jyrgenn

Just for fun I timed a program that I have developed in my spare time, the Lisp interpreter lingo, written in Go, on a number of computers. This measures basically single-thread performance, presumably with some emphasis on memory access, as the interpreter does a lot of pointer chasing. Mainly I wanted to compare my newly upgraded home server mellum with others.

The first four of the computers listed in the table are my own, the first three at home, the fourth an external rented server. All others are my employer's and are operated by our group.

Host	evals/s	Factor	CPU(s)	Cores	Clock/Ghz	OS
mellum	3505715	1.00	E3-1220 v3	4	3.1	FreeBSD 10.3
naibel	497192	7.05	T40E APU	2	1	FreeBSD 10.3
wrixum	1659191	2.11	Core 2 Duo	2	2.4	OS X 10.11.4
holt	1849007	1.90	Opteron 1385	4	2.7	Debian Jessie
Brunei	1375674	2.55	E5-2620 v3	12	2.4	Debian Jessie
Island	1548087	2.26	X5650	12	2.67	Debian Jessie
Bermuda	2139985	1.64	i5-2400	4	3.1	Debian Jessie
qcm05	1622777	2.16	E5-2690 v2	20	3	Debian Jessie
qcm06	1355449	2.59	E5-2690 v3	24	2.6	Debian Jessie
qcm07	1391523	2.52	E5-2690 v3	24	2.6	Debian Jessie
qcw50	4166456	0.84	i5-4590	4	3.3	Debian Jessie
dgm07	1473666	2.38	X5650	12	2.7	Debian Wheezy

The listed number of cores is the total in the machine, without hyperthreading.

The program I ran is the interpreter lingo, commit 5aa9fa8cd136efd05e0adcbb9474f0aa6fe1fe64, built with the current Go 1.6.2 – to be precise, a run of make benchmark10 in the lingo directory, which factorises the number 100000000001 with the (rather naïvely implemented) Lisp program factor.lisp.

The number at "evals/s" states how many Lisp expressions have been evaluated per second. I have used the best number of a few runs each (at least two). Apart from qcm05 and qcm07 the machines were very lightly loaded, such that each had a "free" CPU core.

I am a bit surprised that, apart from the workstation qcw50, my computer with a relatively cheap and nearly three-year-old CPU comes out ahead of nearly everything I could get my hands on, and not only the old ones (Island, our workgroup server, and Bermuda, my workstation), but also the newer ones. Now that computer has only one CPU and only four cores in total; especially the qcm0[5-7], meant for serious number crunching, have much more. Still amazing.

But I am even more surprised that my oldish MacBook Pro wrixum (13", mid-2010) keeps itself up so bravely. It has not only a CPU design from nearly eight years ago, but was also the slowest of the product line when I bought it.

Update: an additional result from rbarclay (see comments)

Update: More results are welcome! If you want to build from source, look into the comments for detailed instructions. If you want to use a pre-built binary for FreeBSD, Linux, or OS X on the amd64 architecture, download the appropriate one of the following files, unpack it, change into the lingo directory, and run <code>make benchmark10</code>. See the output for the "evals/s" value.

https://64927.de/sw/lingo_5aa9fa8c_darwin-amd64.tar.gz
https://64927.de/sw/lingo_5aa9fa8c_freebsd-amd64.tar.gz
https://64927.de/sw/lingo_5aa9fa8c_linux-amd64.tar.gz

*additional results*
Source	evals/s	Factor	CPU(s)	Cores	Clock/GHz	OS
rbarclay	2850442	1.23	FX-8350	8	4	Debian Jessie

Update: An article Modern Microprocessors – A 90 Minute Guide! by Jason Robert Carey Patterson is interesting in this context.

In the last days I have put a new server for infrastructure services into operation at home.

It does not run as router or firewall, but has an SSHd for remote logins, DHCP and RADIUS server, DNS resolver, and cron jobs to do all those little things that must be done when my outer IP(v4) address changes, like updating dynamic DNS and reconfiguring the IPv6 tunnel with HE. For a few hours now, fail2ban has also been successfully blocking those pesky brute-force ssh attacks from China and the like.

The hardware is a small and — moderately — low power model from PC Engines, but still with a dual-core 1 GHz AMD CPU (amd64) and 4 GB of RAM, so it is quite capable. I have put in an SLC SSD (relatively expensive, but AIUI not as easily worn out by writing), also with 4 GB, which is enough for normal operation.

http://www.pcengines.ch/apu1c4.htm

Despite being low power (≤ 12 W), that little thing runs quite hot. Internally, CPU and south bridge are thermally connected to the case via an aluminium heat spreader:

http://www.pcengines.ch/apucool.htm

Still, the case gets so hot that I felt another cooling element is in order, as it is already quite warm on the upper boards of the store-room shelf (the left one in the picture):

from left to right: the new small server with heat sink attached, the router, the switch connecing router and DSL modem

With that, it runs up to 72 °C on the CPU when it is around 30 °C outside. As the CPU is rated for up to 90 °C, that seems to be okay.

The server is connected to my "core" network, to the WLAN segment, and to the DMZ, where incoming SSH connections are terminated.

As it runs security-critical services, I decided to give OpenBSD a try, for the first time. Not a bad idea — while not as much pre-packaged software is available as for, say, FreeBSD or Debian, most things I want are there, and then I should still be able to install most things from source. Or write them myself, dammit!

OpenBSD feels more like a "traditional" BSD than FreeBSD — the installation is rather like that of other systems 20 years ago; the whole setup feels simpler, more straightforward, with fewer automatic tentacles; updates are done by getting the source for the whole system and recompiling. Without being able to give really informed comments yet, I can say it feels good, solid, familiar, definitely likeable.

BTW, the 4 GB SSD proved to be too small for rebuilding the system, so I had to put /usr/src/ and /usr/obj/ on the file server, NFS-mounted over mere Fast Ethernet. I was afraid that this would slow down the system building by much, but building the userland was done after 5h20m, with 63% CPU utilization. Pleasant surprise!

Update: I have to admit that after some time I fell back to FreeBSD for this machine. While that decreases the OS diversity, it is much easier to update two FreeBSD boxen than one FreeBSD and one OpenBSD box. Also, the tunnel isn't to HE any more, but to my own external server, which is much closer, roundtrip-wise, and handled directly by the router (the middle device in the picture) using OpenVPN.

Another update: That little machine still works as a small server, but running under Debian in between, and with a 256 GB SSD. It does feel a bit long in the tooth after eight years, and the boot loader spews out a lot of weird messages that I find a bit disquieting, but haven't the round tuits for to investigate them. Its time may near the end, and I am thinking of replacing it. There is no hurry, as it runs as part of a redundant pair. (The other one has relatively recent and speedier hardware, a Shuttle XPC DS10U.)

Current Mood: elevated

As I have mentioned, I have been using a Mikrotik RB750GL router running their RouterOS. This thing is small and cheap, and I was quite fond of it. At some other place, I wrote:

I have [a RB750GL] now as my home router, and I like it. Not that it doesn't have its quirks, of course — some things don't work like documented, and some might, only I find the documentation quite confusing. Firewall settings seem to presume intimate knowledge of iptables (which I have always hated and never got comfortable with). And a few other things, like it mysteriously only accepting only DSA public keys for ssh, not RSA.

Two weeks ago this saga continued, and the dissonance between documented and actual behaviour of this cute little piece of hardware produced semi-catastrophic failure.

To do some larger firewall changes, which is really tedious through the web interface, I downloaded the configuration from the router and wanted to be able to upload and activate it again.

The configuration can be exported to a file using an "/export" command and imported from a file through an "/import" command, says the documentation. The export worked fine, only the import complained about syntax errors in the file. Oh dear.

Now the lines in the exported configuration are just like lines you could type on the command line, so why not just try that? Because it complains about things like "I have a DHCP pool with that name already" — well, yes. Granted.

So you'd want to reset the configuration first before executing it again? Hey, it turns out this there is a command for that! It is "/system reset-configuration", and it has a parameter that makes it execute a configuration export file after reset, exactly what I wanted.

Only it didn't work. The reset may have worked, but obviously the configuration file is not loaded — the router is effectively dead. Maybe the factory default configuration file has been loaded. My trust in the Mikrotik router is gone, though, and I don't bother to check.

Luckily I had not sold the Juniper SRX100, as intended, so I brought it up again — not without changes, though, but at least it worked before the neighbors, who share the Internet access, came home again.

The Juniper is only a temporary solution, as I have learned that, while more convenient than IOS, JunOS config is similarly difficult if you don't deal with these things on a daily basis, and without a support contract you don't get software updates, which I see as a major problem nowadays.

I am resolved now to get a Soekris thingy once I got the money from the tax return and try OpenBSD. I know that is good hardware, I can put arbitrary other services on it as long as there is RAM, and no problem with software updates.

Update: I didn't get a Soekris, but a much cheaper APU1C4 instead (see later article), but don't use it as a router. The router I use now is a Ubiquiti EdgerouterPOE, and while it does have some quirks, it seems to be the right one for me.

Lamenting, as always, the lack of baggage space, the beloved wife and I finally resolved to try ebooks. As a budget-priced option Amazon's new Kindle (the new one without keyboard or touch screen) was chosen, after I had established that it is indeed reasonably possible to read ebooks on it that come from independent sources. It doesn't work with epub, but (for instance) Calibre can convert epub to mobi format. It can also display PDF and plain text documents.

Alas, the selection of ebooks available from Amazon has its shortcomings. Newish books are very similar in price to the print editions, but lack their flexibility -- you cannot easily lend them to others, give them away, resell them, etc. While some of this is possible, as I understand, it is not easy. So this is not an option for the mystery novels the beloved wife consumes at an alarming rate.

But then there are a lot of classics with expired copyright available for free (as in beer, dunno if they are DRMed or not) directly from Amazon, meaning they can be copied to the device with a single click. Lots of others are available from Project Gutenberg in Kindle format, even in German. (BTW, that "Gutenberg-DE" thing is a commercial enterprise that makes it as difficult as possible to download and carry away whole books -- they want you to read the stuff on their site, to generate income by advertising, and by selling stuff on CD-ROM.)

Apart from the free stuff there is also a lot of quite cheap content available from Amazon, only not necessarily what you have been looking for. It is worth a look, though.

The Kindle, with 1.4 GB free for books, can hold a lot, given that most books are just a few 100 KB. This is of course excellent for a vacation, and exactly what we had been looking for.

It took me a while to get used to reading stuff on the Kindle and not be distracted by the technical device itself, but after that it is quite pleasant. The hardware is a good compromise between being small and being good to hold in one or two hands. The page turn buttons are very well placed on the sides. The screen is excellent to read when brightly lit and bearable when not so well. I found it useful to adjust the font size accordingly; I use one size smaller than the default with my reading glasses in good light and one size bigger in not-so-good light or with my normal glasses on.

Now, the books:

Neal Stephenson: In the Beginning was the Command Line: This is the first ebook I actually started reading -- I had already begun reading it on the Android phone that I carried for (the previous) work, so it naturally landed on the Kindle as well. I read a bit further into it during this vacation. But the more I read of it, the more I failed to miss his point and wondered "so what is he getting at?" Apart from that, I was more and more annoyed by him not really having understood many of the technical things he talks about.
Sara Paretsky: Hardball: Years ago I have read lots of her V.I. Warshawski novels, and this is another one. Actually the beloved wife wanted to read this one, so it was in German. The translation has a few bugs, but is bearable. It isn't extraordinary, compared to the other ones, even fulfilled more V.I. clichés than I'd have cared for (she gets beaten up multiple times, deeply annoys her late father's police colleagues and other authorities only to be reconciled with the good ones in the end, digs up a major conspiracy, gets close to getting killed, and succeeds only with the help of her close friends), but I still liked it.
Steven Pinker: How the Mind Works: The print edition, even hardcover, has been sitting on my shelf for years, as it is too big and too heavy to read on the move. Now, as an ebook, even relatively cheap for just a bit over € 10, it was easy to carry with me. I began it during this vacation, but didn't get through it. I have read nearly half of it now, and it is still too big. More to the point, I find it too fluffy. So many anecdotes, so much trying to keep it an easy read, all this makes it a bit tiring for me, as the actual information rate is too low and I have to dig through so much fluff. Of course there is is a lot of interesting information in it, and I will read it to the end. But it seems that Pinker's efforts to make the information more accessible have made it less accessible for me.
Hans Christian Nickelsen: Meine lieben Enkel! ("My dear Grandchildren!"): In his last years, my grandfather wrote up some memories, addressed to his grandchildren. This is probably not interesting at all for anyone not related to him or at least very interested in what it meant to be a teacher in the 1930s to 1960s, especially at a german school in the (formerly german) parts of southern Denmark. It is for me, though, and while my father finds it painful to read for all his father's difficult conceptions of his family, my own personal distance is big enough to find it bearable in this respect. I formatted this as a PDF document exactly for the Kindle's page size, so I could choose a typeface that suits me better than the builtin ones. Unfortunately the dots of the german umlauts (äöü) don't correctly line up with the letters, though.

The final words: Reading ebooks on the Kindle (or any other ebook reader) can be fine, but it has its limitations. Apart from the mentioned consequences of DRM I cannot, for instance, thumb through the book to see how far that particularly boring passage goes, I have to page through it one by one. Most new ebooks are too expensive given the limitations. I find the possibility of putting stuff on the device by USB cable necessary, but also appreciate the ability to load them via email.

The need to switch ISPs finally pushed me to configure the Juniper SRX100 router.

As my current ISP, KGT New Media, is giving up their consumer Internet access over T-DSL product and has canceled the contract to end of August, I am a bit under pressure to get everything running with a different ISP. So, back to Titan Networks, although their offer is not quite what I was looking for. For € 24.50 per month, about the same price as with KGT, I get not a traffic flat rate, but a volume of 25GB, with extra traffic for € 5.50/GB. This should usually be enough, but in the past I have had a huge traffic peak once, which suddenly cost me additional 90 Euros. But there are not very many ISPs offering IPv6 for end customer prices to choose from.

Of course, before I switch completely, particularly all the DNS entries for- and backwards, I want to make sure everything works. This gave me another opportunity and additional motivation to finally tackle the SRX100, and I did.

While the Cisco 1712 still runs with KGT, the SRX100 is now running the Titan connection, although in a kind of "client-only" mode, without allowing incoming connections. Making incoming traffic possible requires much more firewall-fu than the little I have already understood. This is really not easy.

Doing the basic configuration -- forwarding IPv4 and IPv6 between the core and the WLAN network and the PPPoE connection to the ISP -- was moderately simple. Junos configuration is indeed a bit less of a pain in the back than IOS. I especially like the method of modifying a configuration until it is done and only then committing it to be activated. Otherwise it would have been more difficult or required a reboot to do reconfigurations that would have cut me off from the router in mid-change.

I also think the explicitly hierarchical configuration makes sense as a way of structuring everything; when I dive into some hierarchy level, I can concentrate on just that and show just that bit, for instance. Ah, yes, you can show the configuration while editing, isn't that just amazing? (I probably have only missed that with IOS, but to me it's still a difference.) And then there are the little things, like being able to go back in the pager (while viewing configuration or the like). I like it.

One thing had me busy for a while, though: There is no possibility to use IPv6 with vlan interfaces. This restriction still puzzles me, but apparently it is intentional, or at least specified. That I was not able to set an IPv6 address on a vlan interface from the CLI but could do that from the web interface added to my confusion. But even if an address has been set on a vlan interface, it cannot actually be used. Took me quite a while to find the final answer.

In the end I gave up and configured the interfaces not as switching group members, but as IP interfaces, and then everything worked. Well, except for the switching, of course -- I need a separate switch now where a port-based vlan on the SRX100 should have been sufficient. That is annoying.

Apart from that and the still unresolved incoming traffic issue, everything works fine now.

Perhaps I will finally just switch the Cisco over to Titan, and then the SRX100 to the currently unused T-Online connection -- I used it briefly for testing the SRX100 and found it that instead of the 30 ms roundtrip to my external server, it gave me 8! The T-Online access is with IPv4 only (currently; IPv6 probably next year) and with changing addresses. But that is fine for the clients, while the server can still use the fixed-address IPv6 and IPv4 access over the Cisco and Titan.

Current Location: w21.org

As mentioned before, IOS is a pain in the neck if you don't use it on a day-to-day basis, hence the wish to replace the Cisco 1712 — there are too many things I would like to do in the configuration, but I hesitate out of fear of messing it up completely.

Beginning of the year I got an SRX100, the smallest of Juniper's "Services Gateways", meaning an access router with Firewall. Shiny! Apart from a serial console port, it simply has 8 Fast Ethernet ports, which can be configured freely, including as one or more switching groups with port-based or tagged VLANs. The default configuration even makes some sense with one port as a WAN link acting as DHCP client for configuration and a switch of the other seven with a DHCP server giving out RFC 1918 addresses, NAT, and some appropriate firewalling.

But that doesn't help me much for my setup, and as this is a whole new world of configuration logic, I haven't got further in my Copious Free Time™ than the online training "Junos as a Second Language". This one is really not bad, but far from covering my special case, of course. So the shiny new box just sits around waiting to be properly configured. :–(

After two-and-a-half years, the 12" Powerbook G4, which I had bought already used, two years old, began to feel really old. It had probably been a mistake in the first place to buy a used computer from a line that was already obsolete when they built the last models. (On top of that, the CD/DVD drive was already mostly broken when I bought it, but I noticed that too late to give it back or claim compensation from the seller.)

It mostly felt old playing some kinds of videos. DivX and MPEG-4 in larger formats was too much, as well as some flash video stuff from the net. YouTube was fine, but some others, e. g. those from SPIEGEL Online, were not. And as I had not seen the (technical) point in upgrading from OS X 10.4 Tiger to 10.5, the selection of available software had already begun to shrink noticeably.

After the 2010 tax return it was time now for an up-to-date device again. Months ago I had already resolved to buy a MacBook or 13" MacBook Pro. (The bigger ones don't appeal to me, in particular not at their price.) The white plastic MacBook would have been enough with the RAM upgrade, but with the small Pro costing only 60 Euros more than the MacBook with 4 GB RAM (which the Pro already has), it was the Pro. Good choice. It came with OS X 10.6.3 "Snow Leopard" and runs 10.6.4 now after the first update.

As always, the migration to new hardware and OS version, even from the same manufacturer and in the same product line tradition, brings some, let's say, discoveries. "Same same, but different" or even "sometimes happy, sometimes sad."

Software Update has become much more intrusive. With Tiger, it checked for updates in the background and showed its dock icon only when there was something to do and it needed confirmation from the user. Now it shows the dock icon already when it only checks for updates. When it installs software for which a restart is required, it first asks for restart permission (which is okay), but then immediately shuts down everything and only then begins to install the software, which had previously been done in the background.

Only a short while ago, but still with Tiger, I discovered and learned to appreciate Terminal.app's "New Remote Connection" dialog as a fast and convenient way to open an ssh session to another machine. But now, with Snow Leopard, it wants to start ssh connections by default with SSH protocol version 1, which, for good reason, does not work with any of my servers; after each program restart I have to switch that to automatic or version 2. I have not found anything in the preferences (and I do mean Library/Preferences/com.apple.Terminal.plist) or the application bundle that looked like I could change this default. [Thankfully his has been fixed in OS X 10.6.7 -- ssh is now called without any options by default.]

Other than with my 10.4 installation, IPv6 is no longer consistently preferred with some services - telnet, ssh, http. Sometimes IPv4 is used, sometimes IPv6. I have not yet recognized a pattern. This may well be an application issue, but still it is strange.

X11 seems to work completely different from before.

Regardless if X11 is started or not, each Terminal window has a DISPLAY in its environment that contains the pathname a UNIX domain socket (e. g. /tmp/launch-ghLYjm/org.x:0); the socket exists, but is non-functional if X11 is not running. That confused my mechanism of dectecting the existence of an X server; xdpyinfo simply kept blocking on this socket. No fun. Ok, that could be fixed with an only slightly annoying timeout.

When I try to start X11 myself, it doesn't. Or, sometimes it does. But most of the time, some processes start, but nothing happens in terms of a usable X server.

I thought that my .xinitrc and (rather historic) .xserverrc might cause the problem, but moving them to the side has not really improved the situation. Instead, even without me having done anything (except perhaps checking the socket $DISPLAY for aliveness), it tries every few seconds to start up an X server, fails, tries again, ... you get the idea.

The non-functional DISPLAY variable in the environment causes outgoing ssh logins to fail if ForwardX11 is set to yes in ssh configuration, because the remote host tries to connect to the X server at first. Took me a while to find out that this was the reason why Unison failed to connect to another host.

I guess it is intended like this: Some X11 client connects to the socket $DISPLAY, a monitoring process notices this, starts an X server, passes the socket file descriptor to the X server, and lo! X11 applications can be started just like native ones. Clever, if it would only work.

There is something in the system.log, but I cannot make anything of it.

The new Quicktime Player looks awful. All black!

What is this fascination with black, anyway? When I put the dock on the side, where it belongs (IMO), it turns black! With a bit of transparency, yes, but black. That is ugly compared to the thin and airy dock of 10.4 (and predecessors).

A translucent menubar! WTF? At least I can switch this particular idiocy off again.

There seems to be a general trend towards needless design changes. The new dock (if it is on the bottom of the screen) so three-dimensional with a partial reflection of the icons - wow, that is so much eye candy that I want to take the toothbrush to my eyes. (But black?) Is this a "Yes, we can!" attitude, and "Just because we can"? That sucks.

The rounded upper corners of the windows are less rounded now. I can live with that. The amount of roundness taken from there has apparently been applied to the corners of the pull-down and pop-up menus.

The upper menubar corners are no longer rounded at all. Why did they give up one of the most visible design features of the Macintosh since 1984? Are we no longer nice-looking and a bit cute? This seems to be the most needless design change of all, given that the space previously occupied by the rounded corners has not been put to any other good use.

I like the hardware. Only two annoyances here: the glossy screen (I prefer to use the bathroom mirror when I need a shave) and the sharp edges of the case - because this is where my wrists are when I am typing with the laptop on my belly, lying in my bed. And this is at least 97% of the time when I use it. And the edges are really sharp.

The glossy screen does make for a more brilliant display, with a deeper black, yes. (Hum, does that correlate to that obsession with black I seemed to notice earlier?) Apart from the reflections of my face that I could live without, the display is indeed crisp. I like. (Only after having seen the screen of the new iPhone from a very close distance, I say it could use something more like that in terms of resolution.)

I like the wide format as a good compromise. It lets me put the dock on the side (the black dock) and still have it not steal too much from the screen width. There isn't too much height to spare anyway. The display is now better for watching films not in 3:4, small surprise.

I liked the keyboard of the Powerbook more, but this one is better than I expected. I was afraid that the more or less flat keys offer less guidance to the fingers that the more profiled ones of the Powerbook, but it is not as bad, no insecure feeling. The price paid for being able to shave off 2 millimeters (rough estimate) from the height of the keyboard is not too high. I really like the key illumination, although there is more light coming out from under the sides of the keys than through them.

I love the case. It is gorgeous. The rounded corners, the smooth undisturbed matte surfaces, the flat body - wow. It is often said that Apple sells their hardware more due to its design than its technical qualities. Sure, with this kind of design!

Although I have bought the slowest one, this little machine is screamingly fast compared with the G4. Moments where I had to wait a bit with the old Powerbook are now gone. Good.

The automounter seems to work with less hassle now. I once had a working setup with handcrafted mountpoints via Netinfo with 10.4, but that broke at some point, and I couldn't revive it this way or the other. With 10.6, the /net/$SERVER/ thingy works just like that without any setup required. Joy!

The battery lasts long.

In the end, I am quite happy with the new MacBook Pro. The X11 thing is a real annoyance, all others are minor. The new toy is fast and overall a joy to use.

Update 2011-08-12: After fiddling around over several days it turned out that there was (a) an incompatibility with the decades-old ~/.xserverrc and (b) checking for the existence of an X server at $DISPLAY in my ~/.profile kept it from working. Understandably so, considering that is done during the startup of that exact X server. Why X11 initialization starts a login shell -- perhaps to have the environment variables set up properly -- and has a non-empty $PS1 in there I shall probably never know. At least [ -t 0 ] is false, so I can exclude the check for that case.

"Kleine Sünden bestraft der liebe Gott sofort" (the Lord punishes you for little sins immediately) is a half ironic saying in German. Well, He did in this case. Only five days after calling the IPv6 capabilities of Apple's Airport Extreme "pointless" (see the previous article), my WLAN access point died. After I had tried to switch the speed from "best" to "54 Mbps", it was more or less bricked. No WLAN any more, no reaction at all on the wired interface, not even after an attempted factory reset.

So I had to get a new access point. I was still curious to get my own hands on an Airport Extreme, so I bought one -- not the cheapest choice to fulfill the need of a simple access point, but what the heck.

First I was a bit miffed, because the GUI tool (I'm sorry, Dave, I'm afraid I cannot let you have a web interface) did not want to run on my Powerbook -- OS X 10.4.11 was too old. I had never seen the point to upgrade to 10.5. But to my surprise there was also a version for Windows, which was even less picky about the platform and did not refuse to run with XP.

And lo! There was more to the GUI than I had seen before, namely not only "Node" and "Tunnel" as the IPv6 operation modes, but "Host", "Tunnel", and "Router", which sounds already much better. In the "Tunnel" and "Router" modes, I have an "IPv6 Firewall" tab:

IPv6 Firewall GUI

The form to edit the exceptions looks like this:

IPv6 Firewall exceptions

So, now I have to apologize: The current Airport Extreme does indeed have some degree of usability regarding IPv6, which would be enough for simple home networks except for the missing IPv6 over PPPoE. I haven't tried it yet (as it works only as a simple bridging WLAN access point in my current setup), but that looks much better than I thought only days ago.

(These pictures are not made with Windows, of course. In between I have the new shiny-shiny, which runs OS X 11.6.4, good enough even for the Airport Extreme admin GUI.)

Apple's "Airport Extreme" has been supporting IPv6 for quite a while. So long, in fact, that I thought it might be somthing useful.

Yesterday I took the opportunity of looking at one, or rather, the configuration GUI, in a shop. "Disappointed!", to quote Wanda's brother, is the word. I knew it didn't support IPv6 over PPPoE, okay. But it doesn't support a lot of anything else either. "Tunnel" or "Node" is the first choice, and I don't want tunneling. When I select "Node", I can set the prefix (of which interface?) and the prefix length, and that is it.

That is strange. That is not even barely useable, it is more or less pointless. No per-interface configuration, no firewall, no whatever-you-name-it. Actually I was a bit surprised, as the IPv6 support of the Macs is fine, and I thought they would make their own networking equiment to match that.

[Addition: I think it was a demonstrator of the Airport Extreme administration GUI, perhaps not the real thing. Please see my more-or-less retraction in the next article.]

CPU Comparison

New small server with OpenBSD

Change of Routers, again (even back)

Book yield of the fall 2011 vacation, part 1 (ebooks)

Configuring the SRX100

Juniper SRX100

Same same, but different - discoveries with the new Macintoy

Airport Extreme Revisited

Airport Extreme's IPv6 capabilities (or non-, rather)

Profile

September 2022

Syndicate

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags