Everything regarding enforcement is early stages but what they're aiming for is much more specific than chat control and is based on existing wording in the Digital Services Act.
Then it can't be booted with new media. Microsoft has been very, very slow with the automatic rollout of their own key updates, and made just about no progress over the past two years. It's been manual updates + newly produced systems only.
The trick here is that they have a key-exchange-key that can be used to update the other keys. That doesn't expire (or rather, not in a meaningful way). But, a Windows image is still only going to boot on a system that trusts the key that was used for it. If you make a Windows image on a 2011 system now, it's going to be signed with the 2011 key, and it won't boot on a system that distrusts that key. The same is true in reverse.
Their key update documentation is all available and some enterprises have been on the new key for a while, but it's a lot of manual work and a lot of problems have popped up, most documented in there. How they're going to roll this out automatically to normal users isn't obvious to me. There's technically nothing stopping a system from trusting both the 2011 and 2023 keys, and I wouldn't be entirely surprised if they end up never pushing the 2011 revocation.
The keys they use for their own OS don't truly expire until late 2026, and I expect they'll do their best to delay it until then, but the next time they have to update their boot manager is going to be painful and introduce all kinds of new problems.
They've been flagging physical carts showing up in multiple places at the same time since the very moment the first Switch flashcart appeared (so likely before we ever had our hands on any). Places discussing the flashcart had been talking about increased detection and bans for a year or so.
It was even done on the 3DS before that. The 3DS had a whole tiny niche ecosystem of people selling "private headers", dumping only the unique per cartridge info and selling it with the promise that they'd only sell any given header to one person. That too had a few instances of normal people complaining about bans with pre-owned games.
The new owners are so trustworthy that they weren't even transparent about who they are. In the comments of the original announcement they defend that with:
This post wasn’t about Chosen — it was about Robin and the legacy he built over 24 years. We’re the new owners and ultimate decision-makers at Nexus Mods. We’ll share more about ourselves when we’ve earned that right. For now, we’re focused on listening, learning, and making modding even easier, and yes, you’ll see us around in the community being active.
I can't say I find that statement to be particularly trustworthy given it's coming from an NFT bro.
Dual nominations for Paper Mario: Sticker Star & Paper Mario: Color Splash. The only thing I really remember about them is that I played them and they left me without any feelings about them whatsoever.
Steam for Linux is mixed 32/64, unfortunately the main executable (~/.local/share/Steam/ubuntu12_32/steam) and its associated steamclient library continues to be 32-bit only and runs with a couple of horribly dated libraries in the mix. That process does pretty much everything aside from the UI.
I don't think a security company where an intentional decision like that can pass through design, development and review can make security products that are fit for purpose. This extends to their published client tooling as used by Headscale, and to some extent the Headscale maintainer hours contributed by Tailscale (which are significant and probably also the first thing to go if the company falls down the usual IPO enshittification).
Lots of things that have very valid reasons on paper that also just happen to give Google a stupid amount of control and will backfire for a somewhat small percentage of people in very bad ways. We've been at "you can't use pretty much any bank unless you agree to either Google or Apple terms" for quite some years now, now we're giving those same app developers ways to detect if their device has accessibility APIs enabled (useful to protect against bot farms, but also a functional check for "you're able-bodied") or is in security support (also a functional check for "not reliant on hand-me-downs").
The store page is kinda confusing. I don't think the line "Join forces with other players to take on the creeping night and the dangers within featuring 3-player co-op." along with both singleplayer and co-op listed as valid playing styles is something most reasonable people would interpret the way that it really is: be exactly 3 players with external voice chat available because all other ways of playing the game will suck hard.
They've been sorta honest about that in interviews and such but those don't have the same reach as their huge marketing campaign.
Not them but between those two I'd recommend Kanboard if you're going to be the only user. Far lighter and easier to administer piece of kit, has everything you'd want from a fancy task list but not much more. WeKan is rather heavy software but does have a few features that are probably quite important for large team use.
Started Digimon World Next Order on a whim after it was on a big sale last week. Not sure I can recommend it, and definitively not at full price, but it's interesting to have a game that doesn't know if it wants to be a modern game or a 2000 era throwback game in exactly the right ways. And well, it's still about little critters that turn into big critters (and back), so I'm satisfied nonetheless.
PUID is indeed handled inside the container itself, it'll run a container-provided script as whatever the container's UID 0 happens to be first which then drops to whatever $PUID happens to be inside the container. user= is enforced by Podman itself before the container starts, but Podman will still run as root in that setup. That means Podman is running "rootful", while if you started the container manually as $uid using the regular Podman CLI, it would be "rootless". That is a major difference in a lot of respects, including security, and you can find quite a bit of documentation on the differences between those operating modes online; it wouldn't fit in a comment. Rootless is generally considered the better mode, though there are some things that still require a rootful container.
In the upcoming NixOS 25.05 or current unstable, there are some tools you can use to run containers rootless as another user more easily using a new $name.podman.user = ""; setting. From what I understand they'll still be root-managed systemd system services that require sudo to operate, but that means privileges get dropped by systemd before running Podman, instead of dropped by Podman before running the container. This stuff is recent and I haven't used it, I just happen to know it exists, relevant nixpkgs commit if you wanna dig into it yourself: https://github.com/NixOS/nixpkgs/commit/7d443d378b07ad55686e9ba68faf16802c030025
FWIW, your domain will most likely eventually get used by spammers and then it'll be an endless string of somewhat expected but unpredictable failures from there on onwards, with no actions you can take to reduce it. It's good to keep an eye on what comes in but I wouldn't invest too much effort into failure alerting.
It's the usual combination of AGPL + CLA, they're allowed to relicense to any license of their choice at any moment. They've had the CLA in place since the previous SSPL license and the more-previous BSD license naturally allows that kind of stuff.
There are both dumps with full history and ones that are just the current set of articles. The full dump happens once a month on the 1st, but will often take ~2 weeks to run to completion, so you probably have to look back to the April 1 2025 dump for those. The metawiki dumps page has all the info.
That's about right. That said, we also don't know how long regular Switch/Switch 2 carts are going to last. The MaskROM used in the N64/DS and earlier eras is significantly more reliable when stored for a long time than the modern NAND Flash memory as used in the 3DS/Switch+. I suspect key carts won't have any NAND Flash inside (they don't need gigabytes of capacity just to store a game name + icon) and might physically last longer.
Of course, key carts are all going to drop to zero value practically overnight when Nintendo eventually pulls the plug, while real carts will die one by one.
We won't know for sure what's actually going on under the hood until the console is cracked wide open or there's a devkit leak, but my speculative guess is that some details of the GPU are 'emulated'/recompiled. PC AAA games tend to include lengthy shader pre-compilation wait times, console games don't have that wait time because the shaders are pre-compiled by the developers when building the game, specifically for one piece of hardware. The games themselves then fully rely on those pre-compiled shaders. They're going to need shaders that work with the Switch 2's GPU, which is going to involve some kind of imperfect translation process.
AMD was able to design better hardware that works with older compiled shaders, as done in the PS5/Xbox Series (and Pro consoles). That's not a super common feature, but I imagine that AMD is more motivated to keep Microsoft/Sony happy than Nvidia is to keep Nintendo happy. AMD's graphics division might as well shut their doors if it wasn't for the consoles, meanwhile Nvidia is raking in trillions from the AI boom and would rather forget about gaming.
Windows prefers to deactivate or minimize the write cache on removable devices, most of the common Linux distros generally don't make such changes. Microsoft has a very good reason for that default: not a lot of people actually use the "safely remove hardware" option and if the cache is enabled, using and waiting for that is a hard requirement for the data to have actually made its way onto the drive.
I don't think it really makes a lot of sense to look for FOSS alternatives based on country of maintainer origin when it's something popular enough to be shipped by a lot of independent Linux distros and supported by local IT consultants in more or less any country. That said, to my knowledge, lighttpd is mostly German in origin and is actively maintained. It definitively lost to nginx in the great popularity contest but I don't think it's really any worse.
https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1339
Everything regarding enforcement is early stages but what they're aiming for is much more specific than chat control and is based on existing wording in the Digital Services Act.