schmonz.com is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
boostedWhat has (can) the EU Cyber Resilience Act done (do) for you?
also at https://bsdly.blogspot.com/2026/06/what-has-can-eu-cyber-resilience-act.html (with trackers)
TL;DR: It's *not* the end of Free and Open Source software (or the world as we know it). It's time to engineer up!
#CRA #cyberresilience #resilience #cybersecurity #eu #freebsd #openbsd #netbsd #engineerup #development #softwareenginering
What has (can) the EU Cyber Resilience Act done (do) for you?
https://nxdomain.no/~peter/what_hascan_eu_cra_donedo_for_you.html
TL;DR: It's *not* the end of Free and Open Source software (or the world as we know it). It's time to engineer up!
#CRA #cyberresilience #resilience #cybersecurity #eu #freebsd #openbsd #netbsd #engineerup #development #softwareenginering
boostedI had to manually build and install LAME 3.98.4 from source to fix the issue. WTF is that about?
Arch has #OpenBSD #nc twice in the AUR. One package applies all of the Debian patches. One does not.
But they won't have noticed this difference, since they added these to the AUR around the time that Debian stopped patching the if test.
https://aur.archlinux.org/packages/openbsd-netcat-tls
https://aur.archlinux.org/packages/openbsd-netcat-git
#NetBSD, #FreeBSD, and #DragonFlyBSD all use the Jackson netcat.c with the if statement as in the original, so their ncs will all do this too.
Silly question of the #NetBSD folk… I know some of the BSD kernels (notably #FreeBSD, and once upon a time, #OpenBSD) were capable of Linux syscall emulation, meaning they could run Linux applications.
Is this still the case, and if so, does it extend to containerisation like #Docker? Platforms of interest would be `x86-64` and `aarch64`.
https://kb.shells.com/tutorials/NetBSD/Docker/ seems to suggest it was at least at one point, a thing, but the link to the Docker download site is a 404.
boostedLive Stream of the NetBSD dev summit at BSDcan 2026, day 1
boostedPrices for dedicated servers and VPS instances are raising more and more! Guess what…
#BoxyBSD still provides free VMs to people who want to learn #FreeBSD, #OpenBSD, #NetBSD or even #Illumos / #opensolaris - all with full #ipv6 support - of course! #LearnBSD & #RUNBSD
#opensource #community @gyptazy #BSD #hosting #isp #provider
I'll look into it, thanks.
I don't care so much about the janky third-party external battery, but I'd like to keep the original internal battery in good condition. If it doesn't look like I can do that with NetBSD, I might go to OpenBSD instead.
I still want to try and #NetBSD on some hardware though.
boostedPreparing a patch NetBSD userland tools to accept long options if, and only if, preceded by an emdash. If we're going to do it, we do it properly.
boostedFinal week for submitting to #eurobsdcon 2026!
https://2026.eurobsdcon.org/cfp/
Submit by June 20th, come to Brussels September 9-13 and mingle with #BSD people!
We also offer pre-submission guidance/mentoring, see the CFP text.
Wonder what BSD and the conferences are about? See https://nxdomain.no/~peter/what_is_bsd_come_to_a_conference_to_find_out.html
@EuroBSDCon #freebsd #netbsd #openbsd #freesoftware #libresoftware #brussels #bruxelles
I brought the RasPi 1 running #NetBSD 11 along to mess with while catsitting, but I forgot to switch it back to accepting network config via DHCP, and though I can ping it across a direct connection, sshd doesn't start accepting connections. and there isn't a spare display here I can use to debug it.
not a huge deal, I'll just bike back to my usual house in a couple days and fix it there, but I wonder what its problem is. lack of DNS? lack of the gateway it's expecting?
boostedportability(TM) #netbsd #pkgsrc #tigersrc
* alix3d3 (i586) - it finds out what uses SSE2 when it shouldn't
* er4 (evbmips64n64eb) - it finds out when things hardcode a list of supported archs
* mac mini (powerpc; usually runs darwin) - it finds out when things don't specify a c/c++ lang std
* olimex a64 (aarch64) - it finds out when the arm drivers get too piney.
* banana pi (earmv7hfeb) - ugh.
* blade 150 (sparc64, bottom) - it finds out EVERYTHING.
100% not running 24/7.
Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟲/𝟬𝟲/𝟭𝟱 (Valuable News - 2026/06/15) available.
https://vermaden.wordpress.com/2026/06/15/valuable-news-2026-06-15/
Past releases: https://vermaden.wordpress.com/news/
#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday
Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟲/𝟬𝟲/𝟭𝟱 (Valuable News - 2026/06/15) available.
https://vermaden.wordpress.com/2026/06/15/valuable-news-2026-06-15/
Past releases: https://vermaden.wordpress.com/news/
#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday
Why is the FreeBSD Project home page the #2 result when using DuckDuckGo to seek NetBSD in the freebsd.org domain?
<https://duckduckgo.com/?ia=web&t=h_&q=NetBSD+site%3Afreebsd.org>
There's no mention of NetBSD at the home page, or about FreeBSD:
<https://www.freebsd.org/>, <https://www.freebsd.org/about/>
Google Search results are less confused than DuckDuckGo:
<https://www.google.com/search?q=NetBSD+site%3Afreebsd.org&udm=14>
boostedOne year ago, today.
"Why and how we're migrating many of our servers most of our servers from Linux to the BSDs" - aka, "I solve problems"
@moses_izumi @hikari @AnachronistJohn
#NetBSD definitely deserves some love for being one of the very few, and perhaps the most featureful Operating Systems that has a strong #NOAi stance.❤️🔥
I definitely want to start supporting them. I need to get on that.
Kinda postmortem:
1) The maximal log size before rotation and count of gzipped logs to store should be increased in the newsyslogd configuration. This should be applied to any service, which is looking into the void^WInternet. So, I will not loss log records, related to the start of attack…
2) Also, Asterisk log should be added to newsyslogd configuration first. It weren't added here, so *.log files became too big (> 1 Gb) and of course fail2ban ate a lot of memory while parsing these big logs. If they were rotated properly, then fail2ban will not eat so much memory, parsing small enough files.
3) Since start of attack in logs were lost, then I could only imagine possible root cause of an attack. By default, any IP, which once failed to provide the proper credentials to login somewhere in my kitchen server, is banned immediately and forever.
But somehow those attackers managed to use just 2 IPs to make an attack and they weren't banned before manual intervention 
According to fail2ban logs they were banned, but they were obviously not banned by npf. So, I think, they started attack right in time when my blacklists were successfully updated and npf was reloading — as a result their IPs appeared as "banned" in the fail2ban, but the fail2ban failed to ban them via npf, so "IRL" their IPs still weren't banned. Time to revisit my script to update blacklists 
4) Looks like I need to install some Intrusion Detection System (possibly snort
since it is mature enough). It isn't good to rely only on one mechanism (fail2ban + blacklists + npf) to protect my precious machine.
Kinda postmortem:
1) The maximal log size before rotation and count of gzipped logs to store should be increased in the newsyslogd configuration. This should be applied to any service, which is looking into the void^WInternet. So, I will not loss log records, related to the start of attack…
2) Also, Asterisk log should be added to newsyslogd configuration first. It weren't added here, so *.log files became too big (> 1 Gb) and of course fail2ban ate a lot of memory while parsing these big logs. If they were rotated properly, then fail2ban will not eat so much memory, parsing small enough files.
3) Since start of attack in logs were lost, then I could only imagine possible root cause of an attack. By default, any IP, which once failed to provide the proper credentials to login somewhere in my kitchen server, is banned immediately and forever.
But somehow those attackers managed to use just 2 IPs to make an attack and they weren't banned before manual intervention 
According to fail2ban logs they were banned, but they were obviously not banned by npf. So, I think, they started attack right in time when my blacklists were successfully updated and npf was reloading — as a result their IPs appeared as "banned" in the fail2ban, but the fail2ban failed to ban them via npf, so "IRL" their IPs still weren't banned. Time to revisit my script to update blacklists 
4) Looks like I need to install some Intrusion Detection System (possibly snort
since it is mature enough). It isn't good to rely only on one mechanism (fail2ban + blacklists + npf) to protect my precious machine.
The upgrade went alright. The permissions on /dev/tap0 were rewritten, which took me a minute to realize and fix so virtual machines will work again.
Also had some bad USB issues trying to boot the installer, but it's impossible to say whether the hardware (likely) or NetBSD (unlikely) is to blame.
By the way, our first two publications on evaluating #OpenBSD mitigations are out. Both of these papers evaluate some amd64 anti-ROP mitigations: specifically changing the register selection order and semantically equivalent rewriting of instructions that may produce a potential polymorphic gadget instruction. This tracks a paper by mortimer@ back in 2019 at AsiaBSDCon.
The TL;DR is "OpenBSD can shrink binaries a little and gain a little performance without any security loss simply by reverting these mitigations." The mitigations did not hold up to independent evaluation.
The first paper did an exact 1:1 port of these mitigations to FreeBSD and found that register reallocation eliminates only about 0.3% of unique gadgets, for a 0.5% increase in binary size (mortimer@ claimed 6% reduction and "entirely free"). It is useless at best but more likely actively detrimental, as it produces a false sense of security. It also found the instruction rewriting reduces unique gadgets by about 3.5% with a binary size increase of about 1.8% (mortimer@ claimed 5% reduction with 0.15% binary size increase).
We then did a separate implementation of the instruction rewriting mitigation to GCC in the second paper. Our GCC implementation does the older <xchg; op; xchg> dance, as that's what mortimer@'s paper described. This is way worse; producing about a 3% performance hit for no security benefit at all.
The only part of both mitigations worth saving is for basic arithmetic, OpenBSD LLVM now takes advantage of the fact that basic arithmetic has two forms. For example, the newer instruction rewriting mitigation turns
addq %rax, %rbx (48 01 c3)
into
{load} addq %rax, %rbx (48 03 d8)
The new instruction rewriting mitigation is genuinely free in terms of binary size and execution speed, but doesn't move the security needle, so this one can stay as it is harmless. Other rewritings still have the flaw of increasing binary size and reducing performance for no security benefit.
Anyhow feel free to read the papers:
https://ieeexplore.ieee.org/abstract/document/11458911
https://www.researchgate.net/publication/405728967_A_Final_Return_for_OpenBSD_Anti-Return-Oriented_Programming_Mitigations
#BSD #FreeBSD #NetBSD #DragonFlyBSD #Linux #Unix #security #cybersecurity
boostedSome graphs
from #Munin with LLM-bots attacking my kitchen server.
Graphs spans to the whole week, so on the left there is a normal state of my server. And on the right — attack is happening.