Lorenzo Villani

(╯°□°)╯︵ ┻━┻

Docker, IPsec, and mysterious HTTPS failures

Feb 19, 2017

Today I learned that, under certain circumstances, Docker and an IPsec VPN can conspire to make your life as a developer miserable, by eating outgoing HTTPS connections started from inside a container.

The first symptom that something is amiss is usually being unable to go past the “TLS Client Hello” message during the handshake process, or having the connection stall shortly after that. For example, running curl from inside a container would just hang, even though it would work just fine on the host machine itself.

The scenario is the following: I have a standard Ubuntu 16.04 machine with Docker and other tools coming straight from the official repository, quite boring. An L2TP over IPsec VPN connects me to the remote site with a split-tunneling configuration.

Said VPN is configured client-side with StrongSwan and xl2tpd, two of the most evil pieces of software. Especially the latter, which will often crash unless planets are aligned correctly as the author wanted. At the other end of the VPN is a Meraki box that shuts itself down if you just so happen to sneeze around it.

All network interfaces have an MTU of 1500, except for the L2TP tunnel that sits around 1400 since the funny x2ltpd/pppd duo configures the ppp0 interface like that, for whatever reason.

Here’s what an imaginary packet would encounter if it had to travel from inside a container to a machine at the other end of the VPN tunnel (in reality it’s more complicated than that so, please, bear with me):

Network Diagram

It seems that there are several issues with the way Docker does its networking on Linux and the way Linux itself handles bridge interfaces.

It appears that the issue stems from Docker’s use a bridge interface and the fact that Linux won’t generate the “Fragmentation Needed” ICMP message that would allow for Path MTU Discovery (PMTUD) to work when IP packets have the “Don’t Fragment” bit set (which should be typical for TCP streams). Now, I’m no network engineer so take my layman’s explanation with a grain of salt.

In my case the fix was simple: start the Docker daemon passing the --mtu=1400 parameter. On Ubuntu I only had to edit the value of the DOCKER_OPTS variable present in /etc/default/docker and issue a systemctl restart docker.

Are web developers (secretly) drug addicts?

Dec 15, 2016

This time, I’d like to start with a comic, courtesy CommitStrip:

A story about Full-Stack Javascript

As part of my job I had the honour to work with many Web technologies and tools such as jQuery, Angular, Backbone, and React with Redux/Reflux, Babel, and TypeScript. Every time I ran away screaming, feeling the urge to bang my head on a wall, promising myself that I would never endure such pain ever again.

The problem with the “Web Applications” movement is that they are trying to force design and development paradigms typical of desktop applications onto a platform that was designed to render documents.

HTML and CSS are, essentially, elements of a glorified typesetting system. The fact that you can hack together something interactive with a bit of JavaScript is just that: an hack. A huge pile of hacks strung together with duct tape. Mostly written by clueless developers.

Whenever I see a desktop application built on top of Electron and HTML5 I cringe. I cringe because I see a thing that burns through my laptop’s battery and eats hundreds upon hundreds of megabytes of RAM and I know that the same thing could have been built with Qt and the result would have been more respectful of my system’s resources and would also have been better integrated with it.

I also cringe at the incredible churn rate with the development toolchain: libraries and tools seem to become obsolete in just few months. A ton of money is wasted every year trying to make JavaScript fast and rewriting stuff just to use the new best-of-breed library du jour.

A moment of nostalgia...

Watching all this fuss come true lead me to the conclusion that “the Web” attracts a very specific kind of developer: the masochist.

They know that they are working with a bad platform. They spend their days trying to figure out why the Rube Goldberg machine built with Babel, Webpack, SASS and whatnot broke. They work sleepless nights to try to overcome very basic performance problems with their application.

They live a hellish life but, when they do manage to get everything working, they feel incredibly accomplished. The endorphin rush is so powerful that, just like a drug addict, they want more.

And the cycle repeats.

The Case For Cases

Feb 28, 2016

You know, programmers are a fun bunch. You recognize one because they can argue at length about subtleties of the Python language, know nothing about football, and wear thick glasses.

One of their favorite discussion topics is how to name things and how to write them in sacred text files that make the source code of their Next Big Thing.

So, knowing that a constant should be written LIKE_THIS, is all the difference between a pleasant code review session and one in which you really want to slap the reviewer in the face due to his pedantry. Come on! We do real business here!

The Boring Ones

Lower Case

when you write all letters lowercase as if the shift key on your keyboard doesn’t exist. you are way too busy to care about punctuation and the readers. whatever, they’ll understand.

Sentence Case

Only the first letter of the first word in a sentence is capitalized.

Title Case

First character in every word is capitalized. Except when it’s not. Writers all over the world have since lost all faith in humanity to come up with universally accepted rules. They have since since switched to “start case”, in which all words have the first letter unconditionally capitalized.

Upper Case

THERE’S SOMETHING STUCK UNDER THE CAPS LOCK KEY. I’M NOT SHOUTING! HELP ME!!!1!

Who The Heck Came Up With These?

The following rules apply to the practice of writing compound words or phrases whilst avoiding whitespace separators. This is done to please compilers (since they use spaces to separate tokens) while still making stuff readable to humans.

Camel Case

Each word or abbreviations begins with a capital letter, JustLikeThis.

Dromedary Case

Just like a dromedary has one less hump than a camel, this style loses the first capital letter, likeThis.

Snake Case

No wonder that Pythonistas all around the world prefer_this_style. Ancient books say that this term was coined by an envious Ruby programmer1 who suddenly realized he was missing all the fun of coding with snakes crawling around a computer.

There’s even a study showing that snake case is easier to read than camel case. Take that, Java!

Screaming Snake Case

Like snake case, except this time you stomped on it and it’s MAD_AT_YOU!.

Kebab Case

All lower case letters, with-words-separated-by-hyphens. It’s common in Lisp and Lisp-derived languages. Figuring out why it is called this way is left as an exercise for the reader.

Train Case

Just like Kebab case, except this time each word is capitalized. Called this way because, after enough alcohol and sleep deprivation, words start resembling train carts strung together by dashes.

Conclusion

That’s it! Now move along, I’m sure you have better things to do.