Get the latest version (called weekly) of Go:
Get Go: hg clone -u release https://go.googlecode.com/hg/ go Note the directory you have downloaded it to and set $GOROOT to it: export GOROOT=$PWD/go. Add the GOROOT bin directory to your path: PATH=$PATH:$GOROOT/bin
Update Go to the latest weekly: cd $GOROOT; hg pull; hg update weekly
Compile Go: cd $GOROOT/src ; ./all.bash
Install missing commands (gcc, sed, bison, etc.) if needed.
The latest Go is now installed.
When using dig to debug DNS/DNSSEC errors, you (I have the need, I’m assuming you have it too) often want to know:
Are the signatures in the message correct? Does the NSEC3 authenticated denial of existence proof look OK? (this is a work-in-progress) With dig this is next to impossible, because we humans can not validate RSA signatures, nor hash names for NSEC3 validation.
This is why I added a little feature to q, the query-tool found in godns.
(This is an English translation of this blog article over at sidnlabs.nl)
After the publication of the SIDN NSEC3 white paper we received feedback of a number of people. The most constructive feedback was from Karst Koymans of the University of Amsterdam. This, together with the other feedback has led to a version 2 of the white paper.
This version has the following differences with respect to version 1:
A number of corrections; The NSEC3 example now returns three NSEC3 records in stead of two; Two figures are added; Empty non-terminals are explained (a little).
(This is a English translation of this Dutch blog article)
By writing the NSEC3 whitepaper, we gained a lot of insight in how “authenticated denial of existence” works. But some new questions popped up:
Is NSEC3 the most efficient way to do (hashed) authenticated denial of existence? Are there ways to optimize the NSEC3 record that asserts or denies the wildcard? Can’t we use Opt-Out for unhashed names too? Answering these question led to the birth of NSEC4, which is documented in this internet draft.
This came up during a recent Pandoc discussion. The discussion was about outputting <sectN> section styling when creating DocBook XML. Currently Pandoc outputs nested <section>s.
I argued you could easily change between the two formats and <section> is more flexible, so just leave Pandoc as it is. But it allowed me to play with XSLT once more. With the following results.
Translate to sectN This XSLT translates <section> to <sectN> where N is 5.
Replying to @stonehead
als de buren het papier buiten hebben staan moet je het ook buiten zetten #simpel
Sat Dec 31 10:09:31 +0000 2011
Een leuke Hollandse traditie. Ik denk 2 doden \(in den haag natuurlijk\), stuk of 10 zwaar gewonden. En overal rellen #oudennieuw
Sat Dec 31 12:31:38 +0000 2011
Xslt, Go, Perl, Bash, C, Java #code2011
Sat Dec 31 14:03:56 +0000 2011
Twitter already over capacity??
Sat Dec 31 15:14:40 +0000 2011
I’ve tweaked my vim color scheme quite a bit and tried to keep the colors of gvim (which I use less often) in sync.
This keeping in sync hasn’t worked out, so I wrote this little script to convert the vim colors to the gvim ones:
Download the makegvim script, and use it like:
$ ./makegvim < ~/.vim/colors/<yourfile> > /tmp/x $ mv /tmp/x ~/.vim/colors/<yourfile> And now the colors of gvim should be identical to those of vim.
I’ve create a little tool (actually an XSLT file) that helps to write RFCs. Browsing my github repo I found two different forks. And browsing those forks, I saw some commits I wanted to have.
But how do you merge a commit from a forked git repository? Turns out it is not that difficult.
The commit I want has the hash 5a11e88ddbef4ce7513aae93bdcd377449f45efb.
The steps:
Create a remote branch:
git remote add hamnis https://github.
Replying to @geertjanweijman
Op google+ staat wat, maar ik moet het nog bij elkaar schrapen
Wed Nov 30 11:59:46 +0000 2011
I can’t help to feel sorry for people who are stuck with using windows as their desktop env. #SucksToBeYou
Wed Nov 30 13:40:44 +0000 2011
Replying to @zmooc
like prostitutes?
Wed Nov 30 13:59:21 +0000 2011
Replying to @tomhendr
Unity victims :-) #like
Wed Nov 30 14:08:22 +0000 2011
(This is an English translation of this blog article over at sidnlabs.nl)
In theory DNSSEC isn’t really that complicated, but in practice some parts can be pretty intimidating.
One such part is “Authenticated denial of existence”. In short this is communicating, with certainty, to a resolver that a name does not exist in the DNS.
The DNSSEC specification uses two records (and thus actually two different methods) for this purpose:
#RIPE63 observation: mac laptops: nerds, linux laptops: ubernerds \(I run linux :\) ), windows laptops: newcomers
Mon Oct 31 08:12:41 +0000 2011
Replying to @Linprotwit
Jep :-) Lekker aan het nerden, nu RPKI routing workshop
Mon Oct 31 08:34:38 +0000 2011
Replying to @bortzmeyer
#RPKI I find DNSSEC easier
Mon Oct 31 08:43:28 +0000 2011
RT @112nijmegen: We hebben inmiddels 904 volgers uit #Nijmegen en omstreken! :) Nog 96 volgers en dan verloten we een bioscoopbon!
This is an follow-up on this pandoc item in Dutch.
When writing RFC 4641 we directly wrote the XML. Needless to say is was kinda tedious even thought the XML of xml2rfc is very “light”.
Nowadays I’m a fan of the markdown syntax and especially the syntax as supported (created?) by Pandoc.
So for my next RFC (if ever!) I decided I wanted to use Pandoc. As xml2rfc uses XML I thought the easiest way would be to create docbook XML and transform that using XSLT.
In the xoria256m post, I introduced my xoria256 like color scheme. Again, inspired by solarized, I extended this to other applications. So now I use this in the following apps:
vim (see that previous post); mutt (idem); zsh; dircolors; git (a bit). zsh See this file to setup the colors. Then in my prompt I have stuff like:
PS1=$'${vcs_info_msg_0_}$FG[067]%(1j.$myjobs% $FX[reset].$FX[reset])$FG[179]%#$FX[reset] ' RPS1="$RPSL%$MAXMID<...<$mypath$RPSR$FG[239]$FX[bold]$__ZH$FX[reset]${vcs_info_msg_1_}" RPSR=$'$FX[reset]$FG[009]%(0?.$FG[reset]. $E)$FX[reset]' For zsh I have two files that make up my prompt:
I recently came across solarized. I started to use it immediately for vim and mutt, but after a few days the low contrast of the color scheme started to annoy me. Oh and btw, I’m red/green color blind.
I went searching and found “xoria256” a color scheme suited for 256 color terminal and a dark background. There is even a Ubuntu/Debian package for it: vim-scripts. Unlike solarized it doesn’t come with a custom palette, just use Tango in gnome-terminal (or whatever your favorite is).
Cacert kan de deuren ook wel sluiten. SSL certs zijn dood. Lang leve #dane
Wed Aug 31 07:05:29 +0000 2011
Wat!? Is DigiNotar gekraakt door het DataCrime virus? #1989 #datwarennogeenstijden
Wed Aug 31 07:08:52 +0000 2011
Replying to @hj8rs
even the ietf cannot handle ssl it seems. #fail #ssl #ietf
Wed Aug 31 07:18:40 +0000 2011
RT @DEVOPS_BORAT: If forget root password, not need of boot in single user mode.
Thanks to a patch from Thomas Kappler I can now offer two types of PDFs, one for A4 pages and one for E-readers, like the kindle.
The E-reader variant is suffixed with -kindle:
Learning Go for E-readers Learning Go A4 paper
In VIM you can use the command J to join to lines:
hello -> J -> hello goodday goodday Where the cursor is positioned somewhere on the ‘hello’ line.
But I often find myself wanting to use the opposite, I want ‘hello’ to be put after ‘goodday’. The cursor is now positioned on the ‘goodday’ line.
hello goodday -> K -> goodday hello The following mapping does that:
map K kddpkJ In words:
After several years I decided to use a different color scheme for VIM. Also I’m going for force myself to use VIM’s folding abilities and use make from within VIM.
For good measure I also want to use Omni-completion when writing Go code:
Btw, this screenshots also shows the solarized (dark) colorscheme.
Coloring Google for solarized. In my .vimrc:
let g:solarized_termcolors=256 colorscheme solarized Make from VIM Use :make inside the editor and jump through the errors with:
I added a shiny project page for the “Learning Go” book I’m writing.
Errata, new releases and other stuff will get a place there.
For good measure I even added a “Donate” button - we’ll see how to that plays out.
Online signing is cool, but slow. Caching queries in a reverse proxy is nice, but useless for something like NSD. But what if you want to do online signing in a fast way?
Enter: proxy chaining.
I already showed FunkenSign (example code is quite old though) and yesterday FunkenShield.
What if you combine the two? That gives the best of both worlds:
Online signing; Caching; And it adheres to the true Unix philosophy: do one thing, and do one thing well.
Have a slow nameserver and want to spice things up? How about a reverse DNS proxy? For lack of a cool name I chose the name FunkenShield. It’s (of course) in the early stages, but it works quite nicely already.
This is done with the framework of FunkenSturm. Which is part of GoDNS.
How it works: You place FunkenShield in front of your nameserver and it will cache the binary packets coming from your server in a local cache.
From 3000 to 27000+ qps http://www.miek.nl/blog/archives/2011/07/31/reverse_dns_proxy/index.html #Golang #DNS #ReverseProxy
Sun Jul 31 14:21:41 +0000 2011
Replying to @bketelsen
not sure what you mean...godns implements dns. So everything you can do with the dns you can access via godns \(if implemented\)
Sun Jul 31 14:56:40 +0000 2011
Replying to @bketelsen
that’s easy. But how do you take into account client caching? You can also use bind and dynamic updates.
Sun Jul 31 15:07:32 +0000 2011
[Personal note to self:]
I’m assuming LDAP en Kerberos completely setup and configured and working. You get your TGT after a kinit, etc. And then you want to utilize Kerberos to password-less login using ssh.
I have a client machine foton.atoom.net, from this machine you want to login to the server. The server is elektron.atoom.net.
On the client the command, hostname -f should return the fqdn of your host, in my case:
Very well written email message from Geoff Teale on the golang mailing list on programmers and progamming languages (thread).
To summarise a long presentation I gave to non-programmers:
There are 12 million programmers in the world The majority of those programmers are scarcely qualified Most technology decisions are made by a combination of following the crowd and a false understanding of risk. The high cost and failure rate in software development is no coincidence.
I’m finally back to coding Go DNS and making it work with the latest Go releases. Also the API has changed quite significantly since the last time I blogged about it.
So this I will detail key2ds which is small utility that queries a zone and print any DNSKEY records as DS records on the fly, to show the new API and some sample usage.
% ./key2ds sidn.nl sidn.nl. 0 IN DS 42033 8 1 343F74674D36C9B5BE2CEB2C401AC4EDEB2A05B2 sidn.
RT @danielaukes: Mag ik zeggen dat ik dat gentechvrijegemeente geneuzel in nijmegen grote onzin vind?
Thu Jun 30 07:15:33 +0000 2011
For those wanting/asking: I can not send out google+ invites
Thu Jun 30 08:05:45 +0000 2011
Learning Go \(http://miek\.nl/files/go/\) is book of the week at root.cz: http://www.root.cz/knihy/learning-go/ #nice :-)
Thu Jun 30 08:17:58 +0000 2011
Replying to @Emiel2punt0
Dank je
Thu Jun 30 08:23:36 +0000 2011
Replying to @hj8rs