Feed digilinux.ru [copy] http://digilinux.ru/feed/ has loading error: cURL error 22: The requested URL returned error: 403 Forbidden
Feed freepost [copy] https://freepo.st/rss/new has loading error: cURL error 22: The requested URL returned error: 500
Feed justine.lol [copy] https://justinetunney.com/rss.xml has loading error: cURL error 60: SSL certificate problem: certificate has expired
Status update, June 2022
Hello again! I would like to open this post by acknowledging the response to my earlier post, “bleh”. Since it was published, I have received several hundred emails expressing support and kindness. I initially tried to provide these with thoughtful replies, then shorter replies, then I had to stop replying at all, but I did read every one. Thank you, everyone, for sending these. I appreciate it very much, and it means a lot to me.
I have actually had a lot more fun programming this month than usual, since I decided to spend more time on experimental and interesting projects and less time on routine maintenance or...
The Helios microkernel
I’ve been working on a cool project lately that I’d like to introduce you to: the Helios microkernel. Helios is written in Hare and currently targets x86_64, and riscv64 and aarch64 are on the way. It’s very much a work-in-progress: don’t expect to pick this up and start building anything with it today.
Drawing some inspiration from seL4, Helios uses a capability-based design for isolation and security. The kernel offers primitives for allocating physical pages, mapping them into address spaces, and managing tasks, plus features like platform-specific I/O (e.g. reading and writing x86 ports). The entire system is written in Hare, plus some necessary assembly for the platform bits...
bleh
A few weeks ago, the maintainer of a project on SourceHut stepped down from their work, citing harassment over using SourceHut as their platform of choice. It was a difficult day when I heard about that.
Over the past few weeks, I have been enduring a bit of a depressive episode. It’s a complex issue rooted in several different problems, but I think a major source of it is the seemingly constant deluge of hate I find myself at the receiving end of online. I had to grow a thick skin a long time ago, but lately it has not been thick enough. I am finding it...
Google has been DDoSing SourceHut for over a year
Just now, I took a look at the HTTP logs on git.sr.ht. Of the past 100,000 HTTP requests received by git.sr.ht (representing about 2½ hours of logs), 4,774 have been requested by GoModuleProxy — 5% of all traffic. And their requests are not cheap: every one is a complete git clone. They come in bursts, so every few minutes we get a big spike from Go, along with a constant murmur of Go traffic.
This has been ongoing since around the release of Go 1.16, which came with some changes to how Go uses modules. Since this release, following a gradual ramp-up in traffic as the release was...
Status update, May 2022
This was an exciting month: the Hare programming language is a secret no more! You can now try out the programming language I first teased over a year ago and tell me what you think. I hope you like it! I’m quite pleased with it so far.
One thing Hare has done is allow me to unshelve several projects which were blocked pending the availability of a suitable language to write them in. I have actually been working on several of these for a while now — and several more are to come later — but I couldn’t share them thanks to Hare’s policy of secrecy early in...
A Hare code generator for finding ioctl numbers
Modern Unix derivatives have this really bad idea called ioctl. It’s a function which performs arbitrary operations on a file descriptor. It is essentially the kitchen sink of modern Unix derivatives, particularly Linux, in which they act almost like a second set of extra syscalls. For example, to get the size of the terminal window, you use an ioctl specific to TTY file descriptors:
let wsz = rt::winsize { ... };
match (rt::ioctl(fd, rt::TIOCGWINSZ, &wsz: *void)) {
case let e: rt::errno =>
switch (e: int) {
case rt::EBADFD =>
return errors::invalid;
case rt::ENOTTY =>
return errors::unsupported;
case =>
abort("Unexpected error from ioctl");
};
case int =>
return ttysize {
rows = wsz.ws_row,
columns = wsz.ws_col,
};
};
This code performs the...
When will we learn?
Congratulations to Rust for its first (but not its last) supply-chain attack this week! They join a growing club of broken-by-design package managers which publish packages uploaded by vendors directly, with no review step, and ship those packages directly to users with no further scrutiny.
Timeline of major incidents on npm/Crates/PyPI/etc 2022-05-10: Cargo: rustdecimal ships with malicious code 2022-05-09: npm: foreach is taken over via an expired email domain 2022-03-17: npm: node-ipc ships malware targeting Russia and Belarus 2022-01-09: npm: colors and faker are deliberately sabotaged 2021-11-19: PyPI: 11 malicious packages discovered 2021-11-04: npm: rc ships malicious code 2021-11-04: npm: coa steals your passwords 2021-10-22: npm: ua-parser-js ships malicious code 2021-10-11: PyPI: mitmproxy2...Implementing an SSH agent in Hare
Cross-posted from the Hare blog
In the process of writing an SSH agent for Himitsu, I needed to implement many SSH primitives from the ground up in Hare, now available via hare-ssh. Today, I’m going to show you how it works!
Important: This blog post deals with cryptography-related code. The code you’re going to see today is incomplete, unaudited, and largely hasn’t even seen any code review. Let me begin with a quote from the “crypto” module’s documentation in the Hare standard library:
Cryptography is a difficult, high-risk domain of programming. The life and well-being of your users may depend on your ability to implement cryptographic applications with due care....