Skip to content
  • BUMSRAKETE !

    FreeBSD freebsd humour vulnerability
    1
    0 Votes
    1 Posts
    51 Views
    CiotBSDC
    The HUGEST, the MOST TREMENDOUS FreeBSD page-cache write primitive in the history of computing. Many people are saying it. Many. Believe me. https://bumsrake.de/ "Mouarffff"
  • [Kirill's journal]

    OpenBSD openbsd qemu
    1
    2 Votes
    1 Posts
    65 Views
    CiotBSDC
    ⇒ OpenBSD under QEMU Architecture specific notes for OpenBSD guests under QEMU, with working command lines where installation succeeds and failure points where it does not. https://kirill.korins.ky/articles/openbsd-under-qemu/
  • [Dr Brian R. Callahan]

    OpenBSD openbsd antirop
    1
    1 Votes
    1 Posts
    84 Views
    CiotBSDC
    (06/10) ⇒ A Final Return for OpenBSD Anti-Return-Oriented Programming Mitigations Return-Oriented Programming (ROP) continues to be a serious attack taking advantage of flaws in memory unsafe languages, particularly buffer overflows, to launch arbitrary code execution attacks by chaining together pieces of already existing code in loaded binaries and shared libraries, called gadgets. With the continued reliance on x86_64 CPUs in cloud and personal servers, mitigations that can meaningfully reduce the success of ROP attacks without significant overhead continue to be attractive. We propose the porting of one such software-based anti-ROP mitigation proposed by OpenBSD: compile-time instruction rewriting to avoid opportunities for ROP exploitation. We bring this mitigation, originally developed for the custom OpenBSD implementation of the LLVM compiler suite, to GCC by way of a standalone utility that sits in between the compiler and the assembler and rewrites potential gadget instructions before assembly into object code. Our utility provides a minimal reduction in gadgets with some penalties in binary sizes and performance impacts. We compare our GCC-ported standalone utility to the original OpenBSD LLVM mitigation and discovered that our standalone utility is weaker compared to the original LLVM-based mitigation. However, due to the overall weak reduction in gadgets for both the LLVM-based and GCC-based implementations, we conclude that seemingly obvious mitigations may prove to be anything but, and caution providing security improvements without significant testing and evaluation. https://www.researchgate.net/publication/405728967_A_Final_Return_for_OpenBSD_Anti-Return-Oriented_Programming_Mitigations ping: https://bsd.network/@bcallah/116725877009964245 It seems to be my 200th post here…
  • [Miod Vallat] OpenBSD stories

    OpenBSD openbsd zaurus
    7
    5 Votes
    7 Posts
    399 Views
    CiotBSDC
    (06/10) ⇒ OpenBSD stories—Trojaned OpenSSH This is a story I had been considering writing for a long time, as many wrong or stupid things have been said or written at the time it happened. Being on a quite sensitive subject, I have however opted to redact a few things, especially the identity of two OpenBSD developers, as well as some IP addresses and other minor details which could help identify them. They will be referred to as dev1 and dev2 in this story. It does not matter who they are, and they really are trustworthy. http://miod.online.fr/software/openbsd/stories/trojan.html Very interesting! Pleaseant to read…
  • 4 Votes
    5 Posts
    127 Views
    ricardo@mastodon.bsd.cafeR
    @grahamperrin Not sure what you mean, but it's OK.
  • Announcing the BSD Cafe chatmail server

    BSD Cafe Announcements
    31
    25 Votes
    31 Posts
    892 Views
    stefanoS
    @etrigan63 Yes, I have replied
  • [NetBSD.org]

    NetBSD
    2
    2 Votes
    2 Posts
    80 Views
    grahamperrinG
    GNATS, wow. https://www.netbsd.org/developers/PR.html
  • Has anyone installed OpenBSD on a Framework 13 AMD 7840?

    OpenBSD
    14
    2 Votes
    14 Posts
    497 Views
    CiotBSDC
    @Jan ohhh, interesting! The only question left is whether it's possible to install it from Fuguita. At the very least, this should let you know which devices are being detected correctly.
  • 0 Votes
    1 Posts
    69 Views
    grahamperrinG
    My posts: can not be edited under https://billboard.bsd.cafe/post/602 can be edited here, for example.
  • Going to give 15.1-RELEASE a shot

    FreeBSD
    1
    1 Votes
    1 Posts
    70 Views
    etrigan63E
    Since it is schedule for a June 16 release (more or less), I am going to wait till then to give it a whirl with my test NUC before going on to my Framework 13A. Omfreebdy looks like it will set up most of the stuff I wanted, so let's see what happens.
  • To anyone promoting generative "AI" in any space...

    BSD Cafe Lounge
    5
    1 Votes
    5 Posts
    206 Views
    etrigan63E
    @grahamperrin That was poorly written. Better said that a whole lot of money is being dumped into marketing these product before they are fully baked.
  • OpenSats

    BSD Cafe Lounge bitcoin foss charity education research
    2
    0 Votes
    2 Posts
    98 Views
    grahamperrinG
    For the record: I don't use Bitcoin, or anything like it. I learnt of the organisation through Git commit log messages for an open source project – OpenSats Initiative is a sponsor.
  • 0 Votes
    1 Posts
    148 Views
    grahamperrinG
    https://www.reddit.com/r/freebsd/comments/1ty5njr/pkgbase_major_upgrade_from_freebsd_144_to_151rc2/ This upgrade blended: part of the official announcement for 15.1-RC2 – altered for compatibility with the major upgrade part of Emrion's https://forums.freebsd.org/posts/762515 – adapted for my preferred shell, /bin/tcsh. … Packages for the third release candidate, RC3, were not available at the time.
  • [Stefano Marinelli] FreeBSD

    FreeBSD
    3
    3 Votes
    3 Posts
    165 Views
    CiotBSDC
    ⇒ (06/05) Aggressive caching for a Mastodon reverse proxy: what to cache, what to never cache, and why content negotiation will eventually betray you how to cache Mastodon with nginx on FreeBSD while handling content negotiation correctly, covering cache keys for HTML/ActivityPub/JSON variants, bypass rules for private traffic, and TTL strategies for assets, media, and dynamic pages. The guide includes production-tested configurations for thundering-herd protection, failover, and logging to verify cache behavior. https://it-notes.dragas.net/2026/06/05/aggressive_caching_for_a_mastodon_reverse_proxy/
  • [Tom's IT Cafe]

    FreeBSD freebsd
    1
    2 Votes
    1 Posts
    46 Views
    CiotBSDC
    ⇒ (06/05) FreeBSD Jails The classic system administration changed a lot in a decade. Virtualization and container technology went through a remarkable improvement. (…) FreeBSD Jails don’t compete with containers. They don’t substitute virtual machines. Jails just fill a gap. https://tomsitcafe.com/2026/06/05/freebsd-jails/
  • I was testing MidnightBSD

    BSD
    10
    6 Votes
    10 Posts
    445 Views
    etrigan63E
    Many scholarly works on modern politics (real ones, not the ones focusing on the trends being artificially promoted by one side or the other) draw the political spectrum as a line graph with moderates in the middle and the left/right heading off in their respective directions. My personal observation is that this graph should not be a line but a circle. Starting with moderates and branching off as before, but both sides ending up at absolute totalitarianism regardless of which side you take. @tomaoki your model is correct and on my graph the ideals would be located at the 90 degree and 270 degree positions with anarchy at the 135 and 225 positions.
  • 2 Votes
    8 Posts
    402 Views
    etrigan63E
    I agree and this is what politicians don't get.
  • 1 Votes
    1 Posts
    72 Views
    grahamperrinG
    https://www.blackduck.com/content/dam/black-duck/en-us/reports/rep-ossra.pdf The “Open Source Security and Risk Analysis” (OSSRA) report has been the industry’s definitive look at the state of open source code for a decade. Each year, we analyze anonymized findings from commercial codebases audited by the Black Duck Audit Services team, and this provides an unmatched, real-world view of how open source is used—and sometimes misused—across every major industry. This year’s findings document a pivotal moment: The explosion of AI-assisted development has fundamentally altered the risk landscape for software and the baseline for compliance with new regulatory initiatives such as the EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA). PDF, 44 pages. Context Open source organisations weigh in on age attestation Availability Noted in Reddit: … easily found with Google – without completing Black Duck's form, which requires a business email address: https://www.google.com/search?q="2026+Open+Source+Security+and+Risk+Analysis+Report"+PDF&udm=14 …
  • SPARC

    Tribblix
    4
    1 Votes
    4 Posts
    271 Views
    ptribbleP
    One thing about Tribblix on SPARC is that it tracks x86 pretty closely, but actual releases come at different times. What this means right now is that while Tribblix on x86 is effectively in freeze while I work through a bunch of breaking changes, many of those changes are now available on SPARC. While this may seem a bit odd, the reality is that not all the breaking changes apply to SPARC at all (I'm not planning to update perl or gcc there, even though I want to, because the updates won't even build properly), and even those that do are less appropriate (such as desktop updates like bumping the Xfce version). The one visible change that people might see is the python switch from 3.12 to 3.13.
  • Generative AI Policy | Linux Foundation

    Linux
    1
    1 Votes
    1 Posts
    65 Views
    grahamperrinG
    https://www.linuxfoundation.org/legal/generative-ai not dated first captured in the Wayback Machine in October 2023 mentioned in Policy for AI/LLM contributions (#697) · Issue · alpine/council