In case you’re dual booting - Windows also has a memory diagnostic tool. This did identify my RAM as broken almost immediately, while Memtest reported everything OK after a full scan of several hours. As I only knew Memtest back then it took me weeks to find why my PC was constantly randomly crashing, until I learned of that.

But that was about 2 years ago, so maybe Memtest did improve since then? (Or maybe I had some very weird behaving RAM and finding it with other tools was just pure luck…)

Yes, but in my experience: Save games are synced to steam cloud and thus are available on Linux and Windows respectively. Settings aren’t migrated usually (but sometimes?!), but as long as you didn’t tweak them too much, that’s not a big deal.

More interestingly: Games that won’t start on Linux in this scenario aren’t necessarily installed on your windows disk. It’s any disk with a NTFS/FAT/exFAT filesystem that seems to cause this. At least that’s what my results were, when I tried to set up a shared library between windows and Linux when I used dual boot to facilitate the switch.

That’s basically any modern network. There is no more trivial “inside our network” vs. “outside on the internet”. Networks are segmented on a need-to-know principle. You can access some information from the public internet. Some other things can be accessed from the internet, but only on corporate devices, if your user AND device is whitelisted. And then you have one or more VPNs on top of that for more sensitive stuff. Also those VPNs may be “dynamic” in the sense that it may also be dependent on the user, device and authentication method what is currently accessible over that VPN connection.

>:-(

What’s the original strip about? Upselling something?

I didn’t get mine to have less than about a second latency LOL

I get the idea, and in general I love it - especially since they eliminate phishing in theory. BUT making my device my “password” now shifts the single point of failure from me forgetting my password to me protecting my devices from any kind of error/damage/data loss/… Collecting all passkeys in your Google Account is probably also not the best idea, considering how little chance you have to get your account back if it ever gets locked by a random event you may or may not have participated in.

Having them device independent (e.g. in a password safe) is nice, though. But then, if I use my password safe right, I should already be somewhat protected from phishing, as my auto fill won’t trigger on a random phishing site.

Mine didn’t want to migrate and I had to build them a new PC with Win11 (their old one was barely able to run win 10 and had already some hardware problems, so a new one was on my bucket list for a while) - but… yeah the most time was spent tracking down all these passwords and accounts they were constantly using without knowing which email address and which password was used for the account…

I don’t understand it either. I’m running it on Fedora w/o problems.

Edit: I mean the steam client. Steam OS is based on Arch.

Some things are harder, but for starters a few ideas:

• Either check that the reported positions of players, their movement speed, etc are consistent to what the game would allow you to do (don’t fly, don’t go faster, don’t go through walls,…) or only accept player input, process it server side and then send positions etc back to the client. (You can do some local interpolation, but the server wins, when there’s a miss match). That should get rid of flying, no clip, teleportation, evasion of projectiles, … You can also analyze the inputs for abnormal behavior like the precision with which you aim for the (center of) the head, aiming through walls, etc.

• Do all hitscan and projectiles etc. server side. Never let clients report that they’re hitting other players. This is calculated on the server.

• Do only report other player positions when they’re on screen or almost on screen. If the client doesn’t know where the enemies are, wallhacks are impossible or harder (note that some information may be transferred to the client for the sake of spatial audio etc!)

And so on. Do not, never ever, rely on client side data or validation. If a cheat program can alter the client, it can alter the data it sends. How do you ensure, that the client is actually official and “your code”, when it can tell you anything it wants to tell you? You can only make it harder for others to impersonate your client, but never impossible. Especially on PC, when you can execute just about any code you want?

Yup, it’s the same OS as steam deck, which is based on Arch.

Yes, it’s turn based. But for every attack there is one (or more) indicated QTE to buff the attack, if you hit it. This one is consistent in timings (per chosen attack) and well telegraphed by a consistent animation for the button, so it is basically a little rhythm game. This one is not hard and easy to pull off. After a bit, you should be able to hit them perfectly without even looking at the screen.

Then there’s dodge and parry. Those are not obviously indicated by a consistent animation but the timing varies per enemy AND attack. Also the timings of the enemy animations are randomized a bit, so that this one needs reactions instead of a consistent rhythm. Dodge has the most lenient timing, parry is tighter (equals to perfect dodges) and a counter requires you to parry every single hit (hardest).

You can use story mode, which dials the need to parry/counter way down and also makes you tankier, I think.

It’s still fun to experiment with the fighting mechanics and building OP combos. I accidentally one shot the final (story) boss as I expected a way harder fight and missed out on that cinematic fight…

No, that’s just another hypothetical app that you’re using a reverse proxy for. I just included it to show how you can also set settings for a single subdomain/reverse proxy entry that isn’t used globally on all domains that get served. I used a hypothetical REST API that needs a CORS Header that other apps don’t need (or maybe serve themselves).

admin off disables Caddy’s admin interface (which shouldn’t be public and if you’re using config files this usually isn’t needed. So just a bit of gardening)

servers sets some general server options.

and then I just inserted several blocks that each define a reverse proxy to a different app / backend to show that you can just dump them all in a single Caddyfile. And the last example to show that you can set specific settings only for a specific subdomain instead of globally. As I set headers mostly used by REST APIs, I just called that api.example.com instead of app3.example.com.

If you like, I can send you an example of the Caddyfiles, that I’m using (I used the import directive to split every service into its own Caddyfiles, you could just copy and paste everything in the same file). It will take a few hours until I get home, though.

But basically you can just put every subdomain and it’s target in a separate block and the add some things globally (e.g. passing the original IP, switching off the admin API of Caddy,…)

Something like this should work:

admin off 

servers {
		client_ip_headers X-Forwarded-For X-Real-IP
}

app.example.com {
    reverse_proxy 127.0.0.1:8080
}

app2.example.com {
    reverse_proxy 127.0.0.1:8081
}

api.example.com {
    reverse_proxy 127.0.0.1:8082
    header {
        Access-Control-Allow-Methods "GET, OPTIONS"
        Access-Control-Allow-Origin "*"
    }
}

Also modders had reversed all relevant code at some point (at least to the extend of this function does X) and then offered those symbols (=their class names, method names,… And where to find them in the bytecode) for others to mod the game. Later Mojang even released the official symbols, but at that point everyone was already using the community made ones. IIRC they kept releasing these symbols for every new version since then which drastically sped up modding compatibility for those versions.

So I think it’s not completely unexpected that they’d do this since the most important information was already oit in the open.

Go ahead and give them your Social Security number, and see what happens.

“Socially I’m rated 3/10, but for security I’m an 8/10. Now that I’m replying to this, I think my security score just dropped a bit, though.”

I mean… Is it really spying? Your company can detect which AP or Switch you’re connected to (or if you’re using a VPN from home), so they do have that data anyways.

Yeah, that’s exactly why I didn’t use my own CA. There’s a plethora of devices that you now need to import the CA to and then you need to hope, that every application uses the system cert store and doesn’t roll its own (IIRC e.g. Firefox uses its own cert store and doesn’t use the system cert store. Same for every java based application,…)

It’s fiddly with Caddy, as you need a specific plugin to get it to work with anything else than the default challenge. That means using a custom build via caddy - and with docker, you’re SOL. BUT you can just use certbot and point caddy to the cert file in your file system.

I have this setup. I bought a domain (say homeserver.tld) from a registrar that allows zone edits with an API. Then I use certbot with a plugin that supports my registrar to get real Let’s Encrypt certificates. Usually Let’s encrypt connects to your server to ensure that it responds to the domain you’re requesting a certificate for, but this challenge can also be done by editing the DNS record of your domain to prove ownership. That is called DNS-01 challenge and is useful of your domain is not publicly reachable. Google for certbot DNS-01 your registrar to find some documentation.

Some of the VMs/LXC now get certificates for a specific subdomain (“some-app.homeserver.tld”), other just get a wildcard certificate (“*.homeserver.tld”) - e.g. my docker host.

Wasn’t it also some kind of DNS problem on top?