@ -68,8 +68,7 @@ We have seen plain data in a TLS encrypted stream. The plain data was intended
Certainly, interfacing the outside world is complex. The [mirage-block-xen](https://github.com/mirage/mirage-block-xen) library uses a similar protocol to access block devices. From a brief look, that library seems to be safe (using 64bit identifiers).
I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
@ -105,5 +105,4 @@ OCaml does not yet do dead code elimination, but there [is a PR](https://github.
Those counting statistics could go into more detail (e.g. using `nm` to count the sizes of concrete symbols - which opens the possibility to see which symbols are present in the objects, but not in the final binary). Also, collecting the numbers for each module in a library would be great to have. In the end, it would be great to easily spot the source fragments which are responsible for a huge binary size (and getting rid of them).
I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
@ -351,4 +351,4 @@ There are further steps to take, such as monitoring -- have a look at the `monit
I'd like to thank all people involved in this software stack, without other key components, including [git](https://github.com/mirage/ocaml-git), [irmin 2.0](https://irmin.io/), [nocrypto](https://github.com/mirleft/ocaml-nocrypto), [awa-ssh](https://github.com/haesbaert/awa-ssh), [cohttp](https://github.com/mirage/ocaml-cohttp), [solo5](https://github.com/solo5/sol5), [mirage](https://github.com/mirage/mirage), [ocaml-letsencrypt](https://github.com/mmaker/ocaml-letsencrypt), and more.
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or an issue on the [data repository](https://github.com/hannesm/hannes.nqsb.io/issues).
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or via eMail.
@ -89,4 +89,4 @@ Another potential project that is very close now is a certificate authority deve
## Footer
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or an issue on the [data repository](https://github.com/hannesm/hannes.nqsb.io/issues).
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or via eMail.
@ -149,8 +149,7 @@ The important bits are what actually happens during `configure` and `clean`: exe
We walked through the configuration magic of MirageOS, which is a domain-specific language designed for MirageOS demands. We can run arbitrary commands at compile time, and do not need to escape into external files, such as Makefile or shell scripts, but can embed them in our `config.ml`.
I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
@ -101,4 +101,4 @@ Mirage so far still uses ocamlbuild and ocamlfind for compiling the virtual mach
## Footer
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or an issue on the [data repository](https://github.com/hannesm/hannes.nqsb.io/issues).
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or via eMail.
@ -120,7 +120,7 @@ system (the markdown content is held in memory with irmin!), no user management
At compile (configuration) time, the TLS keys are baked into the image, in addition to the url of the remote
git repository, the IPv4 address and ports the image should use:
The full command line for configuring this website is: `mirage configure --no-opam --xen -i Posts -n "full stack engineer" -r https://github.com/hannesm/hannes.nqsb.io.git --dhcp false --network 0 --ip 198.167.222.205 --netmask 255.255.255.0 --gateways 198.167.222.1 --tls 443 --port 80`.
The full command line for configuring this website is: `mirage configure --no-opam --xen -i Posts -n "full stack engineer" -r git://git.robur.io/hannes/hannes.robur.coop.git --dhcp false --network 0 --ip 198.167.222.205 --netmask 255.255.255.0 --gateways 198.167.222.1 --tls 443 --port 80`.
It relies on the fact that the TLS certificate chain and private key are in the `tls/` subdirectory, which is transformed to code and included in the image (using [crunch](https://github.com/mirage/ocaml-crunch)). An improvement would be to [use an ELF section](https://github.com/mirage/mirage/issues/489), but there is no code yet.
After configuring and installing the required dependencies, a `make` builds the statically linked image.
@ -163,12 +163,11 @@ access control.
I hope I gave some insight into what the purpose of an operating systems is, and
how MirageOS fits into the picture. I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
[twitter](https://twitter.com/h4nnes) or via eMail.
## Other updates in the MirageOS ecosystem
- this website is based on [Canopy](https://github.com/Engil/Canopy), the content is stored as markdown in a [git repository](https://github.com/hannesm/hannes.nqsb.io)
- this website is based on [Canopy](https://github.com/Engil/Canopy), the content is stored as markdown in a [git repository](https://git.robur.io/hannes/hannes.robur.coop)
- it was running in a [FreeBSD](https://FreeBSD.org) jail, but when I compiled too much the underlying [zfs file system](https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs.html) wasn't happy (and is now hanging in kernel space in a read)
- no remote power switch (borrowed to a friend 3 weeks ago), nobody was willing to go to the data centre and reboot
- I wanted to move it anyways to a host where I can deploy [Xen](http://www.xenproject.org/) guest VMs
[hannesm@mastodon.social](http://mastodon.social/@hannesm) or via eMail.
Since [the start of 2018](/Posts/DNS) we are developing robust software and systems at [robur](http://robur.io). If you like our work and want to support us with donations or development contracts, please get in touch with `team@robur.io`. Robur is a project of the German non-profit [Center for the cultivation of technology](https://techcultivation.org). Donations to robur are tax-deductible in Europe.
@ -84,4 +84,4 @@ What was fun was to compare the unikernel when built on Linux with gcc against a
An item on my list for the future is to distribute the opam export, build hashes and build environment artifacts in a authenticated way. I want to integrate this as [in-toto](https://in-toto.io/) style into [conex](https://github.com/hannesm/conex), my not-yet-deployed implementation of [tuf](https://theupdateframework.github.io/) for opam that needs further development and a test installation, hopefully in 2020.
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or an issue on the [data repository](https://github.com/hannesm/hannes.nqsb.io/issues).
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or via eMail.
@ -79,8 +79,7 @@ Network and TLS stack works as well (tested 30th October).
I managed to get solo5 to work with bhyve. I even use clang instead of gcc and don't need to link `libgcc.a`. :) It is great to see further development in hypervisors and virtual machine monitors. Especially thanks to [Martin Lucina](https://lucina.net) for getting things sorted.
I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
@ -62,4 +62,4 @@ The [GADT map](https://github.com/hannesm/gmap) is a normal OCaml Map structure,
More projects are happening as we speak, it takes time to upstream all the changes, such as monitoring, new core libraries, getting our DNS implementation released, pushing Conex into production, more features such as DNSSec, ...
I'm interested in feedback, either via <strike>[twitter](https://twitter.com/h4nnes)</strike> [hannesm@mastodon.social](https://mastodon.social/@hannesm) or an issue on the [data repository](https://github.com/hannesm/hannes.nqsb.io/issues).
I'm interested in feedback, either via <strike>[twitter](https://twitter.com/h4nnes)</strike> [hannesm@mastodon.social](https://mastodon.social/@hannesm) or via eMail.
@ -378,4 +378,4 @@ If you develop enhancements you'd like to share, please sent a pull request to t
Motivation for this traceroute unikernel was while talking with [Aaron](https://twitter.com/networkservice) and [Paul](https://github.com/phaer), who contributed several patches to the IP stack which pass the ttl through.
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or an issue on the [data repository](https://github.com/hannesm/hannes.nqsb.io/issues).
If you want to support our work on MirageOS unikernels, please [donate to robur](https://robur.coop/Donate). I'm interested in feedback, either via [twitter](https://twitter.com/h4nnes), [hannesm@mastodon.social](https://mastodon.social/@hannesm) or via eMail.
@ -69,4 +69,4 @@ I intended in 0.7.0 to have much more precise types, esp. for the SubjectAlterna
The work on X.509 was sponsored by [OCaml Labs](http://ocamllabs.io/). You can support our work at robur by a [donation](https://robur.io/Donate), which we will use to work on our OCaml and MirageOS projects. You can also reach out to us to realize commercial products.
I'm interested in feedback, either via <strike>[twitter](https://twitter.com/h4nnes)</strike> [hannesm@mastodon.social](https://mastodon.social/@hannesm) or an issue on the [data repository](https://github.com/hannesm/hannes.nqsb.io/issues).
I'm interested in feedback, either via <strike>[twitter](https://twitter.com/h4nnes)</strike> [hannesm@mastodon.social](https://mastodon.social/@hannesm) or via eMail.
@ -261,8 +261,7 @@ There is a long list of potential features, such as full HTTP protocol complianc
For a start in MirageOS unikernels, look into our [mirage-skeleton](https://github.com/mirage/mirage-skeleton) project, and into the [/dev/winter](https://github.com/mattgray/devwinter2016/) presentation by Matt Gray.
I'm interested in feedback, either via
[twitter](https://twitter.com/h4nnes) or as an issue on the [data repository on
