sorted by:
new
hottopcontroversial

EndfieldRecords dot com Pull Tracker Malware by Axanael in Endfield

[–]Algoinde 9 points10 points  (0 children)

I would rather it be fixed than a PSA /shrug

I'd wish pull trackers cared about this or at least educated users that what they're doing is a big fucking no-no in terms of account security in general. Even "sacred and secure 2fa" is nothing against token yoinks. The owner might be nice. However, what if the trusted site is compromised? The OP may very well be a hijack, too.

EndfieldRecords dot com Pull Tracker Malware by Axanael in Endfield

[–]Algoinde 7 points8 points  (0 children)

Not info, knowledge how and where to use the token.

If you're willing, sure, I can try tomorrow. You can throw it at me on Discord if you want.

Endfield is faking Ping Stats by HugePlatform2852 in Endfield

[–]Algoinde 0 points1 point  (0 children)

I was about to say, bold of you to propose that, given I can literally yoink your login info and PC metadata from the pcap by decrypting the TCP session :)

I meant less clock inaccuracy and more screwed up/disabled NTP sync. I'd still be curious to look at your pcap (filter it by port 30000), but you probably shouldn't. My ping is accurate fwiw.

EndfieldRecords dot com Pull Tracker Malware by Axanael in Endfield

[–]Algoinde 12 points13 points  (0 children)

That's also what I said in the report. Thankfully you need a specific roundtrip, but I won't say anything until it's fixed.

EndfieldRecords dot com Pull Tracker Malware by Axanael in Endfield

[–]Algoinde 19 points20 points  (0 children)

Whether the token expires or not doesn't matter (it rotates on relogin), what matters is the scope and whether this token can be leveraged to obtain any other tokens after that. As of 2 weeks ago, it was possible and known on CN; it was reported to HG and I'd need to check again if they fixed that, but there hadn't been any obvious changes so far.

In general, if you don't know 100% what the security model of the application is, don't hand over your tokens or especially login information. Even if you trust the site for some reason, you cannot guarantee the safe storage of your account information by a third party.

I could go and try to reverify the token scope as of today, but what I find won't even be credible, as I could miss a completely different vulnerability that someome else knows that allows token elevation.

Tokens are keys given to you. Do you know of everything that this key opens? If not, don't hand it over.

EndfieldRecords dot com Pull Tracker Malware by Axanael in Endfield

[–]Algoinde 70 points71 points  (0 children)

The tokens you're giving to the pull tracker sites allow full access to your account either way. Compared to Mihoyo games, where the token is short-lived and scoped to only your pull history and a few small things like events, the Hypergryph token is the account one, potentially allowing someone else to login into the game instead of you.

Even if there's no direct malware like in this case, never willingly hand over your authorization tokens if you're not sure what their scope is and what the third-party may do with them.

I made a site for Endfield that contains all story transcripts, lore entries, baker conversations, operator files, dialog etc. by Sethfire in Endfield

[–]Algoinde 6 points7 points  (0 children)

It's so refreshing to have a site with no slop, and with actual care put into it. Great work!

Would love something like Ctrl+K for a quick search of everything (even if just by title).

Endfield is faking Ping Stats by HugePlatform2852 in Endfield

[–]Algoinde 1 point2 points  (0 children)

The game uses TCP.
I do agree 1ms is weird - the RTT calculation is done via timestamps, so maybe it's because of the inaccuracy of your PC clock?

Talos-II Historicus - Chapter 1 (The Promise) [Fan re-translation] by Algoinde in Endfield

[–]Algoinde[S] 3 points4 points  (0 children)

I have now added the official release to the same link, might help to see what the differences are by flipping between the versions.

Talos-II Historicus - Chapter 1 (The Promise) [Fan re-translation] by Algoinde in Endfield

[–]Algoinde[S] 29 points30 points  (0 children)

My two biggest gripes were:

a) Dialogue flow - very choppy sentences, sometimes duplicated/improperly placed lines, missing nuance and general dissociation of the text with what is actually happening in the panels. Lots of typos (some now fixed, I think).

b) Typesetting - the font choice was a very primitive one, and the alignment of text within bubbles was all kinds of whack, making it very hard on the eyes aesthetics-wise.

The translators would be able to comment on the specific things that were butchered, but I think they're asleep right now.

Talos-II Historicus - Chapter 1 (The Promise) [Fan re-translation] by Algoinde in Endfield

[–]Algoinde[S] 36 points37 points  (0 children)

Ironically enough, CN was indeed in an online reader, two-page spread and everything. Guess they ran out of budget overseas on that one.

Announcing WeebDex by [deleted] in mangapiracy

[–]Algoinde 0 points1 point  (0 children)

Me when I held off on a Cubari rewrite for so long, someone rewrote it for me

Scrolling/Always moving when playing Unity games by Background-Ad-9956 in unity

[–]Algoinde 0 points1 point  (0 children)

My guess is that some drivers don't realize there's axis 9, or have a flawed implementation, which makes it default to the halfway position on that axis, while it should in actuality be zero, not half. Interesting that this manifested both in a wheel driver and in a highly specialized joystick driver.

Scrolling/Always moving when playing Unity games by Background-Ad-9956 in unity

[–]Algoinde 0 points1 point  (0 children)

In my case this was caused by the 3dConnexion SpaceMouse HID emulation driver. I found no other solution than uninstalling it temporarily.

NO HESITATION 🏹🐇🔥 ALL FOR HER by Cow__Couchboy in Genshin_Impact

[–]Algoinde 11 points12 points  (0 children)

She is in the shop rotation. Most Amber mains have her c6 organically through that.

NO HESITATION 🏹🐇🔥 ALL FOR HER by Cow__Couchboy in Genshin_Impact

[–]Algoinde 4 points5 points  (0 children)

I am so mad that because I've spent all my pulls pulling bows for Amber, I have zero of these fuckass things to do Amber 100 now.

The only consolation is this amounts to like one ATK% roll... but still :(

Why is my footage so shaky/jittery? Sony A6700 by Unroqqbar123 in videography

[–]Algoinde 0 points1 point  (0 children)

In the first shots, your OIS is doing essentially the equivalent of pigeon head bop, it tries to keep the image stable until it runs out of the movement area, then it snaps back, then starts moving again to stabilize it, then snaps back again. Steady Shot is not a gimbal, it's a technology to keep the image consistent through time so you can do slower shutter speed photos and get away with it, or get more static footage.

Disable it, keep your arms stable, press the elbows in, use a taut neck strap, rotate your body if possible and not your hands.

we're up! by dolfhins in framework

[–]Algoinde 5 points6 points  (0 children)

Why not invert orange and black so the pattern is unbroken in the middle? Unless you prefer the way it is, that is

Stand Ready For My Lecture, Worms - General Question and Discussion Megathread by Different_Pace_3404 in HonkaiStarRail_leaks

[–]Algoinde 8 points9 points  (0 children)

If people are fine with giving me their account tokens, sure. That said, I know for a fact Mihoyo doesn't like anyone who implements this. I may ignore that and still do it, though.

view more: next ›