https://diziet.dreamwidth.org/12934.html

Account name: [       ] Password [       ] [Log in]
(OpenID?) (Forgot it?) [ ] Remember Me
You're viewing [personal profile] diziet's journal
Create a Dreamwidth Account  Learn More
[                    ] [Interest        ] [Go]
Reload page in style:  site   light

diziet

  * Recent Entries
  * Archive
  * Reading
  * Tags
  * Memories
  * Profile

Hippotat (IP over HTTP) - first advertised release

Sep. 28th, 2022 09:08 pm
[personal profile] diziet

I have released version 1.0.0 of Hippotat, my IP-over-HTTP system. To
quote the README:

    You're in a cafe or a hotel, trying to use the provided wifi. But
    it's not working. You discover that port 80 and port 443 are
    open, but the wifi forbids all other traffic.

    Never mind, start up your hippotat client. Now you have
    connectivity. Your VPN and SSH and so on run over Hippotat. The
    result is not very efficient, but it does work.

Story

In early 2017 I was in a mountaintop cafeteria, hoping to do some
work on my laptop. (For Reasons I couldn't go skiing that day.) I
found that local wifi was badly broken: It had a severe port block. I
had to use my port 443 SSH server to get anywhere. My usual
arrangements punt everything over my VPN, which uses UDP of course,
and I had to bodge several things. Using a web browser directly only
the wifi worked normally, of course - otherwise the other guests
would have complained. This was not the first experience like this
I'd had, but this time I had nothing much else to do but fix it.

In a few furious hacking sessions, I wrote Hippotat, a tool for
making my traffic look enough like "ordinary web browsing" that it
gets through most stupid firewalls. That Python version of Hippotat
served me well for many years, despite being rather shonky, extremely
inefficient in CPU (and therefore battery) terms and not very
productised.

But recently things have started to go wrong. I was using Twisted
Python and there was what I think must be some kind of buffer
handling bug, which started happening when I upgraded the OS (getting
newer versions of Python and the Twisted libraries). The Hippotat
code, and the Twisted APIs, were quite convoluted, and I didn't fancy
debugging it.

So last year I rewrote it in Rust. The new Rust client did very well
against my existing servers. To my shame, I didn't get around to
releasing it.

However, more recently I upgraded the server hosts my Hippotat
daemons run on to recent Debian releases. They started to be affected
by the bug too, rendering my Rust client unuseable. I decided I had
to deploy the Rust server code.

This involved some packaging work. Having done that, it's time to
release it: Hippotat 1.0.0 is out.

The package build instructions are rather strange

My usual approach to releasing something like this would be to
provide a git repository containing a proper Debian source package. I
might also build binaries, using sbuild, and I would consider
actually uploading to Debian.

However, despite me taking a fairly conservative approach to adding
dependencies to Hippotat, still a couple of the (not very unusual)
Rust packages that Hippotat depends on are not in Debian. Last year I
considered tackling this head-on, but I got derailed by difficulties
with Rust packaging in Debian.

Furthermore, the version of the Rust compiler itself in Debian stable
is incapable of dealing with recent versions of very many upstream
Rust packages, because many packages' most recent versions now
require the 2021 Edition of Rust. Sadly, Rust's package manager,
cargo, has no mechanism for trying to choose dependency versions that
are actually compatible with the available compiler; efforts to solve
this problem have still not borne the needed fruit.

The result is that, in practice, currently Hippotat has to be built
with (a) a reasonably recent Rust toolchain such as found in Debian
unstable or obtained from Rust upstream; (b) dependencies obtained
from the upstream Rust repository.

At least things aren't completely terrible: Rustup itself, despite
its alarming install rune, has a pretty good story around integrity,
release key management and so on. And with the right build rune,
cargo will check not just the versions, but the precise content
hashes, of the dependencies to be obtained from crates.io, against
the information I provide in the Cargo.lock file. So at least when
you build it you can be sure that the dependencies you're getting are
the same ones I used myself when I built and tested Hippotat. And
there's only 147 of them (counting indirect dependencies too), so
what could possibly go wrong?

Sadly the resulting package build system cannot work with Debian's
best tool for doing clean and controlled builds, sbuild. Under the
circumstances, I don't feel I want to publish any binaries.

Tags:

  * computers,
  * hippotat,
  * rust

  * Previous Entry
  * Add Memory
  * Share This Entry
  * Next Entry

---------------------------------------------------------------------

  * Reply

---------------------------------------------------------------------

Profile

diziet

November 2022

S  M  T  W  T  F  S
      1  2  3  4  5
6  7  8  9  10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30        

Most Popular Tags

  * 3d printing - 3 uses
  * board games - 5 uses
  * chiark - 4 uses
  * chiark-utils - 1 use
  * computers - 43 uses
  * covid - 1 use
  * cycling - 1 use
  * debian - 5 uses
  * dgit - 1 use
  * diversity - 1 use
  * dkim-rotate - 1 use
  * engineering - 1 use
  * eudcc - 1 use
  * games - 1 use
  * git - 1 use
  * hippotat - 1 use
  * legal - 1 use
  * nailing-cargo - 2 uses
  * otter - 3 uses
  * outflank-mailman - 1 use
  * partial-borrow - 1 use
  * personal - 1 use
  * phone - 5 uses
  * politics - 3 uses
  * prefork-interp - 1 use
  * rust - 13 uses
  * rust-polyglot - 1 use
  * subdirmk - 2 uses
  * tor - 1 use
  * xen - 3 uses

Style Credit

  * Style: Basic for Transmogrified by Yvonne

Expand Cut Tags

No cut tags
Powered by Dreamwidth Studios
Top of page