A slightly-delayed monthly status update

Jun 4, 2021
A few weeks ago, I announced the creation of a security response team for Alpine, of which I am presently the chair. Since then, the team has been fully chartered by both the previous Alpine core team, and the new Alpine council, and we have gotten a few members on board working on security issues in Alpine.

the whole freenode kerfluffle

May 20, 2021
But the thing is IRC has always been a glorious thing. The infra has always been sponsored by companies or people. But the great thing about IRC is you can always vote and let the networks and world know which you choose - by using /server. — Andrew Lee (rasengan), chairman of freenode limited

AlpineConf 2021 recap

May 18, 2021
Last weekend was AlpineConf, the first one ever. We held it as a virtual event, and over 700 participants came and went during the weekend. Although there were many things we learned up to and during the conference that could be improved, I think that the first AlpineConf was a great success!

using qemu-user emulation to reverse engineer binaries

May 5, 2021
QEMU is primarily known as the software which provides full system emulation under Linux’s KVM. Also, it can be used without KVM to do full emulation of machines from the hardware level up. Finally, there is qemu-user, which allows for emulation of individual programs. That’s what this blog post is about.

The various ways to check if an integer is even

Apr 27, 2021
You have probably seen this post on Twitter by now: But actually, the way most people test whether a number is even is wrong. It’s not your fault, computers think differently than we do. And in most cases, the compiler fixes your mistake for you. But it’s been a long day of talking about Alpine governance, so I thought I would have some fun.

Why apk-tools is different than other package managers

Apr 25, 2021
Alpine as you may know uses the apk-tools package manager, which we built because pre-existing package managers did not meet the design requirements needed to build Alpine. But what makes it different, and why does that matter? apk add and apk del manipulate the desired state In traditional package managers like dnf and apt, requesting the installation or removal of packages causes those packages to be directly installed or removed, after a consistency check.

Building a security response team in Alpine

Apr 20, 2021
Starting this past month, thanks to the generous support of Google and the Linux Foundation, instead of working on the usual Alpine-related consulting work that I do, I’ve had the privilege of working on various initiatives in Alpine relating to security that we’ve needed to tackle for a long time. Some things are purely technical, others involve formulating policy, planning and recruiting volunteers to help with the security effort.

A tale of two envsubst implementations

Apr 15, 2021
Yesterday, Dermot Bradley brought up in IRC that gettext-tiny’s lack of an envsubst utility could be a potential problem, as many Alpine users use it to generate configuration from templates. So I decided to look into writing a replacement, as the tool did not seem that complex. That rewrite is now available on GitHub, and is already in Alpine testing for experimental use.

A Brief History of Configuration-Defined Image Builders

Apr 6, 2021
When you think of a configuration-defined image builder, most likely you think of Docker (which builds images for containers). But before Docker, there were several other projects, all of which came out of a vibrant community of Debian-using sysadmins looking for better ways to build VM and container images, which lead to a series of projects that built off each other to build something better.

Cryptocurrencies from 10000 feet: the good, the bad, and the fixes

Mar 30, 2021
I’ve followed cryptocurrency for a long time. The first concept I read about was Hashcash, which was a mechanism designed to reduce e-mail spam by acting as a sort of “stamp”. The proof of work concept introduced by Hashcash of course lead to Bitcoin, which lead to Ethereum and the other popular Proof of Work consensus blockchain-based cryptocurrency platforms out in the world today.