Pinned post
Stefan Sperling

For my company I have put together and support packages which cover tasks I have been doing via ad-hoc consulting gigs for years now. And I asked some freelancing friends from the OpenBSD community to share the work with me.

We support deployments of OpenBSD in server and firewall roles via yearly fixed-price contracts. All base system components can be supported.

From our existing client base we know for a fact that there are small and mid-sized businesses out there who run OpenBSD and would benefit from working with us. We want to find more of them.

chirpysoft.be/support.html

1
Pinned post
*
Stefan Sperling

I will be hosting and firewall courses at @linuxhotel in the city of Essen, Germany.

OpenBSD: linuxhotel.de/course/openbsd-d

PF: linuxhotel.de/course/pf-de

Currently there are no dates set for either course, but it is possible to send Linuxhotel a proposal for the next date.

The target audience are system administrators who would like to learn about OpenBSD and PF in order to use them as part of their network security tool set.

(Do not be afraid to sign up if you do not understand German. While the courses are advertised in German, written course material will be in English and the presentation will be entirely in English if preferred by participants.)

1
Stefan Sperling boosted
*
Jesus Michał "Le Sigh" 🏔 (he)

New on #blog: "Money isn’t going to solve the #burnout problem"

"""
The xz-utils backdoor situation brought the problem of FLOSS maintained burnout into the daylight. This in turn lead to numerous discussion on how to solve the problem, and the recurring theme was funding maintenance work.

While I’m definitely not opposed to giving people money for their FLOSS work, if you think that throwing some bucks will actually solve the problem, and especially if you think that you can just throw them once and then forget, I have bad news for you: it won’t. Surely, money is a big part of the problem, but it’s not the only reason people are getting burned out. It’s a systemic problem, and it’s in need of systemic solution, and that’s involves a lot of hard work to undo everything that’s happened in the last, say, 20 years.

But let’s start at the beginning and ask the important question: why do people make free software?
"""

blogs.gentoo.org/mgorny/2026/0

#FreeSoftware #OpenSource #AI #NoAI #LLM #NoLLM #Gentoo

1+
Stefan Sperling boosted
gonzalo

I moved all my repos to #GotHub:

https://gonzalo.gothub.org/

And you can do the same! Go to https://gothub.org/ and check it out!

Maybe you are interesting on this one too:

https://openbsd.gothub.org/index.html

#OpenBSD #got #GotHub

1+
Stefan Sperling boosted
Thomas Adam

Hi all.

Just putting the feelers out as I'd love to know how many folks are using got on MacOs.

@teajaygrey does an amazing job every time I make a release of gameoftrees portable, but I could do with knowing how many of you are using it.

I made a change in the 0.123 release to fix socket handling for services such as gotwebd, which is good, but it's telling that it's taken this long, so I wonder how many users we have.

Let me know -- you can always email me at: thomas.adam22@gmail.com

Please boost this as much as possible, I'd appreciate it.

1
Stefan Sperling

WPA3 

I've been writing C code for the WPA3 SAE hash2element derivation algorithm all week, by cross-referencing the 802.11 spec which provides pseudo-code, a debug trace from wpa_supplicant, and source code from hostap.git.

Progressing at an incredible speed of about one line of pseudo-code per day. At this speed I can actually manage to understand what this is doing with hashes and elliptic curves, even though I'm not a trained mathematician :flan_confused:

Each line of pseudo-code translates to about a dozen lines of C. My prototype uses libcrypto but eventually parts of this will need to run with 32-bit integer curve arithmetic in the OpenBSD kernel, probably with code I can generate with fiat-crypto.

1
Stefan Sperling boosted
AstraLuma

Good news, everyone!

teahouse.cafe/ has gained a sign up link!

#TeahouseHosting

1+
Stefan Sperling

Updated my VM to trixie, and now I can finally install (a fairly outdated version of) with apt.

Nice! :flan_guitar:

1+
Stefan Sperling boosted
Russ Sharek

Fun Fact: I pushed the #FilthyHumanHands repository to a forgejo instance using #gameoftrees. Worked perfectly.

#RunBSD
#gameoftrees
#EvenAClownCanDoIt

1+
Stefan Sperling boosted
NGI Zero open source funding

We're happy to share that 44 Free and Open Source projects will receive financial & practical support for their contributions to the digital commons. We want to thank them for their efforts to create a shared digital infrastructure for us all.

This is the outcome of the 8th call of the NGI0 Commons Fund, bringing the total to 314 projects selected. The fund is made possible with financial support of @EC_NGI

Learn about the projects at: nlnet.nl/news/2026/20260302-an

#FOSS #NGI #NGI0 #opensource

0
Stefan Sperling

taking a position on LLMs for my company 

The LLM topic has been all over my mastodon feed for months. I find the consequences of LLM adoption depressing overall, with all the damage resulting in several segments of our societies worldwide.

Until now, I have been ignoring LLMs, but there is increasing use of LLMs among customers of my company, which means I can no longer ignore this topic entirely.

I observe use of LLMs mostly by people who don't write programs regularly, who are using these tools to fill gaps in their own skills or available time, with variable success.

The only work item related to LLMs I have accepted so far is reviewing LLM-generated security bug reports, where someone else is running various AI tools to scan open source projects, sends us reports, and with respect for our time (unlike some other people who just spam open source projects with such reports) pays me and another open source developer to take a look at them.

Most of these reports are garbage and get discarded. About 1 or 2 in 25 reports are on to something. We write required fixes the good old fashioned way.

I have been reviewing reports from code scanners for more than a decade every now and then. The only thing which is new to me here is the entanglement of the code-scanning tool with all the harmful side-effects and consequences of its existence.

I haven't yet received significantly higher quality reports than what I have seen before LLMs. A big problem is that the severity of the bugs reported is often blown out of proportion, which can cause wrong judgement or even panic when non-experts are evaluating such reports without a sufficiently critical lens.

Reluctantly setting aside the larger issues surrounding LLMs, code-scanning is as far as I will accept going along with this, but no further.

My company is now borrowing the EU's "Certified Organic" logo to deter potential clients who would require use of LLMs. I hope this gets the point across, without having to explicitly mention LLMs or "AI", cause I am very much sick of seeing them mentioned everywhere.

1+
Stefan Sperling boosted
Rafael Sadowski

I've moved some of my currently active repositories over to Game of Trees Hub! 🌳

GoTHub is a transparently funded Git/Got repository hosting service - lightweight, BSD-licensed, and a great minimalist alternative to the big tech.

Check it out: rsadowski.gothub.org/

0
Stefan Sperling boosted
Hugh

Last night I went to a 70th birthday party and ended up sitting next to Frank.

Frank used to work as a computer programmer, because this was the 1970s to 90s and people had normal job titles that described real things, instead of "full stack orchestration engineer" or "solutions architect".

Anyway Frank's employer was the Victorian Attorney General's department. He wrote, updated and maintained in-house software for managing the court system, trial documentation managements and so on using low level languages.

The point of this post is that there was nothing special about this period of history that made it possible for government departments to write and maintain their own software to solve their own problems then but not now.

The complete lack of any in-house capacity to do this kind of thing is a political choice. Frank is a reminder of that.

1+
Stefan Sperling boosted
Brooke

I've just published a reference for anyone using git while trans, explaining how to hide or remove your deadname in git repositories

Please share ❤️

code.curly.kiwi/2026/02/27/usi

1+
Stefan Sperling boosted
*
Mathy Vanhoef

We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others.

NDSS'26 paper: ndss-symposium.org/wp-content/
GitHub: github.com/vanhoefm/airsnitch

High-level article on the work by Dan Goodin: arstechnica.com/security/2026/ I'd say we bypass Wi-Fi encryption though, in the sense that we can bypass client isolation. We don't break Wi-Fi authentication or encryption. Crypto is often bypassed instead of broken. And we bypass it ;) If you don't rely on client/network isolation, you are safe: we can't just break any Wi-Fi network.

1+
Stefan Sperling boosted
Andrew Nesbitt

Instead of using git as a database, what if you used database as a git?

nesbitt.io/2026/02/26/git-in-p

1+
Stefan Sperling boosted
Bryan Steele :flan_beard:

:flan_peek:​ .. I somehow even managed to find some time to review patches.

marc.info/?l=openbsd-cvs&m=177

marc.info/?l=openbsd-ports-cvs

Show thread
1
Stefan Sperling boosted
ティージェーグレェ
Thanks for that!

I submitted a Pull Request to update MacPorts' Got to 0.123 here:

https://github.com/macports/macports-ports/pull/31334

GitHub Continuous Integration checks passed OK, it's up to someone else with commit access to merge it.

I also published an announcement on undeadly.org since rueda had already prepped it and it looked good!

#Got #GameOfTrees #MacPorts #OpenBSD #macOS #VersionControl #OpenSource #Git
0
Stefan Sperling boosted
David Revoy

@blueluma It's amazing how the big industry has brainwashed the audience. I now collect this type of accusation no longer monthly, but weekly. And as a digital painter with more than 25 years' experience, I understand why. In fact, my work (and other, billion) has been used to train those AI models, so AI paint like us. But please stop accusing work that you are not 100% sure about. When real humans are behind it and have spent full days creating that imagery, it hurts a lot.

@peertube

1+
Stefan Sperling

Web crawlers do not forget URLs easily.

Before we repurposed the gothub.org domain for our Git hosting service it was hosting a personal gotd/gotwebd server by patrick@ which he and I sometimes used to trade diffs for the WIP qwx driver about 3 years ago..

Today the crawlers are still hitting gothub.org with several queries per minute for data from an instance of gotwebd which no longer exists:

Queries like:

"/?action=patch&commit=53ad3f26c28d7b0993a850e0d8679a407140161f&path=src.git HTTP/1.1"

Because OpenBSD's httpd cannot filter on query string parameters in URLs we happily send back the same old index.html page of today's gothub.org, every time. They no longer find any C source code here. They keep coming back for juicy HTML.

1+
Stefan Sperling boosted
Thomas Adam

I've released got-portable 0.123

This is in-line with got(1):

gameoftrees.org/releases/chang

There is one addition in this -portable release but is out-of-band with got(1) and it's a fix for chroot(1) handling in gotwebd which was not being passed to children of gotwebd. This will be in got-0.124 when that releases.

On MacOS, socket handling has been reworked to use fcntl() for a few SOCKET_* flags otherwise supported on other platforms.

Also -portable-specific is a new got-portable(7) man page:

gameoftrees.org/got-portable.7

Which aims to collate useful information for users of got(1) on non-OpenBSD platforms.

As usual, the changelog for -portable is here:

gameoftrees.org/releases/porta

Usual mirror (xteddy) has been updated.

Any questions please shout at me!

1
Stefan Sperling boosted
Game of Trees Hub

All our hosted #OpenBSD VMs have been upgraded to #GameOfTrees 0.123.

See gameoftrees.org/releases/chang for the list of changes in this release.

The first three changes in this release were already merged into our VMs earlier. The main benefit of this update for us is improved performance in gotd when processing pack files.

#Git #Hosting

0
Show older
BSD Network

bsd.network is a *BSD-adjacent Mastodon Instance. We have a code of conduct.

Resources

Developers

What is Mastodon?

bsd.network

More…

v3.5.19+iceage · Privacy policy