the body of a very slow loop
I was just digging around in the MSDN docs this morning when I noticed the following in the page footer:
Creative Commons Attribution - Non Commercial 2.5 License
Is this a new development? How could I have missed this?
Here’s the license itself and also a random C standard library function (scroll to the very bottom to see the CC notice).
My awesome ISP has given me a /29 block of IP addresses. Yesterday, I decided to try SNAT’ing out all of them. My first attempt:
iptables -t nat -A POSTROUTING -o $EXT_PPPOE -j SNAT --to-source 1.2.3.17-1.2.3.22
According to the docs, netfilter should round-robin through the 6 addresses. I visited a few of those “What’s my IP address?” web sites and got a few different answers. So far, so good.
After a few hours, however, it became obvious that something was wrong. Apparently the round-robin is done per-connection, and thus it can break any protocol which expects multiple connections from a single host to have a single IP.
(For instance, I couldn’t connect to AIM reliably. Turns out that, in order to connect to AIM you must make two connections. First to an authorization server where you then receive a token for use on the 2nd connection. The token seems only to be good for a certain IP address. So 1/6th of the time I would get lucky, draw the same IP twice, and AIM would connect. Otherwise, no dice.)
Thanks to the helpful fellas on irc.freenode.net #netfilter, I learned about the SAME target:
…the SAME target will try to always use the same outgoing IP address for all connections initiated by a single host on your network.
Now that sounds perfect. So I made the following change:
iptables -t nat -A POSTROUTING -o $EXT_PPPOE -j SAME --to 1.2.3.17-1.2.3.22 --nodst
Now everything works great. Visiting one of the “What’s my IP” sites gives different answers from different hosts, but always the same answer for a specific host. Sweet!
Update 4/17/2008:
Looks like the SAME target is obsolete and removed from kernel 2.6.25. I guess the SNAT target does what I want now. I’ll find out for sure when the gaping security hole is discovered and I’m forced to upgrade my kernel, heh.
The magic smoke came out of my MacBook’s power connector about 10 minutes ago. I’m surprised it broke so quickly. I just got my Mac in November.
Apparently, this happens to a lot of people. Take a look at the comments at the Apple Store.
Update: Just got back from the Bellevue Apple Store where I got a free replacement. Apparently this is covered under AppleCare so long as the damage is from normal use. In other words: if your gerbil gnaws through your cable, you’re on your own.
Please excuse me while I toot my own horn. Take a look at this:
C:\latency >run
latency
imul : 57 - 53 = 4
lea shl : 56 - 53 = 3
just lea: 55 - 53 = 2
just shl: 54 - 53 = 1
That’s right, bitches, I am dynamically measuring the latency of a single x86 instruction — accurate down to one cycle! That’s ~380 picoseconds on my hardware.
This is really hard (impossible?) to do without a serializing read time-stamp counter instruction.
Compiler writers and assembly coders have long bemoaned the fact that x86 has no CMOVcc store. Additionally, many are shocked to learn that a CMOVcc load always reads memory. Consider the following situation:
int x = (p == NULL) ? 0 : p->v;
You’d like to generate this code, but it will crash when p is null:
cmp rax, 0
cmovne rcx, [rax+foo_offset]
I just discovered this comp.arch posting, where Andy Glew explains how this all came to be.
Here’s a good slide deck from Microsoft Research (powerpoint): P versus NP
(Thanks to Weimin)
My Airport Expresses have merely whet my appetite — now I want to stream music to and from everything in my house. Apparently, I’m not the only one. Here’s a cool thread over at CocoaDev with a bunch more info.
“Good Evening. We are Rage Against the Machine from Los Angeles California.”
You Tube Query: Coachella 2007 Rage
Latest Comments
RSS