horia rss
just a simple OpenBSD appreciator
Upgraded this instance to #honk v1.5.0
OpenBSD -current port patch https://marc.info/?l=openbsd-ports&m=174908668115148&w=2
OpenBSD 7.7 -release amd64 package pkg_add -Dunsigned https://www.vedetta.com/pub/OpenBSD/7.7/packages/amd64/honk-1.5.0.tgz
horia
bonked 03 Jun 2025 11:10 -0700
original: tedu@honk.tedunangst.com
Honk Cyan Cellophane v1.5.0 It's that time of year again when I smash the button and the honk comes out. 1.5.0 has a bunch of exciting changes. We've got new images coming. AVIF and HEIC are now supported, for all you freedom and iphone lovers. Converting jpeg to avif really does make a pretty big difference when browsing the timeline over a more modest link. But there's no new build dependencies for things who prefer to keep things just as they are. libavif and libheif are only loaded if present and requested. I spend some time uselessly optimizing memory usage and some other performance tuning, to make things not really all that much faster. But it felt good. You've got high uptime standards. You expect six nines. Nice. But honk's millisecond restart times were threatening all of that. Well now you can do hot restarts with SIGHUP. Very nice. Every honk can now trigger a web. Let your honks flow freely into other systems where people do not expect them. And despite all that, the release packaging is 40% smaller? How? The R&D team has been hard at work on a new quantum compression technique. Is the big dependency included? Is a smaller dependency with the same features included? By creating a quantum superposition, we achieve observable functionality without excess entropy. Magic! That's all. See you soon, when 1.5.1 comes out.
horia
bonked 02 Jun 2025 12:03 -0700
original: izder456@ieji.de
Hello! I wrote this little piece of software similar to a uname on steroids called exfetch Its simple by design. The defaults are identical for everyone. "Configuration" is done via command line flags and shell features. I wrote up a port for #OpenBSD of it, I'd like to see it get merged, so please test! https://marc.info/?l=openbsd-ports&m=174882823015434&w=2
horia
bonked 02 Jun 2025 07:39 -0700
original: sizeofvoid@bsd.network
Had the chance to spend 3 weeks in Japan recently - running an ultramarathon, attending an OpenBSD hackathon, and exploring the country. Wrote up the experience for anyone interested in the intersection of hackathons, running, and travel: https://rsadowski.de/posts/2025/j2k25-japan-openbsd-hackathon/
horia
bonked 01 Jun 2025 13:16 -0700
original: tedu@flak.tedunangst.com
pledge with a reëxecing process
I have a web application process, which talks to strangers on the network and stores data in the filesystem. To limit the damage caused by naughty tricksters, it uses pledge and unveil so that even if somebody takes over the process, they can only corrupt this program’s data. As opposed to changing my password, for example. Users love features, so every day I add a new feature, and then I restart the server. This causes milliseconds of downtime. We can only afford 800 milliseconds of downtime per day in order to meet our five nines availability target, and two restarts in a single day puts us very close to the limit. So I added a smooth restart feature, where sending SIGHUP to the server will cause it to reëxec itself, but with the listening socket already open. No connections are lost. Fork and exec require additional promises to pledge. But this opens the door to trouble. What happens if the trickster wants to exec a new process? Fortunately, unveil restricts exec to only the same program, but they can still restart it with new options, like setting the log file to /etc/passwd. The command line interface offers enough flexibility to accomplish a fair bit of mischief. I spent some time convincing myself this is an unlikely attack scenario, and mostly succeeded, but using pledge suggests I care about unlikely scenarios, so I should do things properly. As with all problems, the solution is to add another layer of abstraction. Now the main process execs a worker process, and the worker process once again loses the ability to exec. I was already using one helper process anyway, managed by the server. After shuffling some code around, our growing family now includes three processes. The result is arguably better organized, as well, since competing concerns are better split among the processes.pledge with a reëxecing process
horia
bonked 01 Jun 2025 10:27 -0700
original: JezCaudle@infosec.exchange
Finally managed to create a bootable ISO image for Ubuntu that works perfectly with the #OpenBSD vm console. https://hiddenagenda.ltd.uk/blog/ubuntu_24_04_on_openbsd_vmm/
horia
bonked 01 Jun 2025 10:27 -0700
original: openbsdjournal@mastodon.bsd.cafe
j2k25 - OpenBSD Hackathon Japan 2025 (rsadowski@) https://undeadly.org/cgi?action=article;sid=20250601104254
horia
bonked 29 May 2025 17:01 -0700
original: bt@mastodon.bsd.cafe
I have OpenBSD running on MassiveGRID VPS. Currently hosting my “OpenBASED” mini site there for testing purposes. I have a bare-bones “status” page that I’ll be running for a few days: https://openbased.btxx.org/status.html Plan to do a write-up after (setup, specs, cost, thoughts)