cynicalsecurity is a user on bsd.network. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

cynicalsecurity @cynicalsecurity@bsd.network

The unedited version of my PoC||GTFO 0x17 article on injecting shared objects in has been posted here: soldierx.com/news/libhijack-Po

Corollary: migrate from FreeBSD to HardenedBSD the two big VM-hosting systems since bhyve is, apparently, fully supported on HardenedBSD.

They are not really “big” as they are only quad-core 32Gb Xeon systems but they form my core infrastructure for remotely testing clients with “weird stuff” so I have Linux VMs on them, for example (hence OpenBSD vmm is not an option) and use ZFS which makes me feel warm & fuzzy.

My dedicated hosting plan is taking shape:

• drop Swisscom MyPME biz link (100Mbps) and de-couple the mobile phone and land-line
• drop three out of five dedicated hosts
• init7 (init7.net/) business
• 1Gbps symmetric
• /28
• /48
• “rack” with:
• Netgate RCC-VE4860 firewall (same as now)
• five little ARM64 devices with OpenBSD or HardenedBSD
• use one of the hosted bhyve boxes to add a VM for secondary NS
• use one of the hosted bhyve boxes to add MX relaying

Now, on my 2018 wishlist is ZFS encryption… It would be a huge game changer for these silly Linux database servers running LUKS and other abominations (including filesystems like ext4).

I could migrate them all to PostgreSQL running on ZFS on FreeBSD with built-in encryption and tick the compliance box with a real system as opposed to a toy OS leftover from the 1990s…

I have just asked my followers on the birdsite to donate to OpenBSD or buy an m:tier subscription if they appreciate my curated arXiv & IACR posting.

Knowing the world and the Internet this will result in nothing at all.

It is quite sad as I make a real effort to pay the m:tier Platinum subscription personally every year and force my clients to do the same to support OpenBSD development.

note that my "daily arXiv and IACR" service is all @phessler's "fault" as he introduced me to r2e allowing me to review RSS feeds directly in my inbox which I then manage with procmail…

It really looks like @phessler is a rather useful person to listen to...

Now, what I would really appreciate is a tool which allows me to send arXiv stuff directly to Mastodon with a tag so that I could replicate my arXiv daily review "service" here *but* with a tag so it could be ignored by those not interested…

@cynicalsecurity

I did not get to the point of digging into OpenBSD (beyond occasionally polling @phessler over beers re: ARM64) support, but the ODROID-C2 might be a better choice than raspi3 for your intended purposes.

other ODROID boards have a mix of big.LITTLE endian ARM cores and it is unsurprisingly an inefficient mess.

hardkernel.com/main/products/p

@phessler well, that *did* work as a major cleanup: lost all my old followers! Oh well, they will perhaps find me or perhaps not.

This is beautiful: I migrated, set the forwarding and am now cynicalsecurity@bsd.network.

Thank you @phessler for being such a wonderfully helpful host of bsd.network and taking the time to explain how to migrate.