Great slide from @firstname.lastname@example.org showing how we should shift the stereotypical tech culture to be more positive.
ha, tests pass one and it compiles... needed to rewrite the recursive algorithm though, next step: re-enable name compression and rebase/revise commit messages (see https://github.com/roburio/udns/tree/bailiwick)... but today I sneaked myself into working on opam signing...
This debugger is slowly going somewhere, Notty is so cool. \o/
happy to finally have found a decent description of #DNS cache poisoning attacks and formalisation thereof -- https://www.cs.cornell.edu/~shmat/shmat_securecomm10.pdf (after a late-night discovery that my resolver code is not yet decent, working hard on that now :)
hey everyone else who is running #MirageOS unikernels on AWS -- today is a good day to move them to another cloud behemoth! https://somerandomidiot.com/blog/2018/07/16/ditch-aws-build-host/
that was my spare time project over the last year ;)
happy: got new certificate for https://hannes.nqsb.io using let's encrypt and unikernels (DNS challenge) -- all stored in DNS (see dig tlsa hannes.nqsb.io) backed in a git-repository (dumped by a hidden secondary) \o/ #MirageOS #DNS #letsencrypt -- no longer IP reconfigurations and dehydrated/certbot
Holy shit. The Bavarian Police conducted a raid at the #Zwiebelfreunde und the CCC Augsburg and confiscated personal belongings without having a real proof.
Money quote: "The mere presence of an e-mail address at a large free provider on a website has caused law enforcement authorities to deduce that a German association [...] must be connected to this website somehow"
so relieved from lenovo service: went 20 minutes to cecon in berlin and got my fan replacement on warranty - took my x250 with me :) (plus: it's clean now and a fresh trackpoint) :D :D :D
- DNS secondary pushing to a local git repo https://github.com/roburio/udns/tree/master/mirage/examples/secondary-git
- DNS secondary which waits for CSR (as TLSA 3 255 0) and requests let's encrypt certificates (dumps them as TLSA 3 0 0 in authoritative) https://github.com/hannesm/ocaml-letsencrypt/tree/nsupdate/mirage
- anunikernel which uses DNS to receive it's let's encrypt certificate before serving an echo server https://github.com/roburio/udns/tree/master/mirage/examples/certificate
- unix command line version of the above, writes pem files https://github.com/roburio/udns/blob/master/app/ocertify.ml
#MirageOS #DNS #git dig tlsa test2.robur.io +tcp
told myself at some point "you never ever want to contribute to repository yyy again"... turns out such a thing is a mistake, it's always much better to fix existing, deployed libraries then to be stubborn and waiting for the perfect replacement... just opened a bunch of PRs within the last days :D
and it spawns (maximum) 400 per second (which also spawns an unnecessary sh atm, should work on some neater benchmark suite)... load average doesn't really go above 2.5 (two physical CPUs plus HTT available)... each vm only does 5 lines of console output (with 3 seconds sleep between each line)...
A #MirageOS unikernel running on an ESP32 https://www.lortex.org/posts/mirage/esp32/2018/05/04/success.html