Pinned toot

Bought the book (by @mwlucas) and now been configuring relayd (by @reyk) to act as a defensive TLS proxy.

Started easy with “TLS inbound”->”TLS intranet server” and now added:

* checks (is the server up)
* whitelisting of URLs

Being able to exclude trivially access to admin URLs is so incredibly powerful compared to mod_ssl nightmares.

Once again you use the tools which #OpenBSD provides and realise you can actually regain simplicity in configurations.

Thank you both for book & code.

Le Cloud Act, la riposte américaine au RGPD européen

"Le octroie au gouvernement américain l'accès à l'ensemble des données personnelles de n'importe quel citoyen, peu importe sa nationalité, du moment que les données sont stockées chez des hébergeurs américains et peu importe la position géographique du data center, et ce sans avoir à saisir un tribunal et, bien évidemment, sans avoir à le notifier aux personnes concernées."

"In Back to the Future Part II, Biff Tannen was thinking too small. Instead of a sports almanac, he should have brought a copy of the CVE database."

Read this. This article pretty summarizes what I see every day. And when I criticize it, half of the audience doesn't understand my point. They are simply to young and grew up with smart phones and fast lines.

"Software disenchantment": via

@Qwxlea Depends entirely on your situation.

I try to make changes to my workstation via commits to Ansible playbooks so I can recover it in minutes when needed. I do this by not having root/doas access.

The #BSDPL meetup was fun it was worth the 8-9h drive in traffic.

There is a live stream recording of my talk here

and the slides are on my server

Thanks to @Michcioperz for dropping by!

Continuous Unix commit history from 1970 until today (And why does this repo have 2800 stars only?!?)

Having read @whitequark's work on decrypting the USB-C specifications I am relatively sure that we are going to be seeing some "innovative" attacks via that vector, in particular via the "smart power" specs.

The idea of being able to speak to the system via the PSU and interact with the SMM on Intel CPUs is quite fascinating. A hardware attack but not necessarily: if the comms is two-way you can seed the PSU and then use it as a backdoor at a later stage, e.g. "power on at 3am, do stuff".

How do you :

- Delete all lines except those containing matches for REGEXP.

- Removes lines matching a regexp.


Careful, if you blinked you may have missed that #RETGUARD has reduced the number of useful #ROP gadgets at runtime on #OpenBSD/arm64 to zero.

Lenovo released a new BIOS update that brings back S3 support (v1.30) so suspending should now work under #OpenBSD on the X1C6

Once you get a B.S., you think "you know everything". Once you get an M.S., you realize "you know nothing". Once you get a Ph.D., you realize that "yes, you know nothing, but that is not a problem, because nobody knows anything!"

@screenless Alright, got the printer working with lpd on #OpenBSD! Getting ESC/POS to work to print pictures/qr-codes comes next.

Scott Meyers : "C++ is a large, intricate language with features that interact in complex and subtle ways, and I no longer trust myself to keep all the relevant facts in mind. As a result, (…) I no longer plan to update my books to incorporate technical corrections."

Show more

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!