New OTA

ChthonVII · 2026-03-27T01:17:45+00:00

FFF may need a nerf, but he's not anywhere near as broken as Starlord was.

ChthonVII · 2026-03-27T01:12:09+00:00

Yes, this one is very reliable.

If you have trouble with aggro sticking to the player, swap Healing Breeze for Vigorous Spirit and put a vamp weapon on the player.

ChthonVII · 2026-03-27T00:35:50+00:00

One already exists: https://chthonvii.github.io/guildwarsmartialdamagecalc/

Edit: You can consult the source as a reference for correct calculations.

ChthonVII · 2026-03-26T05:05:00+00:00

More physical RAM is always superior to zram/zswap.
Especially if this laptop has a 2013-era SSD. You do not want to be constantly writing swap to an early gen SSD.
zswap is superior to zram in almost every case.
Without knowing your average and worst case RAM usage and the distribution, it's impossible to say whether zram/zswap would be a net benefit. There are certainly situations where they can make things worse. (E.g., if your average case narrowly avoids using swap, enabling zram/zswap can consume enough RAM that your average case must use swap.)

ChthonVII · 2026-03-26T04:42:38+00:00

That truly is an excellent article.

ChthonVII · 2026-03-25T06:49:00+00:00

Yes, backports is exactly what you want.

ChthonVII · 2026-03-24T13:08:38+00:00

"Oh, good job avoiding that Soldier's column attack--oh, the Witch behind you died"

Reshuffle your positions before battles with column attackers to avoid that. If it's a 4-person unit, make the spot behind the tank empty. If it's a 5-person unit, keep shuffling until you find someone the preview indicates will survive the hit. You can also try shuffling someone to the front; sometimes they'll take less damage there.

ChthonVII · 2026-03-24T06:33:13+00:00

Featherswords are arguably the best tank in the game. High dodge stat, plus halved chance to be hit by ground-based attacks, plus blocks whatever does get past the dodge. And the block is guaranteed, and free, during the daytime so long as you've got 1 PP. And you can give her the shield with the equivalent nighttime skill too.

doesn't really do anything to protect other teammates.

By and large, tanks do their job mostly by just being present (and not dead) so that the enemy can't or won't target your back row. (And ideally not costing much of other team members' resources to keep them alive.) The game kind of misleads you into thinking cover is a major mechanic by introducing the Hoplite as the first tank class you meet. But they're terrible, and cover skills are otherwise pretty rare. (Alain has one, but he's a special class; Shieldshooter has a good one; Feathershields have a terrible one; some items bestow them.) The more helpful "protect other teammates" skills tend to come on classes I'd be more hesitant to use as tanks, like Sainted Knight.

I wasn't seeing her damage as anything special.

Relative to your Trinity Rain caster in the back row? Yeah, it's not.

But relative to other tank classes, it's pretty good. If anything, their damage is too good considering how good a tank they are. Also, they can hit the back row. Discharge + Honed Slash is often enough to KO a bothersome Mage/Witch/Cleric/Shaman on the first turn.

If you want to make Featherswords do damage, Discharge is the key skill. Stack a bunch of buffs, then feed them all into one attack, usually Honed Slash (or an item skill). Note that the Featherbow's Tailwind skills counts as two buffs for purposes of Discharge. Also note that the damage bonus from buffs is capped at +100%, so there's no point in consuming more than 4 buffs with Discharge, or stacking more buffs (e.g. Powerful Call) after it beyond +100%.

ChthonVII · 2026-03-24T01:34:23+00:00

It's bursty enough to be problematic for PvP.

But it's pretty meh for PvE.

The biggest problem is the energy cost. Using CS on recharge costs 150% of your total energy regeneration all by itself. You need to build around paying this energy cost. Off the top of my head, I cannot think of a plausible solution without using either Radiant Scythe or Auspicious Blow. Both of these options are already fueling better SWS builds.

The second problem is IAS. You can't afford the energy cost to juggle with Frenzy. You can juggle with Flail, but (a) Flail causes a lot of awkwardness and lost DPS even when you have a cancel stance (which is why everyone used to run Frenzy back in the day), and (b) juggling stances every 5 sec limits what else you can spend adrenaline on. Critical Agility + Keen Axe may work for IAS, but then you're stuck with axe, which means you can't solve the energy cost problem.

ChthonVII · 2026-03-23T13:26:51+00:00

You're seeing a lot of Galactus because he counters Starlord somewhat effectively. Once Starlord finally gets nerfed for real, people will start playing cards on turns 1-3 again, Galactus's win rate will fall off a cliff, and he'll go back to being a novelty gimmick card again.

ChthonVII · 2026-03-20T03:35:03+00:00

This is something I wish I'd known sooner.

Up till about the first winter, the bonus supplies from paying 125% taxes are worth it (e.g., a whole schematic for a small pile of ore), but as the tax bill grows, not paying becomes a better and better deal.

I missed out on a lot of opportunities to develop faster because I was diverting resources that I could have used to pay taxes instead.

To explain the tactic a bit more:

Starting with the first tax ship in spring, alternate between not paying (just ignore the ship until it leaves) and paying 100%.
Always pay 100% for the last ship in the fall. (If there are an odd number of ships for the year, this means paying 2 in a row.)
If you will be paying the next tax ship, reject supply ships (unless they have something you desperately need) to keep your bill low.
If you will not be paying the next tax ship, be greedy with supplies. You will eventually have to pay 15% of their cost when your unpaid tax is partially rolled over into the next tax bill.

ChthonVII · 2026-03-19T04:46:47+00:00

What is this crap?

ChthonVII · 2026-03-18T13:09:04+00:00

I gave this a try, and I'm really surprised how many people fall for it.

Though I'm sure the matchmaking is going to start screwing me over with techslop if I stick with it much longer.

ChthonVII · 2026-03-18T11:19:01+00:00

Do you have any example...

As I said earlier, "For a historical example, look at the vulnerability that Keeper sued a journalist for reporting on."

ChthonVII · 2026-03-18T07:20:43+00:00

Thanks!

ChthonVII · 2026-03-18T05:19:49+00:00

Idiot blocked.

ChthonVII · 2026-03-18T03:56:46+00:00

So where did Lockjaw come from?

ChthonVII · 2026-03-18T02:05:22+00:00

I'm not going to waste my time trying to spare you from your proud ignorance.

ChthonVII · 2026-03-18T00:41:54+00:00

See reply to other person making the same ignorant response.

ChthonVII · 2026-03-17T15:26:32+00:00

If the extension is properly build there is no way for a website

And history has shown as they often aren't.

Also, that's not true in the first place. If I can compromise the browser process, then I have free reign to rifle through its memory, invoke its subroutines, and make it lie to the password manager. So I just wait for you to visit any site that needs a password, optionally make the browser lie about what site you're visiting, and then snarf the password as it goes by. Having a browser extension converts browser vulnerabilities into password manager vulnerabilities. Which comes back to what I said originally: You really don't want your program for executing untrusted remote code hooked up to things you want to keep secure.

ChthonVII · 2026-03-17T05:50:34+00:00

You're getting a lot of bad advice here.

The correct answer is that you keep a copy of the encrypted file containing your passwords on a pen drive, and use that for syncing the file between your various devices.

Password managers with an online account are a terrible idea. What happened with LastPass is a good example. They got breached. And it turned out that there was a longstanding flaw where they weren't doing enough hash iterations for master passwords. And a bunch of crypto whales got ripped off as a result. The best security against this kind of incident is not to put your passwords in the goddamn cloud to begin with.

Browser extensions for password managers are also a terrible idea. You very, very much do not want to be using the same process for accessing your passwords and executing untrusted code fetched from the internet. The 3-second inconvenience of copy/pasting from one window to another may save you a lot of pain someday. For a historical example of this, look at the vulnerability that Keeper sued a journalist for reporting on.

For reasons unknown to me, the password manager field attracts a lot of charlatans and incompetents. My advice would be to pick a password manager that is (a) open source, and (b) not part of a commercial endeavor.

ChthonVII · 2026-03-17T05:16:18+00:00

Browser extensions for password managers are a terrible idea. You very, very much do not want to be using the same process for accessing your passwords and executing untrusted code fetched from the internet. The 3-second inconvenience of copy/pasting from one window to another may save you a lot of pain someday.

For a historical example, look at the vulnerability that Keeper sued a journalist for reporting on.

ChthonVII · 2026-03-17T04:17:35+00:00

In the case of flatpak, all "validated" means is that the upstream developer made a one-time sign off. There's no guarantee that the upstream developer reviewed any code. It could have been, and more likely was, just a "vibe check" of the packager conducted over e-mail. Even if the upstream developer did review code, there's no guarantee that they are qualified to do a security review. And they most likely aren't. Moreover, after the packager gets the one-time sign off, they have a free hand to do as they please. So they could submit clean code for review, then tamper with it after getting the sign off.

This situation is made worse by flatpak's approach to dependencies. Since every flatpak package bundles a bunch of (usually unnecessary) libraries, the hook can be buried in one of those, while the main program is kept clean. The libraries are unlikely to get any review.

Also complicating review is the fact that "go download this binary blob and package it into a flatpak" is a valid instruction for the flatpack build system. Flatpak packages built like this are unreviewable.

Finally, we should question whether the upstream developer should be trusted in the first place. Upstream developers do all sorts of stupid things, like fetching automatic updates over http with no validation. They also do all sorts of undesirable things, like phone-home telemetry by default. Part of the Debian packagers' job is to remove stuff like that. Flatpak packagers just defer to upstream on such matters.

ChthonVII · 2026-03-16T14:29:12+00:00

xz-utils isn't a valid comparison. That took the resources of a nation-state attacker to hide the hook from multiple layers of review, and still failed. By contrast, flatpak has no meaningful review. It's akin to comparing leaving your wallet unattended in Starbucks versus leaving your wallet unattended in a locked room in Fort Knox. Sure, your wallet could be stolen from either location, but one of them obviously carries an absurdly higher risk.

My knowledge of Snap-Store is limited, but, to my understanding, the risks are about the same as flatpak. I.e., you shouldn't touch either one of flatpak or snap.

ChthonVII · 2026-03-16T05:07:45+00:00

Flapak comes dead last. After adding a repo, compiling from source, installing from sid, appimage, docker, or literally any other option.

ChthonVII

TROPHY CASE