Pushed by YOCaml 2 from bc0bbbc706

2024-10-29 11:07:07 +00:00 · 2024-10-29 11:07:07 +00:00 · c4fab86aee
commit c4fab86aee
parent d3edee6020
19 changed files with 411 additions and 145 deletions
--- a/articles/2024-02-03-python-str-repr.html
+++ b/articles/2024-02-03-python-str-repr.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogPython&apos;s `str.__repr__()`
+        Robur's blog - Python&apos;s `str.__repr__()`
    </title>
    <meta name="description" content="Reimplementing Python string escaping in OCaml">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>Python&apos;s `str.__repr__()`</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Python">Python</a></li><li><a href="https://blog.robur.coop/tags.html#tag-unicode">unicode</a></li></ul><p>Sometimes software is written using whatever built-ins you find in your programming language of choice.
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-Python">Python</a></li><li><a href="/tags.html#tag-unicode">unicode</a></li></ul><p>Sometimes software is written using whatever built-ins you find in your programming language of choice.
 This is usually great!
 However, it can happen that you depend on the precise semantics of those built-ins.
 This can be a problem if those semantics become important to your software and you need to port it to another programming language.
--- a/articles/2024-08-21-OpenVPN-and-MirageVPN.html
+++ b/articles/2024-08-21-OpenVPN-and-MirageVPN.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogMirageVPN and OpenVPN
+        Robur's blog - MirageVPN and OpenVPN
    </title>
    <meta name="description" content="Discoveries made implementing MirageVPN, a OpenVPN-compatible VPN library">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,12 +20,12 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>MirageVPN and OpenVPN</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-MirageVPN">MirageVPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-OpenVPN">OpenVPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li></ul><p>At <a href="https://robur.coop/">Robur</a> we have been busy at work implementing our OpenVPN™-compatible MirageVPN software.
-Recently we have implemented the <a href="https://blog.robur.coop/articles/miragevpn-server.html">server side</a>.
+    <ul class="tags-list"><li><a href="/tags.html#tag-MirageVPN">MirageVPN</a></li><li><a href="/tags.html#tag-OpenVPN">OpenVPN</a></li><li><a href="/tags.html#tag-security">security</a></li></ul><p>At <a href="https://robur.coop/">Robur</a> we have been busy at work implementing our OpenVPN™-compatible MirageVPN software.
+Recently we have implemented the <a href="miragevpn-server.html">server side</a>.
 In order to implement this side of the protocol I studied parts of the OpenVPN™ source code and performed experiments to understand what the implementation does at the protocol level.
 Studying the OpenVPN™ implementation has lead me to discover two security issues: CVE-2024-28882 and CVE-2024-5594.
 In this article I will talk about the relevant parts of the protocol, and describe the security issues in detail.</p>
--- a/articles/2024-10-29-ptt.html
+++ b/articles/2024-10-29-ptt.html
@ -0,0 +1,206 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="x-ua-compatible" content="ie=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>
+        Robur's blog - Postes, télégraphes et téléphones, next steps
+    </title>
+    <meta name="description" content="An update of our email stack">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
+  </head>
+  <body>
+    <header>
+      <h1>blog.robur.coop</h1>
+      <blockquote>
+        The <strong>Robur</strong> cooperative blog.
+      </blockquote>
+    </header>
+    <main><a href="/index.html">Back to index</a>
+
+<article>
+    <h1>Postes, télégraphes et téléphones, next steps</h1>
+    <ul class="tags-list"><li><a href="/tags.html#tag-SMTP">SMTP</a></li><li><a href="/tags.html#tag-emails">emails</a></li><li><a href="/tags.html#tag-mailing-lists">mailing-lists</a></li></ul><p>As you know from <a href="https://blog.robur.coop/articles/finances.html">our article on Robur's
+finances</a>, we've just received
+<a href="https://nlnet.nl/project/PTT">funding for our email project</a>. This project
+started when I was doing my internship in Cambridge and it's great to see that
+it's been able to evolve over time and remain functional. This article will
+introduce you to the latest changes to <a href="https://github.com/mirage/ptt">our PTT
+project</a> and how far we've got towards providing
+an OCaml mailing list service.</p>
+<h2 id="a-git-repository-or-a-simple-block-device-as-a-database"><a class="anchor" aria-hidden="true" href="#a-git-repository-or-a-simple-block-device-as-a-database"></a>A Git repository or a simple block device as a database?</h2>
+<p>One issue that came up quickly in our latest experiments with our SMTP stack was
+the database of users with an email address. Since we had decided to ‘break
+down’ the various stages of an email submission to offer simple unikernels, we
+ended up having to deploy 4 unikernels to have a service that worked.</p>
+<ul>
+<li>a unikernel for authentication</li>
+<li>a unikernel DKIM-signing the incoming email</li>
+<li>one unikernel as primary DNS server</li>
+<li>one unikernel sending the signed email to its real destination</li>
+</ul>
+<p>And we're only talking here about the submission of an email, the reception
+concerns another ‘pipe’.</p>
+<p>The problem with such an architecture is that some unikernels need to have the
+same data: the users. In this case, the first unikernel needs to know the user's
+password in order to verify authentication. The final unikernel needs to know
+the real destinations of the users.</p>
+<p>Let's take the example of two users: foo@robur.coop and bar@robur.coop. The
+first points to hannes@foo.org and the second to reynir@example.com.</p>
+<p>If Hannes wants to send a message to bar@robur.coop under the identity of
+foo@robur.coop, he will need to authenticate himself to our first unikernel.
+This first unikernel must therefore:</p>
+<ol>
+<li>check that the user <code>foo</code> exists</li>
+<li>the hashed password used by Hannes is the same as the one in the database</li>
+</ol>
+<p>Next, the email will be signed by our second unikernel. It will then forward the
+email to the last unikernel, which will do the actual translation of the
+recipients and DNS resolution. In other words:</p>
+<ol>
+<li>it will see that one (the only) recipient is bar@robur.coop</li>
+<li>check that bar@robur.coop exists and obtain its real address</li>
+<li>it will obtain reynir@example.com and perform DNS resolution on
+<code>example.com</code> to find out the email server for this domain</li>
+<li>finally send the email signed by foo@robur.coop to reynir@example.com!</li>
+</ol>
+<p>So the first and last unikernels need to have the same information about our
+users. One for the passwords, the second for the real email addresses.</p>
+<p>But as you know, we're talking about unikernels that exist independently of each
+other. What's more, they can't share files and the possibility of them sharing
+block-devices remains an open question (and a complex one where parallel access
+may be involved). In short, the only way to ‘synchronise’ these unikernels in
+relation to common data is with a Git repository.</p>
+<p><a href="https://github.com/robur-coop/git-kv">Git</a> has the advantage of being widely used for our unikernels
+(<a href="https://github.com/robur-coop/dns-primary-git/">primary-git</a>, <a href="https://github.com/dinosaure/pasteur">pasteur</a>, <a href="https://github.com/robur-coop/unipi">unipi</a> and
+<a href="https://github.com/dinosaure/contruno">contruno</a>). The advantage is that you can track changes, modify
+files and notify the unikernel to update itself (using nsupdate, a simple ping
+or an http request to the unikernel).</p>
+<p>The problem is that this requires certain skills. Even if it's ‘simple’ to set
+up a Git server and then deploy our unikernels, we can restructure our
+architecture and simplify the deployment of an SMTP stack!</p>
+<h2 id="elit-and-oneffs"><a class="anchor" aria-hidden="true" href="#elit-and-oneffs"></a>Elit and OneFFS</h2>
+<p>We have therefore decided to merge the email exchange service and email
+submission into a unikernel so that this is the only user information requester.</p>
+<p>So we decided to use <a href="https://github.com/robur-coop/oneffs">OneFFS</a> as the file system for our database,
+which will be a plain JSON file. This is perhaps one of the advantages of
+MirageOS, which is that you can decide exactly what you need to implement
+specific objectives.</p>
+<p>In this case, those with experience of Postfix, LDAP or MariaDB could confirm
+that configuring an email service should be ‘simpler’ than implementing a
+multitude of pipes between different applications and authentication methods.</p>
+<p>The JSON file is therefore very simple and so is the creation of an OneFFS
+image:</p>
+<pre><code class="language-sh">$ cat &gt;database.json&lt;&lt;EOF
+&gt; [ { &quot;name&quot;: &quot;din&quot;
+&gt;   , &quot;password&quot;: &quot;xxxxxx&quot;
+&gt;   , &quot;mailboxes&quot;: [ &quot;romain.calascibetta@gmail.com&quot; ] } ]
+&gt; EOF
+$ opam install oneffs
+$ oneffs create -i database.json -o database.img
+</code></pre>
+<p>All you have to do is register this image as a block with <a href="https://github.com/robur-coop/albatross">albatross</a> and launch
+our Elit unikernel with this block-device.</p>
+<pre><code class="language-sh">$ albatross-client create-block --data=database.img database 1024
+$ albatross-client create --net=service:br0 --block=database:database \
+    elit elit.hvt \
+    --arg=...
+</code></pre>
+<p>At this stage, and if we add our unikernel signing incoming emails, we have more
+or less the same thing as what I've described in <a href="https://blog.osau.re/articles/smtp_1.html">my previous articles</a> on
+<a href="https://blog.osau.re/articles/smtp_2.html">deploying</a> an <a href="https://blog.osau.re/articles/smtp_3.html">email service</a>.</p>
+<h2 id="multiplex-receiving--sending-emails"><a class="anchor" aria-hidden="true" href="#multiplex-receiving--sending-emails"></a>Multiplex receiving &amp; sending emails</h2>
+<p>The PTT project is a toolkit for implementing SMTP servers. It gives developers
+the choice of implementing their logic as they see fit:</p>
+<ul>
+<li>sign an email</li>
+<li>resolve destinations according to a database</li>
+<li>check SPF information</li>
+<li>annotate the email as spam or not</li>
+<li>etc.</li>
+</ul>
+<p>Previously, PTT was split into 2 parts:</p>
+<ol>
+<li>management of incoming clients/emails</li>
+<li>the logic to be applied to incoming emails and their delivery</li>
+</ol>
+<p>The second point was becoming increasingly complex, however, and errors in
+sending emails are legion (DMARC non-alignment, the email is too big for the
+destination, the destination doesn't exist, etc.). All the more so since, up to
+now, PTT could only report these errors via the logs...</p>
+<p>Hannes immediately mentioned the possibility of separating the logic of the
+unikernel from the delivery. This will allow us to deal with temporary failures
+(greylisting) as well. So a fundamental change was made:</p>
+<ul>
+<li>improve the <a href="https://github.com/mirage/colombe">sendmail</a> and <code>sendmail-lwt</code> packages (as well as proposing
+<code>sendmail-miou</code>!) when sending or submitting an email</li>
+<li>improve PTT so that there are now 3 distinct jobs: receiving, what to do with
+incoming emails and sending emails</li>
+</ul>
+<p><img src="../images/smtp.jpg" alt="SMTP" ></p>
+<p>This finally allows us to describe a clearer error management policy that is
+independent of what we want to do with incoming emails. At this stage, we can
+look for the <code>Return-Path</code> in emails that we haven't managed to send and notify
+the senders!</p>
+<p>All this is still in the experimental stage and practical cases are needed to
+observe how we should handle errors and how others do.</p>
+<h2 id="insights--next-goals"><a class="anchor" aria-hidden="true" href="#insights--next-goals"></a>Insights &amp; Next goals</h2>
+<p>We're already starting to have a bit of fun with email and we can start sending
+and receiving emails right away.</p>
+<p>We're also already seeing hacking attempts on our unikernel:</p>
+<ul>
+<li>people trying to authenticate themselves without <code>STARTTLS</code> (or with it,
+depending on how clever the bot is)</li>
+<li>people trying to send emails as non-existent users in our database</li>
+<li>we're also seeing content that has nothing to do with SMTP</li>
+</ul>
+<p>Above all, this shows that, very early on, bots try to usurp the identity linked
+to your server (in our case, osau.re) in order to send spam, authenticate
+themselves or simply send ‘stuff’ and observe what happens. In this case, for
+all the cases mentioned, Elit (and PTT) reacts well: in other words, it simply
+cuts off the connection.</p>
+<p>We were also able to observe how services such as gmail work. In addition, for
+the purposes of a mailing list, email forwarding distorts DMARC verification
+(specifically, SPF verification). The case is very simple:</p>
+<p>foo@gmail.com tries to reply to robur@osau.re. robur@osau.re is a mailing list
+to several addresses (one of them is bar@gmail.com). The unikernel will receive
+the email and send it to bar@gmail.com. The problem is the alignment between
+the <code>From</code> field (which corresponds to foo@gmail.com) and our osau.re server.
+From gmail.com's point of view, there is a misalignment between these two
+pieces of information and it therefore refuses to receive the email.</p>
+<p>This is where our next objectives come in:</p>
+<ul>
+<li>finish our DMARC implementation</li>
+<li>implement ARC so that our server notifies us that, on our side, the DMARC
+check went well and that gmail.com should trust us on this.</li>
+</ul>
+<p>There is another way of solving the problem, perhaps a little more problematic,
+modify the incoming email and in particular the <code>From</code> field. Although this
+could be done quite simply with <a href="https://github.com/mirage/mrmime">mrmime</a>, it's better to concentrate on
+DMARC and ARC so that we can send our emails as they are and never alter them
+(especially as this will invalidate previous DKIM signatures!).</p>
+<h2 id="conclusion"><a class="anchor" aria-hidden="true" href="#conclusion"></a>Conclusion</h2>
+<p>It's always satisfying to see your projects working ‘more or less’ correctly.
+This article will surely be the start of a series on the intricacies of email
+and the difficulty of deploying such a service at home.</p>
+<p>We hope that this NLnet-funded work will enable us to replace our current email
+system with unikernels. We're already past the stage where we can, more or less
+(without DMARC checking), send emails to each other, which is a big step!</p>
+<p>So follow our work on our blog and if you like what we're producing (which
+involves a whole bunch of protocols and formats - much more than just SMTP), you
+can make <a href="https://robur.coop/Donate">a donation here</a>!</p>
+
+    </article>
+
+        </main>
+    <footer>
+        <a href="https://github.com/xhtmlboi/yocaml">Powered by <strong>YOCaml</strong></a>
+        <br />
+    </footer>
+    <script>hljs.highlightAll();</script>
+  </body>
+</html>
--- a/articles/arguments.html
+++ b/articles/arguments.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogRuntime arguments in MirageOS
+        Robur's blog - Runtime arguments in MirageOS
    </title>
    <meta name="description" content="The history of runtime arguments to a MirageOS unikernel">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>Runtime arguments in MirageOS</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li></ul><p>TL;DR: Passing runtime arguments around is tricky, and prone to change every other month.</p>
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li></ul><p>TL;DR: Passing runtime arguments around is tricky, and prone to change every other month.</p>
 <h2 id="motivation"><a class="anchor" aria-hidden="true" href="#motivation"></a>Motivation</h2>
 <p>Sometimes, as an unikernel developer and also as operator, it's nice to have
 some runtime arguments passed to an unikernel. Now, if you're into OCaml,
--- a/articles/dnsvizor01.html
+++ b/articles/dnsvizor01.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogMeet DNSvizor: run your own DHCP and DNS MirageOS unikernel
+        Robur's blog - Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel
    </title>
    <meta name="description" content="The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-DNSvizor">DNSvizor</a></li></ul><p>TL;DR: We got <a href="https://nlnet.nl/entrust/">NGI0 Entrust (via NLnet)</a> funding for developing
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-DNSvizor">DNSvizor</a></li></ul><p>TL;DR: We got <a href="https://nlnet.nl/entrust/">NGI0 Entrust (via NLnet)</a> funding for developing
 <a href="https://nlnet.nl/project/DNSvizor/">DNSvizor</a> - a DNS resolver and
 DHCP server. Please help us by <a href="https://github.com/robur-coop/dnsvizor/issues/new">sharing with us your dnsmasq
 configuration</a>, so we can
--- a/articles/finances.html
+++ b/articles/finances.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogHow has robur financially been doing since 2018?
+        Robur's blog - How has robur financially been doing since 2018?
    </title>
    <meta name="description" content="How we organise as a collective, and why we&apos;re doing that.">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>How has robur financially been doing since 2018?</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-finances">finances</a></li><li><a href="https://blog.robur.coop/tags.html#tag-cooperative">cooperative</a></li></ul><p>Since the beginning, robur has been working on MirageOS unikernels and getting
+    <ul class="tags-list"><li><a href="/tags.html#tag-finances">finances</a></li><li><a href="/tags.html#tag-cooperative">cooperative</a></li></ul><p>Since the beginning, robur has been working on MirageOS unikernels and getting
 them deployed. Due to our experience in hierarchical companies, we wanted to
 create something different - a workplace without bosses and management. Instead,
 we are a collective where everybody has a say on what we do, and who gets how
--- a/articles/gptar.html
+++ b/articles/gptar.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogGPTar
+        Robur's blog - GPTar
    </title>
    <meta name="description" content="Hybrid GUID partition table and tar archive">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>GPTar</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-gpt">gpt</a></li><li><a href="https://blog.robur.coop/tags.html#tag-tar">tar</a></li><li><a href="https://blog.robur.coop/tags.html#tag-mbr">mbr</a></li><li><a href="https://blog.robur.coop/tags.html#tag-persistent storage">persistent storage</a></li></ul><p>At <a href="https://robur.coop/">Robur</a> we developed a piece of software for mirroring or exposing an <a href="https://opam.ocaml.org/">opam</a> repository.
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-gpt">gpt</a></li><li><a href="/tags.html#tag-tar">tar</a></li><li><a href="/tags.html#tag-mbr">mbr</a></li><li><a href="/tags.html#tag-persistent storage">persistent storage</a></li></ul><p>At <a href="https://robur.coop/">Robur</a> we developed a piece of software for mirroring or exposing an <a href="https://opam.ocaml.org/">opam</a> repository.
 We have it deployed at <a href="https://opam.robur.coop/">opam.robur.coop</a>, and you can use it as an alternative to opam.ocaml.org.
 It is usually more up-to-date with the git <a href="https://github.com/ocaml/opam-repository">opam-repository</a> than opam.ocaml.org although in the past it suffered from <a href="https://blog.osau.re/articles/lwt_pause.html">occasional availability issues</a>.
 I can recommend reading Hannes' post about <a href="https://hannes.robur.coop/Posts/OpamMirror">opam-mirror</a>.
--- a/articles/lwt_pause.html
+++ b/articles/lwt_pause.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogCooperation and Lwt.pause
+        Robur's blog - Cooperation and Lwt.pause
    </title>
    <meta name="description" content="A disgression about Lwt and Miou">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>Cooperation and Lwt.pause</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Scheduler">Scheduler</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Community">Community</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Unikernel">Unikernel</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Git">Git</a></li></ul><p>Here's a concrete example of the notion of availability and the scheduler used
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-Scheduler">Scheduler</a></li><li><a href="/tags.html#tag-Community">Community</a></li><li><a href="/tags.html#tag-Unikernel">Unikernel</a></li><li><a href="/tags.html#tag-Git">Git</a></li></ul><p>Here's a concrete example of the notion of availability and the scheduler used
 (in this case Lwt). As you may know, at Robur we have developed a unikernel:
 <a href="https://git.robur.coop/robur/opam-mirror">opam-mirror</a>. It launches an HTTP service that can be used as an
 OPAM overlay available from a Git repository (with <code>opam repository add &lt;name&gt; &lt;url&gt;</code>).</p>
--- a/articles/miragevpn-ncp.html
+++ b/articles/miragevpn-ncp.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogMirageVPN updated (AEAD, NCP)
+        Robur's blog - MirageVPN updated (AEAD, NCP)
    </title>
    <meta name="description" content="How we resurrected MirageVPN from its bitrot state">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,12 +20,12 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>MirageVPN updated (AEAD, NCP)</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-VPN">VPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li></ul><h2 id="updating-miragevpn"><a class="anchor" aria-hidden="true" href="#updating-miragevpn"></a>Updating MirageVPN</h2>
-<p>As announced <a href="https://blog.robur.coop/articles/miragevpn.html">earlier this month</a>, we've been working hard over the last months on MirageVPN (initially developed in 2019, targeting OpenVPN™ 2.4.7, now 2.6.6). We managed to receive funding from <a href="https://www.assure.ngi.eu/">NGI Assure</a> call (via <a href="https://nlnet.nl">NLnet</a>). We've made over 250 commits with more than 10k lines added, and 18k lines removed. We closed nearly all old issues, and opened 100 fresh ones, of which we already closed more than half of them. :D</p>
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-VPN">VPN</a></li><li><a href="/tags.html#tag-security">security</a></li></ul><h2 id="updating-miragevpn"><a class="anchor" aria-hidden="true" href="#updating-miragevpn"></a>Updating MirageVPN</h2>
+<p>As announced <a href="miragevpn.html">earlier this month</a>, we've been working hard over the last months on MirageVPN (initially developed in 2019, targeting OpenVPN™ 2.4.7, now 2.6.6). We managed to receive funding from <a href="https://www.assure.ngi.eu/">NGI Assure</a> call (via <a href="https://nlnet.nl">NLnet</a>). We've made over 250 commits with more than 10k lines added, and 18k lines removed. We closed nearly all old issues, and opened 100 fresh ones, of which we already closed more than half of them. :D</p>
 <h3 id="actual-bugs-fixed-that-were-leading-to-non-working-miragevpn-applications"><a class="anchor" aria-hidden="true" href="#actual-bugs-fixed-that-were-leading-to-non-working-miragevpn-applications"></a>Actual bugs fixed (that were leading to non-working MirageVPN applications)</h3>
 <p>In more detail, we had a specific configuration running over all the years, namely UDP mode with static keys (no TLS handshake, etc.). There were several issues (bitrot) that we encountered and solved along the path, amongst others:</p>
 <ul>
@ -35,7 +35,7 @@
 </ul>
 <p>To avoid any future breakage while revising the code (cleaning it up, extending it), we are now building several unikernels as part of our CI system. We also have setup OpenVPN™ servers with various configurations that we periodically test with our new code (we'll also work on further automation thereof).</p>
 <h3 id="new-features-aead-ciphers-supporting-more-configuration-primitives"><a class="anchor" aria-hidden="true" href="#new-features-aead-ciphers-supporting-more-configuration-primitives"></a>New features: AEAD ciphers, supporting more configuration primitives</h3>
-<p>We added various configuration primitives, amongst them configuratble tls ciphersuites, minimal and maximal tls version to use, <a href="https://blog.robur.coop/articles/miragevpn.html">tls-crypt-v2</a>, verify-x509-name, cipher,  remote-random, ...</p>
+<p>We added various configuration primitives, amongst them configuratble tls ciphersuites, minimal and maximal tls version to use, <a href="miragevpn.html">tls-crypt-v2</a>, verify-x509-name, cipher,  remote-random, ...</p>
 <p>From a cryptographic point of view, we are now supporting more <a href="https://github.com/robur-coop/miragevpn/pull/108">authentication hashes</a> via the configuration directive <code>auth</code>, namely the SHA2 family - previously, only SHA1 was supported, <a href="https://github.com/robur-coop/miragevpn/pull/125">AEAD ciphers</a> (AES-128-GCM, AES-256-GCM, CHACHA20-POLY1305) - previously only AES-256-CBC was supported.</p>
 <h3 id="ncp---negotiation-of-cryptographic-parameters"><a class="anchor" aria-hidden="true" href="#ncp---negotiation-of-cryptographic-parameters"></a>NCP - Negotiation of cryptographic parameters</h3>
 <p>OpenVPN™ has a way to negotiate cryptographic parameters, instead of hardcoding them in the configuration. The client can propose its supported ciphers, and other features (MTU, directly request a push message for IP configuration, use TLS exporter secret instead of the hand-crafted (TLS 1.0 based PRF), ...) once the TLS handshake has been completed.</p>
--- a/articles/miragevpn-performance.html
+++ b/articles/miragevpn-performance.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogSpeeding up MirageVPN and use it in the wild
+        Robur's blog - Speeding up MirageVPN and use it in the wild
    </title>
    <meta name="description" content="Performance engineering of MirageVPN, speeding it up by a factor of 25.">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>Speeding up MirageVPN and use it in the wild</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-cryptography">cryptography</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li><li><a href="https://blog.robur.coop/tags.html#tag-VPN">VPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-performance">performance</a></li></ul><p>As we were busy continuing to work on <a href="https://github.com/robur-coop/miragevpn">MirageVPN</a>, we got in touch with <a href="https://eduvpn.org">eduVPN</a>, who are interested about deploying MirageVPN. We got example configuration from their side, and <a href="https://github.com/robur-coop/miragevpn/pull/201">fixed</a> <a href="https://github.com/robur-coop/miragevpn/pull/168">some</a> <a href="https://github.com/robur-coop/miragevpn/pull/202">issues</a>, and also implemented <a href="https://github.com/robur-coop/miragevpn/pull/169">tls-crypt</a> - which was straightforward since we earlier spend time to implement <a href="https://blog.robur.coop/articles/miragevpn.html">tls-crypt-v2</a>.</p>
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-cryptography">cryptography</a></li><li><a href="/tags.html#tag-security">security</a></li><li><a href="/tags.html#tag-VPN">VPN</a></li><li><a href="/tags.html#tag-performance">performance</a></li></ul><p>As we were busy continuing to work on <a href="https://github.com/robur-coop/miragevpn">MirageVPN</a>, we got in touch with <a href="https://eduvpn.org">eduVPN</a>, who are interested about deploying MirageVPN. We got example configuration from their side, and <a href="https://github.com/robur-coop/miragevpn/pull/201">fixed</a> <a href="https://github.com/robur-coop/miragevpn/pull/168">some</a> <a href="https://github.com/robur-coop/miragevpn/pull/202">issues</a>, and also implemented <a href="https://github.com/robur-coop/miragevpn/pull/169">tls-crypt</a> - which was straightforward since we earlier spend time to implement <a href="miragevpn.html">tls-crypt-v2</a>.</p>
 <p>In January, they gave MirageVPN another try, and <a href="https://github.com/robur-coop/miragevpn/issues/206">measured the performance</a> -- which was very poor -- MirageVPN (run as a Unix binary) provided a bandwith of 9.3Mb/s, while OpenVPN provided a bandwidth of 360Mb/s (using a VPN tunnel over TCP).</p>
 <p>We aim at spending less resources for computing, thus the result was not satisfying for us. We re-read a lot of code, refactored a lot, and are now at ~250Mb/s.</p>
 <h2 id="tooling-for-performance-engineering-of-ocaml"><a class="anchor" aria-hidden="true" href="#tooling-for-performance-engineering-of-ocaml"></a>Tooling for performance engineering of OCaml</h2>
@ -40,7 +40,7 @@ To better guide the performance engineering, we also developed <a href="https://
 <li>Still an open topic is: we are in the memory-safe language OCaml, and we sometimes extract data out of a buffer (or set data in a buffer). Now, each operation lead to bounds checks (that we do not touch memory that is not allocated or not ours). However, if we just checked for the buffer being long enough (either by checking the length, or by allocating a specific amount of data), these bounds checks are superfluous. So far, we don't have an automated solution for this issue, but we are <a href="https://discuss.ocaml.org/t/bounds-checks-for-string-and-bytes-when-retrieving-or-setting-subparts-thereof/">discussing it in the OCaml community</a>, and are eager to find a solution to avoid unneeded computations.</li>
 </ul>
 <h2 id="conclusion"><a class="anchor" aria-hidden="true" href="#conclusion"></a>Conclusion</h2>
-<p>To conclude: we already achieved a factor of 25 in performance by adapting the code in various ways. We have ideas to improve the performance even more in the future - we also work on using OCaml string and bytes, instead of off-the-OCaml-heap-allocated bigarrays (see <a href="https://blog.robur.coop/articles/speeding-ec-string.html">our previous article</a>, which provided some speedups).</p>
+<p>To conclude: we already achieved a factor of 25 in performance by adapting the code in various ways. We have ideas to improve the performance even more in the future - we also work on using OCaml string and bytes, instead of off-the-OCaml-heap-allocated bigarrays (see <a href="speeding-ec-string.html">our previous article</a>, which provided some speedups).</p>
 <p>Don't hesitate to reach out to us on <a href="https://github.com/robur-coop/miragevpn/issues">GitHub</a>, or <a href="https://robur.coop/Contact">by mail</a> if you're stuck.</p>
 <p>We want to thank <a href="https://nlnet.nl">NLnet</a> for their funding (via <a href="https://www.assure.ngi.eu/">NGI assure</a>), and <a href="https://eduvpn.org">eduVPN</a> for their interest.</p>
 <section role="doc-endnotes"><ol>
--- a/articles/miragevpn-server.html
+++ b/articles/miragevpn-server.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogMirageVPN server
+        Robur's blog - MirageVPN server
    </title>
    <meta name="description" content="Announcement of our MirageVPN server.">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,12 +20,12 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>MirageVPN server</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-cryptography">cryptography</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li><li><a href="https://blog.robur.coop/tags.html#tag-VPN">VPN</a></li></ul><p>It is a great pleasure to finally announce that we have finished a server implementation for MirageVPN (OpenVPN™-compatible). This allows to setup a very robust VPN network on both the client and the server side.</p>
-<p>As announced last year, <a href="https://blog.robur.coop/articles/miragevpn.html">MirageVPN</a> is a reimplemtation of OpenVPN™ in OCaml, with <a href="https://mirage.io">MirageOS</a> unikernels.</p>
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-cryptography">cryptography</a></li><li><a href="/tags.html#tag-security">security</a></li><li><a href="/tags.html#tag-VPN">VPN</a></li></ul><p>It is a great pleasure to finally announce that we have finished a server implementation for MirageVPN (OpenVPN™-compatible). This allows to setup a very robust VPN network on both the client and the server side.</p>
+<p>As announced last year, <a href="miragevpn.html">MirageVPN</a> is a reimplemtation of OpenVPN™ in OCaml, with <a href="https://mirage.io">MirageOS</a> unikernels.</p>
 <h2 id="why-a-miragevpn-server"><a class="anchor" aria-hidden="true" href="#why-a-miragevpn-server"></a>Why a MirageVPN server?</h2>
 <p>Providing Internet services with programming languages that have not much safety requires a lot of discipline by the developers to avoid issues which may lead to exploitable services that are attacked (and thus will circumvent any security goals). Especially services that are critical for security and privacy, it is crucial to avoid common memory safety pitfalls.</p>
 <p>Some years back, when we worked on the client implementation, we also drafted a server implementation. The reasoning was that a lot of the code was already there, and just a few things needed to be developed to allow clients to connect there.</p>
--- a/articles/miragevpn.html
+++ b/articles/miragevpn.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogMirageVPN &amp; tls-crypt-v2
+        Robur's blog - MirageVPN &amp; tls-crypt-v2
    </title>
    <meta name="description" content="How we implementated tls-crypt-v2 for miragevpn">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>MirageVPN &amp; tls-crypt-v2</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-VPN">VPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li></ul><p>In 2019 <a href="https://robur.coop/">Robur</a> started working on a <a href="https://github.com/robur-coop/miragevpn/">OpenVPN™-compatible implementation in OCaml</a>.
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-VPN">VPN</a></li><li><a href="/tags.html#tag-security">security</a></li></ul><p>In 2019 <a href="https://robur.coop/">Robur</a> started working on a <a href="https://github.com/robur-coop/miragevpn/">OpenVPN™-compatible implementation in OCaml</a>.
 The project was funded for 6 months in 2019 by <a href="https://prototypefund.de">prototypefund</a>.
 In late 2022 we applied again for funding this time to the <a href="https://www.assure.ngi.eu/">NGI Assure</a> open call, and our application was eventually accepted.
 In this blog post I will explain why reimplementing the OpenVPN™ protocol in OCaml is a worthwhile effort, and describe the Miragevpn implementation and in particular the <code>tls-crypt-v2</code> mechanism.</p>
--- a/articles/qubes-miragevpn.html
+++ b/articles/qubes-miragevpn.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogqubes-miragevpn, a MirageVPN client for QubesOS
+        Robur's blog - qubes-miragevpn, a MirageVPN client for QubesOS
    </title>
    <meta name="description" content="A new OpenVPN client for QubesOS">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>qubes-miragevpn, a MirageVPN client for QubesOS</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-vpn">vpn</a></li><li><a href="https://blog.robur.coop/tags.html#tag-unikernel">unikernel</a></li><li><a href="https://blog.robur.coop/tags.html#tag-QubesOS">QubesOS</a></li></ul><p>We are pleased to announce the arrival of a new unikernel:
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-vpn">vpn</a></li><li><a href="/tags.html#tag-unikernel">unikernel</a></li><li><a href="/tags.html#tag-QubesOS">QubesOS</a></li></ul><p>We are pleased to announce the arrival of a new unikernel:
 <a href="https://github.com/robur-coop/qubes-miragevpn">qubes-miragevpn</a>. The latter is the result of work begun
 several months ago on <a href="https://github.com/robur-coop/miragevpn">miragevpn</a>.</p>
 <p>Indeed, with the ambition of completing our unikernel suite and the success of
--- a/articles/speeding-ec-string.html
+++ b/articles/speeding-ec-string.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogSpeeding elliptic curve cryptography
+        Robur's blog - Speeding elliptic curve cryptography
    </title>
    <meta name="description" content="How we improved the performance of elliptic curves by only modifying the underlying byte array">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>Speeding elliptic curve cryptography</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-cryptography">cryptography</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li></ul><p>TL;DR: replacing cstruct with string, we gain a factor of 2.5 in performance.</p>
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-cryptography">cryptography</a></li><li><a href="/tags.html#tag-security">security</a></li></ul><p>TL;DR: replacing cstruct with string, we gain a factor of 2.5 in performance.</p>
 <h2 id="mirage-crypto-ec"><a class="anchor" aria-hidden="true" href="#mirage-crypto-ec"></a>Mirage-crypto-ec</h2>
 <p>In April 2021 We published our implementation of <a href="https://hannes.robur.coop/Posts/EC">elliptic curve cryptography</a> (as <code>mirage-crypto-ec</code> opam package) - this is DSA and DH for NIST curves P224, P256, P384, and P521, and also Ed25519 (EdDSA) and X25519 (ECDH). We use <a href="https://github.com/mit-plv/fiat-crypto/">fiat-crypto</a> for the cryptographic primitives, which emits C code that by construction is correct (note: earlier we stated &quot;free of timing side-channels&quot;, but this is a huge challenge, and as <a href="https://discuss.systems/@edwintorok/111925959867297453">reported by Edwin Török</a> likely impossible on current x86 hardware). More C code (such as <code>point_add</code>, <code>point_double</code>, and further 25519 computations including tables) have been taken from the BoringSSL code base. A lot of OCaml code originates from our TLS 1.3 work in 2018, where Etienne Millon, Nathan Rebours, and Clément Pascutto interfaced <a href="https://github.com/mirage/fiat/">elliptic curves for OCaml</a> (with the goal of being usable with MirageOS).</p>
 <p>The goal of mirage-crypto-ec was: develop elliptic curve support for OCaml &amp; MirageOS quickly - which didn't leave much time to focus on performance. As time goes by, our mileage varies, and we're keen to use fewer resources - and thus fewer CPU time and a smaller memory footprint is preferable.</p>
--- a/articles/tar-release.html
+++ b/articles/tar-release.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogThe new Tar release, a retrospective
+        Robur's blog - The new Tar release, a retrospective
    </title>
    <meta name="description" content="A little retrospective to the new Tar release and changes">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,11 +20,11 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a href="https://blog.robur.coop/index.html">Back to index</a>
+    <main><a href="/index.html">Back to index</a>

 <article>
    <h1>The new Tar release, a retrospective</h1>
-    <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Cstruct">Cstruct</a></li><li><a href="https://blog.robur.coop/tags.html#tag-functors">functors</a></li></ul><p>We are delighted to announce the new release of <code>ocaml-tar</code>. A small library for
+    <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-Cstruct">Cstruct</a></li><li><a href="/tags.html#tag-functors">functors</a></li></ul><p>We are delighted to announce the new release of <code>ocaml-tar</code>. A small library for
 reading and writing tar archives in OCaml. Since this is a major release, we'll
 take the time in this article to explain the work that's been done by the
 cooperative on this project.</p>
--- a/feed.xml
+++ b/feed.xml
@ -5,9 +5,16 @@
    <link>https://blog.robur.coop</link>
    <description><![CDATA[The Robur cooperative blog]]></description>
    <atom:link href="https://blog.robur.coop/feed.xml" rel="self" type="application/rss+xml"/>
-    <lastBuildDate>Fri, 25 Oct 2024 00:00:00 GMT</lastBuildDate>
+    <lastBuildDate>Tue, 29 Oct 2024 00:00:00 GMT</lastBuildDate>
    <docs>https://www.rssboard.org/rss-specification</docs>
    <generator>YOCaml</generator>
+    <item>
+      <title>Postes, télégraphes et téléphones, next steps</title>
+      <link>https://blog.robur.coop/articles/2024-10-29-ptt.html</link>
+      <description><![CDATA[An update of our email stack]]></description>
+      <guid isPermaLink="true">https://blog.robur.coop/articles/2024-10-29-ptt.html</guid>
+      <pubDate>Tue, 29 Oct 2024 00:00:00 GMT</pubDate>
+    </item>
    <item>
      <title>Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</title>
      <link>https://blog.robur.coop/articles/dnsvizor01.html</link>
@ -47,6 +54,13 @@
      <guid isPermaLink="true">https://blog.robur.coop/articles/tar-release.html</guid>
      <pubDate>Thu, 15 Aug 2024 00:00:00 GMT</pubDate>
    </item>
+    <item>
+      <title>Testing MirageVPN against OpenVPN™</title>
+      <link>https://blog.robur.coop/articles/miragevpn-testing.html</link>
+      <description><![CDATA[Some notes about how we test MirageVPN against OpenVPN™]]></description>
+      <guid isPermaLink="true">https://blog.robur.coop/articles/miragevpn-testing.html</guid>
+      <pubDate>Wed, 26 Jun 2024 00:00:00 GMT</pubDate>
+    </item>
    <item>
      <title>qubes-miragevpn, a MirageVPN client for QubesOS</title>
      <link>https://blog.robur.coop/articles/qubes-miragevpn.html</link>
--- a/images/smtp.jpg
+++ b/images/smtp.jpg
--- a/index.html
+++ b/index.html
@ -5,13 +5,13 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blogIndex
+        Robur's blog - Index
    </title>
    <meta name="description" content="The famous root of the website">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
-    <link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
-    <script src="https://blog.robur.coop/js/hl.js"></script>
-    <link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
+    <link type="text/css" rel="stylesheet" href="/css/hl.css">
+    <link type="text/css" rel="stylesheet" href="/css/style.css">
+    <script src="/js/hl.js"></script>
+    <link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
  </head>
  <body>
    <header>
@ -20,21 +20,34 @@
        The <strong>Robur</strong> cooperative blog.
      </blockquote>
    </header>
-    <main><a class="small-button rss" href="https://blog.robur.coop/feed.xml">RSS</a><p>The Robur blog.</p>
+    <main><a class="small-button rss" href="/feed.xml">RSS</a><p>The Robur blog.</p>

 <h3>Essays and ramblings</h3>

 <ol reversed class="list-articles"><li>
+        <div class="side">
+            <a href="https://blog.osau.re/">
+                <img src="https://www.gravatar.com/avatar/e243d18f97471424ca390e85820797ac">
+            </a></div>
+        <div class="content">
+            <span class="date">2024-10-29</span>
+            <a href="/articles/2024-10-29-ptt.html">Postes, télégraphes et téléphones, next steps</a><br />
+            <p>An update of our email stack</p>
+            <div class="bottom">
+                <ul class="tags-list"><li><a href="/tags.html#tag-SMTP">SMTP</a></li><li><a href="/tags.html#tag-emails">emails</a></li><li><a href="/tags.html#tag-mailing-lists">mailing-lists</a></li></ul>
+            </div>
+        </div>
+    </li><li>
        <div class="side">
            <a href="https://hannes.robur.coop">
                <img src="https://www.gravatar.com/avatar/25558b4457cf73159f5427fdf2b4a717">
            </a></div>
        <div class="content">
            <span class="date">2024-10-25</span>
-            <a href="https://blog.robur.coop/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a><br />
+            <a href="/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a><br />
            <p>The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-DNSvizor">DNSvizor</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-DNSvizor">DNSvizor</a></li></ul>
            </div>
        </div>
    </li><li>
@ -44,10 +57,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-10-22</span>
-            <a href="https://blog.robur.coop/articles/arguments.html">Runtime arguments in MirageOS</a><br />
+            <a href="/articles/arguments.html">Runtime arguments in MirageOS</a><br />
            <p>The history of runtime arguments to a MirageOS unikernel</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li></ul>
            </div>
        </div>
    </li><li>
@ -57,10 +70,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-10-21</span>
-            <a href="https://blog.robur.coop/articles/finances.html">How has robur financially been doing since 2018?</a><br />
+            <a href="/articles/finances.html">How has robur financially been doing since 2018?</a><br />
            <p>How we organise as a collective, and why we&apos;re doing that.</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-finances">finances</a></li><li><a href="https://blog.robur.coop/tags.html#tag-cooperative">cooperative</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-finances">finances</a></li><li><a href="/tags.html#tag-cooperative">cooperative</a></li></ul>
            </div>
        </div>
    </li><li>
@ -70,10 +83,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-08-21</span>
-            <a href="https://blog.robur.coop/articles/2024-08-21-OpenVPN-and-MirageVPN.html">MirageVPN and OpenVPN</a><br />
+            <a href="/articles/2024-08-21-OpenVPN-and-MirageVPN.html">MirageVPN and OpenVPN</a><br />
            <p>Discoveries made implementing MirageVPN, a OpenVPN-compatible VPN library</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-MirageVPN">MirageVPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-OpenVPN">OpenVPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-MirageVPN">MirageVPN</a></li><li><a href="/tags.html#tag-OpenVPN">OpenVPN</a></li><li><a href="/tags.html#tag-security">security</a></li></ul>
            </div>
        </div>
    </li><li>
@ -83,10 +96,23 @@
            </a></div>
        <div class="content">
            <span class="date">2024-08-15</span>
-            <a href="https://blog.robur.coop/articles/tar-release.html">The new Tar release, a retrospective</a><br />
+            <a href="/articles/tar-release.html">The new Tar release, a retrospective</a><br />
            <p>A little retrospective to the new Tar release and changes</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Cstruct">Cstruct</a></li><li><a href="https://blog.robur.coop/tags.html#tag-functors">functors</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-Cstruct">Cstruct</a></li><li><a href="/tags.html#tag-functors">functors</a></li></ul>
+            </div>
+        </div>
+    </li><li>
+        <div class="side">
+            <a href="https://reyn.ir/">
+                <img src="https://www.gravatar.com/avatar/54a15736b37879bc9708c1618a7cc130">
+            </a></div>
+        <div class="content">
+            <span class="date">2024-06-26</span>
+            <a href="/articles/miragevpn-testing.html">Testing MirageVPN against OpenVPN™</a><br />
+            <p>Some notes about how we test MirageVPN against OpenVPN™</p>
+            <div class="bottom">
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-cryptography">cryptography</a></li><li><a href="/tags.html#tag-security">security</a></li><li><a href="/tags.html#tag-testing">testing</a></li><li><a href="/tags.html#tag-vpn">vpn</a></li></ul>
            </div>
        </div>
    </li><li>
@ -96,10 +122,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-06-24</span>
-            <a href="https://blog.robur.coop/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a><br />
+            <a href="/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a><br />
            <p>A new OpenVPN client for QubesOS</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-vpn">vpn</a></li><li><a href="https://blog.robur.coop/tags.html#tag-unikernel">unikernel</a></li><li><a href="https://blog.robur.coop/tags.html#tag-QubesOS">QubesOS</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-vpn">vpn</a></li><li><a href="/tags.html#tag-unikernel">unikernel</a></li><li><a href="/tags.html#tag-QubesOS">QubesOS</a></li></ul>
            </div>
        </div>
    </li><li>
@ -109,10 +135,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-06-17</span>
-            <a href="https://blog.robur.coop/articles/miragevpn-server.html">MirageVPN server</a><br />
+            <a href="/articles/miragevpn-server.html">MirageVPN server</a><br />
            <p>Announcement of our MirageVPN server.</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-cryptography">cryptography</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li><li><a href="https://blog.robur.coop/tags.html#tag-VPN">VPN</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-cryptography">cryptography</a></li><li><a href="/tags.html#tag-security">security</a></li><li><a href="/tags.html#tag-VPN">VPN</a></li></ul>
            </div>
        </div>
    </li><li>
@ -122,10 +148,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-04-16</span>
-            <a href="https://blog.robur.coop/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a><br />
+            <a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a><br />
            <p>Performance engineering of MirageVPN, speeding it up by a factor of 25.</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-cryptography">cryptography</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li><li><a href="https://blog.robur.coop/tags.html#tag-VPN">VPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-performance">performance</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-cryptography">cryptography</a></li><li><a href="/tags.html#tag-security">security</a></li><li><a href="/tags.html#tag-VPN">VPN</a></li><li><a href="/tags.html#tag-performance">performance</a></li></ul>
            </div>
        </div>
    </li><li>
@ -135,10 +161,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-02-21</span>
-            <a href="https://blog.robur.coop/articles/gptar.html">GPTar</a><br />
+            <a href="/articles/gptar.html">GPTar</a><br />
            <p>Hybrid GUID partition table and tar archive</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-gpt">gpt</a></li><li><a href="https://blog.robur.coop/tags.html#tag-tar">tar</a></li><li><a href="https://blog.robur.coop/tags.html#tag-mbr">mbr</a></li><li><a href="https://blog.robur.coop/tags.html#tag-persistent storage">persistent storage</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-gpt">gpt</a></li><li><a href="/tags.html#tag-tar">tar</a></li><li><a href="/tags.html#tag-mbr">mbr</a></li><li><a href="/tags.html#tag-persistent storage">persistent storage</a></li></ul>
            </div>
        </div>
    </li><li>
@ -148,10 +174,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-02-13</span>
-            <a href="https://blog.robur.coop/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a><br />
+            <a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a><br />
            <p>How we improved the performance of elliptic curves by only modifying the underlying byte array</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-cryptography">cryptography</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-cryptography">cryptography</a></li><li><a href="/tags.html#tag-security">security</a></li></ul>
            </div>
        </div>
    </li><li>
@ -161,10 +187,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-02-11</span>
-            <a href="https://blog.robur.coop/articles/lwt_pause.html">Cooperation and Lwt.pause</a><br />
+            <a href="/articles/lwt_pause.html">Cooperation and Lwt.pause</a><br />
            <p>A disgression about Lwt and Miou</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Scheduler">Scheduler</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Community">Community</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Unikernel">Unikernel</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Git">Git</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-Scheduler">Scheduler</a></li><li><a href="/tags.html#tag-Community">Community</a></li><li><a href="/tags.html#tag-Unikernel">Unikernel</a></li><li><a href="/tags.html#tag-Git">Git</a></li></ul>
            </div>
        </div>
    </li><li>
@ -174,10 +200,10 @@
            </a></div>
        <div class="content">
            <span class="date">2024-02-03</span>
-            <a href="https://blog.robur.coop/articles/2024-02-03-python-str-repr.html">Python&apos;s `str.__repr__()`</a><br />
+            <a href="/articles/2024-02-03-python-str-repr.html">Python&apos;s `str.__repr__()`</a><br />
            <p>Reimplementing Python string escaping in OCaml</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-Python">Python</a></li><li><a href="https://blog.robur.coop/tags.html#tag-unicode">unicode</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-Python">Python</a></li><li><a href="/tags.html#tag-unicode">unicode</a></li></ul>
            </div>
        </div>
    </li><li>
@ -187,10 +213,10 @@
            </a></div>
        <div class="content">
            <span class="date">2023-11-20</span>
-            <a href="https://blog.robur.coop/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a><br />
+            <a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a><br />
            <p>How we resurrected MirageVPN from its bitrot state</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-VPN">VPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-VPN">VPN</a></li><li><a href="/tags.html#tag-security">security</a></li></ul>
            </div>
        </div>
    </li><li>
@ -200,10 +226,10 @@
            </a></div>
        <div class="content">
            <span class="date">2023-11-14</span>
-            <a href="https://blog.robur.coop/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a><br />
+            <a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a><br />
            <p>How we implementated tls-crypt-v2 for miragevpn</p>
            <div class="bottom">
-                <ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-VPN">VPN</a></li><li><a href="https://blog.robur.coop/tags.html#tag-security">security</a></li></ul>
+                <ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-VPN">VPN</a></li><li><a href="/tags.html#tag-security">security</a></li></ul>
            </div>
        </div>
    </li></ol>
--- a/tags.html
+++ b/tags.html
@ -5,7 +5,7 @@
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
-        Robur's blog
+        Robur's blog - Tags
    </title>
    <meta name="description" content="">
    <link type="text/css" rel="stylesheet" href="/css/hl.css">
@ -22,7 +22,7 @@
    </header>
    <main><a href="/index.html">Back to index</a>

-<ul class="tags-list aeration"><li><a href="#tag-Community">Community</a></li><li><a href="#tag-Cstruct">Cstruct</a></li><li><a href="#tag-DNSvizor">DNSvizor</a></li><li><a href="#tag-Git">Git</a></li><li><a href="#tag-MirageOS">MirageOS</a></li><li><a href="#tag-MirageVPN">MirageVPN</a></li><li><a href="#tag-OCaml">OCaml</a></li><li><a href="#tag-OpenVPN">OpenVPN</a></li><li><a href="#tag-Python">Python</a></li><li><a href="#tag-QubesOS">QubesOS</a></li><li><a href="#tag-Scheduler">Scheduler</a></li><li><a href="#tag-Unikernel">Unikernel</a></li><li><a href="#tag-VPN">VPN</a></li><li><a href="#tag-cooperative">cooperative</a></li><li><a href="#tag-cryptography">cryptography</a></li><li><a href="#tag-finances">finances</a></li><li><a href="#tag-functors">functors</a></li><li><a href="#tag-gpt">gpt</a></li><li><a href="#tag-mbr">mbr</a></li><li><a href="#tag-performance">performance</a></li><li><a href="#tag-persistent storage">persistent storage</a></li><li><a href="#tag-security">security</a></li><li><a href="#tag-tar">tar</a></li><li><a href="#tag-unicode">unicode</a></li><li><a href="#tag-unikernel">unikernel</a></li><li><a href="#tag-vpn">vpn</a></li></ul><div class="tag-box" id="tag-Community">
+<ul class="tags-list aeration"><li><a href="#tag-Community">Community</a></li><li><a href="#tag-Cstruct">Cstruct</a></li><li><a href="#tag-DNSvizor">DNSvizor</a></li><li><a href="#tag-Git">Git</a></li><li><a href="#tag-MirageOS">MirageOS</a></li><li><a href="#tag-MirageVPN">MirageVPN</a></li><li><a href="#tag-OCaml">OCaml</a></li><li><a href="#tag-OpenVPN">OpenVPN</a></li><li><a href="#tag-Python">Python</a></li><li><a href="#tag-QubesOS">QubesOS</a></li><li><a href="#tag-SMTP">SMTP</a></li><li><a href="#tag-Scheduler">Scheduler</a></li><li><a href="#tag-Unikernel">Unikernel</a></li><li><a href="#tag-VPN">VPN</a></li><li><a href="#tag-cooperative">cooperative</a></li><li><a href="#tag-cryptography">cryptography</a></li><li><a href="#tag-emails">emails</a></li><li><a href="#tag-finances">finances</a></li><li><a href="#tag-functors">functors</a></li><li><a href="#tag-gpt">gpt</a></li><li><a href="#tag-mailing-lists">mailing-lists</a></li><li><a href="#tag-mbr">mbr</a></li><li><a href="#tag-performance">performance</a></li><li><a href="#tag-persistent storage">persistent storage</a></li><li><a href="#tag-security">security</a></li><li><a href="#tag-tar">tar</a></li><li><a href="#tag-testing">testing</a></li><li><a href="#tag-unicode">unicode</a></li><li><a href="#tag-unikernel">unikernel</a></li><li><a href="#tag-vpn">vpn</a></li></ul><div class="tag-box" id="tag-Community">
    <h3>
        <span>Community</span>
    </h3>
@ -46,7 +46,7 @@
    <h3>
        <span>MirageOS</span>
    </h3>
-    <ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/arguments.html">Runtime arguments in MirageOS</a></li><li><a href="/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a></li></ul>
+    <ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/miragevpn-testing.html">Testing MirageVPN against OpenVPN™</a></li><li><a href="/articles/arguments.html">Runtime arguments in MirageOS</a></li><li><a href="/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a></li></ul>
 </div><div class="tag-box" id="tag-MirageVPN">
    <h3>
        <span>MirageVPN</span>
@ -56,7 +56,7 @@
    <h3>
        <span>OCaml</span>
    </h3>
-    <ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/2024-02-03-python-str-repr.html">Python&apos;s `str.__repr__()`</a></li><li><a href="/articles/lwt_pause.html">Cooperation and Lwt.pause</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/gptar.html">GPTar</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a></li><li><a href="/articles/tar-release.html">The new Tar release, a retrospective</a></li><li><a href="/articles/arguments.html">Runtime arguments in MirageOS</a></li><li><a href="/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a></li></ul>
+    <ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/2024-02-03-python-str-repr.html">Python&apos;s `str.__repr__()`</a></li><li><a href="/articles/lwt_pause.html">Cooperation and Lwt.pause</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/gptar.html">GPTar</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a></li><li><a href="/articles/miragevpn-testing.html">Testing MirageVPN against OpenVPN™</a></li><li><a href="/articles/tar-release.html">The new Tar release, a retrospective</a></li><li><a href="/articles/arguments.html">Runtime arguments in MirageOS</a></li><li><a href="/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a></li></ul>
 </div><div class="tag-box" id="tag-OpenVPN">
    <h3>
        <span>OpenVPN</span>
@ -72,6 +72,11 @@
        <span>QubesOS</span>
    </h3>
    <ul><li><a href="/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a></li></ul>
+</div><div class="tag-box" id="tag-SMTP">
+    <h3>
+        <span>SMTP</span>
+    </h3>
+    <ul><li><a href="/articles/2024-10-29-ptt.html">Postes, télégraphes et téléphones, next steps</a></li></ul>
 </div><div class="tag-box" id="tag-Scheduler">
    <h3>
        <span>Scheduler</span>
@ -96,7 +101,12 @@
    <h3>
        <span>cryptography</span>
    </h3>
-    <ul><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li></ul>
+    <ul><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/miragevpn-testing.html">Testing MirageVPN against OpenVPN™</a></li></ul>
+</div><div class="tag-box" id="tag-emails">
+    <h3>
+        <span>emails</span>
+    </h3>
+    <ul><li><a href="/articles/2024-10-29-ptt.html">Postes, télégraphes et téléphones, next steps</a></li></ul>
 </div><div class="tag-box" id="tag-finances">
    <h3>
        <span>finances</span>
@ -112,6 +122,11 @@
        <span>gpt</span>
    </h3>
    <ul><li><a href="/articles/gptar.html">GPTar</a></li></ul>
+</div><div class="tag-box" id="tag-mailing-lists">
+    <h3>
+        <span>mailing-lists</span>
+    </h3>
+    <ul><li><a href="/articles/2024-10-29-ptt.html">Postes, télégraphes et téléphones, next steps</a></li></ul>
 </div><div class="tag-box" id="tag-mbr">
    <h3>
        <span>mbr</span>
@ -131,12 +146,17 @@
    <h3>
        <span>security</span>
    </h3>
-    <ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/2024-08-21-OpenVPN-and-MirageVPN.html">MirageVPN and OpenVPN</a></li></ul>
+    <ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/miragevpn-testing.html">Testing MirageVPN against OpenVPN™</a></li><li><a href="/articles/2024-08-21-OpenVPN-and-MirageVPN.html">MirageVPN and OpenVPN</a></li></ul>
 </div><div class="tag-box" id="tag-tar">
    <h3>
        <span>tar</span>
    </h3>
    <ul><li><a href="/articles/gptar.html">GPTar</a></li></ul>
+</div><div class="tag-box" id="tag-testing">
+    <h3>
+        <span>testing</span>
+    </h3>
+    <ul><li><a href="/articles/miragevpn-testing.html">Testing MirageVPN against OpenVPN™</a></li></ul>
 </div><div class="tag-box" id="tag-unicode">
    <h3>
        <span>unicode</span>
@ -151,7 +171,7 @@
    <h3>
        <span>vpn</span>
    </h3>
-    <ul><li><a href="/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a></li></ul>
+    <ul><li><a href="/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a></li><li><a href="/articles/miragevpn-testing.html">Testing MirageVPN against OpenVPN™</a></li></ul>
 </div>
        </main>
    <footer>