From b8d3ea3687780e10568fb039612ac98a1b04cc02 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 24 Jan 2017 12:38:17 +0000 Subject: [PATCH] move updates to the end --- Posts/BadRecordMac | 16 ++++++++-------- Posts/Functoria | 18 +++++++++--------- Posts/OCaml | 16 ++++++++-------- Posts/OperatingSystem | 30 +++++++++++++++--------------- Posts/Solo5 | 6 +++--- Posts/nqsbWebsite | 14 +++++++------- 6 files changed, 50 insertions(+), 50 deletions(-) diff --git a/Posts/BadRecordMac b/Posts/BadRecordMac index 680f51e..fa26b4e 100644 --- a/Posts/BadRecordMac +++ b/Posts/BadRecordMac @@ -5,14 +5,6 @@ tags: mirageos, security abstract: 10BTC could've been yours --- -## Updates - -- Canopy uses a [map instead of a hashtable](https://github.com/Engil/Canopy/issues/30#issuecomment-215010365), [tags](https://hannes.nqsb.io/tags) now contains a list of tags ([PR here](https://github.com/Engil/Canopy/pull/39)), both thanks to voila! I also use the [new CSS](https://github.com/Engil/Canopy/pull/38) from Engil -- There is a [CVE for OCaml <=4.03](http://www.openwall.com/lists/oss-security/2016/04/29/1) -- [Mirage 2.9.0](https://github.com/mirage/mirage/pull/534) was released, which integrates support of the logs library (now already used in [mirage-net-xen](https://github.com/mirage/mirage-net-xen/pull/43) and [mirage-tcpip](https://github.com/mirage/mirage-tcpip/pull/199)) -- This blog post has an accompanied [MirageOS security advisory](https://mirage.io/blog/MSA00) -- cfcs documented some [basic unikernels](https://github.com/cfcs/mirage-examples) - ## BAD RECORD MAC Roughly 2 weeks ago, [Engil](https://github.com/Engil) informed me that a TLS alert pops up in his browser sometimes when he reads this website. His browser reported that the [message authentication code](https://en.wikipedia.org/wiki/Message_authentication_code) was wrong. From [RFC 5246](https://tools.ietf.org/html/rfc5246): This message is always fatal and should never be observed in communication between proper implementations (except when messages were corrupted in the network). @@ -78,3 +70,11 @@ Certainly, interfacing the outside world is complex. The [mirage-block-xen](htt I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). + +## Other updates in the MirageOS ecosystem + +- Canopy uses a [map instead of a hashtable](https://github.com/Engil/Canopy/issues/30#issuecomment-215010365), [tags](https://hannes.nqsb.io/tags) now contains a list of tags ([PR here](https://github.com/Engil/Canopy/pull/39)), both thanks to voila! I also use the [new CSS](https://github.com/Engil/Canopy/pull/38) from Engil +- There is a [CVE for OCaml <=4.03](http://www.openwall.com/lists/oss-security/2016/04/29/1) +- [Mirage 2.9.0](https://github.com/mirage/mirage/pull/534) was released, which integrates support of the logs library (now already used in [mirage-net-xen](https://github.com/mirage/mirage-net-xen/pull/43) and [mirage-tcpip](https://github.com/mirage/mirage-tcpip/pull/199)) +- This blog post has an accompanied [MirageOS security advisory](https://mirage.io/blog/MSA00) +- cfcs documented some [basic unikernels](https://github.com/cfcs/mirage-examples) diff --git a/Posts/Functoria b/Posts/Functoria index bfca5c5..e020027 100644 --- a/Posts/Functoria +++ b/Posts/Functoria @@ -5,15 +5,6 @@ tags: mirageos, background abstract: how to actually configure the system --- -## Updates - -- now using Html5.P.print instead of string concatenation, as suggested by Drup (both on [nqsb.io](https://github.com/mirleft/nqsb.io/commit/f16291b67d203bf6b2ebc0c5c8479b7cfd153683) and in [Canopy](https://github.com/Engil/Canopy/pull/46)) -- Canopy updated and created timestamps (for [irmin-0.10](https://github.com/Engil/Canopy/pull/48) and [irmin-0.11](https://github.com/Engil/Canopy/pull/43)) -- another [resource leak in mirage-http](https://github.com/mirage/mirage-http/pull/24) -- [mirage-platform now has 4.03 support](https://github.com/mirage/mirage-platform/pull/165) and [strtod](https://github.com/mirage/mirage-platform/issues/118) (finally :) -- [blog posts about retreat in marrakech](https://mirage.io/blog/2016-spring-hackathon) -- [syndic 1.5.0 release](https://github.com/Cumulus/Syndic) now using ptime instead of calendar - Sorry for being late again with this article, I had other ones planned, but am not yet satisfied with content and code, will have to wait another week. ## MirageOS configuration @@ -160,3 +151,12 @@ We walked through the configuration magic of MirageOS, which is a domain-specifi I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). + +## Other updates in the MirageOS ecosystem + +- now using Html5.P.print instead of string concatenation, as suggested by Drup (both on [nqsb.io](https://github.com/mirleft/nqsb.io/commit/f16291b67d203bf6b2ebc0c5c8479b7cfd153683) and in [Canopy](https://github.com/Engil/Canopy/pull/46)) +- Canopy updated and created timestamps (for [irmin-0.10](https://github.com/Engil/Canopy/pull/48) and [irmin-0.11](https://github.com/Engil/Canopy/pull/43)) +- another [resource leak in mirage-http](https://github.com/mirage/mirage-http/pull/24) +- [mirage-platform now has 4.03 support](https://github.com/mirage/mirage-platform/pull/165) and [strtod](https://github.com/mirage/mirage-platform/issues/118) (finally :) +- [blog posts about retreat in marrakech](https://mirage.io/blog/2016-spring-hackathon) +- [syndic 1.5.0 release](https://github.com/Cumulus/Syndic) now using ptime instead of calendar diff --git a/Posts/OCaml b/Posts/OCaml index 04e3b66..849aee4 100644 --- a/Posts/OCaml +++ b/Posts/OCaml @@ -5,14 +5,6 @@ tags: overview, background abstract: a gentle introduction into OCaml --- -## Updates - -- Canopy now sends out appropriate [content type](https://github.com/Engil/Canopy/pull/23) HTTP headers -- [mirage-http 2.5.2](https://github.com/mirage/mirage-http/releases/tag/v2.5.2) was released to [opam](https://opam.ocaml.org/packages/mirage-http/mirage-http.2.5.2/) which fixes the resource leak -- regression in [mirage-net-xen 1.6.0](https://github.com/mirage/mirage-net-xen/issues/39), I'm back on 1.4.1 -- I stumbled upon [too large crunch for MirageOS](https://github.com/mirage/mirage/issues/396), no solution apart from using a FAT image ([putting the data into an ELF section](https://github.com/mirage/mirage/issues/489) would solve the issue, if anyone is interested in MirageOS, that'd be a great project to start with) -- unrelated, [X.509 0.5.2](https://opam.ocaml.org/packages/x509/x509.0.5.2/) fixes [this bug](https://github.com/mirleft/ocaml-x509/commit/1a1476308d24bdcc49d45c4cd9ef539ca57461d2) in certificate chain construction - ## Programming For me, programming is fun. I enjoy doing it, every single second. All the way @@ -141,3 +133,11 @@ specification and implementation](https://nqsb.io/nqsbtls-usenix-security15.pdf). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). + +## Other updates in the MirageOS ecosystem + +- Canopy now sends out appropriate [content type](https://github.com/Engil/Canopy/pull/23) HTTP headers +- [mirage-http 2.5.2](https://github.com/mirage/mirage-http/releases/tag/v2.5.2) was released to [opam](https://opam.ocaml.org/packages/mirage-http/mirage-http.2.5.2/) which fixes the resource leak +- regression in [mirage-net-xen 1.6.0](https://github.com/mirage/mirage-net-xen/issues/39), I'm back on 1.4.1 +- I stumbled upon [too large crunch for MirageOS](https://github.com/mirage/mirage/issues/396), no solution apart from using a FAT image ([putting the data into an ELF section](https://github.com/mirage/mirage/issues/489) would solve the issue, if anyone is interested in MirageOS, that'd be a great project to start with) +- unrelated, [X.509 0.5.2](https://opam.ocaml.org/packages/x509/x509.0.5.2/) fixes [this bug](https://github.com/mirleft/ocaml-x509/commit/1a1476308d24bdcc49d45c4cd9ef539ca57461d2) in certificate chain construction diff --git a/Posts/OperatingSystem b/Posts/OperatingSystem index ff8a803..005344f 100644 --- a/Posts/OperatingSystem +++ b/Posts/OperatingSystem @@ -5,21 +5,7 @@ tags: overview, operating system, mirageos abstract: Operating systems and MirageOS --- -## Updates - -Sorry to be late with this entry, but I had to fix some issues: - -- this website is based on [Canopy](https://github.com/Engil/Canopy), the content is stored as markdown in a [git repository](https://github.com/hannesm/hannes.nqsb.io) -- it was running in a [FreeBSD](https://FreeBSD.org) jail, but when I compiled too much the underlying [zfs file system](https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs.html) wasn't happy (and is now hanging in kernel space in a read) -- no remote power switch (borrowed to a friend 3 weeks ago), nobody was willing to go to the data centre and reboot -- I wanted to move it anyways to a host where I can deploy [Xen](http://www.xenproject.org/) guest VMs -- turns out the Xen compilation and deployment mode needed some love: - - I ported a newer [bin_prot](https://github.com/hannesm/bin_prot/tree/113.33.00+xen) to xen - - I wrote a clean patch to [serve via TLS](https://github.com/Engil/Canopy/pull/15) (including [HSTS header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and redirecting HTTP (moved permanently) to HTTPS) - - I found a memory leak in the [mirage-http](https://github.com/mirage/mirage-http/pull/23) library -- I was travelling -- good news: it now works on Xen, and there is [an atom feed](https://hannes.nqsb.io/atom) -- life of an "eat your own dogfood" full stack engineer ;) +Sorry to be late with this entry, but I had to fix some issues. ## What is an operating system? @@ -178,3 +164,17 @@ I hope I gave some insight into what the purpose of an operating systems is, and how MirageOS fits into the picture. I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). + +## Other updates in the MirageOS ecosystem + +- this website is based on [Canopy](https://github.com/Engil/Canopy), the content is stored as markdown in a [git repository](https://github.com/hannesm/hannes.nqsb.io) +- it was running in a [FreeBSD](https://FreeBSD.org) jail, but when I compiled too much the underlying [zfs file system](https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs.html) wasn't happy (and is now hanging in kernel space in a read) +- no remote power switch (borrowed to a friend 3 weeks ago), nobody was willing to go to the data centre and reboot +- I wanted to move it anyways to a host where I can deploy [Xen](http://www.xenproject.org/) guest VMs +- turns out the Xen compilation and deployment mode needed some love: + - I ported a newer [bin_prot](https://github.com/hannesm/bin_prot/tree/113.33.00+xen) to xen + - I wrote a clean patch to [serve via TLS](https://github.com/Engil/Canopy/pull/15) (including [HSTS header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and redirecting HTTP (moved permanently) to HTTPS) + - I found a memory leak in the [mirage-http](https://github.com/mirage/mirage-http/pull/23) library +- I was travelling +- good news: it now works on Xen, and there is [an atom feed](https://hannes.nqsb.io/atom) +- life of an "eat your own dogfood" full stack engineer ;) diff --git a/Posts/Solo5 b/Posts/Solo5 index 66564cf..cb55d18 100644 --- a/Posts/Solo5 +++ b/Posts/Solo5 @@ -5,8 +5,8 @@ tags: future, mirageos, security abstract: MirageOS solo5 multiboot native on bhyve --- -Update (2016-10-19): all has been merged upstream now! -Update (2016-10-30): `static_website_tls` works (TLS,HTTP,network via tap device)! +- Update (2016-10-19): all has been merged upstream now! +- Update (2016-10-30): `static_website_tls` works (TLS,HTTP,network via tap device)! ## What? @@ -86,6 +86,6 @@ I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). -# Other updates in the MirageOS ecosystem +## Other updates in the MirageOS ecosystem There were some busy times, several pull requests are still waiting to get merged (e.g. some cosmetics in [mirage](https://github.com/mirage/mirage/pull/544) as preconditions for treemaps and dependency diagrams), I [proposed](https://github.com/mirage/mirage/pull/547) to use `sleep_ns : int64 -> unit io` instead of the `sleep : float -> unit io` (nobody wants floating point numbers); also an RFC for [random](https://github.com/mirage/mirage/pull/551), Matt Gray [proposed](https://github.com/mirage/mirage/pull/548) to get rid of `CLOCK` (and have a `PCLOCK` and a `MCLOCK` instead). Soon there will be a major MirageOS release which breaks all the previous unikernels! :) diff --git a/Posts/nqsbWebsite b/Posts/nqsbWebsite index 5cf10fe..1e37ef6 100644 --- a/Posts/nqsbWebsite +++ b/Posts/nqsbWebsite @@ -5,13 +5,6 @@ tags: mirageos, http, tls, protocol abstract: building a simple website --- -## Updates - -- [Canopy](https://github.com/Engil/Canopy) improvements: [no bower anymore](https://github.com/Engil/Canopy/pull/26), [HTTP caching support (via etags)](https://github.com/Engil/Canopy/pull/27), [listings now include dates](https://github.com/Engil/Canopy/pull/31), [dates are now in big-endian (y-m-d)](https://github.com/Engil/Canopy/pull/32) -- [MirageOS call irclog from 2014-04-20](http://canopy.mirage.io/irclogs/20-04-2016) -- blog article about [naive authentication service using MirageOS](https://abailly.github.io/posts/mirage-os-newbie.html) -- [OCaml 4.03 post](https://lwn.net/SubscriberLink/684128/1436601f401c1f09/) - ## Task Our task is to build a small unikernel which provides a project website. On our way we will wade through various layers using code examples. The website itself contains a few paragraphs of text, some link lists, and our published papers in pdf form. @@ -270,3 +263,10 @@ For a start in MirageOS unikernels, look into our [mirage-skeleton](https://gith I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). + +## Other updates in the MirageOS ecosystem + +- [Canopy](https://github.com/Engil/Canopy) improvements: [no bower anymore](https://github.com/Engil/Canopy/pull/26), [HTTP caching support (via etags)](https://github.com/Engil/Canopy/pull/27), [listings now include dates](https://github.com/Engil/Canopy/pull/31), [dates are now in big-endian (y-m-d)](https://github.com/Engil/Canopy/pull/32) +- [MirageOS call irclog from 2014-04-20](http://canopy.mirage.io/irclogs/20-04-2016) +- blog article about [naive authentication service using MirageOS](https://abailly.github.io/posts/mirage-os-newbie.html) +- [OCaml 4.03 post](https://lwn.net/SubscriberLink/684128/1436601f401c1f09/)