unwrap is the new unsafe! #rustlang
alip
@alip@mastodon.online
mastodon
4.6.0-nightly.2026-04-17
Homo Ludens. I push wood, set traps, write code and poetry. #sydbox is my problem child. I live in #Berlin. I am an #Exherbo #Linux developer. I love #chess, #freesoftware, #poetry, #perl, #c, #rustlang, and #haskell. #Antifa, #Atheist, #fckafd, and #fckakp. Don't come to me with guns, come to me with roses. #Revolution will not be broadcasted on TV. #direngezi!
https://chesswob.org
https://git.sr.ht/~alip/jja
https://sydbox.exherbolinux.org
0
Followers
0
Following
Joined February 26, 2021
E-Mail:
alip@chesswob.org
PGP Key:
5DF763560390A149AC6C14C7D076A377FB27DE70
Keybase:
Posts
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Apr 11, 2026
1
0
1
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Apr 11, 2026
Here is a #landlock oddity I noticed and reported today: https://github.com/landlock-lsm/linux/issues/58 #exherbo #linux #security
0
0
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Apr 09, 2026
Symbolic links bite again! This time it's #NixOS did you know #sydbox has trace/force_no_symlinks and trace/force_no_magiclinks options to disable following symlinks/magiclinks? You can even change them at runtime to achieve #pledge like confinement: https://discourse.nixos.org/t/nix-security-advisory-privilege-escalation-via-symlink-following-during-fod-output-registration/76900 #nix #linux #security
0
0
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Apr 09, 2026
Am I a TOCTOU dreaming of a butterfly, or am I a butterfly dreaming of a TOCTOU?: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=286ace1259992bd0c5d9016715833f2e148ac596 #exherbo #linux #security
0
0
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Apr 06, 2026
@mei@donotsta.re yes, that's correct. signify.sh includes 65 NIST CAVP SHA-256, 129 NIST CAVP SHA-512, 1024 DJB Ed25519 sign/verify, and 150 Wycheproof Ed25519 vectors.
View full thread on mastodon.online
1
1
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Apr 06, 2026
@mei@donotsta.re Thank you very much for the feedback, I have removed the fallback.
View full thread on mastodon.online
0
3
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Apr 05, 2026
News from #sydbox git: Starting next release, we're going to be signing binary releases with #OpenBSD signify rather than #GnuPG. To enable practical signing in #Exherbo #Gitlab CI, I wrote an #ISC licensed, pure portable #POSIX shell implementation of #OpenBSD signify. signify.sh has no external dependencies and runs with PATH=. It has unit tests embedded which may be run with --test option: https://gitlab.exherbo.org/sydbox/sydbox/-/raw/next/dev/signify.sh #exherbo #linux #security
View on mastodon.online
9
5
8
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Apr 04, 2026
#gVisor recently got its own #ASLR implementation. OTOH, #Sydbox uses ASLR provided by the #Linux #kernel and enforces PIE executables. #HardenedBSD has a sysctl to enforce PIE as well: https://man.exherbo.org/syd.7.html#Enforcing_Position-Independent_Executables_(PIE) #exherbo #linux #security
5
0
1
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 31, 2026
Reading this made me reconsider switching #Sydbox from GPL-3 to AGPL-3: https://www.onlyoffice.com/blog/2026/03/onlyoffice-flags-license-violations-in-euro-office-project-by-nextcloud-and-ionos WDYT? #exherbo #linux #security #poll
1
0
2
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 31, 2026
#Sydbox is NOT hosted on #Github and this is an ethical decision. Main repository is the #Exherbo #Gitlab, we have mirrors on #Sourcehut and #Codeberg. Having said that, the code is GPL-3 and I can't legally prevent anyone from mirroring it on Github. I can just kindly ask not to...: https://github.com/tamaroning/sydbox/issues/1 #exherbo #linux #security
6
0
4
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 29, 2026
Here is #rustlang bindings for Redis' #radix tree: https://crates.io/crates/redix New #sydbox uses this for path canonicalization which sufficiently reduces its userspace overhead. Let me know if sydbox-3.51.1 is too fast for you and I'll add some random sleeps around the code ;) #exherbo #linux #security
4
0
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 27, 2026
2
0
2
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 22, 2026
Code does not become better out of thin air just because you rewrite it in #rustlang. TOCTOUs are typically language agnostic. Here's one for tar: https://blog.rust-lang.org/2026/03/21/cve-2026-33056/ #security
4
0
6
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 22, 2026
#Sydbox 3.51.0 is out: #Security update fixing multiple Crypt Sandboxing race conditions, an ioctl(2) truncation bypass, and a MIPS ptrace(2) bug. Force Sandboxing now uses the Kernel Crypto API (AF_ALG) for zero-copy hashing. #Landlock sandboxing is on by default. wordexp(3) confinement hardened. pandora 0.20.0 generates #Landlock rules. Sydbox is a rock solid application #kernel to sandbox applications on #Linux: https://gitlab.exherbo.org/sydbox/sydbox/-/blob/main/ChangeLog.md?ref_type=heads#3510 #exherbo
2
0
1
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 18, 2026
Oh my snap! https://www.openwall.com/lists/oss-security/2026/03/17/8 A case of fortune favors the patient: "an unprivileged local attacker who wants to exploit this LPE must wait for 10 days (in Ubuntu > 24.04) or 30 days (in Ubuntu 24.04) to obtain a fully privileged root shell." This is why it matters to use unprivileged sandboxes such as #sydbox: Who's going to watch the watchers? #ubuntu #linux #security
1
0
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 18, 2026
News from #sydbox git: Force sandboxing (binary verification) now uses #Linux #kernel cryptography. You may use any hash algorithm your kernel supports and checksumming process happens with zero-copy without copying data into Syd's process space. This ensures performance and privacy. Syd is hash-algorithm agnostic and makes no choice of a default. Pandora learned to autoselect best avaliable algorithm. Refer to the manual page for more information: https://man.exherbo.org/syd.7.html#Force_Sandboxing #exherbo #security
1
0
1
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 16, 2026
Is it a red flag that #sydbox is developed mainly by a single person in their free time rather than bigcorp? #exherbo #linux #security
2
0
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 13, 2026
#apparmor local root: who's going to watch the watchers episode 202603! #ubuntu people should bump their #kernel and consider switching to unprivileged alternatives such as #sydbox ;): https://www.openwall.com/lists/oss-security/2026/03/12/7 #linux #security
2
0
2
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 01, 2026
New hardening in #Sydbox 3.50.0: "Immutable Sticky Bit" where Syd enforces the immutability of the sticky bit at chmod(2) boundary for directories. Sticky bit on dirs such as /tmp is a critical security primitive that restricts file deletion/renaming to file/directory owner or root. This also helps raise the bar for trusted symlink bypasses. On by default, disable with trace/allow_unsafe_sticky:1. Refer to the manual page for more information: https://man.exherbo.org/syd.7.html#Immutable_Sticky_Bit #exherbo #linux #security
0
0
0
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 01, 2026
#Sydbox 3.50.0 is out: New lock mode "drop" when sandbox policy may only be edited to reduce privileges a la #OpenBSD pledge(2), KCOV/syzkaller support, support for memfd_secret(2) and SCM_PIDFD control message, glob support for ioctl(2) names in sandbox rules (e.g. allow/ioctl+KVM_*), fix for a trusted symlink bypass, new trusted feature to gate unsafe options which can circumvent the sandbox. Sydbox is a rock solid application kernel to sandbox applications on #Linux: https://gitlab.exherbo.org/sydbox/sydbox/-/blob/main/ChangeLog.md?ref_type=heads#3500
1
0
0