tim | Reading

I’ve been a Karine Polwart fan for decades, which led me to her recent collaboration with Julie Fowlis and Mary Chapin Carpenter. "Looking for the Thread" mixes Scots Gaelic and US country and a little bit of rock’n’roll.

I was moved by this farewell from the POV of a dying satellite—can you tell me if this matches an actual satellite that circled our planet?

( Stream here on YouTube )

Or on SoundCloud or on Spotify.

( Lyrics in the cut )

mjg59

I'm lucky enough to have a weird niche ISP available to me, so I'm paying $35 a month for around 600MBit symmetric data. Unfortunately they don't offer static IP addresses to residential customers, and nor do they allow multiple IP addresses per connection, and I'm the sort of person who'd like to run a bunch of stuff myself, so I've been looking for ways to manage this.

What I've ended up doing is renting a cheap VPS from a vendor that lets me add multiple IP addresses for minimal extra cost. The precise nature of the VPS isn't relevant - you just want a machine (it doesn't need much CPU, RAM, or storage) that has multiple world routeable IPv4 addresses associated with it and has no port blocks on incoming traffic. Ideally it's geographically local and peers with your ISP in order to reduce additional latency, but that's a nice to have rather than a requirement.

By setting that up you now have multiple real-world IP addresses that people can get to. How do we get them to the machine in your house you want to be accessible? First we need a connection between that machine and your VPS, and the easiest approach here is Wireguard. We only need a point-to-point link, nothing routable, and none of the IP addresses involved need to have anything to do with any of the rest of your network. So, on your local machine you want something like:[Interface] PrivateKey = privkeyhere ListenPort = 51820 Address = localaddr/32 [Peer] Endpoint = VPS:51820 PublicKey = pubkeyhere AllowedIPs = VPS/0

And on your VPS, something like:[Interface] Address = vpswgaddr/32 SaveConfig = true ListenPort = 51820 PrivateKey = privkeyhere [Peer] PublicKey = pubkeyhere AllowedIPs = localaddr/32

The addresses here are (other than the VPS address) arbitrary - but they do need to be consistent, otherwise Wireguard is going to be unhappy and your packets will not have a fun time. Bring that interface up with wg-quick and make sure the devices can ping each other. Hurrah! That's the easy bit.

Now you want packets from the outside world to get to your internal machine. Let's say the external IP address you're going to use for that machine is 321.985.520.309 and the wireguard address of your local system is 867.420.696.005. On the VPS, you're going to want to do:

iptables -t nat -A PREROUTING -p tcp -d 321.985.520.309 -j DNAT --to-destination 867.420.696.005

Now, all incoming packets for 321.985.520.309 will be rewritten to head towards 867.420.696.005 instead (make sure you've set net.ipv4.ip_forward to 1 via sysctl!). Victory! Or is it? Well, no.

What we're doing here is rewriting the destination address of the packets so instead of heading to an address associated with the VPS, they're now going to head to your internal system over the Wireguard link. Which is then going to ignore them, because the AllowedIPs statement in the config only allows packets coming from your VPS, and these packets still have their original source IP. We could rewrite the source IP to match the VPS IP, but then you'd have no idea where any of these packets were coming from, and that sucks. Let's do something better. On the local machine, in the peer, let's update AllowedIps to 0.0.0.0/0 to permit packets form any source to appear over our Wireguard link. But if we bring the interface up now, it'll try to route all traffic over the Wireguard link, which isn't what we want. So we'll add table = off to the interface stanza of the config to disable that, and now we can bring the interface up without breaking everything but still allowing packets to reach us. However, we do still need to tell the kernel how to reach the remote VPN endpoint, which we can do with ip route add vpswgaddr dev wg0. Add this to the interface stanza as:PostUp = ip route add vpswgaddr dev wg0 PreDown = ip route del vpswgaddr dev wg0

That's half the battle. The problem is that they're going to show up there with the source address still set to the original source IP, and your internal system is (because Linux) going to notice it has the ability to just send replies to the outside world via your ISP rather than via Wireguard and nothing is going to work. Thanks, Linux. Thinux.

But there's a way to solve this - policy routing. Linux allows you to have multiple separate routing tables, and define policy that controls which routing table will be used for a given packet. First, let's define a new table reference. On the local machine, edit /etc/iproute2/rt_tables and add a new entry that's something like:1 wireguard

where "1" is just a standin for a number not otherwise used there. Now edit your wireguard config and replace table=off with table=wireguard - Wireguard will now update the wireguard routing table rather than the global one. Now all we need to do is to tell the kernel to push packets into the appropriate routing table - we can do that with ip rule add from localaddr lookup wireguard, which tells the kernel to take any packet coming from our Wireguard address and push it via the Wireguard routing table. Add that to your Wireguard interface config as:PostUp = ip rule add from localaddr lookup wireguard PreDown = ip rule del from localaddr lookup wireguard
and now your local system is effectively on the internet.

You can do this for multiple systems - just configure additional Wireguard interfaces on the VPS and make sure they're all listening on different ports. If your local IP changes then your local machines will end up reconnecting to the VPS, but to the outside world their accessible IP address will remain the same. It's like having a real IP without the pain of convincing your ISP to give it to you.

syzygis

The swish of a skirt
The shine of my hair
The slinkiest string
All targets are fair.
-K Royka, 6/16/2025

redbird

This year, they're giving away tote bags when people come in to get the printed bingo card. I got email on Friday saying the bags had arrived, so I went back to the Honan-Allston branch library this afternoon.

The bags are just like last year's, except printed in green instead of blue. I like last year's bag--it's the right size for me, and reasonably sturdy. I went to Lizzy's afterwards, bought pints, and put my insulated bag inside the library bag.

The prize for a bingo on the summer reading card is a sticker. I just printed a copy of the "more reading" bingo card, on which all the squares are for reading different kinds of books, and am filling in squares on both cards. So far, I haven't read anything that works for both bingo cards.

graydon2

Elsewhere I've been asked about the task of replaying the bootstrap process for rust. I figured it would be fairly straightforward, if slow. But as we got into it, there were just enough tricky / non-obvious bits in the process that it's worth making some notes here for posterity.

UPDATE: someone has also scripted many of the subsequent snapshot builds covering many years of rust's post-bootstrap development. Consider the rest of this post just a verbose primer for interpreting their work.

context

Rust started its life as a compiler written in ocaml, called rustboot. This compiler did not use LLVM, it just emitted 32-bit i386 machine code in 3 object file formats (Linux PE, macOS Mach-O, and Windows PE).

We then wrote a second compiler in Rust called rustc that did use LLVM as its backend (and which, yes, is the genesis of today's rustc) and ran rustboot on rustc to produce a so-called "stage0 rustc". Then stage0 rustc was fed the sources of rustc again, producing a stage1 rustc. Successfully executing this stage0 -> stage1 step (rather than just crashing mid-compilation) is what we're going to call "bootstrapping". There's also a third step: running stage1 rustc on rustc's sources again to get a stage2 rustc and checking that it is bit-identical to the stage1 rustc. Successfully doing that we're going to call "fixpoint".

Shortly after we reached the fixpoint we discarded rustboot. We stored stage1 rustc binaries as snapshots on a shared download server and all subsequent rust builds were based on downloading and running that. Any time there was an incompatible language change made, we'd add support and re-snapshot the resulting stage1, gradually growing a long list of snapshots marking the progress of rust over time.

time travel and bit rot

Each snapshot can typically only compile rust code in the rust repository written between its birth and the next snapshot. This makes replaying the entire history awkward (see above). We're not going to do that here. This post is just about replaying the initial bootstrap and fixpoint, which happened back in April 2011, 14 years ago.

Unfortunately all the tools involved -- from the host OS and system libraries involved to compilers and compiler-components -- were and are moving targets. Everything bitrots. Some examples discovered along the way:

Modern clang and gcc won't compile the LLVM used back then (C++ has changed too much -- and I tried several CXXFLAGS=-std=c++NN variants!)
Modern gcc won't even compile the gcc used back then (apparently C as well!)
Modern ocaml won't compile rustboot (ditto)
14-year-old git won't even connect to modern github (ssh and ssl have changed too much)

debian

We're in a certain amount of luck though:

Debian has maintained both EOL'ed docker images and still-functioning fetchable package archives at the same URLs as 14 years ago. So we can time-travel using that. A VM image would also do, and if you have old install media you could presumably build one up again if you are patient.
It is easier to use i386 since that's all rustboot emitted. There's some indication in the Makefile of support for multilib-based builds from x86-64 (I honestly don't remember if my desktop was 64 bit at the time) but 32bit is much more straightforward.
So: docker pull --platform linux/386 debian/eol:squeeze gets you an environment that works.
You'll need to install rust's prerequisites also: g++, make, ocaml, ocaml-native-compilers, python.

rust

The next problem is figuring out the code to build. Not totally trivial but not too hard. The best resource for tracking this period of time in rust's history is actually the rust-dev mailing list archive. There's a copy online at mail-archive.com (and Brian keeps a public backup of the mbox file in case that goes away). Here's the announcement that we hit a fixpoint in April 2011. You kinda have to just know that's what to look for. So that's the rust commit to use: 6daf440037cb10baab332fde2b471712a3a42c76. This commit still exists in the rust-lang/rust repo, no problem getting it (besides having to copy it into the container since the container can't contact github, haha).

LLVM

Unfortunately we only started pinning LLVM to specific versions, using submodules, after bootstrap, closer to the initial "0.1 release". So we have to guess at the LLVM version to use. To add some difficulty: LLVM at the time was developed on subversion, and we were developing rust against a fork of a git mirror of their SVN. Fishing around in that repo at least finds a version that builds -- 45e1a53efd40a594fa8bb59aee75bb0984770d29, which is "the commit that exposed LLVMAddEarlyCSEPass", a symbol used in the rustc LLVM interface. I bootstrapped with that (brson/llvm) commit but subversion also numbers all commits, and they were preserved in the conversion to the modern LLVM repo, so you can see the same svn id 129087 as e4e4e3758097d7967fa6edf4ff878ba430f84f6e over in the official LLVM git repo, in case brson/llvm goes away in the future.

Configuring LLVM for this build is also a little bit subtle. The best bet is to actually read the rust 0.1 configure script -- when it was managing the LLVM build itself -- and work out what it would have done. But I have done that and can now save you the effort: ./configure --enable-targets=x86 --build=i686-unknown-linux-gnu --host=i686-unknown-linux-gnu --target=i686-unknown-linux-gnu --disable-docs --disable-jit --enable-bindings=none --disable-threads --disable-pthreads --enable-optimized

So: configure and build that, stick the resulting bin dir in your path, and configure and make rust, and you're good to go!

root@65b73ba6edcc:/src/rust# sha1sum stage*/rustc
639f3ab8351d839ede644b090dae90ec2245dfff  stage0/rustc
81e8f14fcf155e1946f4b7bf88cefc20dba32bb9  stage1/rustc
81e8f14fcf155e1946f4b7bf88cefc20dba32bb9  stage2/rustc

Observations

On my machine I get: 1m50s to build stage0, 3m40s to build stage1, 2m2s to build stage2. Also stage0/rustc is a 4.4mb binary whereas stage1/rustc and stage2/rustc are (identical) 13mb binaries.

While this is somewhat congruent with my recollections -- rustboot produced code faster, but its code ran slower -- the effect size is actually much less than I remember. I'd convinced myself retroactively that rustboot was produced abysmally worse code than rustc-with-LLVM. But out-of-the-gate LLVM only boosted performance by 2x (and cost of 3x the code size)! Of course I also have a faster machine now. At the time bootstrap cycles took about a half hour each (according to this: 15 minutes for the 2nd stage).

Of course you can still see this as a condemnation of the entire "super slow dynamic polymorphism" model of rust-at-the-time, either way. It may seem funny that this version of rustc bootstraps faster than today's rustc, but this "can barely bootstrap" version was a mere 25kloc. Today's rustc is 600kloc. It's really comparing apples to oranges.

solarbird

Farty McShitgibbon squirted out another racist authoritarian shart on Pravda Sotsialnaya late Sunday night, blowing off steam caused by his frustration at protests and over his shitty birthday parade. It’s a screed of lies about Democrats being sick in the head and not actually Americans, sending more waves of cops and military at us, and about cheering on mass deportations. Like y’do, if you’re a fascist fuckhead.

But let’s pay particular attention to this bit:

…I have directed my entire Administration to put every resource possible behind this effort, and reverse the tide of Mass Destruction Migration that has turned once Idyllic Towns into scenes of Third World Dystopia. Our Federal Government will continue to be focused on the REMIGRATION of Aliens to the places from where they came…

CAPS as in the original. Bold added.

Remigration pretends to be but is not actually a subtle word.

Remigration means ethnic purge. Ethnic cleansing, if you insist – but I hate that term, because there’s nothing cleansing about it. It’s an ethnic purge. It’s violent, it’s bloody, it’s repression, it’s expulsion at the point of a gun, based on your ethnicity.

Remigration means ancestry-based expulsions of people who aren’t white, for being not white, and not for any other reason. Just for being not white. Legal status means nothing; being a citizen means nothing. Not white? Get the fuck out, at gunpoint. That’s how it went during Operation W*tback; that’s how he wants it to go again, and now he’s just saying it.

This is not a question; this is not up for debate. If you feel like debating it with me, screw you you fascist-apologist fuck, and sit the fuck down. In this context – in any context outside academia – that’s what it means. Go read Wikipedia if you want the definition and history.

“Remigration” in this context absolutely and only means ethnic purge. All the leading haters in his administration – Miller, I’m looking in your direction – know damn well what it means. They used the word on purpose.

So I’m asking you not to discuss this shart of a statement without going directly to what REMIGRATION means. Do not let anyone lie and pretend it means something else, because that’s bullshit. Remigration is why they’re revoking every legal status they can; remigration is why they’re trying to end birthright citizenship; remigration means a violent ethnic purge.

And that’s what he’s told ICE – or more generally, “ICE, FBI, DEA, ATF, the Patriots at Pentagon and the State Department” – to make happen.

So. What do we do, in particular, right now?

First off, make sure people know what this word means.

Second – know any “good cops”? Like, relatives or something you might actually be able to reach? Show them the Wikipedia article about what “remigration” means, and only then show them Trump’s statement. Make sure they understand what Trump said, and make sure they know what they’re being asked to do. Make them understand, like… now.

Make sure they understand the criminal act they’re being asked to perform.

Because that is, absolutely, the ask, and “just following orders” … just won’t do.

Posted via Solarbird{y|z|yz}, Collected.

solarbird

I’ve got a post going up tomorrow (Monday) morning, but the word you need to understand right now is:

Remigration

If you don’t already know this word – or if you’re in certain areas of academia and think you do, but do not in any context outside academia – you need to know what this word means right now. And you need to make sure your friends know what it means.

Wikipedia will explain it to you.

More tomorrow.

Posted via Solarbird{y|z|yz}, Collected.

syzygis

I keep on thinking
"Today I'll just go to sleep."
And yet, here I am.
-K Royka, 6/15/2025

redbird

Adrian made strawberry pancakes, blueberry pancakes, and raspberry pancakes, partly because we have all these strawberries to use up, and partly so I could try cooked strawberries, after the fresh ones made my lips itch on Friday.

I ate a bite of a strawberry pancake, and found it bland and uninteresting. I didn't react to the berry, but it was one small piece of strawberry, and I don't know whether a larger amount would have been a problem.

I may yet try something like a strawberry sauce over cake or ice cream. Adrian noted that raw and cooked strawberries are almost different fruits, but it also seems possible that a strawberry sauce will taste more like raw berries than like strawberries baked into pancakes.

syzygis

Today was full of energy
As people came together
With joy in finding common ground
Of more than just the weather.
If in the morning, when you wake,
You find unreasoning sorrow,
Trust that your bright fellowship
Will still be there tomorrow.
-K Royka, 6/14/2025

redbird

The three of us went out to the No Kings Yaas Queens combined Pride/NoKings demonstration today, despite my worries about my various joints. Or, at least, that was the plan. It didn't work out, but my knees, hips, and ankles are OK.

We got to Park Street and the Common, and found other people who were looking for the same event, a stage where someone was introducing the next speaker?performer?, and some tables and tents, but no focus. We wound up walking to the side of the Common next to the Public Garden, where we found the parade, smaller than we'd expected but with enough of a crowd I couldn't see much. So we went home, pausing moderately often to rest my joints and watch another bit of parade, which seems to have been heading for Government Center as originally planned, not the Common as we thought.

I'm both glad I went, and disappointed that I didn't actually make it to the first protest or rally I've felt physically capable of in too long.

I will probably update this tomorrow, to note how my joints are feeling. This afternoon, they've felt good enough for some PT exercises.

solarbird

Seeing the usual In-Love-With-Failure and/or disruptors saying don’t take or post photos.

If you’re saying this: THERE IS MORE THAN ONE KIND OF PROTEST.

Don’t take photos at a direction action were laws may be violated, of course. But this isn’t that kind of protest. This is a LOUD AND VISIBLE protest, where showing massive numbers is the entire point, and having lots of sources posting massive numbers is more critical than ever.

A flood of sources is important, because the more A.I.-generated images are used to flood the zone, the more many sources of photographs matter. We have to out-flood their flood.

Now, if you are taking photos, don’t take close-ups without permission! That’s always true. But I advise that you DO take and post WIDE AREA PHOTOS which INCLUDE PEOPLE WHO COULD FIT IN AT A MAGA RALLY.

Middle-aged white men in particular.

MAGAts don’t give a shit until it’s them. If you see someone and think “yeah, they look like they could be someone at a Trump rally,” include them in the shot. That’s what they need to see.

You want to scare Trump, make it look like he’s losing “his people” to opposition rallies in your photographs.

No time to rewrite this better, I’m out the door. See you on the streets.

Posted via Solarbird{y|z|yz}, Collected.

solarbird

Today’s the day. It’s not too late to get out there. In Cascadia, most protests haven’t even started yet. If you can’t do the mornings, some protests start late – Lake Forest Park’s protest starts at 4:30 in the afternoon.

So find your local No Kings protest and show up. More different protests are better, not worse; one huge protest is easy to crack down upon; a dozen across the same area is impossible.

All protests right now are important, but today’s is particularly important.

Get out there. Go.

Posted via Solarbird{y|z|yz}, Collected.

firecat

My fave is the semicolon; however, I refuse to cede em-dashes or any other punctuation marks to ChatGPT.

These attacks on the em dash — a ChatGPT hyphen? How very dare you! — have in turn blazed across social media spaces populated by the kind of folks who will tell you, unprompted, that they have a favorite punctuation mark and what it is. (It is very likely the em dash.) — https://www.salon.com/2025/06/11/ai-cant-have-my-em-dash/

syzygis

Though all the world may fall apart
In clutching, greedy hands;
Though we may feel the need to run,
To watch from distant lands;
Yet still take joy in flowers,
In cuddling, in dreams.
Though life is steeped in darkness,
Inside, our friendship gleams.
-K Royka, 6/13/2025

redbird

I fear that I may have developed an allergy to strawberries.

Cattitude came home from the farmers market with two quarts of strawberries, so we sat down to eat strawberries this evening. Adrian washed a plateful of the berries, and we all started eating.

They're very good strawberries, but I realized after eating a few that my lips were starting to itch. They were tasty enough that I had four or five more before saying anything. When I did, Adrian suggested I go wash my face. I rinsed my lips with plenty of cool water, took a benadryl, complained about the situation, and got Adrian to make me herb tea. I hope I haven't developed an allergy to a fruit I like, after eating them without problems for more than fifty years.

ETA, after responding to people's comments:

It may not be just strawberries. Raw kiwi makes my mouth itch, and I think I remember having a problem with the kiwi on a mixed fruit tart. Possibly-underripe figs also made my mouth itch once, but cooked figs (fig Newton cookies) are OK, and a fig that was ripe enough to fall off the tree at my feet was fine. I think I need to do some reading.

Current Mood: unhappy

redbird

I had telemedicine with the GI doctor this morning. ( mostly for my own reference )

syzygis

Diagnoses aren't Pokemon;
I don't want to catch them all.
So why do they keep gathering
Like locusts in the fall?
-K Royka, 6/12/2025

redbird

Cattitude and I got up at 5:45 so he could pill Kaja, preparatory to her dental surgery. Both the pilling and the medical care went well, and she is on soft food only for 10-14 days. Therefore Molly is too, and we have to give them different treats than the usual dental Greenies. (Kaja will also be getting anti-inflammatories for a couple of days, and gabapentin for five.)

I got email from my brother about Mom's estate. He has done the necessary formwork so Vanguard can give us the money from her account there, where we are co-beneficiaries. His share is already in his account existing account. I tried setting an account up online, which apparently failed at the last minute, so I called and got a helpful person to walk me through the process again, step by step. I had gotten far enough earlier to create security questions, including some that I can actually remember my answers to, and haven't used repeatedly elsewhere. Separately, I need to talk to someone at Amalgamated Bank about the account there, a joint account with both our names on it. I hope they'll let me, as co-owner, close the account and transfer the money elsewhere, rather than sending them a copy of the death certificate, getting the account just in my name, and then closing it.

Mark also said he's thinking of going to London next month to sort through Mom's belongings, photos, and paperwork. So he wants to know whether I'm going as well, and if so, what dates worth for me. (Putting this here so I'm less likely to forget to talk to Cattitude and Adrian and then write back to Mark.)

solarbird

Find your local No Kings protest and show up. More different protests are better, not worse; one huge protest is easy to crack down upon; a dozen across the same area is impossible.

If you’re new at protests, show up at the Event Attendee Pre-Mobilization Mass Call today, 5pm Cascadian/Pacific, 8pm Eastern.

If you’re military or ex-military or military family, here’s extra information for you – 4pm Cascadian/Pacific, 7pm Eastern.

Turn out. Show up. Be there.

Posted via Solarbird{y|z|yz}, Collected.

People who don't wish me any specific harm

music: A Wistful Satellite Song

Locally hosting an internet-connected server

Pounce

BPL Summer Reading

retrobootstrapping rust for some reason

context

time travel and bit rot

debian

rust

LLVM

Observations

Let’s talk “Remigration”

A word you need to know right now

Remigration

Pause

strawberry follow-up

Tomorrow

#NoKings

photographs are important

No Kings Day

Hey AI — hands off my em-dash

Midnight

strawberries

talked to the GI doc

Broken

it's been a busy day

If there is only one (1) time you turn out, do it this weekend

Profile

November 2021

Links

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags