chameleon

Even with the current thumbs up/down people get it wrong. Give it a thumbs up but write a scathing review.

I’ve done that and it’s a result of not having more options than good/bad. Always the same cause: I really wanted to write a 3* review for a game that has a lot to praise but its core is fundamentally flawed, but Steam doesn’t let me give a 3*, so I try to correct for the review score bracket I think the game should be in.

For the benefit of people that can’t watch this horrible video:

This is really about them being able to change the already extremely vague terms of service and you having no recourse other than voiding your purchase if you don’t like it. There is some focus on a gun thing early on, but it’s just an example where they flip-flopped multiple times over the years based on vague wording in the ToS that was changed after the fact. Commercial modded server owners were the main ones that had to make changes because of that rule, often taking guns away from players that had them, but it’s generally enforced very inconsistently.

But the main thing they’re focusing on in the lawsuit is the mass deletion of legitimately bought Minecraft copies when they stopped Mojang account migration in 2023 (everyone that didn’t migrate then no longer owns Minecraft according to Microsoft; no refunds). That, too, was effectively a one-sided ToS change. And to make matters worse, the old ToS had an explicit clause that you could keep playing the game in singleplayer even without agreeing to any new ToS.

This lawsuit is being done in Sweden. I don’t know if this kind of ToS/contract validity has actually been tested there before.

I think this is the first time I ever watched a video at 0.5 speed. “this was done due to retention purposes for the video to maximize spread potential”. Yeeeaaaah. No. Checked reddit, it’s downvoted to the negatives over form. Checked a different place that would be all over this, entire topic is discussing the form and there’s not one mention of what it’s about because nobody got that far. The exact kind of person that might take time out of their day to join a class action is not going to watch this garbage. I think it’s good to have this tested, but I straight up don’t trust this guy. Supposedly maximizing views while getting zero information through to anyone is not going to help the cause.

They already implement instant bank payments in a lot of countries where there’s a reasonable consumer-to-business solution for it. I know at least Sofort/iDEAL/Bancontact are supported just fine in their respective countries.

All true, wanted to add on to this:

Note that smart peeps say that the docker socket is not safe as read-only.

That’s true, and it’s not just something mildly imperfect, read-only straight up does nothing. For connecting to a socket, Linux ignores read-only mount state and only checks write permission on the socket itself. Read-only would only make it impossible to make a new socket there. Once you do have a connection, that connection can write anything it wants to it. Traefik and other “read-only” uses still have to send GET queries for the data they need, so that’s happening for legitimate use cases too.

If you really need a “GET-only” Docker socket, it has to be done with some other kind of mechanism, and frankly the options aren’t very good. Docker has authorization plugins that seem like too much of a headache to set up, and proxies don’t seem very good to me either.

Or TLDR: :ro or stripping off permission bits doesn’t do anything aside from potentially break all uses for the socket. If it can connect at all, it’s root-equivalent or has all privileges of your rootless user, unless you took other steps. That might or might not be a massive problem for your setup, but it is something you should know when doing it.

Yep. It would be incredibly bad if they did automatic bans for any key they don’t recognize, but it’s technically possible.

Edit: from what I’m reading it apparently just refuses to let you in with unrecognized/non-MS keys. Yeah that makes a lot more sense.

You can, but most everything that would let you run your own boot-time code is supposed to end up in the TPM event log, which the TPM is happy to attest to with its unique/uniquely bannable attestation key. Not too difficult to set it up so that no attestation = no access.

This type of attestation is far from perfect for a lot of different reasons, and it would be really impractical to automate bans with it, but I guess it’s a tool they see value in.

Another World/Out of This World. Short game, but also a 1991 game made by one dev and one composer in two years, and artistically it still holds up fairly well even today.