2026-05-13T06:18:38Z https://yabu.me Tim Chase https://yabu.me/npub1fhfl46ynertt5zwyl0eyus5yn2jh60grdk6wf7vm33yq56hmy98qqz2t42 https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/407/688/140/177/903/original/de6c43fbc2be3c55.jpg https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/407/688/140/177/903/original/de6c43fbc2be3c55.jpg https://yabu.me/nevent1qqsp0223nklhg9sf9cy2grtuhkwye7gwvgg48dwpvrhe78u034fjzpszypxa87hgj0yddwsfcnalynjzsjd22lfaqdkmfe8enwxyszn2lvs5u0r6hs8 In reply to <a href='/nevent1qqstgw5cckfgnad7m3eqyv2kq46expuugrw27q7rgt4ppz5yrf7utncgc7lp5'>nevent1q…7lp5</a><br/>_________________________<br/><br/>might want to let <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1yscgqlwkcfe68mcdlm9g7qc73ftd020cn7yk05s329j3j7ftenrswuffqw" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>The Real Grunfink</span> (<span class="italic">npub1ysc…ffqw</span>)</a></span> know about the snac-crashing-on-OpenBSD issue…it might be a matter of compiler build-time arguments inaccurately choosing the target architecture. 2026-02-21T15:13:32Z https://yabu.me/nevent1qqs8vhwaktg6zg3an68detr7q8qyeljj4j2l9jawrql5wlel6p774ugzypxa87hgj0yddwsfcnalynjzsjd22lfaqdkmfe8enwxyszn2lvs5uyx6gu8 I don&#39;t comprehend businesses entrusting their entire online presence to the big social-media companies.<br/><br/>Yes, I drove past your new restaurant today and would love to learn more! But you don&#39;t have an actual web-page for basic things like menu, hours, pricing, or contact info? Like the sort of thing you could obtain for &lt;$10/year on a cheap hosting service?<br/><br/>Sure, I suppose I&#39;ll open your Instagram page in a Private Browsing window. Oh, wait, IG will only show me 2–3 screenfuls of posts before requiring me to log in? We&#39;ll just close the window instead.<br/><br/>I suppose I could try your Facebook page instead in a different Private Browsing window. Hmm, a whole 2 pages of past posts before it requires me to log in to view more. *closes window*<br/><br/>Sorry, I was interested, but not *that* interested. Here&#39;s wishing your new business the best of luck… 😕 2025-09-16T00:00:17Z https://yabu.me/nevent1qqs95de9jd7sajygf0ejrp3qj6yrj08vh3j5ylcuq5hrwm85gvzjt3qzypxa87hgj0yddwsfcnalynjzsjd22lfaqdkmfe8enwxyszn2lvs5u62grju In reply to <a href='/nevent1qqsfnw4qrjywjfd4fn9f5cla8ns3unkhmh0q5lllrkzm70z5rk0m8hg6vfx2r'>nevent1q…fx2r</a><br/>_________________________<br/><br/>I have a private git repo that I sync around for my personal files, including my remind(1) files, my ledger(1) finances, notes.txt, etc.<br/><br/>I have repo-storage on several machines, and git is configured to push to all of them for multiple copies. 2025-05-07T00:24:29Z https://yabu.me/nevent1qqs9md3gd8qugz2wx7kgmk98kvf2plvhxy8f4d0y9g5r6jkwqhj9hlgzypxa87hgj0yddwsfcnalynjzsjd22lfaqdkmfe8enwxyszn2lvs5u6gqsgk In reply to <a href='/nevent1qqs8ut6ddpkdex3sdv4fqalgnrns6w7anrgws5qxt2yy5j569n4zqvq6u2vlr'>nevent1q…2vlr</a><br/>_________________________<br/><br/>I too find the &#34;X is secure&#34; claim a bit hard to accept at face value.<br/><br/>But the OpenBSD folks do seem to take it as a mindset, willingly making sweeping changes even if they have notable costs. <br/><br/>Doing certain checks or defaulting to not using SMT? It may cost performance, but they&#39;re willing.<br/><br/>Adding code to pretty much all the base utilities to limit what they can access with pledge(2)/unveil(2) or using privsep for services? yeah, it too is a cost, but they eat it.<br/><br/>Ripping out risky/complex things or setting breaking defaults (dropping broken cipher suites from default ssh settings) or raising loud warnings (e.g. trying to use rand(3) in C) instead of coddling bad code? Sure, it sacrifices some backwards compatibility, but it reduces complexity (the enemy of security) and prevents exploits in those areas.<br/><br/>So while secure-vs-not-secure is hard to label, they at least have a track record of making hard decisions that favor a security-mindset. 2025-05-04T12:23:06Z https://yabu.me/nevent1qqsg4a5g7y8rv4rewahx3rl7yupfeqv2yzdyw9rnx93zfvuww9ykweqzypxa87hgj0yddwsfcnalynjzsjd22lfaqdkmfe8enwxyszn2lvs5ucfxhy8 In reply to <a href='/nevent1qqsghasnsfvu3n4h8j7gnhktt3jyck3z72nswgkts5nsueefjyw6sushxfy7p'>nevent1q…fy7p</a><br/>_________________________<br/><br/>though they&#39;re lines of code that have been vetted for decades and (with the exception of fzf in this case) are POSIX, already existing on the system. The cost of those lines has already been paid before you even type a command.<br/><br/>Yes, fzf might bring in thousands of additional lines of code, but it&#39;s a single source, tested by many users for many years—not quite the decades of POSIX shell+utils, but still around notably longer than this random Github project release in the last week. Who knows about those Golang libraries and how many have been used, and of those how many have actually had any sort of security eye cast over them?<br/><br/>And at least with bash (rather than sh), I could have largely used `select` in the shell rather than fzf for the &#34;pick a subset of these&#34; in another couple lines. Or even just using `grep -n` with `read` in POSIX shell, in a similar number of lines. 2025-01-11T12:57:12Z