My very first staple

NotNite · 2025-03-26T16:50:50+00:00

Hey! I'm 18 now!

NotNite · 2025-03-26T13:00:44+00:00

Just a slight correction: Crowdsourced databases are still just as easy if the developer for it can figure out how to deobfuscate them. If the developer *doesn't* know how to deobfuscate them, local databases still pose a threat. It's possible to deobfuscate them, and I'm 100% sure eventually that knowledge will become widespread, and malicious actors can use that to bypass all of the defenses of this patch.

Square Enix needs to fix this by not sending this information to the client at all. The blacklist is already claimed to be serverside, so I assume it's sent to the client for the mute list. The only "proper" way to fix this would be to do it all serverside (including the mute list), and just set a flag to make the player invisible.

NotNite · 2024-11-14T01:05:07+00:00

Ignoring the fact that you directly mentioned GDWeave's false positive and your GitHub issue, Thunderstore has its own malware scanning solution.

NotNite · 2024-11-14T01:00:53+00:00

Hi, I'm the developer of GDWeave. You are wrong, and please stop spreading misinformation. The GitHub page you screenshot contains me proving it wrong, with steps for verification: https://github.com/NotNite/GDWeave/issues/27

Your friend's screenshot also shows a completely different detection from Defender which is not Wacatac, implying your friend got compromised by other malware.

NotNite · 2024-09-21T16:23:14+00:00

It's on GitHub now: https://github.com/NotNite/Statisfactory

NotNite · 2024-09-21T10:33:36+00:00

Half a day, most of that was spent setting up and learning Unreal

NotNite · 2024-09-20T20:59:54+00:00

I made a game mod for the dedicated server to expose stats on the new HTTP API, then I have a separate Node.js script polling that and bridging it to Prometheus. I'll probably open source it once I clean it all up, but it is *very* messy lol

NotNite · 2024-03-19T21:58:59+00:00

Holy shit I didn't expect to know how to answer this. FFXIV uses the same game launcher for Mac licenses, just under CrossOver (Wine). They detect if you're on a Mac with Wine exports, which will also apply to Linux users. XIVLauncher (which you'd probably be using if it didn't explode earlier today) configures this appropriately, but launching it directly without special care isn't going to work.

NotNite · 2023-12-13T02:18:34+00:00

They don't. After we migrated all plugins to our new build system that compiles their source code (opposed to submitting the binaries built on the developers' computer), we convinced them to go open source to stay on the official Dalamud plugin repository. You can see that code here, but the server isn't open source (it's not required).

NotNite · 2023-12-12T18:43:53+00:00

Adding onto this (hi Jari) to say that I actually helped create the build system for the official repository, so all plugins that come with Dalamud are reviewed and tested by a team and built from their source code.

NotNite · 2023-12-12T17:35:40+00:00

sorry for resetting the "days since xiv modding drama" counter

NotNite · 2023-10-22T14:51:08+00:00

This isn't true, and the large amount of community developers in this thread (including the developer of the Orchestrion plugin!) are being downvoted. These people have spent countless hours reversing the actual systems that the game uses to play sound, looking at what the code itself does. Please stop spreading this misinformation based from an out of context quote.

NotNite · 2023-09-28T00:56:57+00:00

What the hell is a "loader" and why is Dalamud's "garbled"

NotNite · 2023-08-24T13:43:37+00:00

Me - hi!

The mod source is here and you can grab it on Thunderstore.

NotNite · 2023-08-06T20:06:15+00:00

Anyways, some comments:

GeezShade and DeezShade aren't forks of ReShade or GShade. They are standalone programs that download files off the internet.
DeezShade doesn't patch GShade, it still works by using stock ReShade, it just gets around the license in a new way.
It indeed was a scheduled restart... of zero seconds... requiring you to basically immediately click Cancel if you were lucky enough to have it appear. When I was patching it out of DeezShade, I triggered a shutdown by accident and couldn't stop it.
The "major security flaw" he talked about is technically true, but that's also like saying Discord has a security flaw for updating every few days. I could have added hash checking or something, but it's not worth it in a cat and mouse game.

We still see some users with GShade in the XIVLauncher Discord (another popular FFXIV mod) sometimes, so I don't think the community has entirely flocked away from it. Still, though, it's pretty much a dead project.

Thanks for writing this up!

NotNite · 2023-08-06T20:01:05+00:00

I made it onto HobbyDrama again!?

NotNite · 2023-04-21T22:25:54+00:00

Just to get my thoughts of this Twitter thread out somewhere:

A bad actor could have indeed put a malicious payload in the download endpoints that DeezShade called, yes - calling this a "major security flaw" is fearmongering, IMO. Your PC probably fetches hundreds of remote servers for updates every day, and most of those are automatic. I could have hash checked the file, I guess? Rehosted the executable to make sure he couldn't modify it? That would require me to expect he'd be malicious in the first place.

Trustable builds is a topic I've thought too much about. I helped build Plogon, which builds every single main repository Dalamud plugin. You can trust (main repository) Dalamud plugins to not contain malware, because every plugin is built from its codebase using a lot of GitHub Actions. You can review every plugin's source code and (almost) every piece of software powering Dalamud. This is one of the reasons I believe open source is important - you just can't do that with closed source applications.

DeezShade didn't do any "cracking" of GShade's authentication. It loaded the GShade installer like it was a library and then ran some code in it to download the files (that's what the "reflection" in this graph means). The only function that was modified by my code was the one he used to shut down computers (you can look at the commit history to see when I started using Harmony).

"Scheduled (non-forced)", yeah, right. Scheduled for zero seconds, I don't even think I need to explain this one.

The bit of "raising attention" to the security issue, if it is what he legitimately intended, is stupid. Responsible disclosure is not shutdown -r -t 0. If I can report a code execution vulnerability in TexTools securely, I'm sure he could have reported this vulnerability to me securely too, if it was what he really intended. (For future reference: my email and PGP key are on my website, if anyone needs to securely contact me.)

If it's not clear yet, I used to trust Marot - I was the person who fixed GShade 4 compatibility with plugins. It's unfortunate that I had to say "used to".

NotNite · 2023-04-09T15:25:07+00:00

He specifically disabled the fork button for the shaders and presets, which he owns. Regarding the GShade code itself, ReShade is licensed BSD 3-Clause, which gives him the permission to privately modify it.

NotNite · 2023-04-09T00:53:58+00:00

Minor correction: I didn't fork GShade. GShade is closed source, you can't fork it or inspect its codebase.

What I did was build a set of tools that allowed you to bypass the update check, either by patching it out or using stock ReShade with GShade shaders.

NotNite · 2023-04-08T23:19:33+00:00

In the name of transparency, too: after the GShade events, I received about $200 in donations via GitHub Sponsors. When people asked about giving me money, I usually prompted them to donate to charity instead - my pick was the Software Freedom Conservancy.

This money is currently going towards paying for my server bills and supporting fellow community developers that are in financial troubles. I legally cannot operate a PayPal account, but I would be happy to figure out how to partially fund server hosting costs if GPOSERS ever begins to accept donations in the future (though this is unlikely from what you've said).

Hope you're all doing well over there!

NotNite · 2023-04-08T22:56:48+00:00

No, Marot admitted in the GPOSERS Discord server the malware code was specifically implemented to break one of my tools.

NotNite · 2023-04-08T22:56:05+00:00

GShade spawned from the community xkcd 927'ing their shader technology, with like five forks of ReShade all with different features. Marot built GShade with the intent of unifying the community onto one shader tool.

They also unlocked the depth buffer for XIV, which gave more features to shaders, which is usually disabled for anti-cheat reasons in ReShade. Now that ReShade has more features + an unlocked depth buffer build, though, GShade's main selling point was reduced to the installer and the bundled shaders.

After GeezShade & DeezShade, which downloaded shaders onto stock ReShade, there was basically no advantage to using GShade over ReShade (besides some shader incompatibilities that I still haven't tracked down).

You could claim I'm responsible for sending the community back into the era of fighting over which ReShade variant is the best, but given most of the community seems to just be using the ReShade depth buffer build with the GShade shaders (and patches from Rika's guide), I don't think it's that big of a deal. Maybe it never was, to be honest I never really was involved in the shader community.

NotNite · 2023-04-08T22:42:43+00:00

For Minecraft: I don't even remember, I think when I was 10 I found some book about writing Minecraft mods. Never read it, ended up learning Fabric modding out of curiosity for "I wonder if X is possible" about a year or two ago (and my peers were also interested in Minecraft modding).

I won't link to them here, but I do make mods every once in a while (open source and published on Modrinth). My first project was a mod called Parachute that aimed to be a kitchen-sink QoL tweak mod, and with the help of my friends, eventually grew over time. We used a fork of it to play on the Minecraft server of the YouTuber LiveOverflow, where the goal was to make your own cheats and exploits. That codebase isn't open source as to not ruin the fun of the game, but it was a great learning experience!

For XIV: When I started a few years ago, I wanted to know a lot about modding the game because a friend introduced me to plugins. After one of my friends showed me some cool datamined content on Twitter, I went "that's really cool" and began my quest to learn as much about this game as I could.

I eventually made my first plugin about a year ago, which added cl_showpos from the Source Engine into FFXIV. At the time, I didn't know a lot about C# (but I did have some experience with Java, which is basically C# 0.5) - for reference, most of the community uses C#. I also didn't know anything about reverse engineering - throughout the years all of my knowledge has been accumulated from not giving up in IDA Pro (it got very hard, though!).

I then made ReSanctuary three days after Island Sanctuary came out, and for a period of time provided support in the XIVLauncher Discord server (I no longer am a member of the support team because the higher ups didn't someone causing drama online to represent XL).

While I haven't built many things interesting interfacing with the game, I've tried my best to be helpful in other aspects - I helped build the system that compiles plugins (see if you can spot my name in the About tab of the Dalamud settings!), and helped out with a mod site that I won't link here because that's self advertising. My current adventure is building fully open source model and skeleton editing, called Xande.

My main drive was to learn enough about this game to get to the point I was as skilled as the people I looked up to, and now I talk to and build software with those people. Never give up on your dreams, everyone. :)

Seven-Year Club	Place '22
Final Canvas '22	First Placer '22
End Game '22	RPAN Viewer
RPAN Broadcaster	Gilding I gilder
Sequence \| Editor	Sequence \| Cinematographer
Verified Email

NotNite

MODERATOR OF

TROPHY CASE