Aleksa Sarai 🕴🥛 @cyphar@mastodon.social

It is proven! I am cyphar on Keybase: https://keybase.io/cyphar/sigchain#2526fdc1d7e6178b9e4eeb3609db977a1b52ab7e7067035a215191bd97fce1cb0f

Does anyone know of research into heuristically detecting compression bombs, using something like entropy profiles or compression ratios?

I *know* you're an exploit goddammit! Why is it not working inside a container? It works under unshare...

#umoci 0.3.0 released with OCI v1.0 support. Exciting times. #skopeo 0.1.23 also has come out with support for v1.0 as well. https://github.com/openSUSE/umoci/releases/tag/v0.3.0

Really what would be nice is a way to take a Cargo.toml and use it with RPM macros...

Unfortunately Rust still is hard to package in distributions. While we do have solutions for nodejs and ruby, nobody likes those hacks. I'm hoping it can be improved in the future.

I really want to rewrite everything in Rust at the moment. Container runtimes really should switch away from Go, it's caused nothing but issues in my experience.

I published a short blog post about how #umoci's integration test coverage profiles are generated and collated. https://www.cyphar.com/blog/post/golang-integration-coverage

#umoci 0.2.1 released. It supports v1.0.0-rc5 of the #OCI runtime-spec and I've streamlined releases. https://github.com/openSUSE/umoci/releases/tag/v0.2.1

openSUSE #umoci 0.2.0 released. Lots of refactoring and cleanup in preparation for OCI merging of libraries. https://github.com/openSUSE/umoci/releases/tag/v0.2.0

I made a website to track the progress of rootless containers so that new people can pitch in more effectively, as well as to serve as some basic documentation on rootless containers. https://rootlesscontaine.rs/