noirscape

Some dude with some opinion

Oh boy. Seems YouTube ruined the internet. Again. What was the last time this happened? A month ago? Well, whichever it is, this time there seems to be some amount of misinformation floating around so I'm going to attempt to set the record straight, to the best of my ability.

Let's start with the most important thing you should take away from this post: I am not a lawyer. If you are a content creator and have urgent legal concerns, I recommend you speak with one, or perphaps even better attempt to get lawyers who make YouTube content (there's quite a few) to cover this matter (so more people can benefit from it).

Okay, that said, let's get into things.

What happened

So long story short, there is this US law called COPPA, also known as the Children's Online Privacy Protection Act. If you've grown up on the internet, like most kids these days you probably have ran into this law a couple times when registering on a forum when you were below 13. Or maybe you didn't, but that's neither here or there.

Either way, COPPA is a law that forbids unauthorized data collection on kids (you can collect data but you need consent of the parents and due to the inherent anonimity of the internet, the majority of sites opt to not bother with an additional step and just ban kids under 13 year old from talking on their platforms), originally designed after concerns that digital advertisers would attempt to keep track of the behavior of kids and use that to market products to their easily impressionable minds.

I can honestly say that the law is from beginning to end in my completely unprofessional opinion: A joke. The intent is nice, but the implementation leaves a lot to be desired. For starters, it causes a really weird schism, especially if you're a 12 year old. Due to the wording and the fact that most sites opt to forego the additional verification step, the result is that COPPA only has caused one thing: Teaching kids to lie about their age online, which of course has other side effects such as making it easier for predators to hide behind incorrect birthdates since “everyone just lies about their age anyway”.

So COPPA is a bit bad. It's also not a law that's heavily enforced since the government body that is tasked with doing so is the FTC, which isn't properly staffed to deal with the entirety of the internet. Frequently, you only see COPPA enforcement against larger corporations who very bluntly run afoul.

One such company is Google.

Google vs the FTC

Back in september 2019, Google was officially fined by the FTC for using the fact that they collected data on kids to advertise to YouTube advertisers, whilst not properly taking care of how they would still follow COPPA. It's the largest recorded COPPA fine in history, coming in over at 170 million USD.

Also, I'm just going to get overtly political for a second, but FTC fines are reached by a vote. This vote was done according to the so called “party line”, which is politics talk for “this is what the party they belong to thinks is right”. The results of the vote were 3-2, with Republicans being the 3 vote and Democrats being the 2 votes. If you're someone with the ability to vote, you might want to take the way the current committee is setup into account for the next time you get to elect an administration.

Overt political talk off, let's continue on. So YouTube was fined the 170 million USD and in response they promised to start attempting to take care of the issue with them collecting data on children, which was a part of the requirements of the fine they received from the FTC.

The way they've gone about this is... brute to say the least, and the flaw here is mainly due to how intensive data collection is on it's own, even when not marketed to advertisers to begin with. Specifically, Google promised to start treating any content that is made for children as only being watched by children. If that sounds weird or confusing, especially since it's Google, the company who knows everything about you, sometimes even before you know about you, there's a reason for it. Specifically, the reason they have to take this approach is because they can't collect data on kids anymore, which limits their ability to identify said audience.

Yesterday, November 20th 2019, Google laid out its stated plans to fulfill their promise. And... here is the issue.

Changes

The biggest change is that YouTube now requires content creators to specify whether their videos are made for kids or not. Videos that are made for kids take the aforementioned heavy handed approach, and end up disabling pretty much all capabilities the platform has for users to interact with it for that specific video. The video will not appear in notification boxes, will be removed from recommended videos, the “notification” function in a video, which permits linking to a poll or to another video on the platform is disabled, end screens (these work similar to notifications except they appear as full boxes on the last couple seconds of the video) are unusable and finally comment sections are disabled.

Personalised advertisements are also disabled for the video, which for content creators that rely on YouTubes ad system for their income (already a rare situation these days) has seen reductions for around 90% on their income.

This also comes hand in hand with to my understanding the videos now being able to appear in the “YouTube kids” app, an application that is designed by YouTube to prevent children from seeing adult content. The application for the record has gotten into the public eye in the past due to child predators using the fact videos can be marked as being “for children” to essentially remotely groom them. Scary stuff, and these changes could result in a very much risky growth of other undesirable (not on the level of child predator stuff) content for children appearing on the platform.

For existing creators, YouTube has also promised to let its own algorithms determine whether it's appropriate for children or not for existing uploads on the platform. Putting aside for the moment that YouTubes algorithms are questionable in the best case situation and outright dogcrap in the worst situation, the problem is that this is not enough to cover the asses of content creators.

Broad Strokes

The FTC has very clearly specified that they plan to go after content creators that appeal to children as long as they don't have their videos marked as appealing to children, with the risk of them getting 42000$ in fines per affected video.

And here is when we get to the broad strokes. You see, while the “is it made for children” question can often be answered with a clear cut yes or no, the question of “does it appeal to children” is a really broad one.

Few people will have confusion over Peppa Pig videos being aimed at children, a reupload of a song from the movie Frozen on the platform or someone playing a H-Game (a term for a game with adult content in it) with the NSFW scenes disabled appealing to adults. But what about say, a content creator who creates animations with gallows humor in it.

Hazbin Hotel, a recently released animated series pilot which has all the stylings of a Disney XD cartoon, whilst clearly not marketed in it's characters at children, is an example of content that unintentionally could result in appealing to children, even if they're not targeted at children. Under the FTC settlement, content creators who do this would have to mark their videos as being made for children, which incurs the aforementioned restrictions.

Or for another example, to continue with my “vaguely related examples from the not confusing list”: What about platforms like SiIvaGunner, whose entire existence is reliant on the fact that they make remixes and modifications to existing music tracks, often blending in music that could potentially appeal to children, but can just as easily be highly offensive and not something you'd want a child to hear. Well, their content would again be regarded as “appealing to children”, since video game music is something children can easily like, which would mark the videos as being targeted to children, causing your kids to start listening to remixes that for example could feature content based on JustinRPGs vore fetish for a dragon Pokemon. I don't need to be a moral guardian to point out how that's not what you want, but what could easily happen due to these broad strokes.

And probably for the most complex and ambigious situation: What about the largest segment of YouTube creators: Those that play video games. Let's Plays are a large enough part of YouTube and whilst a lot are very unprofessional and are just someone playing it whilst talking into the camera about boring things, others are high-value productions that aim to show the best they can of a particular game (chuggaaconroy is a really good example of this latter one). Does this content appeal to children? It's a though question, considering video games often appeal to people of all ages, which under these guidelines would make them marketed at children.

Duality

This comes high off the heels of the so called “YouTube adpocalypse”, after several major advertisers started pulling their ads from YouTube after a couple of news sites ran articles showcasing racist and similarly awful behavior of some of their major content creators (the biggest example being PewDiePie, but for lesser examples cases like Logan Paul and prank channels being dicks to homeless people are good examples of this blowing up in their face).

The response from YouTube was to start recommending creators who didn't want their videos demonitized to start making more “child friendly” content as well as reducing the ability for content creators to customize their video and link to affiliate sites.

And now YouTube seems to have put itself in a game of lose/lose, since this settlement will have a very clear effect: Creators who create content are now going to have to skew their content to be so blatantly adult that there could be no confusion as to what it is so that the FTC cannot sue them for COPPA violations, which then will result in YouTubes advertisers having to pull out since most don't want to be associated with that stuff and now nobody is happy anymore.

Risks

I mentioned it earlier, but the FTC isn't properly equipped to deal with the entirety of the internet, let alone a site the scale of YouTube. In response to these concerns, the FTC has claimed it will run and has the ability to run it's own bots to determine video content that violates COPPA guidelines and take action from there.

The realistic effect here will probably be that larger channels (those with at least 1 million subscribers would seem like a good cutoff point if I were the FTC for practical purposes) will end up being at bigger risk of being sued over this than smaller channels are.

Again, I'm not a lawyer and this shouldn't be an excuse to not take this issue seriously, it could totally affect smaller creators too.

Conclusion

Okay so that was all really damn negative. Is there any positive side? Well, the FTC is still accepting public comments and I would urge you to leave a comment. A serious one though, troll comments or just bombarding it with spammy messages isn't going to be helpful. Try to stay respectful and remember that a human on the other side will be tasked eventually with processing your comments. Basically don't be an arsewipe okay?

I would also like to point out that whilst I mainly spend time ranting and rambling about the negative knock-on effects that it doesn't change that Google did end up breaking COPPA in a significant way and the fine is entirely deserved. The issue here is with the FTC however, who have now made a conscious choice to put the onus on dealing with COPPA laws on content creators rather than Google.

Annoying dog/Toby Fox

So... Pokemon Sword and Shield is out. It's proving to be divisive, with fans pissed at Game Freak for cutting out the National Dex. This post isn't about that though. Instead, let's talk about it's music. Specifically, let's talk about how Toby Fox is a fucking masterful shitposter.

Toby Fox is a music composer and indie game developer that is mainly known for his work on Undertale, a charming game reminiscent of the JRPG Earthbound in it's style with bullet hell elements. Currently he's working on what appears to be a spiritual successor called Deltarune, which managed to grab the internet.

That said, this isn't his only work or even the thing that put him on the map. No, what put Toby on the map was his work on the Homestuck discography, for which he has provided around 70% of all tracks.

He also composed a track for Pokemon Sword and Shield, which is the subject of this little post.

Preamble: How Toby Fox got into contact with Nintendo

But before we talk about that, I should probably explain how Toby Fox managed to get into a collaboration with Nintendo to begin with. At it's simplest, whilst Toby was on a trip to Japan, he happened to run into Sakurai (from Kirby and Super Smash Bros.), who invited him over to his house to play video games, notably Smash Brothers.

The result of these events caused what appears to have been a friendship between the two, causing Toby to remix Megalovania for the fourth time and having Sakurai put Sans in Super Smash Bros. Ultimate.

Later, Toby was also invited to compose music for Little Town Hero, a game which didn't do so well, but it establishes that a connection with Toby and Nintendo has been formed.

And now... Pokemon Sword and Shield has a tune composed by Toby Fox in it.

The thing is though... the track is a reference to a shitpost Toby Fox made 9 years ago. How? Well, uh... let's talk about that.

Homestuck and MSPA forums

Most people have heard in some form of the webcomic slash internet phenomenon Homestuck. Whether you've read it or not, most people are at least to some extent aware of the... rabidness of some of it's more notorious fans.

Whilst I won't go into detail on the comic itself, the fanbase for Homestuck is... unique. People love to ship characters together (shipping being the act of putting two fictional characters into a relationship), and Homestuck is probably the ur-example of this being taken to it's extreme, with every character being paired up with another character in whatever way you could imagine.

The comics author, Andrew Hussie has mostly encouraged this and takes great delight in making fun of his rabid fanbase. Except... in one element.

You see, before Viz Media bought Homestuck and hosted the comic on homestuck.com, the comic was hosted on Hussies personal site, known as mspaintadventures. Attached to this site was a forum that was intended to discuss the comic.

Because the Homestuck fanbase can best be described as “every horrible and good thing from every single other fanbase out there blended into one” (which is only contributed to by the fact that the comic makes extreme use of pop culture, both obscure and not-obscure), the administrators of these forums inevitably ended up dealing with the worst elements, notably shippers who would pair up underage characters.

In an attempt to curb this, they added a rule to the forums, prohibiting the posting of art involving “pregnant kids”. The rule of course proved to be completely ineffective at stopping the rabid fans and was mocked all around.

And then Toby Fox took a go at it. Taking the forum rule to it's most bizarre form, he created an album called The Baby Is You which very clearly was intended to make light of the rule in question.

It's... its a treat. To explain for those who haven't read the comic: The album is about the character Dave, who is pregnant (note: Dave is male) with his best friend John (who is the protagonist of the webcomic and is also male). It's by all accounts something closely resembling a protest album and the songs very clearly take shots at the ineffectiveness of the rule and is great if you like absurdist humor.

The ensuing result is that Toby Fox got temporarily banned from MSPA forums, the album itself was taken down (but as you can see by the link, it's been spread online anyway) and I'm not 100% on this last part but I think the rule has been reversed.

Now why did I ramble on about an (admittedly very funny) incident that happened in 2010 that most people wouldn't know about. Well... the thing is, that protest album made it's way into Pokemon Sword and Shield.

The Baby is You

Specifically, I'm talking about the track “A Baby Legend – The Baby is 2”, which is the final track on the album. It's essentially a sarcastic recap which then ends in a kinda catchy beat.

And guess what beat made it into Sword and Shield. Yes. That one. Below I've embedded a video about it which compares the two tracks.

And... this is hilarious. Toby Fox, you've done it. Congratulations, you win the internet. I tip my hat off to you, I bloody damn salute you.

DragonInjector store promotional artwork

Note: DragonInjector promo art used under fair use.

So, yours truly got himself an early copy of the DragonInjector.

In exchange for this, I have been asked to give feedback of my copy, and because I like flexing my writing muscle, I have decided to write a full-on review.

What is the DragonInjector?

The DragonInjector is essentially an all-in-one gadget for Switch hacking. It combines an M0 trinket with a jig and it fits in the gamecard slot. It's a device I've been looking forward to for over a year now, and I'm super curious to see what the actual product looks like. It came in with the mail today, so let's give it a look!

Casing

Image of the case front

My copy of the DragonInjector shipped with a case that makes it look like a Nintendo Switch game. There's not much to speak off for the front, but it gives the entire project a sense of legitimacy I never really got from my DS flashcard, which shipped in a shoddy silver box.

Image of the case back

The back however is where the fun for me begins. I love the little attentions to details here, it really feels like a real back blurb for a switch game and reminds me of some recoatings for the game “Cubic Ninja” that advertised the Homebrew Launcher, and it really just helps give a bigger sense of legitimacy to the product.

The casing also came with a small transparent sticker to prevent the case from falling open. Small, but again, loving the attention to detail.

Image of case inside

Inside the case, the aforementioned love for details just keeps continuing. Bundled exclusively in my copy is a smaller version of the case art, with the inside being signed by the creator (benefits of being an early adopter \^–^).

In addition, the inside version of the case art features a beatiful instruction set on the left, rendered as an SSH client. It features a list of features and explains what each of the included tools are for.

On the right, an infographic detailing how the DragonInjector's battery can be replaced and an infographic detailing how to access the injector and the jig from the gamecard is visible. The build number is written in silver pen.

Also bundled are a USB key to change the DragonInjectors firmware, the injector itself (it'd be trash without one!) and a screwdriver that can be used to replace the battery.

All in all, this case just shows the passion behind this project.

The Injector itself

Okay, so let's talk about the actual thing, the reason I spend money on it to begin with.

Build quality

Picture of the front

The DI is a 3d printed object, but if you'd ask me, that really doesn't serve as a degradation of it's quality, but rather as an attest to how far the quality of 3D printing has come.

Picture of the back

Whilst my copy is not stickered (and instead, I've been given stickers so I can choose the color of my injector), I've been told that future injectors will ship with a sticker on the front that will show the build number.

Injector in the switch

The injector fits very well in the gamecard slot, with considerably little effort being needed to make it fit well. There's a little bit of jankiness in fitting it in the Switch, but honestly, it's negliglibe and should be seen as more this being a casing in the shape of a gamecard slot than an actual gamecard. I've had more issues with a Nintendo DS flaschard in my 3DS.

All in all, solid build quality.

Let's talk about the components.

Picture of jig and payload launcher

Jig

A part of the Injector is the Jig. To access the Jig, you have to slide off the top of the injector, then slide out the jig itself. The first time I did this, the jig actually was a bit hindered and I hade to use my nail to get it loose, but I'm pretty sure this is something that will just be worn to something useful over time.

Picture of jig loose

To test the jig, I put my Switch out of AutoRCM for the first time in 1.5 years and booted it normally.

To use the jig, you just slide it down the right joycon rail at a 45 degree angle, then boot the switch while holding Volume Up. The one thing I do wish had been clearer was the fact that I had to turn the transistor facing away from the switch, not towards the switch (one can argue this is a me moment, but hey).

Injector

Picture of injector

The injector is the bottom half after you slide off the top and is easily the highlight for me. To use it, simply put the USB-C end in your Switch and plug it in your Switch.

This takes me to the booter firmware: DragonBoot. One issue I noticed almost immediately was that I got FatFS error 5. Further investigation, this seemed to have occurred because I was missing a payload for DragonBoot to boot from.

One quick trip to Hekate's download page later, and I now have the latest version of Hekate on /dragonboot/ on my SD card and it worked perfectly.

For a future firmware update to DragonBoot, it would be nice if it would be possible for this to show something nicer than a FatFS error.

Other minor stuff

I tested the dongle. It works... kinda fine? I had some issues with connecting it to my computer, but that was ironed out pretty fast.

I didn't test the scewdriver or the battery yet, but it looks super easy and the fact the screwdriver is bundled means I'm unlikely to risk losing it.

Conclusion

The DragonInjector is an absolute must-have for any Switch hacker. There's some minor prerelease issues with DragonBoot that I'm sure will be sorted out by the actual release and I'm super happy with it.

So... yeah, go pick one up. The actual released injectors can eventually be bought here, so keep an eye out for that.

Disclosure: Product was purchased early. Actual product might have minor differences from this review.

Or: How to improve your asyncio code!

So uh... yeah, this is just a definition. I'll quickly explain why this is. Also, I'll note that I wasn't brought up on this idea on my own, it's essentially something I found online but I think it's important to keep in mind that a lot of people who do asyncio don't use this pattern and spreading awareness of it will help a lot!

(I modeled this design document after the ones on oodesign.com, except y'know, I use Python code instead of Java)

Producer-Consumer-Worker pattern

Intent

When working in asynchronous code, usage of the producer-consumer pattern is common. The producer-consumer-worker pattern builds on this pattern.

The solution provided here is the Producer-Consumer-Worker pattern.

Implementation

This UML is probably wrong, but at it's simplest:

  • The Producer adds a task to the Queue.
  • The Consumers duty is to retrieve a task from the Queue.
  • When the consumer retrieves a task, it starts a Worker.

Applicability and examples

The reasoning for this is that the normal producer-consumer pattern is not useful for asynchronous code, as it is not resistant to potential exceptions. When running asynchronous code, one of the benefits is that even if one part of the event loop crashes, the rest of the loop can keep running. However in a traditional producer-consumer pattern, this means that in the situation the consumer crashes, the producer will aimlessly keep adding tasks to the queue without a consumer to answer it.

Specific problem and implementation

Example involving possibly crashing code

import asyncio
import random

queue = asyncio.Queue()

async def producer():
    task = {}
    task["crash"] = bool(random.getrandbits(1))
    await queue.put(task)

async def consumer():
    while True:
        task = await queue.get()
        loop = asyncio.get_event_loop()
        loop.create_task(task)

async def worker(task):
    if task["crash"]:
        raise Exception("Crashed!")
    print("Didn't crash!")

async def main():
    loop = asyncio.get_event_loop()
    loop.create_task(consumer())
    for _ in range(0, 10):
        loop.create_task(producer())

asyncio.run(main())
Explanation of methods and objects involved
queue

This is an asynchronous Queue, as provided by the asyncio standard library. It provides the queue that both the consumer and the worker use.

producer()

This asynchronous method determines on a random basis if the worker should crash or not, and then adds the output to the queue.

consumer()

This asynchronous method is started when the event loop begins and constantly waits for new input on the queue (This is what the await queue.get() call is for).

After that it creates a new task for the worker with the task as the assignment and adds it to the event loop.

worker(task)

This asynchronous method is created and started by the consumer. It simply runs a check on if it should crash, and if it does, it raises a generic Exception. Otherwise, it prints a message.

main()

Main asynchronous function and the entrypoint. It starts the consumer and creates 10 producers.

asyncio.run

stdlib function that starts main.

Conclusion

Without the worker involved in this task, if the asyncio consumer crashes (even though in this example it's arbitrary, in cases when working with web APIs which might not always be online) the entire consumer portion would be halted and as a result the loop would seemingly be able to continue fine but as the consumer would no longer be running, the producer will just add tasks to the queue without them ever being ran.

This also improves concurrency as the worker is another task on the event loop, which means that the consumer can continously keep retrieving tasks from the queue without it being blocked by the execution of said task.

I've wanted to write about Stallman for a long time. Countless drafts have turned through my head, considered arguments and article structure, but whenever I actually wound up sitting down to write them out? I just felt mentally too tired to actually write them.

Not right now though. With Stallman having resigned from the FSFs directors position, I think it's important to take a deeper examination as to why Stallman resigned, what the issue is with Stallman as a whole and most importantly: What this means for the future of the FSF/GNU.

Why Stallman resigned

It's been iterated on a lot, but long story short, a few days ago, Stallman made some appaling comments on the MIT/CSAIL mailing list. These comments specifically concerned Marvin Minsky, the creator of the MIT AI lab. Minsky was one of the people that was implicated in the controversial pedophilia case surrounding Jeffrey Epstein as one of the people that Epstein told one of the accussers to sleep with, however as Minsky died in January 2016, this means that he was never accused formally of the crime (accusations against Minsky came to light in August of that same year).

The comments in question have been incorrectly cited by major publications (specifically, the publications went with the narrative that Stallman said that “she [Epsteins victim] would have been entirely willing”, which is a subtle misquote, as the word missing is “have been presented as entirely willing”, but the difference is somewhat minor-ish on the whole, but more on that in a bit).

As a result of this fallout, Stallman has resigned from the FSF and has been let go from MIT/CSAIL as a 'visiting professor'.

Now, one can argue that because the publications went with an incorrect quote, Stallman is essentially absolved from any blame and this is just another call out from “the esjeedoubleyous that want to destroy tech”. However, I would instead argue that the actual difference between what Stallman was claimed to have said and what he actually said is there, but the resulting impact should still have occurred, because the comments are reprehensible either way.

To be precise, what Stallman said was that Epstein likely coerced his victim to appear as “willing” in front of Minsky. Now this if youre debating on Stallmans level seems like an important distinction. If you live in non-crazy land, this distinction barely matters, because, coercion or not, “I didn't know about it” isn't an excuse that holds up on crimes of this magnitude.

It's also quickly forgotten by most comments I see made on the matter that Stallman tossed this up as an hypothesis, with little evidence aside from “Stallman thinks its logical for Epstein to do this”. You know what we call that? An argument that runs on Appeal to Common Sense. Which is a logical fallacy.

I should probably also add in that Stallmans position at MITs CSAIL was entirely because Minsky sponsored Stallman to come on as a visiting professor in the first place (more on this in a bit).

So what we seem to have here is someone who doesn't seem to be able to understand that his best friend likely might have been a sexual predator and is engaging in apologist behavior for said behavior on little ground other than “I think this makes sense”.

This is irrelevant on whether Stallmans hypothesis is true or not (to be clear, even the story Stallman presents would have landed Minsky prison time as a pedophile under the jurisdiction of the Virgin Islands), but his response to the legal argument (which in this case would be decisive) is uh...

“I think it is morally absurd to define “rape” in a way that depends on minor details such as which country it was in or whether the victim was 18 years old or 17.”

I don't think I have to explain this, but... “minor details such as age when it comes to rape”? Are you fucking kidding me? Blegh.

Anyway, the fallout due to this was... well, the usual situation. People got riled up, Stallman attempted to issue a non-apology, later made the utterly baffling statement on his personal political page (more on this page in general later) that sex with minors is a bad thing and that he finally understands that and today he's been let go from CSAIL and the FSF.

Caught up? Good. Now let's see why this is a thing that should have happened a long time ago.

Stallmans political views

No matter how you put it, Stallman is a political figure. FOSS is by design extremely left leaning in it's nature (particularly the copyleft, which is a core element of these licenses). He is also extremely closely tied to the FSF, to the point where I have noted that I see the FSF and GNU Foundation in general of being a personality cult around Stallman to friends.

With that in mind, we oughta talk about Stallmans views, because they're something that propagates heavily throughout the FSF.

To wit:

  • Stallman is a free speech absolutist, with all the core flaws this implies. He'll stick up for any kind of horrific speech and fundamentally misunderstands XKCD 1357 to apply it to corporations.
  • Stallman believes that necrophilia should be legalized, seeing it as the second thing he would want to have happen to his own body after his death (the main thing being used for medical science).
  • Stallman believes that bestiality should be legalized, mainly not seeing the issue because a parrot tried to mate with his arm once and he found it a funny experience after learning what happened and wouldn't mind it occuring again and because some animals try to mate with humans on their own (ignoring the fact that we cannot see what an animal thinks nor can we ask them about it and as a result can't give consent).
  • Stallman believes pedophilia shouldn't be illegal based on the notion that the main issue surrounding it is a social stigma (to be fair to him; due to the incident I described earlier, Stallman has retracted this statement, but he's held it for ~15 years, so it bears mention!)

Feel properly disgusted yet? Well, like I said, these views tend to exist throughout the GNU/FSF, meaning that whenever Stallman gets flak for his political views, there's a large army of defenders for each and every single one of these.

Other things he believes should be legal, but I couldn't find any direct reasons to (although I could deduce the why): Possession of child pornography and incest.

Oh yeah, he also wants weed legalized, but somehow managed to describe it in the most pretentious way possible:

Besides, I often enjoy rhinophytonecrophilia (nasal sex with dead plants).

I uh... that isn't really disgusting (nor bad, legalization of weed for medical purposes I support), but it kinda sets the tone for anything involving him, doesn't it? A pretentious blowhard who says something using complicated words because it makes him look smart.

Moving on.

Personal Hygiene

Do I... do I have to? Okay, I'll spend as little time on this as possible since this is truly disgusting.

Stallman eats gunk from between his toes. I kid you not, there's a YouTube video of him doing this, look it up, I'm not going to for my own sanity.

On computing

Okay, so we've gotten the already weird parts out of the way, now we have to actually talk about Stallmans influence on computing as a whole.

Stallman is oft credited as the founding father of the Free Software movement, it having born from a series of incidents in CSAIL, which saw a large number of those working in it being poached away by larger corporations. Stallman in response made the “heroic” act of leaving CSAIL and starting the GNU Foundation and the FSF.

Why do I put heroic in quotes there? Because yes, the situation at CSAIL from all accounts I could find on the internet was abhorrent, Stallman never really left CSAIL. He formally resigned from CSAIL, but only for a short while, as he later was given an essentially permanent status as Visiting Professor at the lab (this essentially meant that he got a free office, which in Stallmans case also has been his legal address for the past several decades since his house burnt down in the late 1980s and he hasn't bothered to find a new one since.)

Visiting Professor also meant that while he didn't get paid by MIT for being there, he would have full access to all mailing lists and accounts for their faculties. From accounts I have found on the internet, this for the most part meant that Stallman could spend most of his time popping into software lists and complaining that they should license their work under the GPL or asking for projects that used JavaScript in sites to work without them (this because Stallman has an archaic internet setup that means any page he wants to visit gets send to an email daemon, which downloads and reformats the page and then emails it to him). Very impactful work indeed.

It kinda puts things into a different perspective if this hero just turns out to have been in the same place he's been all this time, except now he's free to spend his time to complain at students not following his ideology.

On actual programming now, for realsies!

Let's now get into Stallmans actual relevant work for the Free Software movement. Whilst he deserves credit for y'know, making the GPL and writing the original version of the GNU coreutils... for the past 10 years or so, Stallmans main influences on the movement have been these:

  • Serve as the public figurehead. (with the issues I mentioned in the political views part, so also a PR nightmare)
  • Make PRs to emacs
  • Complain on mailing lists about arbitrary things that irritate him. (GNU/Linux)
  • Abuse his power as the head of the FSF to keep in a dumb joke about abortion that was incredibly Americentric and unfunny to begin with.
  • Use his power as the head of the FSF to forbid merging code that would improve cross-compatability with not-FOSS software.

That's... not good. We've gone from someone who essentially wrote the foundation of Linux's popularity to someone who can at the most positive be described as a grandpa who yells at cloud and at it's most negative as little above a really persistent internet troll who manages to keep in power only because he started with some legitimacy. (The inbetween and the one I subscribe to: Stallman is a demagogue).

In short, Stallmans contributions as of the past decade don't weigh up against his former status as the head of FSF/GNU.

Luckily he's been fired though.

The FSF moving forward

In the numerous drafts I've made of articles of a similar tone to this one, I often conflated the FSF and Stallman, since again, their views share a lot. However, them firing Stallman gives me the idea that either this view was underinformed or perphaps more likely, has shifted over the years.

That said, even though Stallman is now gone, the views that he's permeated over the past decades have not. The FSF will need to get a tight grip on any of Stallmans “followers” that are currently becoming a very vocal minority on the internet that believe that Stallman shouldn't have been let go and that he's the Jesus of programming.

I do express hope here that the dust will settle though, and that moving forward, the FSF can find a better public face for their beliefs than Stallman.

Tackling one common defense

A common defense that I see pop up whenever people address these issues with Stallman (I'm hardly the first to do so) is that we should give him a pass because he says he is neuroatypical (aka has autism).

I very likely have a form of autism. Several of my friends have autism. None of us are even remotely close to the appalling behavior Stallman displays.

Autism means that I fail reading the room sometimes, misinterpret a joke as being a serious statement, fail to understand a social obligation and so on. And I have worked hard to not have it happen as often. I have learned social cues, and so have many of my friends. If you wouldn't spend extensive time with me, you probably wouldn't even know I had it.

Stallman putting his defense here on autism is offensive to autistic people. Even if he has it, the excuse isn't that he's autistic, the issue is that he doesn't bother learning how to deal with it.

Being autistic doesn't excuse you from being an asshole. It gives you some recompense, but a consistent repetition of the same asshole behavior over and over again just means you're a goddamn asshole.

Conclusion

🦀🦀🦀Stallman is gone🦀🦀🦀

Tags: #FOSS #Stallman #FreeSoftware

Let's talk about that good old boogeyman of internet security: Passwords. No reason, I just want to talk about it.

Why passwords suck

Let's be honest. Passwords suck. Let's go over why:

  • Too many passwords. Every service needs a password these days. There are initiatives like OAuth that help simplify the process by linking it to a different account, but really that's just shifting the issue to a different service.
  • Too many passwords leads to bad password hygiene: Passwords are often reused (by far the biggest sin of password management).
  • Passwords are also commonly reused, sometimes with a single digit altered.

The band-aid: Password managers

Password managers are a band-aid over the problem. They permit you to create long and secure passwords and you only have to remember your master password to get access to all your passwords.

That said, this essentially turns your password manager into your single point of failure. Once an attacker hijacks your manager, they control your entire system. Not good.

The possible solution: 2FA

2FA is probably one of the few solutions that will prove to be viable in the long run, although to realize it's full potential, it needs to see more use in Desktop tools and be longer than just 6 numbers.

The demon: Apple

Apple sucks. No really, they do. Even with passwords. For whatever stupid reason, sites can instruct Safari to refuse the usage of the Keychain app, and many sites do, thereby obstructing the viability of the Keychain app as an automated password manager.

Screw apple.

Nothing too curious this time, I just wanted to vent a little.

I don't have good files hygiene. I suffer from a tedency to hoard data. And when I say hoard, I mean hoard. All of my computers and laptops are a complete utter mess of files, with stuff often appearing in doubles or left forgotten in some file structure. And really... it's a shame! Like, really. I should be able to do better. So let's try and bring organization to this mess of data and get STRUCTURED.

I mainly write this post as a sort of “collaborative journey”. You basically get to see my direct thoughts on organizing and what systems I'll be using.

Step 0: Defining categories

A very important step indeed. When starting off with organizing data, we first need to look at the kind of data that I have obtained over the years.

In general, I am capable of pointing out these “big” categories:

  • Important documents. These are things like emails, contracts I have had to sign, secure keys and so on and so forth. These in the worst case can linger in my downloads folder.
  • University work. University assignments are very messy. Most IDEs have their own dedicated folder, but when I work on say, an essay, I tend to just dump it in a folder. As a result, most projects for courses exist in about 4 places at once or in a git repository, which are spread out all over my filesystem.
  • Arbitrary downloads I just did to see what I wanted out of them.
  • Anime, movies and media in general.
  • Personal programming projects. Most of these are laid out across my filesystem but in general don't really have much structure. They almost all can also be found on my GitHub or on my Gitea instance, but again not all and I'm fairly sure I have a GitLab account floating around somewhere.

With these big categories sorted out, let's find ways to tackle each.

Step 1: Existing organization software

One that I rolled just in “media” previously are images. I save a lot of images. I think on an average estimate I download anywhere between 50 and a 1000 images per day. The overwhelming majority of this is fanart. I suspect that in total, the amount of images I save are around 75GB, and this number is increasing.

Luckily for me, there is a very easy solution for this. Conventional photo management applications mostly suck, and the manual labor involved to tag this many images is probably not feasible, but luckily for me there exists software specific to solve this issue.

I'm of course talking about booru software. Booru, which is Japanese for “cardboard box” originates from the Danbooru project. A number of implementations exist, and I've actually been experimenting on and off with these for a few years now.

That said, I think I have finally found the booru software that I want to work with. I've been using it for a little over a year now and it's called szurubooru. Unlike Danbooru (and it's direct derivative Moebooru), which is a Ruby project that is... difficult to deploy, Myimouto, which is a PHP project that has lied abandoned for several years (I attempted a short lived fork to implement some minor things, but then gave up since it's fucking PHP and I have better things to do with my time) and Gelbooru 0.1.x (which is not only PHP, but is also fundamentally broken and extremely limited in features), Szurubooru has pretty much hit all the essential hallmarks for an existing organization system that fits my needs.

To make it clear, when I use existing systems, I typically look at the following “main” concepts:

  • Ease of deploy. This is a big one. If your software requires me to sacrifice fourteen goats, scream RMSs name while standing in a pentagram underneath a full moon, I probably will just not use your software. Or in a less comedic tone: Deploying your software should never be more difficult than filling out a configuration file and running a few commands. Dependencies aren't an issue as long as they're clearly defined.
  • Ease of use. Second thing that's extremely important to me: You may have the best software in the world, but if it's nearly impossible to use for me, I'll skip it. A good example of this is Hydrus. Hydrus is intended to be a desktop application that functions like a booru. Unfortunately for Hydrus, the UI is a big mess, it crashes a lot and the author doesn't understand git and uses it like dropbox and the application is extremely clunky. You don't have to be a professional designer to make me want to use your tool, but never leave customization of your UI to the extreme that Hydrus does it.
  • Must be suitable for a single user situation. If your tool works great for communities, then that's awesome! But if you can't make it work for me as an individual, then I'm sorry, but I'll have to pass. A good example of this ties back to Hydrus. Hydrus for whatever reason doesn't automatically accept imported images. Rather, it imports them into an inbox. This is extremely weird, until you realize that Hydrus is more designed to crawl websites for images and the inbox is the approval situation. However in my case, this is completely unneccesary. I get the images using my own sources and I don't have to approve them. It adds a needless step to a reasonably easy process.
  • Easy to “pull out”. Let's face it, software changes over time. Maybe your tool doesn't fully have everything I wanted or you introduced a feature I don't like or something else comes along and I want to use that. In this situation, it should be considered extremely important for me that I can still easily grab my data and move to another platform/tool. This can be accomplished in many ways, but even if it's just “have an API that lets me grab all my data”, it's good enough in most cases already.

Szurubooru hits all of these for me. There's no approval system, usage is as easy as uploading the images (and with a few scripts I use, I can automate that to make it comfortable from my phone and my computer) and the only wrinkle is tagging, which I solved using a python library and a small webapp that can reverse search images.

There's no pointless approval steps in the program either, I can limit signups and pulling out is as easy as simply transferring stuff through the API or failing that, just moving the images folder on my hard disk to my new system.

Oh and it's deployed in less than 5 minutes and updating is just as easy, since it's all done with docker.

Images and short movies: SOLVED.

What about comics though. Comics are another category I kind of have issues with. I collect a lot of them, mainly doujinshi and most are simply stored in a zip format until I want to view them. Luckily for me, again a tool exists that hits the previous needs: Lanraragi. It's perl, but thanks to how well it uses docker, it never needs to take issues with that. Data importing is so easy it's practically not a thing: I just have to put all my doujins in one folder. Pulling out is equally as easy, the zips are never modified while it runs.

Doujinshi: Solved

Step 2: Custom organization software

Okay this tackled a few things. It's not nearly everything though. So how do we fix the rest?

Well, for this I turn to the promising Johnny Decimal system. Johnny Decimal is a system based on the Dewey Decimal Classification. Dewey Decimal is a system designed for libraries to organize books. Luckily for me, my dataset greatly resembles that of a library.

Dewey Decimal uses a simple system, but there's some flaws that require modification to make it work with an individual blip of data.

The idea behind Dewey is that everything exists within a category. For example, books about religion have the super category 200. That means that if I pick a book with Dewey classification 232, I would know that it is going to be about religion. This method continues downwards. So in our previous number, the category 230 is about Christianity specifically (Dewey is an American system, so 200 is mostly about Christian subjects with other religions being a footnote in category 290, which is unfortunate but fuck it, this is an example). Then, for a more specific subject, the classification 232 is about Jesus Christ & his family.

Again, sorry for the religious stuff, but it works well enough to illustrate the core principle: Every subcategory relates to the previous categories in a well established system.

Dewey Decimal then also permits you to go even further and declare specific subcategories on these systems for living or dead authors, for specific fields of a science and so on and so forth.

So should we just copy Dewey and call it a day? I mean, we could, and Deweys system would certainly bring a structure in that data, but it doesn't bring in a structure of data that I would be comfortable with navigating per se.

For example, I download a lot of anime. According to Dewey, all of this would go under 741. But should I really categorize Itadaki Seieki (NSFW!) in the same category as JoJo's Bizarre Adventure? Probably not, unless I want to embarass myself when navigating my file system.

That's where Johnny Decimal comes in. You see, Johnny also examined the Dewey Decimal system and thought it was a good idea. But he changed one crucial element: He doesn't rely on Dewey's specific implementation of the system.

Instead, he encourages you to construct a smaller system and have multiple you can navigate through, with all categories and definitions set up by you.

Johnny's system is particularly appealing if you're a designer or an artist who often works on projects related to their job. His system is great at bringing order to that chaos. But it does have it's limitations that make it somewhat useless to my interests.

So we must break these limitations. Specifically, for me, the biggest issue is that Johnny encourages you to limit your system to at maximum 100 categories, with no more than 10 root categories. Johnny does have an answer if you have more than 10 root categories but it's just not really adequate: It amounts to “have more than one system” or “you haven't properly split out your categories”.

So I'll be doing something a bit more closer to the Dewey Decimal system and move away a little bit from Johnny's system: I have 100 root categories and 999 counter categories. Unlike Dewey, there is no obligation for root category 020 (on my laptop where I do this already; 020 is Multimedia) to relate in any form to category 030 (Projects), but category 021 (Anime) is related to category 023 (Movies).

The actual files themselves are then stored in a subfolder of that. For example, the Neon Genesis Evangelion anime is stored in category 021.001. 001 is just a counter here, it doesn't have any actual bearing on the rest of the anime in that folder (exemplified by 002 being Hellsing Ultimate, a show in a markedly different genre).

This is also where I break Johnny's rule intentionally: Johnny says you should stop at this. Once you reach the counter, everything below that must be a flat structure. That is where I disagree. Consider for a second category 034.001. 034 is my Uni work, and 001 refers to the course Data Structures & Algorithms.

Except here I hit an issue. For category 034.001, my goal is to store both the practical assignments and the college assignments. Johnny Decimal would say that I have to split out 034.001 into two subcategories. This however is weird. After all, 034.001 should be about DS&A, and splitting that out means that I have stuff that is about DS&A but is stored in a different folder, even if what is stored there is tangentially related. To solve this, I simply extend the system with another dot.

To understand this better, here's how I would visit a lesson on Recursion:

cd ~/johnny-decimal/030 Projects/034 University/034.001 Data Structures & Algorithms/034.001.10 Colleges/034.001.11 Recursion

Oh boi. So to unpack this:

  • 030 is about the root category Projects.
  • 034 is specifically about university related projects.
  • 034.001 is about the course Data Structures & Algorithms
  • 034.001.10 colleges is about colleges related to Data Structres & Alogrithms.
  • 034.001.11 is about the college data related to Recursion.

As you can see, here I opted to go for a smaller subset. This is because subcategories just shouldn't reach more than 10 entries (at that point you can just increase the digits anyway, but I would also consider just wondering if you couldn't be splitting up your results better.

Subcategories are optional for me, not every dataset benefits or gains anything from them and some are entirely incompatible with it and require their own structure (for example, a programming project wouldn't be deeper categorizable than this, because of the fact that those projects have their own structures).

And that's pretty much it. I'm currently looking for ways to improve it further, but right now, I use the following two zsh methods to get the most out of this system (borrowed from Johnny):

access_jd_root_function () {
        cd ~/johnny-decimal/*/${1}*
}

access_jd_specific_function () {
        cd ~/johnny-decimal/*/*/${1}*
}


export access_jd_specific_function
export access_jd_root_function

alias cjd='access_jd_specific_function'
alias jd='access_jd_root_function'

cjd allows me to enter a specific directory from wherever I am. ie. 034.001 would permit me to enter the Data Structures category. jd allows me to access 034 (University) just as easily. Syntax is cjd 034.001 and jd 034. Easy as that.

One final thought on mapping out the structure: Easy, yet so hard. I could just use tree, but that would get messy. Perphaps a database system? But those are clunky. I tried airtable as suggested by Johnny, but I didn't like it.

A readme is an option, certainly but markdown table syntax is a pain to use.

I don't plan to use this on emails and the like, those are and always be a mess because E-Mail sucks.

And... I think that's it. That's the system I'll be using to organize my data in a general sense.

Got any suggestions, questions or even improvements to this system? Please let me know! You can comment on this blog with utteranc.es assuming you're viewing it directly and not from a federated site (if you are, just uh visit the original page and you'll find it).

Hooooo boy. The internet sure as hell has blown up as of late hasn't it? I seriously don't envy being an indie game dev these days.

Anyways, for the uninitiated or the late backlash, several prominent indie developers have stepped forward with allegations of abuse from other developers. Whilst I won't touch on the rest, I want to talk today with you about... Starbound.

Image used under belief of fair use. Credits: gog.com

So... Starbound was one of the games that was put under flak for this entire debacle. Specifically, the entire thing was lighted off after the former artist and writer demanrisu, spoke up about going unpaid. This received a lot of flak. Eventually information came to light that the intent was that none of the artists, writers and composers were initially intended to get paid for their work and instead were asked to work for “exposure”.

Exposure

Now me explaining what exposure is is very much preaching to the choir, but for the four of you that haven't met it yet, “exposure” is a term from the creative industry. Specifically, working for “exposure” means that you'll effectively not be getting paid, but you can add that project to your portfolio, meaning you can get an actual paid job later.

It's also an abusive tactic used by con artists. The people that get asked to work for “exposure” usually aren't industry veterans (because the industry veterans know bullshit when it smells like it and generally reject it), but are typically people that just graduated or are still interning.

Now, there's many many people who can tell you about the horrors of this situation and how rampant it is in any creative industry, but I'll just summarize myself to this: If you are currently working unpaid for someone, leave. They're not gonna pay you “later”. If there's no contract that states you get a wage for what you do, leave. Those people aren't worth your time, and they sure as hell aren't making sure you will be properly fed.

If you need to build a portfolio, do it yourself. If you're an artist, make an art gallery, if you're a musician compose music in your spare time, if you're a programmer, make some awesome FOSS stuff. The crux is that you should be doing it and nobody else. You are the only person that you don't have to pay for your work.

Anyway, with that basic bit out of the way (since everyone and their mum has talked about it): Let's talk about a second “magical” thing that popped up during this: The fact that Tiyuri, the CEO of Chucklefish can best be described as a major asshole.

Workplace professionalism

Something none of the big talk really mentioned aside from in passing is the rather baffling lack of professionalism that seemed to have been going on in the company.

Most of my source for this is from former writer Rhopunzel, who has actually been talking about this since 2016 on the SomethingAwful forums 1 and 2 (note: using archive.org since SA archives old threads). And this is.. staggering.

To be clear: The development of the game seems to mostly have been aimless from the start, with the initial design pitch seemingly just being completely ignored for a completely different game. Whilst there is the obvious talk about “exposure” work going on, there's also a couple of “interesting” claims in there.

To sift through this and provide a summary:

  • There were three artists (Rhopunzel, GeorgeV and Legris), three coders (Kyren, Omni and Bartwe), the level designer (Armagon) and Tiy and a whole slew of unpaid contributors.
  • Legris left after the first payment.
  • Tiy also added random girls to the dev chat who'd randomly leave later on. During the more general implosion, Rhopunzel also publicized the actual reason for these people leaving: Tiy purely invited them to flirt with them and then drum them out when it stopped being funny.
  • The game mostly sold based on the merits of being tied to Terraria.
  • Tiy wanted everyone to move to their new offices in the UK. Any developer that didn't want to move over wasn't fired, but was systematically drummed out by dead-ending them. Rhopunzel and seemingly bartwe left due to this.
  • The preorder money (the kickstarter) was purely used to ensure the artists and coders got paid. Zero of it all went to direct game development, it was purely to make sure the developers got paid for the work they were already doing.
  • Tiy pulled the same “haha you want to be paid for your work” thing on a Russian, who put keyloggers in the build he send to Tiy in revenge. This is how the game got leaked early on 4chan.
  • Kyren was pretty much hired because one developer was nigh-impossible to work with (considering the names and the fact that Rhopunzel speaks positively of bartwe, this is almost guaranteed to be Omni), and she almost resigned. Then, in exchange for essentially terminating bartwe and Omnis contracts, she became the lead developer and her code is what runs starbound today.
  • Tiy wanted a Serval (a wild cat as a pet) and when told that it would be a bad idea, he wanted a bearded dragon instead.
  • The code for starbound is only good because Kyren was an amazing developer.
  • The company had a “flat business structure”, which meant that there was no management and abusive/mistreating behavior from other employees often went unchecked and the product is mostly aimless as a result.
  • Tiy was just an “ideas guy”. Notably, he'd write everything from a debating perspective, including press announcements, which he would write himself, rather than the actual community manager.

This... this doesn't paint a good picture. No, seriously. If a business does this kind of behavior, see this as a huge red flag to not even come close to them. Find your money somewhere else.

The fact that my job, which is a minimum wage cashier job for a supermarket chain, treats me better than this joke of a company and CEO does is just fucking sad.

Poor game design

But maybe you don't care about that. Starbound was trash anyway, so why bother with it?

The problem is that all of these things directly influenced the game. If you make this claim, you probably started playing either during or after the Giraffe betas. The reason I say this is because up until the Enraged Koala, Starbound was much less trash.

It was Terraria in space. That was what it was, and it had a ton of good lore attached to it. Only a few mechanics, but they were all pretty well fleshed out, the structure of the game made sense and you weren't hogtied to play the game.

Then, during the Giraffe betas, this excellent base of a game was just... tossed out. No, seriously. All the lore was scrapped, a lot of mechanical depth was removed from the game, all of the charm was removed for a “new direction”. This new direction being a couple of predefined missions and removing all of the unique racial gear that wasn't armor and redesigning the game to accommodate to specific playstyles without the weaponry to back it up.

In addition, all the lore was seemingly taken out, presumably because due to the new direction, the old design of the game was too grimdark, which didn't mesh well with the newer, brighter, happier design style they were going for. The new lore is just... inadequate. It's not a fun game, it's not a game that makes you go “wooow, that's actually interesting”. It's a game with a super shallow lore, and everything just feels artificial in places where it didn't before.

Then they added a bunch of new mechanics, that pretty much all have equally as much depth as the hollowed out husks of the former mechanics. The result is that you have a game in which there is a whole lot to do but very little that's actually worthwhile doing.

Combine that with the game also incredibly arbitrary railroading the player in the Giraffe updates (Koalas were pretty much open-ended), and the game also wasn't fun to play. It would introduce a mechanic, then scrap it moments later in exchange for another.

Let me stress this: Starbound went from a well balanced and well designed, Early Access game that I bought and loved for the fact that it seemed so promising and so finished to a game that was more unfinished from when I started playing it.

And this is something that confused me so much up until this day. Like, I never really pointed it out because if I'm being honest, there's much more time I can spend than talking about a trashy indie.

But adding the previous mismanagement of the games structure on top of it all? Well. That's an explanation. A really fucking good one. If all of your designers, artists and coders left because they weren't paid or because the CEO was a twat and you seemingly had to scrape by with whatever people would be willing to uncomfortably accept your trash? Hell, at that point I'm surprised the game turned out as good as it did.

Conclusion

Fuck, I guess we have to do one of these now? I mean, I kinda did one. But... I might as well do this anyway. I have a wiki page on my github to download older versions of Starbound. Give it a go! To be clear, the command you would need to get Enraged is

download_depot 211820 211821 1181941016889826211

Give it a go, because that's the version that had passion still left in it. Moreso than those working on the game right now I'd say.

Heya, short announcement here, but I now have a comment system on this blog that I can actually read! So if you were following me, you can now also leave a comment and it won't disappear in the Fediverse inbox like normal comments do.

To that end, let's talk specifically about my choice for this: utteranc.es

Why not Disqus

It sucks. Really bad. Disqus if anything is an example on what I don't want from a comment section.

It actively promotes cruft/cluttering talk, the identation on conversations is more tiring than it's useful, it's an absolutely abomination to use on mobile and it's sign in feature is extremely wonky.

So no, I set out with this on the specific goal that I didn't want to use Disqus.

Instead, I'm using utteranc.es

What is utteranc.es

Utteranc.es is a comment tool that maps items on a GitHub issue tracker to a blogpost. This is for my use, nothing short of amazing.

Let me explain why:

  • Most of my blogposts are written from a technical point of view or detail technology. The most likely readers of course are going to be people with a similar interest in technology. This also means that they will likely have a GitHub account.
  • For those who don't trust utteranc.es one time OAuth with GitHub (and you know, that's valid!), once a comment thread exists, you can just comment on it on GitHub itself and it'll magically appear in the comments here.
  • Utteranc.es takes care of all the annoying legwork needed to map and create the issues, at least when working from the comment section on this blog. So that's cool!
  • Spambots usually don't bother with spamming GitHub issues, so there's less moderation needed on that end.
  • I get an email every time someone leaves a comment on a GitHub issue, so why not leverage that to make the comment section a nice thread I can stay subscribed to in my mailbox and comment in as needed.
  • The general linear nature of conversation means that cruft is less likely to pop up. In addition, GitHubs emote reaction feature should filter out a lot of the usual “haha funny lol” and “+1” comments that plague blogposts.

So yeah, it really fits my usecase well. I have it set to map on the og:title, so issue titles should map seamlessly to the dumb titles I give these posts.

Give it a go down below if you're brave enough to put up with my unfunny jokes!

I didn't want to do this. I legitimately wanted to give DYKG a chance to fix stuff. But it didn't happen and now we're left with nothing else. Time to write that original blog I said I was going to write a while ago.

DYKNG

Preface

Okay, so to those of you who didn't understand that previous paragraph, allow me to explain. 2 weeks ago, as of writing, Did You Know Gaming (the YouTube channel) put out a video about Nintendo Switch Piracy & Hacking. And... it's bad. Like, REALLY bad. It's rife with outdated and incorrect information and goes out of it's way to characterize the entire Nintendo console homebrew scene as nothing more than a den of pirates.

In case you didn't know, I kinda give a fuck about the homebrew and hacking scene. I've met friends and the like there and I love seeing people make awesome stuff for Nintendo consoles, which in and of itself remain to this date just about the only consoles I wholeheartedly recommend.

So... when this video came out and I watched it, I kinda got irritated and considered writing a blogpost about it at the time. That post was never made, because a friend of mine had informed me that DYKG had reached out and asked involved hackers and scene members to point out exactly what was broken with the script[1]. Whilst at the time I was busy and a number of people had pointed out flaws before I could get to it, I opted to not write the blogpost in question. Instead, I gave DYKG the benefit of the doubt. I would wait and see what they would do and give tips on what was incorrect in their script. Supposedly, they would be retracting their previous video and creating a new one based on the concerns we raised.

So... I waited. For reference, I first got confirmation that the script that we added comments to was send off to DYKG for the first time on July 15th. As you can see, it is 28th of July. To the best of my knowledge, DYKG has not responded in any form to the modified script in any shape, way or form. Nary so much as a comment on their original video, a response to the email that was sent to them, anything on their Twitter feed. I have checked this.

With me getting this out of the way, my patience sort of has run dry, as one might guess. So let's make that original blogpost. Let's do a minute-by-minute takedown on DYKGs original video.

For those of you who want to watch along, I have put an embed below or you can watch the video yourself here

Beat? Set? Go.

The setup will be as follows: I will go over the video on timestamps. I'll clearly state if there is a visual or a script concern/error (the video has issues on both of these ends).

first couple seconds are a promotion for the since passed New Jersey GamerCon. As these do not relate to the video, I will skip over them.

  • 0:21 Visual concern: The intro screen. Solely focuses on piracy, there is no mention of hacking whatsoever. Strange for a video that claims to focus on both.

Hacking

  • 0:43 Script error: 7.0.0 did not introduce a “scrambled batch of code”. It introduces a signed[2] TSEC[3] payload that prevented CFW that booted Horizon[4] from working.
  • 0:53 Script error: “elmirorac” is motezazer. elmirorac is their Twitter handle.
    • General concern: No mention about the actual method that was devised to get past this. It's called sept and could definetly get a mention in the video.
  • 0:57 Script error: I can't fault DYKG too much. Most tech media took this single example of “cross-pollution” so to say and ran with it, whereas it so far has not proven the case on other hacked Switches, meaning it is for all purposes an unverifiable claim.
  • 1:12 Script concern: “A bug found in the Nvidia Tegra X1 allowed hackers access to the Switch's bootrom to install a range of programs on the Switch”. This is more... confusing than incorrect. The Tegra X1 bug (known as fusee-gelee) allows access to the Tegra's own Recovery Mode which due to an exploit permits unsigned code execution. Due to the specific methods involved for Switch Hacking, generally nothing is ever installed to the Switch itself (everything exists on the SD card).
  • 1:40 Visual error: This is the Recovery Mode of Horizon[4]. It is not the Recovery Mode of the Tegra X1. That mode does not have a GUI and is just a black screen. This issue pops up several times in the video. In combination with the script talking about the X1,
  • 1:47 Script concern: While switch-linux is interesting, it more or less works seperately from the actual homebrew involved and can exist completely separate from any CFW. (In addition, it would be recommendable to instead show footage from linux4tegra, as it is better performance wise, especially for dolphin footage.)
  • 2:04 Script concern/error: A mixed bag of both. Nintendo didn't really fix much of anything. They simply decreased the maximum allowed payload size (configurable only while the Switch is still in the factory) to 0. While an actual fixed chip exists (called Mariko. This one is all but guaranteed to be in the Switch Lite, with the only reason we can't say it is being that nobody got their hands on one yet), this one is not out yet at the time of writing in regular units.
  • 2:16 Script concern: “Model 1” is a very weird way to describe these Switches. The most common designation is typically unpatched, but as this might not work narratively for the script, launch Switches is also an option.
  • 2:28 Script concern: Kate Temkin is cited several times throughout the video. Whilst inevitably, this is unavoidable to some extent, the video does not in any shape way or form make clear that she is no longer involved with Switch Hacking in any form, due to selling someone else's exploit to Google without that persons consent. As a result, most quotes and mention of her work tends to be outdated or inaccurate in this video due to advancements and new knowledge on the Switch.
    • Kate did not make fusee-gelee. Fusee-gelee is the name of the exploit (which the video doesn't fully make clear, but fail0verflow discovered the same exploit but called it ShoFEL2), mentioned earlier, she did not make the launcher (that would be a program called fusee-launcher.)
    • On that note, whilst Kate did report the bug to Nvidia and Nintendo, an anonymous user on the board 4chan either found or leaked the bug about a month before it's official disclosure date.
  • 3:18 Script error: This developer should be called langer hans, not by their real name (It is generally impolite to use real names if users have handles that can be used instead that aren't outright indicative of their real names). Their work however should also be credited under the switchroot hacking group rather than their individual work as it is the result of collaborative work.
  • 3:25 Script concern: Freebird is indeed capable of overclocking, but the project is not open source, meaning that mentioning it is a security concern, particularly since an open source version exists (sys-clk). In addition, both tools permit overclocking (and underclocking) the CPU, not just the GPU.
  • 3:33 Script concern: Amir Rajan has little involvement with the hacking scene, nor is he an indie developer. He instead merely ported the mentioned game over. In addition, the Ruby interpreter in question was vulnerable to an exploit (as well as being a thinly veiled sales pitch for a paid 40$ Ruby programming library Rajan developed).
  • 4:41 Script error: DevMenu is part of the SDK. It is not a part of the Switch itself. One doesn't “break into it”. One deliberately chooses to install it and it was leaked online (with all legal ramifications of sharing software that was granted under strict non-disclosure agreements). There is nothing 'innocent' about this.
  • 4:52 Script concern: This puts the square of the issue in the hands of the hackers. The real fact of the matter is that the Switch merely uploaded whatever was set as the profile picture to Nintendo's servers, rather than issue a request to set it remotely.
  • 5:11 Script error: This is ass covering. Reis general behavior outside of public locations (such as Twitter) seem to suggest more that Rei is the type of person to actively encourage this kind of behavior. To suggest he's actually sorry is nothing short of a lie.

Piracy

  • 6:21 Script concern: This is a very simple boilerplate way of explaining the Warez scene in general (not particular to the Switch) and could easily be left out, given how it's both inaccurate for the specifics of the scene and doesn't really work in general.
  • 6:36 Script concern: This characterizes any and all developers who do reverse engineering or coding work in the scene as doing it purely for piracy due to it's position in the video. Numerous people in the scene do not do reverse engineering work for the sole purpose of piracy, but rather do them in order to allow general purpose homebrew to exist and work. Often reverse engineering has little to do within regards to piracy itself but is more about permitting custom programs (homebrew) to be able to access more in the Switch (such as the internal browser).
  • 6:52 Script and Visual error: This is not how Switch piracy works and it somehow mischaracterizes game keys (which can often also be found in physical copies these days) as purely being reviewer keys. In addition, the suggestion is made that these keys can be reused. They cannot be.
  • 7:02 Script and Visual error: Hooo boi. This one is so massively wrong. Where to start. Let's do it in sequence
    • Visual error: See what I wrote at 1:40.
    • A “boot menu” isn't installed. Assuming this is referring to a bootloader, it isn't even downloaded to the Switch but rather to a peripheral device which then sends the bootloader to the Switch.
    • The “boot menu” doesn't launch homebrew. It is purely a bootloader, similar to the purpose of grub on an actual PC. It lets you choose what to boot. The actual homebrew menu (a piece of software designed to launch homebrew) can be loaded in if the bootloader is set up to do so.
    • Similarly wrong here is the supposed need for an external program to launch these games. Signature patches to two specific Nintendo Switch modules are needed for piracy, but they are not separate programs.
  • 7:26 Script error: This version wasn't uploaded to 4chan but rather to a piracy guild.
  • 7:29 Script error: DAuther isn't a piracy tool. Rather, it is used to generate a token that permits browsing the eShop (and even then only the metadata backend part is accessible, meaning no piracy can be done using it.)
  • 7:41 Script error: A certificate is not a “code”.

Team Xecuter

  • 8:48 Visual and Script error: Visual error is that you're showing off “SX Installer”, a rebranded illegal copy of “DZ” (a program which I've written about before in the context of it's developer). The script error and I cannot believe you're making me say something 'positive' (even if that comes with a giant asterisk and several other subquotes) about SX OS is that it since version 1.3 has stubbed out the call to the brick code, meaning it is rendered inaccesible to normal users and the program just loops instead.
    • To revolve this back at TX and DYKG not being accurate though: SX OS's original brick code would trigger the moment it detected anything out of place, including concerns within regards to hardware temperature accidentally being able to trigger it.
  • 9:01 Script error: Accusations aren't accusations anymore if they're proven. And they have been. See my old blog here for the bulk of it.
  • 9:10 Script concern/error: This refers to Kates old Fusee FAQ, which is considered widely outdated. Team Xecuter did not drop the “zero day” (referring to fusee-gelee). This was done by an anonymous 4chan user. This is entirely due to neglect on Kates end, which is sensible considering she's no longer a part of the hacking scene.
  • 10:40 Script error: Again, this isn't a mere speculation, this is proof and it is not a hardware flag. The Nintendo Switch has various reporting services build into it. These reporting services keep track of playtime, crash reports and size of stuff on the MMC chip. If any of these are considered out of place, the user is banned. It should be noted that for non-piracy homebrew, it is sufficient to redirect only the crash reports, as playtime and size reports only end up being off when it comes to piracy (and faking these is a suspicious move as a large number of similar reports will break). These services keep the logs offline until the Switch connects to a wifi network, upon which the Switch will attempt to upload the logs it hasn't uploaded yet.
  • 11:45 Script concern: Team Xecuter are without a reason beyond a doubt horrid horrid people. This statement is flat out false. Their product includes Nintendo code (notably lotus gamecard headers), encryption keys and large parts of GPL licensed software which is not following the requirements of the GPL. Including it leads to inappropriate validation of their statements being taken as fact.

After this a short outro fact plays and the general DYKG outro as well.

Conclusion

I cannot blame DYKG too much for these errors. A large part of this comes from the fact that the tech industry's reporting on console hacking in general is... notoriously poor and for the most part, they seemed to have taken only the reports made by the tech industry for their sources, rather than actually investigating on the matter.

This was my view before I heard of the collaborative effort to try and give them a chance to fix it. With that currently standing at about two weeks in with DYKG essentially having gone radio silent, that view while not completely gone is now in a much more cynical light, considering they seemed interested in attempting to fix their flaws, but aren't following up on them in the slightest.

Quite a shame, I used to really like Did You Know Gaming.

Credits

To the many people who made the Switch scene possible. As well as special credits to the original people involved with the editable document for pointing out stuff I missed.

Extra notes

[1]: I do not consider this private information. The document that was used for edits was publicly available in ReSwitcheds #off-topic channel. [2]: Signed: This means something is valid or created by a specific entity. The cryptography parts involved around this is beyond the scope of this post. [3]: The TSEC is a specific processor on the Switch's motherboard that handles security. [4]: Horizon OS is the Switch's “official OS”.