Attended the MirageOS retreat.
- Spoke to Hannes’ about the DNS library and he asked me to upstream a few things, and talked about my Capnp approach to updates and secondary-ing.
- Had some productive conversations with Jules which led to an Opam NixOS depext approach
- Paul-Elliot helped me make my DNS transport library a bit more idiomatically functional, which we presented.
- Created a gravity-body simulation with Emile using an as-of-yet released OCaml game engine, which we presented.
- Got some nice window manager and vim tips.
- Went for a hike in the Atlas mountains.
I also had some thoughts on offline operation of networked applications.
One of the attendees showed me a video calling application for use in a mesh network that identifies clients by an IP and optionally public key. This which made me realise that the problem of applications working locally offline is really a problem of name resolution, as well as the necessitating application architecture to support peer to peer interaction. Consider, if I send a message to sirref.org, it should be able to resolve to an address on a shared medium, like a local WiFi network, or even a point-to-point WiFi connection, Bluetooth, or other link layer protocol. This begs the question: where should the name resolution infrastructure sit? It could run on the local network, but that would require deployment of the network operator which is not feasible in a lot of circumstances. Instead, it could run distrusted in a local connection, like mDNS, but resolving a FQDN. And DNS-SD could work to discover potential peers. This broadcast resolution could even run out-of-band using, e.g., an audio chirp. This is actually the inverse of the Spatial Name System which use the DNS as network infrastructure and a register for connectivity options.
There is still the issue of security and trust. There are two possible ways I can see to address this: DNSSEC and TLS. DNSSEC could provide authenticated responses to queries, but you would still need to trust you have connected to the right devices. TLS certificates could provide this assuming you’ve connected to a device before and remember it. How to get a TLS certificate offline is another question that would require network infrastructure, e.g. a certificate authority in the local network.
This would also require everyone to have a domain. Maybe this is reasonable for people, an organisation can give them subdomains for free. But for shared devices we can give them a name based on their location (e.g., the SNS).