Debugging software in production is one of the biggest challenges we have to face in our containerized environments. Being able to understand the impact of the available security options, especially when it comes to configuring our deployments, is one of the key aspects to make the default security in Kubernetes stronger. We have all those logging, tracing and metrics data already at hand, but how do we assemble the information they provide into something human readable and actionable?
Seccomp is one of the standard mechanisms to protect a Linux based Kubernetes application from malicious actions by interfering with its system calls. This allows us to restrict the application to a defined set of actionable items, like modifying files or responding to HTTP requests. Linking the knowledge of which set of syscalls is required to, for example, modify a local file, to the actual source code is in the same way non-trivial.
OpenCL is kind of a nightmare on Linux but it's now getting a whole lot better with the new Rusticl available in Mesa, bringing OpenCL support to AMD, Nouveau and even Intel's driver stack.
Old school Ubuntu has a new cool, Google calls out Google, and some IoT news you can use.
This free, open source utility puts a comprehensive suite of webcam controls at your control. The app is accessible though a clean GTK GUI or, if you roll that way, from a command line interface instead.
Something of simpler alternative to Guvcview (the ‘gold standard’ in open source webcam tools, imo), Cameratrls lets you configure almost every aspect of a webcam’s picture output, be it from a built-in potato cam or something fancier connected through USB.
Xmas has come early for open-source photography enthusiasts as a brand-new version of Rawtherapee – the first update in two years — is now available to download.
RawTherapee 5.9 introduces a new Spot Removal tool, ideal for removing dust specks and small imperfections from images, a new Local Adjustments tool, and a new Perspective Correction tool that includes a handy automated perceptive correction option.
Alongside a new automatic white balance method in the White Balance tool there’s a new Preprocess White Balance tool (in the ‘Raw’ tab). This lets you specify if channels should be balanced automatically or if a white balance value recorded by the camera should be used instead.
RawTherapee, the free open-source raw image converter and digital photo processor, released version 5.9 recently after more than 2 years of development.
RawTherapee 5.9 features new “Spot Removing Tool” under Details tab for removing dust specks and small objects; Local Adjustments tool under Local tab for performing a wide range of operations on an area of the image determined by its geometry or color; Preprocess White Balance tool under Raw tab to specify whether channels should be balanced automatically or whether the white balance values recorded by the camera should be used instead; and a new Perspective Correction tool which includes an automated perspective correction feature.
Need to sync to the cloud on your Linux PC? Here are the best Linux-compatible cloud services available today.
Cloud storage is arguably the best way to back up you personal data. It takes the physical action of backing up out of your hands and leaves you with an accessible archive of data.
But cloud storage can be expensive with the wrong provider. If you're looking for cloud storage for your Linux PC, finding the right service can take a while. To help you out, we've collected the best Linux cloud storage providers for you to consider.
UFW logs allow users to check for incoming and outgoing packets which also include origin, destination, used protocol, and many other critical details that are crucial for network security.
In this post, you will learn how to control when daily Ubuntu updates happens. This post although simple is quite useful if you have home test servers.
As we know, Ubuntu 22.04 integrates several important options to automate system updates. This saves sysadmin time and effort.
But not everything is happiness, there are also times when we need to modify some parameters of those updates to avoid some problems that may arise.
Let’s start.
This post is about install TinyCP on Ubuntu.
TinyCP is web based control panel for managing linux like systems. It’s is a most popular lightweight control panel, that provides a wide range of features on a Linux system.
If you don't fancy the text-based output of the ping command, consider installing gping, a CLI utility that visualizes ping responses on Linux.
ping is a simple yet essential tool for diagnosing network issues on Linux. It can help you check your network connection, see if a remote machine is online, and play a vital part in analyzing connectivity issues, such as dropped packages or high latency.
But as important as the ping command is, it's not the most interesting to look at, and interpreting its output in a useful way can be difficult. gping is a graphical command-line utility with additional features which make it easy to visualize ping responses from multiple targets.
In this guide, we’ll walk you through how to install Linkerd into your Kubernetes cluster. Then we’ll deploy a sample application to show off what Linkerd can do. A service mesh is an infrastructure layer that allows you to manage communication between your application’s microservices.
This tutorial will show the step-by-step installation process of the LaTeX package, editor, and compiler on Debian 10 and Debian 11.
In this tutorial, we will show you how to install PHP 8 on Fedora 37. For those of you who didn’t know, PHP is an open-source, general-purpose scripting language mainly used in web development but has also been used as a general-purpose programming language. The new PHP 8.1 brings enums, fibers, never return type, final class constants, intersection types, and read-only properties among new features and changes.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of PHP 8 on a Fedora 37.
Today we are looking at how to install Karlson on a Chromebook.
If you have any questions, please contact us via a Rumble comment and we would be happy to assist you!
This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.
This tutorial will help you to use Microsoft Windows programs and games on Ubuntu using Wine software. You will start by examples we provide (FOSS only) and getting familiar to installing, running, managing and removing programs. We also supply further references for you to learn more. Enjoy!
This blog post will show you the ten most used tar commands in Linux with examples.
The tar command in Linux provides archiving functionality for compressing or decompressing archive files and modifying and maintaining them. With the tar command, we can create tar, gz, bz2 and gzip archives. Administrators use these commands when they want to save some disk space on the servers or when they are migrating files over two host machines.
In this tutorial, we are going to execute the tar commands on Ubuntu 22.04 OS, but you can choose any Linux distro. Let’s get started!
Dusty Mabe set me a challenge yesterday. He wants to create several compressed disk images that have slightly different content, but are otherwise mostly the same. The disk images are large and compressing them takes a long time (30 minutes each, apparently), so ideally what we’d want to do is compress the disk image just the once and then do the updates on the gzipped image.
Modifying a file which has already been compressed is not usually possible.
However if we make some relatively uncontroversial assumptions and accept a few limitations then we can create a compressed disk image which is modifiable in this way, certainly for gzip and xz (I need to investigate zstd).
A website’s performance depends on many factors, and choosing a suitable web server is one of them. You can choose from many web servers, like Apache, LiteSpeed, Nginx, etc.
Nginx is an open-source web server, it was initially developed by Igor Sysoev and released in October 2004. In Nginx, gzip compression can significantly reduce the size of transmitted data to website visitors.
Modern web browsers support GZIP compression by default. However, we need to configure our server to serve the compressed resources to our website visitors properly. Without a proper configuration, it could make your server load higher and even slower. This article will show you how to improve website performance using GZIP and Nginx on Ubuntu 22.04.
Godot 4.0 has been in beta for over two months, and the overall feature completeness, stability and usability have improved a lot during that time.
We've had beta snapshots every other week, and now we've decided to accelerate the cadence to release a new snapshot every week, to get even faster feedback on our bugfixes, and the potential regressions they may introduce.
The new Steam Client update is here only two weeks after the previous update that introduced the new Big Picture mode that resembles the Steam Deck UI. This update further improves the new Big Picture mode by adding confirmation dialogs for the power menu when shutting down or restarting your PC and fixing several bugs.
These bug fixes improve displaying of the new Big Picture Mode window with GPU accelerated rendering disabled, improve the on-screen keyboard to show when it’s requested by a game or Proton, improve the “show password” toggle to show or hide the password, and improve the new Big Picture Mode overlay when switching Virtual Menus with an action set, layer, or modeshift.
Dear Xfce community, I am happy to announce the release of Xfce4.18 pre2.
This platform pre-release consists of the Xfce core components and will be followed by the final Xfce4.18 release soon. We fixed some quirks which were found in Xfce4.18 pre1, did some further polishing and the result is now released as Xfce4.18 pre2.
Early adopters are invited to give it a try and to check for compatibility before the final release, which is planned for 15. December.
The submission deadline for the Xfce 4.18 wallpaper contest just ended, and I am happy to see that many submissions!
In two weeks, the board of KDE e.V. – and take note that photo of me is before 3 years of COVID-hair – will convene in Berlin for one of our board sprints.
The board meets weekly online, using the Big Blue Button infrastructure that KDE has for meetings, online get-togethers, virtual sprints and hybrid conferences. In an hour or two we get through the week’s “needs doing now” and “approve this request from the membership or community” items. But some things are not very well suited for online discussion. Sometimes we need to physically sign papers (Germany, old-fashioned, etc.). And of course, drinking tea together is what really makes a team.
Folks running OS 6.1 rejoice, because a new version of Files is here with a long-asked-for new feature! You can now choose to have a single-click select folders instead of open them, Windows style. Secondary-click anywhere in a folder view and select “Select Folders with Single Click” to switch to the new file selection mode. We now also only show the overlay bar with more info when a selection is made, so no more fiddly hover behavior. There are also fixes for several reported possible crashes, so make sure to grab this update!
One of the most software-rich Linux distributions, NixOS, has released v22.11 with a strong focus on security and updated software versions.
Many of you are probably thinking, “Yet another new version of one of the many Linux distros.” However, the story is different because we are dealing with a one-of-a-kind beast.
So, before we go into the dry and dull “statistics” of Linux kernel versions, desktop environments, and software in this NixOS release, we’d like to explain why this Linux distro is exceptional and deserves your attention.
NixOS is a unique Linux distro due to the concept upon which it is built. However, to avoid further confusion, two key terms should be first defined: Nix, which is a cross-distro package system, and NixOS, which is the Linux distribution itself.
Despite being currently busy with an IPFire 3 hackathon, we found the time to release the next Core Update for testing: IPFire 2.27 - Core Update 172. It comes with cryptography improvement for IPsec and OpenVPN, as well as security improvements under the hood, a plethora of package updates and various bugs fixed across the place.
After a bit of “soul searching” and annoyances from Oracle Cloud that began to pile up (the traffic management layer is very Oracle-ish), I migrated away from the free tier of Oracle Cloud’s offering to a small VM from Vultr. This time I installed OpenBSD.
Running a small webserver with OpenBSD is a breeze! I always knew this in an abstract sense but never deployed one myself. Basically, all it took was spinning up the instance on vultr.com, installing a couple packages, setting up the webserver httpd in base, and using acme-client (also in base) to pull down a certificate for the website.
In early 2019, I got fed up with Twitter Ads and recommendations etc. So I started looking for alternatives and read about Mastodon. As I was especially looking for OpenBSD news, tricks etc, I finally landed on bsd.network. It turned out to be a really nice place to hang out ; and not BSD-centric at all. People there are great. And MastoAdmins are kind and caring people.
A couple of years later, I decided that I would host my own instance on the Fediverse. And the journey began.
There were no particular reasons to host my on instance server. And as one say: only because you can does not mean you should. But this is how I learn things.
So I created a bunch of accounts in various Fediverse instances using Mastodon, Friendica, PixelFed, Misskey, GNUsocial, Pleroma. I also installed Honk and GoToSocial. Then I started testing how they all worked together. And I finally decided to go with GoToSocial .
After yesterday’s deployment, we faced a downtime on our reference server. We want to share with you a detailed explanation of what happened.
On October 17, the National Academy of Engineering (NAE) conducted an online forum on Service Systems Engineering in the Era of Human-Centered AI. “With AI advances poised to drive service system productivity and quality - similar to the way previous generations of technology revolutionized agriculture and manufacturing productivity and quality - it is time to take stock for industry-academic-and-government stakeholders on this important topic,” wrote the NAE in its website.
The agenda included an opening keynote by retired IBM executive Nick Donofrio. It was followed by four panels on various aspects of service systems, and concluded with an open discussion of the way forward. I was a member of the panel on Evolving Engineering Education. In my prepared remarks, I reflected on the current state of service science and related sociotechnical systems. Let me share my remarks, slightly edited for clarity.
Service Science, Management and Engineering (SSME) is an initiative launched in IBM’s Almaden Research Lab in the early 2000s in partnership with a number of universities as an interdisciplinary field of study aimed at applying science, technology and innovation to the service sector of the economy. The service sector is the largest in most economies around the world. At the time, services already accounted for over 70% of GDP and jobs in advanced economies, as well as an increasing portion of the revenues of many companies, including close to 60% of IBM’s revenues.
This month I didn't have any particular focus. I just worked on issues in my info bubble.
The new Ubuntu Linux kernel security update is here after the previous one, which addressed up to 16 vulnerabilities, and it’s available for Ubuntu 22.10 (Kinetic Kudu), Ubuntu 22.04 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), as well as the Ubuntu 16.04 and 14.04 ESM releases.
The biggest threat patched in this release is CVE-2022-43945, a security flaw discovered in Linux kernel’s NFSD implementation leading to a buffer overflow that could allow a remote attacker to cause a denial of service (system crash) or execute arbitrary code. This vulnerability affects Ubuntu 22.10 systems running Linux kernel 5.19, as well as Ubuntu 22.04 LTS and 20.04 LTS systems running Linux kernel 5.15 LTS.
This project walks through how to install Edge Impulse on the Ubuntu 22.04 image of the Kria KR260 and the development of a basic ML model.
Siemens Digital Industries Software today introduced the first software documentation package developed to help original equipment manufacturers (OEMs) streamline compliance with stringent standards for medical device manufacturers deploying either of Siemens’ embedded Linux distributions, Sokolâ⢠Flex OS software or Sokolâ⢠Omni OS software.
Pine64 Ox64 is a single board computer powered by Bouffalo Lab BL808 dual-core 64-bit/32-bit RISC-V processor with up to 64MB embedded RAM, multiple radios for WiFi 4, Bluetooth 5.0, and 802.15.4 (Zigbee), as well as an AI accelerator.
The board also features up to 16MB XSPI NOR flash, a MicroSD card socket, a USB 2.0 OTG port with support for a 2-lane MIPI CSI camera module, and two 20-pin GPIO headers for expansion. It measures just 51 x 21mm, or in other words, is about the size of a Raspberry Pi Pico W.
Hooking up I2C sensors is something which is generally associated with microcontrollers and SBCs, yet it’s very easy to use such I2C sensors from basically any system that runs Linux. After all, I2C (that is, SMBus) is one of the interfaces that is highly likely to be used on your PC’s mainboard as well as peripherals. This means that running our own devices like the well-known BME280 temperature, pressure and humidity sensor, or Si1145 light sensor should be a piece of cake.
In a blog post from a few years ago, [Peter Molnar] explains in detail how to wire up a physical adapter to add a USB-connected I2C interface to a system. At its core is the ATtiny85 AVR-based MCU, which provides a built-in USB interface, running the I2C-Tiny-USB firmware.
Having something broken into and/or destroyed is an act that most people hope to avoid altogether or at least catch the perpetrator in the act when it does occur. And as Nekhil R. notes in his project write-up, traditional deterrence/detection methods often fail, meaning that a newer type of solution was necessary.
Unlike other glass breaking sensors, Nekhil’s project relies on a single, inexpensive Arduino Nano 33 BLE Sense and its onboard digital microphone to record audio, classify it, and then alert a property owner over WiFi via an ESP8266-01 board. The dataset used to train the machine learning model came from two sources: the Microsoft Scalable Noisy Speech Dataset for background noise, and breaking glass recorded on the device itself. Both of these were added to an Edge Impulse project via the Studio and split into two-second samples before being processed by a Mel-filterbank Energy (MFE) algorithm.
Arducam OCam, whose name stands for Object Camera, is an AI camera with 3 TOPS of AI performance and designed to work with OStream‘s PhysicO Edge AI media platform that adds context to MP4 video streams in real-time.
Our modern societies create a lot of garbage, which we can fortunately remove from our homes thanks to local waste management services. But the garbage people won’t come sift through your house for refuse, which forces you to utilize trash bins. Those bins never seem to be nearby when you need them, which is why James Bruton built the Binbot 9000.
The Binbot 9000 is exactly what it sounds like: a robotic trash can. No longer must the bin remain stationed in some out-of-the-way location. Instead, Binbot 9000 can drive around a home in search of people who need to throw things away.
Here are the latest updates to our compilation of recommended software. For November, we have updated a few existing articles and expanded our collection. Given the fallout of Twitter and the increasing popularity of Mastodon, we’ve recommended both the best text-based and graphical clients.
We’ve also published a few new articles in the fields of utilities, video, web apps, and graphics.
As always, we love receiving your suggestions for new articles or additional open source software to feature. Let us know in the Comments box below or drop us an email.
The Stable channel is being updated to 108.0.5359.75 (Platform version: 15183.59.0) for most ChromeOS devices and will be rolled out over the next few days.
The Dev channel is being updated to 109.0.5414.21 (Platform version: 15236.21.0) for most ChromeOS devices. This build contains a number of bug fixes and security updates.
The Beta channel is being updated to 109.0.5414.21 (Platform version: 15236.21.0) for most ChromeOS devices. This build contains a number of bug fixes and security updates.
I’m delighted to share this news with you. The Hubs team has recently transitioned into a new phase of a product. If in the past, you needed to figure out the hosting and deployment on your own with Hubs Cloud, you now have the option to simply subscribe to unlock more capabilities to customize your Hubs room. To learn more about this transformation, you can read their blog post.
Along with this relaunch, Mozilla has also just acquired Active Replica, a team that shares Mozilla’s passion for 3D development. To learn more about this acquisition, you can read this announcement.
Each year, members of the WordPress community (users, site builders, extenders, and contributors) provide valuable feedback through an annual survey. Key takeaways and trends that emerge from this survey often find their way into the annual State of the Word address, are shared in the public project blogs, and can influence the direction and strategy for the WordPress project.
Simply put: this survey helps those who build WordPress understand more about how the software is used, and by whom. The survey also helps leaders in the WordPress open source project learn more about our contributors’ experiences.
A number of GNU packages, as well as the GNU operating system as a whole, are looking for maintainers and other assistance.
There is a common annoyance that seems to plague every reverse engineer and incident responder at some point in their career: wasting time or energy looking at junk code. Junk code is a sequence of bytes that you have disassembled that are not actual instructions executed as part of a program. In addition to wasting time, I’ve seen people get alarmed and excited by the junk code they’ve found. In these cases, it is because they found executable code in a place they weren’t expecting, which led them to believe they had found an exploit or an advanced malware specimen.
My friend EJ Wagenmaker pointed me towards an entire book on the BF by Bozza (from Ca’Foscari, Venezia), Taroni and Biederman. It is providing a sort of blueprint for using Bayes factors in forensics for both investigative and evaluative purposes. With R code and free access. I am of course unable to judge of the relevance of the approach for forensic science (I was under the impression that Bayesian arguments were usually not well-received in the courtroom) but find that overall the approach is rather one of repositioning the standard Bayesian tools within a forensic framework.
The current protests in China make many people wonder whether the situation will escalate further.
Finding flow while coding is sometimes tricky to do – it’s even trickier when encountering ‘someone else’s code’. We’ve all had the experience of reading code and crying, “WAT?!”.
Working with high ‘wattage’ code is not just unpleasant, it costs time and money. The more WATs a program contains, the scarier it is, and sadly, fear is a flow stopper.
By contrast, writing low wattage code can facilitate flow by keeping things cognitively comfortable for yourself and other programmers. Let’s start with some high wattage code and Raku-ify it.
Today we’ll talk about Trouble at ITER, robots that build robots, air pollution, AI that classifies supernovae, a small asteroid that hit Canada, Super GPS, a new supercomputer simulation of the sun, a quantum thermometer. And of course, the telephone will ring.
Germany's federal and state data protection authorities (DSK) have raised concerns about the compatibility of Microsoft 365 with data protection laws in Germany and the wider European Union.
According to the German watchdog's report [PDF], which was written after two years of negotiations with Microsoft, the body says that the product "remains in breach" of the General Data Protection Regulation (GDPR).
The 2020 working group was put together to bring the cloud service into line with the Schrems II decision of the European Court of Justice – and relates to ongoing European concerns about cloud data sovereignty, competition, and privacy rules.
Under the GDPR, children below the age of 13 are incapable of consenting to their data being collected, while consent may be given by those with parental responsibility for those under 16 but not younger than 13. When platforms do store data on adults, those customers are meant to be able to request the deletion of their records.
The report adds (translated from the German): "Many of the services included in Microsoft 365 require Microsoft to access the unencrypted, non-pseudonymized data."
Today, the Federal Bureau of Investigation (FBI) and CISA released a joint Cybersecurity Advisory (CSA) #StopRansomware: Cuba Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware. FBI investigations identified these TTPs and IOCs as recently as August 2022.
CISA has released three (3) Industrial Control Systems (ICS) advisories on December 1, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
For more than a decade, memory safety vulnerabilities have consistently represented more than 65% of vulnerabilities across products, and across the industry. On Android, we’re now seeing something different - a significant drop in memory safety vulnerabilities and an associated drop in the severity of our vulnerabilities.
Over on the Google security blog, Jeffrey Vander Stoep writes about the impact of focusing on using memory-safe languages for new code in Android.
Today we talk about more emerging details about the Chinese credit score system and see how this relates to what we observe in the rest of the world
Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.
The EU Parliament’s Civil Liberties Committee (LIBE) will vote tomorrow at 12:00 to restrict the use of personal data to target online political advertisements to data explicitly provided for this purpose by citizens with their consent, excluding the use of behavioural and inferred intelligence on citizens. Due to a lack of political agreement there will be a separate vote (“COMP12a”) on whether the use of personal data to target political messages at large scale via direct letters, e-mail and text messages will be restricted or not.
Perhaps most perniciously, many outlets have described what happened to FTX as a “bank run” or a “run on deposits,” while Bankman-Fried has repeatedly insisted the company was simply overleveraged and disorganized. Both of these attempts to frame the fallout obfuscate the core issue: the misuse of customer funds.
Banks can be hit by “bank runs” because they are explicitly in the business of lending customer funds out to generate returns. They can experience a short-term cash crunch if everyone withdraws at the same time, without there being any long-term problem.
But FTX and other crypto exchanges are not banks. They do not (or should not) do bank-style lending, so even a very acute surge of withdrawals should not create a liquidity strain. FTX had specifically promised customers it would never lend out or otherwise use the crypto they entrusted to the exchange.
In reality, the funds were sent to the intimately linked trading firm Alameda Research, where they were, it seems, simply gambled away. This is, in the simplest terms, theft at a nearly unprecedented scale. While the total losses have yet to be quantified, up to one million customers could be impacted, according to a bankruptcy document.
So in a sense FTX’s implosion had nothing to do with cryptocurrency directly, beyond the fact that no one would have given FTX a nickel if not for the vague belief that “something something crypto” would lead to a windfall.
I was delighted to learn some time ago that there used to be giant wombats, six feet high at the shoulders, unfortunately long extinct.
It's also well known (and a minor mystery of Nature) that wombats have cubical poop.
I heard from a source who spent time working in Twitter’s ad products organization that Apple, until recently, was not just a big advertiser on Twitter, but the largest. The @apple account never posts regular tweets but frequently posts promoted tweets, and Apple heretofore had been a big spender on things like hashflags and custom like buttons, to promote major product introduction events.
After years of running straight vitriol and opinion masked as news, Dan Andrews was returned as the Premier of Victoria leaving us to ask if Murdoch and the commercial media is losing their influence on swaying elections.
Four of Britain’s most powerful government ministries are refusing to say if their officials have met with US authorities to discuss the case of Julian Assange.
The Home Office, Cabinet Office, Foreign Office, and Ministry of Justice all recently failed to tell parliament about any potential contact with their US counterparts on the issue of the WikiLeaks founder.
The refusals raise further suspicions about the politicisation of Assange’s legal case. Britain is part of the US-dominated “Five Eyes” intelligence alliance and very close to the American government, which is demanding Assange’s extradition.
I’ve written serious articles about the issue. I’ve written satire mocking Apple’s undeniable fear of “Sideloading”. I’ve joined with the Free Software Foundation Europe in signing an open letter about it.
Now, let me be crystal clear: “Sideloading” is the most critical and valuable feature of any smartphone or computer. Period. Full stop.
[...]
Sideloading is the act of installing software, whatever software you want, on a real computer (which includes pocket computers, like smartphones).
Seems simple and obvious, right? If you own a computer (or a smartphone), you should be able to install software on it.
Apple and Google both (strongly) disagree with that. While Google has allowed “sideloading” on Android since the beginning, they have recently begun taking steps to limit that in the future.
One of the optional rules we’ve been using since the DMG first came out in 2014 has been cleave. Sometimes we go long stretches of not remembering it, other times it is used a lot.
When I was a child, opening a door on an advent calendar didn't get you any loot. It just revealed a seasonal picture: some holly, perhaps, or an angel. By the time I was an adult, chocolate was expected. When I had children, we got them one with Lego. More recently I was given one with whisky miniatures (and so drank far more whiskey in a month than I ordinarily would do in a year).
Some people use a house rule that potions of healing only take a bonus action to quaff. Don’t they know how painful it is to get healed by such drinks? It hurts like a mother as your body relives the injuries backwards and digs you up, yanks out the coffin nails, knits you up, stitches you up, burns you up like a modern swindler.
Brewing the potions from the petals of blood viola flowers is a time-consuming process, too, and expensive. You need twenty-five petals for a single small bottle. But then it glints like dawn gold over the red seas of a mothworld. A sickly-sweet taste of root celery, jasmine, cardamom-thrice-steeped, and above all a lingering red viola aftertaste that takes days to go away.
A neat feature in OpenBSD is the program authpf, an authenticating gateway using SSH.
Basically, it allows to dynamically configure the local firewall PF by connecting/disconnecting into a user account over SSH, either to toggle an IP into a table or rules through a PF anchor.
I got a french press a few weeks after the start of the pandemic.
I loved the thing, but since it takes quite a bit of time to brew with it and it's extremely manual for each step, I worried when life got back to normal I wouldn't be able to replace my pour-over with it for my morning coffee. Little did I know the pandemic was going to last a couple more years.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.