newnix@exile.digital is a user on linuxrocks.online. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

newnix@exile.digital @architect@linuxrocks.online

Hey everybody! I'm in the market for a new monospaced font I can ideally use everywhere. I love Termsynu, but I want to move away from bitmap fonts. Ligatures are nice, but not required.

Hoping y'all can help me find one that I can replace Termsynu with, ideally fonts that look good between 9-16pt. Any input is appreciated.

More on printing: I just ran through the different ways I can print the help data in a test scenario and I'm still seeing significant changes in size. Not entirely sure why, but I've got the assembly of each to compare against.

Quick fix: don't use multiple print statements if you don't have to, and apparently using *__progname instead of including it in the static string will save a fair amount of space with no real instruction growth. Not sure about speex though.

Neat, turns out printing help text differently will drastically change binary size. Kinda crazy.

abuse of power ++ Show more

Been thinking about minimum CPU specs for games. Seems most games set their minimum CPUs using frequency and class rather than generation. This is likely to leave it open for lower-spec gamers or gamers with older games.

Kinda gates off some of the more aggressive optimation strategies that use newer instructions though. Seems a decent cut-off point (using the Steam HW survey for data, flawed as it is) would be SSE4.2(Nehalem/K10+) or AVX (Sandy Bridge/Bulldozer+). Thoughts?

Still working on a post for it, but reimplementing `ls(1)` has not been nearly as straightforward as I initially thought.

Protonmail brings some much-needed sanity to the eFail calamity:

"No, PGP is not broken, not even with the Efail vulnerabilities"

protonmail.com/blog/pgp-vulner

Oh boy. github.com/signalapp/Signal-De

tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.

Gotta love #Electron. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."

#InfoSec

It should come as no surprise that Electron creates RWX mappings. Even today, the latest Chromium version creates RWX mappings due to the JIT.

Chromium: mapping = mmap(RWX); JIT(mapping); mapping();

Firefox gets partial points because it creates RW mappings then upgrades them to RX. Essentially: mapping = mmap(RW); JIT(mapping); mprotect(mapping, RX); mapping();

An attacker can still abuse mprotect, but at least Firefox raises the bar slightly.

I finally got nxenv finished! Might look into changing the exact behaviour of `-i`, but it's compiling to about 6KB. No error reporting in it, but in this case, I'm not sure that's strictly necessary, also seemed to add 4KB which is unacceptable for a print statement.

Guess I could make it a compile-time option.

I had an odd dream last night. Clamav was merged into systemd. I suspect it was a result of reading yesterday about ntp being incorporated into systemd.

Today, I'd like to thank @SoloBSD for giving the community mfsBSD-based images of #HardenedBSD. Your work doesn't go unnoticed and is very much appreciated.

- Just joined a mastadon instance for the first time.Feels good to be free!

So what do you folks think of this RMS glibc crap all about a joke? Personally never cared for Stallman as I think he takes everything to the extreme.

I now have a new .onion email, now with webmail access. :)

shawn@3w2s7tpb5mc7ubsjjnzp4oxvqupjeoywzwdxfvfnjn3toqbuzgkn7kqd.onion

Note that this MTA can only send email to other .onion MTAs. It cannot send emails to clearnet addresses.

If you'd like your own .onion inbox, please message me over signal with your desired username.

Note that storage is very limited. I plan to increase storage within the next week or two.

#Tor #opsec #infosec

Can someone explain how a TLS 1.2 connection with secure renegotiation can be exploited from a network MitM position?

Assume attacker doesn’t have a trusted cert and the user won’t accept bad certs. Assume attacker can read and insert raw packets. They can’t decrypt (unless an attack permits that). Assume TLS 1.2 with cipher suites ECDHE-ECDSA-AES256-GCM-SHA384 and ECDHE-RSA-AES128-SHA256.

CVE-2018-8897 has been fixed by Matt Dillon in #DragonFlyBSD

lists.dragonflybsd.org/piperma

Seems Microsoft earned some credit here ;)