 |
dataswamp.org.solene.rss.xml - sfeed_tests - sfeed tests and RSS and Atom files |
 |
git clone git://git.codemadness.org/sfeed_tests |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
dataswamp.org.solene.rss.xml (105978B) |
|
--- |
|
1 <?xml version="1.0" encoding="UTF-8"?> |
|
2 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> |
|
3 <channel> |
|
4 <title>Solene's percent %</title> |
|
5 <description></description> |
|
6 <link>https://dataswamp.org/~solene/</link> |
|
7 <atom:link href="https://dataswamp.org/~solene/rss.xml" rel="self" t… |
|
8 <item> |
|
9 <title>Nginx as a TCP/UDP relay</title> |
|
10 <description> |
|
11 <![CDATA[ |
|
12 <h1> Introduction</h1> |
|
13 <p>In this tutorial I will explain how to use Nginx as a TCP or UDP rela… |
|
14 </p> |
|
15 <p>I will explain how to install and configure Nginx and how to parse lo… |
|
16 </p> |
|
17 <p>It is important to understand that in this context Nginx is not doing… |
|
18 </p> |
|
19 <h1> Installation</h1> |
|
20 <p>On OpenBSD we need the package nginx-stream, if you are unsure about … |
|
21 </p> |
|
22 <p><a href='http://nginx.org/en/docs/stream/ngx_stream_core_module.html'… |
|
23 <p><a href='http://nginx.org/en/docs/stream/ngx_stream_log_module.html'>… |
|
24 <h1> Configuration</h1> |
|
25 <p>The default configuration file for nginx is /etc/nginx/nginx.conf , w… |
|
26 </p> |
|
27 <pre><code>worker_processes 1; |
|
28 |
|
29 load_module modules/ngx_stream_module.so; |
|
30 |
|
31 events { |
|
32 worker_connections 5; |
|
33 } |
|
34 |
|
35 stream { |
|
36 log_format basic '$remote_addr $upstream_addr [$time_local] ' |
|
37 '$protocol $status $bytes_sent $bytes_received ' |
|
38 '$session_time'; |
|
39 |
|
40 access_log logs/nginx-access.log basic; |
|
41 |
|
42 upstream backend { |
|
43 hash $remote_addr consistent; |
|
44 server 127.0.0.1:11965; |
|
45 } |
|
46 server { |
|
47 listen 1965 ssl; |
|
48 ssl_certificate /etc/ssl/perso.pw:1965.crt; |
|
49 ssl_certificate_key /etc/ssl/private/perso.pw:1965.key; |
|
50 proxy_pass backend; |
|
51 } |
|
52 } |
|
53 </code></pre> |
|
54 <p>In the previous configuration file, the backend defines the destinati… |
|
55 </p> |
|
56 <p>The server block will tell on which port Nginx should listen and if i… |
|
57 </p> |
|
58 <p>The configuration file defines a custom log format that is useful for… |
|
59 </p> |
|
60 <h1> Log parsing</h1> |
|
61 <h2> Using awk to calculate time performance</h2> |
|
62 <p>I wrote a quite long shell command parsing the log defined earlier th… |
|
63 </p> |
|
64 <pre><code>$ awk '{ print $NF }' /var/www/logs/nginx-access.log | sort -… |
|
65 Total: 566 Median:0.212 Min:0.000 Max:600.487 |
|
66 </code></pre> |
|
67 <h2> Find bad clients using awk</h2> |
|
68 <p>Sometimes in the logs there are clients that obtains a status 500, me… |
|
69 </p> |
|
70 <pre><code>awk '$(NF-3) == 500 { print $1 }' /var/www/logs/nginx-access.… |
|
71 </code></pre> |
|
72 <h2> Using goaccess for real time log visualization</h2> |
|
73 <p>It is also possible to use the program Goaccess to view logs in real … |
|
74 </p> |
|
75 <pre><code>goaccess --date-format="%d/%b/%Y" \ |
|
76 --time-format="%H:%M:%S" \ |
|
77 --log-format="%h %r [%d:%t %^] TCP %s %^ %b %L" /var/www/logs/n… |
|
78 </code></pre> |
|
79 <p><a href='https://goaccess.io/'>Goaccess official website</a></p> |
|
80 <h1> Conclusion</h1> |
|
81 <p>I was using relayd before trying Nginx with stream module, while rela… |
|
82 </p> |
|
83 |
|
84 ]]> |
|
85 </description> |
|
86 <guid>https://dataswamp.org/~solene/2021-02-24-nginx-stream.html</guid> |
|
87 <link>https://dataswamp.org/~solene/2021-02-24-nginx-stream.html</link> |
|
88 <pubDate>Wed, 24 Feb 2021 00:00:00 GMT</pubDate> |
|
89 </item> |
|
90 <item> |
|
91 <title>Port of the week: catgirl irc client</title> |
|
92 <description> |
|
93 <![CDATA[ |
|
94 <h2> Introduction</h2> |
|
95 <p>In this Port of the Week I will introduce you to the IRC client catgi… |
|
96 </p> |
|
97 <p>Catgirl has the following features: tab completion, split scrolling, … |
|
98 </p> |
|
99 <p>Catgirl will be available as a package in OpenBSD starting with versi… |
|
100 </p> |
|
101 <p>OpenBSD security bonus: catgirl features a very good use of unveil to… |
|
102 </p> |
|
103 <p><a href='https://git.causal.agency/catgirl/about/'>Catgirl official w… |
|
104 <p><a href='static/catgirl.png'><img src='static/catgirl.png' alt='Catgi… |
|
105 <h2> Configuration</h2> |
|
106 <p>A simple configuration file to connect to the irc.tilde.chat server w… |
|
107 </p> |
|
108 <pre><code>nick = solene_nickname |
|
109 real = Solene |
|
110 host = irc.tilde.chat |
|
111 join = #foobar-channel |
|
112 </code></pre> |
|
113 <p>You can then run catgirl and use the configuration file but passing t… |
|
114 </p> |
|
115 <pre><code>$ catgirl tilde |
|
116 </code></pre> |
|
117 <h2> Usage and tips</h2> |
|
118 <p>I recommend reading catgirl man page, everything is well explained th… |
|
119 </p> |
|
120 <p><a href='https://git.causal.agency/catgirl/about/catgirl.1'>Catgirl m… |
|
121 <p>Catgirl only display one window at a time, it is not possible to spli… |
|
122 </p> |
|
123 <p>Channels can be browsed from keyboard using Ctrl+N or Ctrl+P like in … |
|
124 </p> |
|
125 <p>Searches in buffer could be used by typing a word in your input and u… |
|
126 </p> |
|
127 <p>Finally, my most favorite feature which is missing in minimal clients… |
|
128 </p> |
|
129 <h2> Conclusion</h2> |
|
130 <p>I really love this IRC client, it replaced Irssi that I used for year… |
|
131 </p> |
|
132 |
|
133 ]]> |
|
134 </description> |
|
135 <guid>https://dataswamp.org/~solene/2021-02-22-potw-catgirl.html</guid> |
|
136 <link>https://dataswamp.org/~solene/2021-02-22-potw-catgirl.html</link> |
|
137 <pubDate>Mon, 22 Feb 2021 00:00:00 GMT</pubDate> |
|
138 </item> |
|
139 <item> |
|
140 <title>Full list of services offered by a default OpenBSD installation… |
|
141 <description> |
|
142 <![CDATA[ |
|
143 <h1> Introduction</h1> |
|
144 <p>This article is about giving a short description of EVERY service ava… |
|
145 </p> |
|
146 <p>From all this list, only the following list is started by default: op… |
|
147 </p> |
|
148 <h1> Service list </h1> |
|
149 <p>I extracted the list of base install services by looking at /etc/rc.c… |
|
150 </p> |
|
151 <pre><code>$ grep _flags /etc/rc.conf | cut -d '_' -f 1 |
|
152 </code></pre> |
|
153 <h2> amd</h2> |
|
154 <p>This daemon is used to automatically mount a remote NFS server when s… |
|
155 </p> |
|
156 <p><a href='https://man.openbsd.org/amd'>amd man page</a></p> |
|
157 <h2> apmd</h2> |
|
158 <p>This is the daemon responsible for frequency scaling. It is important… |
|
159 </p> |
|
160 <p><a href='https://man.openbsd.org/apmd'>apmd man page</a></p> |
|
161 <p><a href='https://man.openbsd.org/apm'>apm man page</a></p> |
|
162 <h2> bgpd</h2> |
|
163 <p>This is a BGP daemon that is used by network routers to exchanges abo… |
|
164 </p> |
|
165 <p><a href='http://www.openbgpd.org'>OpenBGPD website</a></p> |
|
166 <h2> bootparamd</h2> |
|
167 <p>This daemon is used for diskless setups on a network, it provides inf… |
|
168 </p> |
|
169 <p><a href='https://man.openbsd.org/diskless'>Information about a diskle… |
|
170 <h2> cron</h2> |
|
171 <p>This is a daemon that will read from each user cron tabs and the syst… |
|
172 </p> |
|
173 <p><a href='https://man.openbsd.org/cron'>Cron man page</a></p> |
|
174 <p><a href='https://man.openbsd.org/crontab.1'>Crontab command</a></p> |
|
175 <p><a href='https://man.openbsd.org/crontab.5'>Crontab format</a></p> |
|
176 <h2> dhcpd</h2> |
|
177 <p>This is a DHCP server used to automatically provide IPv4 addresses on… |
|
178 </p> |
|
179 <h2> dhcrelay</h2> |
|
180 <p>This is a DHCP requests relay, used to on a network interface to rela… |
|
181 </p> |
|
182 <h2> dvmrpd</h2> |
|
183 <p>This daemon is a multicast routing daemon, in case you need multicast… |
|
184 </p> |
|
185 <h2> eigrpd</h2> |
|
186 <p>This daemon is an Internal gateway link-state routing protocol, it is… |
|
187 </p> |
|
188 <h2> ftpd</h2> |
|
189 <p>This is a FTP server providing many features. While FTP is getting a… |
|
190 </p> |
|
191 <p><a href='https://man.openbsd.org/ftpd'>ftpd man page</a></p> |
|
192 <h2> ftpproxy</h2> |
|
193 <p>This is a FTP proxy daemon that one is supposed to run on a NAT syste… |
|
194 </p> |
|
195 <h2> ftpproxy6</h2> |
|
196 <p>Same as above but for IPv6. Using IPv6 behind a NAT make no sense. |
|
197 </p> |
|
198 <h2> hostapd</h2> |
|
199 <p>This is the daemon that turns OpenBSD into a WiFi access point. |
|
200 </p> |
|
201 <p><a href='https://man.openbsd.org/hostapd'>hostapd man page</a></p> |
|
202 <p><a href='https://man.openbsd.org/hostapd.conf'>hostapd configuration … |
|
203 <h2> hotplugd</h2> |
|
204 <p>hotplugd is an amazing daemon that will trigger actions when devices … |
|
205 </p> |
|
206 <p><a href='https://man.openbsd.org/hotplugd'>hotplugd man page</a></p> |
|
207 <h2> httpd</h2> |
|
208 <p>httpd is a HTTP(s) daemon which supports a few features like fastcgi … |
|
209 </p> |
|
210 <p><a href='https://man.openbsd.org/httpd.conf'>httpd man page</a></p> |
|
211 <p><a href='https://man.openbsd.org/httpd.conf'>httpd configuration file… |
|
212 <h2> identd</h2> |
|
213 <p>Identd is a daemon for the Identification Protocol which returns the … |
|
214 </p> |
|
215 <h2> ifstated</h2> |
|
216 <p>This is a daemon monitoring the state of network interfaces and which… |
|
217 </p> |
|
218 <p><a href='https://man.openbsd.org/ifstated'>ifstated man page</a></p> |
|
219 <p><a href='https://man.openbsd.org/ifstated.conf'>ifstated configuratio… |
|
220 <h2> iked</h2> |
|
221 <p>This daemon is used to provide IKEv2 authentication for IPSec tunnel … |
|
222 </p> |
|
223 <p><a href='https://www.openbsd.org/faq/faq17.html'>OpenBSD FAQ about VP… |
|
224 <h2> inetd</h2> |
|
225 <p>This daemon is often forgotten but is very useful. Inetd can listen … |
|
226 </p> |
|
227 <p><a href='https://man.openbsd.org/inetd'>inetd man page</a></p> |
|
228 <h2> isakmpd</h2> |
|
229 <p>This daemon is used to provide IKEv1 authentication for IPSec tunnel … |
|
230 </p> |
|
231 <h2> iscsid</h2> |
|
232 <p>This daemon is an iSCSI initator which will connect to an iSCSI targe… |
|
233 </p> |
|
234 <h2> ldapd</h2> |
|
235 <p>This is a light LDAP server, offering version 3 of the protocol. |
|
236 </p> |
|
237 <p><a href='https://man.openbsd.org/ldap'>ldap client man page</a></p> |
|
238 <p><a href='https://man.openbsd.org/ldapd'>ldapd daemon man page</a></p> |
|
239 <p><a href='https://man.openbsd.org/ldapd.conf'>ldapd daemon configurati… |
|
240 <h2> ldattach</h2> |
|
241 <p>This daemon allows to configure programs that are exposed as a serial… |
|
242 </p> |
|
243 <h2> ldomd</h2> |
|
244 <p>This daemon is specific to the sparc64 platform and provide services … |
|
245 </p> |
|
246 <h2> lockd</h2> |
|
247 <p>This daemon is used as part of a NFS environment to support file lock… |
|
248 </p> |
|
249 <h2> ldpd</h2> |
|
250 <p>This daemon is used by MPLS routers to get labels. |
|
251 </p> |
|
252 <h2> lpd</h2> |
|
253 <p>This daemon is used to manage print access to a line printer. |
|
254 </p> |
|
255 <h2> mountd</h2> |
|
256 <p>This daemon is used by remote NFS client to give them information abo… |
|
257 </p> |
|
258 <p><a href='https://man.openbsd.org/mountd'>mountd man page</a></p> |
|
259 <p><a href='https://man.openbsd.org/showmount.8'>showmount man page</a><… |
|
260 <h2> mopd</h2> |
|
261 <p>This daemon is used to distribute MOP images, which seem related to a… |
|
262 </p> |
|
263 <h2> mrouted</h2> |
|
264 <p>Similar to dvmrpd. |
|
265 </p> |
|
266 <h2> nfsd</h2> |
|
267 <p>This server is used to service the NFS requests from NFS client. Sta… |
|
268 </p> |
|
269 <p><a href='https://man.openbsd.org/nfsd'>nfsd man page</a></p> |
|
270 <p><a href='https://man.openbsd.org/nfsstat.1'>nfsstat man page</a></p> |
|
271 <h2> npppd</h2> |
|
272 <p>This daemon is used to establish connection using PPP but also to cre… |
|
273 </p> |
|
274 <h2> nsd</h2> |
|
275 <p>This daemon is an authoritative DNS nameserver, which mean it is hold… |
|
276 </p> |
|
277 <p><a href='https://man.openbsd.org/nsd'>nsd man page</a></p> |
|
278 <p><a href='https://man.openbsd.org/nsd.conf'>nsd configuration file man… |
|
279 <h2> ntpd</h2> |
|
280 <p>This daemon is a NTP service that keep the system clock at the correc… |
|
281 </p> |
|
282 <p><a href='https://man.openbsd.org/ntpd'>ntpd man page</a></p> |
|
283 <h2> ospfd</h2> |
|
284 <p>It is a daemon for the OSPF routing protocol (Open Shortest Path Firs… |
|
285 </p> |
|
286 <h2> ospf6d</h2> |
|
287 <p>Same as above for IPv6. |
|
288 </p> |
|
289 <h2> pflogd</h2> |
|
290 <p>This daemon is receiving packets from PF matching rules with a "log" … |
|
291 </p> |
|
292 <p><a href='https://man.openbsd.org/pflogd'>pflogd man page</a></p> |
|
293 <p><a href='https://man.openbsd.org/tcpdump.8'>tcpdump</a></p> |
|
294 <h2> portmap</h2> |
|
295 <p>This daemon is used as part of a NFS environment. |
|
296 </p> |
|
297 <h2> rad</h2> |
|
298 <p>This daemon is used on IPv6 routers to advertise routes so client can… |
|
299 </p> |
|
300 <h2> radiusd</h2> |
|
301 <p>This daemon is used to offer RADIUS protocol authentication. |
|
302 </p> |
|
303 <h2> rarpd</h2> |
|
304 <p>This daemon is used for diskless setups in which it will help associa… |
|
305 </p> |
|
306 <p><a href='https://man.openbsd.org/diskless'>Information about a diskle… |
|
307 <h2> rbootd</h2> |
|
308 <p>Per the man page, it says « rbootd services boot requests from Hewle… |
|
309 </p> |
|
310 <h2> relayd</h2> |
|
311 <p>This daemon is used to accept incoming connections and distribute the… |
|
312 </p> |
|
313 <p><a href='https://man.openbsd.org/relayd'>relayd man page</a></p> |
|
314 <p><a href='https://man.openbsd.org/relayctl'>relayd control tool man pa… |
|
315 <p><a href='https://man.openbsd.org/relayd.conf'>relayd configuration fi… |
|
316 <h2> ripd</h2> |
|
317 <p>This is a routing daemon using an old protocol but widely supported. |
|
318 </p> |
|
319 <h2> route6d</h2> |
|
320 <p>Same as above but for IPv6. |
|
321 </p> |
|
322 <h2> sasyncd</h2> |
|
323 <p>This daemon is used to keep IPSec gateways synchronized in case of a … |
|
324 </p> |
|
325 <h2> sensorsd</h2> |
|
326 <p>This daemon gathers monitoring information from the hardware like tem… |
|
327 </p> |
|
328 <p><a href='https://man.openbsd.org/sensorsd'>sensorsd man page</a></p> |
|
329 <p><a href='https://man.openbsd.org/sensorsd.conf'>sensorsd configuratio… |
|
330 <h2> slaacd</h2> |
|
331 <p>This service is a daemon that will automatically pick up auto IPv6 co… |
|
332 </p> |
|
333 <h2> slowcgi</h2> |
|
334 <p>This daemon is used to expose a CGI program as a fastcgi service, all… |
|
335 </p> |
|
336 <p><a href='https://man.openbsd.org/slowcgi'>slowcgi man page</a></p> |
|
337 <h2> smtpd</h2> |
|
338 <p>This daemon is the SMTP server that will be used to deliver mails loc… |
|
339 </p> |
|
340 <p><a href='https://man.openbsd.org/smtpd'>smtpd man page</a></p> |
|
341 <p><a href='https://man.openbsd.org/smtpd.conf'>smtpd configuration file… |
|
342 <p><a href='https://man.openbsd.org/smtpctl'>smtpd control command man p… |
|
343 <h2> sndiod</h2> |
|
344 <p>This is the daemon handling sound from various sources. It also supp… |
|
345 </p> |
|
346 <p><a href='https://man.openbsd.org/sndiod'>sndiod man page</a></p> |
|
347 <p><a href='https://man.openbsd.org/sndioctl.1'>sndiod control command m… |
|
348 <p><a href='https://man.openbsd.org/mixerctl'>mixerctl man page to contr… |
|
349 <p><a href='https://www.openbsd.org/faq/faq13.html'>OpenBSD FAQ about mu… |
|
350 <h2> snmpd</h2> |
|
351 <p>This daemon is a SNMP server exposing some system metrics to SNMP cli… |
|
352 </p> |
|
353 <p><a href='https://man.openbsd.org/snmpd'>snmpd man page</a></p> |
|
354 <p><a href='https://man.openbsd.org/snmpd.conf'>snmpd configuration file… |
|
355 <h2> spamd</h2> |
|
356 <p>This daemon acts as a fake server that will delay or block or pass em… |
|
357 </p> |
|
358 <h2> spamlogd</h2> |
|
359 <p>This daemon is dedicated to the update of spamd whitelist. |
|
360 </p> |
|
361 <h2> sshd</h2> |
|
362 <p>This is the well known ssh server. Allow secure connections to a she… |
|
363 </p> |
|
364 <p><a href='https://man.openbsd.org/sshd'>sshd man page</a></p> |
|
365 <p><a href='https://man.openbsd.org/sshd_config.5'>sshd configuration fi… |
|
366 <h2> statd</h2> |
|
367 <p>This daemon is used in NFS environment using lockd in order to check … |
|
368 </p> |
|
369 <h2> switchd</h2> |
|
370 <p>This daemon is used to control a switch pseudo device. |
|
371 </p> |
|
372 <p><a href='https://man.openbsd.org/switch.4'>switch pseudo device man p… |
|
373 <h2> syslogd</h2> |
|
374 <p>This is the logging server that receives messages from local programs… |
|
375 </p> |
|
376 <p><a href='https://man.openbsd.org/syslogd'>syslogd man page</a></p> |
|
377 <p><a href='https://man.openbsd.org/syslog.conf.5'>syslogd configuration… |
|
378 <p><a href='https://man.openbsd.org/newsyslog.8'>newsyslog man page</a><… |
|
379 <p><a href='https://man.openbsd.org/logger.1'>logger man page</a></p> |
|
380 <h2> tftpd</h2> |
|
381 <p>This daemon is a TFTP server, used to provide kernels over the networ… |
|
382 </p> |
|
383 <p><a href='https://man.openbsd.org/diskless'>Information about a diskle… |
|
384 <h2> tftpproxy</h2> |
|
385 <p>This daemon is used to manipulate the firewall PF to relay TFTP reque… |
|
386 </p> |
|
387 <h2> unbound</h2> |
|
388 <p>This daemon is a recursive DNS server, this is the kind of server lis… |
|
389 </p> |
|
390 <p><a href='https://man.openbsd.org/unbound'>unbound man page</a></p> |
|
391 <p><a href='https://man.openbsd.org/unbound.conf'>unbound configuration … |
|
392 <h2> unwind</h2> |
|
393 <p>This daemon is a local recursive DNS server that will make its best t… |
|
394 </p> |
|
395 <p><a href='https://man.openbsd.org/unwind'>unwind man page</a></p> |
|
396 <p><a href='https://man.openbsd.org/unwind.conf'>unwind configuration fi… |
|
397 <p><a href='https://man.openbsd.org/unwindctl'>unwind control command ma… |
|
398 <h2> vmd</h2> |
|
399 <p>This is the daemon that allow to run virtual machines using vmm. As … |
|
400 </p> |
|
401 <p><a href='https://man.openbsd.org/vmd'>vmd man page</a></p> |
|
402 <p><a href='https://man.openbsd.org/vm.conf'>vmd configuration file man … |
|
403 <p><a href='https://man.openbsd.org/vmctl'>vmd control command man page<… |
|
404 <p><a href='https://man.openbsd.org/vmm'>vmm driver man page</a></p> |
|
405 <p><a href='https://www.openbsd.org/faq/faq16.html'>OpenBSD FAQ about vi… |
|
406 <h2> watchdogd</h2> |
|
407 <p>This daemon is used to trigger watchdog timer devices if any. |
|
408 </p> |
|
409 <h2> wsmoused</h2> |
|
410 <p>This daemon is used to provide a mouse support to the console. |
|
411 </p> |
|
412 <h2> xenodm</h2> |
|
413 <p>This daemon is used to start the X server and allow users to authenti… |
|
414 </p> |
|
415 <p><a href='https://man.openbsd.org/xenodm'>xenodm man page</a></p> |
|
416 <h2> ypbind</h2> |
|
417 <p>This daemon is used with a Yellow Page (YP) server to keep and mainta… |
|
418 </p> |
|
419 <h2> ypldap</h2> |
|
420 <p>This daemon offers a YP service using a LDAP backend. |
|
421 </p> |
|
422 <h2> ypserv</h2> |
|
423 <p>This daemon is a YP server. |
|
424 </p> |
|
425 |
|
426 ]]> |
|
427 </description> |
|
428 <guid>https://dataswamp.org/~solene/2021-02-16-openbsd-base-services.h… |
|
429 <link>https://dataswamp.org/~solene/2021-02-16-openbsd-base-services.h… |
|
430 <pubDate>Tue, 16 Feb 2021 00:00:00 GMT</pubDate> |
|
431 </item> |
|
432 <item> |
|
433 <title>What security does a default OpenBSD installation offer?</title> |
|
434 <description> |
|
435 <![CDATA[ |
|
436 <h1> Introduction</h1> |
|
437 <p>In this text I will explain what makes OpenBSD secure by default when… |
|
438 </p> |
|
439 <p>There are no security without a threat model, I always consider the f… |
|
440 </p> |
|
441 <h1> Security matters</h1> |
|
442 <p>Here is a list of features that I consider important for an operating… |
|
443 </p> |
|
444 <p>In my opinion security is not only about preventing remote attackers … |
|
445 </p> |
|
446 <h2> Pledge / unveil on userland</h2> |
|
447 <p>Pledge and unveil are often referred together although they can be us… |
|
448 </p> |
|
449 <p>Both a very effective and powerful surgical security tools but they r… |
|
450 </p> |
|
451 <p>Some software in packages have received pledge or/and unveil support,… |
|
452 </p> |
|
453 <p><a href='https://www.openbsd.org/papers/bsdcan2019-unveil/index.html'… |
|
454 <p><a href='https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pd… |
|
455 <h2> Privilege separation</h2> |
|
456 <p>Most of the base system services used within OpenBSD runs using a pri… |
|
457 </p> |
|
458 <h2> Clock synchronization</h2> |
|
459 <p>The daemon server is started by default to keep the clock synchronize… |
|
460 </p> |
|
461 <h2> X display not as root</h2> |
|
462 <p>If you use the X, it drops privileges to _x11 user, it runs as unpriv… |
|
463 </p> |
|
464 <h2> Resources limits</h2> |
|
465 <p>Default resources limits prevent a program to use too much memory, to… |
|
466 </p> |
|
467 <h2> Genuine full disk encryption</h2> |
|
468 <p>When you install OpenBSD using a full disk encryption setup, everythi… |
|
469 </p> |
|
470 <h2> W^X</h2> |
|
471 <p>Most programs on OpenBSD aren't allowed to map memory with Write AND … |
|
472 </p> |
|
473 <p><a href='https://www.openbsd.org/papers/hackfest2015-w-xor-x.pdf'>Ope… |
|
474 <h2> Only one reliable randomness source</h2> |
|
475 <p>When your system requires a random number (and it does very often), O… |
|
476 </p> |
|
477 <p><a href='https://www.openbsd.org/papers/hackfest2014-arc4random/index… |
|
478 <h2> Accurate documentation</h2> |
|
479 <p>OpenBSD comes with a full documentation in its man pages. One should… |
|
480 </p> |
|
481 <p><a href='https://man.openbsd.org/'>OpenBSD man pages online</a></p> |
|
482 <p><a href='https://www.openbsd.org/papers/eurobsdcon2018-mandoc.pdf'>Eu… |
|
483 <h2> IPSec and Wireguard out of the box</h2> |
|
484 <p>If you need to setup a VPN, you can use IPSec or Wireguard protocols … |
|
485 </p> |
|
486 <h2> Memory safeties</h2> |
|
487 <p>OpenBSD has many safeties in regards to memory allocation and will pr… |
|
488 </p> |
|
489 <h2> Dedicated root account</h2> |
|
490 <p>When you install the system, a root account is created and its passwo… |
|
491 </p> |
|
492 <h2> Small network attack surface</h2> |
|
493 <p>The only services that could be enabled at installation time listenin… |
|
494 </p> |
|
495 <h2> Encrypted swap</h2> |
|
496 <p>By default the OpenBSD swap is encrypted, meaning if programs memory … |
|
497 </p> |
|
498 <h2> SMT disabled</h2> |
|
499 <p>Due to a heavy number of security breaches due to SMT (like hyperthre… |
|
500 </p> |
|
501 <p><a href='https://en.wikipedia.org/wiki/Meltdown_(security_vulnerabili… |
|
502 <h2> Micro and Webcam disabled</h2> |
|
503 <p>With the default installation, both microphone and webcam won't actua… |
|
504 </p> |
|
505 <h3> Maintainability, release often, update often</h3> |
|
506 <p>The OpenBSD team publish a new release a new version every six months… |
|
507 </p> |
|
508 <h3> Signify chain of trust</h3> |
|
509 <p>Installer, archives and packages are signed using signify public/priv… |
|
510 </p> |
|
511 <p><a href='https://www.openbsd.org/papers/bsdcan-signify.html'>Signify … |
|
512 <h2> Packages</h2> |
|
513 <p>While most of the previous items were about the base system or the ke… |
|
514 </p> |
|
515 <h3> Chroot by default when available</h3> |
|
516 <p>Most daemons that are available offering a chroot feature will have i… |
|
517 </p> |
|
518 <h3> Dedicated users for services</h3> |
|
519 <p>Most packages that provide a server also create a new dedicated user … |
|
520 </p> |
|
521 <h3> Installing a service doesn't enable it</h3> |
|
522 <p>When you install a service, it doesn't get enabled by default. You w… |
|
523 </p> |
|
524 <p><a href='https://man.openbsd.org/rcctl'>rcctl man page</a></p> |
|
525 <h1> Conclusion</h1> |
|
526 <p>Most of the previous "security features" should be considered good pr… |
|
527 </p> |
|
528 <p>There are also many other features that have been added and which I d… |
|
529 </p> |
|
530 <p><a href='https://www.openbsd.org/papers/bsdtw.pdf'>« Mitigations and… |
|
531 <p><a href='https://www.openbsd.org/innovations.html'>OpenBSD innovation… |
|
532 <p><a href='https://www.openbsd.org/events.html'>OpenBSD events, often i… |
|
533 |
|
534 ]]> |
|
535 </description> |
|
536 <guid>https://dataswamp.org/~solene/2021-02-14-openbsd-default-securit… |
|
537 <link>https://dataswamp.org/~solene/2021-02-14-openbsd-default-securit… |
|
538 <pubDate>Sun, 14 Feb 2021 00:00:00 GMT</pubDate> |
|
539 </item> |
|
540 <item> |
|
541 <title>Firejail on Linux to sandbox all the things</title> |
|
542 <description> |
|
543 <![CDATA[ |
|
544 <h2> Introduction</h2> |
|
545 <p>Firejail is a program that can prepare sandboxes to run other program… |
|
546 </p> |
|
547 <p>You may want to sandbox programs you run in order to protect your sys… |
|
548 </p> |
|
549 <h2> Installation</h2> |
|
550 <p>On most Linux systems you will find a Firejail package that you can i… |
|
551 </p> |
|
552 <p>There are no service to enable and no kernel parameters to add. Appa… |
|
553 </p> |
|
554 <h2> Usage</h2> |
|
555 <h3> Start a program</h3> |
|
556 <p>The simplest usage is to run a command by adding Firejail before the … |
|
557 </p> |
|
558 <pre><code>$ Firejail firefox |
|
559 </code></pre> |
|
560 <h3> Use a symlink</h3> |
|
561 <p>Firejail has a neat feature to allow starting software by their name … |
|
562 </p> |
|
563 <pre><code>export PATH=~/bin/:$PATH |
|
564 $ ln -s /usr/bin/firejail ~/bin/firefox |
|
565 $ firefox |
|
566 </code></pre> |
|
567 <h3> Listing sandboxes</h3> |
|
568 <p>There is a Firejail --list command that will tell you about all sandb… |
|
569 </p> |
|
570 <pre><code>$ firejail --list |
|
571 6108:solene::/usr/bin/firejail /usr/bin/firefox |
|
572 </code></pre> |
|
573 <h3> Limit bandwidth per program</h3> |
|
574 <p>Firejail also has a neat feature that allows to limit the bandwidth a… |
|
575 </p> |
|
576 <pre><code>$ firejail --bandwidth=6108 set wlan0 1000 40 |
|
577 </code></pre> |
|
578 <p>You can find more information about this feature in the "TRAFFIC SHAP… |
|
579 </p> |
|
580 <h3> Restrict network access</h3> |
|
581 <p>If for some reason you want to start a program with absolutely no net… |
|
582 </p> |
|
583 <pre><code>$ firejail --net=none libreoffice |
|
584 </code></pre> |
|
585 <h2> Conclusion</h2> |
|
586 <p>Firejail is a neat way to start software into sandboxes without requi… |
|
587 </p> |
|
588 <p>Firejail has been proven to be USABLE and RELIABLE for me while my at… |
|
589 </p> |
|
590 <h2> More resources</h2> |
|
591 <p><a href='https://firejail.wordpress.com/'>Official project website wi… |
|
592 <p><a href='https://github.com/netblue30/firejail'>Firejail sources and … |
|
593 <p><a href='https://github.com/chiraag-nataraj/firejail-profiles'>Commun… |
|
594 <p><a href='https://github.com/nyancat18/fe'>Community profiles 2</a></p> |
|
595 |
|
596 ]]> |
|
597 </description> |
|
598 <guid>https://dataswamp.org/~solene/2021-02-14-linux-firejail.html</gu… |
|
599 <link>https://dataswamp.org/~solene/2021-02-14-linux-firejail.html</li… |
|
600 <pubDate>Sun, 14 Feb 2021 00:00:00 GMT</pubDate> |
|
601 </item> |
|
602 <item> |
|
603 <title>Bandwidth limiting on OpenBSD 6.8</title> |
|
604 <description> |
|
605 <![CDATA[ |
|
606 <p>This is a February 2021 update of a text originally published in Apri… |
|
607 </p> |
|
608 <h2> Introduction</h2> |
|
609 <p>I will explain how to limit bandwidth on OpenBSD using its firewall P… |
|
610 </p> |
|
611 <p><a href='https://man.openbsd.org/pf.conf#QUEUEING'>OpenBSD pf.conf ma… |
|
612 <h2> Prerequisites</h2> |
|
613 <p>My home internet access allows me to download at 1600 kB/s and upload… |
|
614 </p> |
|
615 <p>PF syntax requires bandwidth to be defined as kilo-bits (kb) and not … |
|
616 </p> |
|
617 <h2> Configuration</h2> |
|
618 <p>Edit the file /etc/pf.conf as root and add the following before any p… |
|
619 </p> |
|
620 <pre><code># we define a main queue (requirement) |
|
621 queue main on em0 bandwidth 1G |
|
622 |
|
623 # set a queue for everything |
|
624 queue normal parent main bandwidth 200K max 200K default |
|
625 </code></pre> |
|
626 <p>And reload with `pfctl -f /etc/pf.conf` as root. You can monitor the… |
|
627 </p> |
|
628 <pre><code>QUEUE BW/FL SCH PKTS BYTES DROP_P DROP_B Q… |
|
629 main on em0 1000M fifo 0 0 0 0 0 |
|
630 normal 1000M fifo 535424 36032467 0 0 60 |
|
631 </code></pre> |
|
632 <h2> More control (per user / protocol)</h2> |
|
633 <p>This is only a global queuing rule that will apply to everything on t… |
|
634 </p> |
|
635 <pre><code># within the queue rules |
|
636 queue oasis parent main bandwidth 150K max 150K |
|
637 |
|
638 # in your match rules |
|
639 match on egress proto tcp from any to any user oasis set queue oasis |
|
640 </code></pre> |
|
641 <p>Instead of an user, the rule could match a "to" address, I used to ha… |
|
642 </p> |
|
643 |
|
644 ]]> |
|
645 </description> |
|
646 <guid>https://dataswamp.org/~solene/2021-02-07-limit.html</guid> |
|
647 <link>https://dataswamp.org/~solene/2021-02-07-limit.html</link> |
|
648 <pubDate>Sun, 07 Feb 2021 00:00:00 GMT</pubDate> |
|
649 </item> |
|
650 <item> |
|
651 <title>How to set a system wide bandwidth limit on Linux systems</titl… |
|
652 <description> |
|
653 <![CDATA[ |
|
654 <p>In these times of remote work / home office, you may have a limited b… |
|
655 </p> |
|
656 <p>Fortunately, Linux has a very nice program very easy to use to limit … |
|
657 </p> |
|
658 <p><a href='https://www.linux.com/training-tutorials/qos-linux-tc-and-fi… |
|
659 <p>On most distributions, wondershaper will be available as a package wi… |
|
660 </p> |
|
661 <p>To know if you have the newer version, a "wondershaper --help" may pr… |
|
662 </p> |
|
663 <p>Wondershaper requires the download and upload bandwidths to be set in… |
|
664 </p> |
|
665 <pre><code># my network device is enp3s0 |
|
666 # new wondershaper |
|
667 sudo wondershaper -a enp3s0 -d $(( 1000 * 8 )) -u $(( 50 * 8 )) |
|
668 |
|
669 # old wondershaper |
|
670 sudo wondershaper enp3s0 $(( 1000 * 8 )) $(( 50 * 8 )) |
|
671 </code></pre> |
|
672 <p>I use a multiplication to convert from kB/s to kb/s and still keep th… |
|
673 </p> |
|
674 <pre><code># new wondershaper |
|
675 sudo wondershaper -c -a enp3s0 |
|
676 |
|
677 # old wondershaper |
|
678 sudo wondershaper clear enp3s0 |
|
679 </code></pre> |
|
680 <p>There are so many programs that doesn't allow to limit download/uploa… |
|
681 </p> |
|
682 |
|
683 ]]> |
|
684 </description> |
|
685 <guid>https://dataswamp.org/~solene/2021-02-06-wondershaper.html</guid> |
|
686 <link>https://dataswamp.org/~solene/2021-02-06-wondershaper.html</link> |
|
687 <pubDate>Sat, 06 Feb 2021 00:00:00 GMT</pubDate> |
|
688 </item> |
|
689 <item> |
|
690 <title>Filtering TCP connections by operating system on OpenBSD</title> |
|
691 <description> |
|
692 <![CDATA[ |
|
693 <h3> Introduction</h3> |
|
694 <p>In this text I will explain how to filter TCP connections by operatin… |
|
695 </p> |
|
696 <p><a href='https://man.openbsd.org/pf.conf#OPERATING_SYSTEM_FINGERPRINT… |
|
697 <h3> Explanations</h3> |
|
698 <p>Every operating system has its own way to construct some SYN packets,… |
|
699 </p> |
|
700 <p>Because if some packets required to identify the operating system, on… |
|
701 </p> |
|
702 <h3> How to setup</h3> |
|
703 <p>The keyword "os $value" must be used within the "from $address" keywo… |
|
704 </p> |
|
705 <pre><code># only allow OpenBSD hosts to connect |
|
706 pass in on egress inet proto tcp from any os OpenBSD to (egress) port 22 |
|
707 |
|
708 # allow connections from $home IP whatever the OS is |
|
709 pass in on egress inet proto tcp from $home to (egress) port 22 |
|
710 </code></pre> |
|
711 <p>This can be a very good way to stop unwanted traffic spamming logs bu… |
|
712 </p> |
|
713 |
|
714 ]]> |
|
715 </description> |
|
716 <guid>https://dataswamp.org/~solene/2021-02-06-openbsd-pf-os-filtering… |
|
717 <link>https://dataswamp.org/~solene/2021-02-06-openbsd-pf-os-filtering… |
|
718 <pubDate>Sat, 06 Feb 2021 00:00:00 GMT</pubDate> |
|
719 </item> |
|
720 <item> |
|
721 <title>Using pkgsrc on OpenBSD</title> |
|
722 <description> |
|
723 <![CDATA[ |
|
724 <p>This quick article will explain how to install pkgsrc packages on an … |
|
725 </p> |
|
726 <p>I will cover an unprivileged installation that doesn't require root. … |
|
727 </p> |
|
728 <pre><code>$ cd ~/ |
|
729 $ ftp https://cdn.NetBSD.org/pub/pkgsrc/pkgsrc-2020Q4/pkgsrc.tar.gz |
|
730 $ tar -xzf pkgsrc.tar.gz |
|
731 $ cd pkgsrc/bootstrap |
|
732 $ ./bootstrap --unprivileged |
|
733 </code></pre> |
|
734 <p>From now you must add the path ~/pkg/bin to your $PATH environment va… |
|
735 </p> |
|
736 <p>You can install programs by searching directories of software you wan… |
|
737 </p> |
|
738 <p>I'm not sure X11 software compiles well, I got issues compiling dbus … |
|
739 </p> |
|
740 |
|
741 ]]> |
|
742 </description> |
|
743 <guid>https://dataswamp.org/~solene/2021-02-06-pkgsrc-on-openbsd.html<… |
|
744 <link>https://dataswamp.org/~solene/2021-02-06-pkgsrc-on-openbsd.html<… |
|
745 <pubDate>Sat, 06 Feb 2021 00:00:00 GMT</pubDate> |
|
746 </item> |
|
747 <item> |
|
748 <title>Enable multi-factor authentication on OpenBSD</title> |
|
749 <description> |
|
750 <![CDATA[ |
|
751 <h1> Introduction</h1> |
|
752 <p>In this article I will explain how to add a bit more security to your… |
|
753 </p> |
|
754 <p><a href='https://en.wikipedia.org/wiki/Time-based_One-time_Password_A… |
|
755 <p>When do you want or need this? It adds a burden in term of usability,… |
|
756 </p> |
|
757 <h1> TOTP software</h1> |
|
758 <p>Here is a quick list of TOTP software |
|
759 </p> |
|
760 <p>- command line: oathtool from package oath-toolkit |
|
761 </p> |
|
762 <p>- GUI and multiplatform: KeepassXC |
|
763 </p> |
|
764 <p>- Android: FreeOTP+, andOTP, OneTimePass etc.. (watched on F-droid) |
|
765 </p> |
|
766 <h1> Setup</h1> |
|
767 <p>A package is required in order to provide the various programs requir… |
|
768 </p> |
|
769 <pre><code># pkg_add login_oath |
|
770 </code></pre> |
|
771 <p>You will have to add a new login class, depending on what of the kind… |
|
772 </p> |
|
773 <pre><code># totp OR password |
|
774 totp:\ |
|
775 :auth=-totp,passwd:\ |
|
776 :tc=default: |
|
777 |
|
778 # totp AND password |
|
779 totppw:\ |
|
780 :auth=-totp-and-pwd:\ |
|
781 :tc=default: |
|
782 </code></pre> |
|
783 <p>If you have a /etc/login.conf.db file, you have to run cap_mkdb on /e… |
|
784 </p> |
|
785 <h1> Local login</h1> |
|
786 <p>Local login means logging on a TTY or in your X session or anything r… |
|
787 </p> |
|
788 <pre><code># usermod -L totp some_user |
|
789 </code></pre> |
|
790 <p>In the user directory, you have to generate a key and give it the cor… |
|
791 </p> |
|
792 <pre><code>$ openssl rand -hex 20 > ~/.totp-key |
|
793 $ chmod 400 .totp-key |
|
794 </code></pre> |
|
795 <p>The .totp-key contains the secret that will be used by the TOTP gener… |
|
796 </p> |
|
797 <pre><code>python3 -c "import base64; print(base64.b32encode(bytes.fromh… |
|
798 </code></pre> |
|
799 <h1> SSH login</h1> |
|
800 <p>It is possible to require your users to use TOTP or a public key + TO… |
|
801 </p> |
|
802 <p>This allow fine grained tuning for login options. The password requi… |
|
803 </p> |
|
804 <p><a href='https://man.openbsd.org/sshd_config#AuthenticationMethods'>s… |
|
805 <pre><code># enable for everyone |
|
806 AuthenticationMethods publickey,password |
|
807 |
|
808 # for one user |
|
809 Match User solene |
|
810 AuthenticationMethods publickey,password |
|
811 </code></pre> |
|
812 <p>Let's say you enabled totppw class for your user and you use "publick… |
|
813 </p> |
|
814 <p>Without doing any TOTP, by using this setting in SSH, you can require… |
|
815 </p> |
|
816 <h1> Conclusion</h1> |
|
817 <p>In this text we have seen how to enable 2FA for your local login and … |
|
818 </p> |
|
819 |
|
820 ]]> |
|
821 </description> |
|
822 <guid>https://dataswamp.org/~solene/2021-02-06-openbsd-2fa.html</guid> |
|
823 <link>https://dataswamp.org/~solene/2021-02-06-openbsd-2fa.html</link> |
|
824 <pubDate>Sat, 06 Feb 2021 00:00:00 GMT</pubDate> |
|
825 </item> |
|
826 <item> |
|
827 <title>NixOS review: pros and cons</title> |
|
828 <description> |
|
829 <![CDATA[ |
|
830 <p>Hello, in this article I would like to share my thoughts about the Ni… |
|
831 </p> |
|
832 <p><a href='https://nixos.org/'>NixOS official website</a></p> |
|
833 <h2> Introduction</h2> |
|
834 <p>NixOS is a Linux distribution built around Nix tool. I'll try to exp… |
|
835 </p> |
|
836 <p>This makes NixOS a system entirely different than what one can expect… |
|
837 </p> |
|
838 <p>The whole system configuration: fstab, packages, users, services, cro… |
|
839 </p> |
|
840 <p>An example of my configuration file to enable graphical interface wit… |
|
841 </p> |
|
842 <pre><code>services.xserver.enable = true; |
|
843 services.xserver.layout = "fr"; |
|
844 services.xserver.libinput.enable = true; |
|
845 services.xserver.displayManager.lightdm.enable = true; |
|
846 services.xserver.desktopManager.mate.enable = true; |
|
847 </code></pre> |
|
848 <p>I could add the following lines into the configuration to add auto lo… |
|
849 </p> |
|
850 <pre><code>services.xserver.displayManager.autoLogin.enable = true; |
|
851 services.xserver.displayManager.autoLogin.user = "solene"; |
|
852 </code></pre> |
|
853 <h2> Pros</h2> |
|
854 <p>There are a lot of pros. The system is really easy to setup, install… |
|
855 </p> |
|
856 <p>Every time the system is rebuilt from the configuration file, a new g… |
|
857 </p> |
|
858 <p>Documentation! The NixOS documentation is very nice and is part of th… |
|
859 </p> |
|
860 <p><a href='https://nixos.org/learn.html'>All the documentation</a></p> |
|
861 <p>Builds are reproducible, I don't consider it a huge advantage but it'… |
|
862 </p> |
|
863 <p>It has a lot of packages. I think the NixOS team is pretty happy to … |
|
864 </p> |
|
865 <p><a href='https://search.nixos.org/packages'>Search for a package</a><… |
|
866 <h2> Cons</h2> |
|
867 <p>When you download a pre compiled Linux program that isn't statically … |
|
868 </p> |
|
869 <p><a href='https://nixos.wiki/wiki/Packaging/Binaries'>Running binaries… |
|
870 <p>It takes disk space, some libraries can exist at the same time with s… |
|
871 </p> |
|
872 <p>The whole system (especially for graphical environments) may not feel… |
|
873 </p> |
|
874 <h2> Conclusion</h2> |
|
875 <p>NixOS is an awesome piece of software. It works very well and I neve… |
|
876 </p> |
|
877 <p>I see it as a huge Lego© box with which you can automate the buildin… |
|
878 </p> |
|
879 <p>I really classify it into its own category, in comparison to Linux/BS… |
|
880 </p> |
|
881 |
|
882 ]]> |
|
883 </description> |
|
884 <guid>https://dataswamp.org/~solene/2021-01-22-nixos-personal-review.h… |
|
885 <link>https://dataswamp.org/~solene/2021-01-22-nixos-personal-review.h… |
|
886 <pubDate>Fri, 22 Jan 2021 00:00:00 GMT</pubDate> |
|
887 </item> |
|
888 <item> |
|
889 <title>Vger security analysis</title> |
|
890 <description> |
|
891 <![CDATA[ |
|
892 <p>I would like to share about Vger internals in regards to how the secu… |
|
893 </p> |
|
894 <p><a href='https://tildegit.org/solene/vger'>Vger code repository</a></… |
|
895 <h2> Thinking about security first</h2> |
|
896 <p>I claim about security in Vger as its main feature, I even wrote Vger… |
|
897 </p> |
|
898 <p>I chose to follow the best practice I'm aware of from the very first … |
|
899 </p> |
|
900 <h3> Smallest code possible</h3> |
|
901 <p>Vger doesn't have to manage connections or TLS, this was a lot of cod… |
|
902 </p> |
|
903 <h3> Inetd and user</h3> |
|
904 <p>Vger is run by inetd daemon, allowing to choose the user running vger… |
|
905 </p> |
|
906 <p>Another kind of security benefit is that vger runtime isn't looping l… |
|
907 </p> |
|
908 <h3> Chroot</h3> |
|
909 <p>A critical vger feature is the ability to chroot into a directory, me… |
|
910 </p> |
|
911 <pre><code> /* |
|
912 * use chroot() if an user is specified requires root user to be |
|
913 * running the program to run chroot() and then drop privileges |
|
914 */ |
|
915 if (strlen(user) > 0) { |
|
916 |
|
917 /* is root? */ |
|
918 if (getuid() != 0) { |
|
919 syslog(LOG_DAEMON, "chroot requires program to be r… |
|
920 errx(1, "chroot requires root user"); |
|
921 } |
|
922 /* search user uid from name */ |
|
923 if ((pw = getpwnam(user)) == NULL) { |
|
924 syslog(LOG_DAEMON, "the user %s can't be found on t… |
|
925 err(1, "finding user"); |
|
926 } |
|
927 /* chroot worked? */ |
|
928 if (chroot(path) != 0) { |
|
929 syslog(LOG_DAEMON, "the chroot_dir %s can't be used… |
|
930 err(1, "chroot"); |
|
931 } |
|
932 chrooted = 1; |
|
933 if (chdir("/") == -1) { |
|
934 syslog(LOG_DAEMON, "failed to chdir(\"/\")"); |
|
935 err(1, "chdir"); |
|
936 } |
|
937 /* drop privileges */ |
|
938 if (setgroups(1, &pw->pw_gid) || |
|
939 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || |
|
940 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) { |
|
941 syslog(LOG_DAEMON, "dropping privileges to user %s … |
|
942 user, pw->pw_uid); |
|
943 err(1, "Can't drop privileges"); |
|
944 } |
|
945 } |
|
946 </code></pre> |
|
947 <h3> No use of third party libs</h3> |
|
948 <p>Vger only requires standard C includes, this avoid leaving trust to d… |
|
949 </p> |
|
950 <h3> OpenBSD specific code</h3> |
|
951 <p>In addition to all the previous security practices, OpenBSD is offeri… |
|
952 </p> |
|
953 <p>The first function is pledge, allowing to restrict the system calls t… |
|
954 </p> |
|
955 <p>The second function is unveil, which will basically restrict access t… |
|
956 </p> |
|
957 <p>Here is an extract of the code relative to the OpenBSD specific code.… |
|
958 </p> |
|
959 <pre><code> #ifdef __OpenBSD__ |
|
960 /* |
|
961 * prevent access to files other than the one in path |
|
962 */ |
|
963 if (chrooted) { |
|
964 eunveil("/", "r"); |
|
965 } else { |
|
966 eunveil(path, "r"); |
|
967 } |
|
968 /* |
|
969 * prevent system calls other parsing queryfor fread file and |
|
970 * write to stdio |
|
971 */ |
|
972 if (pledge("stdio rpath", NULL) == -1) { |
|
973 syslog(LOG_DAEMON, "pledge call failed"); |
|
974 err(1, "pledge"); |
|
975 } |
|
976 #endif |
|
977 </code></pre> |
|
978 <h2> The least code before dropping privileges</h2> |
|
979 <p>I made my best to use the least code possible before reducing Vger ca… |
|
980 </p> |
|
981 <pre><code>int |
|
982 main(int argc, char **argv) |
|
983 { |
|
984 char request [GEMINI_REQUEST_MAX] = {'\0'}; |
|
985 char hostname [GEMINI_REQUEST_MAX] = {'\0'}; |
|
986 char uri [PATH_MAX] = {'\0'}; |
|
987 char user [_SC_LOGIN_NAME_MAX] = ""; |
|
988 int virtualhost = 0; |
|
989 int option = 0; |
|
990 char *pos = NULL; |
|
991 |
|
992 while ((option = getopt(argc, argv, ":d:l:m:u:vi")) != -1) { |
|
993 switch (option) { |
|
994 case 'd': |
|
995 estrlcpy(chroot_dir, optarg, sizeof(chroot_dir)); |
|
996 break; |
|
997 case 'l': |
|
998 estrlcpy(lang, "lang=", sizeof(lang)); |
|
999 estrlcat(lang, optarg, sizeof(lang)); |
|
1000 break; |
|
1001 case 'm': |
|
1002 estrlcpy(default_mime, optarg, sizeof(default_mime)… |
|
1003 break; |
|
1004 case 'u': |
|
1005 estrlcpy(user, optarg, sizeof(user)); |
|
1006 break; |
|
1007 case 'v': |
|
1008 virtualhost = 1; |
|
1009 break; |
|
1010 case 'i': |
|
1011 doautoidx = 1; |
|
1012 break; |
|
1013 } |
|
1014 } |
|
1015 |
|
1016 /* |
|
1017 * do chroot if an user is supplied run pledge/unveil if OpenBSD |
|
1018 */ |
|
1019 drop_privileges(user, chroot_dir); |
|
1020 </code></pre> |
|
1021 <h2> The Unix way</h2> |
|
1022 <p>Unix is made of small component that can work together as small brick… |
|
1023 </p> |
|
1024 <h2> Fine grained CGI</h2> |
|
1025 <p>CGI support was added in order to allow Vger to make dynamic content … |
|
1026 </p> |
|
1027 <h2> Using tests</h2> |
|
1028 <p>From the beginning, I wrote a set of tests to be sure that once a kin… |
|
1029 </p> |
|
1030 <p>As vger is a simple binary that accept data in stdin and output data … |
|
1031 </p> |
|
1032 <pre><code>printf "gemini://host.name/autoidx/\r\n" | vger -d var/gemini/ |
|
1033 </code></pre> |
|
1034 <p>From here, it's possible to build an automatic test by checking the c… |
|
1035 </p> |
|
1036 <pre><code>OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d v… |
|
1037 if ! [ $OUT = "770a987b8f5cf7169e6bc3c6563e1570" ] |
|
1038 then |
|
1039 echo "error" |
|
1040 exit 1 |
|
1041 fi |
|
1042 </code></pre> |
|
1043 <p>At this time, vger as 19 use case in its test suite. |
|
1044 </p> |
|
1045 <p>By using the program `entr` and a Makefile to manage the build proces… |
|
1046 </p> |
|
1047 <pre><code>ls *.c | entr make test |
|
1048 </code></pre> |
|
1049 <p>Realtime integration tests? :) |
|
1050 </p> |
|
1051 <h1> Conclusion</h1> |
|
1052 <p>By using best practices, reducing the amount of code and using only s… |
|
1053 </p> |
|
1054 <p>If you want to contribute, please do, and if you find a security issu… |
|
1055 </p> |
|
1056 |
|
1057 ]]> |
|
1058 </description> |
|
1059 <guid>https://dataswamp.org/~solene/2021-01-14-vger-security.html</gui… |
|
1060 <link>https://dataswamp.org/~solene/2021-01-14-vger-security.html</lin… |
|
1061 <pubDate>Thu, 14 Jan 2021 00:00:00 GMT</pubDate> |
|
1062 </item> |
|
1063 <item> |
|
1064 <title>Free time partitionning</title> |
|
1065 <description> |
|
1066 <![CDATA[ |
|
1067 <p>Lately I wanted to change the way I use my free time. I define my fre… |
|
1068 </p> |
|
1069 <p>With the year 2020 being quite unusual, I was staying at home most of… |
|
1070 </p> |
|
1071 <p>For a a few weeks now, I started to change the way I spend my free ti… |
|
1072 </p> |
|
1073 <h1> Activity list</h1> |
|
1074 <p>Here is the way I chose to distribute my free time. It's not a strict… |
|
1075 </p> |
|
1076 <h2> Recreation: 3/6</h2> |
|
1077 <p>I spend a lot of time in recreation time. A few activies I've put int… |
|
1078 </p> |
|
1079 <ul> |
|
1080 |
|
1081 <li>video games</li> |
|
1082 <li>movies</li> |
|
1083 <li>reading novels</li> |
|
1084 <li>sports</li> |
|
1085 </ul> |
|
1086 |
|
1087 <h2> Creativity: 2/6</h2> |
|
1088 <p>Those activies requires creativy, work and knowledge: |
|
1089 </p> |
|
1090 <ul> |
|
1091 |
|
1092 <li>writing code</li> |
|
1093 <li>reading technical books</li> |
|
1094 <li>playing music</li> |
|
1095 <li>creating content (texts, video, audio etc..)</li> |
|
1096 </ul> |
|
1097 |
|
1098 <h2> Chores: 1/6</h2> |
|
1099 <p>Yes, obviously this has to be done on free time... And it's always be… |
|
1100 </p> |
|
1101 <h1> Conclusion</h1> |
|
1102 <p>I only started for a few weeks now but I really enjoy doing it. As I … |
|
1103 </p> |
|
1104 <h1> Questions / Answers</h1> |
|
1105 <blockquote> Some asked asked me if I was planning in advance how I spen… |
|
1106 <p>The answer is no. I don't plan anything but when I tend to lose focus… |
|
1107 </p> |
|
1108 |
|
1109 ]]> |
|
1110 </description> |
|
1111 <guid>https://dataswamp.org/~solene/2021-01-06-free-time-partition.htm… |
|
1112 <link>https://dataswamp.org/~solene/2021-01-06-free-time-partition.htm… |
|
1113 <pubDate>Wed, 06 Jan 2021 00:00:00 GMT</pubDate> |
|
1114 </item> |
|
1115 <item> |
|
1116 <title>Toward a simpler lifestyle</title> |
|
1117 <description> |
|
1118 <![CDATA[ |
|
1119 <p>I don't often give my own opinion on this blog but I really feel it i… |
|
1120 </p> |
|
1121 <p>The matter is about ecology, fair money distribution and civilization… |
|
1122 </p> |
|
1123 <p>My philisophy is simple. In a life in modern civilization where every… |
|
1124 </p> |
|
1125 <p>Here are the various statement I am following, this is something I se… |
|
1126 </p> |
|
1127 <ul> |
|
1128 |
|
1129 <li>Be yourself and be prepare to assume who you are. If you don't hav… |
|
1130 <li>Reuse what you have. It's not because a cloth has a little scratch… |
|
1131 <li>Opensource is a great way to revive old computers</li> |
|
1132 <li>Reduce your food waste to 0 and eat less meat because to feed anim… |
|
1133 <li>Travel less, there are a lot to see around where I live than at th… |
|
1134 <li>Avoid gadgets (electronic devices that bring nothing useful) at al… |
|
1135 <li>In winter, heat at 19°C maximum with warm clothes while at home.<… |
|
1136 <li>In summer, no A/C but use of extern isolation and vines along the … |
|
1137 </ul> |
|
1138 |
|
1139 <p>While some people are looking for more and more, I do seek for less. … |
|
1140 </p> |
|
1141 <p>Of course, it is how I am and I don't expect anyone to apply this, th… |
|
1142 </p> |
|
1143 <p>Be safe and enjoy this new year! <3 |
|
1144 </p> |
|
1145 <p><a href='https://www.lowtechmagazine.com/'>Lowtech Magazine, articles… |
|
1146 |
|
1147 ]]> |
|
1148 </description> |
|
1149 <guid>https://dataswamp.org/~solene/2021-01-04-simple-lifestyle.html</… |
|
1150 <link>https://dataswamp.org/~solene/2021-01-04-simple-lifestyle.html</… |
|
1151 <pubDate>Mon, 04 Jan 2021 00:00:00 GMT</pubDate> |
|
1152 </item> |
|
1153 <item> |
|
1154 <title>[FR] Pourquoi j'utilise OpenBSD</title> |
|
1155 <description> |
|
1156 <![CDATA[ |
|
1157 <p>Dans ce billet je vais vous livrer mon ressenti sur ce que j'aime dan… |
|
1158 </p> |
|
1159 <h3> Respect de la vie privée</h3> |
|
1160 <p>Il n'y a aucune télémétrie dans OpenBSD, je n'ai pas à m'inquiét… |
|
1161 </p> |
|
1162 <p>De plus, le défaut du système a été de désactiver entièrement l… |
|
1163 </p> |
|
1164 <h3> Navigateurs web sécurisés</h3> |
|
1165 <p>Avec l'ajout des fonctionnalités de sécurité (pledge et surtout un… |
|
1166 </p> |
|
1167 <p>Avec ces sécurités ajoutés (par défaut), les navigateurs cités p… |
|
1168 </p> |
|
1169 <p>On pourrait refaire grossièrement la même fonctionnalité sous Linu… |
|
1170 </p> |
|
1171 <h3> Pare-feu PF</h3> |
|
1172 <p>Avec PF, il est très simple de vérifier le fichier de configuration… |
|
1173 </p> |
|
1174 <p>J'utilise énormément la fonctionnalité de gestion de bande passant… |
|
1175 </p> |
|
1176 <p>Sous Linux, il est possible d'utiliser les programmes trickle ou wond… |
|
1177 </p> |
|
1178 <h3> C'est stable</h3> |
|
1179 <p>A part à l'utilisation sur du matériel peu répandu, OpenBSD est tr… |
|
1180 </p> |
|
1181 <p>Je dépasse rarement deux semaines puisque je dois mettre à jour le … |
|
1182 </p> |
|
1183 <h3> Peu de maintenance</h3> |
|
1184 <p>Garder à jour un système OpenBSD est très simple. Je lance les com… |
|
1185 </p> |
|
1186 <pre><code># sysupgrade |
|
1187 [..attendre un peu..] |
|
1188 # pkg_add -u |
|
1189 # reboot |
|
1190 </code></pre> |
|
1191 <h3> Documentation de qualité</h3> |
|
1192 <p>Installer OpenBSD avec un chiffrement complet du disque est très fac… |
|
1193 </p> |
|
1194 <p>La documentation officielle expliquant l'installation d'un routeur av… |
|
1195 </p> |
|
1196 <p>Tous les binaires du système de base (ça ne compte pas les packages… |
|
1197 </p> |
|
1198 <p>Le site internet, la FAQ officielle et les pages de man sont les seul… |
|
1199 </p> |
|
1200 <p>Si je devais me débrouiller pendant un moment sans internet, je pré… |
|
1201 </p> |
|
1202 <p>Imaginez mettre en place un routeur qui fait du trafic shaping sous O… |
|
1203 </p> |
|
1204 <h3> Facilité de contribution</h3> |
|
1205 <p>J'adore vraiment la façon dont OpenBSD gère les contributions. Je r… |
|
1206 </p> |
|
1207 <p>Parfois, les nouveaux contributeurs peuvent penser que les personnes … |
|
1208 </p> |
|
1209 <p>Cette année, j'ai fait quelques modestes contributions aux projets O… |
|
1210 </p> |
|
1211 <p><a href='https://www.openindiana.org'>Site officiel d'OpenIndiana</a>… |
|
1212 <p><a href='https://nixos.org'>Site officiel de NixOS</a></p> |
|
1213 <p>La méthode de contribution nécessite un compte sur Github, de faire… |
|
1214 </p> |
|
1215 <h3> Packages top qualité</h3> |
|
1216 <p>Mon opinion est sûrement biaisée ici (bien plus que pour les élém… |
|
1217 </p> |
|
1218 <p>Les packages qui nécessitent des instructions particulières sont fo… |
|
1219 </p> |
|
1220 <p>Même si par manque de contributeurs et de temps (en plus de certains… |
|
1221 </p> |
|
1222 <p>Je profite de l'occasion de ce billet pour critiquer une tendance au … |
|
1223 </p> |
|
1224 <ul> |
|
1225 |
|
1226 <li>les programmes distribués avec flatpak / docker / snap fonctionne… |
|
1227 <li>les programmes avec nodeJS: ils nécessitent parfois des centaines… |
|
1228 <li>les programmes nécessitant git pour compiler: le système de comp… |
|
1229 </ul> |
|
1230 |
|
1231 <p>Évidemment je comprends que ces trois points ci-dessus existent car … |
|
1232 </p> |
|
1233 <h3> Ce que j'aimerais voir évoluer</h3> |
|
1234 <p>Il y a certaines choses où j'aimerais voir OpenBSD s'améliorer. Cet… |
|
1235 </p> |
|
1236 <ul> |
|
1237 |
|
1238 <li>Meilleur support ARM</li> |
|
1239 <li>Débit du Wifi</li> |
|
1240 <li>Meilleures performances (mais ça s'améliore un peu à chaque ver… |
|
1241 <li>Améliorations de FFS (lors de crashs j'ai parfois des fichiers da… |
|
1242 <li>Un pkg_add -u plus rapide</li> |
|
1243 <li>Support du décodage vidéo matériel</li> |
|
1244 <li>Meilleur support de FUSE avec une possibilité de monter des syst�… |
|
1245 <li>Plus de contributeurs</li> |
|
1246 </ul> |
|
1247 |
|
1248 <p>Je suis consciente de tout le travail nécessaire ici, et ce n'est ce… |
|
1249 </p> |
|
1250 <p>Malheureusement, tout le monde sait qu'OpenBSD évolue par un travail… |
|
1251 </p> |
|
1252 <p>Quand on pense à ce qu'arrive à faire une petite équipe (environ 1… |
|
1253 </p> |
|
1254 |
|
1255 ]]> |
|
1256 </description> |
|
1257 <guid>https://dataswamp.org/~solene/2021-01-04-pourquoi-openbsd.html</… |
|
1258 <link>https://dataswamp.org/~solene/2021-01-04-pourquoi-openbsd.html</… |
|
1259 <pubDate>Mon, 04 Jan 2021 00:00:00 GMT</pubDate> |
|
1260 </item> |
|
1261 <item> |
|
1262 <title>[FR] Méthodes de publication de mon blog sur plusieurs médias… |
|
1263 <description> |
|
1264 <![CDATA[ |
|
1265 <p>On me pose souvent la question sur la façon dont je publie mon blog,… |
|
1266 </p> |
|
1267 <p>Pour mes publications j'utilise le générateur de site statique "cl-… |
|
1268 </p> |
|
1269 <p>Publier sur ces trois format en même temps avec un seul fichier sour… |
|
1270 </p> |
|
1271 <p>J'ai récemment décidé d'utiliser le format gemtext par défaut plu… |
|
1272 </p> |
|
1273 <p>Lors de l'exécution du générateur de site, tous les indexs sont r�… |
|
1274 </p> |
|
1275 <p>Après la génération de tous les fichiers, la commande rsync est ut… |
|
1276 </p> |
|
1277 <p>J'ai ajouté un système d'annonce sur Mastodon en appelant le progra… |
|
1278 </p> |
|
1279 <p>Mon générateur de blog peut supporter le mélange de différents ty… |
|
1280 </p> |
|
1281 <p>Voici quelques commandes utilisées pour convertir les fichiers d'ent… |
|
1282 </p> |
|
1283 <pre><code>(converter :name :gemini :extension ".gmi" :command "gmi2h… |
|
1284 (converter :name :markdown :extension ".md" :command "peg-markdown -t … |
|
1285 (converter :name :markdown2 :extension ".md" :command "multimarkdown -t… |
|
1286 (converter :name :mmd :extension ".mmd" :command "cat data/%IN | a… |
|
1287 (converter :name :mandoc :extension ".man" |
|
1288 :command "cat data/%IN | mandoc -T markdown | sed -e '1,2d' … |
|
1289 (converter :name :org-mode :extension ".org" |
|
1290 :command (concatenate 'string |
|
1291 "emacs data/%IN --batch --eval '(with-t… |
|
1292 "(insert-file \"%IN\") (org-html-export… |
|
1293 "(princ (buffer-string)))' --kill | tee… |
|
1294 </code></pre> |
|
1295 <p>Quand je déclare un nouvel article dans le fichier de configuration … |
|
1296 </p> |
|
1297 <pre><code>;; utilisation du convertisseur par défaut |
|
1298 (post :title "Minimalistic markdown subset to html converter using awk" |
|
1299 :id "minimal-markdown" :tag "unix awk" :date "20190826") |
|
1300 |
|
1301 ;; utilisation du convertisseur mmd, un script awk très simple que j'ai… |
|
1302 (post :title "Life with an offline laptop" |
|
1303 :id "offline-laptop" :tag "openbsd life disconnected" :date "20190… |
|
1304 </code></pre> |
|
1305 <p>Quelques statistiques concernant la syntaxe de mes différentes publi… |
|
1306 </p> |
|
1307 <ul> |
|
1308 |
|
1309 <li>markdown :: 183</li> |
|
1310 <li>gemini :: 12</li> |
|
1311 <li>mandoc :: 4</li> |
|
1312 <li>mmd :: 2</li> |
|
1313 <li>org-mode :: 1</li> |
|
1314 |
|
1315 ]]> |
|
1316 </description> |
|
1317 <guid>https://dataswamp.org/~solene/2021-01-03-fr-blog-workflow.html</… |
|
1318 <link>https://dataswamp.org/~solene/2021-01-03-fr-blog-workflow.html</… |
|
1319 <pubDate>Sun, 03 Jan 2021 00:00:00 GMT</pubDate> |
|
1320 </item> |
|
1321 <item> |
|
1322 <title>My blog workflow</title> |
|
1323 <description> |
|
1324 <![CDATA[ |
|
1325 <p>I often have questions about how I write my articles, which format I … |
|
1326 </p> |
|
1327 <p>So, I use my own static generator cl-yag which supports generating in… |
|
1328 </p> |
|
1329 <p>Publishing for all the three formats is complicated and sacrifices mu… |
|
1330 </p> |
|
1331 <p>Recently, I decided to switch to gemtext format instead of markdown a… |
|
1332 </p> |
|
1333 <p>When I run the generator, all the indexes are regenerated, and destin… |
|
1334 </p> |
|
1335 <p>I added a Mastodon announcement calling a local script to publish lin… |
|
1336 </p> |
|
1337 <p>My blog software can support mixing input format so I am not tied to … |
|
1338 </p> |
|
1339 <p>Here are the various commands used to convert a file from its origina… |
|
1340 </p> |
|
1341 <pre><code>(converter :name :gemini :extension ".gmi" :command "gmi2h… |
|
1342 (converter :name :markdown :extension ".md" :command "peg-markdown -t … |
|
1343 (converter :name :markdown2 :extension ".md" :command "multimarkdown -t… |
|
1344 (converter :name :mmd :extension ".mmd" :command "cat data/%IN | a… |
|
1345 (converter :name :mandoc :extension ".man" |
|
1346 :command "cat data/%IN | mandoc -T markdown | sed -e '1,2d' … |
|
1347 (converter :name :org-mode :extension ".org" |
|
1348 :command (concatenate 'string |
|
1349 "emacs data/%IN --batch --eval '(with-t… |
|
1350 "(insert-file \"%IN\") (org-html-export… |
|
1351 "(princ (buffer-string)))' --kill | tee… |
|
1352 </code></pre> |
|
1353 <p>When I define a new article to generate from a main file holding the … |
|
1354 </p> |
|
1355 <pre><code>;; using default converter |
|
1356 (post :title "Minimalistic markdown subset to html converter using awk" |
|
1357 :id "minimal-markdown" :tag "unix awk" :date "20190826") |
|
1358 |
|
1359 ;; using mmd converter, a simple markdown to html converter written in a… |
|
1360 (post :title "Life with an offline laptop" |
|
1361 :id "offline-laptop" :tag "openbsd life disconnected" :date "20190… |
|
1362 </code></pre> |
|
1363 <p>Some statistics about the various format used in my blog. |
|
1364 </p> |
|
1365 <ul> |
|
1366 |
|
1367 <li>markdown :: 183</li> |
|
1368 <li>gemini :: 12</li> |
|
1369 <li>mandoc :: 4</li> |
|
1370 <li>mmd :: 2</li> |
|
1371 <li>org-mode :: 1</li> |
|
1372 |
|
1373 ]]> |
|
1374 </description> |
|
1375 <guid>https://dataswamp.org/~solene/2021-01-03-blog-workflow.html</gui… |
|
1376 <link>https://dataswamp.org/~solene/2021-01-03-blog-workflow.html</lin… |
|
1377 <pubDate>Sun, 03 Jan 2021 00:00:00 GMT</pubDate> |
|
1378 </item> |
|
1379 <item> |
|
1380 <title>Port of the week: Lagrange</title> |
|
1381 <description> |
|
1382 <![CDATA[ |
|
1383 <p>Today's Port of the Week is about Lagrange, a gemini web browser. |
|
1384 </p> |
|
1385 <p><a href='https://github.com/skyjake/lagrange'>Lagrange official websi… |
|
1386 <p><a href='https://gemini.circumlunar.space/'>Information about the Gem… |
|
1387 <p><a href='https://gemini.circumlunar.space/clients.html'>Curated list … |
|
1388 <p>Lagrange is the finest browser I ever used and it's still brand new. … |
|
1389 </p> |
|
1390 <p><a href='static/lagrange.jpg'><img src='static/lagrange.jpg' alt='Scr… |
|
1391 <p>Lagrange is fantastic in the way it helps the user with the content b… |
|
1392 </p> |
|
1393 <ul> |
|
1394 |
|
1395 <li>Links already visited display the last visited date</li> |
|
1396 <li>Subscription on page without RSS is possible for pages respecting … |
|
1397 <li>Easy management of client certificates, used for authentication</l… |
|
1398 <li>In-page image loading, video watching and sound playing</li> |
|
1399 <li>Gopher support</li> |
|
1400 <li>Table of content displayed generated from headings</li> |
|
1401 <li>Keyboard navigation</li> |
|
1402 <li>Very light (dependencies, memory footprint, cpu usage)</li> |
|
1403 <li>Smooth scrolling</li> |
|
1404 <li>Dark and light modes</li> |
|
1405 <li>Much more</li> |
|
1406 </ul> |
|
1407 |
|
1408 <p>If you are interested into Gemini, I highly recommend this piece of s… |
|
1409 </p> |
|
1410 <p>In case you would like to host your own Gemini content without requir… |
|
1411 </p> |
|
1412 <p><a href='http://gmi.si3t.ch/'>Si3t.ch community Gemini hosting</a></p> |
|
1413 <p><a href='https://unbon.cafe/'>Un bon café !</a></p> |
|
1414 <p>Once you get into Gemini space, I recommend the following resources: |
|
1415 </p> |
|
1416 <p><a href='gemini://gemini.circumlunar.space/capcom/'>CAPCOM feed agreg… |
|
1417 <p><a href='gemini://gus.guru/'>GUS: a search engine</a></p> |
|
1418 |
|
1419 ]]> |
|
1420 </description> |
|
1421 <guid>https://dataswamp.org/~solene/2021-01-02-potw-lagrange.html</gui… |
|
1422 <link>https://dataswamp.org/~solene/2021-01-02-potw-lagrange.html</lin… |
|
1423 <pubDate>Sat, 02 Jan 2021 00:00:00 GMT</pubDate> |
|
1424 </item> |
|
1425 <item> |
|
1426 <title>Vger gemini server can now redirect</title> |
|
1427 <description> |
|
1428 <![CDATA[ |
|
1429 <p>I added a new feature to Vger gemini server. |
|
1430 </p> |
|
1431 <p><a href='https://tildegit.org/solene/vger'>Vger git repository</a></p> |
|
1432 <p>The protocol supports status code including redirections, Vger had no… |
|
1433 </p> |
|
1434 <p>To keep it with vger Unix way, a redirection is done using a symbolic… |
|
1435 </p> |
|
1436 <p>The following command would redirect requests from gemini://perso.pw/… |
|
1437 </p> |
|
1438 <pre><code>ln -s "gemini://perso.pw/capsule/index.gmi" blog/index.gmi |
|
1439 </code></pre> |
|
1440 <p>Unfortunately, this doesn't support globbing, in other words it is no… |
|
1441 </p> |
|
1442 |
|
1443 ]]> |
|
1444 </description> |
|
1445 <guid>https://dataswamp.org/~solene/2021-01-02-gemini-vger-redirect.ht… |
|
1446 <link>https://dataswamp.org/~solene/2021-01-02-gemini-vger-redirect.ht… |
|
1447 <pubDate>Sat, 02 Jan 2021 00:00:00 GMT</pubDate> |
|
1448 </item> |
|
1449 |
|
1450 </channel> |
|
1451 </rss> |
