Aleksa Sarai π΄π₯ @cyphar@mastodon.social
{π΄, #FreeSoftware, security, gnu/linux, physics researcher, #oci #containers @Suse, BSc undergrad @Sydney_Uni}; // opinions my own
Salt, pepper. Olive oil. Knob of butter. Get some colour on there. In the oven, 4 minutes. Herb crusted rack of lamb, done. @gordonramsay
Fuck devicemapper. Fuck MS_REC|MS_PRIVATE. Fuck bind mounts. Fuck it all.
Is there any plans to reimplement libvpx so that it's actually performant and multi-threaded? h264 is much faster.
Does anyone know of research into heuristically detecting compression bombs, using something like entropy profiles or compression ratios?
I *know* you're an exploit goddammit! Why is it not working inside a container? It works under unshare...
#umoci 0.3.0 released with OCI v1.0 support. Exciting times. #skopeo 0.1.23 also has come out with support for v1.0 as well. https://github.com/openSUSE/umoci/releases/tag/v0.3.0
Really what would be nice is a way to take a Cargo.toml and use it with RPM macros...
Unfortunately Rust still is hard to package in distributions. While we do have solutions for nodejs and ruby, nobody likes those hacks. I'm hoping it can be improved in the future.
I really want to rewrite everything in Rust at the moment. Container runtimes really should switch away from Go, it's caused nothing but issues in my experience.
π³Kπ³Iπ³Lπ³Lπ³Mπ³Eπ³Nπ³Oπ³Wπ³
I published a short blog post about how #umoci's integration test coverage profiles are generated and collated. https://www.cyphar.com/blog/post/golang-integration-coverage
#umoci 0.2.1 released. It supports v1.0.0-rc5 of the #OCI runtime-spec and I've streamlined releases. https://github.com/openSUSE/umoci/releases/tag/v0.2.1
openSUSE #umoci 0.2.0 released. Lots of refactoring and cleanup in preparation for OCI merging of libraries. https://github.com/openSUSE/umoci/releases/tag/v0.2.0
https://www.theregister.co.uk/2017/04/06/microsoft_windows_10_creators_update/
"Engineers, with permission from Microsoftβs privacy governance team, can obtain users' documents that trigger crashes in applications, so they can work out what's going wrong. The techies can also run diagnostic tools remotely on the computers, again with permission from their overseers."
Jesus fucking christ
I made a website to track the progress of rootless containers so that new people can pitch in more effectively, as well as to serve as some basic documentation on rootless containers. https://rootlesscontaine.rs/
Why did I know that buying an .rs domain was going to be a really bad idea...
Toot me things you would like to see in a new FOSS build server software. Boost if you have tech followers please.
My enthusiasm for contributing to mastodon is seriously reduced by the commentary from randoms in the GitHub threads
Check out my SUSE Hackweek project: https://github.com/cyphar/orca. It allows you to build OCI images from a Dockerfile, using entirely OCI standardised tools. And it's going to support rootless containers soon. :wink:
