Month: February 2021

• 

  Fight it? Or tame it? In Valheim, you get to make this choice, and many others, over the span of a lengthy, randomly generated adventure.

Valheim is Steam's latest top-selling, out-of-nowhere indie game, and from some angles, it sure looks the part. Depending on what screenshots you stumble upon, you might get some serious PlayStation 1 nostalgia vibes, with characters, animals, and trees that look straight out of the first '90s Tomb Raider game.

We've seen this before when it comes to Steam Early Access hits, usually because a game maker spends more time on gameplay and depth, not screenshots. Hence, it's not surprising to notice similarities to other survival-creation fare like Minecraft and Rust, where glitchy simplicity is part of the charm. But starting and ending with the graphics in this epic, Viking-tinged tale misses the modern-gaming forest for the blocky-voxel trees.

To understand why the $20 Valheim has surpassed the 2 million sales mark in only 13 days, and why its Early Access buyers can't get enough of it, you have to scrape a few hours beneath the comparison-heady surface level. Get that far, and the game's allure becomes clearer. This is a survival game made by people who really like survival games—but don't necessarily like the genre's tedium.

Enlarge (credit: Getty Images)

Last week, a researcher demonstrated a new supply-chain attack that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. Now, fellow researchers are peppering the Internet with copycat packages, with more than 150 of them detected so far.

The technique was unveiled last Tuesday by security researcher Alex Birsan. His so-called dependency confusion or namespace confusion attack starts by placing malicious code in an official public repository such as NPM, PyPI, or RubyGems. By giving the submissions the same package name as dependencies used by companies such as Apple, Microsoft, Tesla, and 33 other companies, Birsan was able to get these companies to automatically download and install the counterfeit code.

Automatic pwnage

Dependencies are public code libraries or packages that developers use to add common types of functionality to the software they write. By leveraging the work of thousands of their open source peers, developers are spared the hassle and expense of creating the code themselves. The developer’s code automatically downloads and incorporates the dependency, or any update to it, either from the developer’s local computer or from a public repository.