JakeHillion/www
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
www/blog.hillion.co.uk/posts/weekly-2022-04-25/index.html
Drone 477de5c555 update blog.hillion.co.uk
2024-01-13 14:16:56 +00:00

14 lines
30 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Jake's Weekly - 25th April 2022 | Jake Hillion</title><meta name=keywords content><meta name=description content="Research Project Dissertation draft A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available here on Overleaf (permissions required), here on Gitea (no permissions required), and a current draft is available here.
Finished Table 1 (history of namespaces).
I haven&rsquo;t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite."><meta name=author content="Jake Hillion"><link rel=canonical href=https://blog.hillion.co.uk/posts/weekly-2022-04-25/><link crossorigin=anonymous href=/assets/css/stylesheet.min.48a18943c2fc15c38a372b8dde1f5e5dc0bc64fa6cb90f5a817d2f8c76b7f3ae.css integrity="sha256-SKGJQ8L8FcOKNyuN3h9eXcC8ZPpsuQ9agX0vjHa3864=" rel="preload stylesheet" as=style><script defer crossorigin=anonymous src=/assets/js/highlight.min.b95bacdc39e37a332a9f883b1e78be4abc1fdca2bc1f2641f55e3cd3dabd4d61.js integrity="sha256-uVus3DnjejMqn4g7Hni+Srwf3KK8HyZB9V4809q9TWE=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://blog.hillion.co.uk/favicon.ico><link rel=icon type=image/png sizes=16x16 href=https://blog.hillion.co.uk/favicon-16x16.png><link rel=icon type=image/png sizes=32x32 href=https://blog.hillion.co.uk/favicon-32x32.png><link rel=apple-touch-icon href=https://blog.hillion.co.uk/apple-touch-icon.png><link rel=mask-icon href=https://blog.hillion.co.uk/safari-pinned-tab.svg><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><script async src="https://www.googletagmanager.com/gtag/js?id=G-4CXXF49E7M"></script>
<script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-4CXXF49E7M",{anonymize_ip:!1})}</script><meta property="og:title" content="Jake's Weekly - 25th April 2022"><meta property="og:description" content="Research Project Dissertation draft A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available here on Overleaf (permissions required), here on Gitea (no permissions required), and a current draft is available here.
Finished Table 1 (history of namespaces).
I haven&rsquo;t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite."><meta property="og:type" content="article"><meta property="og:url" content="https://blog.hillion.co.uk/posts/weekly-2022-04-25/"><meta property="article:section" content="posts"><meta property="article:published_time" content="2022-04-25T11:00:00+00:00"><meta property="article:modified_time" content="2022-04-25T11:00:00+00:00"><meta property="og:site_name" content="Jake Hillion"><meta name=twitter:card content="summary"><meta name=twitter:title content="Jake's Weekly - 25th April 2022"><meta name=twitter:description content="Research Project Dissertation draft A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available here on Overleaf (permissions required), here on Gitea (no permissions required), and a current draft is available here.
Finished Table 1 (history of namespaces).
I haven&rsquo;t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite."><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://blog.hillion.co.uk/posts/"},{"@type":"ListItem","position":2,"name":"Jake's Weekly - 25th April 2022","item":"https://blog.hillion.co.uk/posts/weekly-2022-04-25/"}]}</script><script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"Jake's Weekly - 25th April 2022","name":"Jake\u0027s Weekly - 25th April 2022","description":"Research Project Dissertation draft A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available here on Overleaf (permissions required), here on Gitea (no permissions required), and a current draft is available here.\nFinished Table 1 (history of namespaces).\nI haven\u0026rsquo;t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite.","keywords":[],"articleBody":"Research Project Dissertation draft A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available here on Overleaf (permissions required), here on Gitea (no permissions required), and a current draft is available here.\nFinished Table 1 (history of namespaces).\nI havent mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite. Some serious git commands were needed to find the commits where things were added. Once I found the commit citing them wasnt too bad. The version changelogs are horrible to cite. They used to be posted by Linus on the mailing list, but now theyre posted on a site thats basically a Wiki (and referred to by Linus in the release email). Leaves a load of noauthor entries in my bibtex… Wrote a large section on mount namespaces (§3.1).\nI finally understand the horror show that is mount namespaces. The dissertation contains snippets of C and shell code that try to backup each thing I say clearly. Made a commitment to myself to add these commits and versions to Wikipedia when I get the chance, making this much easier in future. Cited some of the reasons these choices were made, in an attempt to provide a balanced view. I have some thoughts on how this could be done from the ground up in a far better way, but didnt include them as they arent particularly useful - hindsight is a wonderful thing. There also might be a bug in the MNT_DETACH logic, but again Im not sure I can fully back this up. Discussed more in the programming section of this post. Wrote sections on how each of the namespaces can be used to make a void.\nHavent yet completed cgroup and user namespaces, as they may need some extra work that isnt currently present in the code. The rest provide an accurate view of how to provide the utmost separation. Theres an idea floating around of separation of the host from the container versus separation of the container from the host. I havent got good wording for this yet. E.g. cgroup namespaces can provide decent separation of the host from the container, as you can go into an isolated subtree, but the host can still modify that subtree. The reason I havent said too much on this is that root on the host can modify anything in this system if it really wants. I wrote briefly about some future work on dynamic linking that is possible and suits the threat model that I dont think Ill have time to complete.\nMinor unlogged changes elsewhere.\nProgramming Tested and expanded the mount namespace voiding.\nAs written in the dissertation, mount namespaces are tricky. My initial code for voiding them completely borked the host system. Had a good offline exchange with our sysadmin trying to figure out which of us was breaking the machine. Possible exposed a kernel bug with MNT_DETACH crossing shared subtree boundaries and unmounting recursively. I cant see why this would ever be desired behaviour, as MNT_DETACH already relies on the kernels GC-type unmounting, so dropping a reference to the shared subtree should work fine. Not completely sure about this though. Id go a bit further to say I have no idea why MNT_DETACH unmounts recursively in the presence of shared subtrees. I think decreasing the refcount to what youre trying to unmount should have the same effect. I havent devoted time to testing a patch for this though, as its a bit extraneous to the projects main goals. Wrote the code to re-add the required elements to the mount namespace void (an empty tmpfs). This works surprisingly well with dynamic linking! I was expecting to have some serious difficulties here. It turns out that running ldd on the binary and bind mounting each of the paths in works perfectly (so far). Fits well with the threat model too (trusted binaries that are co-operatively requesting privilege separation). Added all the small support parts necessary for the TLS server.\nProper socket support for sending FDs. Better error handling for the now larger shim. Allowing file descriptors into the void explicitly. CI linting. Build a TLS server.\nThe spec and the app are written, it just needs slightly more verification and a little debugging before merging. All of the feature adding commits have been cherry-picked already, so only the example itself remains to be merged. Up Next The code is in a much better spot now than it was last time. The goal for the next week is to get the example applications completed under this near to final shim.\nWrite about my fib example.\nThe code is already written, the section in the dissertation needs to be completed. Include some detail as the simplicity of the application makes a good spot to discuss the complexity of the separation. Add the needed handling to gzip to run under the shim.\nEdit the source. Write a specification. Write about it in the write up. Create a decent explanatory figure. Write about the TLS server in Rust under the shim.\nWrite about it in the write up. Create a decent explanatory figure. Plan the evaluation.\nIm still not super clear on the best structure for the evaluation, so I think a plan is in order. Hopefully meet next week to follow up? Other After reading so many kernel mailing list entries trying to find references it caught my attention. Ive subscribed to netdev@vger.kernel.org with notifications off. Still trying to work out if this was a mistake… ","wordCount":"940","inLanguage":"en","datePublished":"2022-04-25T11:00:00Z","dateModified":"2022-04-25T11:00:00Z","author":{"@type":"Person","name":"Jake Hillion"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://blog.hillion.co.uk/posts/weekly-2022-04-25/"},"publisher":{"@type":"Organization","name":"Jake Hillion","logo":{"@type":"ImageObject","url":"https://blog.hillion.co.uk/favicon.ico"}}}</script></head><body id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://blog.hillion.co.uk/ accesskey=h title="Jake Hillion (Alt + H)">Jake Hillion</a>
<span class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></span></div><ul id=menu><li><a href=https://blog.hillion.co.uk/categories/ title=categories><span>categories</span></a></li><li><a href=https://blog.hillion.co.uk/tags/ title=tags><span>tags</span></a></li></ul></nav></header><main class=main><article class=post-single><header class=post-header><div class=breadcrumbs><a href=https://blog.hillion.co.uk/>Home</a>&nbsp;»&nbsp;<a href=https://blog.hillion.co.uk/posts/>Posts</a></div><h1 class=post-title>Jake's Weekly - 25th April 2022</h1><div class=post-meta><span title='2022-04-25 11:00:00 +0000 UTC'>April 25, 2022</span>&nbsp;·&nbsp;5 min&nbsp;·&nbsp;Jake Hillion</div></header><div class=post-content><h2 id=research-project>Research Project<a hidden class=anchor aria-hidden=true href=#research-project>#</a></h2><h3 id=dissertation-draft>Dissertation draft<a hidden class=anchor aria-hidden=true href=#dissertation-draft>#</a></h3><p>A block of progress on the stuff learnt so far and how each of the namespaces can be modified to create a void. The work is available <a href=https://www.overleaf.com/project/6227c8e96fcdc06e56454f24>here</a> on Overleaf (permissions required), <a href=https://gitea.hillion.co.uk/JakeHillion/dissertation>here</a> on Gitea (no permissions required), and a current draft is available <a href=dissertation.pdf>here</a>.</p><ul><li><p>Finished Table 1 (history of namespaces).</p><ul><li>I haven&rsquo;t mentioned it in the write up but this was horrible to firstly find the answers to and secondly to cite.</li><li>Some serious git commands were needed to find the commits where things were added. Once I found the commit citing them wasn&rsquo;t too bad.</li><li>The version changelogs are horrible to cite. They used to be posted by Linus on the mailing list, but now they&rsquo;re posted on a site that&rsquo;s basically a Wiki (and referred to by Linus in the release email). Leaves a load of <code>noauthor</code> entries in my bibtex&mldr;</li></ul></li><li><p>Wrote a large section on mount namespaces (§3.1).</p><ul><li>I <em>finally</em> understand the horror show that is mount namespaces. The dissertation contains snippets of C and shell code that try to backup each thing I say clearly.</li><li>Made a commitment to myself to add these commits and versions to Wikipedia when I get the chance, making this much easier in future.</li><li>Cited some of the reasons these choices were made, in an attempt to provide a balanced view.</li><li>I have some thoughts on how this could be done from the ground up in a far better way, but didn&rsquo;t include them as they aren&rsquo;t particularly useful - hindsight is a wonderful thing.</li><li>There also might be a bug in the <code>MNT_DETACH</code> logic, but again I&rsquo;m not sure I can fully back this up. Discussed more in the programming section of this post.</li></ul></li><li><p>Wrote sections on how each of the namespaces can be used to make a void.</p><ul><li>Haven&rsquo;t yet completed <code>cgroup</code> and <code>user</code> namespaces, as they may need some extra work that isn&rsquo;t currently present in the code. The rest provide an accurate view of how to provide the utmost separation.</li><li>There&rsquo;s an idea floating around of separation of the host from the container versus separation of the container from the host. I haven&rsquo;t got good wording for this yet. E.g. cgroup namespaces can provide decent separation of the host from the container, as you can go into an isolated subtree, but the host can still modify that subtree. The reason I haven&rsquo;t said too much on this is that root on the host can modify anything in this system if it really wants.</li></ul></li><li><p>I wrote briefly about some future work on dynamic linking that is possible and suits the threat model that I don&rsquo;t think I&rsquo;ll have time to complete.</p></li><li><p>Minor unlogged changes elsewhere.</p></li></ul><h3 id=programming>Programming<a hidden class=anchor aria-hidden=true href=#programming>#</a></h3><ul><li><p>Tested and expanded the mount namespace voiding.</p><ul><li>As written in the dissertation, mount namespaces are tricky. My initial code for voiding them completely borked the host system.</li><li>Had a good offline exchange with our sysadmin trying to figure out which of us was breaking the machine.<ul><li>Possible exposed a kernel bug with <code>MNT_DETACH</code> crossing shared subtree boundaries and unmounting recursively. I can&rsquo;t see why this would ever be desired behaviour, as <code>MNT_DETACH</code> already relies on the kernel&rsquo;s GC-type unmounting, so dropping a reference to the shared subtree should work fine. Not completely sure about this though.</li><li>I&rsquo;d go a bit further to say I have no idea why <code>MNT_DETACH</code> unmounts recursively in the presence of shared subtrees. I think decreasing the refcount to what you&rsquo;re trying to unmount should have the same effect. I haven&rsquo;t devoted time to testing a patch for this though, as it&rsquo;s a bit extraneous to the project&rsquo;s main goals.</li></ul></li><li>Wrote the code to re-add the required elements to the mount namespace void (an empty tmpfs).</li><li>This works surprisingly well with dynamic linking!<ul><li>I was expecting to have some serious difficulties here. It turns out that running <code>ldd</code> on the binary and bind mounting each of the paths in works perfectly (so far).</li><li>Fits well with the threat model too (trusted binaries that are co-operatively requesting privilege separation).</li></ul></li></ul></li><li><p>Added all the small support parts necessary for the TLS server.</p><ul><li>Proper socket support for sending FDs.</li><li>Better error handling for the now larger shim.</li><li>Allowing file descriptors into the void explicitly.</li><li>CI linting.</li></ul></li><li><p>Build a TLS server.</p><ul><li>The spec and the app are written, it just needs slightly more verification and a little debugging before merging.</li><li>All of the feature adding commits have been cherry-picked already, so only the example itself remains to be merged.</li></ul></li></ul><h3 id=up-next>Up Next<a hidden class=anchor aria-hidden=true href=#up-next>#</a></h3><p>The code is in a much better spot now than it was last time. The goal for the next week is to get the example applications completed under this near to final shim.</p><ul><li><p>Write about my fib example.</p><ul><li>The code is already written, the section in the dissertation needs to be completed.</li><li>Include some detail as the simplicity of the application makes a good spot to discuss the complexity of the separation.</li></ul></li><li><p>Add the needed handling to <code>gzip</code> to run under the shim.</p><ul><li>Edit the source.</li><li>Write a specification.</li><li>Write about it in the write up.</li><li>Create a decent explanatory figure.</li></ul></li><li><p>Write about the TLS server in Rust under the shim.</p><ul><li>Write about it in the write up.</li><li>Create a decent explanatory figure.</li></ul></li><li><p>Plan the evaluation.</p><ul><li>I&rsquo;m still not super clear on the best structure for the evaluation, so I think a plan is in order.</li><li>Hopefully meet next week to follow up?</li></ul></li></ul><h2 id=other>Other<a hidden class=anchor aria-hidden=true href=#other>#</a></h2><ul><li>After reading so many kernel mailing list entries trying to find references it caught my attention. I&rsquo;ve subscribed to <code>netdev@vger.kernel.org</code> with notifications off. Still trying to work out if this was a mistake&mldr;</li></ul></div><footer class=post-footer><nav class=paginav><a class=prev href=https://blog.hillion.co.uk/posts/weekly-05-02/><span class=title>« Prev Page</span><br><span>Jake's Weekly - 2nd May 2022</span></a>
<a class=next href=https://blog.hillion.co.uk/posts/weekly-2022-03-28/><span class=title>Next Page »</span><br><span>Jake's Weekly - 28th March 2022</span></a></nav><div class=share-buttons><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 25th April 2022 on twitter" href="https://twitter.com/intent/tweet/?text=Jake%27s%20Weekly%20-%2025th%20April%202022&amp;url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-04-25%2f&amp;hashtags="><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 25th April 2022 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-04-25%2f&amp;title=Jake%27s%20Weekly%20-%2025th%20April%202022&amp;summary=Jake%27s%20Weekly%20-%2025th%20April%202022&amp;source=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-04-25%2f"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 25th April 2022 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-04-25%2f&title=Jake%27s%20Weekly%20-%2025th%20April%202022"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 25th April 2022 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-04-25%2f"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 25th April 2022 on whatsapp" href="https://api.whatsapp.com/send?text=Jake%27s%20Weekly%20-%2025th%20April%202022%20-%20https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-04-25%2f"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 25th April 2022 on telegram" href="https://telegram.me/share/url?text=Jake%27s%20Weekly%20-%2025th%20April%202022&amp;url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-04-25%2f"><svg viewBox="2 2 28 28"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg></a></div></footer><div id=disqus_thread></div><script type=application/javascript>window.disqus_config=function(){},function(){if(["localhost","127.0.0.1"].indexOf(window.location.hostname)!=-1){document.getElementById("disqus_thread").innerHTML="Disqus comments not available by default when the website is previewed locally.";return}var t=document,e=t.createElement("script");e.async=!0,e.src="//blog-hillion-co-uk.disqus.com/embed.js",e.setAttribute("data-timestamp",+new Date),(t.head||t.body).appendChild(e)}()</script><noscript>Please enable JavaScript to view the <a href=https://disqus.com/?ref_noscript>comments powered by Disqus.</a></noscript><a href=https://disqus.com class=dsq-brlink>comments powered by <span class=logo-disqus>Disqus</span></a></article></main><footer class=footer><span>&copy; 2024 <a href=https://blog.hillion.co.uk/>Jake Hillion</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://git.io/hugopapermod rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
Reference in New Issue View Git Blame Copy Permalink