Pinned toot

WireSep v0.11.3 is out, it contains quite a bunch reliability fixes, especially related to potential deadlocks on transient socket errors.

Thanks to the community in providing me with a macppc so I can now properly stress test from home with all the devices I have. :)

netsend.nl/wiresep

SHA256 (wiresep-0.11.3.tar.gz) = uvhWBE7V9C7Zqms7ApSiFODi7thN7jO+QM2BBtFFBK8=

Pinned toot

WireSep v0.11.0 is out!

WireSep is a privilege separated implementation of WireGuard for OpenBSD.

Some highlights:
* wiresep-keygen(1) now securely stores keys in a file so no more copy/pasting
* proper support for big-endian systems
* various other improvements and fixes

github.com/timkuijsten/wiresep

Note: when upgrading from a previous version, please rename your private key files:
# cd /etc/wiresep &&
for _f in `ls *.key`; do mv "$_f" ${_f%.key}.privkey; done

Whenever I go outside, I'm astonished by how hi-res everything looks! 😲

WireSep v0.11.3 is out, it contains quite a bunch reliability fixes, especially related to potential deadlocks on transient socket errors.

Thanks to the community in providing me with a macppc so I can now properly stress test from home with all the devices I have. :)

netsend.nl/wiresep

SHA256 (wiresep-0.11.3.tar.gz) = uvhWBE7V9C7Zqms7ApSiFODi7thN7jO+QM2BBtFFBK8=

I've been able to weed out some more bugs in WireSep related to client-only mode and macppc (having a machine with a connection fast enough to route all my traffic through really helps).

Help with testing the latest commits would be highly appreciated, also if you only use it as a server. I hope to release another bugfix release by tomorrow if all goes well..

Note that the project and repository are no longer at GitHub but are now located at netsend.nl/wiresep

Now is a good time to help testing WireSep so that it is as good as it can be for the upcoming OpenBSD 6.7 release.

If you're on a recent snapshot, just run `pkg_add wiresep` and it will install the latest version (which is 0.11.1) or download it from netsend.nl/wiresep

In the name of freedom and independence I've moved WireSep away from GitHub to my own domain. It's new home is netsend.nl/wiresep a simple static site hosted on OpenBSD. Now we can explore the project in peace without being tracked by Silicon Valley 😎

WireSep v0.11.0 is out!

WireSep is a privilege separated implementation of WireGuard for OpenBSD.

Some highlights:
* wiresep-keygen(1) now securely stores keys in a file so no more copy/pasting
* proper support for big-endian systems
* various other improvements and fixes

github.com/timkuijsten/wiresep

Note: when upgrading from a previous version, please rename your private key files:
# cd /etc/wiresep &&
for _f in `ls *.key`; do mv "$_f" ${_f%.key}.privkey; done

first steps in a sparc64 system, supercool! somehow feels as exciting as watching the "unix system" scene of Jurassic Park as a kid back in 1993 ;) @stsp big thanks for helping me out 😃

who wants to be my sparc64 vdom friend? ;) (i'd like to test wiresep on it)

What would be the cheapest option to have an OpenBSD system on big-endian? I'd like to be able to test wiresep on it. I know about the EdgeRouter Lite, but I find EUR 100,- a bit expensive for something I don't really need personally.

And here is WireSep v0.10.1 already 😂 While I was preparing a package for ports I saw it contained two patches for building on 32-bit archs that I've now upstreamed in this release.

Get the source here: github.com/timkuijsten/wiresep or wait until a nearby mirror gets the updated package 😎

WireSep v0.10.0 is here. WireSep is a privilege separated implementation of WireGuard for OpenBSD.

This release contains a major effort to clarify all log messages so that looking at the logs no longer makes your eyes bleed. Furthermore it contains some cleanups found with GCC 8 and Clang Static Analyzer.

Thanks to everyone reporting back issues.

ChangeLog: github.com/timkuijsten/wiresep

@qbit do you have an idea when the port update window for OpenBSD 6.7 will close? I'm currently working on version 0.10.0 that will feature more readable logs among other things and it would be nice if this could make it in the next release.

WireSep v0.9.1 is out and fixes some startup issues that slipped in.

ChangeLog:
* fix crash on first packet in client-only mode
* fix a non-critical out-of-bound write when parsing an ipv4 listen address during startup and before entering the main loop that processes data from the network
* fix logging unknown destination ipv6 addresses
* fix a warning in client-only mode about finding a suitable local port

Get it here: github.com/timkuijsten/wiresep

Just released version 0.9.0 of WireSep, a privilege separated implementation of WireGuard for OpenBSD.

This release features a new client-only mode, a major rewrite of the connection management code and some performance and stability improvements.

ChangeLog: github.com/timkuijsten/wiresep

Interview with Evo Morales by Glenn Greenwald on the recent military coup in Bolivia that seems to be about capitalizing on the enormous natural reserves of lithium: theintercept.com/2019/12/16/ev

finally figured out how to ensure the right ip6 source address is picked (which might be an alias of an interface) when setting up a connected UDP socket to a client: setsockopt(s, IPPROTO_IPV6, IPV6_PKTINFO, &(struct in6_pktinfo), ...); nice!

But, it looks like the same is not possible for IPv4, already tried setsockopt(s, IPPROTO_IP, IP_SENDSRCADDR, &(struct in_addr), ...) but it's like it's ignored. I can't use bind(2) with the desired address because of the unconnected server socket...

Linus Torvalds: Git is a distributed version control system, which means even if you lose a remote, you still have your local copy, so your code is safe, unlike centralized VCSes.

Developer Community: wut?

Microsoft: Hmm. How about you use our Visual Studio Online and push it to GitHub, both hosted on our computers, so that you don't have a local copy?

Developer Community: Yaay! Such innovation! Very cloud! Much wow! 🎉

Trump: Thou shall not use US services.

Developers: Where's my code? 😭

release rpass v0.2.1 - strong password generator for humans

ChangeLog:
* tweak documentation, stress that rpass is made for use on the command line or mobile devices, the passwords are shorter than Diceware passphrases of equal strength

github.com/timkuijsten/rpass

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!