<htmlxmlns="http://www.w3.org/1999/xhtml"><head><title>full stack engineer</title><metacharset="UTF-8"/><linkrel="stylesheet"href="/static/css/style.css"/><linkrel="stylesheet"href="/static/css/highlight.css"/><scriptsrc="/static/js/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script><linkrel="alternate"href="/atom"title="full stack engineer"type="application/atom+xml"/><metaname="viewport"content="width=device-width, initial-scale=1, viewport-fit=cover"/></head><body><navclass="navbar navbar-default navbar-fixed-top"><divclass="container"><divclass="navbar-header"><aclass="navbar-brand"href="/Posts">full stack engineer</a></div><divclass="collapse navbar-collapse collapse"><ulclass="nav navbar-nav navbar-right"><li><ahref="/About"><span>About</span></a></li><li><ahref="/Posts"><span>Posts</span></a></li></ul></div></div></nav><main><divclass="flex-container"><divclass="flex-container"><divclass="list-group listing"><ahref="/Posts/Retreat2024"class="list-group-item"><h2class="list-group-item-heading">The MirageOS retreat 2024</h2><spanclass="author">Written by hannes</span><time>2024-05-15</time><br/><pclass="list-group-item-text abstract"><p>My involvement and experience of the MirageOS retreat 2024</p>
</p></a><ahref="/Posts/TCP-ns"class="list-group-item"><h2class="list-group-item-heading">Redeveloping TCP from the ground up</h2><spanclass="author">Written by hannes</span><time>2023-11-28</time><br/><pclass="list-group-item-text abstract"><p>Core Internet protocols require operational experiments, even if formally specified</p>
</p></a><ahref="/Posts/Albatross"class="list-group-item"><h2class="list-group-item-heading">Deploying reproducible unikernels with albatross</h2><spanclass="author">Written by hannes</span><time>2022-11-17</time><br/><pclass="list-group-item-text abstract"><p>fleet management for MirageOS unikernels using a mutually authenticated TLS handshake</p>
</p></a><ahref="/Posts/OpamMirror"class="list-group-item"><h2class="list-group-item-heading">Mirroring the opam repository and all tarballs</h2><spanclass="author">Written by hannes</span><time>2022-09-29</time><br/><pclass="list-group-item-text abstract"><p>Re-developing an opam cache from scratch, as a MirageOS unikernel</p>
</p></a><ahref="/Posts/Monitoring"class="list-group-item"><h2class="list-group-item-heading">All your metrics belong to influx</h2><spanclass="author">Written by hannes</span><time>2022-03-08</time><br/><pclass="list-group-item-text abstract"><p>How to monitor your MirageOS unikernel with albatross and monitoring-experiments</p>
</p></a><ahref="/Posts/Deploy"class="list-group-item"><h2class="list-group-item-heading">Deploying binary MirageOS unikernels</h2><spanclass="author">Written by hannes</span><time>2021-06-30</time><br/><pclass="list-group-item-text abstract"><p>Finally, we provide reproducible binary MirageOS unikernels together with packages to reproduce them and setup your own builder</p>
</p></a><ahref="/Posts/EC"class="list-group-item"><h2class="list-group-item-heading">Cryptography updates in OCaml and MirageOS</h2><spanclass="author">Written by hannes</span><time>2021-04-23</time><br/><pclass="list-group-item-text abstract"><p>Elliptic curves (ECDSA/ECDH) are supported in a maintainable and secure way.</p>
</p></a><ahref="/Posts/NGI"class="list-group-item"><h2class="list-group-item-heading">The road ahead for MirageOS in 2021</h2><spanclass="author">Written by hannes</span><time>2021-01-25</time><br/><pclass="list-group-item-text abstract"><p>Home office, MirageOS unikernels, 2020 recap, 2021 tbd</p>
</p></a><ahref="/Posts/Traceroute"class="list-group-item"><h2class="list-group-item-heading">Traceroute</h2><spanclass="author">Written by hannes</span><time>2020-06-24</time><br/><pclass="list-group-item-text abstract"><p>A MirageOS unikernel which traces the path between itself and a remote host.</p>
</p></a><ahref="/Posts/DnsServer"class="list-group-item"><h2class="list-group-item-heading">Deploying authoritative OCaml-DNS servers as MirageOS unikernels</h2><spanclass="author">Written by hannes</span><time>2019-12-23</time><br/><pclass="list-group-item-text abstract"><p>A tutorial how to deploy authoritative name servers, let's encrypt, and updating entries from unix services.</p>
</p></a><ahref="/Posts/ReproducibleOPAM"class="list-group-item"><h2class="list-group-item-heading">Reproducible MirageOS unikernel builds</h2><spanclass="author">Written by hannes</span><time>2019-12-16</time><br/><pclass="list-group-item-text abstract"><p>MirageOS unikernels are reproducible :)</p>
</p></a><ahref="/Posts/X50907"class="list-group-item"><h2class="list-group-item-heading">X509 0.7</h2><spanclass="author">Written by hannes</span><time>2019-08-15</time><br/><pclass="list-group-item-text abstract"><p>Five years since ocaml-x509 initial release, it has been reworked and used more widely</p>
</p></a><ahref="/Posts/Summer2019"class="list-group-item"><h2class="list-group-item-heading">Summer 2019</h2><spanclass="author">Written by hannes</span><time>2019-07-08</time><br/><pclass="list-group-item-text abstract"><p>Bringing MirageOS into production, take IV monitoring, CalDAV, DNS</p>
</p></a><ahref="/Posts/Pinata"class="list-group-item"><h2class="list-group-item-heading">The Bitcoin Piñata - no candy for you</h2><spanclass="author">Written by hannes</span><time>2018-04-18</time><br/><pclass="list-group-item-text abstract"><p>More than three years ago we launched our Bitcoin Piñata as a transparent security bait. It is still up and running!</p>
</p></a><ahref="/Posts/DNS"class="list-group-item"><h2class="list-group-item-heading">My 2018 contains robur and starts with re-engineering DNS</h2><spanclass="author">Written by hannes</span><time>2018-01-11</time><br/><pclass="list-group-item-text abstract"><p>New year brings new possibilities and a new environment. I've been working on the most Widely deployed key-value store, the domain name system. Primary and secondary name services are available, including dynamic updates, notify, and tsig authentication.</p>
</p></a><ahref="/Posts/VMM"class="list-group-item"><h2class="list-group-item-heading">Albatross - provisioning, deploying, managing, and monitoring virtual machines</h2><spanclass="author">Written by hannes</span><time>2017-07-10</time><br/><pclass="list-group-item-text abstract"><p>all we need is X.509</p>
</p></a><ahref="/Posts/Conex"class="list-group-item"><h2class="list-group-item-heading">Conex, establish trust in community repositories</h2><spanclass="author">Written by hannes</span><time>2017-02-16</time><br/><pclass="list-group-item-text abstract"><p>Conex is a library to verify and attest package release integrity and authenticity through the use of cryptographic signatures.</p>
</p></a><ahref="/Posts/Maintainers"class="list-group-item"><h2class="list-group-item-heading">Who maintains package X?</h2><spanclass="author">Written by hannes</span><time>2017-02-16</time><br/><pclass="list-group-item-text abstract"><p>We describe why manual gathering of metadata is out of date, and version control systems are awesome.</p>
</p></a><ahref="/Posts/Jackline"class="list-group-item"><h2class="list-group-item-heading">Jackline, a secure terminal-based XMPP client</h2><spanclass="author">Written by hannes</span><time>2017-01-30</time><br/><pclass="list-group-item-text abstract"><p>implement it once to know you can do it. implement it a second time and you get readable code. implementing it a third time from scratch may lead to useful libraries.</p>
</p></a><ahref="/Posts/Syslog"class="list-group-item"><h2class="list-group-item-heading">Exfiltrating log data using syslog</h2><spanclass="author">Written by hannes</span><time>2016-11-05</time><br/><pclass="list-group-item-text abstract"><p>sometimes preservation of data is useful</p>
</p></a><ahref="/Posts/ARP"class="list-group-item"><h2class="list-group-item-heading">Re-engineering ARP</h2><spanclass="author">Written by hannes</span><time>2016-07-12</time><br/><pclass="list-group-item-text abstract"><p>If you want it as you like, you've to do it yourself</p>
</p></a><ahref="/Posts/Solo5"class="list-group-item"><h2class="list-group-item-heading">Minimising the virtual machine monitor</h2><spanclass="author">Written by hannes</span><time>2016-07-02</time><br/><pclass="list-group-item-text abstract"><p>MirageOS solo5 multiboot native on bhyve</p>
</p></a><ahref="/Posts/BottomUp"class="list-group-item"><h2class="list-group-item-heading">Counting Bytes</h2><spanclass="author">Written by hannes</span><time>2016-06-11</time><br/><pclass="list-group-item-text abstract"><p>looking into dependencies and their sizes</p>
</p></a><ahref="/Posts/Functoria"class="list-group-item"><h2class="list-group-item-heading">Configuration DSL step-by-step</h2><spanclass="author">Written by hannes</span><time>2016-05-10</time><br/><pclass="list-group-item-text abstract"><p>how to actually configure the system</p>
</p></a><ahref="/Posts/BadRecordMac"class="list-group-item"><h2class="list-group-item-heading">Catch the bug, walking through the stack</h2><spanclass="author">Written by hannes</span><time>2016-05-03</time><br/><pclass="list-group-item-text abstract"><p>10BTC could've been yours</p>
</p></a><ahref="/Posts/nqsbWebsite"class="list-group-item"><h2class="list-group-item-heading">Fitting the things together</h2><spanclass="author">Written by hannes</span><time>2016-04-24</time><br/><pclass="list-group-item-text abstract"><p>building a simple website</p>
</p></a><ahref="/Posts/OCaml"class="list-group-item"><h2class="list-group-item-heading">Why OCaml</h2><spanclass="author">Written by hannes</span><time>2016-04-17</time><br/><pclass="list-group-item-text abstract"><p>a gentle introduction into OCaml</p>
</p></a><ahref="/Posts/OperatingSystem"class="list-group-item"><h2class="list-group-item-heading">Operating systems</h2><spanclass="author">Written by hannes</span><time>2016-04-09</time><br/><pclass="list-group-item-text abstract"><p>Operating systems and MirageOS</p>