Not really the case for Android, you skip the google account setup or the amazon account setup if you are using a fire tablet and continue using the device by sideloading whatever APKs you want. Most of the times the APKs that depend on Google Play Services will continue to work fine.
I skipped the amazon account registration and directly sideloaded the Google Play apps on my fire tablet.
Even for Google TVs you can skip the setup and use the TV as is. You can sideload APKs on this as well.
AFAIK, the account setup/login circumvention is not possible on fire tv sticks/google chromecasts.
You can take a very old android device factory reset it and continue using at as an offline only device without the blessings of google or amazon. (Except FRP devices)
But that is not the case with Apple, you need to connect it atleast once to the internet to activate the device.
The clever thing here is that Denuvo is only used to protect certain functions, not the entire game. The functions it protects should be functions that run infrequently, but contain enough critical game logic that they can’t just be replaced wholesale by a cracker. I believe the game developer themselves chooses what functions to protect. If they protect too much (or protect the wrong functions) performance can suffer, whereas if they don’t protect enough, the crackers’ job is too easy.
From the "analysis" I gather it works by encrypting the .exe and the key's are server-side. The hardware info is used to further encrypt it.
I think the goal should be to fool the checks rather than remove the encryption which would be a nightmare. CPUID can output whatever you want, it just reads MSR's. I'm sure there are possibilities to use kernel drivers to make windows functions also read out whatever you want.
You need (1) a valid license file and (2) a list of all the checks that are made and (3) some way to override the output of each check. Furthermore, you want to ideally do this in a way that makes your cracked software actually deployable on random computers, so you don’t want to do any heavy kernel-mode hooking because people won’t be able to use your crack.
Oh and if you actually do distribute a crack that uses a stolen license file, they’ll ban the heck out of the hardware identified in the license (and probably any user/account/Steam IDs they manage to hoover up), which will no doubt be an annoyance to a cracker.
Where did you see this? I quickly skipped through both videos and saw 5-20% difference in average framerates, 20%+ difference in 1% lows which is what makes a game feel choppy/laggy, and 5-10+ seconds difference in loading times.
And going by the techniques explained in the OP those numbers make complete sense, that's the cost I would expect for the advanced obfuscation/protection Denuvo uses.
Recently watched the Netflix docu series on this, J&J claimed that cyanide was not present in the factory, so there is no way the pills could have been contaminated at the factory.
Then later on one of the doctors asked J&J if a test for cyanide is done for each batch in QA at the factory. J&J said yes, each batch was tested for the presence of cyanide.
The doctor then asked, "Why were they testing for it(cyanide)?", kinda blew my mind. Implying that J&J knew cyanide contamination was a possibility at the factory itself.
This is my brother's job, testing for contaminants. He says it can be very boring. For example, they always test for lead, and it's always negative. But it's a necessary precaution when you're making medicine.
I think people don't really understand the requirements you need to meet to get and maintain FDA clearance. I think even under the current administration, you still could have an obligation to do that testing.
That’s all true when the medicine is made here. More and more of every day medicine these days is made in countries with fewer safety regulations like India and China. FDA may inspect them from to time but they have no jurisdiction to actually do anything about violations.
Why is that strange? Cyanide seems like an obvious thing to test for at scale. Safety engineering doesn't say 'that doesn't seem likely even though it's dangerous and easy to control for so I'll not handle the scenario'. It says, 'anything unsafe should be mitigated with the right cost-benefit analysis applied for the scenario'. Testing for cyanide makes sense regardless of whether it's in the factory.
I really don’t know, but could there be 100 other substances as dangerous and easy to mix/administer as cyanide? There must be some cut off since you can’t test for everything. I’d be interested to know what that test matrix/decision document looks like.
Cyanide is found as an impurity from both natural sources and as a byproduct during the manufacturing process, a lot like lead. So it's common enough to warrant the expense of testing
I don't work in pharma but I work in medical electronics, and sometimes you just have to perform random unrelated testing because the standards say so, even if it technically doesn't apply to your product
I can understand why it might seem suspicious, but I’d also hope that (non-exotic?) substances capable of killing at doses small enough to fit in a Tylenol pill would be in their test matrix.
Cyanide is really simple and can easily be a side product of many organic chemistry reactions, testing for it is just obvious. The ion is just one carbon and one nitrogen which can combine with many different things to make many poisonous salts. Testing for it isn't suspicious and there was very strong evidence that it wasn't a factory mistake.
Cyanide occurs naturally in some fruit seeds and can be produced by some fungi + algae. So if any of those are things that could end up getting into the production inputs (even in small amounts), it would definitely be worth the effort to test. Even if that's not the case, contamination from other sources inside the factory don't seem terribly off the wall either.
Also if the testing isn't especially hard, complicated or expensive. I see no point to not do it. Specially when contamination is possible due to non-intentional reasons.
It is good that they check, imagine Sigma-Aldrich doing a mistake between two products, or a product accidentally contaminated during manufacture, considering the large amount of things they produce it is not impossible
What’s more worrying isn’t that they tested—it’s that the existence of the test feels like a smoking gun. That says more about our broken trust in institutions than anything else.
It says more about the nature of pharmaceutical manufacturing than anything. We often need to screen for impurities, and cyanide is a pretty common one.
I know some companies use spectroscopy (often raman) to scan select pills/capsules/vials to ensure there aren't any contaminants and to ensure the content is uniform throughout the pill rather than concentrated in one part.
Self hosted GitLab with a self-hosted LLM Provider connected to GitLab powering GitLab Duo. This should ensure that the data never gets outside your network, is never used in training data, and still allows you/staff to utilize LLMs. If you don’t want to self host an LLM, you could use something like Amazon Q, but then you’re trusting Amazon to do right by you.
GitHub won’t use private repos for training data. You’d have to believe that they were lying about their policies and coordinating a lot of engineers into a conspiracy where not a single one of them would whistleblow about it.
Copilot won’t send your data down a path that incorporates it into training data. Not unless you do something like Bring Your Own Key and then point it at one of the “free” public APIs that are only free because they use your inputs as training data. (EDIT: Or if you explicitly opt-in to the option to include your data in their training set, as pointed out below, though this shouldn’t be surprising)
It’s somewhere between myth and conspiracy theory that using Copilot, Claude, ChatGPT, etc. subscriptions will take your data and put it into their training set.
“GitHub Copilot for Individual users, however, can opt in and explicitly provide consent for their code to be used as training data. User engagement data is used to improve the performance of the Copilot Service; specifically, it’s used to fine-tune ranking, sort algorithms, and craft prompts.”
You speak in another comment about the “It would involve thousands or tens of thousands of engineers to execute. All of them would have to keep the conspiracy quiet.” yet if the pathway exists, it seems to me there is ample opportunity for un-opted-in data to take the pathway with plausible deniability of “whoops that’s a bug!” No need for thousands of engineers to be involved.
Or instead of a big conspiracy, maybe this code which was written for a client was later used by someone at the client who triggered the pathway volunteering the code for training?
Or the more likely explanation: That this vague internet anecdote from an anonymous person is talking about some simple and obvious code snippets that anyone or any LLM would have generated in the same function?
I think people like arguing conspiracy theories because you can jump through enough hoops to claim that it might be possible if enough of the right people coordinated to pull something off and keep it secret from everyone else.
My point is less “it’s all a big conspiracy” and more that this can fall into Hanlon’s razor territory. All it takes is not actually giving a shit about un-opted in code leaking into the training set for this to happen.
The existence of the ai generated studio ghibli meme proves ai models were trained on copyrighted data. Yet nobody’s been fired or sued. If nobody cares about that, why would anybody care about some random nobody’s code?
Anonymous Internet comment section stories are confused and/or lie a lot, too. I’m not sure why you have so much faith in them.
Also, this conspiracy requires coordination across two separate companies (GitHub for the repos and the LLM providers requesting private repos to integrate into training data). It would involve thousands or tens of thousands of engineers to execute. All of them would have to keep the conspiracy quiet.
It would also permanently taint their frontier models, opening them up to millions of lawsuits (across all GitHub users) and making them untouchable in the future, guaranteeing their demise as soon a single person involved decided to leak the fact that it was happening.
I know some people will never trust any corporation for anything and assume the worst, but this is the type of conspiracy that requires a lot of people from multiple companies to implement and keep quiet. It also has very low payoff for company-destroying levels of risk.
So if you don’t trust any companies (or you make decisions based on vague HN anecdotes claiming conspiracy theories) then I guess the only acceptable provider is to self-host on your own hardware.
Another thing that would permanently taint models and open their creators to lawsuits is if they were trained on many terabytes worth of pirated ebooks. Yet that didn't seem to stop Meta with Llama[0]. This industry is rife with such cases; OpenAI's CTO famously could not answer a simple question about whether Sora was trained on Youtube data or not. And now it seems they might be trained on video game content [1], which opens up another lawsuit avenue.
The key question from the perspective of the company is not whether there will be lawsuits, but whether the company will get away with it. And so far, the answer seems to be: "yes".
The only exception that is likely is private repos owned by enterprise customer. It's unlikely that GitHub would train LLMs on that, as the customer might walk away if they found out. And Fortune 500 companies have way more legal resources to sue them than random internet activists. But if you are not a paying customer, well, the cliche is that you are the product.
With the current admin I don't think they really have any legal exposure here. If they ever do get caught, it's easy enough to just issue some flimsy excuse about ACLs being "accidentally" omitted and then maybe they stop doing it for a little while.
This is going to be the same disruption as Airbnb or Uber. Move fast and break things. Why would you expect otherwise?
I work for <company>, we lie, in fact, many of us in our industry lie, to each other, but most importantly to regulators. I lie for them because I get paid to. I recommend you vote for any representative that is hostile towards the marketing industry.
And companies are conspirators by nature, plenty of large movie/game production companies manage to keep pretty quiet about game details and release-dates (and they often don't even pay well!).
I genuinely don't understand why you would legitimately "trust" a Corporation at all, actually, especially if it relates to them not generating revenue/marketshare where they otherwise could.
I found that this script broke Win+R Run dialog history by setting Start_TrackProgs. This was undocumented, and I had to disable it manually. (Worse yet, it doesn't show up on GitHub search because the .reg files are UTF-16.)
Thanks for the useful link!
I guess I am being overly paranoid, but I always also add a virus total check on top of it to make sure the file is clean [1]
[1] https://www.virustotal.com/gui/home/upload
Or better yet, jailbreak your kindle before the hole is closed, install koreader, and read epub natively. It's a much better reader compared to the built-in one anyway.
I skipped the amazon account registration and directly sideloaded the Google Play apps on my fire tablet.
Even for Google TVs you can skip the setup and use the TV as is. You can sideload APKs on this as well.
AFAIK, the account setup/login circumvention is not possible on fire tv sticks/google chromecasts.
You can take a very old android device factory reset it and continue using at as an offline only device without the blessings of google or amazon. (Except FRP devices)
But that is not the case with Apple, you need to connect it atleast once to the internet to activate the device.