What I learned this week 07-05-2025
What I learned this week⌗
Software⌗
How NAT Traversal Works - Let’s say you’re making your own protocol and that you want NAT traversal. The protocol should be based on UDP. - For UDP, the rule is very simple: the firewall allows an inbound UDP packet if it previously saw a matching outbound packet. - The problems start when two of our “clients” want to talk directly. Now the firewalls are facing each other. According to the rule we established above, this means both sides must go first, but also that neither can go first. - So, to traverse these multiple stateful firewalls, we need to share some information to get underway: the peers have to know in advance the ip:port their counterpart is using. Tailscale has set up a coordination server for this purpose - Stateful firewalls have limited memory, meaning that we need periodic communication to keep connections alive. If no packets are seen for a while (a common value for UDP is 30 seconds), the firewall forgets about the session, and we have to start over. To avoid this, we use a timer and must either send packets regularly to reset the timers, or have some out-of-band way of restarting the connection on demand. - The most common use of SNAT is to connect many devices to the internet, using fewer IP addresses than the number of devices. In the case of consumer-grade routers, we map all devices onto a single public-facing IP address. - the same principle applies on corporate networks. The usual difference there is that the NAT layer consists of multiple machines (for high availability or capacity reasons), and they can have more than one public IP address, so that they have more public ip:port combinations to choose from and can sustain more active clients at once. - STUN relies on a simple observation: when you talk to a server on the internet from a NATed client, the server sees the public ip:port that your NAT device created for you, not your LAN ip:port. So, the server can tell you what ip:port it saw. That way, you know what traffic from your LAN ip:port looks like on the internet
Wireguard uses only UDP due in part to the TCP Meltdown Problem. Creator of Wireguard’s website is pretty wild
Sketch starts a docker container and outputs its work onto a branch in your host git repository.
Business/Finance⌗
- But network effects cut both ways. If a system gets more valuable as it attracts more users, it also gets less valuable as it sheds users. The less valuable a system is to you, the easier it is to leave.
- When switching costs are high, services can be changed in ways that you dislike without losing your business. The higher the switching costs, the more a company can abuse you, because it knows that as bad as they’ve made things for you, you’d have to endure worse if you left.