I’ve been talking about network address translation here for a while, including instructions on building your own NAT device with MirageOS. The library behind those posts, mirage-nat, went on to back talex5’s unikernel firewall for QubesOS, but was unreleased and essentially unmaintained between late 2015 and early 2017.
At the March 2017 MirageOS hack retreat in Marrakesh, talex5 convinced me to do some much-needed maintenance on this library. After having let it age between March and October, I was persuaded to release a version with the hippest latest build system last week.
I recently found myself needing to reset an iPhone 6 to its factory defaults. There is some useful stuff to have if you’re trying to do this:
- the passcode for the phone
- the AppleID with which the phone is associated
- an iTunes installation
- an Internet connection capable of downloading the iPhone software image in 15 minutes
It turns out the first two are optional given the last two, or at least a reasonable facsimile. If you don’t have the last one, you have to fake it. Here’s how I spent my first day of funemployment compensating for some Apple engineer failing to consider that it might be nice to download a file before you need to use it.
Crowbar is a tool that combines afl-persistent’s instrumentation with quickcheck-like property-based testing. afl-fuzz is a great tool for detecting crashes, but Crowbar helps us go a step farther and automatically discover inputs which cause our program to no longer have the properties we expect it to have.
For reasons that don’t need exploring at this juncture, I first thought to apply Crowbar to charrua-client, a library which implements the DHCP state machine from a client perspective.
MirageOS is a collection of libraries and a system for assembling them into unikernels. What happens if you want to make changes to those libraries and test them with a new unikernel?
Say, for example, I have a static website (like this blog) that I build in MirageOS. I want to make some changes to the TCP implementation against which the blog is built. In order to do that, I need to do all the following:
- figure out which module to change
- figure out which package provides that module
- get the source for that package and instruct the package manager to use it instead of the release
- make changes
- reinstall the package with your changes
- rebuild the unikernel completely
- see whether changes had the desired effect
Here’s a quick primer on how.
As a result of great encouragement from colleagues and friends, I gave a few talks in September.
Persistent Networking with Irmin and MirageOS, which I gave at the OCaml Workshop, is a talk on sticking a persistent database into various levels of the network stack. (It includes demonstrations from What a Distributed, Version-Controlled ARP Cache Gets You, as well as an Irmin-ified NAT device that I haven’t yet written up here.