cynicalsecurity is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.


An update to my iOS Gopher client is now out.

The main changes:

- fix crashes when searching for non-ASCII characters.
- fix display of directories with servers that do not send the proper line endings
- fix settings display on iPad
- recognizes errors (type 3)

Work on the next update will commence next week. (I'm hoping to improve the history handling, make improvements to the settings screen, and finish support for the 'w' type from @kensanata)

For those who were interested in my IKEv2 issue on the situation is currently as follows:

• the fibre the two firewalls is connected to suffers from micro-outages of 30-50 seconds,
• the symptom is that the SAs eventually disappear from ipsecctl -s all
• the solution is, currently, to route traffic via the backup firewalls with another provider with 1/2 the bandwidth… thank goodness for carp demote and OSPF integration :)

#OpenSSH just gained it's first post-quantum signature algorithm, the eXtended Merkle Signature Scheme (XMSS):

where is SeaBIOS built for /etc/firmware/vmm-bios? where can I find out more about SGABIOS for SeaBIOS? I want to try my hand at building my own SeaBIOS images for vmm(4). All I've found are release note bullet points, and undeadly articles linking to mailing list archives.


@cynicalsecurity KubeADM doesn't like swap partitions. Now, no where (except the depths of GitHub Issues, perhaps) does it say why. Only that it does not. So I go to disable swap partitions on Ubuntu.

sudo swapoff -a
edit /etc/fstab

but no! a challenger appears -- systemd automounts a swap partition if it detects one!!!



so much frustration...

Today, I'd like to thank @phessler for creating and maintaining the instance.

I am rapidly losing hope of finding a suitable replacement for my hosted x86 boxen at home using ARM :( This saddens me infinitely.

I had promised an update about my PINE64-LTS project (

* discovered the hard way that you cannot boot from eMMC,
* discovered the hard way that no image boots on the PINE64-LTS
* about to try one of their horrible Linsux images.

For reference: the PINE64-LTS “looks like” a SOPINE, *NOT* a PINE64 (which is currently available only in 512M/1G variants and does not support eMMC which I wanted).

I would also recommend waiting for the PINE64H...

the link where this is occurring and the other links is that this one is somewhat less reliable (routing flaps, etc.) but, as one side is passive and the other active, I am assuming that even if the link is interrupted during rekeying it should “insist” and eventually rekey.

I cannot find any other logical explanation as everything else is setup identically (iked.conf & ipsec.conf are auto-generated, etc.).

Anyone with ideas? I have already increased logging and am waiting for the SAs to drop.

Am having an interesting problem with 6.1 iked:

I have 80 IPsec transports set up to “cover” GIF tunnels between static IP endpoints, all OpenBSD 6.1. They were recently migrated from an ISAKMPd setup to IKEv2 using iked and they work splendidly except four of them.

For some bizarre reason two firewalls eventually “drop” off and the only symptom is that the SAs disappear as if the rekeying by iked fails and yet there is nothing obvious in the logs.

The only difference between...

About 1/3 of people with depression have high levels of inflammation markers in their blood. An explanation of the correlation is that inflammation appears to reduce signaling between brain regions associated with ability to experience pleasure: motivation and reward.

So, not a surprise that there is a strong dietary quality correlation: processed food eaters (controlling for an array of other factors) were 58% more likely to suffer depression.

I am looking for tests of an #OpenBSD #wifi diff that affects several drivers: iwn(4), iwm(4), athn(4), wpi(4)

This is in response to (⚠️ potential confusion alert: That post contains top-posting!)

Remember the thing about abuse team not actually being available to non-customers? My writeup "A Life Lesson in Mishandling SMTP Sender Verification" has the description and data:

Opinion not approved by the thought leaders Show more

Any recommendations who else I could follow?
Topics I am interested in: system administration, infosec, F/OSS, BSDs, Linux, economics, retrogames, speedrunning, pen&paper-RPGs, international politics, Japan
Languages: German, English, Japanese

Oh the pointless nature of the birdsite… @qrs posts a link to a 1995 paper which suggests that speculative execution and reliability don’t go together and everyone up in arms: “they knew!”.

Of course “they knew”: every single CPU manufacturer embroiled in the “MHz wars” had to go down the speculative execution & OoO path to keep up! The alternative was to go VLIW and we all know how that went (OK, Elbrus insists).


# upobsd -u /auto_upgrade.conf -o /bsd && reboot

Fetches the latest installer, injects my answers, reboots into it, upgrades and reboots into new kernel.

How do you upgrade your ?

Ha, just applied for "the ultimate dream job" which, sadly, I cannot yet share.

If I fail miserably I will make sure to let you all know what it would have been :)

I would like to thank the guys shooting the bird site timeline with the magic Indic character: I've spent far more time on Mastodon, found new people to follow, read rather interesting timelines and spent time on a fascinating AS/400 book recommended by @bhtooefr ("Fortress Rochester: The Inside Story of the IBM ISeries",

It is turning into a huge source of inspiration for some of my projects so thank you @bhtooefr & thank you Indic iOS/macOS bird site killer!