In a centralized management scenario, the central controlling service needs the ability to control everything registered with it. So, if the central controlling service is compromised, it is very likely that everything it controlled is also compromised. There are ways to mitigate this at the application level, like role-based and group-based access controls. But, if the service itself is compromised rather than an individual’s credentials, then the application protections can likely all be bypassed. You can mitigate this a bit by giving each tenant their own deployment of the controlling service, with network isolation between tenants. But, even that is still not fool-proof.

Fundamentally, security is not solved by one golden thing. You need layers of protection. If one layer is compromised, others are hopefully still safe.

If we boil this article down to it’s most basic point, it actually has nothing to do with virtualization. The true issue here is actually centralized infra/application management. The article references two ESXi CVE’s that deal with compromised management interfaces. Imagine a scenario where we avoid virtualization by running Kubernetes on bare metal nodes, and each Pod gets exclusive assignment to a Node. If a threat actor has access to the Kubernetes management interface, and can exploit a vulnerability to access that management interface, it can immediately compromise everything within that Kubernetes cluster. We don’t even need to have a container management platform. Imagine a collection of bare-metal nodes managed by Ansible via Ansible Automation Platform (AAP). If a threat actor has access to AAP and exploit it, it then can compromise everything managed by that AAP instance. This author fundamentally misattributes the issue to virtualization. The issue is centralized management and there are significant benefits to using higher-order centralized management solutions.

After briefly reading about systemd’s tmpfiles.d, I have to ask why it was used to create home directories in the first place. The documentation I read said it was for volatile files. Is a users home directory considered volatile? Was this something the user set up, or the distro they were using. If the distro, this seems like a lot of ire at someone who really doesn’t deserve it.

The entire goal of Server Meshing is fixing the “existing 100 player ones barely function” issue. Server Meshing breaks a single logical “server” into multiple backend servers that are all meshed together to provide a consistent and transparent experience. A 400 player server could actually end up being 10 backend servers, with 40 players each. Thus, it’ll run much better.

I’m not saying they were purposefully cheating in this or any tournament, and I agree cheating under that context would be totally obvious. But, it is feasible that a pro worried about their stats might be willing to cheat in situations where the stakes are lower outside of tournaments.

What I also don’t understand is, if this hacker has lobby wide access, why was it only these two people who got compromised? Why wouldn’t the hacker just do the entire lobby? Clearly this hacker loves the clout. Forcing cheats on the entire lobby would certainly be more impressive.

PS. This is all blatant speculation. From all sides. No one, other than the hacker and hopefully Apex really knows what happened. I am mostly frustrated by ACPD’s immediate fear mongering of a RCE in EAC or Apex based on no concrete evidence.

deleted by creator

This isn’t a statement from Apex or EAC. The original source for the RCE claim is the “Anti-Cheat Police Department” which appears to just be a twitter community. There is absolutely no way Apex would turn over network traffic logs to a twitter community, who knows what kind of sensitive information could be in that. At best, ACPD is taking the players at their word that the cheats magically showed up on their computers.

PS. Apparently there have been multiple RCE vulnerabilities in the Source Engine over the years. So, I’m keeping my mind open.

I do not buy this RCE in Apex/EAC rumor. This wouldn’t be the first time “pro” gamers got caught with cheats. And, I wouldn’t put it past the cheat developers to not only include trojan-like remote-control into their cheats, but use it to advertise their product during a streamed tournament. All press is good press. And honestly, they’d probably want people thinking it was a vulnerability in Apex/EAC rather than a trojan included with their cheat.

From the article, “These systems range from ground-based lasers that can blind optical sensors on satellites to devices that can jam signals or conduct cyberattacks to hack into adversary satellite systems.”

Recently LTT built a $100k PC desk for a Minecraft streamer. Sometimes the over the top engineering/materials (and thus cost) around something is the entire point. If they gave it a fair shake, and still called it a bad product, and then returned it. There wouldn’t be an issue. It being a bad product isn’t the issue.

First, let’s assume we’re all intelligent people here and not be condescending.

I am not saying it’s not possible to view high resolution content at 25 mbps. I am saying that certain content just can’t encode at full fidelity at 25 mbps. In my experience, high action scenes with tons of entropy to encode do not compress well. And those scenes degrade and become muddy or pixelated at lower bitrates. Do you need it for the entire stream? No. But sadly, to save on bandwidth many streaming services also severely limit how much buffering their clients will do.

Even all this said. We’re talking about 10’s of megabits of difference. Significant portions of the world have managed to offer gigabit internet to practically everyone in their jurisdiction. And yet, we’re here in the dark ages with 25/3. And sure, you could say “American has significantly more rural areas, those customers are hard to serve.” But, I’ve got family in coal-country West Virginia that have gigabit fiber. There are no technical hurdles. These companies just don’t want to upgrade their infrastructure.

Here are the bitrates Youtube suggests for uploading content: https://support.google.com/youtube/answer/1722171?hl=en#zippy=%2Cbitrate

If you want full fidelity for all types of content, these are the bitrates you need. Yes, modern encodings can handle more fidelity at lower bitrates. But, I guarantee these numbers are for modern encodings. Older school encodings like UHD BluRay range anywhere from 92 to 144 Mbps.

Streaming platforms want to stream at the absolute lowest bitrate possible, and they absolutely compromise quality for lower bitrates to save on bandwidth.

I’ll second this. 4k at 25 mbps might be OK for a sitcom or drama without much action or on-screen movement. But as soon as there’s any action, it’s gonna be a pixelated mess. 25 mbps is kinda the sweet spot for full fidelity 1080p, and I’d much rather watch that than “4K”.

No thanks!

At it’s most basic, a satellite will have two systems. A highly robust command and control system with a fairly omnidirectional antenna. And then the more complex system that handles the payload(s). So yea, if the payload system crashes, you can restart it via C&C.