the direction that software engineering is going to go. AI becomes more capable over time.

    We are eventually going to stop writing code and focus more on writing specifications. The development of languages that allow us to write and maintain better specifications is going to accelerate that in the same way, that higher level languages allowed us to accelerate writing code for the purpose of it being transformed into some form of bytecode. We are now in the early stages of needing a language that better facilitates the authoring of detailed specifications that can then be ran through code generation in more predictable and scalable manners.

    I see nothing wrong with developing a new language. If it works it works. If it doesn’t it doesn’t and we all learned new shit. I’m not sure why so many people in this thread hate science.








  • I think forcing MMOs to release software is a bit much.

    Opted for large scaled systems. It’s more than just simple software. There is a ton of infrastructure and proprietary solutioning that goes into it. That’s likely used for other games as well.

    It may not even be possible to release the software because it is not just software and the resources to prepare it for releasing may not be available.

    However, if a game company shut down their servers, they should not be allowed to prevent other people from try to reverse engineer and make their own servers.

    Single player and local games 100% though should not be allowed to be killed.








  • These are all holes in the Swiss cheese model.

    Just because you and I cannot immediately consider ways of exploiting these vulnerabilities doesn’t mean they don’t exist or are not already in use (Including other endpoints of vulnerabilities not listed)


    This is one of the biggest mindset gaps that exist in technology, which tends to result in a whole internet filled with exploitable services and devices. Which are more often than not used as proxies for crime or traffic, and not directly exploited.

    Meaning that unless you have incredibly robust network traffic analysis, you won’t notice a thing.

    There are so many sonarr and similar instances out there with minor vulnerabilities being exploited in the wild because of the same"Well, what can someone do with these vulnerabilities anyways" mindset. Turns out all it takes is a common deployment misconfiguration in several seedbox providers to turn it into an RCE, which wouldn’t have been possible if the vulnerability was patched.

    Which is just holes in the swiss cheese model lining up. Something as simple as allowing an admin user access to their own password when they are logged in enables an entirely separate class of attacks. Excused because “If they’re already logged in, they know the password”. Well, not of there’s another vulnerability with authentication…

    See how that works?





  • You can’t really host your own AWS, You can self-host various amalgamations of services that imitate some of the features of AWS, but you can’t really self-host your own AWS by any stretch of the imagination.

    And if you’re thinking with something like localstack, that’s not what it’s for, and it has huge gaps that make it unfit for live deployment (It is after all meant for test and local environments)