Heuristic42
Blog
Opengl
Meta
Rendering
0
edited
Sep 17 at 23:20
Writing custom C++ containers, iterators and value references
Generic containers are awesome. 1. The effort required to wr…
–
pknowles
created
Sep 17 at 23:16
Writing custom C++ containers, iterators and value references
Generic containers are awesome. 1. The effort required to wr…
–
pknowles
comment
Sep 15 at 19:08
DerBard: Custom Split Mechanical Keyboard Prototype
Hey. Thanks for your interest! I've uploaded the files here, bu…
–
pknowles
comment
Sep 13 at 15:06
DerBard: Custom Split Mechanical Keyboard Prototype
Hi! Is it possible to get some models so I can also make it?
–
anonymous
edited
Aug 14 at 17:55
On docker stealing routes and breaking the internet
Boy this is frustrating. The internet just doesn't work with do…
–
pknowles
edited
Aug 14 at 16:55
On docker stealing routes and breaking the internet
Boy this is frustrating. The internet just doesn't work with do…
–
pknowles
created
Aug 14 at 16:52
On docker stealing routes and breaking the internet
Boy this is frustrating. The internet just doesn't work with do…
–
pknowles
comment
Jul 13 at 6:48
Matrices
[deleted]
–
anonymous
comment
Jul 6 at 0:39
Matrices
[deleted]
–
anonymous
edited
Jun 19 at 20:22
DerBard: Custom Split Mechanical Keyboard Prototype
![DerBard Cover Image][1] In my last post I presented my que…
–
pknowles
comment
Jun 2 at 11:49
Matrices
[deleted]
–
anonymous
comment
Jun 2 at 10:31
Matrices
[deleted]
–
anonymous
created
May 30 at 5:22
Calling Babel from Django for React+JSX
Sharing my frustrations so you can enjoy them too... :) As o…
–
pknowles
edited
May 22 at 18:57
Microsoft Natural Ergonomic 4000 Replacement
![my old natural 4k][1] **They stopped making it!** I'm actu…
–
pknowles
comment
May 22 at 16:00
Prime Mover - Processor (final problem) [Spoilers!]
this should be fixed now
–
pknowles
edited
May 18 at 22:15
Clip Space
Clip space is a linearly dependent vector space between eye spa…
–
pknowles
created
May 18 at 21:56
Clip Space
Clip space is a linearly dependent vector space between eye spa…
–
pknowles
edited
May 18 at 19:50
Vector Spaces
A number of vector spaces are discussed below and widely used i…
–
pknowles
edited
May 18 at 19:43
Projection Matrix
A projection is fundamental to [cameras](/8/rendering/cameras/)…
–
pknowles
edited
May 18 at 18:32
Matrices
Matrices are 2D arrays of numbers, grouped as such to enable hi…
–
pknowles
edited
May 14 at 21:47
DerBard: Custom Split Mechanical Keyboard Prototype
In my last post I talked about a [MS Natural 4K replacement](/b…
–
pknowles
created
May 14 at 21:46
Matching complex shapes for a custom keyboard in Fusion360
For my [custom mechanical keyboard](/blog/55/derbard-custom-spl…
–
pknowles
comment
May 8 at 0:32
Matrices
[deleted]
–
anonymous
comment
May 7 at 23:30
Microsoft Natural Ergonomic 4000 Replacement
Yes indeed :). Thanks for the reminder. I found some time to wr…
–
pknowles
…
View All
Log in
On docker stealing routes and breaking the internet
leave this field blank to prove your humanity
Article title
*
Article revisions must have a non-empty title
Article body
*
Boy this is frustrating. The internet just doesn't work with docker running and this is why... Docker allows you to "containerize" apps, running them in separate individual environments. This is really nice for repeatability: you can run the same container on a different system and expect it to still work. There are some good security arguments too, but for me having the docker service itself running as root raises a red flag. The problem is that at some point you need to connect to the app running in the container. Typically this is done through some web interface. In an attempt to make the UX seamless, docker routes IP address ranges from the real network into its virtual network(s) that bridge the containers. The kicker is that docker has no idea what IP ranges need to be routed so **it just routes everything!!!** 😡🤬 # What are the routes? ip route -n ... all the IPs -> docker Now in fairness, docker has no idea that you're about to keep using your PC like a regular PC after starting it /s. E.g. you want to connect to your work's VPN or start a webserver that expects connections not to be forwarded away. It is nice for first time users because docker can magically "just work". But that's no excuse for just funnelling every IP under the sun into its own network, which can "just break things". Ideally the default would be a tiny default range that is rarely used, or even have it make you configure the range. VPNs have a similar issue, in that connecting to a VPN first can create routing rules that then break docker's. See [Docker not working with a VPN due to network issues](https://stackoverflow.com/questions/63259263/docker-not-working-with-a-vpn-due-to-network-issues). The VPN has no idea you intend to use docker or what its config will be later. But then docker doesn't warn or try to re-route some of the VPN ranges. Even worse is that clearing up the mess docker makes is hard. Docker doesn't remove routes that it adds when you stop the process. That is, you can break your system by starting a container and stopping it and the docker demon won't fix anything. The manual way is to delete the routes and adapters it made. You could be a chump and delete routes manually, but there can be a lot. # E.g. sudo ip route del 172.19.0.0 br-5094d9589bea sudo route del -net 172.19.0.0 netmask 255.255.0.0 dev br-5094d9589bea ... You could type them in manually like a chump, but a shotgun approach is to delete all routes 💪. Be careful with this one as it really is all routes. You'll need to disconnect and reconnect your loopback/LAN/WiFi/VPN connection(s) right after for the regular default routes to be recreated. # Careful. This deletes everything! Don't run unless you're physically at the machine. sudo ip route flush table 0 # Re-create default routes for loopback and other adapters ip link set lo down ip link set lo up ... other adapters Failing to restart `lo` results in weird `bind: Cannot assign requested address` issues from local port forwarding or `Error: Failed to find a free local port for dynamic forwarding` from vscode. How do you stop docker misbehaving? After cleaning up the mess it made with the above, configure it not to break things. Edit `/etc/docker/daemon.json` and add something like the following from [stack overflow](https://stackoverflow.com/questions/50730426/docker-bridge-connection-breaks-the-internet/67224830#67224830). I'm still pretty confused by what these actually do. I expect something here tells docker what default ranges to forward. Somewhere it needs a real IP to give its virtual interface to route IPs to. It also needs to assign virtual IPs within its internal network(s). Why does docker need so many bridge adapters 🤷. Reading the [docs](https://docs.docker.com/network/drivers/bridge/#use-the-default-bridge-network) might help. { "bip": "192.168.1.5/24", "fixed-cidr": "192.168.1.5/25", "default-address-pools":[ {"base":"192.168.2.5/24","size":28} ] } [Edit] maybe use `.2.5`? I hit yet another conflict with my home network and the above recently. See what I mean, re. frustrating. "bip": "192.168.2.5/24", "fixed-cidr": "192.168.2.5/25",
Toggle Preview
Edit message
*
A description of the changes made
Discard Draft
Save Draft
leave this field blank to prove your humanity
Flag
the thing you clicked
for moderator attention.
Reason choice:
Spam, promoting, advertising without disclosure
Rude, inappropriate, generally offensive
Too arrogant or demeaning to others
Other
Reason:
The reason for raising the flag
Error