Every article tag can be clicked to get a list of all articles in that category. Every article tag also has an RSS feed! You can customize an RSS feed too!
Latest Comments by denyasis
Check out your 2023 Year In Review on Steam
20 December 2023 at 10:47 pm UTC Likes: 3

It said 12 games for me, but when I looked at the list, it was really more like 6, lol. The rest were mostly me making sure the system worked or maybe staring at the menu wondering if it was really worth it, lol.

GOG Winter Sale live - grab a free copy of Legend of Keepers
15 December 2023 at 10:17 pm UTC

I'm kinda curious about horizon zero dawn. Might have to check that out!

Steam Deck (LCD), reviewed by a portables enthusiast
12 November 2023 at 12:52 pm UTC Likes: 2

Quoting: fabertaweExcellent review I really should use mine more!

Took the words out of my mouth! That was a great read!!

Valve locking down publishing Steam builds with SMS codes due to Malware
12 October 2023 at 7:03 pm UTC Likes: 2

Quoting: BlackBloodRum
Quoting: denyasis
Quoting: Nateman1000
Quoting: BlackBloodRum
Quoting: Purple Library Guy
Quoting: BlackBloodRumWhy is the game blurred? This developer should put their hands up and admit they failed basic computer security.
You mean . . . they're running Windows?!
That could well be true! Imagine having to use Windows every day though? The agony, the anger, the frustration, the distractions and to top it all off, you upload an infected game.
Many think windows disease is incurable but it is very curable. So make sure to get a Linux or BSD distribution for your computer and cure this disease

This is probably ignorance in my part, but how is security better with Linux in this situation? We're (mostly) running these programs wide open out of the home drive (maybe some ppl are using flatpack or snap, but even then that's not a default requirement on most distro and people still poke holes in those sandboxes regularly). No, it can't infect "the system", but since we're executing programs out of /home, isn't that good enough? The malware is still running under the users permissions, it can still execute in /home, read data, access the network, etc.

Maybe I'm missing something fundamental with Linux security, but it seems once I log in anything within the user space can run under my permissions, malware or not? Especially if it's malware hidden in a program/game that I intentionally started?

I've used Linux a very long time, but I'm self taught.... Security is one of those Linux areas that's always been complex for me to grasp in a meaningful way.

For a typical desktop system without additional protection whatsoever, the malware may work. But consider this, what is malware trying to do, and where is it looking?

It's almost certain it'll look for typical Windows locations, which would be those provided by Proton (Wine). In the case of a Steam game running via proton for example, that means if it will find steamapps/compatdata/(gameid)/pfx/drive_c/* by default. The good news is, unlike regular wine, proton doesn't link users/steamuser/Documents to your real documents location.

So it's possible the malware will simply do nothing of harm to a Linux machine.

However, that doesn't mean you can simply forget and dismiss it! It is possible the malware has been trained to handle Linux, in which case it will try to get access to your home directory. Worst case here is your home directory gets hosed, and data which your user has permission to modify is altered, which is fairly minor.

You can prevent this situation in a couple of ways, you could prevent that access to those files using AppArmor or SELinux, you could combine that with, or use only flatpak with a proper configuration by modifying the permissions to revoke "All User/System/anything Files". It simply doesn't need it, along with disabling access to xdg-music, xdg-pictures. Steam only needs to access the locations that it is instructed to download games to (Your library), so you can specify only that directory as read/write and block everything else. It shouldn't need other directories, but if it does and doesn't need to write to them, then set it to read-only.

This advice applies to basically all flatpak apps. Only give minimal permissions. For example with Bottles, you might download your GOG games to a home directory folder like ~/Games, well bottles doesn't need to write to those GOG installers. So it can be safely set to read-only for bottles.

Oh, and the big one: Keep things updated with the latest security patches.

These are simple security measures, but it should be more than enough to prevent windows-based malware from escaping its wine prefix.

It might not however, stop a specifically targeted to you attack. A key thing to remember, security isn't something you can just say "must be like this" for. Different environments have different threat models.

Know your threat model, and adjust your security as necessary.

Thanks for the info. Might I tee you up another question(s)? Hope is not too silly. For the nearly 2 decades I've toyes with Linux the mantra has always been "ppl won't target Linux because it's too small so malware won't work!

Now, I truly mean no offense, but the beginning of your post reminds me of that. Why would it just look for Windows directory? Why not just go up a level or two or simply run from the directory it's currently in?

For the sake of argument here, let's presume a Linux build of a Steam game was infected... Why would we presume it would look for Windows stuff? It's already running attached to a Linux script or executable in Linux environment, right?

I see your point about Proton and Wine making things more difficult, but I do have a question about that. I know they still seem to keep Z: as the rest of the file system outside the prefix. Why would a Windows malware not look for other drives? You're right, it depends on what it's trying to do, but I can say my limited workplace experience is all in Microsoft shops and they all use network drives heavily. I'd expect a ransomware or something similar to look for stuff outside C: right away, right?

Last last question.... Even with everything sandboxed, a malware (say some sort of DDos bot), could just sit in the sandbox and do it's thing? We'd still need an antivirus or someway to detect it being there, right?

Thanks for answering my questions and having the patience to deal with stupid questions!!

Welcome to opposite land where Microsoft has a Linux install tutorial
12 October 2023 at 6:28 pm UTC Likes: 1

Interesting article!
It makes sense to support Linux. The maturity and adoption of Linux is large enough that any investment into it gets you more back than you put in. It makes good economic sense. Just look at all the other companies that have done the same thing (IBM, Intel, AMD, Valve, etc).

I do hope more adoption and migration continues. It would be nice to see more user programs make thier way over (looking at you, office)

Quoting: g000h- Pushing customers towards subscription software agreements, rather than permanent licenses.

I really don't like subscriptions, I think they are silly.... But I don't think it's fair to claim that's an "evil" that belongs just to Microsoft when that's literally the business model for almost every Linux OS company (support subscriptions).

Even then, of the subscriptions, I do like IBM's/Red Hat's version "you can still use the software if you cancel, you just can't upgrade it". I think you are also prohibited from connecting to cloud services in IBM's case as well, but I'm a little fuzzy there.

Valve locking down publishing Steam builds with SMS codes due to Malware
12 October 2023 at 6:02 pm UTC Likes: 4

Quoting: Nateman1000
Quoting: BlackBloodRum
Quoting: Purple Library Guy
Quoting: BlackBloodRumWhy is the game blurred? This developer should put their hands up and admit they failed basic computer security.
You mean . . . they're running Windows?!
That could well be true! Imagine having to use Windows every day though? The agony, the anger, the frustration, the distractions and to top it all off, you upload an infected game.
Many think windows disease is incurable but it is very curable. So make sure to get a Linux or BSD distribution for your computer and cure this disease

This is probably ignorance in my part, but how is security better with Linux in this situation? We're (mostly) running these programs wide open out of the home drive (maybe some ppl are using flatpack or snap, but even then that's not a default requirement on most distro and people still poke holes in those sandboxes regularly). No, it can't infect "the system", but since we're executing programs out of /home, isn't that good enough? The malware is still running under the users permissions, it can still execute in /home, read data, access the network, etc.

Maybe I'm missing something fundamental with Linux security, but it seems once I log in anything within the user space can run under my permissions, malware or not? Especially if it's malware hidden in a program/game that I intentionally started?

I've used Linux a very long time, but I'm self taught.... Security is one of those Linux areas that's always been complex for me to grasp in a meaningful way.

Intel announce and launched the Arc A580 GPU
11 October 2023 at 3:47 pm UTC

Won't lie.... I Like the idea of Intel GPU's, and the 770 looks interesting as a replacement for my Nvidia 1070Ti... I think I'm just hesitant because they are so new...

Def keeping an eye on them though. I want this to be successful!!

After over 80 weeks the Steam Deck leaves the top 10 global sellers on Steam
10 October 2023 at 7:18 pm UTC Likes: 1

Quoting: Liam Dawe
Quoting: Guest
Quoting: VardamirIf the top sellers list is by revenue, how come that Counter Strike 2 is number 1?
probably microtransactions volume. especially considering players trading cs2 items on steam's marketplace, and valve also takes around 10% cut from each transaction.
Yeah it’s from micro and prime status upgrades. Revenue counts everything for a game.

Never thought of it that way. Thanks for the explanation! I've not played any games like this, so this might be a stupid question, but does that mean Valve requires all micro transactions to go through Steam or can a dev run it in their own, independent, platform?

I'm assuming, if the latter is allowed, there could be sin gaps in the data??

Proton 8.0-4 brings more game support to Steam Deck and desktop Linux
6 October 2023 at 9:51 pm UTC Likes: 1

Quoting: benstor214
Quoting: denyasisIf you're taking that much from a dev that did 100% of the work making a game as a cost for a sales platform, you better be doing something much more that processing credit card payments and running an E-stote.
The 30%-cut was established for decades, including the storefronts on consoles. It's only after Tim Sweeney started pushing this false narrative of 30 percent being 'too much', that the cut gets this undeserved scrutiny.

You know very well the 30% cut is not for Proton - Proton is an extra. Or did I miss Microsoft and Sony developing compatibilty layers for various operating systems???

Quoting: rustybroomhandleI am sure you know this and just making bad faith arguments to be edgy.
Yeah...

Correct. However, times change as do consumers expectations. Glance through almost any news article on this site about GOG or Epic and you'll see plenty of complaints about how the stores don't support Linux and that we, as a community, will prefer Steam because we demand/expect better support. We simply expect more: Cloud saves, steam input, achievements etc, and I would argue, for Valve, Proton as well. They have raised the bar. And yes... That is funded through their revenue from sales.

Or to flip it around. Imagine if Valve got rid of Proton? How many people would be thoroughly upset, especially given the reliance (and success) of the Steam Deck on it? Proton isn't an extra anymore, it's a committed part of their business practice. I'm glad to have it and, as a customer, I expect it to continue to get that support.

Proton 8.0-4 brings more game support to Steam Deck and desktop Linux
6 October 2023 at 4:25 pm UTC Likes: 2

Quoting: rustybroomhandle
Quoting: denyasisIf you're taking that much from a dev that did 100% of the work making a game as a cost for a sales platform, you better be doing something much more that processing credit card payments and running an E-stote

They are doing a lot more than "processing credit card payments and running an E-stote" and I am sure you know this and just making bad faith arguments to be edgy.

No, I'm not.... Please read my second paragraph where I mention the other things as a good start and say Valve should keep up the good work... Valve provides a lot more Value-add than other stores that charge the same amount. For the premiums they charge, they should. Not just Valve (which is), but the other stores too (which might not be).

Also, this article and comments are literally about a value add that Valve does, and should be doing. They want as many games to be playable on their platform, or people might go elsewhere. Doing work to fix up the environment (especially with dealing with multiple launchers, which is silly), ensure ppl stay on the platform which ensures revenue. Linux might be small, but an increase of even a precent or two in overall sales to Valve is massive.