Yifei Sun

2025-08-05 · 884 words · 4 min read

We shouldn't worry about getting hacked - that's illegal.

Before you read on, here's my weird flex: I have 3 .arpa zones (1 .ip6.arpa and 2 .in-addr.arpa). These are typically delegated by RIRs to ISPs, but Im using them for various networking experiments. This site is served via anycast on my homemade CDN built on top of couple NixOS servers.

Since TLS certs for .arpa zones are generally not issued by public CAs, I configured Caddy to serve the site over plain HTTP. After following this guide, I managed to get Cloudflare to issue trusted certs ¹ on their end (tho I can't download them) and proxy traffic on top of my own CDN (AS10779 --(HTTP)--> AS13335 --(HTTPS)--> You).

I am a PhD student at INRIA DataMove Team under Olivier Richard and co-advised by Christian Perez (Avalon Team). I graduated from Northeastern University with MSCS where I had the fortune to be advised by Ji-Yong Shin at Systems Research Group. I visited Computing Software Group advised by Tomoharu Ugawa at University of Tokyo during the summer of 2024. I finished my undergrad at University of Utah under the guidance of Shad Roundy and co-advisor Tucker Hermans.

I'm generally interested in system and theory (CV), topics include:

Verifications on consistency semantical constraints in distributed systems.
Constructive type theory and mechanized proofs.
Reproducible (build) system in HPC environments.

My contact info is hidden within the source code of this site. Search for the platform you want to reach me on in all lowercase (e.g. github, linkedin, etc.). You can reach me directly with Matrix, Discord (use my GitHub username), or email (echo -n 'eXN1bkBoZXkuY29tCg==' | base64 --decode).

Weekend outing with labmates (Walden Pond)

I ride a Trek Fuel EX 5 for fun and commute, and I daily-drive a Framework Laptop 13 with NixOS and a 14-inch MacBook Pro on the go. I own and operate AS10779 (PeeringDB, looking glass) with two IP assignments from ARIN. I maintain about 150 packages and actively contribute to the Nix ecosystem. During my free time, I enjoy swimming, cycling, archery, and playing osu! (mostly mania and std with Wacom Intuos Pro). Streaming services? Apple Music all the way (playlist)!

You just have to go out and touch grass once in a while (Uji Shrine)

Cloudflare generously sponsors me an Enterprise plan under Project Alexandria. Go check it out if you have open source projects! But... I host a backup of this site on Fastly ysun.global.ssl.fastly.net ;)

Random recommendations (unordered):

Paid search engine Kagi, you control the ranking
NixOS for your next OS
Self-hostable code search engine Zoekt
Get an amateur radio license, my callsign is KC1VZR
Email over radio with Winlink + Pat
Tailscale, Headscale, or at least WireGuard
Kanidm for OAuth/OIDC and read-only LDAP
Learn OCaml with Dune
Write a toy language?
Learn how to mechanize proofs?
Static site generator Lume + Cloudflare Pages
Cobalt, yet another FFmpeg wrapper, but nice
Cloudflare's public RTR server for route filtering
Secure NTP (NTS) with ntpd-rs, and Cloudflare's NTS capable NTP server

Cloudflare Universal SSL will only work for .ip6.arpa zones. If you have .in-addr.arpa zones and want to get certs with Cloudflare, you need to enroll in Advanced Certificate Manager (paid feature) as .in-addr.arpa certs are not covered under Universal SSL.
↵