Jump to content

speed-of-heat

Members
  • Posts

    7125
  • Joined

  • Last visited

About speed-of-heat

  • Birthday 04/12/1966

Personal Information

  • Flight Simulators
    DCS
  • Location
    UK
  • Interests
    Computers, Martial Arts, Family

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Something that I found difficult until I realised that both wing swing and maneuver flaps help with the trim needed for level flight.. Bomb position is a good starting point, but, vary the wing dependant on the tanker speed...
  2. thanks! and corrected dyslexia and i couldn't spot one of my own spelling mistakes if it was throttling me corrected ... thanks that's what exactly i was looking for!!!
  3. sniper 01 and 02 spear in or mid air at the g warm...
  4. if any link is made to any internet based content you cannot make that guarantee... if you are not allowing any access to the internet but only to code/data/lua that is local you need to say so explicitly ... and i will breathe a happy sigh of relief.
  5. more that your phantom has an attack surface not exhibited in almost any other game/sim/module... that could be used to hack your computer ... thats what the sandbox bypass enables...
  6. if they don't maintain it who will... it wont magically update itself ? certificate pinning could be used to limit access to specific sites, but, then we are in a different world of what is the criteria who maintains it and buys the certs etc..., otherwise it becomes quite difficult to limit actual access for example a suborned link could be used by a motivated attacker, why would they be motivated money typically, ransom ware, vandalisim, the list goes on. in the example they specifically show it going out to an arbitrary website, yes it happens to have DCS content on it and i actually use that site myself ... but what happens when that site links to another and so on ... who is going to maintain the whitelist, most games do not include a live internet browser for a reason ... this is one of them I don't think they thought it was dangerous when in one of the first versions of IE they enabled arbitrary code execution remotely via a URL.. everyone thought it was a great idea until the bad guys started using it... even then i remember some of the more frantic calls begging to keep this functionality enabled... The problem is the implications for "good use" are easy and clear where as the implications for "abuse" are not clear and hard to understand, because of 2nd and 3rd order problems... and hard even for security professionals with 4 decades in the field to understand ... and TBH neither HB or ED are experts in the field of security.. because their exposed threat surface is small ... a browser changes that massively so, hilariously so...
  7. Agreed, and that's why I really don't mind it per-say as an idea... ( And I will amend my comment ts earlier to reflect that) but, having seen close at hand the work that goes on to adequately maintain a chromium fork just from a security perspective, this is not trivial...
  8. I am pleased that the default state, is to only use local data sources on the device, however, if you allow access to the Internet, then then it must be part of your threat model, and it requires appropriate mitigation in order to manage the risk... And appropriate security testing... And controls... Just saying "don't use a feature" is not a realistic control... As it is prone to user error, or deliberate exploitation. Especially because as I have said we largely have been recommended to turn off security features in windows (Av etc...) on the folders containing dcs, for performance reasons, something that until now made sense, because of the limited attack surface in play. Adding the browser in this way changes that. I remain concerned that a browser is being used here in this way, especially with such a small team, I am less concerned about the use of a chromium based browser , per-say, though I do care what features will be in your build of chrome. And again how you will maintain the integrity of the browser, given dcs's own patch update schedule. Also bearing in mind that any customisation will complicate your ability to patch the browser... I would strongly recommend you consider this approach of allowing browsing access to Internet resources, as it will have consequences that will be difficult for a small Dev team to manage... Ranging from sand box escapes, to custom tab vulnerabilities to Skia, to WebSQL and on...and on...
  9. @IronMikeThanks for the status update. I am sorry about the health issues your team has faced, and hope they are all through the worst of it, and are continuing towards good health. As much as I am excited by this I am also gravelly concerned about the implications of putting a browser in game, the security implications of that are actually staggering, given that a browser is one of the most significant attack surfaces on a computer today. And keeping a browser up to date is a very difficult and time consuming task even for a full fledged Dev team that is only updating a browser, even if what you are doing is delivering an instance of Chromium based browser you are recompiling (just ask the Microsoft Edge Dev team!) this concern is even higher given that most guidance for dcs suggests excluding it from most anti-malware programs for performance reasons. Chrome and edge both recieve daily updates in some cases to mitigate threats, given that dcs itself only receives updates monthly, how are you mitigating these issues?
  10. JoyPro ... Holdi601/JoystickProfiler: Joystick Profiler Utility (github.com) is the answer to "HOTAS" mapping problems
  11. Hi sorry for a stupid question, if i am engaged , will jester fire expendables (chaff and flare) without my intervention or do i have to command him to dispense (if so how) ? or am i just making sure the dispense mode is correct and pressing the DLC ??
  12. Do you have anything bound to the hmd brightness axis?
  13. Thanks @BIGNEWY I know they will work hard to find what I am sure is a difficult to track down problem. As I am sure you are aware these quite sophisticated campaigns rely on this to deliver their immersive storytelling, and this sort of bug significantly undermines the value that they have
  14. ah this again @BIGNEWY... I can't remember if it was yourself( @Reflected) or BD who put out the poll about why people don't buy or engage in campaigns as much anymore ... but this is likely a reason ... not angry ... just frustrated ...
×
×
  • Create New...