Reminds me of Telegram that forces you to pay premium to login to a new device depending on the country. Login, not registration. This is all due to the cost of SMSes of course.
You can bypass this if you have a passkey, but phone and password isn't enough. No idea why they opted to do that, it's not like passkeys are indicative of any device binding.
The obsidian vault is to already have the chosen plugin pre-selected and is part of the social engineering effort, that's not the main problem.
The issue is that this could happen to anyone who just searches the malicious plugin's name and installs it. Worse if it's a popular one that gets compromised.
The pop-ups and "social engineering" in question are things that any users in HN likely already accepted, which is to enable community plugins.
These community plugins are the backbone of Obsidian and where a lot of the meat is behind its fame come from.
There's no protections beyond that, community plugins can do whatever they want. Thankfully, the vast majority of them are open-source.
As someone who doesn't use shared vaults - would the warning popup, 'to enable the "Installed community plugins" synchronization feature', not be on a per shared vault basis? Is trusting a single shared vault for plugin sync going to mean I sync my plugins for every shared vault?
IMO that's an issue in and of itself, but it doesn't read that way in the (very unclear) original article.
PSD2 is merely a framework for an uniform access to banking, same APIs everywhere. While you can send money through it, it's still through the same means as normal.
Many of the european countries have their own "Pix", but there's no European-wide alternative. The ECB wants to make one (tentatively titled "digital euro"), but it's going to take a long time to come out.
Yes but this is merely an abstraction of SEPA Instant transfers to not have to write an IBAN when sending money.
The issue to solve is payments, Portugal for instance has its Multibanco payment scheme, but it's only used in Portugal.
I assume eventually it'll be cobranded with Wero like it happened to Netherlands' iDEAL and eventually fully replaced.
>Third, employees that can leverage AI to be more productive are more valuable than before. Why would an employer want to get rid of somebody that is now delivering more?
Here's a charitable take, assuming there's no messed up internal politics in a company going on: Because not everyone at a company is working at the same speed.
If you have developers who are now sitting around doing almost nothing because the stakeholders and product teams aren't using AI yet, then you have a bottleneck. Even before LLMs, if you had an excess of developers to the speed the teams they depend on deliver, you'd lay them off all the same.
There's two ways to go about this: The company either lays off engineers and delivers at the same speed as it did before, trading personnel cost for tokens (Showing it's a company that doesn't want to grow or is currently unable to), or alternatively the company keeps things as is and forces the rest of the departments to grow with the new added velocity from the engineering teams.
Wonder what will be the consequences of this. I dislike Denuvo for the performance and stability penalties it gives games, but I do wonder if the "security" it gave publishers wasn't a big part of the reason why we've been getting more and more big name games on PC.
This isn't about being right or wrong but about what the publishers will do when they see their games are again getting cracked day one, and if it'll be a catalyst to again return to getting either less PC releases or at least delayed releases compared to consoles.
Denuvo’s market is ‘first 90 days’ revenue protection, not lifelong revenue protection. Lots of games using their crap remove it after a few months to shut down the flood of support issues the DRM causes. If only Microsoft hadn’t fucked up so badly with Windows 11 requiring an account, they’d have a way to stop using it altogether.
>Lots of games using their crap remove it after a few months to shut down the flood of support issues the DRM causes.
No, the overwhelming majority of denuvo games released after ~2020 (when they changed there licensing model to SaaS) have it removed after 2-4 years not because of user complaints but because of licensing costs, contracts and compliance.
If anything with many games it is very clear that the developer/publisher do not care for the user, since even when the DRM gets broken and has lost its purposes, many still refuse to remove it and give paying customers the same better non DRM experience as pirates.
>If only Microsoft hadn’t fucked up so badly with Windows 11 requiring an account
This is not true at all as evidenced by the fact that most games do not get Denuvo removed once they are cracked. And the companies that DO remove denuvo only do so after several years because of licensing costs as denuvo transitioned to a SaaS model.
I feel like the "first 90 days" is just because games no longer include a demo, so they force players to commit to a purchase before a wide consensus forms. A lot of people pirate simply to try the game out. Most people who can afford the game would then purchase the game if it were good.
I have not read a study on this but I suspect the percentage of people who would buy a genuine copy of a game they already have pirated would be something like 3-5%
Untrue, where are all the after-90-days-hacked AAA games? Nowhere, denuvo lives on as long as publisher is willing to pay continuous licence, which is usually years.
And users complaining because denuvo messes up their Windows, sometimes games don't run and so on? Just cost of doing business, as long as enough people buy it who cares.
I honestly doubt it will make much of a difference.
A good percentage of people who would download the cracked games would not have bought those anyway. And with Steam being so convenient it's hard to decide to go for a cracked copy of dubious origin that might install god knows what into your machine.
Run anti-cheat server-side. Give us private servers again. There's no reason we should have to put up with client-side rootkits written by non-kernel-devs to play a game.
Cheating is a social issue, not a technical one. Communities are the solution.
Private servers are a nice way to do this and do still exist in places. My favorite online game uses them along with server side anti-cheat and while cheating occasionally happens, it has never been an ongoing issue. I've maybe seen a cheater once or twice in all my many hours playing the game over 10 years (elite dangerous, in case you were curious).
Community servers don't want server-side anti-cheat either. Hell they invented client-side anti-cheats back in the day. Even current day community servers like Face-IT have additional anti-cheats, not less. Same with modded GTAV FiveM (even before the main game added anti-cheats)
It's not possible, technically, to run effective anti-cheat server-side. Clients need precise enemy location data for things like sound effects. The server can't tell if the client is using the data for unfair purposes or not.
One has experience writing secure, stable code for drivers, memory management, etc that is subject to broad review by other experienced devs. The other is looking at those things adversarially and pushes out whatever they think is good enough. Crowdstrike served as a useful reminder for who should be allowed in kernel space, and video game anti-cheat has far less justification to be there.
This. There are a lot of online games I loved playing but the cheating got so bad it made it impossible to play. MW1, MW2, Battlefield, CS, etc... you could see the wallhacks and aimbots taking over every lobby. I eventually stopped playing. I tried using Consoles for online gaming after that but never really got into using joysticks.... still prefer mouse and keyboard. Now I play limited games where the cheating isn't quite that rampant.
Im not a big gamer, but playing GTA Online, and getting taken out as soon as you spawn. Or items just spawning in front of you, like ramps. REALLY ruins the experience
It's a problem. Seniors with AI perform far better because they have the skills and experience to properly review the LLM's plans and outputs.
Juniors don't have that skillset yet, but they're being pushed to use AI because their peers are using it. Where do you draw the line?
What will happen when the current senior developers start retiring? What will happen when a new technology shows up that LLMs don't have human-written code to be trained on? Will pure LLM reasoning and generated agent skills be enough to bridge the gap?
It's all very interesting questions about the future of the development process.
Indeed, great (though scary) questions to ponder. There are two possibilities I see:
1. AI gets better enough fast enough that by the time the senior people are retiring, it won't matter anyway
2. Software becomes mostly unreadable and nobody really understands how it works, but the AI is good enough that this is ok
Both are hard for me to imagine right now, but if you'd asked me five years ago if AI would ever be good enough to commit to my codebase, I would have said, "I really doubt it". Yet here we are, AI code is sometimes better than handwritten code (depending on the person of course).
Would love to hear others thoughts on these as well.
They keep enshittifying the experience for those not using iCloud Mail. They just removed the feature to use alternate email aliases on non-iCloud accounts on iOS 26.
You can bypass this if you have a passkey, but phone and password isn't enough. No idea why they opted to do that, it's not like passkeys are indicative of any device binding.
reply