hannes @hannesm@mastodon.social

friday... training for sth completely different

now with a blogpost and a repository https://hannes.nqsb.io/Posts/Traceroute

ok, that was fun... developing a traceroute as MirageOS unikernel, and preserving the ttl and timestamp of sent packet inside the UDP header (well, 2 * 16 bit ports is enough for everyone, no) -- https://gist.github.com/hannesm/10ae02dbfd42568b24518fddcb39060f #MirageOS #traceroute

next: figure control flow to properly terminate :)

DNS, a protocol that keeps on giving... any hints when "dig -k <my-key>" completes a zone transfer over multiple messages, and reports "WARNING -- Some TSIG could not be validated"? there are TSIG on each DNS message (and according to other software they validate) using the very same key provided to dig (if there's only a single message for the AXFR, dig validates and does not print the WARNING) -- help

woop, from the #MirageOS land:
- qubes-mirage-firewall supporting dynamic rules was released yesterday https://groups.google.com/forum/#!topic/qubes-users/Xzplmkjwa5Y
- TLS 1.3 is released, and live at https://mirage.io/blog/tls-1-3-mirageos
- no clue what will be announced tomorrow ;)

for those in #berlin, get your ass out on the street today to fight against nazis https://akkberlin.blackblogs.org/2020/05/15/folienkartoffeln-und-nazis-zu-brei-stampfen-aktionskarte-16-05-2020/

on linux you also don't get bswap32/bswap64 from endian.h (and need some defines to get BYTE_ORDER), but there's then a byteswap.h where you can get bswap_32 from. I find the lack of standardisation disturbing in this area; and am happy that on the C compiler front its gcc and clang who need to agree on something to have it widely usable ;)

I usually avoid writing C code, but if I do it should be cross-platform (Linux, BSD, macOS). Today's riddle was "byte swap" and "hto{le,be}{32,64}" functions, i.e. what normally is in endian.h (Linux) sys/endian.h (BSD) libkern/OSByteOrder.h (macOS).

After hours, I discovered __BYTE_ORDER__ and __builtin_bswapYY provided by the C compiler. They work great, no lengthly #ifdef chains anymore.

Anything that speaks against them? Anyone uses a C compiler without them ("cc -dM -E - < /dev/null")?

TIL -sigopt rsa_pss_saltlen:digest

diesen wetter podcast vom hr2 fand ich sehr interessant.. hilft alles nichts (corona), wir werden massiv umdenken muessen (wegen klima/wetter, wassermangel), um weiterhin soviel nahrung zu produzieren https://www.hr2.de/podcasts/der-tag/das-wetter-sonnig-und-trocken-im-abgang-bitter,podcast-episode-68222.html

from RFC 5246 (TLS 1.2) -- no, I've no clue why they did not just use PKCS5/PKCS7 padding. instead (please count the number of "06" occurences in the last block):

> the padding would be 6 bytes, each containing the value 6. Thus, the last 8 octets of the GenericBlockCipher before block encryption would be xx 06 06 06 06 06 06 06, where xx is the last octet of the MAC.

the implicit development are researching infrastructure FOSS projects, and joined our #MirageOS retreat last year - and wrote about their experience https://implicit-development.org/2020/04/08/mirageos-retreat/ -- thanks to everyone involved, especially @runabout -- you should read their other posts as well :)

while reading through OCaml PRs, I came across "Quake III inverse square root approximation" - https://medium.com/hard-mode/the-legendary-fast-inverse-square-root-e51fee3b49d9 - wow - here's the OCaml PR doing sth similar - https://github.com/ocaml/ocaml/pull/9466

today I developed a #MirageOS unikernel which serves the contents of a git remote via HTTP(S), including let's encrypt certificate provisioning. A test instance is setup at https://test.nqsb.io -- code is at https://github.com/hannesm/unipi (includes various protocols: git, ssh, tls, http, acme). it is < 300 lines of application code :D and even provides HTTP cache headers (last-modified / etag) :D A webhook is available that fetches the git remote (to update the contents) :D

das habe ich vom tagesspiegel nicht erwartet, den aufruf den picknickkorb zu packen und im naechsten autohaus im cabrio zu picknicken. finde ich aber eine voll gute idee :) https://www.tagesspiegel.de/gesellschaft/vorzug-in-coronazeiten-bekommt-ausgerechnet-das-kfz-haben-sie-ihr-lieblings-autohaus-auch-so-vermisst/25750296.html

discovered "dark website forcer", an extension for firefox -- and installed github dark theme --> life is so much better, no more headaches from looking in my web browser (well, apart from the thousands pages i rarely visit that don't have dark modes)