With what has happened around the studio, I’d say it’s good that DE2 was canceled. It was to be made by a ruins of a studio that was stolen along with it’s IP from the original developers and artists, who didn’t manage to navigate the landmine of for-profit gamedev industry, and got basically scammed by investors, who robbed them of their IP and studio through various loopholes and bullshit of shares-based companies. (It’s a pretty nuanced story, and I’m not really sure how it ended up, so it’s better to watch the documentary about it if you’re interrested, rather than take my conclusion from it. I also haven’t followed recent developement, so if anyone knows how that turned out, let me know)

It’s quite a sad and infuriating story, especially since ZAUM was IIRC originally a pretty wholesome art collective of punks and anarchists from squats. It must have been devastating to enter the market with such ideals, only to be scammed of your art by the first investor you encounter, who you might’ve even considered a friend.

There’s quite a few ex-Disco Elysium studios popping out. My favorite so far is the Summer Eternal. It feels like they didn’t want to announce it this early, but because two other studios (Longude, and Dark Math Games) got announced few days ago, they did the same.

Summer Eternal feels the most radical out of the three studios, I really like their manifesto and how they are attempting to mix art-collective with market-based development. And they have some amazing writers.

Here are few bits and pieces of the manifesto from their website, I really recommend reading it. Also, the website linked above is just stunning.

…

As creators and game makers, we have too long been led away from the truth, away from the right to define ourselves as artists in service of the definitive art form of the future, one that has made us dream since we were children.

Instead, the disposability culture operating at the ruthless core of this industry wants us to think of ourselves as cogs in the machine: rudimentary craftsmen, disposable career workers, inert producers of made-to-order marketing-driven “content” — empty calories leaving the soul hungry.

The Profiteer knows that by keeping your dignity low, he will keep you crawling on the treadmill of passion until he lays you off for the sake of the red number in his book.

…

Machine-generated works will never satisfy or substitute the human desire for art, as our desire for art is in its core a desire for communication with another, with a talent who speaks to us across worlds and ages to remind us of our all-encompassing human universality. There is no one to connect to in a large language model. The phone line is open but there’s no one on the other side.

I can’t recommend Maldev Academy enough. It has been an amazing resource, to get into malware development. Keep in mind, however, that malware development is pretty difficult topic. You will have to eventually use WinAPI and syscalls, so learning about that even outside of malware development will help you a lot.

For example, try looking into how to execute a shellcode in memory - allocate memory as RWX, copy some data and then execute it. Try executing it in a different process, or in a different thread of another process. That’s the core of malware development you’ll probably eventually have to do anyway. Manually calling syscalls is also a skill that you’ll need, if you want to get into EDR avoidance.

Also, look into IoCs and what kind of different stuff can be used to detect the malware. Syscall hooks, signatures, AMSI, and syslog are all things that are being watched and analyze to detect malware, and knowing what exactly is your program logging and where is one of the most important and difficult skills you can get.

There probably are a lot resources for these two skills, and they are an important foundation for malware developemnt, so I’d suggest researching that. You’ll probably not get much from looking at other malware, because it tends to be really low-level, and obfuscated, exactly to avoid the IoCs I’ve mentioned above. Implementing the malware behavior after that is the easier part.

Another good resource to look into are C2s and communication, for example Mythic C2 has some interresting stuff.

And I really recommend joining the Bloodhound slack. Throughout my cybersecurity carreer as a Red Teamer, the community has helped me a lot and I’ve learned amazing stuff just by lurking.

As someone who works in gamedev, I’m sure that some of the people there are passionate about it and it is gutwrenching to see your work fail so hard. I’m sad for every project that launches after years of work and fails to get any attention or sales, and I’m definitely sure there’s someone losing sleep due to that.

I never worked in super-large projects, but I did work for a AAA studio and even there, you got people invested into the project.

From how I’ve seen it, you wouldn’t work in gamedev unless you are passionate about it, because you can get drastically better pay for the same job in other, more business focused, industries. So, if all you cared about is money, you have better options.

How I understand it is that the admired language is one of those “I’ll start learning it tommorow” languages, that you however already talk about how great it is wherever you can, i.e see Rust on Lemmy.

I also find it funny (and relatable) how neovim is the most admired IDE. I totally relate to that, I’ve been telling myself “I’ll learn and switch to Helix tommorrow” for the past two years.

76% of all respondents are using or are planning to use AI tools in their development process this year, an increase from last year (70%). Many more developers are currently using AI tools this year, too (62% vs. 44%).

What the fuck. That’s horrifying. I also though that every sensible workplace bans the use of AI.

A friend was telling me about a discussion between CTO’s at a conference, where they were talking about whether it’s even worth it to hire junior developers anymore, since there’s a high risk of them just being “AI-raised”, without much (or any) experience of coding without AI. And, this survey result… I can see where they are coming from. The future of programming looks pretty bleak - our job will not be replaced. It will just get worse, with good developers being more of a rarity.

And the amount of people who use vim or neovim as their IDE is surprisingly high. Is it skewed by sysadmins?

That’s a good question, and I never through about it like that. I think that the lack of documentation isn’t that much of a problem, rather that the code stands out in the project in that it is complex to understand and requires some more though, effort and imagination to grasp, since it’s generic with lot of interfaces and polymorphism.

Now, that usually wouldn’t be much of an issue, however - the project is a game we’ve been actively working on in our spare time in a team of 2 programmers for the last 6 years, and we are all fed up with it and just want it to end. Most of the (pretty large by now) codebase is kind of simple - it’s a game code, after all, and since we started it when we were 20, there aren’t many overenginered ideas or systems, but everything is mostly written in the ugly, but simple and direct way, so if we had wanted to change something, we may have had to rewrite a part of it, but it never really needed much effort to understand what’s going on.

But now I need to change this code, which is one of the only parts that requires some kind of imagination and actually sitting down and trying to understand it, and since my motivation about the project is so low, it’s a pretty large hurdle to cross. One that is also unnecessary, since most of the generalism isn’t needed and will never be used. But since the code is written in such extensible way, it’s hard to just hack up a simple and ugly solution somewhere into it and be done with it, without really figuring out what the hell is going on.

A documentation wouldn’t help with that - it would still take the same amount of mental effort to be able to work with that code, which we generally lack in the project. I think that if I actually took the time to properly look through the code, figuring out what’s going on wouldn’t be too hard - the naming convention is pretty ok and it’s not that difficult, it just requires some mental effort.

I’m not trying to make excuses, the code very probably has problems, I’m just trying to better sort my thoughts about why I have so much problems working on it. It probably has more to do with my motivation, rather than the code in itself, and the fact that the complexity here wasn’t required, and is now a needless hurdle that actually hinders progress. Not due to it’s quality, but do to unrelated motivation issues and us having to basically force ourselves to work on and finish the damn project.

From time to time I watch some scam-hunting youtubers for fun, because some of them have really perfected their game and listening to scammers raging is fun, but it’s also super unsettling when you realize they also talk like that to real victims. It’s unhinged.

There’s a piece of code in our hobby game project that I’ve written after attending classes in college about how to write clean and SOLID code. It’s the most overengineered piece of shit I’ve ever written. I’m not saying it’s the fault of the lectures, of course it’s on me being a little bit over zealous, but it does check all the boxes - It’s a simple “show selectable list of stuff”, follows MVC, it’s extensible without rewriting to adittional data-types and formats, extensible view that can show any part of data you need, generic, and in general it could be used anywhere we need, for any kind of data.

There’s only one place where we need and use such list in our game.

I needed to rewrite a part of it, since the UI changed drastically, to not need this kind of list, while also adding events into the process. I haven’t seen the code for almost 4 years, and it’s attrocious. Super hard to understand what’s going on, since it’s too generic, interfaces and classes all over the place, and while it probably would be possible to rewrite the views for the new features we need, it’s just so complex that I don’t have the mental capacity to again figure out how it was supposed to work and properly wire it up again.

I’m not saying it’s fault of the classes, or SOLID. It’s entirely my fault, because the classes inspired and hyped me with ideas about what a clean code should look like, that I didn’t stop and think whether it’s really needed here, and went over-the-top and overengineered the solution. That’s what I’d say is the danger of such Clean Code books and classes - it’s easy to feel clever for making something that passes SOLID to the letter, but extensibility usually comes at a complexity, and it’s super important to stop and think - do I really need it?

We found a RCE on a server during pentest. In KOBOL.

Learning how to make a reverse shell in KOBOL was pretty unique experience. Thankfully, we found another path to DA ajd didn’t have to continue, but maan, learning KOBOL, especially of your use-case is niche, is borderline esoteric.

I still use Parsec for remote, and I don’t have any issue with it, it works great and I like it. However, they also did offer a free SDK (Unity plugin) to integrate remote play into your game natively (just like you can have “Invite to Steam Remote Play” button from Steam SDK), which was exactly what we needed - and Steam Remote was never working without issues for us, in comparison to Parsec which worked amazingly well every time we tried it.

I found numerous mentions of Parsec SDK and how easy it is to integrate, but after Unity bought it, I couldn’t find it anywhere. Only mention was that if you need it, you should contact them.

So I did that, mentioning that we are a small team of students working on a offline co-op only 2 player game in our free time, and that since Steam Remote wasn’t working for us and I have great experience with Parsec, I asked what we have to do to get access to the SDK/Unity plugin.

Unity’s answer? Sure, no problem, they will be happy to give us access, with first step being that we pay them 1 000 000$ for it.

Like, wtf? Did they even read the email? How out of touch you have to be, to casually ask a small student team to pay 1 000 000$?

My best VCS experience so far was when working with Plastic SCM. I like how it can track merges, the code review workflow is also nice, and in general it was pretty nice to work with.

Fuck Unity, who paywalled it into unusability, though. Another amazing project that was bought and killed by absurd monetization by Unity, same as Parsec.

While I’m not using it, since we started our small-team hobby project in git and moving away from it would be a bother, there is one use-case of SVN that would save us a lot of headaches.

SVN being centralized means you can lock files. Merging Unity scenes together is really pain, the tooling mostly doesn’t work properly and you have no way how to quickly check that nothing was lost. Usually, with several people working on a scene, it resulted in us having to decide whose work we will scratch and he will do it again, because merging it wouldn’t work properly and you end up in a situation where two people each did hundreds or thousands of changes to a scene, you know that the Unity mergetool is wonky at best, and checking that all of those changes merged properly would take longer and be more error prone than simply copying one persons work over the other.

We resorted to simply asking in chat if anyone has any uncommited work, but with SVN (or any other centralized VSC, I suppose) we wouldn’t have to bother with that - you simply lock the scene file and be safe.

On the other hand, git has major issues with binary content, such as when making games. I know there is Plastic, which has some cool features, especially in regards to merging, but when Unity bought it, it got stuck in unreasonable overpriced proprietary licensing hell. Is there some kind of FOSS VCS that solves similar issues?

What will be the next to replace Git? Many say it might be related to AI, but no one can say for sure.

Now here is a sentence that would make me immediately stop reading the article. Thankfully it is at the end, since it was a great and interesting read.

But now I wonder, the article does mention that Git has some core design problems. Are there any new emerging VCSs that iterate on the idea and are better (or faster, or have an unique idea about how to handle stuff), or is version control basically a solved problem with Git?

Looks like I’ll finally get a reason to cut off another website I hate using, but never found the willpower to get rid off.

Good

This is actually a great question, in the context of the Fediverse.

Usually, every social network or forum has in their ELUA that anything you post is theirs, and you can’t do anything about i.e Reddit using your data to train AIs.

Hlwever, here, we’re on private instances of regular people. We can make our own rules, can’t we? If an instance would say that anything you post is copyrighted by the author, i.e by CC, would it be enforcable if someone would decide to scrape (or repost) the content for profit?

I’d like to mention one exception, because it took me ages to properly debug.

If your endpoint is serving mirrors for APT, don’t redirect to HTTPS.

APT packages are signed and validated, so there is no need to use TLS. Lot of docker images (such as Kali) do not have root certificates by default, so they can’t use the TLS, because cert validation fails. You also can’t install the certificates, because they install through APT. If your local mirror redirects to https by default, it will break it for people who choose the mirror, which IIRC happens automatically based on what’s closest to you. I think this issue is still there for Czech Kali package mirror, and it took me so long to figure out (because it’s also not an issue for most of the users, since they have different mirrors), so I like mentioning this when talking http/s. It’s an edge case, but one that I find interresting - mostly because it would never occur to me that this can be an issue, when setting up a mirror.

But that was more than a year ago, it may be better now.

Btw, choco (and maybe even winget?) already has a gsudo tool, which implements sudo. It is super handy, and having a native version is definitely better, but before its available, I recommend gsudo.

We’ve had to work in Pharo for our OOP uni course, and it was one of the worse experiences I’ve had in school. Mind you, it was something like 7 years ago, so the language may very well be a lot better now, but the whole “your IDE is the code” felt cubersome, it was buggy and crashed randomly, and in general I spent more time fighting with the IDE than doing something useful.

It was a bad time, but also a great learning experience. Being forced to work in something that IMO sucks is an useful skill, but I never want to see that language again :D