Searching yarn

Twts matching #OpenBSD
Sort by: Newest, Oldest, Most Relevant

Using gzip compression for the twtxt files now. I don’t expect any issues but let me know if something breaks. đŸ„

(This feature is implemented in a pretty minimalistic way in OpenBSD’s httpd 
)

​ Read More
In-reply-to » @lyse @tftp Someone has pointed out that there’s OpenRsync:

Actually, I’m stupid: I’m using the normal rsync on OpenBSD as well.

And regarding OpenRsync’s general usability:

https://marc.info/?l=openbsd-misc&m=178090751524547&w=2

Right now openrsync is limited in functionality and is primarily present
for rpki-client. The limited functionality makes it unusable for generic
use and so any diff or change like the above will not be considered since it
is simply not ready.

First problem to solve is to remove the mmap usage in openrsync. After
that modern protocol versions need to be added. Once that is in place one
can start a discussion about using openrsync as a default on OpenBSD.

​ Read More
In-reply-to » @movq I noticed that your feed's last modification timestamp was missing in my database. I cannot tell for certain, but I think it did work before. Turns out, your httpd now sends the Last-Modified with UTC instead of GMT. Current example:

@shinyoukai@neko.laidback.moe Not using OpenBSD or httpd? Yeah. It’s been working quite well since ~2017, so, meh, too lazy to switch now. But nothing is set in stone, of course.

​ Read More
In-reply-to » @movq I noticed that your feed's last modification timestamp was missing in my database. I cannot tell for certain, but I think it did work before. Turns out, your httpd now sends the Last-Modified with UTC instead of GMT. Current example:

@lyse@lyse.isobeef.org It’s already fixed:

https://github.com/openbsd/src/commit/668f1f05e71c5e979d278f1ad4568956226715ea

Question is when that fix will land. 😅

​ Read More
In-reply-to » I just noticed this pattern:

And regarding those broken URLs: I once speculated that these bots operate on an old dataset, because I thought that my redirect rules actually were broken once and produced loops. But a) I cannot reproduce this today, and b) I cannot find anything related to that in my Git history, either. But it’s hard to tell, because I switched operating systems and webservers since then 


But the thing is that I’m seeing new URLs constructed in this pattern. So this can’t just be an old crawling dataset.

I am now wondering if those broken URLs are bot bugs as well.

They look like this (zalgo is a new project):

https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/

When you request that URL, you get redirected to /git/:

$ curl -sI https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/
HTTP/1.0 301 Moved Permanently
Date: Sat, 22 Nov 2025 06:13:51 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 510
Location: /git/

And on /git/, there are links to my repos. So if a broken client requests https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/, then sees a bunch of links and simply appends them, you’ll end up with an infinite loop.

Is that what’s going on here or are my redirects actually still broken 
 ?

​ Read More
In-reply-to » I have a late-2010s ThinkPad running OpenBSD, but it's about as fast as a snail carrying heavy shopping through molasses. I'd like to run something other than Linux, for variety, but the other members of the BSD family failed for various reasons. What OS do you guys think I should try?

@dce@hashnix.club Which Thinkpad specifically is this? “Late-2010s” doesn’t sound very old, to be honest, I wonder why OpenBSD is giving you so much trouble. đŸ€”

​ Read More

I have a late-2010s ThinkPad running OpenBSD, but it’s about as fast as a snail carrying heavy shopping through molasses. I’d like to run something other than Linux, for variety, but the other members of the BSD family failed for various reasons. What OS do you guys think I should try?

​ Read More

OpenBSD has the wonderful pledge() and unveil() syscalls:

https://www.youtube.com/watch?v=bXO6nelFt-E

Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.

Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:

unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);

Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.

I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.

I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():

https://landlock.io/

​ Read More

So I was using this function in Rust:

https://doc.rust-lang.org/std/path/struct.Path.html#method.display

Note the little 1.0.0 in the top right corner, which means that this function has been “stable since Rust version 1.0.0”. We’re at 1.87 now, so we’re good.

Then I compiled my program on OpenBSD with Rust 1.86, i.e. just one version behind, but well ahead of 1.0.0.

The compiler said that I was using an unstable library feature.

Turns out, that function internally uses this:

https://doc.rust-lang.org/std/ffi/struct.OsStr.html#method.display

And that is only available since Rust 1.87.

How was I supposed to know this? đŸ€šđŸ«©

​ Read More

OpenBSD 7.7 released
Another six months have passed, so it’s time for a new OpenBSD release: OpenBSD 7.7 to be exact. Browsing through the long, detailed list of changes, a few important bits jump out. First, OpenBSD 7.7 adds support for Ryzen AI 300 (Strix Point, Strix Halo, Krackan Point), Radeon RX 9070 (Navi 48), and Intel’s Arrow Lake, adding support for the latest x86 processors to OpenBSD. There seems to be quite a few entries in the list related to power management, from work on hibernation and suspend 
 ⌘ Read more

​ Read More
In-reply-to » @movq i tried ngircd but couldn't figure it out T__T i left it at the web client and bouncer for now but i might toy with an IRC server another time!

@kat@yarn.girlonthemoon.xyz At the core, you need an ngircd.conf like this:

[Global]
    Name = your.irc.server.com
    Password = yourfancypassword
    Listen = 0.0.0.0
    Ports = 6667

    AdminInfo1 = Well, me.
    AdminInfo2 = Over here!
    AdminEMail = forget.it@example.invalid

[Options]
    Ident = no
    PAM = no

[SSL]
    CertFile = /etc/ssl/acme/your.irc.server.com.fullchain.pem
    KeyFile = /etc/ssl/acme/private/your.irc.server.com.key
    DHFile = /etc/ngircd/dhparam.pem
    Ports = 6669

Start it and then you can connect on port 6667. (The SSL cert/key must be managed by an external tool, probably something like certbot or acme-client.)

I’m assuming OpenBSD here. Haven’t tried it on Linux lately, let alone Docker. 😅

​ Read More

@andros@twtxt.andros.dev Can you reproduce any of this outside of your client? I can’t spot a mistake here:

$ curl -sI 'http://movq.de/v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:17 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd

$ curl -sI 'https://movq.de/v/8684c7d264/gimp11%2D1.png'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 131798
Content-Type: image/png
Date: Wed, 19 Mar 2025 19:53:19 GMT
Last-Modified: Wed, 19 Mar 2025 17:18:07 GMT
Server: OpenBSD httpd

$ telnet movq.de 80
Trying 185.162.249.140...
Connected to movq.de.
Escape character is '^]'.
HEAD /v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg HTTP/1.1
Host: movq.de
Connection: close

HTTP/1.1 200 OK
Connection: close
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:31 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd

Connection closed by foreign host.
$ 

​ Read More

A more robust raw OpenBSD syscall demo
Ted Unangst published dude, where are your syscalls? on flak yesterday, with a neat demonstration of OpenBSD’s pinsyscall security feature, whereby only pre-registered addresses are allowed to make system calls. Whether it strengthens or weakens security is up for debate, but regardless it’s an interesting, low-level programming challenge. The original demo is fragile for multiple reasons, and requires manually locating and entering addresses for each bu 
 ⌘ Read more

​ Read More

Exploring the (discontinued) hybrid Debian GNU/kFreeBSD distribution
For decades, Linux and BSD have stood as two dominant yet fundamentally different branches of the Unix-like operating system world. While Linux distributions, such as Debian, Ubuntu, and Fedora, have grown to dominate the open-source ecosystem, BSD-based systems like FreeBSD, OpenBSD, and NetBSD have remained the preferred choice for those seeking security, performance, and licensing flexibility. 
 ⌘ Read more

​ Read More