hannes/hannes.robur.coop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move updates to the end

Browse source
This commit is contained in:
Hannes Mehnert 2017-01-24 12:38:17 +00:00
parent f074cfdeaf
commit b8d3ea3687
6 changed files with 50 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
Posts/BadRecordMac
View file

@ -5,14 +5,6 @@ tags: mirageos, security
abstract: 10BTC could've been yours abstract: 10BTC could've been yours
--- ---
## Updates
- Canopy uses a [map instead of a hashtable](https://github.com/Engil/Canopy/issues/30#issuecomment-215010365), [tags](https://hannes.nqsb.io/tags) now contains a list of tags ([PR here](https://github.com/Engil/Canopy/pull/39)), both thanks to voila! I also use the [new CSS](https://github.com/Engil/Canopy/pull/38) from Engil
- There is a [CVE for OCaml <=4.03](http://www.openwall.com/lists/oss-security/2016/04/29/1)
- [Mirage 2.9.0](https://github.com/mirage/mirage/pull/534) was released, which integrates support of the logs library (now already used in [mirage-net-xen](https://github.com/mirage/mirage-net-xen/pull/43) and [mirage-tcpip](https://github.com/mirage/mirage-tcpip/pull/199))
- This blog post has an accompanied [MirageOS security advisory](https://mirage.io/blog/MSA00)
- cfcs documented some [basic unikernels](https://github.com/cfcs/mirage-examples)
## BAD RECORD MAC ## BAD RECORD MAC
Roughly 2 weeks ago, [Engil](https://github.com/Engil) informed me that a TLS alert pops up in his browser sometimes when he reads this website. His browser reported that the [message authentication code](https://en.wikipedia.org/wiki/Message_authentication_code) was wrong. From [RFC 5246](https://tools.ietf.org/html/rfc5246): This message is always fatal and should never be observed in communication between proper implementations (except when messages were corrupted in the network). Roughly 2 weeks ago, [Engil](https://github.com/Engil) informed me that a TLS alert pops up in his browser sometimes when he reads this website. His browser reported that the [message authentication code](https://en.wikipedia.org/wiki/Message_authentication_code) was wrong. From [RFC 5246](https://tools.ietf.org/html/rfc5246): This message is always fatal and should never be observed in communication between proper implementations (except when messages were corrupted in the network).
@ -78,3 +70,11 @@ Certainly, interfacing the outside world is complex. The [mirage-block-xen](htt
I'm interested in feedback, either via I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). GitHub](https://github.com/hannesm/hannes.nqsb.io/issues).
## Other updates in the MirageOS ecosystem
- Canopy uses a [map instead of a hashtable](https://github.com/Engil/Canopy/issues/30#issuecomment-215010365), [tags](https://hannes.nqsb.io/tags) now contains a list of tags ([PR here](https://github.com/Engil/Canopy/pull/39)), both thanks to voila! I also use the [new CSS](https://github.com/Engil/Canopy/pull/38) from Engil
- There is a [CVE for OCaml <=4.03](http://www.openwall.com/lists/oss-security/2016/04/29/1)
- [Mirage 2.9.0](https://github.com/mirage/mirage/pull/534) was released, which integrates support of the logs library (now already used in [mirage-net-xen](https://github.com/mirage/mirage-net-xen/pull/43) and [mirage-tcpip](https://github.com/mirage/mirage-tcpip/pull/199))
- This blog post has an accompanied [MirageOS security advisory](https://mirage.io/blog/MSA00)
- cfcs documented some [basic unikernels](https://github.com/cfcs/mirage-examples)

18
Posts/Functoria
View file

@ -5,15 +5,6 @@ tags: mirageos, background
abstract: how to actually configure the system abstract: how to actually configure the system
--- ---
## Updates
- now using Html5.P.print instead of string concatenation, as suggested by Drup (both on [nqsb.io](https://github.com/mirleft/nqsb.io/commit/f16291b67d203bf6b2ebc0c5c8479b7cfd153683) and in [Canopy](https://github.com/Engil/Canopy/pull/46))
- Canopy updated and created timestamps (for [irmin-0.10](https://github.com/Engil/Canopy/pull/48) and [irmin-0.11](https://github.com/Engil/Canopy/pull/43))
- another [resource leak in mirage-http](https://github.com/mirage/mirage-http/pull/24)
- [mirage-platform now has 4.03 support](https://github.com/mirage/mirage-platform/pull/165) and [strtod](https://github.com/mirage/mirage-platform/issues/118) (finally :)
- [blog posts about retreat in marrakech](https://mirage.io/blog/2016-spring-hackathon)
- [syndic 1.5.0 release](https://github.com/Cumulus/Syndic) now using ptime instead of calendar
Sorry for being late again with this article, I had other ones planned, but am not yet satisfied with content and code, will have to wait another week. Sorry for being late again with this article, I had other ones planned, but am not yet satisfied with content and code, will have to wait another week.
## MirageOS configuration ## MirageOS configuration
@ -160,3 +151,12 @@ We walked through the configuration magic of MirageOS, which is a domain-specifi
I'm interested in feedback, either via I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). GitHub](https://github.com/hannesm/hannes.nqsb.io/issues).
## Other updates in the MirageOS ecosystem
- now using Html5.P.print instead of string concatenation, as suggested by Drup (both on [nqsb.io](https://github.com/mirleft/nqsb.io/commit/f16291b67d203bf6b2ebc0c5c8479b7cfd153683) and in [Canopy](https://github.com/Engil/Canopy/pull/46))
- Canopy updated and created timestamps (for [irmin-0.10](https://github.com/Engil/Canopy/pull/48) and [irmin-0.11](https://github.com/Engil/Canopy/pull/43))
- another [resource leak in mirage-http](https://github.com/mirage/mirage-http/pull/24)
- [mirage-platform now has 4.03 support](https://github.com/mirage/mirage-platform/pull/165) and [strtod](https://github.com/mirage/mirage-platform/issues/118) (finally :)
- [blog posts about retreat in marrakech](https://mirage.io/blog/2016-spring-hackathon)
- [syndic 1.5.0 release](https://github.com/Cumulus/Syndic) now using ptime instead of calendar

16
Posts/OCaml
View file

@ -5,14 +5,6 @@ tags: overview, background
abstract: a gentle introduction into OCaml abstract: a gentle introduction into OCaml
--- ---
## Updates
- Canopy now sends out appropriate [content type](https://github.com/Engil/Canopy/pull/23) HTTP headers
- [mirage-http 2.5.2](https://github.com/mirage/mirage-http/releases/tag/v2.5.2) was released to [opam](https://opam.ocaml.org/packages/mirage-http/mirage-http.2.5.2/) which fixes the resource leak
- regression in [mirage-net-xen 1.6.0](https://github.com/mirage/mirage-net-xen/issues/39), I'm back on 1.4.1
- I stumbled upon [too large crunch for MirageOS](https://github.com/mirage/mirage/issues/396), no solution apart from using a FAT image ([putting the data into an ELF section](https://github.com/mirage/mirage/issues/489) would solve the issue, if anyone is interested in MirageOS, that'd be a great project to start with)
- unrelated, [X.509 0.5.2](https://opam.ocaml.org/packages/x509/x509.0.5.2/) fixes [this bug](https://github.com/mirleft/ocaml-x509/commit/1a1476308d24bdcc49d45c4cd9ef539ca57461d2) in certificate chain construction
## Programming ## Programming
For me, programming is fun. I enjoy doing it, every single second. All the way For me, programming is fun. I enjoy doing it, every single second. All the way
@ -141,3 +133,11 @@ specification and
implementation](https://nqsb.io/nqsbtls-usenix-security15.pdf). I'm interested in feedback, either via implementation](https://nqsb.io/nqsbtls-usenix-security15.pdf). I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). GitHub](https://github.com/hannesm/hannes.nqsb.io/issues).
## Other updates in the MirageOS ecosystem
- Canopy now sends out appropriate [content type](https://github.com/Engil/Canopy/pull/23) HTTP headers
- [mirage-http 2.5.2](https://github.com/mirage/mirage-http/releases/tag/v2.5.2) was released to [opam](https://opam.ocaml.org/packages/mirage-http/mirage-http.2.5.2/) which fixes the resource leak
- regression in [mirage-net-xen 1.6.0](https://github.com/mirage/mirage-net-xen/issues/39), I'm back on 1.4.1
- I stumbled upon [too large crunch for MirageOS](https://github.com/mirage/mirage/issues/396), no solution apart from using a FAT image ([putting the data into an ELF section](https://github.com/mirage/mirage/issues/489) would solve the issue, if anyone is interested in MirageOS, that'd be a great project to start with)
- unrelated, [X.509 0.5.2](https://opam.ocaml.org/packages/x509/x509.0.5.2/) fixes [this bug](https://github.com/mirleft/ocaml-x509/commit/1a1476308d24bdcc49d45c4cd9ef539ca57461d2) in certificate chain construction

30
Posts/OperatingSystem
View file

@ -5,21 +5,7 @@ tags: overview, operating system, mirageos
abstract: Operating systems and MirageOS abstract: Operating systems and MirageOS
--- ---
## Updates Sorry to be late with this entry, but I had to fix some issues.
Sorry to be late with this entry, but I had to fix some issues:
- this website is based on [Canopy](https://github.com/Engil/Canopy), the content is stored as markdown in a [git repository](https://github.com/hannesm/hannes.nqsb.io)
- it was running in a [FreeBSD](https://FreeBSD.org) jail, but when I compiled too much the underlying [zfs file system](https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs.html) wasn't happy (and is now hanging in kernel space in a read)
- no remote power switch (borrowed to a friend 3 weeks ago), nobody was willing to go to the data centre and reboot
- I wanted to move it anyways to a host where I can deploy [Xen](http://www.xenproject.org/) guest VMs
- turns out the Xen compilation and deployment mode needed some love:
- I ported a newer [bin_prot](https://github.com/hannesm/bin_prot/tree/113.33.00+xen) to xen
- I wrote a clean patch to [serve via TLS](https://github.com/Engil/Canopy/pull/15) (including [HSTS header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and redirecting HTTP (moved permanently) to HTTPS)
- I found a memory leak in the [mirage-http](https://github.com/mirage/mirage-http/pull/23) library
- I was travelling
- good news: it now works on Xen, and there is [an atom feed](https://hannes.nqsb.io/atom)
- life of an "eat your own dogfood" full stack engineer ;)
## What is an operating system? ## What is an operating system?
@ -178,3 +164,17 @@ I hope I gave some insight into what the purpose of an operating systems is, and
how MirageOS fits into the picture. I'm interested in feedback, either via how MirageOS fits into the picture. I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). GitHub](https://github.com/hannesm/hannes.nqsb.io/issues).
## Other updates in the MirageOS ecosystem
- this website is based on [Canopy](https://github.com/Engil/Canopy), the content is stored as markdown in a [git repository](https://github.com/hannesm/hannes.nqsb.io)
- it was running in a [FreeBSD](https://FreeBSD.org) jail, but when I compiled too much the underlying [zfs file system](https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs.html) wasn't happy (and is now hanging in kernel space in a read)
- no remote power switch (borrowed to a friend 3 weeks ago), nobody was willing to go to the data centre and reboot
- I wanted to move it anyways to a host where I can deploy [Xen](http://www.xenproject.org/) guest VMs
- turns out the Xen compilation and deployment mode needed some love:
- I ported a newer [bin_prot](https://github.com/hannesm/bin_prot/tree/113.33.00+xen) to xen
- I wrote a clean patch to [serve via TLS](https://github.com/Engil/Canopy/pull/15) (including [HSTS header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and redirecting HTTP (moved permanently) to HTTPS)
- I found a memory leak in the [mirage-http](https://github.com/mirage/mirage-http/pull/23) library
- I was travelling
- good news: it now works on Xen, and there is [an atom feed](https://hannes.nqsb.io/atom)
- life of an "eat your own dogfood" full stack engineer ;)

6
Posts/Solo5
View file

@ -5,8 +5,8 @@ tags: future, mirageos, security
abstract: MirageOS solo5 multiboot native on bhyve abstract: MirageOS solo5 multiboot native on bhyve
--- ---
Update (2016-10-19): all has been merged upstream now! - Update (2016-10-19): all has been merged upstream now!
Update (2016-10-30): `static_website_tls` works (TLS,HTTP,network via tap device)! - Update (2016-10-30): `static_website_tls` works (TLS,HTTP,network via tap device)!
## What? ## What?
@ -86,6 +86,6 @@ I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). GitHub](https://github.com/hannesm/hannes.nqsb.io/issues).
# Other updates in the MirageOS ecosystem ## Other updates in the MirageOS ecosystem
There were some busy times, several pull requests are still waiting to get merged (e.g. some cosmetics in [mirage](https://github.com/mirage/mirage/pull/544) as preconditions for treemaps and dependency diagrams), I [proposed](https://github.com/mirage/mirage/pull/547) to use `sleep_ns : int64 -> unit io` instead of the `sleep : float -> unit io` (nobody wants floating point numbers); also an RFC for [random](https://github.com/mirage/mirage/pull/551), Matt Gray [proposed](https://github.com/mirage/mirage/pull/548) to get rid of `CLOCK` (and have a `PCLOCK` and a `MCLOCK` instead). Soon there will be a major MirageOS release which breaks all the previous unikernels! :) There were some busy times, several pull requests are still waiting to get merged (e.g. some cosmetics in [mirage](https://github.com/mirage/mirage/pull/544) as preconditions for treemaps and dependency diagrams), I [proposed](https://github.com/mirage/mirage/pull/547) to use `sleep_ns : int64 -> unit io` instead of the `sleep : float -> unit io` (nobody wants floating point numbers); also an RFC for [random](https://github.com/mirage/mirage/pull/551), Matt Gray [proposed](https://github.com/mirage/mirage/pull/548) to get rid of `CLOCK` (and have a `PCLOCK` and a `MCLOCK` instead). Soon there will be a major MirageOS release which breaks all the previous unikernels! :)

14
Posts/nqsbWebsite
View file

@ -5,13 +5,6 @@ tags: mirageos, http, tls, protocol
abstract: building a simple website abstract: building a simple website
--- ---
## Updates
- [Canopy](https://github.com/Engil/Canopy) improvements: [no bower anymore](https://github.com/Engil/Canopy/pull/26), [HTTP caching support (via etags)](https://github.com/Engil/Canopy/pull/27), [listings now include dates](https://github.com/Engil/Canopy/pull/31), [dates are now in big-endian (y-m-d)](https://github.com/Engil/Canopy/pull/32)
- [MirageOS call irclog from 2014-04-20](http://canopy.mirage.io/irclogs/20-04-2016)
- blog article about [naive authentication service using MirageOS](https://abailly.github.io/posts/mirage-os-newbie.html)
- [OCaml 4.03 post](https://lwn.net/SubscriberLink/684128/1436601f401c1f09/)
## Task ## Task
Our task is to build a small unikernel which provides a project website. On our way we will wade through various layers using code examples. The website itself contains a few paragraphs of text, some link lists, and our published papers in pdf form. Our task is to build a small unikernel which provides a project website. On our way we will wade through various layers using code examples. The website itself contains a few paragraphs of text, some link lists, and our published papers in pdf form.
@ -270,3 +263,10 @@ For a start in MirageOS unikernels, look into our [mirage-skeleton](https://gith
I'm interested in feedback, either via I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on [twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
GitHub](https://github.com/hannesm/hannes.nqsb.io/issues). GitHub](https://github.com/hannesm/hannes.nqsb.io/issues).
## Other updates in the MirageOS ecosystem
- [Canopy](https://github.com/Engil/Canopy) improvements: [no bower anymore](https://github.com/Engil/Canopy/pull/26), [HTTP caching support (via etags)](https://github.com/Engil/Canopy/pull/27), [listings now include dates](https://github.com/Engil/Canopy/pull/31), [dates are now in big-endian (y-m-d)](https://github.com/Engil/Canopy/pull/32)
- [MirageOS call irclog from 2014-04-20](http://canopy.mirage.io/irclogs/20-04-2016)
- blog article about [naive authentication service using MirageOS](https://abailly.github.io/posts/mirage-os-newbie.html)
- [OCaml 4.03 post](https://lwn.net/SubscriberLink/684128/1436601f401c1f09/)