cynicalsecurity is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.


The unedited version of my PoC||GTFO 0x17 article on injecting shared objects in has been posted here:

Corollary: migrate from FreeBSD to HardenedBSD the two big VM-hosting systems since bhyve is, apparently, fully supported on HardenedBSD.

They are not really “big” as they are only quad-core 32Gb Xeon systems but they form my core infrastructure for remotely testing clients with “weird stuff” so I have Linux VMs on them, for example (hence OpenBSD vmm is not an option) and use ZFS which makes me feel warm & fuzzy.

My dedicated hosting plan is taking shape:

• drop Swisscom MyPME biz link (100Mbps) and de-couple the mobile phone and land-line
• drop three out of five dedicated hosts
• init7 ( business
• 1Gbps symmetric
• /28
• /48
• “rack” with:
• Netgate RCC-VE4860 firewall (same as now)
• five little ARM64 devices with OpenBSD or HardenedBSD
• use one of the hosted bhyve boxes to add a VM for secondary NS
• use one of the hosted bhyve boxes to add MX relaying

Now, on my 2018 wishlist is ZFS encryption… It would be a huge game changer for these silly Linux database servers running LUKS and other abominations (including filesystems like ext4).

I could migrate them all to PostgreSQL running on ZFS on FreeBSD with built-in encryption and tick the compliance box with a real system as opposed to a toy OS leftover from the 1990s…

I have just asked my followers on the birdsite to donate to OpenBSD or buy an m:tier subscription if they appreciate my curated arXiv & IACR posting.

Knowing the world and the Internet this will result in nothing at all.

It is quite sad as I make a real effort to pay the m:tier Platinum subscription personally every year and force my clients to do the same to support OpenBSD development.

note that my "daily arXiv and IACR" service is all @phessler's "fault" as he introduced me to r2e allowing me to review RSS feeds directly in my inbox which I then manage with procmail…

It really looks like @phessler is a rather useful person to listen to...

Now, what I would really appreciate is a tool which allows me to send arXiv stuff directly to Mastodon with a tag so that I could replicate my arXiv daily review "service" here *but* with a tag so it could be ignored by those not interested…


I did not get to the point of digging into OpenBSD (beyond occasionally polling @phessler over beers re: ARM64) support, but the ODROID-C2 might be a better choice than raspi3 for your intended purposes.

other ODROID boards have a mix of big.LITTLE endian ARM cores and it is unsurprisingly an inefficient mess.

@phessler well, that *did* work as a major cleanup: lost all my old followers! Oh well, they will perhaps find me or perhaps not.

This is beautiful: I migrated, set the forwarding and am now

Thank you @phessler for being such a wonderfully helpful host of and taking the time to explain how to migrate.