It’s more so lucky that there was someone diligently doing that. It could’ve easily gone unnoticed had there not been someone like him.

Try Windscribe, they offer residential and datacenter IP’s. I don’t get the point, but it’s your money.

I erroneously said the IP’s are less shared, but that’s not the case per the page.

But still, they get past more ip-blocking.

https://windscribe.com/staticips

After reading where I’m even posting: Renting a cheap VPS and using Wireguard to tunnel to it is also an option.

Then it really is only used by you.

• Man, I’m really not reading today.

See: Anything that can open ports. NAT of any kind tends to not allow opening ports.

You can get Let’s Encrypt certificates for DuckDNS, so you don’t even need to own anything.

Works with anything that can open ports. DuckDNS works by pinging their service from anywhere to update the target IP for the subdomain.

You do realize all this is easily done with a reverse proxy + DuckDNS?

Protip: “It gets better later” isn’t a good way to promote a game.

It has to be good from the start.

If it isn’t and it can’t hook a player, you’ve just lost a customer, who likely just refunded the game as well.

Now personally: I like terraria from start to end. It got a bit boring in the middle. I used to not be able to play it at all because /something/ about the game really triggered my migraines. It doesn’t anymore, and I can play it.

Hashing on client side is both more private, and secure. All the user ever submits is a combined hash (auth/pubkey) of their username + password.

If the server has that hash? Check the DB if it requires 2FA, and if the user sent a challenge response. If not, fail the login.

Registering is pretty much the same. User submits hash, server checks DB against it, fail if exists.

Edit: If data is also encrypted properly in the DB, it doesn’t even matter if the entire DB is completely public, leaked, or secured on their own servers.

Argon2 is the best (secure) crypto currently.

That said, adoption is slow, Bitwarden only recently implemented it for example.

That said, due to Argon2 being security-oriented, the recommended settings for it are pretty heavy.

Well to be fair, if they’re hashing serverside, they were doomed to begin with.

But yeah, there’s a lot of ways to DDoS, and so many tools that just make it a 1 button click.

Your password could also just be a long, unique sentence, without any excessive special characters. Maybe even a poem.

Like "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum eu leo eu nibh efficitur viverra. Integer lacinia tortor est, quis aliquet tortor varius sed. Sed dapibus vel turpis at suscipit. Nulla consequat orci in nibh dapibus sodales. Phasellus at arcu ac dolor suscipit pretium. Curabitur sit amet justo sit amet ipsum scelerisque accumsan ac ac nulla. Nullam accumsan lorem sagittis iaculis varius. Nullam convallis nisi ante, id congue diam tincidunt vel. Aliquam sed iaculis mauris. Nam leo nisi, consequat sed sodales non, tempor vel ante. Nunc eleifend vulputate turpis bibendum bibendum. Morbi nec massa in mi sagittis lacinia id ut metus. Maecenas gravida mi vitae lorem laoreet sagittis. "

That’s alot of common characters and words; yet, it’ll take centuries to crack.

That’s a misunderstanding of DDoS. 0 byte packets are actually worse than large packets.

Which is why most DDoS (at least was) is extremely slow 0 byte requests until the server throttles/crashes under the number of requests.

E: Consider this. Are you more likely to throttle a bandwidth of terabytes/petabytes with couple million 1gb requests; or break it entirely by sending >4294967295 0 byte requests that effectively never stop being requested from the server?

Old Steam calling.

Website and Client used different password rules, what worked for the other didn’t in the other.

Oh nooo! Anyway, make the best game you can.

AAA studios, you can stop crying, you’re like a master car mechanic crying because you can’t bolt down a single goddamn nut with pre-existing tooling.

I’d say no. While yes for example in game development we’ve had new tech come up that wasn’t there 10-30 years ago, the “how” to do it was on paper decades earlier. It just wasn’t feasible to implement with current technology.

Due to IDE’s etc, it’s significantly easier to just create stuff these days, which for indie etc is extremely good.

It does however also mean that the implementation of tech X will be sub-optimal in most situations, because people don’t really understand the underlying tech.

That can be solved in non-corporate situations by asking for help/advice online, or looking it up; but in corporate that’d likely get you branded “overqualified”, and they’d fire your ass for focusing development time on improving/fixing something instead of just pushing, pushing, and pushing.

'course there are also programming fields specifically targeting to improve gaps left by IDE’s etc, to make them even easier and efficient to use.

So basically: Fuck big corpo, fuck “education” that prepares you for corporate rather than teaches you the fundamentals.

Yes, software is getting worse, as education and corporate are getting worse.

Where employees needed to know what they actually were doing in the past, now is mostly auto-filled by IDE’s and languages that target other languages, so employees need to know less and less fundamentals.

Which in turn means when a low-level error occurs, either no one knows how to fix it, or the corporate refuses to hire someone who knows how to fix it because they’re “over-qualified”, and therefore would “cost them too much”.

Code obfuscation and proprietary code.

Nice try Zucc. This just makes me want to defederate Threads even more.

Online accounts can’t be bruteforced

I’m sorry, but that’s just wrong.

Majority of sites have awful security practices, not to mention massive breaches.

Get yourself either a password manager (Bitwarden is the best), or something like Yubikey + unique sentences.

Biometrics do not provide security, they’re purely for convenience.

https://restic.net/

This is what I’d suggest for backups. Good performance, has versioning, etc.