chameleon

They’ve been flagging physical carts showing up in multiple places at the same time since the very moment the first Switch flashcart appeared (so likely before we ever had our hands on any). Places discussing the flashcart had been talking about increased detection and bans for a year or so.

It was even done on the 3DS before that. The 3DS had a whole tiny niche ecosystem of people selling “private headers”, dumping only the unique per cartridge info and selling it with the promise that they’d only sell any given header to one person. That too had a few instances of normal people complaining about bans with pre-owned games.

There’s a disclaimer in the readme: https://github.com/juanfont/headscale/?tab=readme-ov-file#disclaimer

The maintainer Tailscale contributes happens to be the lead developer by commit count at the moment.

They also had a major ass security issue that a security company should not be able to get away with the other day: assuming everyone with access to an email domain trusts each other unless it’s a known-to-them freemail address. And it was by design “to reduce friction”.

I don’t think a security company where an intentional decision like that can pass through design, development and review can make security products that are fit for purpose. This extends to their published client tooling as used by Headscale, and to some extent the Headscale maintainer hours contributed by Tailscale (which are significant and probably also the first thing to go if the company falls down the usual IPO enshittification).

Not them but between those two I’d recommend Kanboard if you’re going to be the only user. Far lighter and easier to administer piece of kit, has everything you’d want from a fancy task list but not much more. WeKan is rather heavy software but does have a few features that are probably quite important for large team use.

PUID is indeed handled inside the container itself, it’ll run a container-provided script as whatever the container’s UID 0 happens to be first which then drops to whatever $PUID happens to be inside the container. user= is enforced by Podman itself before the container starts, but Podman will still run as root in that setup. That means Podman is running “rootful”, while if you started the container manually as $uid using the regular Podman CLI, it would be “rootless”. That is a major difference in a lot of respects, including security, and you can find quite a bit of documentation on the differences between those operating modes online; it wouldn’t fit in a comment. Rootless is generally considered the better mode, though there are some things that still require a rootful container.

In the upcoming NixOS 25.05 or current unstable, there are some tools you can use to run containers rootless as another user more easily using a new $name.podman.user = ""; setting. From what I understand they’ll still be root-managed systemd system services that require sudo to operate, but that means privileges get dropped by systemd before running Podman, instead of dropped by Podman before running the container. This stuff is recent and I haven’t used it, I just happen to know it exists, relevant nixpkgs commit if you wanna dig into it yourself: https://github.com/NixOS/nixpkgs/commit/7d443d378b07ad55686e9ba68faf16802c030025

FWIW, your domain will most likely eventually get used by spammers and then it’ll be an endless string of somewhat expected but unpredictable failures from there on onwards, with no actions you can take to reduce it. It’s good to keep an eye on what comes in but I wouldn’t invest too much effort into failure alerting.

That’s what I’ve been trying, yesterday ended up being a little more fruitful (internet complaining trick worked!) and luckily gave me more interesting rooms, though I’m not convinced it was any action on my part that did it.

Started Blue Prince, but to be honest I haven’t gotten past the initial “RNG wall” and I’m sorta over it. I’m 5 hours in and continue to get the same rooms I’ve documented in detail in my notes with little new to show for it, and while I have some leads and puzzle pieces, nothing fits. Not particularly excited about a lot of the small repeat puzzles anymore either. I get the impression that I just need one or two pieces of knowledge that the game is refusing to provide to me. Kinda hoping that the good old trick of complaining on the internet will make things work out.

It was just a two question + your name form: type-in your #1 pick but also why. Full-on first past the post, single vote only, no option to name other games. Pretty flawed methodology overall.

That said, I will admit that I did put in Shenmue and while I didn’t expect it to get #1, I hoped it’d be top 3 at the very least. I really do trace more or less every successful strongly story based open world game of the 2000s back to a combination of Shenmue and Half-Life. Shenmue’s story didn’t have a super wide appeal and would be completely uninteresting to most teenagers at the time (which was still the main gaming audience), but the method of storytelling is top-notch, and its open world just felt far more genuine than anything predating it. Meanwhile, Half-Life did an excellent job at telling a story that looks boring but is actually very interesting, and did so in an engaging, if not particularly open world way.

Borg or the like with ‘hardcoded’ plaintext/regularly full-disk-encrypted key is acceptable. Someone that has your unencrypted private key sitting on your server has almost certainly already obtained access to the entire set of data you’re backing up, with the backup key itself only meaningfully guarding access to older backups.

The more important thing is to securely keep extra copies in case the server fails. I keep mine in a group in my password manager, one per repo.

The good stuff is usually hidden in low view hell (or in text form, stuck on personal blogs nobody reads). Getting an audience is mostly a property of marketing, not quality. There’s not a lot of natural overlap between those that can teach well and those that can market well.

The email ecosystem is changing in recent years but yeah, it’s best to expect that there is at least one opportunity for any given email to be sent over the internet unencrypted. MTA-STS has been slowly changing the landscape but adoption isn’t going all that great.

Powered through Beastieball over the past week, a creature collector/“sports” game from the devs of Chicory and Wandersong. I had fairly high expectations because I enjoyed the devs previous work, but it turned out even better than expected. Lots of cool creature designs, music is Lena Raine’s usual standout stuff, story kept my attention.

The sportsball system is surprisingly complex, if a little hard to learn. I went through multiple types of team setup and felt like a lot of different setups were viable in the end. Every match is a 2v2, every offensive turn is 3 actions worth, and you get a defensive turn too. You really have to build a team with good synergy between them and be smart about swapping in and out.

Only real downside is it’s still early access and a decent chunk of creatures have placeholder art or don’t have the full set of animation frames yet. Most are reasonably finished but there’s a couple that are a little jarring.

Moderation is handled by each instance’s version of that community separately.

Reddit/Lemmy/etc communities differ from something like Tumblr/Cohost by also having per-community rules, and nobody has the time to moderate hundreds of communities according to their per-community rules.

It’s relatively easy to keep an instance free of spam/overly blatant hate/etc, since that is a fairly common set of rules. But it’s much harder to keep a “world news” style community being overran with US-centric posts, or a discussion community on a specific subject from being filled to the brim with memes, or posts that are only very vaguely adjacent. Without centralized per-community moderators, it would fall on general instance moderation to make decisions about whether a post about an Undertale hack fits in the Undertale community. That’s probably going to go wrong more often than not.

You can have a website that is only moderated according to global rules with tags being a free-for-all, but you fundamentally end up building something along the lines of Tumblr or Cohost, which attracts a different audience, including those that know how to rules lawyer their way in such an environment; tagging 20 mediocre photos a day with #photography instead of just a good one, for example. With the end of Cohost approaching, I wouldn’t be surprised if some tried to build that kinda thing, but it’d likely end up having a very different vibe.

I don’t know if the Atari Lynx counts as non-major. Anything from Atari should probably count as major, the thing supposedly sold 2 million units, but I can’t remember the last time I’ve seen anyone mention it and that’s still less than 2% of the Game Boy’s 110m+.

I got the original model as a hand-me-down towards the end of the 90s and I wasn’t super fond of it. The thing looks and feels like a brick and ate batteries for breakfast, the internet says 5 hour battery life but I remember getting like 2. The “left-hand mode” is a cool concept but putting two pairs of A/B buttons on the device feels like something they could’ve done better. It had color, a couple of arcade ports were really great games and there was Chip’s Challenge, but younger me got exhausted just using the damn thing.

Crimzon Clover, any version’s good but World EXplosion is the most recent. It’s a fairly difficult and chaotic bullet hell, but the novice mode should be reasonably approachable as long as you’re willing to learn, and the design is superb.

Similarly, the whole CAVE backlog. Not all of them have novice modes or the like, and there’s quite a few games not really available outside of MAME. The original DoDonPachi is/was considered the best starter bullet hell for a long, long time and still holds up pretty well, but is more difficult than a lot of modern games on their respective novice modes.

On the indie side of things: Star of Providence (formerly Monolith) is an indie roguelite bullet hell twin-stick-ish shmup with a pretty good amount of depth. ZeroRanger is a much more story-based game that I really enjoyed.

NieR Automata, for basically the same reasons. Hard mode is filled with instakills everywhere and is really just a damage multiplier, so you have to be the right kind of person for that. If you’re not, Normal is probably already fairly easy because of all the auto-heals, but the pacing can be a bit slow for something where most enemies aren’t dangerous. Might as well play Easy and play for the story.

Most paid certs aren’t worth much anyway. Payment and delivery info for DV certs isn’t validated by anyone, it’s literally the same concept as Let’s Encrypt. OV and EV are the only ones that theoretically have any value, but nobody is using those ever since they got rid of the URL bar labeling; even Amazon is on DV nowadays.

Or 800€…

This whole thing is shaping up to be the PS3’s “five hundred and ninety nine us dollars” version 2.

The main reason many sub-communities are stuck on Telegram (and Discord) are the public group chat/broadcast channel related features. Signal still has a 1000 member group size limit, which is more than enough for a “group DM” but mostly useless for groups with publicly posted invite links. Those same groups would also much rather have functional scrollback/search on join instead of encryption.