hannes @hannesm@mastodon.social
hacker #OCaml #MirageOS #unikernel #FreeBSD #cycling #network #infrastructure #privacy #anarchism https://hannes.nqsb.io
Joined Apr 2017
hannes
boosted
Just figured out that there is a new Cornell University #OCaml course (text) book in progress. Including videos 🤯 Great stuff 🐫 https://cs3110.github.io/textbook/
Announcing at https://hannes.robur.coop/Posts/Deploy our reproducible MirageOS unikernel builds & infrastructure https://builds.robur.coop which we worked on for the last 6 months #MirageOS #OPAM #OCaml #reproducible_builds - joint work with @reynir, using dream https://github.com/aantron/dream :)
Head is spinning: now we setup our reproducible builder as a job of itself, just updated (API change in a used library), and the reproducible builder built itself, and the output thereof is exactly the same as one further build step.
Wanting to ask: how reproducible are your reproducible build setups? Do you have written down what the dependencies / a bootstrap thereof looks like (and which packages are involved)? Asking for a friend of a reproducible builder ;)
We (@reynir and myself) just developed a U2F library in #OCaml, take a look at https://u2f-demo.robur.coop if you're curious how to achieve passwordless logins (see https://github.com/roburio/u2f for the source code). Happy registrations.
I got vaccinated (with Johnson & Johnson) yesterday early morning (you should get vaccinated as well). I don't feel any side effects (a headache yesterday) -- am I missing out?
today I managed to buy clothes on the Internet _and_ avoiding amazon. so indeed this is possible, just in case you're wondering and use amazon to deliver your socks. THERE ARE ALTERNATIVES, you don't have to feed the bezos
I wrote on elliptic curves, and how to sustainable integrate the verified fiat software into #OCaml and #MirageOS https://hannes.robur.coop/Posts/EC -- feedback welcome. Can't wait to finally write a suckless CA software as a unikernel :D
I found a test suite (wycheproof) for ECDSA which provides structured data (json), and integrated that into my current EC work <3 https://github.com/mirage/mirage-crypto/pull/101 #OCaml #MirageOS -- unfortunately it is verify only -- is anyone aware of a ECDSA sign test suite of similar shape (structured data, lots of corner cases, eventually measuring constant time behaviour)? #crypto #ecc #ecdsa
the birds from riseup.net are running a great infrastructure since years, I just donated to them. see https://riseup.net/about-us/propaganda/your-right-to-whisper and donate https://riseup.net/donate :D
friday evening 22:00, and I finally have NIST P-256 ECDSA sign and verify up and running with test vectors in #OCaml using no gmp (or other bignum libraries), but only proven (with Coq) code that does computations over p and n in constant time (using https://github.com/mit-plv/fiat-crypto/) \o/
I blogged about #MirageOS and #unikernels in 2021 (and a recap of 2020). https://hannes.robur.coop/Posts/NGI :D #OCaml
then I gave up, booted QubesOS and used WoeUSB (https://github.com/slacka/WoeUSB) -- highly recommended, works out of the box
preparing a windows 10 boot stick on FreeBSD:
- learn that `dd if=iso of=/dev/da0` does not work
- learn that newfs_msdos can create a FAT32, but windows 10 installation has files > 4GB
- learn that mount_udf does not work with windows 10 iso -> but 7z e iso does
- sysutils/exfat-utils and fusefs-exfat are my friends now (I learned about exfat only today)
*fingers crossed*
@raichoo huch, das smart deli ist mittlerweile nicht mehr nur-vegan, sondern hat auch fisch und fleisch. ich bin ein bisschen verwundert, aber freue mich, da eben gegessen zu haben, tofu teriyaki, sooo lecker
hannes
boosted
What the internet was like in the old days for a #developer.
Also important to understand where the #git "pull requests" comes from ;)
now with a blogpost and a repository https://hannes.nqsb.io/Posts/Traceroute
ok, that was fun... developing a traceroute as MirageOS unikernel, and preserving the ttl and timestamp of sent packet inside the UDP header (well, 2 * 16 bit ports is enough for everyone, no) -- https://gist.github.com/hannesm/10ae02dbfd42568b24518fddcb39060f #MirageOS #traceroute
next: figure control flow to properly terminate :)
DNS, a protocol that keeps on giving... any hints when "dig -k <my-key>" completes a zone transfer over multiple messages, and reports "WARNING -- Some TSIG could not be validated"? there are TSIG on each DNS message (and according to other software they validate) using the very same key provided to dig (if there's only a single message for the AXFR, dig validates and does not print the WARNING) -- help
woop, from the #MirageOS land:
- qubes-mirage-firewall supporting dynamic rules was released yesterday https://groups.google.com/forum/#!topic/qubes-users/Xzplmkjwa5Y
- TLS 1.3 is released, and live at https://mirage.io/blog/tls-1-3-mirageos
- no clue what will be announced tomorrow ;)
hacker #OCaml #MirageOS #unikernel #FreeBSD #cycling #network #infrastructure #privacy #anarchism https://hannes.nqsb.io
Joined Apr 2017
Server run by the main developers of the project 
It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!