2024-04-22T16:41:00+02:00	The recent GSM #Linux kernel exploit does not work under #sydbox because the GSM* ioctls are not in syd's default ioctl allowlist which is a fairly restricted subset. Read more on how #sydbox restricts ioctl request space here: http://man.exherbolinux.org/syd.7.html\#Restricting_ioctl_request_space_and_trace/allow_unsafe_ioctl #exherbo #rustlang
2024-04-18T18:37:10+02:00	#sydbox 3.16.3 is released. Fixes: plug a fd leak, enhance stealth against ptrace-detectors by making PTRACE_TRACEME a no-op. New features: syd-elf, a minimal ldd(1) alternative, deny mount after bind & PTRACE_SEIZE for security, restrictions on binary executions (deny 32bit, static/dynamic linked bins & scripts), and a SegvGuard impl inspired by #HardenedBSD. #sydbox is a rock-solid user-space #kernel to #sandbox applications on #Linux >= 5.19, written in #rustlang: https://crates.io/crates/syd
2024-04-14T10:28:28+02:00	#sydbox hit 300k downloads @ https://crates.io/crates/syd today! Thanks everyone for the interest! #sydbox is a #seccomp and #landlock based application #sandbox with support for namespaces written in #rustlang!
2024-04-12T20:08:20+02:00	nice writeup on #Linux capabilities: https://book.hacktricks.xyz/linux-hardening/privilege-escalation/linux-capabilities
2024-04-10T17:53:33+02:00	Upcoming #sydbox 3.16.0 has an effective mitigation for exec(2) TOCTOU, making binary verification and exec sandboxing secure. Binary verification, aka force sandboxing, is similar to #netbsd's veriexec and #hardenedbsd's integriforce. Read more here: http://man.exherbolinux.org/syd.7.html#TOCTOU #exherbo #rustlang
2024-03-29T13:39:27+01:00	#security is mostly an illusion without W^X for memory and filesystem
2024-03-29T13:37:51+01:00	#HardenedExherbo desktop profile will ship #Firefox with JIT disabled so that it works under #MDWE protections. When there is a choice between secure vs fast, we prefer secure.
2024-03-29T10:46:32+01:00	#sydbox is not affected by CVE-2024-1086 because we prevent user subnamespaces: https://github.com/notselwyn/cve-2024-1086 #sydbox is a #seccomp and #landlock based application sandbox with support for namespaces written in #rustlang.
2024-03-17T21:46:51+01:00	I've just added a section to syd.7 manual page comparing #sydbox to other sandboxing solutions like #gvisor, #bubblewrap and #firejail: http://man.exherbolinux.org/syd.7.html#Comparison_with_Other_Sandboxing_Solutions #sydbox is a #seccomp and #landlock based application #sandbox with support for #namespaces written in #rustlang.
2024-03-10T14:24:39+01:00	syd-3.15.2 comes with two useful utilities: syd-lock and syd-mdwe to run commands under #Landlock and #MDWE protections respectively. #sydbox is a #seccomp and #landlock based application #sandbox with support for namespaces written in #rustlang. syd comes with dozens of useful utilities, check out: http://man.exherbolinux.org/ #exherbo
2024-03-09T23:14:29+01:00	Coming up soon with syd-3.15.1, you can load a dynamic library instead of running a command under the sandbox, combine this with bind+/:/:noexec to prevent all other execution, and the new trace/deny_dotdot:1 to deny .. in path components of open(2) calls to mitigate directory traversal attacks. #sydbox is a seccomp and landlock based application sandbox with support for namespaces. Check out our #CTF: https://ctftime.org/event/2178 #exherbo #rustlang
2024-03-03T17:41:21+01:00	Announcing syd-fork: Elevate your forking game beyond the basic #bash fork bomb. Crafted with precision in inline #assembly for #x86, #x86_64 and #aarch64, it's not just fast—it's a revolution. But heed the warning: it's meant for stress-testing the pid limiter, not for mischief. Use it wisely or not at all. Seriously, maturity is key. #TechHumor #ForkResponsibly: http://man.exherbolinux.org/syd-fork.1.html
2024-03-03T16:09:15+01:00	Introducing #sydbox 3.15.0: A leap in #sandboxing with force sandboxing for pre-exec binary checks, akin to #HardenedBSD's #integriforce. Highlights: syd-hex for hex encoding/decoding, syd-path for writing Integrity Force rules, syd-sha for checksums, improved error handling, and extended system call sandboxing (adding statfs, fstatfs, ftruncate and fallocate). Enhanced environment variable safety and profile hardening. Check out https://crates.io/crates/syd #security
2024-02-29T13:32:33+01:00	Celebrating 15 years of #sydbox with release π (v3.14.1): Enhanced security with MDWE protections, advanced bind mounts for tmpfs, use of mimalloc[secure] as the default allocator, plus various fixes! #sydbox is a #seccomp and #landlock based application #sandbox with support for namespaces written in #rust: https://crates.io/crates/syd
2024-02-27T17:32:40+01:00	Open message to who is DOS'ing #sydbox #ctf server #https interface atm: I stopped the #node #backend until you get bored. To people who still want to play the #CTF: use ssh syd.chesswob.org with user/pass: syd and try to read the file /etc/CTF! #rust #exherbo #linux
2024-02-18T16:22:19+01:00	I opened a #linux #kernel feature request, https://bugzilla.kernel.org/show_bug.cgi?id=218501, to overcome the current shortcomings of #seccomp to provide a full toctou-free sandbox in userspace without elevated privileges. #syd #exherbo
2024-02-08T19:34:44+01:00	all the #carokann players of the world must unite against white aggression! #antifa #chess
2024-02-08T11:04:08+01:00	til, you can't use #seccomp addfd on #Linux to plant O_PATH file descriptors to target process. When emulating open, continuing calls with O_PATH seems relatively innocent at first sight, but e.g. it can be used to "unhide" paths that are hidden and without addfd there's obviously no toctou-free way to emulate them.
2024-02-08T10:46:35+01:00	Deniz Gezmiş, Mahir Çayan #devrim için öldüler. Devrimciler ölür ama devrimler durmaz sürer. #revolution
2024-01-30T19:18:23+01:00	SydB☮x-3.11.1 has been released: new syd-run tool to run commands inside syd containers, hardening of sandbox process environment, and many minor fixes. syd-ldd - syd's secure alternative to ldd(1) - now uses the stricter 'immutable' profile rather than the 'container' profile ... see: https://sydbox.exherbolinux.org #sydbox #exherbo #gnu #linux #seccomp #landlock #container #rust #rustlang
2024-01-25T15:47:50+01:00	SydB☮x-3.10.0 has been released: trace mode to automatically generate sandboxing profiles, support for immutable containers and private /tmp, ... see: https://sydbox.exherbolinux.org #sydbox #exherbo #gnu #linux #seccomp #landlock #container #rust #rustlang
2024-01-22T19:53:33+01:00	hola world, since dev.exherbo.org is down, i've moved my twtxt to https://alip.srht.site/twtxt.txt #exherbo #twtxt
2021-08-31T18:55:25+02:00	The hblock tracker list is slowly converging... syd-addr: Sorted »130368« IP address hashes in »0.019322« seconds. #sydb☮x
2021-07-29T12:14:47+02:00	The hblock tracker list is slowly converging... syd-addr: Sorted »67360« IP address hashes in »0.003125« seconds.
2021-07-25T18:42:29+02:00	welcome to the machine @caissa, happy birthday https://caissa.ai
2021-07-23T01:24:33+02:00	Bïr çïçeğïm hⒶlk ☮rmⒶnındⒶ, Fışkırdım, bⒶşkⒶldırıy☮rum! Ben bïr bıçⒶk ucuyum, KⒶvgⒶ vermïş hⒶlkınⒶ, BⒶşkⒶldırıy☮rum ïşte, VⒶrın benïm fⒶrkımⒶ ! #sydb☮x
2021-07-22T19:33:11+02:00	bilirim, yakacaksın meydanları zorla, seviyorsan, inanıyorsan... #sydb☮x #duman
2021-07-22T19:28:23+02:00	başladım bir isyâna, bir de baktım kï daha baştayım... #sydb☮x
2021-07-22T07:45:36+02:00	Please boycott chessbase: Due to Chessbase’s repeated license violations, leading developers of Stockfish have terminated their GPL license with ChessBase permanently. However, ChessBase is ignoring the fact that they no longer have the right to distribute Stockfish, modified or unmodified, as part of their products. https://stockfishchess.org/blog/2021/our-lawsuit-against-chessbase/
2021-07-04T01:38:16+02:00	sydb☮x moved to sourcehut! https://sr.ht/~alip/sydbox/ #sydb☮x #exherb☮
2021-07-04T01:36:12+02:00	sydb☮x changes PN for peace: https://dev.exherbo.org/~alip/images/sydbox-changes-PN-for-peace-2021-07-04.png #sydb☮x #exherbo
2021-06-05T20:20:39+02:00	sydb☮x-1.2.1 released with the new --dry-run mode to run programs with no restriction but inspection and the new option -d fd[0-9]|tmp option to dump system call arguments including dereferenced pointers for strings and socket addresses in JSON lines. Pand☮ra is a the new Rust tool which is a helper for sydb☮x to make sandboxing practical.https://crates.io/crates/pandora_box . See https://sydbox.exherbo.org https.//pinktrace.exherbo.org and https://pandora.exherbo.org
2021-06-05T20:20:27+02:00	PinkTrace-1.0.0 released with AArch64 (arm64) architecture support with a few important bug fixes. See the new homepage at https://pinktrace.exherbo.org and browse the c api documentation at https://dev.exherbo.org/~alip/pinktrace/api/c/ and python bindings documentation at https://dev.exherbo.org/~alip/pinktrace/api/python/ #exherbo #sydb☮x #pinktrace #aarch64 #arm64
2021-06-05T20:19:59+02:00	added note about sydb☮x, Pand☮ra & PinkTrace to Seccomp Wikipedia page under software using seccomp-bpf: https://en.wikipedia.org/wiki/Seccomp #exherbo #sydb☮x #pandora
2021-06-05T20:19:45+02:00	sydb☮x-1.2.0 is released with seccomp allowing readonly open{,at} w/o trace-stop, stricter defaults for all default sandbox modes but read, seccomp & ptrace seize usage defaulting to on & the shared memory writable restriction defaulting to on. Finally, this version implements an improved & simpler dump interface which the helper Pand☮ra can read to generate profiles for practical, daily applications such as mail client, browser etc.  A sample profile for Firefox is added too! #exherbo #sydb☮x
2021-06-05T20:19:34+02:00	Pand☮ra's Box: A helper for sydb☮x, a ptrace & seccomp based sandbox to make sandboxing practical. This makes it easy for the end user to use secure computing for practical, daily purposes. https://crates.io/crates/pandora_box #exherbo #sydb☮x #pandora
2021-06-05T20:19:20+02:00	sydb☮x-scm improves seccomp for read only open calls which is a noticable optimization considering the overall count of trace stops, see details here: https://commits.exherbo.org/sydbox-1:8bc285f which shows remarkable improvements of reduction in open{,at} calls and build times. Apart from the commit message there's the benchmark https://git.exherbo.org/sydbox-1.git/tree/bench/2021.05.30-paludis-seccomp-open.txt on my build host which has the timing to build the current paludis-3.0.0 (scm). Help test sydb☮x-scm, report back and enjoy! #exherbo #sydb☮x
2021-03-24T18:18:44+01:00	We are calling for Richard M. Stallman to be removed from all leadership positions, including the GNU Project. https://rms-open-letter.github.io/
2021-03-20T11:03:11+01:00	Newroz pîroz be!
2021-03-14T22:04:57+01:00	sydb☮x-1.1.0 & pinktrace-0.9.6 released! https://dev.exherbo.org/~alip/sydbox/sydbox-1.1.0.tar.bz2 & https://dev.exherbo.org/~alip/pinktrace/release/pinktrace-0.9.6.tar.bz2 This release fixes build on armv7 & x86 and slightly optimizes data structures for improved memory usage. Thanks to tombriden for the help!
2021-03-14T22:03:57+01:00	sydb☮x-1.0.9 is released: https://dev.exherbo.org/~alip/sydbox/sydbox-1.0.9.tar.bz2 This release adds support for new system calls execveat, newfstatat, openat2, faccessat2 and renameat2; fixes IPv6 network sandboxing, a hang with Linux kernels >=5.10, a time-of-check-time-of-use in handling paths longer than PATH_MAX, many memory leaks including a major one about process inheritance and many minor issues identified by #coverity. Thanks to everyone who took part in testing, particularly eternaleye, heirecka and tgurr.
2021-03-01T18:08:44+01:00	Lev Polugaevsky vs Rashid Nezhmetdinov 18th RSFSR-ch (1958), Sochi URS, an attacking masterpiece: https://www.chessgames.com/perl/chessgame?gid=1111459
2021-03-01T18:01:50+01:00	sydb☮x.git supports sandboxing new system calls evecveat, openat2, faccessat2 and renameat2. A release is coming soon. Please help test sydb☮x-scm. Links: (execveat) https://git.exherbo.org/sydbox-1.git/commit/?id=23e36e1e0571faa1ffc2d12064f577f836d473e9 (openat2) https://git.exherbo.org/sydbox-1.git/commit/?id=d445b411c1c1f946a79cc84fb22554dbbe91a113 (faccessat2) https://git.exherbo.org/sydbox-1.git/commit/?id=a0c9fceedb390cff892327d18372cb2823cfbb7d (renameat2) https://git.exherbo.org/sydbox-1.git/commit/?id=b73d0c0d7b2c0b76bc536ab9411018c745fd5b60
2021-03-01T18:01:35+01:00	Fix for another known hang with sydb☮x under certain conditions. Thanks eternaleye for all the help. A release is coming soon. Please test sydb☮x-scm: https://git.exherbo.org/sydbox-1.git/commit/?id=68f650726ed970c6a0b0a4b5272da333f783e36e
2021-03-01T18:01:22+01:00	Fix for problems with sandboxing and glibc-2.33 was to implement support for newfstatat for magic commands. Thanks to tgurr for all the help! A release is coming soon. Please test sydb☮x-scm: https://git.exherbo.org/sydbox-1.git/commit/?id=2aa17a233d8d2796fcda7895e21d87e55993dc3b
2021-03-01T18:01:07+01:00	Fix for the one of long-standing memory leaks in #sydb☮x, https://git.exherbo.org/sydbox-1.git/commit/?id=1e8bc796f94af3117b0ac16dd81aaab05dd1aad5
2021-03-01T18:00:39+01:00	pinktrace-0.9.5 released. Download: https://dev.exherbo.org/distfiles/pinktrace/pinktrace-0.9.5.tar.bz2 Documentation: https://dev.exherbo.org/~alip/pinktrace/api/c/
2021-02-22T21:23:26+01:00	A true masterpiece, Lc0-Stockfish 1-0 TCEC Season 18, Game 65: The critical moment is 20. Ne4!! when Leela Zero prepares a fantastic queen sacrifice which Stockfish misses: https://tcec-chess.com/#div=sf&game=65&season=18
2021-02-21T19:33:35+01:00	lichess for shogi! https://lishogi.org
2021-02-21T13:22:49+01:00	Translations of Yu Nasu's NNUE paper from Japanese to English and German are here: https://github.com/asdfjkl/nnue (mirrored under doc/)
2020-03-16T22:33:35+01:00	I'd rather be hated for who I am, than loved for who I am not. -- Kurt Cobain
2020-03-16T22:29:54+01:00	I managed to misconfigure laptop-mode-tools such that plugging a usb-drive sets screen brightness to maximum. #wtf
2019-09-29T22:19:40+02:00	my unconscious self loves running dmesg for reasons beyond me.
2019-08-27T18:54:27+02:00	rip benko, https://chess24.com/en/read/news/pal-benko-dies-aged-91
2019-08-26T14:58:10+02:00	“It is sometimes an appropriate response to reality to go insane.” ― Philip K. Dick, VALIS
2017-12-16T10:04:46+01:00	Je mehr Leute es sind, die eine Sache glauben, desto größer ist die Wahrscheinlichkeit, daß die Ansicht falsch ist. Menschen, die Recht haben, stehen meistens allein. -- Søren Kierkegaard
2017-12-15T02:54:13+01:00	The only problem with seeing too much is that it makes you insane. -- Phaedrus
2017-12-13T14:31:56+01:00	A male scorpion is stabbed to death after mating. In chess, the powerful queen often does the same to the king without giving him the satisfaction of a lover. -- Gregor Piatigorsky
2017-12-09T11:30:51+01:00	It is precisely because it is fashionable for Americans to know no science, even though they may be well educated otherwise, that they so easily fall prey to nonsense. They thus become part of the armies of the night, the purveyors of nitwittery, the retailers of intellectual junk food, the feeders on mental cardboard, for their ignorance keeps them from distinguishing nectar from sewage. --asimov, "the armies of the night"
2017-11-24T07:33:13+01:00	Geschichte handelt fast nur von schlechten Menschen, die später gutgesprochen worden sind. --nietzsche
2017-11-21T23:16:16+01:00	Das Wirkliche liegt immer ein wenig weiter als das Aktuelle. --böll
2017-10-31T08:39:08+01:00	doubt is not a pleasant condition, but certainty is absurd. --voltaire
2017-07-29T08:43:48+02:00	God is omnipotent, omniscient, and omnibenevolent - it says so right here on the label. If you have a mind capable of believing all three of these attributes simultaneously, I have a wonderful bargain for you. No checks, please. Cash and in small bills. R, Heinlein: Notebooks of Lazarus Long
2017-01-15T09:04:28+01:00	Yalnız Sürekli dinleyendir Söylenmemiş bir sözü #yalnızlıkpaylaşılmaz #asaf
2017-01-13T21:28:11+01:00	while true; do (( z = ${RANDOM} % 100 )); (( a = $z % 10 )); mpc seek $z% & ; sleep $a; kill $!; wait; done #shell #meditation
2017-01-08T19:37:51+01:00	İçimizde şeytan yok… İçimizde aciz var..Tembellik var.. İradesizlik, bilgisizlik ve bunların hepsinden daha korkunç bir şey: hakikatleri görmekten kaçmak itiyadı var. #sabahattinali
2017-01-02T08:52:29+01:00	union for activerecord: https://gorails.com/blog/activerecord-merge #activerecord #sql #union
2017-01-02T08:51:34+01:00	null relation: http://guides.rubyonrails.org/active_record_querying.html#null-relation #rails #activerecord
2017-01-02T08:51:01+01:00	recursive sql & activerecord trees: https://hashrocket.com/blog/posts/recursive-sql-in-activerecord #rails #activerecord #postgresql
2017-01-02T08:44:12+01:00	how sf works: http://rin.io/chess-engine/ #stockfish #chess
2016-12-26T14:49:50+01:00	added myself to twtxt directory: http://twtxt.reednj.com/user/af0d8f3bfcb9e7b02053ad7038e15c1501d0f966
2016-12-26T14:31:10+01:00	envtag-0.5 released: https://dev.exherbo.org/~alip/envtag/
2016-12-24T18:04:28+01:00	nice presentation on socat, http://www.dest-unreach.org/socat/doc/linuxwochen2007-socat.pdf, mirrored under doc/ #socat #linux
2016-12-05T23:44:17+01:00	legions (war), zoe keating: https://www.youtube.com/watch?v=AlhkwHSZMyg #dystopia #psy #chess
2016-12-05T23:43:14+01:00	monsters, angus powell: https://www.youtube.com/watch?v=9WHh8SDSTwM #dystopia
2016-10-07T17:44:24+02:00	white to play and mate in 1: 1Bb3BN/R2Pk2r/1Q5B/4q2R/2bN4/4Q1BK/1p6/1bq1R1rb w - - 0 1
2016-10-07T17:39:22+02:00	linux-4.8/seccomp[1]: https://github.com/torvalds/linux/commit/ce6526e8afa4b6ad0ab134a4cc50c9c863319637
2016-10-07T17:39:07+02:00	linux-4.8/seccomp[0]: https://github.com/torvalds/linux/commit/93e35efb8de45393cf61ed07f7b407629bf698ea
2016-10-07T02:24:56+02:00	sydb☮x[seccomp] works fine with linux-4.8 now: https://git.exherbo.org/sydbox-1.git/commit/?id=7fb3d95aee2c31a0fb04af851a9ec5563d0c3200
2016-08-25T08:57:18+03:00	You know you're OCD when you have to sort C includes first by line length then alphabetically.
2016-08-14T18:04:57+03:00	en: I often play a move I know how to refute. tr: Sıklıkla çürüten yanıtlarını bildiğim hamleleri oynarım. - Bent Larsen
2016-07-03T08:18:18+03:00	this cheered me up despite every shit on the planet: https://www.youtube.com/watch?v=EFDFpS9_ZWY #sultans-of-swing #sos
2016-07-02T20:47:01+03:00	tr: audio/1993-07-02 dizininde Sivas katliamı hakkındaki şarkıların bir derlemesi vardır, https://tr.wikipedia.org/wiki/Sivas_Katliamı
2016-07-02T20:46:58+03:00	en: audio/1993-07-02 directory contains a compilation of songs on Sivas massacre, https://en.wikipedia.org/wiki/Sivas_massacre
2016-07-02T19:15:33+03:00	hello world, this is alip's twtxt feed, https://dev.exherbo.org/~alip/twtxt.txt