Epic Anti-Cheat fully supports Linux[1]. I believe what the GP comment means is that the Fortnite publishers opted not to tick the “allow Linux” checkbox on the developer portal website.
There is probably more nuance behind that decision than I’m giving them credit for, but from a technical standpoint it’s just a checkbox.
In full agreement. The problem for GP was never supposed to be highlighting a technical limitation, just the continued problem existing with that nonetheless.
Without knowing anything about Tor, I'd guess you've got it backwards. I imagine Tor leaks your OS through TCP/IP fingerprinting, and whether that fingerprint matches your `navigator.platform` is probably a factor into whether e.g. Cloudflare hellbans you.
Then again, I'd also assume Cloudflare just de facto hellbans all Tor exit node IPs, so...
If you're given a button to click, your browser has successfully passed the environment integrity checks and you have not been flagged as a bot.
You'll be flagged as a bot if your browser configuration has something "weird" (e.g. webrtc is disabled to reduce your attack surface) and you will be completely unable to access any site behind cloudflare with the anti-bot options turned on. You'll get an infinite redirect loop, not a button to click.
Note that Google's version of this was determined to be checking whether you had a 9-day-old tracking cookie.
The researcher who discovered this was able to generate 60,000 "I am not a bot" cookies per day, and use them up about 15 times each in a bot before it started getting captchas.
That's probably what it was. So they accessed some page over and over, pretending to not have the cookie yet, got a bunch of cookies, and 9 days later, used them to bypass captchas.
It is a lot more likely for some random admin to inappropriately change a single boolean config setting as root, than for them to replace an entire software package which (by design) doesn't have code for a certain feature with one that does.
Less than skips over, utility based shopping is explicitly derided:
> The narrative that you just told me [about utility shopping] is “I am a very analytical person who only has book smarts and no emotions”. And that narrative is boring!
It’s a classic example of the either/or fallacy. You either buy for status or you’re an emotionless robot min/maxing through life. As if that’s a problem when you’re buying a tool like a light truck or minivan.
The piece just reminds me of stuff I would have said as a teenager, before I had life experience and opinions about how I wanted to live.
This is briefly mentioned in the article, but from the report[1]:
> It should be noted that the scope of the code reviewed within this audit is relatively narrow. In particular, while we audited cURL’s use of the third-party libraries ngtcp2, nghttp3, quiche, and msh3 to implement HTTP/3 functionality, we did not investigate the internals of those libraries—which is where the majority of the low-level parsing and data transformation necessitated by the HTTP/3 protocol occurs.
the report goes on to concede
> [we] did not observe any coverage of the nghttp3 library code. We suspect that, as the HTTP/3 protocol itself is significantly intertwined with TLS, the encryption makes it hard for a fuzzer to progress to the point where data can be decoded and parsed meaningfully.
> Because of curl’s use of third party libraries for doing QUIC and HTTP/3, the report advises that there should be follow-up audits of the involved libraries. Fair proposal, but that is of course something that is beyond what we as a project can do.
Indeed, the next thing would be for the third-party libraries to go through a similar audit!
Given the exploit vector looks like yet another iMessage attachment bug,
> The target iOS device receives a message via the iMessage service, with an attachment containing an exploit.
and that one of the effects of Lockdown Mode is
> Messages - Most message attachment types are blocked, other than certain images, video, and audio. Some features, such as links and link previews, are unavailable.
It might be prevented. Pretty sure disabling iMessage altogether sidesteps this class of bugs too. I've lost track of how many times iMessage has been the root cause of "unattended iOS RCE," at this point it's almost user negligence to have left on.
I was surprised that the article didn't mention Lockdown Mode considering the likely overlap in features. It's even possible that Lockdown Mode was developed (at least in part) to defeat these types of exploits, given the timeline.
Apple has chosen that it is more important to exploit in-group bias with bubble colors than phone security.
I joke, but I can't tell you how annoying iMessage has been. Its so bad with non-iphones, we basically switch to email or teams when doing group communication.
I don't think this is possible, but I too wish it were. I hate the fact that you can't copy a link from Messages without it opening a preview. That means if you've been forwarded a link with trackers, it's impossible to remove the tracking bits before opening. Not good!
When you long-press a link, there's a button at the top right corner that says "Hide preview". If you press it, previews will stop opening automatically everywhere.
MS also banned me from playing Halo Infinite after a few days due to "Fraud (please insert phone number)" even though I'd done absolutely nothing suspicious --just played the game. So, naturally I deleted it and haven't looked back.
There is probably more nuance behind that decision than I’m giving them credit for, but from a technical standpoint it’s just a checkbox.
[1] https://dev.epicgames.com/docs/game-services/anti-cheat/usin...