hannes @hannesm@mastodon.social
RT @mattcielak@twitter.com
Great slide from @aprilwensel@twitter.com showing how we should shift the stereotypical tech culture to be more positive.
ha, tests pass one and it compiles... needed to rewrite the recursive algorithm though, next step: re-enable name compression and rebase/revise commit messages (see https://github.com/roburio/udns/tree/bailiwick)... but today I sneaked myself into working on opam signing...
This debugger is slowly going somewhere, Notty is so cool. \o/
happy to finally have found a decent description of #DNS cache poisoning attacks and formalisation thereof -- https://www.cs.cornell.edu/~shmat/shmat_securecomm10.pdf (after a late-night discovery that my resolver code is not yet decent, working hard on that now :)
hey everyone else who is running #MirageOS unikernels on AWS -- today is a good day to move them to another cloud behemoth! https://somerandomidiot.com/blog/2018/07/16/ditch-aws-build-host/
See how it is possible to deploy a #unikernel (like the #mirageos / #solo5 based #keyfender) in #kubernetes, so that it runs from an *unprivileged* container in its own isolated VM, by using the kvm device plugin from #kubevirt! \o/
that was my spare time project over the last year ;)
happy: got new certificate for https://hannes.nqsb.io using let's encrypt and unikernels (DNS challenge) -- all stored in DNS (see dig tlsa hannes.nqsb.io) backed in a git-repository (dumped by a hidden secondary) \o/ #MirageOS #DNS #letsencrypt -- no longer IP reconfigurations and dehydrated/certbot
Holy shit. The Bavarian Police conducted a raid at the #Zwiebelfreunde und the CCC Augsburg and confiscated personal belongings without having a real proof.
Money quote: "The mere presence of an e-mail address at a large free provider on a website has caused law enforcement authorities to deduce that a German association [...] must be connected to this website somehow"
Great system you have out there #dns
dig a www.katerundgoldfisch.com @ns2.jimdo.com
returns NXDOMAIN and a CNAME :/ (just reported to hostmaster@)
so relieved from lenovo service: went 20 minutes to cecon in berlin and got my fan replacement on warranty - took my x250 with me :) (plus: it's clean now and a fresh trackpoint) :D :D :D
this weekend:
- DNS secondary pushing to a local git repo https://github.com/roburio/udns/tree/master/mirage/examples/secondary-git
- DNS secondary which waits for CSR (as TLSA 3 255 0) and requests let's encrypt certificates (dumps them as TLSA 3 0 0 in authoritative) https://github.com/hannesm/ocaml-letsencrypt/tree/nsupdate/mirage
- anunikernel which uses DNS to receive it's let's encrypt certificate before serving an echo server https://github.com/roburio/udns/tree/master/mirage/examples/certificate
- unix command line version of the above, writes pem files https://github.com/roburio/udns/blob/master/app/ocertify.ml
#MirageOS #DNS #git dig tlsa test2.robur.io +tcp
told myself at some point "you never ever want to contribute to repository yyy again"... turns out such a thing is a mistake, it's always much better to fix existing, deployed libraries then to be stubborn and waiting for the perfect replacement... just opened a bunch of PRs within the last days :D
and it spawns (maximum) 400 per second (which also spawns an unnecessary sh atm, should work on some neater benchmark suite)... load average doesn't really go above 2.5 (two physical CPUs plus HTT available)... each vm only does 5 lines of console output (with 3 seconds sleep between each line)...
I've been running µDNS on my laptop as DNS resolver since a week. Super fast and no crashes so far :-) thx @hannesm https://github.com/roburio/udns #ocaml #mirageos
@Tusky I always get "failed to authenticate with this instance" with tusky 1.8.0 and mastodon.social... even removed + installed tusky... HELP
A #MirageOS unikernel running on an ESP32 https://www.lortex.org/posts/mirage/esp32/2018/05/04/success.html
never get out of training... #woodwork
