More

g0xA52A2A · 2026-03-09T19:43:01 1773085381

You may be interested in OpenBSD's pledge[1][2][3].

> Why trust a program to set its own capabilities?

An example may be that a program starts needing a wide range of capabilties but can then ratchet down to a reduced set once running, aka "privdrop".

> why isn't there a way to set capabilities from the parent process when execing?

There have been replies on other systems so just to stick with pledge which provides the abiliy to set "execpromises" to do this.

[1] https://man.openbsd.org/pledge

[2] https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf

[3] https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pd...

adiabatichottub · 2026-03-09T20:06:10 1773086770

I think you're talking about "execpromises"?[1] I'll have to study it a bit.

[1] https://bsdb0y.github.io/posts/openbsd-intro-to-update-on-pl...

g0xA52A2A · 2026-01-13T19:06:20 1768331180

> Before rebasing, push your current work to your remote fork. This gives you a backup you can recover from if anything goes wrong

I don't follow this. Just abort the rebase?

g0xA52A2A · 2025-11-08T19:42:59 1762630979

Previous discussion https://qht.co/item?id=45809193

g0xA52A2A · 2025-06-20T18:03:43 1750442623

The latest Oxide and Friends podcast episode is - as one may expect - a great pairing if you enjoyed reading this.

https://youtu.be/3z_TQxe9jx4

g0xA52A2A · on Sept 26, 2024

I think this should be merged into/marked a dupe of https://qht.co/item?id=41662596

g0xA52A2A · on June 15, 2024

Don't parse the output of ls, use globbing or find. Here are some examples https://mywiki.wooledge.org/ParsingLs

kleiba · on June 15, 2024

The problem is existing shell scripts not written by yourself.

nvllsvm · on June 19, 2024

This is why I encourage not overriding common commands in $PATH. Setup an alias instead so it only applies to interactive shells (or just type the new command :p).

Shell scripting is already fickle enough with compatibility issues across the major implemtations of POSIX utils (GNU, macOS/ BSD, Busybox). Even /bin/sh itself cannot be relied upon to behave consistently across platforms. Notably, Busybox's ash supports the non-POSIX substring syntax that Bash does. This won't work on distro's like Debian where /bin/sh is linked to dash shell.

g0xA52A2A · on Feb 27, 2024

Title truncated to fit within character limit.

g0xA52A2A · on Jan 14, 2024

Previous discussion https://qht.co/item?id=23529954

g0xA52A2A · on Dec 11, 2023

Just to emphasize part of your comment as I think a lot a people aren't fully aware - Vim has an undo tree https://vimhelp.org/usr_32.txt.html#usr_32.txt

g0xA52A2A · on Dec 9, 2023

Dupe of https://qht.co/item?id=38578247

gchamonlive · on Dec 9, 2023

Not exactly. The linked post is from theregister announcing the fork. This post is the fork itself.