Previous: 17 Feb 2025
Next: 3 Mar 2025
Babel: opam repository with pubgrub-opam
A Debian/Alpine encoding in PubGrub, which I think should be much simpler than Opam
X Got the basics in pubgrub-debian
Here’s a solve of openssh-server:
(openssh-server, 1:7.9p1-10+deb10u2) -> (libssl1.1, >=1.1.1), (openssh-client, 1:7.9p1-10+deb10u2), (libc6, >=2.26), (libcom-err2, >=1.43.9), (procps, *), (lsb-base, >=4.1+Debian3), (libaudit1, >=1:2.2.1), (dpkg, >=1.9.0), (ucf, >=0.28), (libselinux1, >=1.32), (libgssapi-krb5-2, >=1.17), (libsystemd0, *), (debconf: >=0.5 | debconf-2.0: *, *), (libpam0g, >=0.99.7.1), (openssh-sftp-server, *), (libpam-runtime, >=0.76-14), (libpam-modules, >=0.72-9), (zlib1g, >=1:1.1.4), (adduser, >=3.9), (libkrb5-3, >=1.13~alpha1+dfsg), (libwrap0, >=7.6-4~) (libssl1.1, 1.1.1n-0+deb10u3) -> (libc6, >=2.25), (debconf: >=0.5 | debconf-2.0: *, *) (openssh-client, 1:7.9p1-10+deb10u2) -> (dpkg, >=1.7.0), (libselinux1, >=1.32), (libssl1.1, >=1.1.1), (libgssapi-krb5-2, >=1.17), (libc6, >=2.26), (libedit2, >=2.11-20080614-0), (passwd, *), (adduser, >=3.10), (zlib1g, >=1:1.1.4) (libc6, 2.28-10+deb10u1) -> (libgcc1, *) (libcom-err2, 1.44.5-1+deb10u3) -> (libc6, >=2.17) (procps, 2:3.3.15-2) -> (libtinfo6, >=6), (lsb-base, >=3.0-10), (libprocps7, >=2:3.3.15-1), (init-system-helpers, >=1.29~), (libc6, >=2.27), (libncurses6, >=6), (libncursesw6, >=6) (lsb-base, 10.2019051400) (libaudit1, 1:2.8.4-3) -> (libcap-ng0, >=0.7.9), (libaudit-common, >=1:2.8.4-3), (libc6, >=2.14) (dpkg, 1.19.8) -> (tar, >=1.28-1) (ucf, 3.0038+nmu1) -> (sensible-utils, *), (coreutils, >=5.91), (debconf, >=1.5.19) (libselinux1, 2.8-1+b1) -> (libpcre3, *), (libc6, >=2.14) (libgssapi-krb5-2, 1.17-3+deb10u4) -> (libkeyutils1, >=1.4), (libkrb5support0, >=1.15~beta1), (libkrb5-3, 1.17-3+deb10u4), (libc6, >=2.27), (libk5crypto3, >=1.16), (libcom-err2, >=1.43.9) (libsystemd0, 241-7~deb10u8) (debconf: >=0.5 | debconf-2.0: *, debconf) -> (debconf, >=0.5) (libpam0g, 1.3.1-5) -> (libc6, >=2.14), (debconf: >=0.5 | debconf-2.0: *, *), (libaudit1, >=1:2.2.1) (openssh-sftp-server, 1:7.9p1-10+deb10u2) -> (libc6, >=2.26), (openssh-client, 1:7.9p1-10+deb10u2) (libpam-runtime, 1.3.1-5) -> (debconf: >=0.5 | debconf-2.0: *, *), (debconf: >=1.5.19 | cdebconf: *, *), (libpam-modules, >=1.0.1-6) (libpam-modules, 1.3.1-5) (zlib1g, 1:1.2.11.dfsg-1+deb10u1) -> (libc6, >=2.14) (adduser, 3.118) -> (debconf: >=0.5 | debconf-2.0: *, *), (passwd, *) (libkrb5-3, 1.17-3+deb10u4) -> (libkeyutils1, >=1.5.9), (libssl1.1, >=1.1.0), (libkrb5support0, 1.17-3+deb10u4), (libc6, >=2.16), (libk5crypto3, >=1.15~beta1), (libcom-err2, >=1.43.9) (libwrap0, 7.6.q-28) -> (libc6, >=2.14) (libedit2, 3.1-20181209-1) -> (libtinfo6, >=6), (libc6, >=2.14), (libbsd0, >=0.0) (passwd, 1:4.5-1.1) -> (libselinux1, >=1.32), (libpam-modules, *), (libsemanage1, >=2.0.3), (libc6, >=2.14), (libpam0g, >=0.99.7.1), (libaudit1, >=1:2.2.1) (libgcc1, 1:8.3.0-6) -> (libc6, >=2.14), (gcc-8-base, 8.3.0-6) (libtinfo6, 6.1+20181013-2+deb10u2) -> (libc6, >=2.16) (libprocps7, 2:3.3.15-2) -> (libsystemd0, >=209), (libc6, >=2.14) (init-system-helpers, 1.56+nmu1) -> (perl-base, >=5.20.1-3) (libncurses6, 6.1+20181013-2+deb10u2) -> (libtinfo6, 6.1+20181013-2+deb10u2), (libc6, >=2.14) (libncursesw6, 6.1+20181013-2+deb10u2) -> (libtinfo6, 6.1+20181013-2+deb10u2), (libc6, >=2.14) (libcap-ng0, 0.7.9-2) -> (libc6, >=2.8) (libaudit-common, 1:2.8.4-3) (tar, 1.30+dfsg-6) (sensible-utils, 0.0.12) (coreutils, 8.30-3) (debconf, 1.5.71+deb10u1) (libpcre3, 2:8.39-12) -> (libc6, >=2.14) (libkeyutils1, 1.6-6) -> (libc6, >=2.14) (libkrb5support0, 1.17-3+deb10u4) -> (libc6, >=2.14), (libkeyutils1, >=1.4) (libk5crypto3, 1.17-3+deb10u4) -> (libc6, >=2.14), (libkrb5support0, >=1.16), (libkeyutils1, >=1.4) (debconf: >=1.5.19 | cdebconf: *, debconf) -> (debconf, >=1.5.19) (libbsd0, 0.9.1-2+deb10u1) -> (libc6, >=2.25) (libsemanage1, 2.8-2) -> (libselinux1, >=2.8), (libsepol1, >=2.8), (libsemanage-common, 2.8-2), (libc6, >=2.14), (libbz2-1.0, *), (libaudit1, >=1:2.2.1) (gcc-8-base, 8.3.0-6) (perl-base, 5.28.1-6+deb10u1) (libsepol1, 2.8-1) -> (libc6, >=2.14) (libsemanage-common, 2.8-2) (libbz2-1.0, 1.0.6-9.2~deb10u1) -> (libc6, >=2.4) Solution Set: (libssl1.1, 1.1.1n-0+deb10u3) (libaudit-common, 1:2.8.4-3) (libprocps7, 2:3.3.15-2) (init-system-helpers, 1.56+nmu1) (libc6, 2.28-10+deb10u1) (libedit2, 3.1-20181209-1) (libcom-err2, 1.44.5-1+deb10u3) (libgcc1, 1:8.3.0-6) (libkeyutils1, 1.6-6) (libsemanage-common, 2.8-2) (libncursesw6, 6.1+20181013-2+deb10u2) (openssh-server, 1:7.9p1-10+deb10u2) (libaudit1, 1:2.8.4-3) (dpkg, 1.19.8) (ucf, 3.0038+nmu1) (libgssapi-krb5-2, 1.17-3+deb10u4) (libsystemd0, 241-7~deb10u8) (libpam0g, 1.3.1-5) (libpam-modules, 1.3.1-5) (passwd, 1:4.5-1.1) (libbz2-1.0, 1.0.6-9.2~deb10u1) (sensible-utils, 0.0.12) (libkrb5support0, 1.17-3+deb10u4) (adduser, 3.118) (libkrb5-3, 1.17-3+deb10u4) (libwrap0, 7.6.q-28) (libncurses6, 6.1+20181013-2+deb10u2) (libpcre3, 2:8.39-12) (openssh-client, 1:7.9p1-10+deb10u2) (libbsd0, 0.9.1-2+deb10u1) (libsemanage1, 2.8-2) (perl-base, 5.28.1-6+deb10u1) (tar, 1.30+dfsg-6) (procps, 2:3.3.15-2) (coreutils, 8.30-3) (debconf, 1.5.71+deb10u1) (libcap-ng0, 0.7.9-2) (libk5crypto3, 1.17-3+deb10u4) (lsb-base, 10.2019051400) (zlib1g, 1:1.2.11.dfsg-1+deb10u1) (libselinux1, 2.8-1+b1) (gcc-8-base, 8.3.0-6) (libsepol1, 2.8-1) (openssh-sftp-server, 1:7.9p1-10+deb10u2) (libpam-runtime, 1.3.1-5) (libtinfo6, 6.1+20181013-2+deb10u2) Resolved Dependency Graph: (adduser, 3.118) -> (debconf, 1.5.71+deb10u1), (passwd, 1:4.5-1.1) (coreutils, 8.30-3) (debconf, 1.5.71+deb10u1) (dpkg, 1.19.8) -> (tar, 1.30+dfsg-6) (gcc-8-base, 8.3.0-6) (init-system-helpers, 1.56+nmu1) -> (perl-base, 5.28.1-6+deb10u1) (libaudit-common, 1:2.8.4-3) (libaudit1, 1:2.8.4-3) -> (libaudit-common, 1:2.8.4-3), (libc6, 2.28-10+deb10u1), (libcap-ng0, 0.7.9-2) (libbsd0, 0.9.1-2+deb10u1) -> (libc6, 2.28-10+deb10u1) (libbz2-1.0, 1.0.6-9.2~deb10u1) -> (libc6, 2.28-10+deb10u1) (libc6, 2.28-10+deb10u1) -> (libgcc1, 1:8.3.0-6) (libcap-ng0, 0.7.9-2) -> (libc6, 2.28-10+deb10u1) (libcom-err2, 1.44.5-1+deb10u3) -> (libc6, 2.28-10+deb10u1) (libedit2, 3.1-20181209-1) -> (libbsd0, 0.9.1-2+deb10u1), (libc6, 2.28-10+deb10u1), (libtinfo6, 6.1+20181013-2+deb10u2) (libgcc1, 1:8.3.0-6) -> (gcc-8-base, 8.3.0-6), (libc6, 2.28-10+deb10u1) (libgssapi-krb5-2, 1.17-3+deb10u4) -> (libc6, 2.28-10+deb10u1), (libcom-err2, 1.44.5-1+deb10u3), (libk5crypto3, 1.17-3+deb10u4), (libkeyutils1, 1.6-6), (libkrb5-3, 1.17-3+deb10u4), (libkrb5support0, 1.17-3+deb10u4) (libk5crypto3, 1.17-3+deb10u4) -> (libc6, 2.28-10+deb10u1), (libkeyutils1, 1.6-6), (libkrb5support0, 1.17-3+deb10u4) (libkeyutils1, 1.6-6) -> (libc6, 2.28-10+deb10u1) (libkrb5-3, 1.17-3+deb10u4) -> (libc6, 2.28-10+deb10u1), (libcom-err2, 1.44.5-1+deb10u3), (libk5crypto3, 1.17-3+deb10u4), (libkeyutils1, 1.6-6), (libkrb5support0, 1.17-3+deb10u4), (libssl1.1, 1.1.1n-0+deb10u3) (libkrb5support0, 1.17-3+deb10u4) -> (libc6, 2.28-10+deb10u1), (libkeyutils1, 1.6-6) (libncurses6, 6.1+20181013-2+deb10u2) -> (libc6, 2.28-10+deb10u1), (libtinfo6, 6.1+20181013-2+deb10u2) (libncursesw6, 6.1+20181013-2+deb10u2) -> (libc6, 2.28-10+deb10u1), (libtinfo6, 6.1+20181013-2+deb10u2) (libpam-modules, 1.3.1-5) (libpam-runtime, 1.3.1-5) -> (debconf, 1.5.71+deb10u1), (libpam-modules, 1.3.1-5) (libpam0g, 1.3.1-5) -> (debconf, 1.5.71+deb10u1), (libaudit1, 1:2.8.4-3), (libc6, 2.28-10+deb10u1) (libpcre3, 2:8.39-12) -> (libc6, 2.28-10+deb10u1) (libprocps7, 2:3.3.15-2) -> (libc6, 2.28-10+deb10u1), (libsystemd0, 241-7~deb10u8) (libselinux1, 2.8-1+b1) -> (libc6, 2.28-10+deb10u1), (libpcre3, 2:8.39-12) (libsemanage-common, 2.8-2) (libsemanage1, 2.8-2) -> (libaudit1, 1:2.8.4-3), (libbz2-1.0, 1.0.6-9.2~deb10u1), (libc6, 2.28-10+deb10u1), (libselinux1, 2.8-1+b1), (libsemanage-common, 2.8-2), (libsepol1, 2.8-1) (libsepol1, 2.8-1) -> (libc6, 2.28-10+deb10u1) (libssl1.1, 1.1.1n-0+deb10u3) -> (debconf, 1.5.71+deb10u1), (libc6, 2.28-10+deb10u1) (libsystemd0, 241-7~deb10u8) (libtinfo6, 6.1+20181013-2+deb10u2) -> (libc6, 2.28-10+deb10u1) (libwrap0, 7.6.q-28) -> (libc6, 2.28-10+deb10u1) (lsb-base, 10.2019051400) (openssh-client, 1:7.9p1-10+deb10u2) -> (adduser, 3.118), (dpkg, 1.19.8), (libc6, 2.28-10+deb10u1), (libedit2, 3.1-20181209-1), (libgssapi-krb5-2, 1.17-3+deb10u4), (libselinux1, 2.8-1+b1), (libssl1.1, 1.1.1n-0+deb10u3), (passwd, 1:4.5-1.1), (zlib1g, 1:1.2.11.dfsg-1+deb10u1) (openssh-server, 1:7.9p1-10+deb10u2) -> (adduser, 3.118), (debconf, 1.5.71+deb10u1), (dpkg, 1.19.8), (libaudit1, 1:2.8.4-3), (libc6, 2.28-10+deb10u1), (libcom-err2, 1.44.5-1+deb10u3), (libgssapi-krb5-2, 1.17-3+deb10u4), (libkrb5-3, 1.17-3+deb10u4), (libpam-modules, 1.3.1-5), (libpam-runtime, 1.3.1-5), (libpam0g, 1.3.1-5), (libselinux1, 2.8-1+b1), (libssl1.1, 1.1.1n-0+deb10u3), (libsystemd0, 241-7~deb10u8), (libwrap0, 7.6.q-28), (lsb-base, 10.2019051400), (openssh-client, 1:7.9p1-10+deb10u2), (openssh-sftp-server, 1:7.9p1-10+deb10u2), (procps, 2:3.3.15-2), (ucf, 3.0038+nmu1), (zlib1g, 1:1.2.11.dfsg-1+deb10u1) (openssh-sftp-server, 1:7.9p1-10+deb10u2) -> (libc6, 2.28-10+deb10u1), (openssh-client, 1:7.9p1-10+deb10u2) (passwd, 1:4.5-1.1) -> (libaudit1, 1:2.8.4-3), (libc6, 2.28-10+deb10u1), (libpam-modules, 1.3.1-5), (libpam0g, 1.3.1-5), (libselinux1, 2.8-1+b1), (libsemanage1, 2.8-2) (perl-base, 5.28.1-6+deb10u1) (procps, 2:3.3.15-2) -> (init-system-helpers, 1.56+nmu1), (libc6, 2.28-10+deb10u1), (libncurses6, 6.1+20181013-2+deb10u2), (libncursesw6, 6.1+20181013-2+deb10u2), (libprocps7, 2:3.3.15-2), (libtinfo6, 6.1+20181013-2+deb10u2), (lsb-base, 10.2019051400) (sensible-utils, 0.0.12) (tar, 1.30+dfsg-6) (ucf, 3.0038+nmu1) -> (coreutils, 8.30-3), (debconf, 1.5.71+deb10u1), (sensible-utils, 0.0.12) (zlib1g, 1:1.2.11.dfsg-1+deb10u1) -> (libc6, 2.28-10+deb10u1)O provides with virtual packages
O other fields including recommends, suggests, conflicts
O support solving architecture
currently we just ignore this field
O index repositories for each architecture
O cross ecosystem resolutions between opam and debian
O read up on answer set programming
https://pubgrub-rs-guide.pages.dev/internals/intro is a good starting point
Teaching
Supervision 3 of Robinson Computer Networking
Went over cyclic redundancy checks implemented in shift registers.
Showed a HTTPS request in wireshark
An unnamed student was perturbed that IP addresses and ports were publicly visible for all their traffic. While IPsec / VPNs can encrypt IP traffic, it isn’t necessarily a requirement (despite advertising claims).
Below I include selection of Cloudflare blog posts to explain why a VPN isn’t necessarily necessary to browse the Web privately and securely.
- DNS over HTTPS/TLS allows for encrypted DNS queries https://blog.cloudflare.com/dns-encryption-explained/
- unbinding IP address from host names https://blog.cloudflare.com/addressing-agility/ (can you see any downsides to this centralisation in big reverse proxies like Cloudflare?)
- encrypting the server name indicator (domain name) in the TLS handshake https://blog.cloudflare.com/encrypted-client-hello/
also of interest:
- how to cryptographically authenticate DNS query answers
https://blog.cloudflare.com/dnssec-done-right/
- why IP blocking is bad https://blog.cloudflare.com/consequences-of-ip-blocking/
- depreciating a certain DNS query time as without the TCP 3-way handshake it’s an attack vector for amplification attacks https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/