strstr's comments

Popular blogger from roughly a decade ago. His rants were frequently cited early in my career. I think he’s fallen off in popularity substantially since.

This is more of a typing game than anything else. It rejected “blackcapped chickadee” (wanted black-capped chickadee). Frankly that felt a bit tedious on a phone. Had to scrub through to correct and lost.

My suspicion is that the bot was a fairly standard chess bot, but the difficulties were set based on computation time. As airplane computers got better, it turned into a beast.

As a result, if you tried this on older planes, it might have been “easier”

For my personal usage of ai-studio, I had to use autohotkey to record and replay my mouse deleting my old chats. I thought about cooking up a browser extension, but never got around to it.

How much are my eyeballs worth over the lifetime of a TV?

In the race to the bottom, ads will outcompete others by pushing price lower. But how much lower?

Legitimately, they are often too hard. Balancing the problems is quite challenging.

On top of that, the solutions often make the problems seem much intimidating than they are (not that they are easy). Most solutions involve a lot of “happenstance”, where someone tried something and it got an outcome that was useful, which they build on top of. This makes the solutions look crazy complicated (“how would i have ever thought of this!?”), when in reality they are Rube Goldberg machines built out of duct tape and baling wire.

I’ve only solved a few Google CTF problems, and one of them was the one I wrote, lol. That was nearly a decade ago though.

Fair enough! Just happens to be the one of two I need to read

Source for the ASP firmware is at https://github.com/amd/AMD-ASPFW.

It has a number of gaps, but it is mostly there. It doesn't build, it doesn't have source for some of the service calls iirc (SVC_.*), and the AGESA source isn't open (though a replacement is in progress, openSIL).

In practice, it’s essentially infeasible to make a non-detectable virtualization stack. Timing is really really hard to match (as is everything else). You can edit the binary that’s doing the detection, but this is time consuming. Every new feature they push costs you time and will poison your hardware id.

You can go further by, say, requiring fTPMs that are on the SoC (super common these days for most recent consumer CPUs). If you can’t boot into linux without the PCRs reflecting your virtualization stack being in the boot chain, you’re cheat is quite detectable.

That’s not intended to be possible for any reasonable TPM with a trustworthy ekcert.

Allegedly some of the anticheats are configuring the IOMMU through Windows APIs (vanguard, faceit, and a smattering of chinese anticheats). It’s hard to find good public information though. They do some mix of blocking access and deliberately leaving some pages as bait (and monitoring iommu d-bits/faults)

Cheating will slowly look more and more like trying to hack your own machine.

Secure Boot+TPM combined with decent firmware will make cheating a lot harder. If the firmware ensures random devices don’t get BME set before the IOMMU is properly, attestably, configured, you are basically now stuck looking for bugs in the TPM and UEFI if you want to shove yourself beneath the OS unnoticed. These are full of bugs, so that will work for a while, until it doesn’t.

Popping windows will probably work for some time, but HVCI will make this a pain once ubiquitously required.

And you have to do all of this while also not being detected for aberrant behavior. Eventually, the analog hole might end up being easier, lol.

“ Default disclosure for this issue is 11 August. Opening this issue just five days early for visibility this particular week. :)”

Hello Defcon!

With the default key hierarchies, the benefit is more limited. It raises the bar. Implementing known vulnerabilities takes work. And not ever configuration is vulnerable to every issue. And, for a lot of the vulns, the OS vendor shoves things in the dbx to mitigate.

With custom hierarchies, it's a bit more compelling. But it's a lot of work to maintain.

Tried cheating with Gemini 2.5 pro, and I became even more suspicious to the AIs than the stuff I cooked up by hand.

Most of my actual success relied on mentioning a desire to train an even larger model.

The most interesting toy economy I’ve seen has been d2jsp and its “forum gold”. Forum gold is primarily used as a fiat currency for diablo 2 trading. It’s a janky digital currency on a janky forum from like 20ish years ago, that’s still alive today. You can technically buy the currency from the forum, but in practice few do that. Most people just trade items to bootstrap.

Having futzed with bartering in diablo (and non-fiat trading denominated in items of stable value), I quickly came to appreciate fiat currency. Being able to combine two “half trades” into an equivalent barter exchange is vastly easier.

At one point I was able to trade some of the forum gold I accumulated from diablo 2 for a “perfect IV foreign Ditto” for shiny pokemon breeding.

Had the same experience. Took the janky decompilation from ghidra, and it was able to name parameters and functions. Even figured out the game based on a single name in a string. Based in my read of the labeled decompilation, it seemed largely correct. And definitely a lot faster than me.

Even if I weren’t to rely on it 100% it was definitely a great draft pass over the functions.

Ooof, it failed my "Wheel of Potential" bug finding question, and got aggressive about asserting it was correct.

It's a lot better at my standard benchmark "Magic: The Gathering" rules puzzles. Gets the answers right (both the outcome and rationale).