Aleksa Sarai π΄π₯ @cyphar@mastodon.social
- Keybase
- cyphar
{π΄, #FreeSoftware, security, gnu/linux, physics researcher, #oci #containers @Suse, BSc undergrad @Sydney_Uni}; // opinions my own
Joined Apr 2017
It is proven! I am cyphar on Keybase: https://keybase.io/cyphar/sigchain#76cb41972f89ab94d011a47d6678390f49dfd61add1bdc7ccc20e612f9072c270f
Salt, pepper. Olive oil. Knob of butter. Get some colour on there. In the oven, 4 minutes. Herb crusted rack of lamb, done. @gordonramsay
Fuck devicemapper. Fuck MS_REC|MS_PRIVATE. Fuck bind mounts. Fuck it all.
Is there any plans to reimplement libvpx so that it's actually performant and multi-threaded? h264 is much faster.
Does anyone know of research into heuristically detecting compression bombs, using something like entropy profiles or compression ratios?
I *know* you're an exploit goddammit! Why is it not working inside a container? It works under unshare...
#umoci 0.3.0 released with OCI v1.0 support. Exciting times. #skopeo 0.1.23 also has come out with support for v1.0 as well. https://github.com/openSUSE/umoci/releases/tag/v0.3.0
Really what would be nice is a way to take a Cargo.toml and use it with RPM macros...
Unfortunately Rust still is hard to package in distributions. While we do have solutions for nodejs and ruby, nobody likes those hacks. I'm hoping it can be improved in the future.
I really want to rewrite everything in Rust at the moment. Container runtimes really should switch away from Go, it's caused nothing but issues in my experience.
π³Kπ³Iπ³Lπ³Lπ³Mπ³Eπ³Nπ³Oπ³Wπ³
I published a short blog post about how #umoci's integration test coverage profiles are generated and collated. https://www.cyphar.com/blog/post/golang-integration-coverage
#umoci 0.2.1 released. It supports v1.0.0-rc5 of the #OCI runtime-spec and I've streamlined releases. https://github.com/openSUSE/umoci/releases/tag/v0.2.1
Aleksa Sarai π΄π₯
boosted
openSUSE #umoci 0.2.0 released. Lots of refactoring and cleanup in preparation for OCI merging of libraries. https://github.com/openSUSE/umoci/releases/tag/v0.2.0
I made a website to track the progress of rootless containers so that new people can pitch in more effectively, as well as to serve as some basic documentation on rootless containers. https://rootlesscontaine.rs/
Why did I know that buying an .rs domain was going to be a really bad idea...
Check out my SUSE Hackweek project: https://github.com/cyphar/orca. It allows you to build OCI images from a Dockerfile, using entirely OCI standardised tools. And it's going to support rootless containers soon. :wink:
Aleksa Sarai π΄π₯
boosted
It's actually really awesome that Mastodon attracted a shitload of users who largely aren't aware that the underlying GNUSocial platform is old.
You know why?
Because it means we can do this over and over.
Every time someone releases a new implementation with different-looking chrome on top, it can go through its own marketing and media cycle and garner new users. *And the network effect will be cumulative.*
Aleksa Sarai π΄π₯
boosted
2017's International Day Against #DRM will take place on Sunday, July 9th. What will you do to fight for digital rights? https://u.fsf.org/265
- Keybase
- cyphar
{π΄, #FreeSoftware, security, gnu/linux, physics researcher, #oci #containers @Suse, BSc undergrad @Sydney_Uni}; // opinions my own
Joined Apr 2017
Server run by the main developers of the project 
It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!