mandoc is nicer to read/write than the man macro package and, most importantly, itâs semantic markup.
HTML output is a bit broken in GNU groff, though (OpenBSD on the left, GNU on the right):
https://movq.de/v/f1898e648f/s.png
đ€
Still, Iâm inclined to convert my manpages to mandoc.
OpenBSD has the wonderful pledge() and unveil() syscalls:
https://www.youtube.com/watch?v=bXO6nelFt-E
Not only are they super useful (the program itself can drop privileges â like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.
Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:
unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);
Done. Itâs now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.
I canât wait for the day when we have something like this on Linux. There have been some attempts, but itâs not that easy. And itâs certainly not mainstream, yet.
I need to have a closer look at Linuxâs Landlock soon (âsoonâ), but this is considerably more complicated than pledge()/unveil():
So I was using this function in Rust:
https://doc.rust-lang.org/std/path/struct.Path.html#method.display
Note the little 1.0.0 in the top right corner, which means that this function has been âstable since Rust version 1.0.0â. Weâre at 1.87 now, so weâre good.
Then I compiled my program on OpenBSD with Rust 1.86, i.e. just one version behind, but well ahead of 1.0.0.
The compiler said that I was using an unstable library feature.
Turns out, that function internally uses this:
https://doc.rust-lang.org/std/ffi/struct.OsStr.html#method.display
And that is only available since Rust 1.87.
How was I supposed to know this? đ€šđ«©
↳
In-reply-to
»
@movq i tried ngircd but couldn't figure it out T__T i left it at the web client and bouncer for now but i might toy with an IRC server another time!
†Read More
@kat@yarn.girlonthemoon.xyz At the core, you need an ngircd.conf like this:
[Global]
Name = your.irc.server.com
Password = yourfancypassword
Listen = 0.0.0.0
Ports = 6667
AdminInfo1 = Well, me.
AdminInfo2 = Over here!
AdminEMail = forget.it@example.invalid
[Options]
Ident = no
PAM = no
[SSL]
CertFile = /etc/ssl/acme/your.irc.server.com.fullchain.pem
KeyFile = /etc/ssl/acme/private/your.irc.server.com.key
DHFile = /etc/ngircd/dhparam.pem
Ports = 6669
Start it and then you can connect on port 6667. (The SSL cert/key must be managed by an external tool, probably something like certbot or acme-client.)
Iâm assuming OpenBSD here. Havenât tried it on Linux lately, let alone Docker. đ
@andros@twtxt.andros.dev Can you reproduce any of this outside of your client? I canât spot a mistake here:
$ curl -sI 'http://movq.de/v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:17 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd
$ curl -sI 'https://movq.de/v/8684c7d264/gimp11%2D1.png'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 131798
Content-Type: image/png
Date: Wed, 19 Mar 2025 19:53:19 GMT
Last-Modified: Wed, 19 Mar 2025 17:18:07 GMT
Server: OpenBSD httpd
$ telnet movq.de 80
Trying 185.162.249.140...
Connected to movq.de.
Escape character is '^]'.
HEAD /v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg HTTP/1.1
Host: movq.de
Connection: close
HTTP/1.1 200 OK
Connection: close
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:31 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd
Connection closed by foreign host.
$
Iâve never liked the behavior of OpenBSDâs shell where it just scrolls horizontally:
https://movq.de/v/1371f7efbc/vid-1741714971.mp4
But now Iâm this close to implementing the same thing in my own shell â because itâs probably much, much easier than multiline stuff. đ
It should be fixed now. Just needed some unusual quoting in my httpd.conf: https://mail-archive.com/misc@openbsd.org/msg169795.html
@lyse@lyse.isobeef.org Sorry, I donât think I ever had charset=utf8. I just noticed that a few days ago. OpenBSDâs httpd might not support including a parameter with the mime type, unfortunately. Iâm going to look into it.
@movq@www.uninformativ.de Variable names used with -eq in [[ ]] are automatically expanded even without $ as explained in the âARITHMETIC EVALUATIONâ section of the bash man page. Interesting. Trying this on OpenBSDâs ksh, it seems âset -uâ doesnât affect that substitution.
@quark@ferengi.one And donât miss its song. You will be in for a treat!
OpenBSD 7.0, get it while is hot, folks! đĄ
Signed up to https://tilde.institute/ now waiting for account approval #OpenBSD
From the escalation department: Pale Moon demands things. https://github.com/jasperla/openbsd-wip/issues/86
The OpenBSD web stack, by Michael W. Lucas (EuroBSDcon 2017) - YouTube https://www.youtube.com/watch?v=BLwAcruM65A
Hilarious: âsystemd compat for doasâ (OpenBSD) https://marc.info/?l=openbsd-tech&m=149902196520920&w=2