EC2 ensures that 169.254.169.254 is magically provide your instance with your data, and it won't be accessible to another instance. This is trivial to achieve if your instances are using routed or tap network; but is more complex if you are on a bridged network: the client will try to send the packets for 169.254.169.254 to the MAC of the default gateway.
So far I can force bridged packets that would otherwise be headed for the gateway to be routed locally (and put 169.254.169.254/32 locally on the host). I don't have a good way to associate the packets with a specific instance yet. Using kernel packet marks work, but isn't really scalable. Main requirement is that a simple web service should be able to uniquely identify the client, even if they try to spoof themselves (learn mac+IP of another instance on the same hypervisor & bridge, and ask for it's metadata from the wrong interface)
ebtables -t nat -N metadata || ebtables -t nat -F metadata for i in $(seq 0 20) ; do ebtables -t nat -A metadata -i vnet$i -j mark --mark-set $((256+$i)) --mark-target CONTINUE done ebtables -t broute -A metadata --limit 10/minute --limit-burst 2 --log --log-level debug --log-prefix "ebtables metadata" --log-ip ebtables -t nat -A metadata -j redirect ebtables -t nat -F PREROUTING ebtables -t nat -A PREROUTING -p IPv4 --logical-in br0 --ip-src 169.254.169.254 -j metadata ebtables -t nat -A PREROUTING -p IPv4 --logical-in br0 --ip-dst 169.254.169.254 -j metadata
ebtables -t broute -N metadata || ebtables -t broute -F metadata ebtables -t broute -F BROUTING ebtables -t broute -A BROUTING -p IPv4 --ip-src 169.254.169.254 -j metadata ebtables -t broute -A BROUTING -p IPv4 --ip-dst 169.254.169.254 -j metadata ebtables -t broute -A metadata --limit 10/minute --limit-burst 2 --log --log-level debug --log-prefix "ebtables metadata" --log-ip # Repeat the marks if you want them. ebtables -t broute -A metadata -j redirect
Over a year ago, she noticed that Vladimir Bukovsky, one of her favorite dissidents, was in trouble with the law, but most of the stories about his situation were in Russian. She started talking to some people who were his friends or who loved his book as much as she did to figure out what was going on. Bukovsky was on hunger strike because he had been charged with having a large amount of child pornography on his computer. A lot of his supporters were convinced that the data had been planted on his computer by the Russian government. Over a year ago, this sounded a little conspiratorial. Since Bukovsky had written about his opposition to communism, some of the right-wing blogs were the first to pick up the story about what was going on. Anyway, his friends and supporters helped get a new electronic copy of his book released.
I was dreading reading this book because it is about being a political prisoner in Russia, and I thought that it would be really depressing. I was so happy when this book was completely different than what I expected.
This book is about how Bukovsky took control of his life as a prisoner to maintain his sanity. Early on, he is asking a guard if he needs to take his belonging with him when they leave the cell. Whether he needs his things or not will give him a clue about how far he is being taken. At some point, it seems like all the prisoners are thrown into psychiatric hospitals and diagnosed with "sluggish schizophrenia" if they do not have a real diagnosis. I expected the writing style to be convoluted, but it is pretty straight-forward and clear.
One of the overarching themes of this book and the one by Suki Kim that I read earlier this year is how inefficiently labor is distributed in these types of regimes. A lot of construction labor is distributed to prisoners in this book. In Kim's book, reasonably well-off university students in North Korea are sent off to work at construction sites over the summer. There is no incentive for anyone to make labor more efficient in systems where anyone can be a laborer, and no one is getting remunerated in a meaningful way for their services. When there is unpaid labor in a system, no one worries about making it more efficient or improving labor conditions.
(I have posted more micro Not-Beable updates on FB occasionally).
Well today, it's time for a POLL! You see, some friends of one of the Not-Beables have sent me a 50$ Amazon gift card to celebrate "What an exciting time for you guys. Congratulations to you both".
Unlike the last time someone sent Not-Beable money ($100 Interac e-transfer, which expired after a month thus returning the money to the original sender), ignoring this will not cause the gift card to magically be refunded, which means if I don't want to just give the money to Amazon, I need to Do Something.
Hence the poll:
First: What should I do with the Amazon gift card?
Use it! They did send you the gift card!
Give it to meeeee! I deserves it!
Try to let Amazon customer service know electronically (though I don't think their form selection covers this)
Suck it up and phone Amazon customer service to explain the issue
Stalk other Not-Beables on Facebook to find the senders and send them a message
Donate it to a random person
Donate it to a random cause
Donate it to Ticky Box
Seriously - Ticky Box loves shopping
Socksie needs more books
Gondor has no king. Gondor needs no king.
Doesn't Gondor look just like Socks?
I'm new to Beable's DW, or I have forgotten what her polls are like.
I'm not new to Beable's DW, so I expected this poll to go to the dogs
Mean: 146.85 Median: 158 Std. Dev 64.88
|Ice cream! 13||1 (7.7%)|
|Ice cream? 216||3 (23.1%)|
I do have the names of the two senders (but not their email address), so contacting them directly will require some social media stalking. I suspect the Amazon route is the most straightforward (if most annoying). Too bad keeping it isn't ethical :-/