Christoph boosted

Before using `std.debug.Trace` API: crap! We cannot debug this because the context for why this field was set to an unexpected value is gone.

After using `std.debug.Trace`: We learn where the unexpected value was set, bug identified!

Christoph boosted

Don't know about you, but I am getting Mach flashbacks.

RT @pchaigno@twitter.com

Next at #LinuxPlumbers, Barret Rhoden provides an update on Google's Ghost kernel scheduler class and describes a new BPF-only CPU scheduler as an example.

Slides: lpc.events/event/16/contributi
Last year's references: twitter.com/pchaigno/status/14
Stream: youtube.com/watch?v=Xw9pKeJ-4B

🐦🔗: twitter.com/pchaigno/status/15

Christoph boosted
Christoph boosted

There have been enough sandbox escape vulnerabilities at this point that same-process sandboxing is no longer considered a viable technique for running completely untrusted code. But it can still be used in MOO's security model, where users have to demonstrate some amount of trustworthiness to get programmer bits, and only well-known and trusted users get wizbits.

I've managed to build a proof-of-concept system with fine-grained sandboxing using Lua, but I ran out of motivation on that project because there's not much of an existing Lua ecosystem to use compared to JS. I would have built it on Duktape had Duktape existed at the time. And once Duktape came along WASM was on the horizon.

I doubt there will be a WASM runtime designed for same-process sandboxing anytime soon. But there appears to be some momentum toward making WASM-GC OCAP-safe, which at least would make it possible to run semi-mutually-untrusting code, though it would not protect against memory or CPU-time DoS.

Server-side WASM appears to be fairly mature at this point. While this doesn't give same-process sandboxing or finer-grained concurrency, it does support one of the "holy grails" we had back in the ColdC/Genesis days: language agnosticism. While that mostly only means Rust and C++ at the moment, Rust is certainly preferable to JS, it has a sufficiently large community and ecosystem, and the ability to target WASM has been a goal of Rust for a long time (always?).

I think I'll spend some time checking out Wasmtime.

wasmtime.dev/

Christoph boosted

Spending the time to learn #tmux basics was very much worth the investment. I live in tmux in my dayjob. If you work with #Linux, I strongly recommend it.

Christoph boosted
Christoph boosted

Enarx is an open source framework for running WebAssembly applications in TEEs (Trusted Execution Environments).

Enarx is completely written in Rust and includes an SGX shim, an X86_64 unikernel via KVM with SEV-SNP support.

Our contributions to Rust include:

* static-pie support
* x86_64-unknown-none Tier 2 target
* stabilization of naked functions
* network support for wasm32-wasi
* bindeps feature for cargo

enarx.dev

#rust #rustlang #confidentialcomputing
#webassembly #wasm #wasi

Just a couple of days until - already super excited!

@cadey I recently stumbled upon Olin (github.com/Xe/olin). Looks like you abandoned it. Is there any background info?

Digging through the source - it has some nice ideas!

Christoph boosted
Christoph boosted

Today I will spend most of the day looking at the Event Horizon Telescope image of Sgr A*!

This is the first direct image of the emission immediately outside of our Milky Way’s central supermassive black hole!!!

2k bugs for a v2 really nice looking ? Seriously - this is too much for me.

Christoph boosted

#Introduction Hello #fosstodon!

Yet Another Twitter Refugee landing on the shores of the #fediverse #mastodon world.

I am fleeing the unleashing of the trolls in the impending Musk-alypse.

With >41K blocks and <3K follows on Twitter the noise to signal ratio is trending the wrong way. And it will get worse.

Looking for quality follows for: #technology #softwaredevelopment #golang #FOSS #Kubernetes #cloud #InfoSec #ISP #Infrastructure #meditation #physics #photography #CovidIsAirborne

Show older
Hachyderm.io

If you follow the rules, you are welcome to join. Here we are trying to build a curated network of respectful professionals in the tech industry. We are hackers, professionals, enthusiasts, and are passionate about life, respect, and freedom. We believe in peace. Safe space. Tech Industry. Economics. OSINT/News. Linux. Kubernetes. Infrastructure. Security. Hackers. Respect. LGTBQIA+. Pets. Hobbies.