Tiens, encore un langage de programmation ? (Mais celui-cxi vient de James Clark, celui de groff, jade et nxml-mode donc ça doit être bien.) blog.jclark.com/2022/05/why-ba


Ha #humour de développeur dans la dernière release du micrologiciel du modem du #pinephone:

“Fix one, two or -2,147,483,648 buffer overflows”



Quoting an anonymous Twitter user (got harrassed for these statements):

"Safari is buggy" is a valid criticism.

"Safari is behind Chrome in features" is not a valid criticism.

Never forget that the browser vendors, including Google and Apple, seized control of the web from the W3C. These few companies have too much power over the web, period.


A wild #blog post appears!

Let's study the #LLVM and #GCC optimizers around the question of increments and decrements and see how they differ. Then we can make a decision as to whether or not we want to teach those optimizations to our #QBE optimizer we've been working on.


#compile #compilers #optimizer #optimizers #compile #optimize #unix #c #programming #program #bsd #openbsd #freebsd #netbsd #dragonflybsd #linux #cproc

Multiple vulns have been found in #swhkd, a #rust based hotkey daemon for Wayland. Again, this clearly shows (after log4j and Spring4Shell) that one can use a memory safe language and still implement a bunch of vulns.

Don't get me wrong, I like rust's concept, however, I am annoyed by the current trend and attitude that every software is secure as long as it's implement it in rust.

Even worse, when people start bashing other people coding in C and all them careless.


as openbsd ports is currently locked for 7.1 release, lang/rust 1.60.0 is available at github.com/semarie/rust-ports

@cynicalsecurity Unless somebody can explain in deep technical detail what “disabling HT in the BIOS” actually means (i.e. in what state are the threads and how can one still interact with them) the only sane thing to do seems to be to actually bring up *all* logical cores, enable MCE and explicitly park them with interrupts disabled. At least this way all cores are in a well defined state.
Disabling HT in the BIOS is rather hand-wavy until somebody explains what’s actually happening.

The Digest, now on Mastodon @bsd.network
This is way overdue: I'm now posting Digest notes to bsd.network/@dragonflydigest, a BSD-specific Mastodon server. It's bothered me for a while that I'm autoposting Digest headlines to Twitter, which is useful for Twitter users but still supporting a walled garden.  Mastodon is a better implementation of a similar idea, and bsd.network nicely groups all sorts… ...

En mettant en place un outil de surveillance qui détecterait 99% des terroristes avec seulement 0.1% de marge d'erreur, 90% de ce que vous détectez ce sont des innocents.
C'est juste des statistiques et c'est foutrement instructif ⬇⬇⬇

stream de ?

il faut bien utiliser le stream1: stream.passageenseine.fr/strea

sinon avec le stream2 on a juste le chat qui dort (remarquez que c'est reposant comme stream) stream.passageenseine.fr/strea

Paper about #LazyFP Intel CPU flaw is out:
“LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels”


second try with DBUS_SESSION_BUS_ADDRESS="no:" as launching keepassxc still triggered dbus-daemon launch.

/me should go reading libdbus code source

Show thread

how to asking libdbus for no D-Bus: run with DBUS_SESSION_BUS_ADDRESS="" in environment.

dbus-launch(1) man page says if DBUS_SESSION_BUS_ADDRESS is not set, it means "autolaunch:". So try to convience dbus that I really want to *not* run it.

(note: it is still in testing... maybe nowdays it is really a mandatory componment. let's see what doesn't work)

Oh look, Theo de Raadt seems to confirm my feeling regarding Intel Hyperthreading that I tooted about yesterday:


See also this discussion/rant (with @mulander @cynicalsecurity @csirac2) about Hyperthreading from January:


My life is swirling sewage-laden toilet bowl right now, but the world needs an article on OpenBSD "breaking embargos."

If other people find the sources, I'll take an hour and hammer them into a post.

Post original mailing list and article links in answer to this toot. Or don't. Whatevs.

I'll credit folks, of course.

My bias on this: there were fubars, like the 8 out of 10 OpenSSL bug. They'll argue against embargos over beer, but if they agree to it they'll keep it.

vulnerability: Exploiting lazy FPU state switching

Earlier this year, Julian Stecklina (Amazon) and Thomas Prescher (Cyberus Technology) jointly discovered and responsibly disclosed another vulnerability that might be part of these, and we call it LazyFP. LazyFP (CVE-2018-3665) is an attack targeting operating systems that use lazy FPU switching. This article describes what this attack means, outlines how it can be mitigated and how it actually works.



Systems using ® Core-based microprocessors may potentially allow a local process to infer data utilizing state restore from another process through a speculative execution side channel.


Thanks to Kurt Mosiejczuk's console server talk, I learned about upobsd for #OpenBSD upgrades for the brave. In ports.


Another shoutout for upobsd by @semarie.

Allows automatic upgrades and installs for #OpenBSD.

My serial console server is CompactFlash based and is (for obvious reasons) the one I cannot watch remotely. I usually have a long wait for upgrades since the CF is so slow.

Yesterday I used upobsd to do the main upgrade part unattended. It was *lovely*.

It's a package for 6.3. You can use it on a 6.3 box to make your bsd.rd and copy it to the 6.2 server in question.

Show older

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!