138 lines
10 KiB
XML
138 lines
10 KiB
XML
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
|
||
|
<channel>
|
||
|
<title>Posts on Jake Hillion</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/</link>
|
||
|
<description>Recent content in Posts on Jake Hillion</description>
|
||
|
<generator>Hugo -- gohugo.io</generator>
|
||
|
<lastBuildDate>Mon, 06 Jun 2022 14:00:00 +0100</lastBuildDate><atom:link href="https://blog.hillion.co.uk/posts/index.xml" rel="self" type="application/rss+xml" />
|
||
|
<item>
|
||
|
<title>Void Processes: Minimising privilege by default</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/void-processes/dissertation/</link>
|
||
|
<pubDate>Mon, 06 Jun 2022 14:00:00 +0100</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/void-processes/dissertation/</guid>
|
||
|
<description>Recently I concluded the work on my Part III (M.Eng) dissertation. This was on Void Processes, a mechanism to statically distribute fine-grained privilege to application processes on Linux.
|
||
|
My dissertation is available here. I plan to make a series of posts over the next few weeks documenting my findings in smaller snippets, particularly the experience of voiding mount namespaces. In the future, I hope to produce some work which increases the performance of creating empty namespaces.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 2nd May 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-05-02/</link>
|
||
|
<pubDate>Mon, 02 May 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-05-02/</guid>
|
||
|
<description>Research Project Dissertation draft A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available here on Overleaf (permissions required), here on Gitea (no permissions required), and a current draft is available here.
|
||
|
Finished Table 1 (history of namespaces).
|
||
|
I haven&rsquo;t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 25th April 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-2022-04-25/</link>
|
||
|
<pubDate>Mon, 25 Apr 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-2022-04-25/</guid>
|
||
|
<description>Research Project Dissertation draft A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available here on Overleaf (permissions required), here on Gitea (no permissions required), and a current draft is available here.
|
||
|
Finished Table 1 (history of namespaces).
|
||
|
I haven&rsquo;t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 28th March 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-2022-03-28/</link>
|
||
|
<pubDate>Mon, 28 Mar 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-2022-03-28/</guid>
|
||
|
<description>Research Project Programming Built a new VoidBuilder struct to better align with how creating a void is described in the writing (void.rs).
|
||
|
A new builder describes a complete Linux void. Methods allow you to make it less of a void as you see fit. This aligns well with the structure in the write up. Creating a void first then adding only precisely what is needed to it. It&rsquo;s also a much higher level API that&rsquo;s object oriented.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Chia Database Torrents 🌱👨💻🌐</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/chia-db-torrents/</link>
|
||
|
<pubDate>Tue, 22 Mar 2022 13:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/chia-db-torrents/</guid>
|
||
|
<description>Having trouble keeping your Chia database in sync? Database corruption leading to days or weeks of syncing? These Chia database torrents might help you out.
|
||
|
I had the same problem myself, and tried to backup the database file like I would most things. Unfortunately it snapshots and deduplicates incredibly poorly, as much of the file changes almost immediately after restarting. Given that I can&rsquo;t be the only one having these problems, I extended my backup script to create torrents of the database when I snapshot it.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 14th March 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-2022-03-14/</link>
|
||
|
<pubDate>Mon, 14 Mar 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-2022-03-14/</guid>
|
||
|
<description>Research Project Read Capsicum (Watson et al., 2010) I re-read this paper, but in the context of my project&rsquo;s work, it provided some incredibly useful insight. I&rsquo;ve listed the most important takeaways here, but there are more.
|
||
|
My niche might now be figured out. Capsicum discusses eliminating dual-coding by only being in the code, at the cost of potential static analysis. By using high-level language integrations, I think that my solution can achieve both being integral to the code and having a static description.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Drone CI and Crypto Honeypots 💰🍯📚</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/drone-hack/</link>
|
||
|
<pubDate>Mon, 07 Mar 2022 18:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/drone-hack/</guid>
|
||
|
<description>One gloomy Tuesday evening, I SSHed into my CI server and ran htop as I had hundreds of times before. The machine is pinned running my jobs, but wait&hellip; Something is wrong.
|
||
|
htop showing bad things I certainly wasn&rsquo;t running any jobs involving Tensorflow, and I&rsquo;m not in the habit of mining cryptocurrencies on my CI server.
|
||
|
This post will cover the series of events that lead to this happening, what happened, and the learnings I&rsquo;ve taken away from it.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 28th Feb 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-2022-02-28/</link>
|
||
|
<pubDate>Mon, 28 Feb 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-2022-02-28/</guid>
|
||
|
<description>Research Project Process Isolation Expanded the shim with so called PipeTriggers.
|
||
|
Wrote an example for this (examples/pipes/main.rs). Wrote the specification for this application to be launched with the shim (examples/pipes/spec.json). I think this is very neat and certainly a focal point of the project. This style of request driven programming that the shim enables with a powerful level of privilege dropping each time should be useful. The spec is also pretty easy to parse and even write for this too.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 13th Feb 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-2022-02-13/</link>
|
||
|
<pubDate>Mon, 14 Feb 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-2022-02-13/</guid>
|
||
|
<description>Research Project Process Isolation Built the shim in Rust (clone_shim).
|
||
|
Wrote a quite nice to use wrapper for the clone3 syscall in (relatively) safe Rust (clone.rs).
|
||
|
Wrote the basis of specification, that should be extensible enough for future features (specification.rs).
|
||
|
Currently this reads only JSON specifications, but Rust&rsquo;s serde library has support for a variety of binary formats to try later on. Started tying things together. Currently on the running at startup launches work, but they do launch and it&rsquo;s a strong basis to add more features from.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 31st Jan 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-2022-01-31/</link>
|
||
|
<pubDate>Mon, 31 Jan 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-2022-01-31/</guid>
|
||
|
<description>Research Project Process Isolation Built three privilege separated test applications.
|
||
|
Wrote a privilege separated fib implementation (fib_priv_sep.c).
|
||
|
Pretty basic separation as the program is trivial. In the later cp example I did privilege separate the arguments, but I didn&rsquo;t for the purpose of fib. Starting to build up a structure. The files are structured to have a main implementation reminiscent of the eventual shim, while the functions like real_main would come from the eventual binary.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 17th Jan 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-2022-01-17/</link>
|
||
|
<pubDate>Sat, 15 Jan 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-2022-01-17/</guid>
|
||
|
<description>Research Project Process Isolation Wrote an OCaml binding for the clone3 syscall (clone_shim.ml/clone3_stub.c).
|
||
|
Some decisions made to make this feel a bit higher level: List of flags rather than ORed together numbers. Options used where helpful. Looked into using an OCaml callback, but of course this doesn&rsquo;t work (as expected - OCaml didn&rsquo;t like Multicore!). Currently execve&rsquo;s a specific binary (/bin/sh), but should be easy to extend. Tricky to know sometimes what to put in C and what to put in OCaml.</description>
|
||
|
</item>
|
||
|
|
||
|
<item>
|
||
|
<title>Jake's Weekly - 3rd Jan 2022</title>
|
||
|
<link>https://blog.hillion.co.uk/posts/weekly-2022-01-03/</link>
|
||
|
<pubDate>Sat, 01 Jan 2022 11:00:00 +0000</pubDate>
|
||
|
|
||
|
<guid>https://blog.hillion.co.uk/posts/weekly-2022-01-03/</guid>
|
||
|
<description>Research Project Process Isolation Setup a Fedora testing VM for easier and consistent testing.
|
||
|
Fedora 35 uses pure cgroups2 by default - very useful! Sorted out backups for the repo and the above machine. Chose a testing framework for C enabling testing of the assertions to build the project upon.
|
||
|
Used Unity. Simple and the examples show that it doesn&rsquo;t do much beyond the minimum - important for this low level code with syscalls.</description>
|
||
|
</item>
|
||
|
|
||
|
</channel>
|
||
|
</rss>
|