Shamelessly trying to attract new monthly sponsors and people willing to buy me the occasional pizza with my crap HTML skills.

https://brynet.ca/wallofpizza.html

Archive: https://archive.ph/rLmTq

https://github.com/openssh/openssh-portable/blob/master/sshd...

https://github.com/openssh/openssh-portable/blob/master/sand...

https://github.com/openssh/openssh-portable/blob/master/sand...

https://github.com/openssh/openssh-portable/blob/master/sand...

w/ Capsicum, beyond faffing around with some file descriptors, it's unclear what security cap_enter() adds:

https://github.com/openssh/openssh-portable/blob/master/sand...

This article contains a lot of errors, for example Chromium on FreeBSD does NOT use Capsicum, it never has. That was experimental and invasive work done 17 years ago that was NEVER committed to their official ports repository. In fact, not a single browser on FreeBSD uses Capsicum or any form of sandboxing _at all_.

https://github.com/rwatson/chromium-capsicum

https://www.freshports.org/www/chromium/

https://cgit.freebsd.org/ports/log/www/chromium/Makefile?qt=...

Contrast that with OpenBSD, where the Chromium port has used pledge(2) since January 2016, and unveil(2) since 2018. Both are enabled by default. Mozilla Firefox ports also use both pledge and unveil since 2018-2019, with refinements over the years.

https://marc.info/?l=openbsd-ports-cvs&m=145211683609002&w=2

https://marc.info/?l=openbsd-ports-cvs&m=153250162128188&w=2

OpenBSD's fork of tcpdump has been privsep for ~22 years, and its packet parser runs with no privileges. It's pledged tightly "stdio" and has no network/filesystem access, and uses OpenBSD specific innovations like bpf descriptor locking (BIOCLOCK) missing from both FreeBSD/Linux tcpdump today (despite FreeBSD adding the ioctl in 2005).

In the years since it was added, the reason Capsicum has only been applied to a handful of utilities is because it's a tree barren of decades worth of incremental work on privilege separation and security research.

Shamelessly trying to attract new monthly sponsors and people willing to buy me the occasional pizza with my crap HTML skills.

https://brynet.ca/wallofpizza.html

LoongArch is not MIPS, despite it having similarities. It's a new platform/ISA and requires a completely different toolchain and new OS port.

It is not at all "new MIPS-family hardware is being made today" like you originally wrote, and it has little to no relevance to SGI hardware.

LoongArch is a new ISA and isn't MIPS compatible, and OpenBSD doesn't support it.

https://github.com/the-machine-hall/openbsd-sgi

Comments URL: https://news.ycombinator.com/item?id=47258169

Points: 85

# Comments: 10

Shamelessly attracting new monthly sponsors and people willing to buy me the occasional pizza with my crappy HTML skills.

https://brynet.ca/wallofpizza.html

https://wiki.scummvm.org/index.php?title=AGS/Games

https://wiki.scummvm.org/index.php?title=AGS/Games

I've played it on OpenBSD before!

https://pobsd.chocolatines.org/2953591878

https://brynet.ca/

https://marc.info/?l=openbsd-ports-cvs&m=121226747005033&w=2

I had discovered it searching on SourceForge originally, but the tmux creator Nicholas Marriott was already an OpenBSD user and he took MAINTAINER for the port.

A year later, tmux was imported by nicm@ to the OpenBSD base system, where it has remained upstream for last 16 years (GitHub sync's from OpenBSD).

https://marc.info/?l=openbsd-cvs&m=124389728412353&w=2

OpenBSD, static articles, microblogging, etc.

Can you find the Easter egg? Hint: "Praetorian"

https://brynet.ca/wallofpizza.html

Wall of pizza.

I'm sorry I don't have a better answer, unfortunately.

Attracting new monthly sponsors and people willing to buy me the occasional pizza with my crappy HTML skills.

https://brynet.ca/wallofpizza.html

https://brynet.ca/

https://brynet.ca/wallofpizza.html