Skip to main content

Ralsina.Me — Roberto Alsina's website


In a whim, I checked out kde­bind­ings/d­cop­python from KDE's CVS.

I see the READ­ME: dcopy­thon is bro­ken

Then I said to my­self: maybe I can fix it. And you know what? It seems to be not bro­ken! :-)

At least for sim­ple da­ta type­s, that is.

dcop­python lets your python pro­gram be­come a DCOP serv­er or clien­t.

A DCOP serv­er is ca­pa­ble of be­ing con­trolled by KDE's kd­cop, and is a very sim­ple way to make your ap­pli­ca­tion ex­ter­nal­ly script­able.

A DCOP client is some­thing that con­tacts a DCOP server, so that means you can con­trol and script KDE ap­pli­ca­tions (or oth­er DCOP server­s) from python script­s.

The neat­est thing here is that this stuff does­n't re­quire Qt!

I in­tend to use it to make some of my apps ex­ter­nal­ly script­able with­out PyKDE.

Tarpitting works. Here's proof.

I have re­cent­ly en­abled tarpit­ting in one of my cus­tomer's mail server­s.

Tarpit­ting is adding a small de­lay af­ter each re­cip­i­ent (after a cer­tain num­ber of them). The idea is that a mes­sage with a few re­cip­i­ents goes fast, a mes­sage with many goes slow.

So, it should make spam­mers less ef­fi­cien­t.

Some mail ad­min­is­tra­tors say tarpit­ting does­n't work. That spam­mer­s, in­stead of send­ing a zil­lion mails over one con­nec­tion, send a few over each of a zil­lion con­nec­tion­s.

But a zil­lion con­nec­tions are more ex­pen­sive for the spam­mer! Or at least slow­er.

Well, I have proof that it does work. Sure, some­thing like a per-ip lim­it on con­cur­rent SMTP con­nec­tions is a good com­ple­men­t, but even naïve tarpit­ting, all by it­self, has a good ef­fec­t.

Since I en­abled it, peak mes­sage rate is down 60%, av­er­age is down 40%. Pret­ty good!

But a pic­ture is worth 1000 word­s...

Why isn't this in the kernel?

The nth mod­ule for ipt­a­bles.

This nifty gad­get lets you match the nth pack­et to a rule.

What for? Well, sup­pose you have two links, and have im­ple­ment­ed split ac­cess as per the LARTC

Ac­cord­ing to the same LARTC, you can im­ple­ment per-route load bal­anc­ing by cre­at­ing a mul­ti­path route.

That works well... as long as the traf­fic orig­i­nates on the fire­wall it­self (say, us­ing a Squid).

If the traf­fic comes from a SNATd sub­net, it break­s, be­cause you SNAT (or MASQ) it to one of your ex­ter­nal IP­s, and then it's rout­ed on­ly through that link, for ob­vi­ous rea­sons [1]

You can route based on orig­i­nal source IP, so you can tell half the box­es to go left, and the oth­er half to go right.

And then if the client box­es are used un­even­ly, your bal­anc­ing suck­s.

So, what's the so­lu­tion? Match ev­ery sec­ond state NEW pack­et over each link.

Since ipt­a­bles's MASQ or SNAT will make the state ES­TAB­LISHED,RE­LAT­ED pack­ets fol­low the lead­er, each con­nec­tion al­ter­na­tive­ly routes left or right.

While not 100% right (y­ou can be un­lucky and re­di­rect all long con­nec­tions on the same link), it is much bet­ter than the sim­ple al­ter­na­tives, and much sim­pler than the bet­ter al­ter­na­tives.

But hey, nth is on­ly on patchomat­ic. And Red Hat's (Fe­do­ra's) ker­nel makes patchomat­ic go nut­s.

So it's cus­tom-k­er­nel-­com­pil­ing time, and I hate do­ing that. Re­al­ly, this patch seems sim­ple. Why is it not in?

Accuracy in reporting

If it was­n´t so pa­thet­ic, it may be fun­nier.

A while ago, a glacier col­lapsed. This is a pe­ri­od­i­cal even­t, and a huge tourist at­trac­tion. Huge slabs of ice crash­ing down, and you can watch it from a safe dis­tance.


Now, here comes the re­port­ing.

The BBC:

A mas­sive pond builds up be­hind the wall of snow be­fore get­ting too heavy for the ice to hold and smash­ing down in­to the sea be­low.

Hm­m­m... well, that´s a lake. But what the heck, the ocean is on­ly a few hun­dred kilo­me­ters away. Over the An­des, cross­ing Chile.

WISTV (what­ev­er that is):

No one hurt when por­tion of Ar­gen­tinean glacier col­laps­es

Noone has ev­er been hurt by this. Ev­ery­one knew it was col­laps­ing, to be hurt you would have to get on a boat and cross a very very cold lake, too. And be the stu­pid­est man on earth, since there were huge chunks of ice fall­ing ev­ery few min­utes since two days ago.

Hel­l, there´s park rangers and it´s for­bid­den to ap­proach the glacier from the wa­ter!

Oh, and it´s not an ice shelf.

But any­way, if you want to see at least the video, it´s re­al­ly cool :-) It´s in this page, but I can´t link it: VIDEO

Contents © 2000-2024 Roberto Alsina