mirrors

Note: The following content is purely from memory. As it has been over a month, accuracy is not guaranteed. Since no confidentiality agreement was signed before the interview, this article reveals quite a lot of details. If there is any inappropriate content, please contact bojieli AT gmail.com.

Originally, I wanted to secure a research position and work hard in a startup team. I didn’t think about going to MSRA… Therefore, it wasn’t until a few days before the application deadline that I learned about this news from my class teacher. The teacher said there was a “Microsoft Scholar” award, which was worth 5000 yuan. I thought with so many scholarships, I definitely wanted it. So I rushed to write a two-page Resume with MS Word one night, went to the academic secretary’s office to get a transcript the next day, and submitted the application one day after the deadline. It was only later that I found out that this “Microsoft Scholar” was tied to the “experimental class” to some extent, but I haven’t received any news about that scholarship yet.

According to the email recipient list, about 67 people signed up for the Microsoft experimental class. The interview was in the afternoon. About a week before the interview, a teacher from the West District contacted me, saying that there was a researcher named Ma Yi, who was very good at image processing and wanted to recruit a student from the Youth Academy. He said that my project experience and hands-on ability were good, but my math grades were not good, and he was worried about whether I could do it. He could give me a chance for a separate interview. He said he didn’t care about your overall GPA, what he cared more about were the grades of math courses and professional courses. He asked me to look at one of Dr. Ma Yi’s representative works, not only to understand it but also to grasp its essence. When I came back and looked at it, it was a general algorithm that decomposes a matrix into the sum of a sparse matrix and a low-rank matrix, which can be used for image denoising, video surveillance, etc. I only understood so much, and I couldn’t understand the complex derivation of the matrices in the middle at all. I thought this opportunity should be left to students majoring in mathematics.

Yesterday, a bizarre thing happened to mirrors.ustc.edu.cn. Mirrors has three access lines, with IPs 202.38.95.110, 202.141.160.110, and 202.141.176.110 respectively. Mirrors-lab is an LXC virtual machine on mirrors, with three IPs: 10.8.95.2, 10.8.140.2, 10.8.10.2.

On the mirrors host, iptables is configured to directly map the 50000~51000 ports on the host to the virtual machine:

1
2
3

-A PREROUTING -p tcp -d 202.38.95.110 -m multiport --dports 50000:50100 -j DNAT --to 10.8.95.2
-A PREROUTING -p tcp -d 202.141.160.110 -m multiport --dports 50000:50100 -j DNAT --to 10.8.10.2
-A PREROUTING -p tcp -d 202.141.176.110 -m multiport --dports 50000:50100 -j DNAT --to 10.8.140.2

The rsync daemon is running on port 50000 of the virtual machine, but only rsync://202.38.95.110:50000 can be accessed, the other two IPs are timed out. The bizarre thing is, we captured packets with tcpdump on the mirrors virtual machine and host, it seems that SYN has been received, and ACK packets have also been sent out. Tcpdump captures inbound packets before netfilter, we captured the physical network card eth0, inbound packets should not have reached iptables when they were captured, and outbound packets have passed iptables when they were captured. Even more bizarre is that on the blog server, which belongs to the same network segment as mirrors, all three IPs are accessible normally. Why can’t the reply packets be sent out of the local network?