If you haven't noticed yet, on -current now supports Threema web and WhatsApp web.

I'm guessing the rlimit_as change?

Does your vendor only ship ISOs with the update, and you don't have a cd writer? On I use the geteltorito utility.

geteltorito [iso-file] > [file].fs
then you can write that image to a usb stick to boot from!

geteltorito is a perl script, so it should be portable to many OSes, including yours :)

Show thread

Related, there are a lot of vandals trying to destroy the wifi here. If you see someone doing that, please help convince them to stop it.

if you OS can disable "deauth" frames, you may want to enable that. users can do that by applying "nwflag stayauth" to their wifi interface.

Show thread

bit of a bumpy flight for the bsd.network instance, as we ran syspatch to include the most recent errata.

The queues are running again, and the timelines will catch up in the near future.

I'm re-setting my profile and configs, what recommendations to people have for making it privacy conscious? I'll be using the package, so is already disabled for me :).

(suggestions to use chrome, *even in jest* will get you blocked.)

I upgrade a number of things for the bsd.network instance. the hypervisor and (most) guest VMs are now running 6.6. One guest will need a reinstall to adjust partition sizes, but I'm not going to spend that time right now.

I also upgraded us to v3.0.1+glitch.

All services should be up and running, the timelines are queuing and processing and should be fully up to date in an hour or so.

Happy Tooting! 🐘 πŸ’¨

Show thread

in , there is a concept of a "stratum". is basically "how far away are you from a not-ntp time source". contrary to popular belief, it has ZERO meaning to the quality of the time you receive from it.

my laptop is running ntp, and is stratum 3. I am running a guest VM on it. takes the time on the host, and fakes a time sensor to give to the guest vm. time sensors are by definition, not-ntp time sources. :)

the guest vm thinks it is stratum 1.

Sigh.

when trying to update from to for cvs repos, make *sure* you login as the sync user, and accept the host key. otherwise, the sync won't actually do anything useful.

Just picked up a new machine to play with.

Testing the performance with an kernel build:

cpu0: AMD Ryzen 7 3750H with Radeon Vega Mobile Gfx, 2296.00 MHz, 17-18-01
2m53.28s real 7m57.81s user 2m44.31s system

vs

cpu0: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2295.22 MHz, 06-4e-03
6m34.30s real 9m23.39s user 2m24.17s system

The Intel machine used to be fast, but their cpu bugs have slowed it down significantly.

has disabled by default in our packages. This is active in -current, and will be in our 6.6 -release.

From @otto 's commit message:

"""Disable DoH by default. While encrypting DNS might be a good thing, sending all DNS traffic to Cloudflare by default is not a good idea.
Applications should respect OS configured settings."""

(and while I'm at it, one more)

Match host *.ipv6.example.net,ipv6.example.org !exec "route -q -n get -inet6 %h"
ProxyJump dualstack.example.org

This will do a route lookup, to see if you have direct ipv6 access to the hosts. If it fails ("!exec"), then it will automatically add the ProxyJump command.

the above route command is intended for , you may need to adjust it for your OS

Show thread

Awesome trick I just learned!

Host *.temp.event.example.com
IdentityFile ~/.ssh/temp_event
UserKnownHostsFile ~/.ssh/temp_known_hosts

You can give a specific known hosts file for a Host block of systems that you connect to.

This is especially helpful if you are regularly involved in a re-occuring event where you re-use hostnames but not the keys; or for temp installs, etc, etc.

cont

lladdr random changes my mac address of my network interface, which will trigger new IPv4 and IPv6 addresses for my laptop, hopefully preventing any network-based tracking. (this is also why I pkill ssh and ftp. with new IPs, those *cannot* keep their sessions after I wake.)

I will occasionally write emails on my laptop; so scheduling all email will ensure that everything is pushed out. I sleep 60s there in case I need to play with a captive portal.

Show thread

my resume script is a bit more complicated.

/etc/apm/resume:
pkill -x ssh ftp
/sbin/ifconfig em0 -inet down
/sbin/ifconfig iwm0 -nwid
/sbin/ifconfig iwm0 lladdr random
(sleep 60; smtpctl schedule all) &

I kill off any ssh and ftp connections immediately, instead of waiting for them to time out.

I down the em0 interface, which I hardly ever use for $reasons.

-nwid will remove any manual wifi config, so auto-join will kick in and join any network I have saved.

(cont)

Show thread

I use on my laptops, so I have a few helper scripts that will run when I suspend and resume the laptop.

All of this is documented in man.openbsd.org/apmd.8 so please check out the documentation in the man page.

/etc/apm/suspend:
/usr/bin/pkill -USR1 -x xidle
# EOF

by sending the USR1 signal to xidle, it will automatically run xlock. When I suspend, my laptop will require a password to get access to X after resume.

(yes, xlock is not 100% secure, but this is a good step)

am I correct in thinking there isn't any change in smtpd.conf syntax in the 6.5->6.6 release cycle?

(note: additions of new syntax doesn't count)

Do you use windows at work, and + at home? Get into good finger-memory habits by adding this to your .cwmrc:

# finger-memory matching windows win-l to lock screen
bind-key 4-l lock

in has been applied to .

Chrome cannot read ~/.ssh, but it can downloads files to ~/Downloads

Show more
BSD Network

bsd.network is a *BSD-themed Mastodon Instance. General use is encouraged, and everyone is welcome as long as you follow our code of conduct!
If you wish to donate, we are on Liberapay: Donate using
LiberapayDonate using Liberapay