Saik0

Does no one care about power consumption?

It takes several SSDs to make up the capacity difference between an HDD.

I run 62 16TB HDDs. To make up the same capacity in SSDs I need 2-4x the bays. I don’t know of any cheap systems that can hold ~250 bays of ssds.

So an SSD that may only take 1-3w all day… 2-4x that is already equal to the HDD regardless. You’re not going to make any ROI metric here.

Stopping processes is actually a user space action.

Now you backpedal and say

Pretty much all code is making requests to the kernel.

But I don’t know what I’m talking about? Sure. We’ll go with that if it makes you feel good. I only literally taught it at a post-grad level at an R1 institution, but what do I know.

It’s side stepping the kernel. That’s the whole point.

You’re getting it! Kind of at least. The anti-cheat actually modifies the kernel (in an extension kind of way, like drivers do). That’s the point though. Which seems to have repeatedly whooshed over your head. But I can only say it in so many ways and be ignored. Good luck. Hope I don’t run into your code.

Stopping processes is actually a user space action. You can do it without admin rights btw. Even if it popped the admin screen that’s still not a kernel level action.

Absolutely not. Task management is the job of the operating system/kernel. You can request to end a job/task. The kernel will do it on it’s own time. UAP prompts are attempts to elevate permissions so that you can access higher kernel calls.

https://linux-kernel-labs.github.io/refs/heads/master/lectures/syscalls.html#linux-system-calls-implementation

https://unix.stackexchange.com/questions/111625/how-does-linux-kill-a-process

You can make requests the to the kernel. If you have permission/ownership to the process the kernel will work through the sigterm/sigkill to meet your request. It is not a user space action at all to kill a process, you make requests to the kernel to do it. Hell in linux it’s even more obvious as you can instruct the kernel on HOW you would like to kill the task and even then it may not follow your direction. https://www.man7.org/linux/man-pages/man1/kill.1.html with kill being a kernel tool. If you spawned the process, then you have permission/ownership to the process. But my point in the previous post was that anti-cheats can reach into the system, reading dlls and such that are absolutely NOT user space to begin with, require elevation beyond user space to install.

Yeah that it’s considered malware. I did Google it and there’s nothing saying that.

Seriously? You can’t find anything? You sure about that? Cause I can literally pull up thousands of articles and forum threads by literally typing “is vanguard anti-cheat malware?” or “is easy anti-cheat malware?”

https://forums.malwarebytes.com/topic/288793-easy-anti-cheat-launcher-detection/

Heuristics detect these things for what they are. Anti-virus software have to whitelist them because people choose to play the games anyway.

https://www.techguy.org/threads/is-valorant-vanguard-a-malicious-rootkit-or-not.1267682/

https://www.pcgamer.com/the-controversy-over-riots-vanguard-anti-cheat-software-explained/

The name is appropriate, because Vanguard doesn’t just sniff around for cheats when Valorant is running: It starts up with Windows and keeps an eye on other processes whether or not you’re playing Valorant at the time. […] Vanguard detects software with vulnerabilities which could be exploited by cheat makers, and blocks some of it.

https://www.sp-cy.com/article/is-valorants-anticheat-spyware/

Vanguard cannot be easily fully disabled since after manually quitting the process, a system reboot will be required to be able to open Valorant again.
The EULA prevents any legal recourse against Riot Games.
Valorant/Vanguard sends encrypted data to Riot. Which is Chinese owned by a giant corporation called Tencent.

Let’s attack this question from another perspective. Do you trust a games developer to properly develop kernel code? Most people BARELY trust Microsoft to do it these days. And you can’t review/evaluate it yourself at all. You have no fucking clue what they’re doing and never will. We’ve seen what happens when random companies inject shit into the kernel like crowdstrike did. You think that these anti-cheat softwares are acting in your interest when they’re being implemented and paid by a corporation? How can you look at these anti-cheats that have made backdoors on systems, cause people everywhere unstable kernels/BSODs, send data about your system without permission, interacts with software on your system that isn’t their code, etc… and say they’re not malicious?

Source for what in specific?

That stopping processes is a kernel action? Go ahead. Open powershell and ask it to close some other system process… The UAP prompt (if you’re on windows, linux will just fail silently most of the time unless you sudo or are root) that shows up is the kernel validating that you even have permissions to do that. The kernel handles ALL task scheduling/management. When you close something you’re asking the kernel to do it. The kernel also handles ALL file management and driver management (drivers being extensions of the kernel). So the fact that it can read other active DLLs and such hooked into other processes (say your graphics drivers) is literally proof.

That industry agrees that it’s malware? Depends on which part of industry I suppose. But if it’s able to do all these actions at the kernel level, and attached itself it to other software to install, often doesn’t uninstall when you remove the game it was attached to, AND gets flagged by anti-viruses that don’t have it whitelisted yet… It’s definitionally malware. Go search for “Is <insert anticheat> malware”. Very few people will argue that they’re not.

Hell it’s possible for anti-cheats to write to UEFI if they really wanted to. There’s no legitimate reason for that level of access, 0, none.

They have kernel access… They can control anything since they’re in the kernel. And yes, I’ve seen it.

If you remember back in the late 2000’s early 2010’s there were a boatload of apps that would hook into games to do things like display overlays for chats (Teamspeak for example, overwolf as another.) some kernel anti-cheats would stop those processes from starting up.

But don’t take my word for it.

https://www.pcgamer.com/according-to-experts-on-kernel-level-anticheat-two-things-are-abundantly-clear-1-its-not-perfect-and-2-its-not-going-anywhere/

I’m less worried about developers abusing kernel access, and more concerned with potential vulnerabilities introduced for third-party actors to exploit. Rigney cited two examples: the infamous Extended Copy Protection (XCP) from Sony, which bad actors used to compromise affected systems, as well as a backdoor vulnerability introduced by Street Fighter 5’s kernel level anticheat. In 2022, a ransomware developer also took advantage of Genshin Impact’s kernel level anticheat to disable antivirus processes.

Introduces backdoors to be used by malicious actors.

https://www.pcgamer.com/the-controversy-over-riots-vanguard-anti-cheat-software-explained/

Vanguard detects software with vulnerabilities which could be exploited by cheat makers, and blocks some of it.

Blocks external softwares that it deems “vulnerable”

https://old.reddit.com/r/gaming/comments/xf1cwr/the_insanity_of_eas_anticheat_system_by_a_kernel/

This is far from the first time that boot level firmware or kernel mode code inserted via patches or drivers have been used to install spyware, but every time I see it happen I want to warn users about the consequences, and provide some information about the danger.

Kernel devs beg users to not allow this shit.

Just look it up. All sorts of articles and experts have spoken on it.

Taking kernel level actions to stop processes on YOUR machine is absolutely taking control of the system.

Kernel level anti-cheats meet every requirement. Just because you think there’s gymnastics going on doesn’t make it so. It’s actually well established in the security field that they count.

Malware isn’t defined by its privileges but what it does.

Correct… and anything that intercepts all system calls and forces closed applications that it deems “not safe” even if I the user specifically run it is malware. You bet your ass they feed back information to the mothership too.

And btw, if you’re accepting the “Spyware” moniker from the other comment chain. Spyware is a form/category of malware.

Definition from Malwarebytes:

Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations.

Hostile - it’s not meant to help you at all. If you’re doing something deemed “unsafe” in their eyes. They will take action up to and including stealing your money that you paid for the game. intrusive - embeds itself in the kernel Intentionally nasty - Well it’s not accidentally nasty.

invade - attached to games with little to no input on what you’re installing. disable computer systems - specifically the software you paid for Taking partial control over a device’s operations - the whole fucking kernel.

I’d say meeting the VAST majority of the definition and at least one portion of each category is sufficient to call them all malware.

But… That could be what it adds on. Gotta use the right tool to capture the ghost. That way identification is still relevant.

You said you’re using OPNSense for routing… Just keep it up to date and you’ll be fine.

If you’re worried about your ap, I think you can set omada APS to restart nightly… Though I could be misremembering.

Every network manufacturer has had some CVE for something.

Use anything… Mailcow or otherwise. Just don’t expose the ports on your firewall/router to connect back to you.

Well… No offense… but duh? It’s not like OP can migrate his spouses “Spouse@gmail.com” address to his mail server.

I was under the assumption (and I could be wrong) that OP owns the domain… And wants to run their mailboxes. If she wants to keep her own mailbox and use it, just forward it to her gmail if that’s what she wants. I’m also not insinuating forcing someone into something.

I own my domain(you guessed correctly) and host my own emails. My spouse does use an inbox on my server(actually a few)… If she didn’t want to anymore she can open a mailbox where-ever she wants… and I’ll even forward whatever I get to her. That’s it. Wouldn’t stop me from running my own inbox on my own server. And I’m not forcing her to do anything at all. She can use it or not.

This is the mentality I have when I made the previous comments. Just forward her stuff off, she can go wherever she wants.

Until the basement floods and the server goes offline for a few days

That’s what backups are for.

or botched upgrade that’s failing quietly;

See above

over zealous spam assassin configuration;

That’s an assumption that you’re using this specific product.

What’s funny is you think that all of this can’t happen to your stuff on Google’s servers either for some reason… Say the wrong thing in a Youtube comment? Boom whole google profile banned. All your emails are gone too.

Or random software that interfaces poorly with each other (https://support.google.com/mail/thread/142335843/all-of-my-emails-have-disappeared-how-can-i-recover-them?hl=en)

SMTP is stupidly forgiving. You’re not going to magically lose singular emails.

But one thing is for sure, my wife won’t have any of it. She’s a total backwards thinking give me windows or I’ll jump kind of Gal.

So… forward her inbox to her personal gmail account? Keep your mail server as it was for you?

SteamDeck (and other handhelds like that) are super convenient to demo things out on. Don’t have to lug entire systems to trade shows. Just load up a dozen decks in a bag preloaded with whatever the most stable or latest build of your game is.

It makes sense for these trade shows. More of your game gets into people hands for that crucial demo. Less time wasted waiting in queue at the 2 PCs you brought instead.

I run a dedi server in my garage. Me and my kids still play it at least 2-3 times a week. Far from dead. People have just settled into their servers and the general hype train loons have moved on.

Maybe, just maybe, players want more new ideas rather than live services.

I’m not sure I understand why this statement is here. Palworld isn’t a live services game. This isn’t a “new idea”… this is how it’s been for most games since the dawn of gaming… You can play offline just fine. You can run a dedi host just fine. It’s a decent (not “great” but unique) genre of game that works great for my family. If it was live services it would no longer work for my family. I don’t let my children onto those types of games. They’re not old enough and for sure not mature enough.

It still gets updates, and before I click my dedi server I see the lobbies… They all generally seem occupied. According to https://steamdb.info/app/1623730/charts/ there’s nearly 50k players playing right now… That’s not a small number and puts it in top 30 overall.

So it isn’t whether you’re using Azure, it’s whether you’re using CrowdStrike (Azure related or not)

No. Azure platform is using Crowdstrike on their hypervisors. So simply using Azure could be sufficient to hurt you in this case even if your Azure host isn’t using Crowdstrike itself. But yes, otherwise it’s a mix of Windows+Crowdstrike.

Yes, but Azure platform itself was using it. So many of those systems were down overnight (and there’s probably still stragglers). The guy you responded to specifically called out Azure-based services.

LMFAO Blizzard still hasn’t fucking learned? I walked away from them years ago. But I thought the point of WoW Classic was for them to just leave it the fuck alone. The game was already at it’s peak. Stop fucking with it.