Discover and read the best of Twitter Threads about #freebsd

Most recents (6)

Für Software-Entwickler und Nerds ein kleiner Thread zur IT-Sicherheit bei #Datenbanken und Zugriffs-Berechtigungen:

Bei normalen Dateisystem haben wir uns daran gewöhnt, dass nicht jeder Server-Dienst nach /etc, /usr/local/bin oder c:\windows\system32 schreiben darf. 1/x
Viele Entwickler wollen auf Datenbanken aber Vollzugriff auf alles haben. Steht die Anwendung im Netz und findet jemand eine Lücke ist die Kacke am Dampfen: „DELETE FROM users;“ und alle User sind weg. Mit „TRUNCATE users“ gehts sogar schneller. 2/x
Mit Pech geht das sogar auf fremden Datenbanken auf dem gleichen Server. Dumm.

Daher kennen anständige relationale Datenbankmanagementsystemen (RDBMS) User, Rollen und Zugriffsrechte; nutzt man die, darf der Applikations-User der Web-Anwendung nur das nötige. 3/x
Read 20 tweets
Après un essai infructueux fin 2019 avec peertube 2.0 (nodejs, npm & al ne m'aiment pas et je le leur rends bien), j'ai eu plus de succès avec la version 3.0.1 sous #FreeBSD. Merci @joinpeertube \o/ (ça va faire plaisir à @davlgd, du coup la balle est dans son camp :p) Image
Le premier essai (une vidéo de trains en Auvergne choisie totalement au hasard, bien sûr) se passe plutôt pas mal ! ffmpeg mouline pendant ce temps. Image
L'incantation de transcodage ffmpeg utilisée par Peertube (ne me demandez pas pour les détails ; ça réencode apparemment à 4,8 Mbps en redimensionnant l'image). Image
Read 5 tweets
Hey, want to see a crazy trick?
+ Compile package from port on #FreeBSD 12.1
+ Convert to old-style FreeBSD package
+ Install on FreeBSD 9.2
Only works with packages containing no binaries, of course; security/acme.sh for example
So let's get into it. Because that probably sounds like dark magic (well, it is, and I'm going to show you how to wield it).

This probably sounds like Debian/Ubuntu's "alien" utility but for FreeBSD. Well, it kind of is.

Thread.
Over the years, FreeBSD has had 2 major package formats (speaking strictly about the payloads; the tarballs themselves; not the ports system or Makefiles that create them) and 3 different compression formats.

In the beginning, there was pkg_add, pkg_delete, pkg_info, etc.
Read 18 tweets
I’m trying to do a #FreeBSD vnet jail using a different subnet than the host. Routing seems to be the issue. I think the host needs an IP address in the jails subnet to act as the gateway. Correct?

The vnet needs to be attached to **not** em0.
I thought about creating tap0, putting 192.168.0.1 on that, and attaching it to bridge0 instead of em0.
We created em1 on the host, configured as: ifconfig em1 inet 192.168.100.1/24

The host can now ping the jail, and the jail can ping the host.

The problem: we can't do NAT.

tcpdump shows no traffic on em1 leaving the jail.

Is that because bridge0 members are em0, em1, vnet0 ?
Read 5 tweets
Calling all @FreeBSD/#FreeBSD users who have ever run "buildworld" with a build option. Behold, my 15 years-in-the-making diff to unbreak several build options: reviews.freebsd.org/D17040

Notably WITHOUT_INET* WITHOUT_CRYPT WITHOUT_OPENSSL WITHOUT_DYNAMICROOT WITHOUT_FILE #Thread
PLEASE review and test. I have noted one known shortcoming in the review and I hope all #FreeBSD make/build/buildworld subject matter experts can test and trash it as appropriate. Why? #Thread
I have wanted for a mere 15 years, since I first discovered FreeBSD #Jail, to have an easy way to choosing build(world) options for smaller-than-stock Jails come #bhyve virtual machines. THE THINGS THEY NOW CALL CONTAINERS and a dozen other catchy names.
Read 30 tweets
Watching @JurassicWorld I witnessed "dmidecode --isolate" and throughout the remainder of the film I could not stop thinking about this. movies.stackexchange.com/questions/9006… I am positive I saw "dmidecode --isolate" and now I'm thinking how I could make that a real thing
There's something called the DPDK for Linux. dpdk.org Stands for Data Plane Development Kit. It has an option for isolating CPUs. If you're going to add an option to dmidecode to "isolate" something/everything -- and in the premise of the @JurassicWorld movie -- 1/
if "dmidecode --isolate" is to "save the day" in a failing ventilation system, it would have to (no doubt) isolate a failing component. In #FreeBSD quite often we see cards that violate our standard understanding and ultimately evoke warnings about interrupt storms and thus 2/
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!