Magic NAT Incantation

 

How many times am I going to get bit with this?

Rebuilt the system this weekend. In addition to the expected hassles of version upgrades, aging hardware and the peculiarities of my configuration there's always one or two things I forget that cause some unnecessary stress. But this one gets me every single time.

No matter what I did, I couldn't get NAT to work. The machines on the subnet were pingable, had happy network connections. But no outside internet. I could resolve domains using my local internal cacheing nameserver but could not reach those hosts.

I spent hours staring at the iptables file, starting and stopping the network, checking cables, rebooting machines on the subnet. No packets, no joy. Finally I'm sitting at a party on Saturday night, drinking some deadly home-made liqueur (started as vodka, involved lemons) when suddenly I have a flashback to more than ten years ago, sitting in an office trying to get NAT to work. A vision appeared in my mind and a blazing hand descended from heaven to write this message across the sky in burning letters:

echo 1 > /proc/sys/net/ipv4/ip_forward

No, I will never learn. The only hope is write as much stuff down as possible for next time. Or maybe I should just accept the fact that my faculties have deteriorated past the point of being a small-time linux admin. Can I still get an account at AOL?

 

The word you're looking for is "hubris."

 

Christopher Buckley's story about the death of his parents (NY Times Magazine, "Growing Up Buckley," April 26, 2009) was funny and sad but in the end it's just another account of the tragic lives of the rich and famous. It's better written than a typical tabloid piece but fundamentally there's nothing more interesting about this dysfunctional family than a million others. The audience appeal is in the juicy details. Was the service really held at St. Patrick's Cathedral? Where was the reception? Who was there? We want (more) names.

That's not the problem I have with the piece. I don't give a rat's ass whether they spent Christmas in the Caribbean or Atlantic City. The offensive part comes at the end, when we're treated to one more salacious, circulation-boosting detail concerning his father's involvement in Watergate and how deeply it troubled him. Hunt and Nixon were involved in serious crimes, crimes that precipitated a constitutional crisis. If true this story makes William F. Buckley an accessory. Ironic or no, the reference to Gethsemane turned my stomach. Are we supposed to see his father's silence as virtuous? To forgive him because he later became friends with one of the victims? Because he's rich and famous?

It's not hard to see a direct connection between the failure to prosecute Richard Nixon's crimes and our situation today, where the members of the same pundit class of which William Buckley was for many years a leading voice dismiss calls for prosecution of the Bush administration for public violations of domestic and international law (and generally shredding the constitution) on the grounds that it represents an "unworthy desire for vengeance." They reveal an unspoken but widely held belief that men and women of high stature, wealth and power are inherently noble and so above the law. The consequences for the rest of us are severe.

In case Christopher Buckley thinks this is all just petty class resentment, let me call this unspoken belief by another name: hubris. Maybe he'll take it more seriously if I say it in Greek.

 

An XBox, A Fried Router, and Girl Scout Cookies

About six months ago I bought a Linksys WRT54G to replace my DLink wireless router. The DLink was a horrible POS, with poor signal strength, inexplicably bad bandwidth and requiring power-supply reboots once every few days or so. It never learned to play nice with the iBook (Crappy network stack? I'd like you to meet broken hardware design...). So while walking down the aisle of Office Much one day I thought "Hey, I'll pick up a linksys and put Open WRT on it! Then I'll be a hero hardware hacker for real and I won't have to hear my sweethart cursing a frozen connection as she's trying to meet a publishing deadline anymore..."

Well, not suprisingly, it sat in the box on my desk for months. Turns out, the new ones are all Version 8 which has only 2MB of flash memory & replacing the firmware is problematic. Ugh. So last weekend I finally decided to give it a go with the original (shipped) software.

10 hours later, I had it working, sorta. It has something called "router" mode, but I was unable to get it to work anything like what I would have thought was a router. It was more like a wireless hub with encryption. But OK, it worked. I had the laptop, the SqueezeBox, the XP box and a linux box all on the subnet. Thought I was home free.

The XBox couldn't see it. No way. Reboot everything, move antennae, wave the bloody chicken. Nothing. My SSID was not on the list. I didn't even get the chance to struggle with the firewall, it just wasn't there.

Now, it's the Sunday before the Martin Luther King holiday. My 13-year-old has the next day off and is expecting his friends to come over to play on XBox live. He's getting worried. "Dad, the XBox connection is still down." With lightning-fast fingers he runs through the XBox menus and diagnostics, pointing out with eerie precision where the problem occurs, that the SSID is not appearing, etc. I've tried everything to no avail. I'm totally disgusted at having wasted half my weekend on this stupid project.

Finally, right about dinnertime I decide to give up. I have another NIC on the server, I can run both routers and dedicate the DLink (which I know worked) to the XBox. I plug the network cable and power supply in and a moment later... PWAF! Theres a loud popping sound and a curl of white smoke is coming from the DLink. I yank the cords and sure enough, I put a 12 volt supply into the 5 volt device. The stench of ozone and melting plastic wafts through the room. I grab the box and walk down the hall towards the front door thinking to toss it outside so at least we don't have to breathe whatever evil fumes are coming off it.

At that moment the doorbell rings. I open it, the smoldering router still in my hand and there stands the neighbor's 9-year-old daughter. "Would you like to buy some Girl Scout Cookies?"

Completely flustered, I answer somewhat irritatedly: "I'm sorry, but this is really not a good time."

Her lower lip trembles. "I'm... sorry..." she says and runs away.

Upstairs I can hear my own kid calling. "Dad, are you coming to dinner? And what's that smell?"

Later, as I explain to kidlet why XBox Live is still not working and it may be a few days I experience the final humiliation: he's all noble about it. "That's OK dad. I spend an awful lot of time on the XBox and you're right, I could read or do something else instead. And you've already spent a lot of time working on this. Just relax."

Now I am truly the World's Lamest Dad. My kid's taking care of me. I officially give up and go to dinner.

Days later (Wednesday, actually) I'm chatting with the network guru at work and tell him the story. He's puzzled, having an XBox himself, and goes off at lunch to do a bit of searching. That afternoon he comes back and shows me this link: http://nowpa2.bravehost.com. In short, Microsoft's wireless adapter for the XBox 360 does not support WPA2. The packaging and manual lie. I go home, knock the encryption down to WPA Personal and presto, up she comes.

All's well that ends well, I suppose. The only problem I have now is what to do with a case of Girl Scout Cookies. Oh, and I'd like my weekend back, please?

Testing Values Returned From ActiveRecord

Be really careful about testing values returned from the db by ActiveRecord. How you fetch it affects the data type. ActiveRecord typecasts the column values returned from the database... sometimes.

This bit me hard today:

If you get a model back from active record e.g. with a MyClazz.find() ActiveRecord::Base will read the dictionary tables and typecast the returned attribute to what you expect. If you use one of the connection class methods, it doesn't do this, it just returns everything as a string.
Comparisons to integer, for example, will FAIL.

Watch this:


# run the console

[chrisa@ibs-chrisa-ux1 lims_m4]$ script/console
Loading development environment (Rails 2.1.1)

# fetch an arbitrary slide

>> s = Slide.find(81247588)
=> #<slide id: 81247588,
slide_group_id: 81246827,
...>

# now, I'm expecting an integer for slide_group_id, so I test it with the == operator:

>> s.slide_group_id == 81246827
=> true

# how nice, principle of least astonishment and all...
# now let's get that same record using the Base.connection method:

>> hash = ActiveRecord::Base.connection.select_one("SELECT * FROM slides WHERE id = 81247588")
=> { "id"=>"81247588",
"slide_group_id"=>"81246827",
...}
>> sgi = hash['slide_group_id']
=> "81246827"

# Whoa. It's a string:

>> sgi == 81246827
=> false
>>