home tags events about rss login

undermine the vole

icy replied

@jxs hah, I do this too. A couple of presses of the hand wash + warm water, dunk the keycaps in and let ‘em soak; dry them out in the sun after.

icy posted

Pretty strong week with a daily average of 657 active kilocalories burnt—cardio and calisthenics combined. No weight training these past few weeks. #fitness

657 kcal, 48 mins exercise

icy posted

I have begun the ultimate bikeshed: writing my own git web frontend à la cgit—except written in Go, and with less 2005-ish HTML (and responsive design!).

icy replied

@jbz Alpine is the most BSD-like Linux there is. But it's still severely lacking in the documentation department.

icy replied

@petersanchez @jxs I've got a few more if you'd like:

sqlite> select xid from honkers where combos like '%honkverse%';
https://honk.tedunangst.com/u/tedu
https://honk.jxs.me/u/jxs
https://benjojo.co.uk/u/benjojo
https://gthmg.com/u/gthmg
https://yeet.ols.wtf/u/ols
https://honk.petersanchez.com/u/petersanchez
https://honk.novalis.org/u/novalis
https://honk.x61.sh/u/gonzalo
https://honk.dave.moe/u/dave
https://honk.omarpolo.com/u/op
https://honk.vedetta.com/u/horia
https://social.peterdebelak.com/u/ptd
https://honk.bloguslibrus.fr/u/jbz

icy posted

Getting to the point where you have visible abs is really not that hard as people make it out to be. What really matters is core strength—which simply having visible abs doesn't guarantee.

icy posted

Am I the only one who finds Advent of Code lame? If I see too many posts about it, I just might have to hfcs it.

icy replied

Talking about NEOM here—the Saudi company attempting to build a flippin' city in a straight line.

icy posted

The new McLaren FE car looks like a Hot Wheels. And gotta love the obligatory Saudi sponsorship—can't have motorsport without that sweet oil monies.

mclaren formula e car

icy reposted

When shown the huge list of operating systems curl runs on, people often ask me which is the strangest, or hardest, operating system to keep curl support for. The answer is always, and will probably always remain: Windows.

No other operating system has so many custom, special, weird and quirky ways that require special-case solutions in the code.

icy posted

Migrated my site to my #OpenBSD server. Setup a quick post-receive git hook to build and publish the site. Much faster than Netlify—who'da thunk it.

icy posted

Okay, solved the cgit go get problem the easy way. Wrote a relayd matcher to check if the host is git.icyphox.sh and if the URL query is ?go-get=1; then forward it to a small Go program that returns the ‘go-import’ meta tag. Donezo.

Go program in question: https://git.icyphox.sh/goget/

icy posted

I don't think I can use cgit for git.icyphox.sh anymore since relayd doesn't support injecting stuff into responses.
For context: I was doing an nginx hack to make cgit go gettable.

I think I'll give smithy a shot. It's written in Go and appears to be fairly customizable.

icy replied

@jbz ran across this thread in my feed, I’ll be happy to help—I run honk on OpenBSD, behind httpd/relayd. I can share my config if you like.

icy replied

@petersanchez Yeah I used to get a 418 (invalid signature) when I tried following you, but it eventually worked, lol. I migrated my honk to new OpenBSD server with IPv6 support—unsure how it’s related, but it seems to have generally helped.

icy replied

@aworldinpages I love The White Lotus. Best series I’ve watched all year. Season 2 is running right now, and it’s equally—if not more—excellent as the first.

icy posted

reddit news is just “climate change activists did something stupid”

icy posted

The new (?) Hershey’s cocoa & cookie spread is bussin’. This is my pre-workout for today.

chocolate and cookie spread on bread

icy replied

@skquinn @ben Everything you've said is correct, and there are reasons for why OpenBSD does things that way—it's just a very opinionated OS built by opinionated folks.

Their "sudo" replacement is called "doas" and is supposedly easier to configure.

It's much easier to configure! My doas.conf is just one line:

permit no pass icy as root

No dicking around with visudo and looking up how to add a user to sudo etc. It's much smaller than sudo, with a much cleaner code base—unlike sudo with its yearly privesc vuln. :)

Package management does not have a GUI or even TUI/curses interface; it's all command line

Well it's certainly not for beginners, but it can be. It's all just pkg_{add,delete} with some flags for upgrading etc.

If you choose to run -current you are expected to keep or bring your system up to date before upgrading packages, otherwise you will get weird and not-so-wonderful-looking error messages that don't make any sense until you realize this.

If you run snapshots, you should be mostly fine. Besides, if you're choosing to follow -current, you should probably already know this.

OpenBSD's "secure by default" can be cheekily read as "half-broken by default" because in a lot of cases things have to be enabled manually due to (at times the most pedantic of) security-related reasons.

Again, it's opinionated. :) pledge(2) and unveil(2) can be pretty restricting in programs like Firefox/Chromium, but I wouldn't describe it as "half-broken"—it's all documented in the pkg-readmes, and can be toggled off if need be.

(apologies if the quotes don't render correctly, it's 2022 and Mastodon still doesn't support blockquotes)

icy replied

@ben @skquinn Yeah, syspatch and sysupgrade are extremely nifty and very hands-off—just fire and forget, and voila, you've got the new -release (or -current) running.

icy replied

@ben OpenBSD is a really simple system and super easy to grok. And it's got man pages for quite literally everything.

@skquinn Hmm, I wouldn't say that. It's a lot more straightforward than say, Arch. Heck, you can just hit enter at all prompts and have a fully functional system! See: autoinstall(8).

icy replied

It was indeed a TLS issue. Turns out, I wasn't serving the full chain certificate—i.e. the cert was missing the root and the intermediate CA certs. And browsers don't warn about this because ✨ reasons ✨.

I had configured acme-client(1) to write the domain certificate to h.icyphox.sh.crt, and the full chain certificate to h.icyphox.sh.pem. And relayd(8) automatically picks up the .crt file—and not the .pem. mv'ing the .pem file to the .crt solved this.

The most confusing bit in debugging this was still being able to see posts from some servers—they were possibly being very lenient with TLS settings. Anyway, the main takeaway from this: the fediverse is a pretty fault-tolerant distributed system. A few minutes after I started serving the correct cert, I started seeing posts from everyone else again.

icy replied

@ols yeah something is definitely broken on my end. I switched the certs for my honk subdomain and ever since, I’ve only been seeing posts from two instances.

I know because, just to be sure, I checked like a few honkers to see if they’ve posted—I’ve received none of it, this one included. Had to manually import the XID for it to show.

Very curious.