-
Posts
7125 -
Joined
-
Last visited
About speed-of-heat
- Birthday 04/12/1966
Personal Information
-
Flight Simulators
DCS
-
Location
UK
-
Interests
Computers, Martial Arts, Family
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
speed-of-heat started following SimApp Pro - Trojan , Tomcat is much harder to do aerial refueling than hornet , Event 09 and 3 others
-
Tomcat is much harder to do aerial refueling than hornet
speed-of-heat replied to Ddg1500's topic in DCS: F-14A & B
Something that I found difficult until I realised that both wing swing and maneuver flaps help with the trim needed for level flight.. Bomb position is a good starting point, but, vary the wing dependant on the tanker speed... -
thanks! and corrected dyslexia and i couldn't spot one of my own spelling mistakes if it was throttling me corrected ... thanks that's what exactly i was looking for!!!
-
sniper 01 and 02 spear in or mid air at the g warm...
-
if they don't maintain it who will... it wont magically update itself ? certificate pinning could be used to limit access to specific sites, but, then we are in a different world of what is the criteria who maintains it and buys the certs etc..., otherwise it becomes quite difficult to limit actual access for example a suborned link could be used by a motivated attacker, why would they be motivated money typically, ransom ware, vandalisim, the list goes on. in the example they specifically show it going out to an arbitrary website, yes it happens to have DCS content on it and i actually use that site myself ... but what happens when that site links to another and so on ... who is going to maintain the whitelist, most games do not include a live internet browser for a reason ... this is one of them I don't think they thought it was dangerous when in one of the first versions of IE they enabled arbitrary code execution remotely via a URL.. everyone thought it was a great idea until the bad guys started using it... even then i remember some of the more frantic calls begging to keep this functionality enabled... The problem is the implications for "good use" are easy and clear where as the implications for "abuse" are not clear and hard to understand, because of 2nd and 3rd order problems... and hard even for security professionals with 4 decades in the field to understand ... and TBH neither HB or ED are experts in the field of security.. because their exposed threat surface is small ... a browser changes that massively so, hilariously so...
-
I am pleased that the default state, is to only use local data sources on the device, however, if you allow access to the Internet, then then it must be part of your threat model, and it requires appropriate mitigation in order to manage the risk... And appropriate security testing... And controls... Just saying "don't use a feature" is not a realistic control... As it is prone to user error, or deliberate exploitation. Especially because as I have said we largely have been recommended to turn off security features in windows (Av etc...) on the folders containing dcs, for performance reasons, something that until now made sense, because of the limited attack surface in play. Adding the browser in this way changes that. I remain concerned that a browser is being used here in this way, especially with such a small team, I am less concerned about the use of a chromium based browser , per-say, though I do care what features will be in your build of chrome. And again how you will maintain the integrity of the browser, given dcs's own patch update schedule. Also bearing in mind that any customisation will complicate your ability to patch the browser... I would strongly recommend you consider this approach of allowing browsing access to Internet resources, as it will have consequences that will be difficult for a small Dev team to manage... Ranging from sand box escapes, to custom tab vulnerabilities to Skia, to WebSQL and on...and on...
-
@IronMikeThanks for the status update. I am sorry about the health issues your team has faced, and hope they are all through the worst of it, and are continuing towards good health. As much as I am excited by this I am also gravelly concerned about the implications of putting a browser in game, the security implications of that are actually staggering, given that a browser is one of the most significant attack surfaces on a computer today. And keeping a browser up to date is a very difficult and time consuming task even for a full fledged Dev team that is only updating a browser, even if what you are doing is delivering an instance of Chromium based browser you are recompiling (just ask the Microsoft Edge Dev team!) this concern is even higher given that most guidance for dcs suggests excluding it from most anti-malware programs for performance reasons. Chrome and edge both recieve daily updates in some cases to mitigate threats, given that dcs itself only receives updates monthly, how are you mitigating these issues?
- 89 replies
-
- 10
-
Feeling pretty demoralised with my DCS journey.
speed-of-heat replied to Toastfrenzy's topic in DCS 2.9
JoyPro ... Holdi601/JoystickProfiler: Joystick Profiler Utility (github.com) is the answer to "HOTAS" mapping problems -
Hi sorry for a stupid question, if i am engaged , will jester fire expendables (chaff and flare) without my intervention or do i have to command him to dispense (if so how) ? or am i just making sure the dispense mode is correct and pressing the DLC ??
-
Do you have anything bound to the hmd brightness axis?
-
likely a FP
- 3 replies
-
- simapp pro
- trojan
-
(and 1 more)
Tagged with:
-
Thanks @BIGNEWY I know they will work hard to find what I am sure is a difficult to track down problem. As I am sure you are aware these quite sophisticated campaigns rely on this to deliver their immersive storytelling, and this sort of bug significantly undermines the value that they have
-
ah this again @BIGNEWY... I can't remember if it was yourself( @Reflected) or BD who put out the poll about why people don't buy or engage in campaigns as much anymore ... but this is likely a reason ... not angry ... just frustrated ...