Today I learned that, under certain circumstances, Docker and an IPsec VPN can conspire to make your life as a developer miserable, by eating outgoing HTTPS connections started from inside a container.
The first symptom that something is amiss is usually being unable to go past the “TLS Client Hello”
message during the handshake process, or having the connection stall shortly after that. For
curl from inside a container would just hang, even though it would work just fine
on the host machine itself.
The scenario is the following: I have a standard Ubuntu 16.04 machine with Docker and other tools coming straight from the official repository, quite boring. An L2TP over IPsec VPN connects me to the remote site with a split-tunneling configuration.
Said VPN is configured client-side with StrongSwan and
xl2tpd, two of the most evil pieces of
software. Especially the latter, which will often crash unless planets are aligned correctly as the
author wanted. At the other end of the VPN is a Meraki box that shuts itself down if you just so
happen to sneeze around it.
All network interfaces have an MTU of 1500, except for the L2TP tunnel that sits around 1400 since
x2ltpd/pppd duo configures the
ppp0 interface like that, for whatever reason.
Here’s what an imaginary packet would encounter if it had to travel from inside a container to a machine at the other end of the VPN tunnel (in reality it’s more complicated than that so, please, bear with me):
It appears that the issue stems from Docker’s use a bridge interface and the fact that Linux won’t generate the “Fragmentation Needed” ICMP message that would allow for Path MTU Discovery (PMTUD) to work when IP packets have the “Don’t Fragment” bit set (which should be typical for TCP streams). Now, I’m no network engineer so take my layman’s explanation with a grain of salt.
In my case the fix was simple: start the Docker daemon passing the
--mtu=1400 parameter. On Ubuntu
I only had to edit the value of the
DOCKER_OPTS variable present in
systemctl restart docker.
This time, I’d like to start with a comic, courtesy CommitStrip:
As part of my job I had the honour to work with many Web technologies and tools such as jQuery, Angular, Backbone, and React with Redux/Reflux, Babel, and TypeScript. Every time I ran away screaming, feeling the urge to bang my head on a wall, promising myself that I would never endure such pain ever again.
The problem with the “Web Applications” movement is that they are trying to force design and development paradigms typical of desktop applications onto a platform that was designed to render documents.
Whenever I see a desktop application built on top of Electron and HTML5 I cringe. I cringe because I see a thing that burns through my laptop’s battery and eats hundreds upon hundreds of megabytes of RAM and I know that the same thing could have been built with Qt and the result would have been more respectful of my system’s resources and would also have been better integrated with it.
Watching all this fuss come true lead me to the conclusion that “the Web” attracts a very specific kind of developer: the masochist.
They know that they are working with a bad platform. They spend their days trying to figure out why the Rube Goldberg machine built with Babel, Webpack, SASS and whatnot broke. They work sleepless nights to try to overcome very basic performance problems with their application.
They live a hellish life but, when they do manage to get everything working, they feel incredibly accomplished. The endorphin rush is so powerful that, just like a drug addict, they want more.
And the cycle repeats.
You know, programmers are a fun bunch. You recognize one because they can argue at length about subtleties of the Python language, know nothing about football, and wear thick glasses.
One of their favorite discussion topics is how to name things and how to write them in sacred text files that make the source code of their Next Big Thing.
So, knowing that a constant should be written
LIKE_THIS, is all the difference between a pleasant
code review session and one in which you really want to slap the reviewer in the face due to his
pedantry. Come on! We do real business here!
The Boring Ones
when you write all letters lowercase as if the shift key on your keyboard doesn’t exist. you are way too busy to care about punctuation and the readers. whatever, they’ll understand.
Only the first letter of the first word in a sentence is capitalized.
First character in every word is capitalized. Except when it’s not. Writers all over the world have since lost all faith in humanity to come up with universally accepted rules. They have since since switched to “start case”, in which all words have the first letter unconditionally capitalized.
THERE’S SOMETHING STUCK UNDER THE CAPS LOCK KEY. I’M NOT SHOUTING! HELP ME!!!1!
Who The Heck Came Up With These?
The following rules apply to the practice of writing compound words or phrases whilst avoiding whitespace separators. This is done to please compilers (since they use spaces to separate tokens) while still making stuff readable to humans.
Each word or abbreviations begins with a capital letter,
Just like a dromedary has one less hump than a camel, this style loses the first capital letter,
No wonder that Pythonistas all around the world
prefer_this_style. Ancient books say that this
term was coined by an envious Ruby programmer1 who suddenly realized he was missing all
the fun of coding with snakes crawling around a computer.
There’s even a study showing that snake case is easier to read than camel case. Take that, Java!
Screaming Snake Case
Like snake case, except this time you stomped on it and it’s
All lower case letters,
with-words-separated-by-hyphens. It’s common in Lisp and Lisp-derived
languages. Figuring out why it is called this way is left as an exercise for the reader.
Just like Kebab case, except this time each word is capitalized. Called this way because, after enough alcohol and sleep deprivation, words start resembling train carts strung together by dashes.
That’s it! Now move along, I’m sure you have better things to do.