hannes is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
hannes boosted

RT @mattcielak@twitter.com
Great slide from @aprilwensel@twitter.com showing how we should shift the stereotypical tech culture to be more positive.

ha, tests pass one and it compiles... needed to rewrite the recursive algorithm though, next step: re-enable name compression and rebase/revise commit messages (see github.com/roburio/udns/tree/b)... but today I sneaked myself into working on opam signing...

hannes boosted

This debugger is slowly going somewhere, Notty is so cool. \o/

happy to finally have found a decent description of cache poisoning attacks and formalisation thereof -- cs.cornell.edu/~shmat/shmat_se (after a late-night discovery that my resolver code is not yet decent, working hard on that now :)

hannes boosted

hey everyone else who is running #MirageOS unikernels on AWS -- today is a good day to move them to another cloud behemoth! somerandomidiot.com/blog/2018/

hannes boosted

See how it is possible to deploy a (like the / based ) in , so that it runs from an *unprivileged* container in its own isolated VM, by using the kvm device plugin from ! \o/


that was my spare time project over the last year ;)

happy: got new certificate for hannes.nqsb.io using let's encrypt and unikernels (DNS challenge) -- all stored in DNS (see dig tlsa hannes.nqsb.io) backed in a git-repository (dumped by a hidden secondary) \o/ -- no longer IP reconfigurations and dehydrated/certbot

hannes boosted

Holy shit. The Bavarian Police conducted a raid at the und the CCC Augsburg and confiscated personal belongings without having a real proof.

Money quote: "The mere presence of an e-mail address at a large free provider on a website has caused law enforcement authorities to deduce that a German association [...] must be connected to this website somehow"


Great system you have out there

dig a www.katerundgoldfisch.com @ns2.jimdo.com

returns NXDOMAIN and a CNAME :/ (just reported to hostmaster@)

so relieved from lenovo service: went 20 minutes to cecon in berlin and got my fan replacement on warranty - took my x250 with me :) (plus: it's clean now and a fresh trackpoint) :D :D :D

this weekend:
- DNS secondary pushing to a local git repo github.com/roburio/udns/tree/m
- DNS secondary which waits for CSR (as TLSA 3 255 0) and requests let's encrypt certificates (dumps them as TLSA 3 0 0 in authoritative) github.com/hannesm/ocaml-letse
- anunikernel which uses DNS to receive it's let's encrypt certificate before serving an echo server github.com/roburio/udns/tree/m
- unix command line version of the above, writes pem files github.com/roburio/udns/blob/m
dig tlsa test2.robur.io +tcp

told myself at some point "you never ever want to contribute to repository yyy again"... turns out such a thing is a mistake, it's always much better to fix existing, deployed libraries then to be stubborn and waiting for the perfect replacement... just opened a bunch of PRs within the last days :D

and it spawns (maximum) 400 per second (which also spawns an unnecessary sh atm, should work on some neater benchmark suite)... load average doesn't really go above 2.5 (two physical CPUs plus HTT available)... each vm only does 5 lines of console output (with 3 seconds sleep between each line)...

I just tested on my 8GB memory laptop (Core(TM) i7-5600U CPU @ 2.60GHz) and FreeBSD-CURRENT, it looks like ~1800 BHyve VMs are maximum (still have sufficient CPU and memory, unclear why I can't spawn more)... each VM consumes ~3.5MB

hannes boosted

I've been running µDNS on my laptop as DNS resolver since a week. Super fast and no crashes so far :-) thx @hannesm github.com/roburio/udns #ocaml #mirageos

hannes boosted

@Tusky I always get "failed to authenticate with this instance" with tusky 1.8.0 and mastodon.social... even removed + installed tusky... HELP