OpenSSH 10.1 released
OpenSSH 10.1 has
been released. Along with “a minor security fix” and some other bug
fixes, this release disallows control characters in user names passed via
the command line, adds better logging around certificate refusals, and a
new RefuseConnection server configuration option. ⌘ Read more

@dce@hashnix.club Which Thinkpad specifically is this? “Late-2010s” doesn’t sound very old, to be honest, I wonder why OpenBSD is giving you so much trouble. 🤔

I have a late-2010s ThinkPad running OpenBSD, but it’s about as fast as a snail carrying heavy shopping through molasses. I’d like to run something other than Linux, for variety, but the other members of the BSD family failed for various reasons. What OS do you guys think I should try?

mandoc is nicer to read/write than the man macro package and, most importantly, it’s semantic markup.

HTML output is a bit broken in GNU groff, though (OpenBSD on the left, GNU on the right):

https://movq.de/v/f1898e648f/s.png

🤔

Still, I’m inclined to convert my manpages to mandoc.

OpenBSD has the wonderful pledge() and unveil() syscalls:

https://www.youtube.com/watch?v=bXO6nelFt-E

Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.

Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:

unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);

Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.

I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.

I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():

https://landlock.io/

So I was using this function in Rust:

https://doc.rust-lang.org/std/path/struct.Path.html#method.display

Note the little 1.0.0 in the top right corner, which means that this function has been “stable since Rust version 1.0.0”. We’re at 1.87 now, so we’re good.

Then I compiled my program on OpenBSD with Rust 1.86, i.e. just one version behind, but well ahead of 1.0.0.

The compiler said that I was using an unstable library feature.

Turns out, that function internally uses this:

https://doc.rust-lang.org/std/ffi/struct.OsStr.html#method.display

And that is only available since Rust 1.87.

How was I supposed to know this? 🤨🫩

[$] LWN.net Weekly Edition for May 1, 2025
Inside this week’s LWN.net Weekly Edition:

• Front: Mailman 2 vulnerabilities; AI in Debian; __nonstring__; Cache-aware scheduling; Freezing filesystems; Socket-level storage; Debugging information; LWN in 2025.

• Briefs: Debian election; Kali Linux key; OpenBSD 7.7; Firefox 138.0; GCC 15.1; Meson 1.8.0; Valgrind 3.25.0; FSF review; OSI retrospective; Mastodon; Quotes; …

• [Announcements](https://lwn.net/Arti … ⌘ Read more

OpenBSD 7.7 released
The OpenBSD\
7.7 release is available. There is, as usual, a long list of changes;
see the full changelog
for lots of details. ⌘ Read more

@kat@yarn.girlonthemoon.xyz At the core, you need an ngircd.conf like this:

[Global]
    Name = your.irc.server.com
    Password = yourfancypassword
    Listen = 0.0.0.0
    Ports = 6667

    AdminInfo1 = Well, me.
    AdminInfo2 = Over here!
    AdminEMail = forget.it@example.invalid

[Options]
    Ident = no
    PAM = no

[SSL]
    CertFile = /etc/ssl/acme/your.irc.server.com.fullchain.pem
    KeyFile = /etc/ssl/acme/private/your.irc.server.com.key
    DHFile = /etc/ngircd/dhparam.pem
    Ports = 6669

Start it and then you can connect on port 6667. (The SSL cert/key must be managed by an external tool, probably something like certbot or acme-client.)

I’m assuming OpenBSD here. Haven’t tried it on Linux lately, let alone Docker. 😅

@andros@twtxt.andros.dev Can you reproduce any of this outside of your client? I can’t spot a mistake here:

$ curl -sI 'http://movq.de/v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:17 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd

$ curl -sI 'https://movq.de/v/8684c7d264/gimp11%2D1.png'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 131798
Content-Type: image/png
Date: Wed, 19 Mar 2025 19:53:19 GMT
Last-Modified: Wed, 19 Mar 2025 17:18:07 GMT
Server: OpenBSD httpd

$ telnet movq.de 80
Trying 185.162.249.140...
Connected to movq.de.
Escape character is '^]'.
HEAD /v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg HTTP/1.1
Host: movq.de
Connection: close

HTTP/1.1 200 OK
Connection: close
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:31 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd

Connection closed by foreign host.
$ 

I’ve never liked the behavior of OpenBSD’s shell where it just scrolls horizontally:

https://movq.de/v/1371f7efbc/vid-1741714971.mp4

But now I’m this close to implementing the same thing in my own shell – because it’s probably much, much easier than multiline stuff. 😅

@prologic@twtxt.net I’m sure you can somehow install something that calculates blake2b on OpenBSD. But it’s not part of the base system as a standalone CLI tool, there only appear to be Perl modules for it. The other SHA tools do exist.

It should be fixed now. Just needed some unusual quoting in my httpd.conf: https://mail-archive.com/misc@openbsd.org/msg169795.html

@lyse@lyse.isobeef.org Sorry, I don’t think I ever had charset=utf8. I just noticed that a few days ago. OpenBSD’s httpd might not support including a parameter with the mime type, unfortunately. I’m going to look into it.

@movq@www.uninformativ.de Variable names used with -eq in [[ ]] are automatically expanded even without $ as explained in the “ARITHMETIC EVALUATION” section of the bash man page. Interesting. Trying this on OpenBSD’s ksh, it seems “set -u” doesn’t affect that substitution.

nextvi for plan9 beta (https://adi.onl/nextvi.tgz), if interested please consider donating to my future https://openbsd.amsterdam/ Plan 9 virtual machine. (target is 127 €)

https://www.paypal.com/donate/?hosted_button_id=7QXC2F3ANCDC2

Started on a activitypub client, gtk4, c, made on OpenBSD, been quite nice learning experience so far, a bit adjustment from the usual way I do things. I have not done a project in pure c before.
Got token stuff sorted, and posting, next is getting the timeline (and gui for that etc).

I have not been feeling good the past two days, caught a cold. So yesterday I was very lazy, luckily the kids where busy with their things, and Marlyn took Nanook to the dogpark to let him blow off some steam. Today I feel much better, so I headed out early for a 5km walk in the forest with the dog before everyone got up this morning. When I came home my daughter went to her friends house, so she will probably be gone for the rest of the day, and my son is playing games with his friends. Its still raining a lot here, but I managed to do to the walk in between the rain. Now Im working some more on the laptop I installed OpenBSD on this weekend. Getting more stuff set up on it.

First issue I ran into is rapidjson, there is no package for it, but it compiled from source without google tests. But I did not check what version I had on my debian machine, so I need to check that and compile the same version on openbsd. Ill work on that tomorrow.

Got latest OpenBSD installed on one of my laptops, now Ill try and get the desktop client to work there. This will be fun!

Good morning to you all! Just had the morning walk with the dog in the rain, it’s raining pretty bad today, all day.
But that also means I have some time for my computer later today. I just have to figure out what to do first :)
Probably code a bit, or reinstall one of my computers, I’ve been wanting to run #OpenBSD again, I tried it on one of my laptops, but wifi did not work for some reason, but I have some wifi dongles - so I’ll try with that, or install on one of my other laptops.
I have a #Thinkpad #x200 with #libreboot, I might give it a shot there - all though it takes some time to get it to work with libreboot, I did install it some years ago though, so I think that should work again now. Either way I’ll figure out something to tinker with today!

@prx@si3t.ch +1 for OpenBSD - great OS! I love using that OS.

Just compiled the Yarn desktop client on OpenSuse, was no issues getting it to run there, I love how portable it is. I initially wanted to run OpenBSD on this laptop, but it would not detect wifi, which is a dealbreaker for me, so I installed OpenSuse tumbleweed instead, and will run OpenBSD in a VM and try from there instead.

@osnews@feeds.twtxt.net OpenBSD is a great OS! I really do like it, especially their ports system, very easy to compile stuff from source on any supported platforms.

@prologic@twtxt.net Thank you! Now I just need to get it running on OpenBSD 😀

@movq@www.uninformativ.de I love ‘exotic’ computers, especially riscv. But one of the most prized computers I have is the Lemote Yeeloong, Loongson mipsel laptop - http://web.archive.org/web/20151220055337/http://www.lemote.com:80/en/products/Notebook/2010/0310/112.html , very cool machine, I cannot part with that one, gonna put in in my coffin when I die. Got a hold of it about 10 years ago, cost a lot, but it was worth it. I run openbsd on it, and have to compile everything on it. took over 2 weeks to compile sylpheed email client on it LOL.

@prologic@twtxt.net thank you! Openbsd is also one of my target platforms. Want to have it in the ports tree there as well, but Ill get to that a bit later.

Writing and Running a BBS on a Macintosh Plus
In 2015, I wrote a custom BBS server in Ruby and had been using it to run the Kludge BBS on a small OpenBSD server in my home office since then. ⌘ Read more

Debugging an ioctl Problem on OpenBSD
I was trying to use a V4L2 Ruby module for a project on my OpenBSD laptop but ran into a problem where sending the V4L2 ioctls from this module would fail, while other V4L2 programs on OpenBSD worked fine. ⌘ Read more

Playing with OpenBSD 7.0, cool!

Setup an OpenBSD RISCV64 VM in QEMU: https://www.codemadness.org/openbsd-riscv64-vm.html

@quark@ferengi.one And don’t miss its song. You will be in for a treat!

OpenBSD 7.0, get it while is hot, folks! 🐡

OpenBSD on the Huawei MateBook X (2020)
My old 2017 Huawei MateBook X has been my most reliable laptop and has continued to be my daily-use workstation despite trying half a dozen others (and a desktop or two) in the past four years. Every time I’d try a new laptop, certain components wouldn’t work properly, or the keyboard would feel strange, or the screen would look bad, or the fan or some coil-whine noise would drive me nuts. And every time, I’d return to my MateBook X and everything would just work silently. ⌘ Read more

OpenBSD on the Framework Laptop ⌘ Read more…

My Fanless OpenBSD Desktop ⌘ Read more…

OpenBSD on the Lenovo ThinkPad X1 Nano (1st Gen) ⌘ Read more…

Bluetooth Audio on OpenBSD with the Creative BT-W3 ⌘ Read more…

Video: C Programming on System 6 - Porting OpenBSD’s diff(1) ⌘ Read more…

Signed up to https://tilde.institute/ now waiting for account approval #OpenBSD

Signed up to https://tilde.institute/ now waiting for account approval #OpenBSD

Unexpected prefers-color-scheme-using website of the day: openbsd.org

I need to find OpenBSD and C-developers in my area. I feel lonely and stuck way too often. And I feel annoyed by every event here being targeted at linux beginner folks.

OpenBSD: setup a local auto-installation server: https://www.codemadness.org/openbsd-autoinstall.html

@metamurks@www.metamurks.org: Actually I’m running OpenBSD on APU2 routers, but that would have been to much to explain for the tweet. And OpenWRT is pretty much as good. The APU2 hardware is quite nice compared with what else is out there.

I switched to OpenBSD and it’s nice.

I’m getting used to OpenBSD rather fast. I’s really very consistent and joyful to work with. #openbsd

fmt removed my escape sequences on openbsd. txtnish now defaults to fold -s, which makes even more sense as it is specified by posix.

fmt removed my escape sequences on openbsd. txtnish now defaults to fold -s, which makes even more sense as it is specified by posix.

Fun fact: OpenBSDs vi does not support utf8. That’s probably the first time I haven’t just used the default system vi.

Fun fact: OpenBSDs vi does not support utf8. That’s probably the first time I haven’t just used the default system vi.

Damn, colors are not working on openbsd! #txtnish

Damn, colors are not working on openbsd! #txtnish

From the escalation department: Pale Moon demands things. https://github.com/jasperla/openbsd-wip/issues/86

The OpenBSD web stack, by Michael W. Lucas (EuroBSDcon 2017) - YouTube https://www.youtube.com/watch?v=BLwAcruM65A

Setup an OpenBSD SPARC64 VM in QEMU: https://www.codemadness.org/openbsd-sparc64-vm.html

Hilarious: ‘systemd compat for doas’ (OpenBSD) https://marc.info/?l=openbsd-tech&m=149902196520920&w=2

OpenBSD httpd, slowcgi and cgit: https://www.codemadness.org/openbsd-httpd-and-cgit.html