• 0 Posts
  • 12 Comments
Joined 1 year ago
cake
Cake day: August 3rd, 2023

help-circle

  • Before Steam (esp. right before Steam) it was common for a disc to have nothing but a 100mb installer that attempted to download the game, or an actual game build so buggy that you were forced to download patches that required you to be online.

    Prior to this, games came with serial numbers and needed to be activated online. This made reselling PC games no longer a thing as you needed to trust who you were buying the game from.

    In both cases, the physical disc was yours, but it was pretty useless. It wasn’t the game, but also was required to play the game.

    Before that, we had truly resellable DRM: “Enter the 3rd word on the 20th page of the manual 🤣”.


  • I think the answer was to introduce a law which would force digital market places to clearly describe what users are paying for, for folks who weren’t around during the controversial time when Steam and Xbox Live Arcade came out and can’t grasp the concept; folks who didn’t observe the reality before and after this shift.

    Even though it was abundantly clear already, this is what the California law is all about.

    If, with this clear explanation, you still want to merely get a license to use games via a service, you should be able to do it.

    Valve isn’t doing anything wrong: far from it. Steam is awesome and I understand that one day, it could all go away and with it, all the games I have access to.

    I also understand that, at any time, Valve may decide that they don’t want me to use Steam anymore, or that someone may hack into my account and I won’t have access anymore.

    Finally, I get that even now, things that I could do with physical games; I can’t do with my Steam library (eg. Easily play a game on my Steam Deck while someone also plays another game on my desktop, or sell a game disc that sits on my desk).

    I understood this when I reluctantly signed up to Steam to play Half Life 2 back in the day when it was a complete dumpster fire of a buggy mess of a service. But it has improved so much since then.

    Hey, do you, but I don’t see what the big deal is. We’ve already protested that Steam was a bad idea, and Valve was literally the devil, but it’s actually turned out to be objectively more convenient than any alternative to play games, and it’s no longer Valve forcing us to install Steam to play their games. Practically the entire industry has shifted, plus there are now alternatives (besides piracy) like GoG. Hopefully this law causes more competition in that DRM free space.



  • Don’t get it twisted. We definitely agree.

    This will effectively add any computer it’s installed on to a botnet and create another attack vector (via Vanguard).

    The tradeoff I described, tho, is one on the Riot side. And as much as this form of anticheat is ridiculous, it makes sense given Riot’s business model. A bunch of cheaters can easily waste their money and engineering effort. They made the deliberate choice to narrow their market of potential players to those who are willing to install Vanguard and feel that Vanguard pushes most cheaters out of that narrow market. It makes sense.

    Re: That tradeoff, tho, users aren’t involved. The tradeoff users have is between installing the game or not.

    And again we both agree, installing this to an important computer or on your home network carries a tonne of risk.


  • Not that I’m defending Vanguard, but Riot’s choosing to invest in developer resources for Vanguard (and in finding cheat developers) so they don’t have to invest in server capacity or developer resources to support cheater only lobbies.

    As long as their anticheat is effective, every cheater they can repel is some amount of server capacity that legitimate players can use.

    Also, cheaters in the types of games Riot makes will cause some amount of opponents to simply leave the game in frustration. So part of this is just trying to keep players who are willing to install the game happy.

    They’ve chosen to make free to play games, so this tradeoff actually makes sense for Riot. But again, kernel level hacks aren’t something everyone will or even should install.

    It’s all about tradeoffs.


  • I’m not sure if it’s part of a TLS standard yet but I was talking about encrypted SNI (ECH, formerly called ESNI).

    Today, early on in a TLS connection, the client actually tells the server, in plain text, the domain name it’s intending to communicate with. The server then presents a response that only the owner of that domain can produce, then keys are exchanged and the connection progresses, encrypted. This was required to allow a single server to serve traffic on multiple domains. Before this, a server on an IP:Port combo could only serve traffic on a single domain.

    But because of this, a man in the middle can just read the ClientHello and learn the domain you’re intending to connect to. They can’t intercept any encapsulated data (e.g. at the HTTP level, in the case of web traffic) but they can learn the domains you’re accessing.

    ECH promises to make the real ClientHello encrypted by proceeding it with a fake ClientHello. The response will contain enough information to fetch a key that can be used to encrypt the real ClientHello. Only the server will be able to decrypt this.


  • And your ISP can still see which domains you’re going to if you use them as your DNS.

    Just so you know, because TLS SNI is not encrypted and not yet universally obfuscated (adoption of this is pretty slow and one of the largest CDN providers had to pause their rollout last I checked), not-even-barely-deep packet inspection can be used to track the sites you visit regardless of your DNS provider or wherever resolution is encrypted. Just do a packet dump and see.

    Also, if a website isn’t fronted by one of the most popular CDN providers in existence, it can be possible to infer the sites you’re visiting based on their server IP addresses.

    Although this just shifts where tracking can occur, a VPN is the only reliable way to maybe prevent your ISP from tracking the sites you visit, if this is your desire.


  • When the 3.5-less trend started setting in, I still had a phone with a headphone jack but started looking into wireless Bluetooth digital audio convertors just to prepare myself for the reality that it’ll eventually be hard to find a phone that’s both…good…and that I could plug my IEMs into.

    One I settled on was the Radsone ES100. Besides allowing me to continue to use my headphones, one feature I really liked was its ability to store equalizer settings that could be used with any source, whether it be a Bluetooth device or one I plug the DAC into via USB. I found that there were equalizer apps for Android, but they kept getting killed because of memory limitations I guess. This device externalized the EQ.

    Anyways some of the folks who made that branched off and made an even better version, the Qudelix 5K. It has the same features but does a better job of simultaneously connecting to multiple devices (but sadly it doesn’t mix the sources…it just has a priority 😔😔😔😔). So I grabbed that upgrade and now the headphone side of my audio is locked in.

    I found that getting a Bluetooth DAC helped me feel better about the trend of removing a standard audio connector from devices (which I gotta say, still makes no sense). It still frustrates me that I need to walk around with another device and the limitations of Bluetooth are annoying, but the cool thing is that when my last 3.5mm jack equip device (OnePlus 5) just stopped turning on, I just grabbed a random replacement phone (Pixel 5) and kept the same audio chain.

    tl;dr - Consider just accepting that this is the trend for phones these days and try a portable Bluetooth (or even USB) DAC. When you find one you like, moving to any source will be less stressful. It won’t matter if it has a headphone jack: you’ll be able to focus on other features or even just get a less costly device that’ll sound identical to what u know.



  • I’ve always found this take on in-product purchases and subscriptions weird.

    You are right that they’re allowed to do whatever they want, but…this is just my personal take…the value proposition for Nitro is pretty low as it is. Trying to get more than a subscription from me is a bit of a turn off and makes me want to reach for the cancel subscription button (actually, my subscription is currently in this state through to the renewal date because of the nags about paid borders and stuff).

    I do this with this and also other services that want to upsell beyond a premium or support the platform experience. If I’m already supporting the platform, the first time I’m asked to support it more is when I cancel the subscription. Then they have the uphill battle of convincing me to resubscribe in the future.

    Stated differently, if they don’t remind me I’m subscribed, I’d just keep paying. If they remind me by asking me to pay for things over and above a subscription, I’m suddenly trying to find the true value of the new thing, and also in the next subscription payment. If I can’t decide within a few minutes, I always just hit cancel.