chameleon

Not sure, but I can reproduce it on my end. The actual download pages on get.videolan.org have ads, the main site does not.

Can’t wait for a new generation to rediscover the exciting fun of having to survive Kil’Jaeden’s balls and whatever that darkness phase is even supposed to be, despite the boss technically hitting 1 HP in 5 seconds.

The whole “don’t look anything up before playing it” genre of cryptic puzzle-ish games where saying nearly anything about it is a spoiler. There’s not all that many of them, but somehow they’re all games where people go in with no expectations and either love it or bounce off of it really fast. The entire internet can scream at you to play Outer Wilds, but nobody wants to tell you why.

Out of the ones I played, I had the lowest expectations/highest payoff for Void Stranger; on the surface it looks just like a pretty average sokoban with gameboy-styled graphics and a surprisingly good soundtrack. And that’s pretty much what it is, except the sokoban isn’t really why you play it, even though you’re gonna be playing a lot of it.

Steam changed it so that popularity metrics are mostly ignored during the first couple days of Next Fest. This started with the October 2024 run, and it’s a big part of why you no longer have the good demos popping up quickly at the start. To my knowledge, they never published details on it, but there was a short blurb in the developer Q&A. Things should get better starting sometime tomorrow (tends to be day 3 or day 4).

The idea is that it gives games that don’t have pre-existing marketing a way better chance of success, instead of the really massive snowball effect that used to exist where devs lost out for the entire thing if they weren’t popular within the first couple of hours, but it has made it a hell of a job to look for new games.

Mother/“EarthBound Beginnings” definitively has the late 80s/early 90s RPG smell with its grindiness and rocky difficulty curve, but is still pretty damn good if that’s not a dealbreaker. The official translation came out in 2014, but is reasonably accurate.

Gradius and especially Gradius 2 are classic shmups for a reason, but the much bigger hitboxes take some real adjusting if you’re used to modern bullet hell ones.

I’ve seen the claim around but I’m highly skeptical of it. DDR5 is far too slow for anything where memory bandwidth really matters, any newly produced chip that’s gonna be used for AI is on HBM3 or HBM3e, or possibly GDDR6/GDDR7 if it’s a GPU pulled from the consumer segment. HBM5 is still a very, very early research project and is certainly not being produced yet.

The idea is interesting, but $13/month for one ‘mystery’ album from an artist you (most likely) don’t know feels rather up there.

Kamaeru: A Frog Refuge is also free for the week. Decent slow-burn game for a particular type of frog enthusiast.

All true, wanted to add on to this:

Note that smart peeps say that the docker socket is not safe as read-only.

That’s true, and it’s not just something mildly imperfect, read-only straight up does nothing. For connecting to a socket, Linux ignores read-only mount state and only checks write permission on the socket itself. Read-only would only make it impossible to make a new socket there. Once you do have a connection, that connection can write anything it wants to it. Traefik and other “read-only” uses still have to send GET queries for the data they need, so that’s happening for legitimate use cases too.

If you really need a “GET-only” Docker socket, it has to be done with some other kind of mechanism, and frankly the options aren’t very good. Docker has authorization plugins that seem like too much of a headache to set up, and proxies don’t seem very good to me either.

Or TLDR: :ro or stripping off permission bits doesn’t do anything aside from potentially break all uses for the socket. If it can connect at all, it’s root-equivalent or has all privileges of your rootless user, unless you took other steps. That might or might not be a massive problem for your setup, but it is something you should know when doing it.

The modern breed of CAPTCHAs is mostly only trying to verify that it’s a full-fat browser. undetected-chromedriver, camoufox, pydoll, patchright and a million other libraries/tools exist. Nothing’s perfect and it’s a cat & mouse game, but this single incident is a sample size of one as well.

https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1339

Everything regarding enforcement is early stages but what they’re aiming for is much more specific than chat control and is based on existing wording in the Digital Services Act.

They’ve been flagging physical carts showing up in multiple places at the same time since the very moment the first Switch flashcart appeared (so likely before we ever had our hands on any). Places discussing the flashcart had been talking about increased detection and bans for a year or so.

It was even done on the 3DS before that. The 3DS had a whole tiny niche ecosystem of people selling “private headers”, dumping only the unique per cartridge info and selling it with the promise that they’d only sell any given header to one person. That too had a few instances of normal people complaining about bans with pre-owned games.

Steam for Linux is mixed 32/64, unfortunately the main executable (~/.local/share/Steam/ubuntu12_32/steam) and its associated steamclient library continues to be 32-bit only and runs with a couple of horribly dated libraries in the mix. That process does pretty much everything aside from the UI.

There’s a disclaimer in the readme: https://github.com/juanfont/headscale/?tab=readme-ov-file#disclaimer

The maintainer Tailscale contributes happens to be the lead developer by commit count at the moment.

They also had a major ass security issue that a security company should not be able to get away with the other day: assuming everyone with access to an email domain trusts each other unless it’s a known-to-them freemail address. And it was by design “to reduce friction”.

I don’t think a security company where an intentional decision like that can pass through design, development and review can make security products that are fit for purpose. This extends to their published client tooling as used by Headscale, and to some extent the Headscale maintainer hours contributed by Tailscale (which are significant and probably also the first thing to go if the company falls down the usual IPO enshittification).

I haven’t seen proper reporting but the Play Integrity install source thing is accurate. There’s a reasonably good overview straight from the devil himself.

Lots of things that have very valid reasons on paper that also just happen to give Google a stupid amount of control and will backfire for a somewhat small percentage of people in very bad ways. We’ve been at “you can’t use pretty much any bank unless you agree to either Google or Apple terms” for quite some years now, now we’re giving those same app developers ways to detect if their device has accessibility APIs enabled (useful to protect against bot farms, but also a functional check for “you’re able-bodied”) or is in security support (also a functional check for “not reliant on hand-me-downs”).

Not them but between those two I’d recommend Kanboard if you’re going to be the only user. Far lighter and easier to administer piece of kit, has everything you’d want from a fancy task list but not much more. WeKan is rather heavy software but does have a few features that are probably quite important for large team use.

Started Digimon World Next Order on a whim after it was on a big sale last week. Not sure I can recommend it, and definitively not at full price, but it’s interesting to have a game that doesn’t know if it wants to be a modern game or a 2000 era throwback game in exactly the right ways. And well, it’s still about little critters that turn into big critters (and back), so I’m satisfied nonetheless.

PUID is indeed handled inside the container itself, it’ll run a container-provided script as whatever the container’s UID 0 happens to be first which then drops to whatever $PUID happens to be inside the container. user= is enforced by Podman itself before the container starts, but Podman will still run as root in that setup. That means Podman is running “rootful”, while if you started the container manually as $uid using the regular Podman CLI, it would be “rootless”. That is a major difference in a lot of respects, including security, and you can find quite a bit of documentation on the differences between those operating modes online; it wouldn’t fit in a comment. Rootless is generally considered the better mode, though there are some things that still require a rootful container.

In the upcoming NixOS 25.05 or current unstable, there are some tools you can use to run containers rootless as another user more easily using a new $name.podman.user = ""; setting. From what I understand they’ll still be root-managed systemd system services that require sudo to operate, but that means privileges get dropped by systemd before running Podman, instead of dropped by Podman before running the container. This stuff is recent and I haven’t used it, I just happen to know it exists, relevant nixpkgs commit if you wanna dig into it yourself: https://github.com/NixOS/nixpkgs/commit/7d443d378b07ad55686e9ba68faf16802c030025

FWIW, your domain will most likely eventually get used by spammers and then it’ll be an endless string of somewhat expected but unpredictable failures from there on onwards, with no actions you can take to reduce it. It’s good to keep an eye on what comes in but I wouldn’t invest too much effort into failure alerting.