Previous: Mon 17 Feb 2025
Next: Mon 3 Mar 2025
§Babel: opam repository with pubgrub-opam
§A Debian/Alpine encoding in PubGrub, which I think should be much simpler than Opam
DONE Got the basics in pubgrub-debian
Here’s a solve of openssh-server:
(openssh-server, 1:7.9p1-10+deb10u2) -> (libssl1.1, >=1.1.1), (openssh-client, 1:7.9p1-10+deb10u2), (libc6, >=2.26), (libcom-err2, >=1.43.9), (procps, *), (lsb-base, >=4.1+Debian3), (libaudit1, >=1:2.2.1), (dpkg, >=1.9.0), (ucf, >=0.28), (libselinux1, >=1.32), (libgssapi-krb5-2, >=1.17), (libsystemd0, *), (debconf: >=0.5 | debconf-2.0: *, *), (libpam0g, >=0.99.7.1), (openssh-sftp-server, *), (libpam-runtime, >=0.76-14), (libpam-modules, >=0.72-9), (zlib1g, >=1:1.1.4), (adduser, >=3.9), (libkrb5-3, >=1.13~alpha1+dfsg), (libwrap0, >=7.6-4~) (libssl1.1, 1.1.1n-0+deb10u3) -> (libc6, >=2.25), (debconf: >=0.5 | debconf-2.0: *, *) (openssh-client, 1:7.9p1-10+deb10u2) -> (dpkg, >=1.7.0), (libselinux1, >=1.32), (libssl1.1, >=1.1.1), (libgssapi-krb5-2, >=1.17), (libc6, >=2.26), (libedit2, >=2.11-20080614-0), (passwd, *), (adduser, >=3.10), (zlib1g, >=1:1.1.4) (libc6, 2.28-10+deb10u1) -> (libgcc1, *) (libcom-err2, 1.44.5-1+deb10u3) -> (libc6, >=2.17) (procps, 2:3.3.15-2) -> (libtinfo6, >=6), (lsb-base, >=3.0-10), (libprocps7, >=2:3.3.15-1), (init-system-helpers, >=1.29~), (libc6, >=2.27), (libncurses6, >=6), (libncursesw6, >=6) (lsb-base, 10.2019051400) (libaudit1, 1:2.8.4-3) -> (libcap-ng0, >=0.7.9), (libaudit-common, >=1:2.8.4-3), (libc6, >=2.14) (dpkg, 1.19.8) -> (tar, >=1.28-1) (ucf, 3.0038+nmu1) -> (sensible-utils, *), (coreutils, >=5.91), (debconf, >=1.5.19) (libselinux1, 2.8-1+b1) -> (libpcre3, *), (libc6, >=2.14) (libgssapi-krb5-2, 1.17-3+deb10u4) -> (libkeyutils1, >=1.4), (libkrb5support0, >=1.15~beta1), (libkrb5-3, 1.17-3+deb10u4), (libc6, >=2.27), (libk5crypto3, >=1.16), (libcom-err2, >=1.43.9) (libsystemd0, 241-7~deb10u8) (debconf: >=0.5 | debconf-2.0: *, debconf) -> (debconf, >=0.5) (libpam0g, 1.3.1-5) -> (libc6, >=2.14), (debconf: >=0.5 | debconf-2.0: *, *), (libaudit1, >=1:2.2.1) (openssh-sftp-server, 1:7.9p1-10+deb10u2) -> (libc6, >=2.26), (openssh-client, 1:7.9p1-10+deb10u2) (libpam-runtime, 1.3.1-5) -> (debconf: >=0.5 | debconf-2.0: *, *), (debconf: >=1.5.19 | cdebconf: *, *), (libpam-modules, >=1.0.1-6) (libpam-modules, 1.3.1-5) (zlib1g, 1:1.2.11.dfsg-1+deb10u1) -> (libc6, >=2.14) (adduser, 3.118) -> (debconf: >=0.5 | debconf-2.0: *, *), (passwd, *) (libkrb5-3, 1.17-3+deb10u4) -> (libkeyutils1, >=1.5.9), (libssl1.1, >=1.1.0), (libkrb5support0, 1.17-3+deb10u4), (libc6, >=2.16), (libk5crypto3, >=1.15~beta1), (libcom-err2, >=1.43.9) (libwrap0, 7.6.q-28) -> (libc6, >=2.14) (libedit2, 3.1-20181209-1) -> (libtinfo6, >=6), (libc6, >=2.14), (libbsd0, >=0.0) (passwd, 1:4.5-1.1) -> (libselinux1, >=1.32), (libpam-modules, *), (libsemanage1, >=2.0.3), (libc6, >=2.14), (libpam0g, >=0.99.7.1), (libaudit1, >=1:2.2.1) (libgcc1, 1:8.3.0-6) -> (libc6, >=2.14), (gcc-8-base, 8.3.0-6) (libtinfo6, 6.1+20181013-2+deb10u2) -> (libc6, >=2.16) (libprocps7, 2:3.3.15-2) -> (libsystemd0, >=209), (libc6, >=2.14) (init-system-helpers, 1.56+nmu1) -> (perl-base, >=5.20.1-3) (libncurses6, 6.1+20181013-2+deb10u2) -> (libtinfo6, 6.1+20181013-2+deb10u2), (libc6, >=2.14) (libncursesw6, 6.1+20181013-2+deb10u2) -> (libtinfo6, 6.1+20181013-2+deb10u2), (libc6, >=2.14) (libcap-ng0, 0.7.9-2) -> (libc6, >=2.8) (libaudit-common, 1:2.8.4-3) (tar, 1.30+dfsg-6) (sensible-utils, 0.0.12) (coreutils, 8.30-3) (debconf, 1.5.71+deb10u1) (libpcre3, 2:8.39-12) -> (libc6, >=2.14) (libkeyutils1, 1.6-6) -> (libc6, >=2.14) (libkrb5support0, 1.17-3+deb10u4) -> (libc6, >=2.14), (libkeyutils1, >=1.4) (libk5crypto3, 1.17-3+deb10u4) -> (libc6, >=2.14), (libkrb5support0, >=1.16), (libkeyutils1, >=1.4) (debconf: >=1.5.19 | cdebconf: *, debconf) -> (debconf, >=1.5.19) (libbsd0, 0.9.1-2+deb10u1) -> (libc6, >=2.25) (libsemanage1, 2.8-2) -> (libselinux1, >=2.8), (libsepol1, >=2.8), (libsemanage-common, 2.8-2), (libc6, >=2.14), (libbz2-1.0, *), (libaudit1, >=1:2.2.1) (gcc-8-base, 8.3.0-6) (perl-base, 5.28.1-6+deb10u1) (libsepol1, 2.8-1) -> (libc6, >=2.14) (libsemanage-common, 2.8-2) (libbz2-1.0, 1.0.6-9.2~deb10u1) -> (libc6, >=2.4) Solution Set: (libssl1.1, 1.1.1n-0+deb10u3) (libaudit-common, 1:2.8.4-3) (libprocps7, 2:3.3.15-2) (init-system-helpers, 1.56+nmu1) (libc6, 2.28-10+deb10u1) (libedit2, 3.1-20181209-1) (libcom-err2, 1.44.5-1+deb10u3) (libgcc1, 1:8.3.0-6) (libkeyutils1, 1.6-6) (libsemanage-common, 2.8-2) (libncursesw6, 6.1+20181013-2+deb10u2) (openssh-server, 1:7.9p1-10+deb10u2) (libaudit1, 1:2.8.4-3) (dpkg, 1.19.8) (ucf, 3.0038+nmu1) (libgssapi-krb5-2, 1.17-3+deb10u4) (libsystemd0, 241-7~deb10u8) (libpam0g, 1.3.1-5) (libpam-modules, 1.3.1-5) (passwd, 1:4.5-1.1) (libbz2-1.0, 1.0.6-9.2~deb10u1) (sensible-utils, 0.0.12) (libkrb5support0, 1.17-3+deb10u4) (adduser, 3.118) (libkrb5-3, 1.17-3+deb10u4) (libwrap0, 7.6.q-28) (libncurses6, 6.1+20181013-2+deb10u2) (libpcre3, 2:8.39-12) (openssh-client, 1:7.9p1-10+deb10u2) (libbsd0, 0.9.1-2+deb10u1) (libsemanage1, 2.8-2) (perl-base, 5.28.1-6+deb10u1) (tar, 1.30+dfsg-6) (procps, 2:3.3.15-2) (coreutils, 8.30-3) (debconf, 1.5.71+deb10u1) (libcap-ng0, 0.7.9-2) (libk5crypto3, 1.17-3+deb10u4) (lsb-base, 10.2019051400) (zlib1g, 1:1.2.11.dfsg-1+deb10u1) (libselinux1, 2.8-1+b1) (gcc-8-base, 8.3.0-6) (libsepol1, 2.8-1) (openssh-sftp-server, 1:7.9p1-10+deb10u2) (libpam-runtime, 1.3.1-5) (libtinfo6, 6.1+20181013-2+deb10u2) Resolved Dependency Graph: (adduser, 3.118) -> (debconf, 1.5.71+deb10u1), (passwd, 1:4.5-1.1) (coreutils, 8.30-3) (debconf, 1.5.71+deb10u1) (dpkg, 1.19.8) -> (tar, 1.30+dfsg-6) (gcc-8-base, 8.3.0-6) (init-system-helpers, 1.56+nmu1) -> (perl-base, 5.28.1-6+deb10u1) (libaudit-common, 1:2.8.4-3) (libaudit1, 1:2.8.4-3) -> (libaudit-common, 1:2.8.4-3), (libc6, 2.28-10+deb10u1), (libcap-ng0, 0.7.9-2) (libbsd0, 0.9.1-2+deb10u1) -> (libc6, 2.28-10+deb10u1) (libbz2-1.0, 1.0.6-9.2~deb10u1) -> (libc6, 2.28-10+deb10u1) (libc6, 2.28-10+deb10u1) -> (libgcc1, 1:8.3.0-6) (libcap-ng0, 0.7.9-2) -> (libc6, 2.28-10+deb10u1) (libcom-err2, 1.44.5-1+deb10u3) -> (libc6, 2.28-10+deb10u1) (libedit2, 3.1-20181209-1) -> (libbsd0, 0.9.1-2+deb10u1), (libc6, 2.28-10+deb10u1), (libtinfo6, 6.1+20181013-2+deb10u2) (libgcc1, 1:8.3.0-6) -> (gcc-8-base, 8.3.0-6), (libc6, 2.28-10+deb10u1) (libgssapi-krb5-2, 1.17-3+deb10u4) -> (libc6, 2.28-10+deb10u1), (libcom-err2, 1.44.5-1+deb10u3), (libk5crypto3, 1.17-3+deb10u4), (libkeyutils1, 1.6-6), (libkrb5-3, 1.17-3+deb10u4), (libkrb5support0, 1.17-3+deb10u4) (libk5crypto3, 1.17-3+deb10u4) -> (libc6, 2.28-10+deb10u1), (libkeyutils1, 1.6-6), (libkrb5support0, 1.17-3+deb10u4) (libkeyutils1, 1.6-6) -> (libc6, 2.28-10+deb10u1) (libkrb5-3, 1.17-3+deb10u4) -> (libc6, 2.28-10+deb10u1), (libcom-err2, 1.44.5-1+deb10u3), (libk5crypto3, 1.17-3+deb10u4), (libkeyutils1, 1.6-6), (libkrb5support0, 1.17-3+deb10u4), (libssl1.1, 1.1.1n-0+deb10u3) (libkrb5support0, 1.17-3+deb10u4) -> (libc6, 2.28-10+deb10u1), (libkeyutils1, 1.6-6) (libncurses6, 6.1+20181013-2+deb10u2) -> (libc6, 2.28-10+deb10u1), (libtinfo6, 6.1+20181013-2+deb10u2) (libncursesw6, 6.1+20181013-2+deb10u2) -> (libc6, 2.28-10+deb10u1), (libtinfo6, 6.1+20181013-2+deb10u2) (libpam-modules, 1.3.1-5) (libpam-runtime, 1.3.1-5) -> (debconf, 1.5.71+deb10u1), (libpam-modules, 1.3.1-5) (libpam0g, 1.3.1-5) -> (debconf, 1.5.71+deb10u1), (libaudit1, 1:2.8.4-3), (libc6, 2.28-10+deb10u1) (libpcre3, 2:8.39-12) -> (libc6, 2.28-10+deb10u1) (libprocps7, 2:3.3.15-2) -> (libc6, 2.28-10+deb10u1), (libsystemd0, 241-7~deb10u8) (libselinux1, 2.8-1+b1) -> (libc6, 2.28-10+deb10u1), (libpcre3, 2:8.39-12) (libsemanage-common, 2.8-2) (libsemanage1, 2.8-2) -> (libaudit1, 1:2.8.4-3), (libbz2-1.0, 1.0.6-9.2~deb10u1), (libc6, 2.28-10+deb10u1), (libselinux1, 2.8-1+b1), (libsemanage-common, 2.8-2), (libsepol1, 2.8-1) (libsepol1, 2.8-1) -> (libc6, 2.28-10+deb10u1) (libssl1.1, 1.1.1n-0+deb10u3) -> (debconf, 1.5.71+deb10u1), (libc6, 2.28-10+deb10u1) (libsystemd0, 241-7~deb10u8) (libtinfo6, 6.1+20181013-2+deb10u2) -> (libc6, 2.28-10+deb10u1) (libwrap0, 7.6.q-28) -> (libc6, 2.28-10+deb10u1) (lsb-base, 10.2019051400) (openssh-client, 1:7.9p1-10+deb10u2) -> (adduser, 3.118), (dpkg, 1.19.8), (libc6, 2.28-10+deb10u1), (libedit2, 3.1-20181209-1), (libgssapi-krb5-2, 1.17-3+deb10u4), (libselinux1, 2.8-1+b1), (libssl1.1, 1.1.1n-0+deb10u3), (passwd, 1:4.5-1.1), (zlib1g, 1:1.2.11.dfsg-1+deb10u1) (openssh-server, 1:7.9p1-10+deb10u2) -> (adduser, 3.118), (debconf, 1.5.71+deb10u1), (dpkg, 1.19.8), (libaudit1, 1:2.8.4-3), (libc6, 2.28-10+deb10u1), (libcom-err2, 1.44.5-1+deb10u3), (libgssapi-krb5-2, 1.17-3+deb10u4), (libkrb5-3, 1.17-3+deb10u4), (libpam-modules, 1.3.1-5), (libpam-runtime, 1.3.1-5), (libpam0g, 1.3.1-5), (libselinux1, 2.8-1+b1), (libssl1.1, 1.1.1n-0+deb10u3), (libsystemd0, 241-7~deb10u8), (libwrap0, 7.6.q-28), (lsb-base, 10.2019051400), (openssh-client, 1:7.9p1-10+deb10u2), (openssh-sftp-server, 1:7.9p1-10+deb10u2), (procps, 2:3.3.15-2), (ucf, 3.0038+nmu1), (zlib1g, 1:1.2.11.dfsg-1+deb10u1) (openssh-sftp-server, 1:7.9p1-10+deb10u2) -> (libc6, 2.28-10+deb10u1), (openssh-client, 1:7.9p1-10+deb10u2) (passwd, 1:4.5-1.1) -> (libaudit1, 1:2.8.4-3), (libc6, 2.28-10+deb10u1), (libpam-modules, 1.3.1-5), (libpam0g, 1.3.1-5), (libselinux1, 2.8-1+b1), (libsemanage1, 2.8-2) (perl-base, 5.28.1-6+deb10u1) (procps, 2:3.3.15-2) -> (init-system-helpers, 1.56+nmu1), (libc6, 2.28-10+deb10u1), (libncurses6, 6.1+20181013-2+deb10u2), (libncursesw6, 6.1+20181013-2+deb10u2), (libprocps7, 2:3.3.15-2), (libtinfo6, 6.1+20181013-2+deb10u2), (lsb-base, 10.2019051400) (sensible-utils, 0.0.12) (tar, 1.30+dfsg-6) (ucf, 3.0038+nmu1) -> (coreutils, 8.30-3), (debconf, 1.5.71+deb10u1), (sensible-utils, 0.0.12) (zlib1g, 1:1.2.11.dfsg-1+deb10u1) -> (libc6, 2.28-10+deb10u1)TODO provides with virtual packages
TODO other fields including recommends, suggests, conflicts
TODO support solving architecture
currently we just ignore this field
TODO index repositories for each architecture
§TODO cross ecosystem resolutions between opam and debian
§TODO read up on answer set programming
https://pubgrub-rs-guide.pages.dev/internals/intro is a good starting point
§Teaching
§Supervision 3 of Robinson Computer Networking
Went over cyclic redundancy checks implemented in shift registers.
Showed a HTTPS request in wireshark
An unnamed student was perturbed that IP addresses and ports were publicly visible for all their traffic. While IPsec / VPNs can encrypt IP traffic, it isn’t necessarily a requirement (despite advertising claims).
Below I include selection of Cloudflare blog posts to explain why a VPN isn’t necessarily necessary to browse the Web privately and securely.
- DNS over HTTPS/TLS allows for encrypted DNS queries https://blog.cloudflare.com/dns-encryption-explained/
- unbinding IP address from host names https://blog.cloudflare.com/addressing-agility/ (can you see any downsides to this centralisation in big reverse proxies like Cloudflare?)
- encrypting the server name indicator (domain name) in the TLS handshake https://blog.cloudflare.com/encrypted-client-hello/
also of interest:
- how to cryptographically authenticate DNS query answers
https://blog.cloudflare.com/dnssec-done-right/
- why IP blocking is bad https://blog.cloudflare.com/consequences-of-ip-blocking/
- depreciating a certain DNS query time as without the TCP 3-way handshake it’s an attack vector for amplification attacks https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/