Mike Belopuhov @mike@x0r.be

Good morning
It’s Friday

So I was browsing the internet when I saw this

Spellchecking MIBs and OIDs.

Kill me now. #snmpmastery

"As a general rule, avoid running npm in production environments." - https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/

That sums up my feelings nicely!

I'll be at #fossdem 2020 talking about unwind(8). #DNS
https://fosdem.org/2020/schedule/track/dns/

The 2009 Sydney dust storm looks like Blade Runner.

2000s hackers: My dream is to connect all of my devices to the internet.
2020s hackers: My dream is to disconnect all of my devices from the internet.

RT @AuschwitzMuseum
Selling "Christmas ornaments" with images of Auschwitz does not seem appropriate. Auschwitz on a bottle opener is rather disturbing and disrespectful. We ask @amazon to remove the items of those suppliers. https://www.amazon.com/s?k=Fcheng+poland&ref=nb_sb_noss

Nice impression with my new X395 under #OpenBSD. Too bad that suspend/resume is broken with amdgpu for now.
It would have been handy for the conference I'm heading to.
But otherwise, iwm(4) works, X works (with SWcursor as for all amdgpu devices I've tried so far), video works. and it feels good to have a trackpad with 3 real buttons back after 5 years with softbuttons onlly.
And no intel CPU bugs.

This work has been committed! #OpenBSD now requires that system calls be in pre-registered regions (by the kernel or ld.so), in addition to the pre-existing check that syscalls be in un-writable memory. ​

https://marc.info/?l=openbsd-cvs&m=157500930922882&w=2

syscall verification from 2005: https://www.usenix.org/legacy/event/sec05/tech/full_papers/linn/linn.pdf

Real hardware breakthroughs, and focusing on rustc - #Redox - Your Next(Gen) OS
https://www.redox-os.org/news/focusing-on-rustc/
#rust #foss #openfirmware #kernel

#OpenBSD syscall call-from verification

https://marc.info/?l=openbsd-tech&m=157488907117170

deraadt@ changed lib/libc/sys: Document msyscall(2): ld.so can use this (once only) to tell the kernel where libc.so's text segment is, thereby allowing invocation of system calls from that region. An upcoming change will kill the process if a system call is invoked from addresses not explicitly permitted.
ok guenther kettenis mortimer

https://marc.info/?l=openbsd-cvs&m=157488394214644&w=2

Very cool. ​

#OpenBSD #security

This might be one of my best shot yet

I accidentally made a halachic ruling. Guess that makes me a rabbi now. I don't make the rules... oh wait I literally just did.

I encourage this. Really, we shouldn't feel constrained by the rabbis. It's important to let this shared cultural knowledge actually be shared, and that means (at least in part) decoupling its power structure.

Using #OpenSSH's new builtin U2F support is such a joy. Just generate a new key-pair, press once your U2F token (I have the cheapest one from Yubico), distribute the pubkey and be done with it.

Thanks a lot to all involved developers!