Open source software

razer-built-a-game-streaming-app-on-top-of-moonlight,-and-it’s-not-too-bad

Razer built a game-streaming app on top of Moonlight, and it’s not too bad

game streaming, gaming, GPL, GPL 3, Moonlight, NVIDIA, Open source software, pc remote play, razer, razer pc remote play, sunshine / /

I intentionally touched as few settings as I could on each device (minus a curious poke or two at the “Optimize” option), and the experience was fairly streamlined. I didn’t have to set resolutions or guess at a data-streaming rate; Razer defaults to 30Mbps, which generally provides rock-solid 1080p and pretty smooth 1440p-ish resolutions. My main complaints were the missing tricks I had picked up in Moonlight, like holding the start/menu button to activate a temporary mouse cursor or hitting a button combination to exit out of games.

Razer’s app is not limited to Steam games like Steam Link or Xbox/Game Pass titles like Remote Play and can work with pretty much any game you have installed. It is, however, limited to Windows and the major mobile platforms, leaving out Macs, Apple TVs, Linux, Steam Deck and other handhelds, Raspberry Pi setups, and so on. Still, for what it does, it works pretty well, and its interface, while Razer-green and a bit showy, was easier to navigate than Moonlight. I did not, for example, have to look up the launching executables and runtime options for certain games to make them launch directly from my mobile device.

Streaming-wise, I noticed no particular differences from the Moonlight experience, which one might expect, given the shared codebase. The default choice of streaming at my iPad’s native screen resolution and refresh rate saved me the headaches of figuring out the right balance of black box cut-offs and resolution that I would typically go through with Steam Link or sometimes Moonlight.

Razer built a game-streaming app on top of Moonlight, and it’s not too bad Read More »

large-enterprises-scramble-after-supply-chain-attack-spills-their-secrets

Large enterprises scramble after supply-chain attack spills their secrets

Biz & IT, Open source software, Security, supply chain attack, tj-actions / /

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer account, in the latest open source supply-chain attack to roil the Internet.

The corrupted package, tj-actions/changed-files, is part of tj-actions, a collection of files that’s used by more than 23,000 organizations. Tj-actions is one of many GitHub Actions, a form of platform for streamlining software available on the open source developer platform. Actions are a core means of implementing what’s known as CI/CD, short for Continuous Integration and Continuous Deployment (or Continuous Delivery).

Scraping server memory at scale

On Friday or earlier, the source code for all versions of tj-actions/changed-files received unauthorized updates that changed the “tags” developers use to reference specific code versions. The tags pointed to a publicly available file that copies the internal memory of severs running it, searches for credentials, and writes them to a log. In the aftermath, many publicly accessible repositories running tj-actions ended up displaying their most sensitive credentials in logs anyone could view.

“The scary part of actions is that they can often modify the source code of the repository that is using them and access any secret variables associated with a workflow,” HD Moore, founder and CEO of runZero and an expert in open source security, said in an interview. “The most paranoid use of actions is to audit all of the source code, then pin the specific commit hash instead of the tag into the … the workflow, but this is a hassle.”

Large enterprises scramble after supply-chain attack spills their secrets Read More »