this post was submitted on 26 Mar 2024
32 points (97.1% liked)

PC Gaming

8573 readers
432 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] biscuitswalrus@aussie.zone 3 points 7 months ago* (last edited 7 months ago) (2 children)

Penny drop moment of "oh right we have to look at the competing engines to see our own weakness"? Frankly it should be obvious.

"If you know the enemy and know yourself, you need not fear the result of a hundred battles."

For me it raises really a odd question about their culture too, since only after inshin's remaster did they add a policy to review developer tools and technology, in a development company.

I'm trying to not read into it any more than that but I can't help but imagine there were board meetings beforehand going 'guys our team want to try using unreal' and some exec going 'no it's banned we only use our own propriety code or else we'll lose our brand and be washed out! All other engines are banned!'.

[–] baconisaveg@lemmy.ca 5 points 7 months ago (1 children)

Management often has very, very little clue what the development team does or the tools they use. Our IT department management tried to block access to Github and I had to explain why that would be a bad idea(tm), you know, since all of our code lives there...

[–] biscuitswalrus@aussie.zone 3 points 7 months ago

Yep though I'm a sysadmin and can feel for that, these consolidated platforms are being used as a straight "you trust this, when I infect you, I'll use payloads I'll temporarily host in github because you adjust already block overseas by default expect a bunch of whitelist trusted domains.".

https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-ongoing-attack/

It's technically easy to allow a subdomain, but it's really hard to unblock just a path.

So yeah, what generally happens is the SOC team complains that the new threat is here, and either vendors (had this with fortinet) move the risk rating of github from a 3.5 to a 6 out of 10, I had put the threshold at a default 5, and now it's being blocked. I wonder why it wasn't blocked before, well it wasn't as risky last week as it is now.

Anyway just thought I'd share the IT sysadmin POV.

More to point, using security as an example, we use SentinelOne and azure sentinel. I've had a 'I want to compare crowdstrike and huntress labs' because I've seen really good things with those xdr seim tools. But I got shot down. Why? We can't deviate our standards. Well, how will we know if the competition is better? Is our choice good? Who knows.

I still don't know. I sleep easy knowing it's not my burden though. It's their fault if they get compromised on an attack that the other vendor would stop.