My system would randomly freeze for ~5 seconds, usually while gaming and having a video in the browser running a the same time. Then, it would reliably happen in Titanfall 2 and I noticed there were always AHCI errors in the Windows logs at the same time so I switched to an NVMe drive.

The system would also shut down occasionally (~ once every few hours) in certain games only. Then, I managed to reproduce it 100% of the time by casting lightning magic in Oblivion Remastered. I had to switch out my PSU, the old one probably couldn't handle some transient load spike, even though it was a Seasonic Prime Ultra Titanium.

  Put an expiration date on the storefront and make it clear that your software is not guaranteed to continue working after date X

  providing reasonable means to continue functioning of said videogames without the involvement from the side of the publisher

  Have your server source code (stripped down of proprietary stuff) ready for public release at EoL

  Allow customers to reverse engineer the binaries and communication protocol after EoL

  Package dedicated server binaries with the game

----

[0] https://citizens-initiative.europa.eu/initiatives/details/20...

Ensuring that a critical mass of people use remote attestation[0] capable devices.

The next step is a browser API[1] for this so that content owners can exclude devices capable of storing the content, or stripping out ads/tracking, etc.

Sure, there will be a cat-and-mouse game where people will figure out how to fake the attestation for some period of time, but general computation[2] is probably on the way out.

----

[0] https://en.wikipedia.org/w/index.php?title=Trusted_Computing...

[1] https://news.ycombinator.com/item?id=36817305

[2] https://www.youtube.com/watch?v=HUEvRyemKSg

It can correctly open my company's Power Point templates and IMO the UI is much better in both aesthetics and discoverability compared to LibreOffice.

  > nslookup google.com
  Server:  fritz.box
  Address:  fd00::[redacted]

  Non-authoritative answer:
  Name:    google.com
  Addresses:  2a00:1450:4001:828::200e
            142.250.181.238

  > ipconfig
  [...]
  Connection-specific DNS Suffix  . : fritz.box

Plenty of utility companies are already being forced to provide service. As the EDPB opinion says, a lot of big tech is

> decisive for participation in social life or access to professional networks, even more so in the presence of lock-in or network effects

> Untargeted advertising pays 90+% less than targeted advertising

I don't think that such a large difference is rational. "Untargeted" advertising can still be based on the content being viewed, just not on surveilling the viewer.

> If they lose money by serving a user content because they denied targeted advertising, they should be able to deny them service or have them pay up.

As I understand it the opinion does not categorically rule this out

> Controllers should ensure that the fee is not such as to inhibit data subjects from making a genuine choice

That is why NOYB also focuses[0] on the fact the the fee is disproportionate:

> The current average revenue for programmatic advertising in the EU is € [1.41] per user - across all websites per month [...] visiting the top 100 websites can already cost more than € [1500] per year if you do not consent to tracking

---

[0] https://noyb.eu/en/statement-edpb-pay-or-okay-opinion, https://weis2019.econinfosec.org/wp-content/uploads/sites/6/...

Some are saying "of course sites are still tracking you in incognito!", but is is unclear to me what they mean by this. I see the following interpretations:

1. Sites can still use local storage so they can track you for the duration of your incognito session, but they cannot connect this tracking to your regular session or other incognito sessions as incognito sessions start with empty local storage and discard it at the end of the session.

2. Sites do not rely on local storage, instead using fingerprinting via a combination of IP, HTTP headers, information they can query via JS, etc., so incognito has no effect on sites' ability to track you.

3. Google has special privileges in Chrome to track you when you are incognito.

In the EU you would have to reduce your welfare state to that level for your own citizens as well. The ECJ says[0]:

> It follows that the level of social security benefits paid to refugees by the Member State which granted that status, whether temporary or permanent, must be the same as that offered to nationals of that Member State

[0] https://curia.europa.eu/juris/document/document.jsf?text=&do...

What I AM sensitive to however, is temporal instability - it just draws my attention and hurts immersion. Here DLSS makes a huge difference, as shown here[0].

Therefore it is sad that Bethesda chose[1] to deliver worse than possible image quality for 80%+ of their PC customers[2].

----

[0] https://youtu.be/ciOFwUBTs5s?feature=shared&t=336

[1] https://news.ycombinator.com/item?id=37452149

[2] https://archive.ph/mqPLK, nvidia has 75% market share here, but you have to look at the higher end parts only and exclude Intel as Starfield does not run at all on their GPUs[3]

[3] https://in.ign.com/starfield/193351/news/starfield-intel-fin...

There are so many powerful interests that stand to gain from preventing e.g. ad-blocking and content capture. Thanks to Windows 11 requiring TPM, it is just a matter of time until hardware support for remote attestation is ubiquitous even on desktop computers.

Meanwhile, our (including myself) attention is (perhaps justifiably to some extent) on the latest news about $EXISTENTIAL_THREAT and how $THE_OTHER_SIDE did $EVIL_THING fed to us by the algorithm. Organizations that used to effectively fight threats to freedom like this (FSF, pirate parties, CCC, EFF, etc) have lost a lot of their support/influence and clarity of purpose over the last decade.

We could fork it and remove the interface or switch to ULID[1] instead.

[0] https://github.com/stephenc/eaio-uuid/blob/master/src/main/j...

[1] https://github.com/ulid/spec

This is not true for many applications. Due to the removal of many APIs from the JDK with Java 9, I needed the following dependency artifactIds to be able to move a JEE application with SOAP web services to Java 11: jaxb-api, jaxb-core, jaxb-runtime, istack-commons-runtime, jboss-jaxws-api_2.2_spec, glassfish-corba-omgapi, jboss-annotations-api_1.2_spec, activation, jboss-saaj-api_1.3_spec, saaj-impl, stax-ex, jsr181-api, txw2.

Many of these spec API/implementations are provided by different artifacts that are incompatible with each other. Some I only discovered when something failed at runtime as they perform implementation lookups and you don't get compile errors.

Additionally, many of the Maven plugins we used no longer worked and our application server failed to start.

Can you please expand on what you verify via remote attestation and against which attack vectors this protects you?

Does this protect you against the usual attack vectors of your employees logging in on phishing sites, downloading malware, running office macros etc? Stealing your data usually does not need any root/kernel access.

We hoped it would be fast enough that we can just wait for the confirmation before committing the transaction.

The official documentation says

> This means that under a constant load, latency for basic.ack can reach a few hundred milliseconds

I never did statistics, just looked at the log. IIRC most were acceptable but > 3s occurred frequently enough (and we even had instances of messages never being confirmed, IIRC) that we abandoned that plan.

We considered using Debezium[0], but decided on the current solution as it could be solved entirely with the current services and infrastructure whereas Debezium would have required us to deploy (writing this from memory so this might be inaccurate/incomplete) Kafka, Zookeeper, and a connector service.

[0] https://debezium.io/

We found out the hard way that RMQ does not behave like a transactional DB. Just because publishing worked does not mean the message will be delivered.

Our solution is to also write the message into an outbox table in the DB. We then publish the message using confirms[0]. RMQ asynchronously sends us a confirmation when it has really persisted the message. We then delete the outbox entry. If we do not receive the confirmation in time, a timer will re-publish the message.

Therefore I disagree with the suggestion of using a library wrapping the native RMQ one. We are using spring-amqp and this made it harder to understand what is going on. In the end, for a large project you will have to understand nuances of RMQ (and other infrastructure you are using). Using a leaky abstraction over it means you now have to understand both the underlying product and the abstraction.

[0] https://www.rabbitmq.com/confirms.html#publisher-confirms

Congress could pass laws saying that the EPA can regulate greenhouse gas emissions, that states cannot forbid abortions, etc.

If you think that these rulings are not plausible interpretations of the law, Congress can even define the size of the court[0]. They could pack the court with judges who will interpret the law in their favor.

It is my understanding that the Democratic Party that holds the majority in both chambers claims to be in favor of these policies, so why aren't they taking action?

[0] https://en.wikipedia.org/wiki/Judiciary_Act_of_1869

At some point, even ISPs might require remote attestation to allow you to connect your device to the internet. The IETF is already working on standards for the attestation of network devices[0][1].

I speculate that there will temporarily (perhaps similarly to iOS jailbreaking, which is not available at this time for the newest devices/iOS version[2]) be exploits allowing you fool the attestation by e.g. redirecting it to another device as the author suggests, but the end effect will be that vast majority of people will be effectively confined to a walled garden and even determined hobbyists will only be able to use their general computation capable devices to access all content (or even connect them to the internet) some of the time.

[0] https://archive.fo/uQULm

[1] https://datatracker.ietf.org/doc/draft-ietf-rats-tpm-based-n...

[2] https://en.wikipedia.org/w/index.php?title=IOS_jailbreaking&...

They've been doing a poor job of communicating. Considering the attention this issue is getting, they should have a prominent notice on their project page[0] about it like the one Logback[1] has telling people that they are not affected.

Furthermore, even their post about the issue[2] still fails to clarify many details like

* are people using newer JDK versions safe, like one commenter in this very thread assumed[3] ?

* does it only affect the format string and not parameters as many [falsely] claimed when the news started making the rounds ?

* what should people trying to block exploitation on a firewall level look for ?

> for a feature we all dislike yet needed to keep due to backward compatibility concerns.

They have not recognized the security risk posed by what is effectively an expression language interacting with user-submitted data. Java projects used in server-side templating like OGNL, JSP and JSF implementations, Spring keep having security vulnerabilities with this even after 20+ years. It is an effectively impossible task to get this 100% secure.

The ridicule Log4j is getting serves a purpose beyond fun: it lets people know that the project's maintainers are not up to the task and another logging library should be used instead, as there might be more issue still undiscovered or added in the future.

[0] https://archive.ph/ZhjWO

[1] https://archive.fo/QkzIy

[2] https://archive.fo/NvjKP

[3] https://archive.fo/5cNtw

[0] https://archive.md/YERoT

[1] https://archive.ph/R6agn

[2] https://archive.ph/3zrn0