Kernel Self Protection

grsecrurity have stopped releasing their unstable kernel patches, leaving a bit of a void if you want to add those layers of protection to your kernel.

Read More

Nix hackathon March 2017

Earlier this month Smarkets was being awesome and hosted our 2nd Nix hackathon. We had a fantasic crowd of smart people, and the Smarkets office was downright amazing. We had standing desks with extra monitors. The coffee was so thick that it was still strong in homeopathic doses. We even had smarties on tap.

Read More

systemd dynamic users

systemd 232 introduced a really cool feature that allows running as a dynamically allocated user with DynamicUser=yes.

Read More

Emulating closed type classes with closed type families

Haskell actually implements two languages: The value-level language, and a more limited type-level language that is evaluated at compile time. GHC’s support for type-level programming is quite powerful. This recent post e.g. shows how to do a type-level if amongst things.

Read More

seccomp filters for NGINX

Linux’ BPF based seccomp sandbox is a reasonably powerful way to stop processes from running arbitrary syscalls when owned (or by accident).

Read More

Writing HTML apps in Haskell - Part 2

In part 1 I described the basic two-process setup for accessing the DOM from within Haskell.

Read More

Writing HTML apps in Haskell - Part 1

Recently I wanted to to build a user interface in Haskell that runs on my Gnome desktop, not in the cloud (the audience gasps).

Read More

Running your own OpenVPN

I consider privacy as important but I am not a government-conspiracy nut. Even so, the passed Investigatory powers bill is extreme, and it should worry you. Political avenues have been exhausted. Legal challenges are unlikely to succeed unless lawyers can argue that the IPB is incompatible with fundamental human rights.

Read More

Purescript's c++ backend

Purescript describes itself like so:

Read More

IPython shells with nix, updated

I’ve written about IPython shells with Nix previously.

Read More