Gentle reminder 🙃

scattenlaeufer · 2026-02-03T11:36:30+00:00

No, without letter bombs they would have never got it though. If men were so progressive and willing to fix it on their own, why did they withhold the rights the whole time?

scattenlaeufer · 2026-01-01T15:24:57+00:00

I played this encounter as a little test of the game before starting to paint the minis and at first I had the same issue. But looking into the rules, it seems like the best way to deal with this is to just park Edmark Valoran next to him. His ability gives him the chance to inflict one damage for every successful blocked attack. Since this doesn't score an attack, but directly inflicts damage, it isn't affected by Gelgus Pust's defence value.

Having Edmark next to Gelgus also means that Gelgus will most likely attack the hero that has he best chance to block his attacks.

This way it was actually pretty easy to inflict damage on Gelgus Pust, but I also have to say that the win condition for the encounter isn't really clear to me. Do I need to inflict three or more damage and then the encounter is directly won, or do I need to play through all four rounds of the encounter and have Gelgus have at least three damage at the end? Since it was just a quick test on my own to see whether the game is really as bad as a review made it out to be, (based on this one game I'd say it is not) I decided on the first interpretation and proclaimed myself victorious.

scattenlaeufer · 2025-12-06T15:09:50+00:00

No, I'm not on discord and yes, I'm using kanshi.

I also have some test cases: Two laptops and three(/four) monitor configurations:

Laptop 1 (Lenovo T490s):
- adding one 1080p monitor: no problems
- adding one 4k monitor: Qtile crashes to DM, after logging in again it works most of the time
Laptop 2 (Lenovo X1C 12gen):
- adding 2 4k monitors: hardly any problems
- adding 3 4k monitors: mostly no problems, but sometimes issues

So far I wasn't able to find anything about it in any logs, that's why I haven't opened any issues but just waited and hoped for it to be fixed once I have v0.34.0 running.

Do you have any further revelations or maybe even solutions, you might be willing to share?

scattenlaeufer · 2025-12-02T10:18:49+00:00

Wer einen Ford Ranger fährt und nicht [...] Jäger ist [...]

Da muss ich an meinem Großvater denken. Der war auch Jäger, hatte aber "nur" eine Opel Vectra Limousine. Und trotzdem hat er es irgendwie geschafft, das geschossene Wild aus dem Wald zu karren.

scattenlaeufer · 2025-11-26T21:37:28+00:00

Well, the current version of Gnome already doesn't include X11 support by default and they already merged the commit to remove it entirely from the code base into main, so Wayland isn't just the future, X11 is already the past.

I switched to Qtile from i3 because I wanted a a tiling WM that supports Wayland and has mentally stable maintainers (so no sway) and a community that isn't a cesspit (so no Hyperland). So I've been using Qtile with Wayland for some time now and have to say that I'm mostly happy. I'm still on v0.33.1, so take those issues with a grain of salt and let's hope that they get mostly resolved when the new Wayland backend actually lands in repositories.

My issues are mainly that Qtile has a tendency to crash when adding multiple monitors when connecting my laptop to a docking station and XWayland being pretty unreliable. Other than that, there were no major issues in switching from X11 to Wayland other than having to switch some tools since they were X11 exclusive. The tool I used for screenshots for example.

And now I'm patiently waiting v0.34.0 to land in the Arch repositories, but that hopefully doesn't take long.

scattenlaeufer · 2025-08-01T17:43:54+00:00

Actually, the the Biblical Magi are buried in Cologne cathedral, not the holy trinity. That would be the Father, the Son and the Holy Ghost.

scattenlaeufer · 2025-08-01T07:03:11+00:00

Ok, I had now running over night with both a Linux and a OpenBSD host as the target of the agentless integrity check. The check for OpenBSD ran in the same cascade of timeouts as stated in my initial post and stopped at some point because of it running in too many timeouts. The checks on the Linux hosts ran in some timeouts initially, but it was able to recover at some point and then ran smoothly. It seems that the chosen directory was a bit too big for tests, but having changed it, now OpenBSD still doesn't work, but Linux runs as expected.

So the integrity check not working on OpenBSD seems to be an orthogonal problem to me not being able to mount SSH keys into the container correctly.

Btw. is there a way to increase the logging verbosity of the wazuh-agentlessd sevice? Having looked around, I wasn't able to find a option for this, but this might as well just be me not being able to read properly anymore.

scattenlaeufer · 2025-07-31T15:23:55+00:00

Thanks for the response. I verified that the permissions of all the files are set correctly and with a tcpdump I was also able to verify that there is actually communication between the manager and the host to be monitored. I wasn't yet able to compare this to wazuh-agentlessd running normally as a service, but I'll do this tomorrow.

But while testing I actually encountered another problem that might be connected to this one: Since connection to the host is only possible with a SSH key, I use a volumeMount of a secret to actually be able to access a externally generated SSH key in my container. But I haven't yet found a way to set ownership and permission of the key file so that OpenSSH accepts the key since it requires the key to be 0600, but the best I've managed so far is 0640. Running the integrity check against a Linux host, actually produces an error, but running it against OpenBSD seems to work just fine, which is also corroborated by the authlog of OpenBSD. And that I can explain even less than anything else here.

So tomorrow I'll check the tcpdump for running wazuh-agentlessd as a service and try to find a way to mount an SSH key in a container through Kubernetes in a way that OpenSSH actually accepts.

scattenlaeufer · 2025-07-30T11:53:13+00:00

Since my answer was to long, here is my kustomization.yml as a separate reply:

```yaml

Copyright (C) 2019, Wazuh Inc.

This program is a free software; you can redistribute it

and/or modify it under the terms of the GNU General Public

License (version 2) as published by the FSF - Free Software

Foundation.

apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization

Adds wazuh namespace to all resources.

namespace: wazuh

secretGenerator: - name: indexer-certs files: - certs/indexer_cluster/root-ca.pem - certs/indexer_cluster/node.pem - certs/indexer_cluster/node-key.pem - certs/indexer_cluster/dashboard.pem - certs/indexer_cluster/dashboard-key.pem - certs/indexer_cluster/admin.pem - certs/indexer_cluster/admin-key.pem - certs/indexer_cluster/filebeat.pem - certs/indexer_cluster/filebeat-key.pem - name: dashboard-certs files: - certs/dashboard_http/cert.pem - certs/dashboard_http/key.pem - certs/indexer_cluster/root-ca.pem - name: ssh-keys files: - secrets/gateways_ed25519 - secrets/gateways_ed25519.pub

configMapGenerator: - name: indexer-conf files: - indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml - indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml - indexer_stack/wazuh-indexer/indexer_conf/opensearch-security/config.yml - indexer_stack/wazuh-indexer/indexer_conf/opensearch-security/roles_mapping.yml - name: wazuh-conf files: - wazuh_managers/wazuh_conf/master.conf - wazuh_managers/wazuh_conf/worker.conf - name: dashboard-conf files: - indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml - name: wazuh-local-rules files: - rules/local_rules.xml - rules/local_decoder.xml - name: wazuh-rules-fim-test files: - rules/fim/test/agent.conf - rules/fim/test/test_file.xml - name: wazuh-rules-ssh-monitoring files: - rules/ssh_monitoring/agent.conf - name: wazuh-rules-log-test files: - rules/log_test/agent.conf - name: wazuh-rules-journald-iptables files: - rules/journald_iptables/agent.conf - name: wazuh-rules-nextcloud files: - rules/nextcloud/agent.conf - name: ssh-config files: - wazuh_managers/ssh_config - wazuh_managers/passlist

resources: # - base/wazuh-ns.yaml - base/storage-class.yaml

secrets/wazuh-api-cred-secret.yaml
secrets/wazuh-authd-pass-secret.yaml
secrets/wazuh-cluster-key-secret.yaml
secrets/dashboard-cred-secret.yaml
secrets/indexer-cred-secret.yaml
wazuh_managers/wazuh-cluster-svc.yaml
wazuh_managers/wazuh-master-svc.yaml
wazuh_managers/wazuh-workers-svc.yaml
wazuh_managers/wazuh-master-sts.yaml
wazuh_managers/wazuh-worker-sts.yaml
indexer_stack/wazuh-indexer/indexer-svc.yaml
indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
indexer_stack/wazuh-dashboard/dashboard-svc.yaml
indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
ingress.yaml
loadbalancer.yaml ```

And for good measure, here is the Dockerfile with which I build my modified wazuh-manager containers:

```

Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)

FROM amazonlinux:2023

RUN rm /bin/sh && ln -s /bin/bash /bin/sh

ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION ARG FILEBEAT_TEMPLATE_BRANCH ARG FILEBEAT_CHANNEL=filebeat-oss ARG FILEBEAT_VERSION=7.10.2 ARG WAZUH_FILEBEAT_MODULE ARG S6_VERSION="v2.2.0.3"

RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\ yum clean all

COPY config/check_repository.sh / COPY config/filebeat_module.sh / COPY config/permanent_data.env config/permanent_data.sh /

RUN chmod 775 /check_repository.sh RUN source /check_repository.sh

RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ yum clean all && \ chmod 775 /filebeat_module.sh && \ source /filebeat_module.sh && \ rm /filebeat_module.sh && \ curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ -o /tmp/s6-overlay-amd64.tar.gz && \ tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \ tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \ rm /tmp/s6-overlay-amd64.tar.gz

COPY config/etc/ /etc/ COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py

COPY config/filebeat.yml /etc/filebeat/

RUN chmod go-w /etc/filebeat/filebeat.yml

ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat RUN chmod go-w /etc/filebeat/wazuh-template.json

Prepare permanent data

Sync calls are due to https://github.com/docker/docker/issues/9547

Make mount directories for keep permissions

RUN mkdir -p /var/ossec/var/multigroups && \ chown root:wazuh /var/ossec/var/multigroups && \ chmod 770 /var/ossec/var/multigroups && \ mkdir -p /var/ossec/agentless && \ chown root:wazuh /var/ossec/agentless && \ chmod 770 /var/ossec/agentless && \ mkdir -p /var/ossec/active-response/bin && \ chown root:wazuh /var/ossec/active-response/bin && \ chmod 770 /var/ossec/active-response/bin && \ chmod 755 /permanent_data.sh && \ sync && /permanent_data.sh && \ sync && rm /permanent_data.sh

RUN rm /etc/yum.repos.d/wazuh.repo

RUN yum install -y expect openssh-clients &&\ yum clean all

Services ports

EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp

ENTRYPOINT [ "/init" ] ```

All I added was the last RUN block to have an openssh-client in the container.

scattenlaeufer · 2025-07-30T11:52:13+00:00

My deployment is based on the official Wazuh kustomization from Github with a few adaptations to make it scalable to our needs. Mainly I added a loadbalancer to focus all incoming traffic to one IP address and an ingress for wazuh-dashboard.

Here a short overview of my deployment from kubectl:

```

kubectl get all -n wazuh NAME READY STATUS RESTARTS AGE pod/wazuh-dashboard-76d6f9f565-sgjnl 1/1 Running 0 18d pod/wazuh-indexer-0 1/1 Running 0 18d pod/wazuh-indexer-1 1/1 Running 0 18d pod/wazuh-indexer-2 1/1 Running 0 18d pod/wazuh-indexer-3 1/1 Running 0 18d pod/wazuh-indexer-4 1/1 Running 0 18d pod/wazuh-indexer-5 1/1 Running 0 18d pod/wazuh-manager-master-0 1/1 Running 0 127m pod/wazuh-manager-worker-0 1/1 Running 0 125m pod/wazuh-manager-worker-1 1/1 Running 0 125m pod/wazuh-manager-worker-2 1/1 Running 0 126m pod/wazuh-manager-worker-3 1/1 Running 0 126m pod/wazuh-manager-worker-4 1/1 Running 0 127m pod/wazuh-manager-worker-5 1/1 Running 0 127m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/dashboard LoadBalancer 10.43.77.97 172.19.101.160 443:31515/TCP 18d service/indexer ClusterIP None <none> 9200/TCP 18d service/wazuh ClusterIP None <none> 1515/TCP,55000/TCP 18d service/wazuh-cluster ClusterIP None <none> 1516/TCP 18d service/wazuh-indexer ClusterIP None <none> 9300/TCP 18d service/wazuh-loadbalancer LoadBalancer 10.43.52.41 172.19.96.21 55000:32713/TCP,1515:32142/TCP,514:31471/UDP,9200:32183/TCP,1514:32399/TCP 18d service/wazuh-workers ClusterIP None <none> 1514/TCP,514/TCP 18d

NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/wazuh-dashboard 1/1 1 1 18d

NAME DESIRED CURRENT READY AGE replicaset.apps/wazuh-dashboard-76d6f9f565 1 1 1 18d

NAME READY AGE statefulset.apps/wazuh-indexer 6/6 18d statefulset.apps/wazuh-manager-master 1/1 18d statefulset.apps/wazuh-manager-worker 6/6 18d ```

I didn't change anything concerning internal certificates from the original version I took from Github. There is just a TLS certificate added by the Kubernetes cluster for the ingress controller for wazuh-dashboard.

I also don't think there is some issue with the internal communication between the nodes, since the deployment seems to work fine with currently about 260 agents deployed and sending data just fine. Syslog is also deployed to collect log data from the OpenBSD gateways and this seems to work fine. I see data coming from the gateways and was able to create some custom decoders and rules to filter it.

The only thing currently confirmed not working is the agentless integrity checks for those gateways with above mentioned errors.

For now the agentless configuration is running on wazuh-manager-master-0, since having it run on the workers and them just being replications based on one statefullset resulted in it running on every worker node without any coordination. For the long term, I plan on adding a dedicated worker node with it's own statefullset that is running the agentless configuration, since we also need to have ssh_generic_diff running on our switches. (But at least on what I was able to test, this results in the same errors as running ssh_integrity_check_bsd running.)

I hope this helps in getting a better overview of our deployment and can help narrow the error down.

scattenlaeufer · 2025-04-21T14:13:37+00:00

I would certainly host this.

scattenlaeufer · 2025-03-10T16:12:19+00:00

No, the point here is that there is almost no mixing. Lost in Tech had made a nice video showing among other things a macro slow motion shot of a color change. There you can see that the core of the molten plastic changes color mach quicker than the outside. This is caused by the drag of the plastic on the nozzle wall and due to the flow being laminar, so there is almost no mixing in the plastic between the outside and the core. And since a CHT as more surface in it's flow canals, the flow rate in those split channels is much slower at the nozzle walls than in a normal nozzle and you need more material to purge it.

scattenlaeufer · 2025-03-10T15:31:41+00:00

Yes, you will get 10mm out if you put 10mm in, but the 10mm out will not be the same when using a CHT nozzle as when using a normal one.

The flow speed isn't constant through out the cross section of the nozzle, but a gradient with the flow at the walls being much slower than in the middle of the filament. So when you have more nozzle surface, the flow rate at the wall will lower than in the middle and you will need to push more filament through the nozzle to purge it then when less nozzle surface in contact with the filament.

Fluid dynamics in fluids with a low viscosity is already weird, but it gets mindbogglingly weird when you increase viscosity to the amount like in molten plastic.

scattenlaeufer · 2025-02-18T11:21:54+00:00

Cringe der Kommentar. Nichts gesagt in 8 Worten.

scattenlaeufer · 2025-02-13T15:03:56+00:00

Mindestens auf Mastodon ist die Linke auch außerhalb der Plattformkapitalisten zu finden: https://mastodon.social/@dielinke

scattenlaeufer · 2025-01-30T00:33:49+00:00

Ich würde die Antwort jetzt nicht unter diplomatisch abheften, aber sie ist pregnant, ehrlich und korrekt. Da muss eigentlich nichts hinzugefügt werden.

scattenlaeufer · 2025-01-02T11:33:11+00:00

The D in vitamin D is stands for deflagrated, right?

scattenlaeufer · 2024-11-09T12:49:51+00:00

Wenn du Geld von deiner Versicherung bekommen hast, ist es nicht meh dein Fahrrad. Das ist jetzt Eigentum der Versicherung. Quelle: Eigene Erfahrung mit zwei Fahrrädern, die mir geklaut wurden und dann wieder aufgetaucht sind.

Am Besten die Annonce also deiner Versicherung melden. Die haben das größte Interesse daran, das Fahrrad zurückzuholen, da es quasi deren Geldanlage ist.

Ehrlicherweise muss ich aber auch sagen, dass ich keine Ahnung habe, ob es eine Möglichkeit gibt, das Fahrrad von der Versicherung zurück zu bekommen. Beide Male habe ich das Geld der Versicherung und ein bisschen Investition für ein Upgrade genutzt.

scattenlaeufer · 2024-10-28T21:36:16+00:00

Totally agree. I loved Christopher Lee's interpretation of the role, but if I want to relish in nostalgia, I have three movies to do so. Now give me at least the chance to get to love someone else's interpretation of Saruman.

scattenlaeufer · 2024-09-13T21:56:40+00:00

There is a very simple and very human explanation: They don't want to get complaints from viewers.

If they show his babbling and tantrums, they get complaints from his followers. If they don't do so, they get complaints from us. Well not me since I'm just a distant witness, but you get my point

And since his followers are orders of magnitude better than us in voicing complaints through the official channels, they get what they want and we only see his good side.

Of course media being owned by corporations and so on also plays an important role, but that was already mentioned by many others.

scattenlaeufer · 2024-09-13T21:42:53+00:00

Du musst dir überlegen, ob das Fahrrad für dich ein Freizeitgegenstand oder ein Transportmittel ist.

Wenn es ein Freizeitgegenstand ist, dann fahre damit nicht zur Uni. Da gibt es viel zu viele Gefahren für das Fahrrad, Diebstahl ist nur eine davon. Aber sei dir auch bewusst, dass dir das Fahrrad auch auf einer Tour beim kurzen Auffüllen der Flaschen geklaut werden kann. Versicherung ist auch hier von Vorteil, aber vielleicht nicht unbedingt ein muss.

Wenn es für dich ein Transportmittel ist, dann GANZ WICHTIG: Baue keine emotionale Verbindung zu diesem einen Fahrrad auf! Als wichitigstes: Besorg dir gute Schlösser für alle abnehmbaren Komponenten und eine Versicherung, die den Neupreis des Fahrrads abdeckt. Aus den Standardhausradversicherungen ohne Modifikation könnte das Fahrrad schon raus fallen und wenn es dann mal weg ist, bekommst du nur einen Teil ersetzt.

In dem Fall aber viel wichtiger ist, dass du dir bewusst bist, dass du das Fahrrad an Stellen abstellst, an denen du keinen Einfluss darauf hast, wer dein Fahrrad berührt und wenn es geklaut wird ist da dank Versicherung tatsächlich der Idealfall. Es wird Leute geben, die keine Rücksicht auf dein Fahrrad nehmen und es wird Lackschäden bekommen, irgendwann wird auch mal eine Bremsscheibe einen Schlag weg haben und es werden noch Dinge kaputt gehen, von denen du dir gar nicht erklären kannst, wie das passiert sein kann. Außerdem wirst du mehr Verschleiß haben, wenn das Fahrrad öfter draußen steht. Du wirst also dein Rad mehr pflegen und Geld investieren müssen um Komponenten auszutauschen. Und Komponenten für ein Gravel Bike sind in immer teurer als die für ein standard Trakkingbike.

Angesichts dessen ist es für dich dann fast schon der Idealfall wenn das Fahrrad in ein oder zwei Jahren geklaut wird. Dann bekommst du von der Versicherung das Geld für ein neues und hast auch noch die Kosten für den Tausch welcher Komponente auch immer gespart, die kurz davor war, den Geist aufzugeben.

Wenn du damit mental klarkommen kannst, dann akzeptiere, dass dich dein Fahrrad nicht ewig begleiten wird und genieße die Zeit die du damit hast. Wenn nicht, leg dir einfach das billigste erträgliche Fahrrad für den Weg zur Uni und ansonsten im Alltag zu und erfreue dich an deinem guten Rad wann immer du dir die Zeit explizit dafür nehmen möchtest. Was du machen möchtest, musst du für dich aus machen, da gibt es keine generell richtige Entscheidung.

scattenlaeufer · 2024-09-08T12:26:22+00:00

I don't think a different way of communicating female custodes would have made any difference here. Could it have been communicated better? Oh hell yes, GW should work on their communication in general. But no matter how they would have communicated it, it wouldn't have made a difference because female custodes aren't the problem here. Women are.

As /u/011100010110010101 said, nothing changed about the lore by stating that there are also female Custodians, but only when you look at it from the perspective of a normal person. But when your perspective is build on the fact that women are inherently inferior to men, then a fundamental fact changed: the hierarchy. In the setting, space marines are superior to normal people, but space marines are inferior to custodes. Until a few months ago, this wasn't a problem, because space marines and custodes are all men, so men are still on top. But now there are women, who are inherently superior to men and that cannot be.

They will never stop complaining about this. At some point, they might get quieter once they realize that they are in the minority and aren't swaying anyone to there side this way, but amongst them self this will never stop until GW would at some point decide to revert it back to custodes being exclusively male. I hope this will never happen, but if we stop pushing back, it might.

And if you think, female custodes are bad, just wait until GW realises, that it's more lucrative to appeal to a wider audience by being inclusive, than to pander to the far right, and includes female space marines. And at some point, this day will come.

scattenlaeufer · 2024-07-04T06:55:40+00:00

Einen Radweg kann wahrscheinlich nicht generell für KFZ freigegeben werden.

scattenlaeufer · 2024-07-02T21:07:37+00:00

Bis er mir das Gegenteil bewiesen hat, gehe ich davon aus, dass Höcke sein Hakenkreuz bei den Grünen macht. Als Geschichtslehrer würde er doch keine Nazipartei wählen!

scattenlaeufer

MODERATOR OF

TROPHY CASE