#ioquake3 on #HardenedBSD will ship with cheat support enabled by default: git.hardenedbsd.org/hardenedbs…
This would make for a fun LAN party (remember those?)
I suck horribly at gaming, but occasionally dabble. ioquake3 is actually a good small program to test our exploit mitigations and security hardening techniques. So, let's play (with cheats!) Signed-off-by:...GitLab
#Framework16 performance issues continued. It took 117 seconds to run git status on the #HardenedBSD ports tree. The screenshots show a VM with 6 vCPU and 32GB vRAM.
For the first couple hours, when the system boots cold, filesystem access is just about as instantaneous as it ought to be. But after around six hours of uptime, the brand spanking new NVMe SSD starts going sloooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooow. Practically unusable when it gets like this.
You can see in the top output that the CPU is mostly stuck in the kernel.
Seven day embargo limit for #curl: git.hardenedbsd.org/shawn.webb…
It can take the #HardenedBSD project a full month to rebuild its package repos. And since we've built this software monoculture against libcurl, this will be FUN!
It was recently updated in this doc to seven, but there were *two* numbers mentioned and only one of them was updated leaving the paragraph quite confusing. Follow-up to 83c90e50472f32b74e388f6e524d...GitLab
@bagder because you seem to me to be somewhat confused. Like statements like "if they're transparent, what's there to support?"
But, whatever, I already maintain a patch for #HardenedBSD users to remove the prohibition. The problem is solved on HardenedBSD.
@bagder Essentially, #curl commit 0ae0abbe72514a75c10bfc4108d9f254f594c086 broke updating #HardenedBSD packages for certain users who use HardenedBSD behind a fully Tor-ified network (a network that uses transparent Tor proxying).
Those users were unable to update their HardenedBSD systems since the package manager uses libcurl behind-the-scenes. Some of these users live in malicious environments (malicious to human life), with actively-exploited applications.
So, this prohibition had a real negative impact, putting our users in harm's way.
If curl had a way to bypass the prohibition, we would've been able to keep our users safe.
This is why I mention #Radicle: they, too, do not support the .onion TLD by default, but can be configured to provide that support.
Radicle has three options:
.onion domain lookups will fail..onion lookups succeed..onion lookups succeedcurl is missing that third option.
I've published a new (currently untested) build of #hbsdfw (a #HardenedBSD based fork of #OPNsense):