Pinned toot

I'm moving to @brynet! This account will remain. Feel free to follow me on both, or.. you know. If you wanna. :blobpeek:

I'm moving to @brynet! This account will remain. Feel free to follow me on both, or.. you know. If you wanna. :blobpeek:

@mulander @bcallah @devnexen @brynet

#openbsd gamers - #Chasm is a metroidvania indie gem released *today* that runs on OpenBSD with sound and gamepad support - first fully running commercial game of 2018! Steam library needs to be replaced with a stub, but that's all! Then just run #fnaify on it and you're good to go!

looks like the schedule for #eurofreebsdcon is out Show more

A lengthy report! ☺️

Ingo Schwarze (@schwarze) on sed(1) bugfixing with Martijn van Duren (martijn@) , and about other small userland stuff

People are insecure about things you wouldn't even imagine. They're afraid you are judging them based on things you haven't even noticed. They secretly believe they're dull or untalented even as you sit in awe of their skills, insight or accomplishments.

Accept them for who they are. Listen to their fears and doubts. Then show them precisely what it is about them that shines so brightly and fiercely that you can't look away.

Just like clockwork, when I am about to call it a night, the TU Graz guys release a new Spectre level: NetSpectre. It is β€œa remote Spectre attack without attacker-controlled code on the victim, and the first Spectre attack which works without the cache as covert channel.”


Theo de Raadt on unveil(2) usage in base, a userland diff (approx. 37 programs so far) demonstrating how it will be used, also touching a bit on chrome:

For people experimenting on -current, robert@ just unveiled his unveil(2) work for chromium on , including a overhaul of the existing pledge(2) support, still a WIP! ☺️

"Do "Return stack refilling", based on the "Return stack underflow" discussion and its associated appendix at
This should address at least some cases of "" and earlier variants; more commits to follow."

"Once great men lived here... giants... gods... once, but long ago."

This bug highlights a problem with securing containers: the tiniest bit of kernel code can screw it up. All it takes is one infoleak. Have you audited your entire kernel, including modules and binary blobs for information leaks?

Virtualization, whether it be a hypervisor or a container, does not increase security.

Interesting observations while poking around again today, unveil(2) and pledge(2) are separate, yet complimentary features, you can use unveil(2) without using pledge(2). This was confirmed by bob_beck@ on Twitter.

Another thing, while not presently documented, is the possibly to once again "veil" previously unveiled filesystem points, by using an empty string as the flags argument. This appears to be intended for some complex use case, but still very cool.

Now in manuals :

unveil(2) β€” unveil parts of a restricted filesystem view

Show more

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!