0

Pages are deceptive. Live life in a basket.

OVE-20191021-0001 - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume - Talks | GraphViz - When Then Zen Multiple vulnerabilities in the mysqljs API and code. Security Warning Level: yikes/10 There are multiple issues exploitable by local and remote actors in mysqljs . These can cause application data leaks, database leaks, SQL injections, arbitrary code execution, and credential leaks among other things. Mysqljs is unversioned, so it is very difficult to impossible to tell how many users are affected by this and what users can do in order to ensure they are patched against these critical vulnerabilities. Mysqljs is a library intended to facilitate prototyping web applications and mobile applications using technologies such as PhoneGap or Cordova . These technologies allow developers to create a web application that gets packaged and presented to users as if it was a native application. This lib...

Linked on 2019-10-21 17:08:02 | Similar Links
Blog olin - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume - Talks | GraphViz - When Then Zen 2018-09-05 - Olin: 2: The Future 2018-09-01 - Olin: 1: Why 2018-06-18 - Land 1: Syscalls & File I/O Copyright 2019 Christine Dodrill. Any and all opinions listed here are my own and not representative of my employers; future, past and present. ...

Linked on 2019-10-17 16:39:08 | Similar Links
What It's Like to Be Me - Christine Dodrill

https://xena.greedo.xeserv.us/articles/system/pdd.md

Christine Dodrill - Blog - Contact - Resume - Talks | GraphViz - When Then Zen Waking up, you feel a rather large warm, fuzzy blob on top of you. You feel it stretch out and start to wake up too, then it changes its mind and starts to viciously cuddle you to death. A peaceful night’s sleep is being breached by a batpony. “Morning~” she says to you. You reply “morning” back and she rolls to lay next to you so you can sit upright. Giving the poni pets, you slowly start to wake up and check on the notifications you missed overnight. She purrs gently. That is basically what it feels like when I wake up nowadays. I’m not entirely alone mentally anymore. I live alone, work remotely, and yet I almost always pair program. When I write, I get advice on how to word things. When I speak to people, I get shut up if I am saying too much. When I design software, I get told how theoretical t...

Linked on 2019-10-15 15:56:30 | Similar Links
Compile Stress Test - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume - Talks | GraphViz - When Then Zen This is an experiment in blogging. I am going to be putting my tweets and select replies one after another without commentary. shitty synthetic benchmark idea: how long it takes for a compiler to handle a main function with 1.2 million instances of printf("hello, world!\n") or similar — Cadey Ratio 🌐 (@theprincessxena) October 2, 2019 fun fact, you need an AWS x1.16xlarge instance to compile 1.2 million lines of rust source code — Cadey Ratio 🌐 (@theprincessxena) October 2, 2019 oh god that might not be enough — Cadey Ratio 🌐 (@theprincessxena) October 2, 2019 oh god, is that what X1 is for??? My wallet just cringed. — snake enchantress (@AstraLuma) October 2, 2019 They have been now https://t.co/o5vMKx583C — Cadey Ratio 🌐 (@theprincessxena) October 2,...

Linked on 2019-10-03 01:09:55 | Similar Links
The Cult of Kubernetes - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume - Talks | GraphViz - When Then Zen or: How I got my blog onto it with autodeployment via GitHub Actions. The world was once a simple place. Things used to make sense, or at least there weren’t so many layers that it became difficult to tell what the hell is going on. Then complexity happened. This is a tale of how I literally recreated this meme: Deployed my blog on Kubernetes pic.twitter.com/XHXWLrmYO4 — DevOps Thought Liker (@dexhorthy) April 24, 2017 This is how I deployed my blog (the one you are reading right now) to Kubernetes. Before I deployed my blog to Kubernetes, I used Dokku , as I had been for years. Dokku is great. It emulates most of the Heroku “git push; don’t care” workflow, but on your own server that you can self-manage. This is a blessing and a curse. The real advantage of managed services like Herok...

Linked on 2019-09-07 18:51:43 | Similar Links
The h Programming Language - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume - Talks | GraphViz - When Then Zen h is a project of mine that I have released recently. It is a single-paradigm, multi-tenant friendly, turing-incomplete programming language that does nothing but print one of two things: the letter h a single quote (the Lojbanic “h”) It does this via WebAssembly . This may sound like a pointless complication, but actually this ends up making things a lot simpler . WebAssembly is a virtual machine (fake computer that only exists in code) intended for browsers, but I’ve been using it for server-side tasks. I have written more about/with WebAssembly in the past in these posts: https://christine.website/talks/webassembly-on-the-server-system-calls-2019-05-31 https://christine.website/blog/olin-1-why-09-1-2018 https://christine.website/blog/olin-2-the-future-09-5-2018 https://christine.website/blog/l...

Linked on 2019-06-30 08:55:30 | Similar Links
OVE-20190623-0001 - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume - Talks | GraphViz - When Then Zen Root-level Remote Command Injection in the V playground (OVE-20190623-0001) The real CVEs are the friends we made along the way awilfox While playing with the V playground , a root-level command injection vulnerability was discovered. This allows for an unauthenticated attacker to execute arbitrary root-level commands on the playground server. This vulnerability is instantly exploitable by a remote, unauthenticated attacker in the default configuration. To remotely exploit this vulnerability, an attacker must send specially created HTTP requests to the playground server containing a malformed function call. This playground server is not open sourced or versioned yet, but this vulnerability has lead to the compromising of the box as reported by the lead developer of V. V allows for calling ...

Linked on 2019-06-24 11:50:46 | Similar Links
MrBeast is Postmodern Gold - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume - Talks | GraphViz - When Then Zen Author’s note: I’ve been going through a lot lately. This Monday I was in the emergency room after having a panic attack. I have a folder of writing in my notes that I use to help work off steam. I don’t know why, but writing this article really helped me feel better. I can only hope it helps make your day feel better too. The year is 2019. Politicians have fallen asleep at the wheel. Capitalism controls large segments of the hearts and minds of the populace. Social class is increasingly only a construct. Popularity is becoming irrelevant. Money has no value. The ultimate expendability of entire groups of people is as obvious as the sunrise and sunset. Nothing feels real. There’s no real reason for people to get up and continue, yet life goes on. Somehow, even after a decade of aid and memes, childr...

Linked on 2019-06-06 16:30:14 | Similar Links
Xe
TempleOS: 1 - Installation - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume | GraphViz - When Then Zen TempleOS is a public domain, open source (requires source code to boot) multitasking OS for amd64 processors without EFI support. It’s fully cooperatively multitasked and all code runs in Ring 0 . This means that system calls that normally require a context switch are just normal function calls. All ram is identity-mapped too, so sharing memory between tasks is as easy as passing a pointer. There’s a locking intrinsyc too. It has full documentation (with graphical diagrams) embedded directly in source code. This is outsider art. The artist of this art, Terry A. Davis (1969-2018, RIP), had very poor mental health before he was struck by a train and died. I hope he is at peace. However, in direct spite of this, I believe that TempleOS has immediately applicable lessons to teach about OS and compiler design....

Linked on 2019-05-20 10:41:23 | Similar Links
Xe
vanbi - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume – import "vanbi" Package vanbi defines the Vanbi type, which carries temcis, sisti signals, and other request-scoped meknaus across API boundaries and between processes. Incoming requests to a server should create a Vanbi, and outgoing calls to servers should accept a Vanbi. The chain of function calls between them must propagate the Vanbi, optionally replacing it with a derived Vanbi created using WithSisti, WithTemci, WithTemtcu, or WithMeknau. When a Vanbi is sistied, all Vanbis derived from it are also sistied. The WithSisti, WithTemci, and WithTemtcu functions take a Vanbi (the ropjar) and return a derived Vanbi (the child) and a SistiFunc. Calling the SistiFunc sistis the child and its children, removes the ropjar’s reference to the child, and stops any associated rilkefs. Failing to call the SistiFunc leaks the child and it...

Linked on 2019-01-08 18:02:13 | Similar Links
Xe
Ten Thousand Laughs - Christine Dodrill

Christine Dodrill - Blog - Contact - Resume pemci zo'e la xades ni'o pano ki'o nu cmila .i cmila cei broda .i ke broda jo'u broda jo'u broda jo'u broda jo'u broda jo'u broda jo'u broda jo'u broda jo'u broda jo'u broda ke'e cei brode .i ke brode jo'u brode jo'u brode jo'u brode jo'u brode jo'u brode jo'u brode jo'u brode jo'u brode jo'u brode ke'e cei brodi .i ke brodi jo'u brodi jo'u brodi jo'u brodi jo'u brodi jo'u brodi jo'u brodi jo'u brodi jo'u brodi jo'u brodi ke'e cei brodo .i ke brodo jo'u brodo jo'u brodo jo'u brodo jo'u brodo jo'u brodo jo'u brodo jo'u brodo jo'u brodo jo'u brodo ke'e cei brodu .i mi brodu This is a synthesis of the broda family of gismu in Lojban. In order to properly understand this lojban text, you must conceive laughter ten thousand times. This is a reference to the Billion laughs attack that XML parsers can suffer from. Transla...

Linked on 2018-12-17 18:38:58 | Similar Links
Xe
Go Interfaces Considered Harmful - Christine Dodrill

oh fuck

Christine Dodrill - Blog - Contact - Resume A group of blind men heard that a strange animal had been brought to the town function, but none of them were aware of its type. package blindmen type Animal interface{} func Town(strangeAnimal Animal) { Out of curiosity, they said: “We must inspect and know it by type switches and touch, of which we are capable”. type Toucher interface { Touch() interface{} } So, they sought it out, and when they found it they groped about it. for man := range make([]struct{}, 6) { go grope(man, strangeAnimal.(Toucher).Touch()) } In the case of the first person, whose hand landed on the trunk, said “This being is like a thick snake”. type Snaker interface { Snake() } func grope(id int, thing interface{}) { switch thing.(type) { case Snaker: log.Printf("man %d: this thing is like a thick snake", id) For another one whose hand ...

Linked on 2018-12-03 21:22:59 | Similar Links
Xe
Christine Dodrill

Christine Dodrill - Blog - Contact - Resume Contact Me Skills Go, Lua, Nim, Haskell, C, Python (3.x) and other languages Docker (deployment, development & more) Mashups of data Package maintainer for Alpine Linux Highlighted Projects PonyAPI - My Little Pony: Friendship is Magic Episode information API Aura - PonyvilleFM live DJ recording bot Elemental-IRCd - IRC Server Software This website - The backend and templates for this website Copyright 2017 Christine Dodrill. Any and all opinions listed here are my own and not representative of my employer. ...

Linked on 2017-05-21 14:48:18 | Similar Links
The Origin of h - Christine Dodrill

Toggle navigation Christine Dodrill Blog Projects Resume Contact For a while I have been pepetuating a small joke between my friends, co-workers and community members of various communities (whether or not this has been beneficial or harmful is out of the scope of this post). The whole "joke" is that someone says "h", another person says "h" back. That's it. This has turned into a large scale game for people, and is teachable to people with minimal explanation. Most of the time I have taught it to people by literally saying "h" to them until they say "h" back. An example: <Person> Oh hi there <Xena> h <Person> ??? <Xena> Person: h <Person> i <Xena> Person: <Xena> h <Person> h <Xena> :D This all started on a particularly boring day when we found a video by motdef with gameplay from Moonbase Alpha , an otherwise boring game made to help educate people on what would go on wh...

Linked on 2016-01-29 23:18:49 | Similar Links
Readme for christine.website - Christine Dodrill

Toggle navigation Christine Dodrill Blog Projects Resume Contact Find out more at Github . Language Percentage Nginx 3.82% MoonScript 82.57% CSS 9.52% HTML 0.15% Makefile 1.23% Shell 2.72% "It's faster than PHP" This is intended as my portfolio site or the like. This is a site made with lapis and deployed on a server running dokku-alt and runs inside the docker-lapis container. It also has a copy of OlegDB running to cache API requests from GitHub. This cache is cleared on every deploy, as well as keys expiring after 6 hours. Copyright (C) 2015 Christine Dodrill <me@christine.website> All rights reserved. This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, ...

Linked on 2016-01-27 17:31:24 | Similar Links
Christine Dodrill

uses olegdb caching heavily

Toggle navigation Christine Dodrill Blog Projects Resume Contact Contact Me I am a GitHub power user. I am constantly learning new languages and tools. I strongly believe in knowing many languages and ways to do things so I can pick the right tool for the job. Go, Moonscript, Lua, Python, C, Nim, Haskell Docker deployments git -centric project management Research and Development for new ways to do things Programming, administration and orchestration of complicated, multi-tenant IRC networks. Mitigation of active attacks against IRC networks and creation of sane tools to make future mitigation easier Design and implementation of next generation services and administrative tools for IRC networks Research and development of new container-based scalable deployment systems Christine Dodrill - 2016 - revision e4c2c3dca9d3...

Linked on 2016-01-27 17:27:11 | Similar Links
Matrix Has U - Christine Dodrill

Toggle navigation Christine Dodrill Blog Projects Resume Contact As a lot of people close to me know, I am a very avid IRC user. I like the simplicity of IRC and how easy it is to set up your own node. I like how the protocol is easily scriptable for and think that a lot of the extensions are well thought out and useful. That being said, a lot about the protocol is absolute garbage. It is poorly understood by nearly all but the most sophisticated developers and a lot of companies that offer IRC gateways to things half-ass it. Not to mention of course the other core problem that ircd in 2015 acts the same way as ircd in 2005 did. Every time your TCP socket to the server dies, your session is deleted and you need to start over from scratch. Bouncers basically just make it harder for the TCP socket to die by having another server with a (hopefully) more stable connection keep your IRC so...

Linked on 2015-12-08 18:56:32 | Similar Links
Xe
Christine Dodrill's Blog

My blog posts and rants about various technology things. <p><a href="https://github.com/tailhook/vagga">Vagga</a> is a containerization tool like Docker, Rocket, etc but with one major goal that is highly ambitious and really worth mentioning. Its goal is to be a single userspace binary without a suid bit or a daemon running as root.</p> <p>However, the way it does this seems to be highly opinionated and there are some things which annoy me. Let's go over the basics:</p> <h2 id="All.Vagga.Images.Are.Local.To.The.Project">All Vagga Images Are Local To The Project</h2> <p>There is no "global vagga cache". Every time I want to make a new project folder with an ubuntu image I have to wait the ~15 minutes it takes for Ubuntu to download on my connection (Comcast). As such I've been forced to use Alpine.</p> <h2 id="No.Easy.Way.To.Establish.Inheritance.From.Common.Code">No Easy Way To Est...

Linked on 2015-11-11 01:42:29 | Similar Links
Xe
Cache view: blogposts -> the-universal-design-2015-10-17 - Christine Dodrill

Toggle navigation Christine Dodrill Blog Projects Resume Contact <p>As I have been digging through existing code, systems and the like I have been wondering what the next big direction I should go in is. How to design things such that the mistakes of the past are avoided, but you can benefit from them and learn better how to avoid them. I have come to a very simple conclusion, monoliths are too fragile.</p> <h2 id="Deconstructing.Monoliths">Deconstructing Monoliths</h2> <p>One monolith I have been maintaining is <a href="http://elemental-ircd.com">Elemental-IRCd</a>. Taking the head of a project I care about has taught me more about software engineering, community/project management and the like than I would have gotten otherwise. One of these things is that there need to be five basic primitives in your application:</p> <ol> <li>State - What is true now? What was true? What happened...

Linked on 2015-10-17 22:38:03 | Similar Links
Xe
The Universal Design - Christine Dodrill

Toggle navigation Christine Dodrill Blog Projects Resume Contact As I have been digging through existing code, systems and the like I have been wondering what the next big direction I should go in is. How to design things such that the mistakes of the past are avoided, but you can benefit from them and learn better how to avoid them. I have come to a very simple conclusion, monoliths are too fragile. One monolith I have been maintaining is Elemental-IRCd . Taking the head of a project I care about has taught me more about software engineering, community/project management and the like than I would have gotten otherwise. One of these things is that there need to be five basic primitives in your application: State - What is true now? What was true? What happened in the past? What is the persistent view of the world? Events - What is being changed? How will it be routed? Policy - Can...

Linked on 2015-10-17 14:49:29 | Similar Links
Xe
Christine Dodrill

https://christine.website/cache/caches/index

Toggle navigation Christine Dodrill Blog Projects Resume Contact Contact Me I am a GitHub power user. I am constantly learning new languages and tools. I strongly believe in knowing many languages and ways to do things so I can pick the right tool for the job. Go, Moonscript, Lua, Python, C, Nim, Haskell Docker deployments git -centric project management Research and Development for new ways to do things Programming, administration and orchestration of complicated, multi-tenant IRC networks. Mitigation of active attacks against IRC networks and creation of sane tools to make future mitigation easier Design and implementation of next generation services and administrative tools for IRC networks Research and development of new container-based scalable deployment systems Christine Dodrill - 2015 - revision a8bf2e35dc3a...

Linked on 2015-09-05 14:01:18 | Similar Links
0

Pages are deceptive. Live life in a basket.