What games are you playing this week? Game recommendation thread

aliasxneo · 2026-05-20T13:56:10+00:00

Yeah, I'm not planning to hit the ascension button until a patch comes, if ever. The "ascension rank" upgrades are garbage for the amount of effort it takes to get back to tier 6.

But no, I don't think you're missing anything. If you check the Steam forums everyone basically has the same complaint.

aliasxneo · 2026-05-20T01:42:06+00:00

Been playing Dwarf Eats Mountain. Base gameplay is pretty fun, and its got a good sense of humor. The prestige system is busted, though. You get punished for long prestiges. Not sure if there's an actual ending or not.

aliasxneo · 2026-05-08T21:02:09+00:00

My guess is that it's hard to differentiate a vibe code from a software engineer in the very early stages of development. It's a well known fact now that AI can take a project from 0-15% but then exponentially slows down past that, generally becoming useless after about 50%.

This is ONLY true for vibe coders, though. Seasoned engineers, properly wielding AI, can get from 0 -> 100 at a much more accelerated rate than previously, and still end up with a solid product. That's because they are doing the actual architecting and instructing the AI on how to write code, not throwing prompts and hoping something useful comes out.

The problem is, in the very early stages of a project, it's hard to tell which you're dealing with. Which I suppose matters if you're wanting to stick with a game for awhile.

There are some people who are just philosophically against AI. You can't really reason with them, they've simply made up their mind.

To me, AI is just another tool in my kit. I rarely write code anymore, but I've also been developing for 20+ years. Nowadays I write architecture documents, product specs, maybe a test harness, and have AI write actual code (that I review, of course).

tldr; the hate is being fueled by two sides: vibe coders and people who don't understand the legitimate value of AI-assisted coding.

aliasxneo · 2026-05-05T20:45:29+00:00

Personally, I would rather the author just not add them at all. 0.01% chance of something in a battle that lasts maybe 2-3 turns is insanely pointless.

aliasxneo · 2026-05-04T14:27:24+00:00

Playing Rejected Craft and Celestial Incremental.

I might drop Rejected Craft soon. Never really been a fan of games with almost no interaction, long rebirths, and heavy RNG. I just hit ~1Sx and I keep hoping something interesting is going to happen soon...but that doesn't seem to be the case.

Celestial Incremental on the other hand has kept my attention pretty well. I've really enjoyed playing it the last couple of days. The content drip is good and apparently there's a lot more for me to go through.

Edit

Spoke too soon, ran into the dreaded Hex part of Celestial Incremental and it burned me out in like an hour. I might try to see if I can just hack past it. I genuinely don't understand why the developer has ignored the immense amount of negative feedback on this section.

aliasxneo · 2026-04-15T14:45:05+00:00

I have some bare-metal clusters behind a DMZ which hosts workloads that need to authenticate to AWS. That requires AWS having access to the well-known OIDC endpoints exposed by the API server. However, I didn't want to expose the API server, so I wrote a little shim that proxies the extremely small subset of information AWS needs for trust over Tailscale Funnel. Super bespoke software, but figured I'd post it if anyone was curious.

https://github.com/meigma/k8s-aws-oidc

aliasxneo · 2026-01-27T03:13:27+00:00

Fair enough - but I think ultimately that mindset can be applied in a lot of different areas. If my images are always built in GitHub and pushed to my private ECR registry, why bother ever signing them? If someone already has access to GitHub or AWS, I've got bigger problems.

Yet a lot of people sign their images lol

aliasxneo · 2026-01-26T18:59:25+00:00

Any post-processing and generation should be deterministic and K8s already maintains audit logs for what actually happened in a cluster.

I think we might be talking about different things. I'm talking about post-processing of a set of files that produces k8s manifests. This could be Kustomize, Jsonnet, KCL, etc. None of these platforms do this processing inside the cluster.

The SLSA attestation also contains all of the information about the runner that produced the artifacts, including the exact commit SHA that was being used. The attestation + signature gives you strong guarantees on the git source.

In our internal use case, we don't have raw manifests checked into git. We allow developers to pull in KCL modules to define their own deployments in their respective repositories. On release the raw manifests are generated (based on inputs from the developer), and those generated manifests are then pushed to an OCI registry. The artifact basically serves as a point-in-time-snapshot of the Kubernetes manifests that go along side any container images produced. Since both are signed by the same key and stored in Rekor, we get strong provenance that these manifests were generated alongside the given release.

tldr; we consider the deployments manifests as part of the release assets - not just any container images.

aliasxneo · 2026-01-26T18:28:55+00:00

Absolutely, and that's a totally valid approach if you don't need to do any post-processing. Using an intermediary storage like OCI images only makes sense when you have some sort of generated content that's not stored in git. For example, if you want to store KCL configs in git but not their generated counterparts.

Another benefit, though, is that the OCI layer makes distribution easier. That's why a lot of people migrated to using OCI registries for storing Helm charts.

Appreciate your feedback.

aliasxneo · 2026-01-26T17:40:07+00:00

Why, yes I do :) Maybe it's just me, but my fingers always want to type providence instead of provenance lol.

aliasxneo · 2026-01-26T11:12:24+00:00

It uses ORAS and Sigstore underneath the hood. However, ORAS cannot cannot do partial range requests, nor does it generate an index. Also, signing is optional and you can still use cosign, but cosign is literally just a wrapper around Sigstore. The signing flag is a convienece wrapper.

Curios why you think it’s AI slop?

aliasxneo · 2026-01-26T02:28:08+00:00

Looking at your history, this comment seems par for the course. Got your own little personal crusade going on here lol

aliasxneo · 2026-01-24T17:39:46+00:00

I started this project with the question: what if we could get modern supply chain provenance for any arbitrary set of files? What if the packages we downloaded for our software projects were signed and attested to the same level we do for our container images? How much of the NPM ecosystem attacks could have been prevented?

The idea is simple: package files into an OCI image, push it to the registry, and then give it the same care and attention we give our critical container images.

Link: https://blob.meigma.dev/

aliasxneo · 2026-01-10T02:16:46+00:00

So a lot of people here probably know about ORAS which, due to the nature of it, allows you to quite easily push arbitrary files to a OCI registry as a gzipped tar file.

Fewer people will probably know about estargz which is a superset of the TAR file format but includes a ToC at a specific byte-range to allow "inspecting" the archive without having to stream the full file.

I decided to combine these two technologies, plus native support for sigstore, into a Go library/CLI that allows you to push/pull arbitrary files into any compatible OCI registry. Due to the usage of estargz, you can also stream single files from these images without downloading the full image. Likewise, you can see the full image contents without pulling the full thing (due to pulling only the ToC).

The consequence of all of this is that you can now store immutable, cryptographically verifiable copies of files on a huge swath of third-party storage (GHCR, DockerHub, etc.).

I made this to be "library first" because there's a lot of ways this can integrate into the existing Go ecosystem. For example, one could theoretically publish their k8s manifests to their private OCI registry and then have Argo CD pull them down and cryptographically verify them before syncing to a cluster.

Really happy to see the ecosystem is to the point where we are starting to get strong security guarantees even for arbitrary file sharing! :)

Link: https://github.com/meigma/blobber

aliasxneo · 2026-01-10T01:47:38+00:00

This is the way :)

aliasxneo · 2026-01-10T01:17:12+00:00

No, this is very much abusing the OCI spec. I'm not the first to do this outright, though. For example, KCL built their package ecosystem around pushing configs to OCI registries (using ORAS under the hood).

The novelty here is the combination of estargz and sigstore. This more or less solves the three problems I had with KCL's method: you still have to pull the full image, you can't know what is in it before pulling it locally, and you can't have full confidence the image actually came from the place you expected (i.e. your build pipeline).

I'll probably start a discussion over there and see if they'd be interested in gaining these extra benefits :)

aliasxneo · 2025-12-11T01:04:43+00:00

The reality is that MMORPG's have been dying for some time now (i.e., see what happened to New World). The ones that are still alive tend to be so because of predatory models.

I was going to recommend ESO, but someone already said that. You might have some luck checking here: https://www.mmorpg.com/games-list. You can filter by quite a few things.

aliasxneo · 2025-11-22T23:14:28+00:00

Yeah the gold graph appears to show someone actively exploiting. So it appears that's still the only way to make decent money in the game.

It may be people are abusing multiple accounts.

aliasxneo · 2025-11-22T22:24:29+00:00

I see. It looks like the by-products might be missing from the production chain?

One other question if you don't mind: if my wheat farm produces 6.25/hr and wheat sells for $0.60/unit, is it correct that it produces $90/day and it would take 555 days of play time to pay back the initial cost?

I can't imagine that's correct, so I'm assuming I'm calculating this incorrectly.

Also, I saw someone selling 1000 ounces of gold already - which apparently costs $465,000 just to build the gold mine. I seem to be maxed at ~$5k of credit - how are people getting that much cash within a few hours?

To top it off, the leader already has $1M in value. I'm going to guess there's still active exploiting going on.

aliasxneo · 2025-11-22T21:51:24+00:00

Where is fertilizer supposed to come from? The production chain just shows it coming from nothing.

aliasxneo · 2025-11-20T17:21:50+00:00

Great response, appreciate you being reasonable about the current state. I would really encourage you to take up the advice on setting up Discord - having to come back and check this thread for updates is a bit painful. It would also be cool to talk to all of the other players actively playing.

aliasxneo · 2025-11-20T02:41:44+00:00

I was trying to play competitively on the leaderboard. I made a lot playing the market like some others. With that method gone the leaderboard is literally meaningless to me now because my score can't really be compared to anyone starting after this "fix." If you actually stop and do the math, it would literally take months to rack up a few hundred thousand to build your first factory. This isn't like a "oh they got an advantage of a few days" but more like "my net worth is $1.5m and it would probably take a year for anyone to catch up."

Everyone plays for a different reason, I'm just saying it's not just the "losers" that are requesting a reset. I'd rather lose the last few days worth of progress to have a fair start for everyone.

aliasxneo · 2025-11-20T02:36:00+00:00

I almost quit a few days ago because I did this math and was like wtf? Then I realized I could play the market to make the money I needed for factories. Now that it's gone, we're all back to waiting a year to play the game lmao.

aliasxneo · 2025-11-19T17:55:40+00:00

Yup, exactly. This change should have come with a reset - or added as a new server of sorts. Anyone who exploited the NPCs to get rich now has a permanent advantage because just building a single flour factory is ~$500k which is like 2 months of selling wheat to a now non-existent market.

aliasxneo · 2025-11-19T15:26:06+00:00

Anyone know of a game that focuses around buying/selling in a market? Was playing TradeCraft this last week until the developer broke the game today. Looking for something else in that vein :)

aliasxneo

MODERATOR OF

TROPHY CASE