diff --git a/Posts/BadRecordMac b/Posts/BadRecordMac index 54bc2e8..71e332c 100644 --- a/Posts/BadRecordMac +++ b/Posts/BadRecordMac @@ -49,7 +49,7 @@ I manually computed the TCP checksum using the TCP/IP payload from the TLS trace * the [mac addresses are put](https://github.com/mirage/mirage-tcpip/blob/1617953b4674c9c832786c1ab3236b91d00f5c25/lib/ipv4.ml#L126) into the ethernet frame * the frame is then passed to [mirage-net-xen for sending](https://github.com/mirage/mirage-net-xen/blob/541e86f53cb8cf426aabdd7f090779fc5ea9fe93/lib/netif.ml#L538) via the Xen hypervisor. -As mentioned [earlier](https://hannes.nqsb.io/Posts/OCaml) I'm still using mirage-net-xen release 1.4.1. +As mentioned [earlier](/Posts/OCaml) I'm still using mirage-net-xen release 1.4.1. Communication with the Xen hypervisor is done via shared memory. The memory is allocated by mirage-net-xen, which then grants access to the hypervisor using [Xen grant tables](http://wiki.xen.org/wiki/Grant_Table). The TX protocol is implemented [here in mirage-net-xen](https://github.com/mirage/mirage-net-xen/blob/541e86f53cb8cf426aabdd7f090779fc5ea9fe93/lib/netif.ml#L84-L132), which includes allocation of a [ring buffer](https://github.com/mirage/shared-memory-ring/blob/2955bf502c79bc963a02d090481b0e8958cc0c49/lwt/lwt_ring.mli). The TX protocol also has implementations for writing requests and waiting for responses, both of which are identified using a 16bit integer. When a response has arrived from the hypervisor, the respective page is returned into the pool of [shared pages](https://github.com/mirage/mirage-net-xen/blob/541e86f53cb8cf426aabdd7f090779fc5ea9fe93/lib/netif.ml#L134-L213), to be reused by the next packet to be transmitted. diff --git a/Posts/Conex b/Posts/Conex index 2adab85..407e186 100644 --- a/Posts/Conex +++ b/Posts/Conex @@ -112,7 +112,7 @@ builtin, which should then call out to `conex_verify` (there is a `--nostrict` flag for the impatient). There is also an [example repository](https://github.com/hannesm/testrepo) which uses the opam validation command. To reduce the manual work, we analysed 7000 PRs of the opam repository within -the last 4.5 years (more details [here](https://hannes.nqsb.io/Posts/Maintainers). +the last 4.5 years (more details [here](/Posts/Maintainers). This resulted in an educated guess who are the people modifying each package, which we use as a basis whom to authorise for which packages. Please check with `conex_author status` below whether your team @@ -229,7 +229,7 @@ conex_author: [ERROR] package index arp was not found in repository This shows your key material and accounts, team membership and packages you are authorised to modify (inferred as described -[here](https://hannes.nqsb.io/Posts/Maintainers). +[here](/Posts/Maintainers). The `--noteam` argument limits the package list to only these you are personally authorised for. The `--id` argument presents you with a view of another author, diff --git a/Posts/Jackline b/Posts/Jackline index eeaad3f..05edc05 100644 --- a/Posts/Jackline +++ b/Posts/Jackline @@ -14,7 +14,7 @@ do what you're not supposed to do. I started to implement another security protocol ([Off-the-record](https://otr.cypherpunks.ca/), resulted in [ocaml-otr](https://hannesm.github.io/ocaml-otr/doc/Otr.html)) on my own, applying what I learned while co-developing TLS with David. I was eager to -actually deploy our TLS stack: using it with a web server (see [this post](https://hannes.nqsb.io/Posts/nqsbWebsite)) is fun, but only using one half +actually deploy our TLS stack: using it with a web server (see [this post](/Posts/nqsbWebsite)) is fun, but only using one half of the state machine (server side) and usually short-lived connections (discovers lots of issues with connection establishment) - not the client side and no long living connection (which may discover other kinds of issues, such as @@ -30,7 +30,7 @@ written in C. I started to develop [jackline](https://github.com/hannesm/jackline) (first commit is 13th November 2014), a terminal based XMPP client in -[OCaml](https://hannes.nqsb.io/Posts/OCaml). This is a report of a +[OCaml](/Posts/OCaml). This is a report of a work-in-progress (unreleased, but publicly available!) software project. I'm not happy with the code base, but neverthelss consider it to be a successful project: dozens of friends are using it (no exact numbers), I got [contributions from other people](https://github.com/hannesm/jackline/graphs/contributors) @@ -155,7 +155,7 @@ phone home - that's why I don't know how many people are using jackline, reports based on friends opinions are hundreds of users, I personally know at least several dozens. -As written [earlier](https://hannes.nqsb.io/Posts/OperatingSystem), I often take +As written [earlier](/Posts/OperatingSystem), I often take a look at the trusted computing base of a computer system. Jackline's trusted computing base consists of the client software itself, its OCaml dependencies (including OTR, TLS, tty library, ...), then the OCaml runtime system, which @@ -297,7 +297,7 @@ But there's some mess to clean up: 1. The [XMPP library](https://github.com/ermine/xmpp) makes heavy use of functors (to abstract over the concrete IO, etc.), and embeds IO deep inside it. -I do prefer (see e.g. [our TLS paper](https://usenix15.nqsb.io), or [my ARP post](https://hannes.nqsb.io/Posts/ARP)) these days to have a pure interface for +I do prefer (see e.g. [our TLS paper](https://usenix15.nqsb.io), or [my ARP post](/Posts/ARP)) these days to have a pure interface for the protocol implementation, providing explicit input (state, event, data), and output (state, action, potentially data to send on network, potentially data to process by the application). The [sasl implementation](https://github.com/hannesm/xmpp/blob/eee18bd3dd343550169969c0b45548eafd51cfe1/src/sasl.ml) diff --git a/Posts/OCaml b/Posts/OCaml index 849aee4..48e9926 100644 --- a/Posts/OCaml +++ b/Posts/OCaml @@ -31,8 +31,8 @@ on the community size, natural selection will prevail the useful tools ## Why OCaml? -As already mentioned in [other](https://hannes.nqsb.io/Posts/About) -[articles](https://hannes.nqsb.io/Posts/OperatingSystem) here, it is a +As already mentioned in [other](/Posts/About) +[articles](/Posts/OperatingSystem) here, it is a combination of sufficiently large community, runtime stability and performance, modularity, carefully thought out abstraction mechanisms, maturity (OCaml recently turned 20), and functional features. diff --git a/Posts/Solo5 b/Posts/Solo5 index f58d57f..bddb37f 100644 --- a/Posts/Solo5 +++ b/Posts/Solo5 @@ -11,7 +11,7 @@ abstract: MirageOS solo5 multiboot native on bhyve ## What? -As described [earlier](https://hannes.nqsb.io/Posts/OperatingSystem), MirageOS is a library operating system developed in [OCaml](https://hannes.nqsb.io/Posts/OCaml). The code size is already pretty small, deployments are so far either as a UNIX binary or as a Xen virtual machine. +As described [earlier](/Posts/OperatingSystem), MirageOS is a library operating system developed in [OCaml](/Posts/OCaml). The code size is already pretty small, deployments are so far either as a UNIX binary or as a Xen virtual machine. Xen is a hypervisor, providing concrete device drivers for the actual hardware of a physical machine, memory management, scheduling, etc. The initial release of Xen was done in 2003, since then the code size and code complexity of Xen is growing. It also has various different mechanisms for virtualisation, hardware assisted ones or purely software based ones, some where the guest operating system needs to cooperate others where it does not need to cooperate. diff --git a/Posts/VMM b/Posts/VMM index b385195..b22ba19 100644 --- a/Posts/VMM +++ b/Posts/VMM @@ -19,7 +19,7 @@ Once a virtual machine image has been created, it needs to be deployed. I run my own physical hardware, with all the associated upsides and downsides. Specifically I run several physical [FreeBSD](https://freebsd.org) machines on the Internet, and use the [bhyve](http://bhyve.org) hypervisor with MirageOS as -described [earlier](https://hannes.nqsb.io/Posts/Solo5). Recently, Martin +described [earlier](/Posts/Solo5). Recently, Martin Lucina [developed](https://github.com/Solo5/solo5/pull/171/commits/e67a007b75fa3fcee5c082aab04c9fe9e897d779) a