Building a security response team in Alpine

Apr 20, 2021
Starting this past month, thanks to the generous support of Google and the Linux Foundation, instead of working on the usual Alpine-related consulting work that I do, I’ve had the privilege of working on various initiatives in Alpine relating to security that we’ve needed to tackle for a long time. Some things are purely technical, others involve formulating policy, planning and recruiting volunteers to help with the security effort.

A tale of two envsubst implementations

Apr 15, 2021
Yesterday, Dermot Bradley brought up in IRC that gettext-tiny’s lack of an envsubst utility could be a potential problem, as many Alpine users use it to generate configuration from templates. So I decided to look into writing a replacement, as the tool did not seem that complex. That rewrite is now available on GitHub, and is already in Alpine testing for experimental use.

A Brief History of Configuration-Defined Image Builders

Apr 6, 2021
When you think of a configuration-defined image builder, most likely you think of Docker (which builds images for containers). But before Docker, there were several other projects, all of which came out of a vibrant community of Debian-using sysadmins looking for better ways to build VM and container images, which lead to a series of projects that built off each other to build something better.

Cryptocurrencies from 10000 feet: the good, the bad, and the fixes

Mar 30, 2021
I’ve followed cryptocurrency for a long time. The first concept I read about was Hashcash, which was a mechanism designed to reduce e-mail spam by acting as a sort of “stamp”. The proof of work concept introduced by Hashcash of course lead to Bitcoin, which lead to Ethereum and the other popular Proof of Work consensus blockchain-based cryptocurrency platforms out in the world today.

Let's build a new service manager for Alpine!

Mar 25, 2021
Update (April 27): Please visit Laurent’s website on this issue for a more detailed proposal. If you work at a company which has budget for this, please get in touch with him directly. As many of you already know, Alpine presently uses an fairly modified version of OpenRC as its service manager.

Why RMS should not be leading the free software movement

Mar 23, 2021
Earlier today, I was invited to sign the open letter calling for the FSF board to resign, which I did. To me, it was obvious to sign the letter, which on it’s own makes a compelling argument for why RMS should not be an executive director at FSF. But I believe there is an even more compelling reason.

NFTs: A Scam that Artists Should Avoid

Mar 21, 2021
Non-fungible tokens (NFTs) are the latest craze being pitched toward the artistic communities. But, they are ultimately a meaningless token which fails to accomplish any of the things artists are looking for in an NFT-based solution. Let me explain… So, What are NFTs? Non-fungible tokens are a form of smart contracts (program) which runs on a decentralized finance platform.

The End of a Short Era

Mar 21, 2021
Earlier this year, I started a project called Jejune and migrated my blog to it. For various reasons, I have decided to switch to WordPress instead. The main reason why is because WordPress has plugins which do everything I wanted Jejune to do, so using an already established platform provides more time for me to work on my more important projects.

Using OTP ASN.1 support with Elixir

Oct 21, 2019
The OTP ecosystem which grew out of Erlang has all sorts of useful applications included with it, such as support for encoding and decoding ASN.1 messages based on ASN.1 definition files. I recently began work on Cacophony, which is a programmable LDAP server implementation, intended to be embedded in the Pleroma platform as part of the authentication components.

Demystifying Bearer Capability URIs

Oct 11, 2019
Historically, there has been a practice of combining URIs with access tokens containing sufficient entropy to make them difficult to brute force. A few different techniques have been implemented to do this, but those techniques can be considered implementation specific. One of the earliest and most notable uses of this technique can be observed in the Second Life backend APIs.