24 March 2008

rate-limiting in iptables

I recently learned about a useful feature in iptables which might help prevent denial of service (DOS) attacks. The iptables "recent" extension dynamically creates a list of source addresses against which your ruleset can match, for example, to block someone who is making too many connection attempts in a given time interval. The Debian Administration blog has a good example of using this to block DOS attacks against an ssh server.

23 March 2008

iterating through an array in bash

Every now and then I need to iterate through an array of items in a bash script, and I can never remember the syntax--I always have to look it up. So here's a quick example...


things=( first second third )

for i in ${things[@]}
echo $i

If the number of array elements is large, it can be useful to have one element per line:

things=( \
first \
second \
third \

16 March 2008

another Highlander sequel

The other day I rented Highlander: the Source, and I watched it this evening. Although the original film is one of my favorites, I didn't have very high hopes for this one: all of the sequels have been disappointments (although I seem to remember thinking that the fourth film wasn't horrible).

But I got a bit of a surprise. There's more to say about this movie than I would have imagined. I was surprised because this newest installment is actually worse than Highlander II, which I did not think was humanly possible. Highlander II at least had a fun villain. This film stars Adrian Paul as Duncan MacLeod from the Highlander TV show, and in the film Paul is surrounded by a handful of characters who are even less interesting than he is.

So if you're in the video store and you see a copy of Highlander: the Source, keep walking, and rent something better, like Ishtar, Plan 9 From Outer Space, or Highlander II.

15 March 2008

relativistic economics

There was an interesting Slashdot article the other day about a satirical speculative analysis of the economics of interstellar trade. The idea is that if you're shipping something to another star system, you've made a significant financial investment in the goods you are shipping, and the duration of the voyage will be long enough that there should be an interest rate applied to your investment.

The interesting wrinkle appears when you consider that for interstellar trade to be worthwhile, the cargo vessels will need to travel at relativistic speeds. Special relativity describes the effect of time dilation, the phenomenon of a measurable discrepancy in the voyage duration as measured by the ship's crew versus that of a stationary observer (like the investor).

So whose measurement of time do you use to compute the interest?

To extend this nonsense to other predictions of special relativity, the ship's mass and length will also be affected, which might complicate matters for the interstellar equivalents of weigh stations.

09 March 2008

Class::Accessor constructors

I'm a pretty big fan of Class::Accessor. It's great for those occasions when you need to write a Perl module which has lots of attributes. You tell your module to inherit from Class::Accessor, provide a list of attributes, and your module automatically has accessors and mutators for all of those attributes. Class::Accessor even takes care of creating your module's constructor.

That last point was actually giving me some trouble the other day. I was writing a Perl module, and it turned out to have several attributes (counters that needed to be incremented while parsing a file), so I decided to have my module inherit from Class::Accessor. But one of the attributes was going to be an instance of another class (I wanted to use composition, rather than multiple inheritance), and I wanted to instantiate this object when my object is instantiated. But since Class::Accessor creates my constructor automatically, it wasn't clear to me how I'd do this.

With a little fiddling, I was able to override the Class::Accessor constructor in such a way that it still created my accessors and mutators, but also allowed me to do other object initialization tasks:

package Gakkk;

use strict;
use diagnostics;
use warnings;

use base qw/ Class::Accessor /;

use Some::Other::Class;

sub new {
my $class = shift @_;

my $self = $class->SUPER::new(@_);
$self->flamningle( Some::Other::Class->new() );

return $self;

# other methods, ...


The call to $class->SUPER::new(@_) gives what's left of the argument list (@_) to the constructor of the parent class (Class::Accessor) and returns an instance of my class. I'm then able to initialize my object attributes without requiring that the calling code do it explicitly. Without overriding the constructor, the caller would have to do something like this:

my $gakkk = Gakkk->new(
flamningle => Some::Other::Class->new(),
line_number => 0,
num_parse_errors => 0,
num_zortbiptons => 0,

Having overridden the constructor, the caller can instantiate the class like this:

my $gakkk = Gakkk->new();

01 March 2008

IntranetAddress PHP class

I've added another Google code project. This one is called IntranetAddress, and it's a PHP class which you can use to determine whether or not an IPv4 address belongs to a set of network ranges (specified in CIDR notation in a configuration file). The class requires the Net::IPv4 PEAR package, and a PHPUnit test suite in included.