On my blog: Real Life in Star Trek, Gambit part 1 https://john.colagioia.net/blog/2025/06/19/gambit-part-1.html #scifi #startrek #closereading

https://blog.garambrogne.net/kloset.html #kloset disséqué une histoire de #plakar un outil de sauvegarde qui utilise déduplication compression chiffrage et signature

OpenBSD has the wonderful pledge() and unveil() syscalls:

https://www.youtube.com/watch?v=bXO6nelFt-E

Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.

Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:

unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);

Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.

I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.

I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():

https://landlock.io/

On my blog: Developer Diary, Day of the African Child https://john.colagioia.net/blog/2025/06/16/african-child.html #programming #project #devjournal

On my blog: Go Nowhere Fast https://john.colagioia.net/blog/2025/06/15/go-nowhere-fast.html #harm #rant #politics #harm

@prologic@twtxt.net yes, I never understood you using micro.blog (and paying for it, nonetheless!). I don’t like it (as a platform), and have an unexplainable dislike for its creator.

@bender@twtxt.net Maybe one day I’ll take back over my prologic.blog domain from µBlog and redoit with my handy zs tool with some nice CSS 🤣

@bender@twtxt.net I just babble on Twtxt 🤣 I honestly find that I don’t realy have the time nor the energy to “blog” in full really, I rarely do 😢

On my blog: Free Culture Book Club — Tag Team https://john.colagioia.net/blog/2025/06/14/tag-team.html #freeculture #bookclub

On my blog: Toots 🦣 from 06/09 to 06/13 https://john.colagioia.net/blog/2025/06/13/week.html #linkdump #socialmedia #quotes #week

Great article from Tailscale about how security policies we’ve often seen in many large complex organizations that we all love to hate don’t actually provide the security that we assumed.

https://tailscale.com/blog/frequent-reath-security

On my blog: Real Life in Star Trek, Interface https://john.colagioia.net/blog/2025/06/12/interface.html #scifi #startrek #closereading

Why We’re Moving on From Nix
Comments ⌘ Read more

My Journey to KubeCon + CloudNativeCon 2024: A Story of Volunteering and Growth
My name is Oscar Ayra and I am from Lima, Peru. In 2024, I had the privilege of being part of the volunteer team at Kubernetes Community Days (KCD) Lima. It was an enriching experience where… ⌘ Read more

Newbie No More: Lessons from My First KubeCon + CloudNativeCon as a Speaker
Introduction April in London has never felt so electric. From the first footstep in the ExCeL halls to the hallway conversations, KubeCon + CloudNativeCon Europe 2025 was a whirlwind of new ideas, familiar faces, and those… ⌘ Read more

CVE-2025-47934 - Spoofing OpenPGP.js signature verification
Comments ⌘ Read more

News from WWDC25: WebKit in Safari 26 beta
Comments ⌘ Read more

AI-assisted coding for teams that can’t get away with vibes
Comments ⌘ Read more

GitOps in 2025: From Old-School Updates to the Modern Way
1. Introduction: Why Everyone’s Talking About GitOps in 2025 It’s 2025, and building software is more cloud-driven than ever. Cloud computing offers incredible speed and flexibility, but it also brings complexity. Companies are expected to ship… ⌘ Read more

Lightweight Diagramming for Lightweight Formal Methods
Comments ⌘ Read more

Makefile.md - Possibly Use(ful|less) Polyglot Synthesis of Makefile and Markdown
Comments ⌘ Read more

Enjoying nature and walking through this green and calm scenery. 🌳🚶‍♂️🌳 ⌘ Read more

Enjoying nature and walking through this green and calm scenery. 🌳🚶‍♂️🌳 ⌘ Read more

Cross-compiling Zig on an old Kindle
Comments ⌘ Read more

GitHub for Beginners: Code review and refactoring with GitHub Copilot
Learn how to use GitHub Copilot to help review and polish your code.

The post GitHub for Beginners: Code review and refactoring with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

How I program with Agents
Comments ⌘ Read more

The high-level OS challenge
Comments ⌘ Read more

LLMs are cheap
Comments ⌘ Read more

Unlocking the Motorola G23 (and some words on Motorola)
Comments ⌘ Read more

Poison everywhere: No output from your MCP server is safe
Comments ⌘ Read more

A Low-Impact Keybase Impersonation Issue on Lobsters
Comments ⌘ Read more

Live tracking solution for OsmAnd
I previously shared my transition from Komoot to OsmAnd, and after some time, I’ve grown accustomed to its comprehensive capabilities. Whether for cycling, hiking, or general navigation, OsmAnd truly functions as a versatile “Swiss Army knife” for offline mobile navigation and tracking. ⌘ Read more

Weaponizing Dependabot: Pwn Request at its finest
Comments ⌘ Read more

On my blog: Generative AI Wish List https://john.colagioia.net/blog/2025/06/08/ai-wish-list.html #artificialintelligence #harm #rant

Shell scripting in C
Comments ⌘ Read more

Getting started with QT, without the nonsense
Comments ⌘ Read more

A masochist’s guide to web development
Comments ⌘ Read more

A plan for SIMD
Comments ⌘ Read more

MCP vs API
Comments ⌘ Read more

What was Radiant AI, anyway?
Comments ⌘ Read more

On my blog: Free Culture Book Club — The Pink and Black Album https://john.colagioia.net/blog/2025/06/07/pink-black.html #freeculture #bookclub

A Farewell from Priyanka Sharma, Executive Director of CNCF
After five extraordinary years, I’m stepping down from my role as Executive Director of the Cloud Native Computing Foundation. A Journey of Growth and Impact Leading CNCF has been the honor of a lifetime. I joined… ⌘ Read more

A year of funded FreeBSD
Comments ⌘ Read more

Hacking is Necessary
Comments ⌘ Read more

On my blog: Toots 🦣 from 06/02 to 06/06 https://john.colagioia.net/blog/2025/06/06/week.html #linkdump #socialmedia #quotes #week

Kubeflow Advances Cloud Native AI:  a glimpse into KubeCon + CloudNativeCon Europe 2025
The Kubeflow community is rapidly growing due to its contributions to advancing AI by streamlining the AI/ML experience in Kubernetes. Kubeflow provides a composable ecosystem for implementing end-to-end solutions for AI/ML. Kubeflow includes the following projects:… ⌘ Read more

Securing Kubernetes Traffic with Calico Ingress Gateway
Kubernetes, Envoy, GatewayAPI, cert-manager, CNI, Calico If you’ve managed traffic in Kubernetes, you’ve likely navigated the world of Ingress controllers. For years, Ingress has been the standard way of getting our HTTP/S services exposed. But let’s… ⌘ Read more

SuSE Linux 6.4 and Arachne on DOS also work (with Windows 2000 as a call target):

• https://www.uninformativ.de/blog/postings/2025-05-31/0/POSTING-en.html#suse-linux-64
  
• https://www.uninformativ.de/blog/postings/2025-05-31/0/POSTING-en.html#arachne-on-dos

The next phase of jank’s C++ interop
Comments ⌘ Read more

Assigning and completing issues with coding agent in GitHub Copilot
Have you tried the new coding agent in GitHub Copilot? Here’s how developers are using it to work more efficiently.

The post Assigning and completing issues with coding agent in GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more