We have a significant workload (> 50k CPU hours per year) on AWS EC2 instances running a Windows program. Since Linux instances are cheaper and easier to maintain (think Docker), we tried to get that Windows application running using Wine. A native Linux port is unfortunately not feasible, since the application depends on some closed-source libraries.

Initial benchmarks were not encouraging:

Platform	Runtime
Windows 11	479 s
Linux 6.12	2636 s

Linux/Wine being 5 times slower.

Wine offers nice logging/tracing abilities by setting the environment variable WINEDEBUG=+relay,+heap. This revealed far too many calls to heap allocation functions. Since the application is statically linked against the C runtime, Wine's heap allocation function may be less optimized than the original Windows function or require more overhead. Also perf top points to Wine's heap_allocation_block function.

mimalloc is a general purpose memory allocator with excellent performance. For statically-linked programs, it is possible to override the global C++ new and delete operators by just #including mimalloc-new-delete.h in one source file.

Benchmarks for the same program/workload as above, statically linked with mimalloc:

Platform	Allocator	Runtime	Peak Memory
Windows 11	default	479 s	12.6 GB
Windows 11	mimalloc v3.0.3	438 s	12.2 GB
Windows 11	mimalloc v2.2.3	440 s	12.9 GB
Linux 6.12	default	2636 s	14.3 GB
Linux 6.12	mimalloc v3.0.3	crash	N/A
Linux 6.12	mimalloc v2.2.3	435 s	12.4 GB

Mimalloc v3.0.3 seems to be a tad faster than v2.2.3 and on Windows it reduces runtime by about 10 % and peak memory allocation by about 2 GB. On Linux/Wine, the improvement is dramatic, the runtime is en par (or slightly faster) than on Windows. Note: CPUs were AMD Ryzen 9 5900X and AMD Ryzen 5 5600G on Windows and Linux, resp.

The crash on Linux with mimalloc v3.0.3 is probably related to issue #1087 and due to the new page-map feature having trouble with low addresses of memory allocations (which Wine provides) -- looking forward to a fix!

posted at: 12:46 | path: /programming | permanent link

Thanks to these notes on setting up the route64 tunnelbroker on mikrotik, I can confirm it works. Route64 supports wireguard for the tunnel and give out a /56 subnet, so one can have 256 /64 subnets. The cable modem needs to forward a particular UDP port to the mikrotik router on the internal network which does the wireguard magic.

(1) Create route64 tunnel, enter your public IP, select wireguard, show config:

[Interface]
PrivateKey = <private key>
Address = 2a11:6c7:f03:123::2/64

[Peer]
PublicKey = FkVCzA3bhSrqOUhXNxVHDXSLDvWHUa7BGj75uuh85TE=
AllowedIPs = ::/1, 8000::/1
Endpoint = 165.140.142.113:<port>
PersistentKeepAlive = 30

(2) Note the subnet configuration given by route64

For example: 2a11:6c7:2001:5300::/56

(3) Setup wireguard

(3.1) Add new wireguard interface

/interface wireguard add mtu=1420 name=wireguard1 private-key=<private key>

(3.2) Add new wireguard peer

/interface wireguard peers add allowed-address=::/1,8000::/1 endpoint-address=165.140.142.113 endpoint-port=<port> interface=wireguard1 persistent-keepalive=30s public-key="FkVCzA3bhSrqOUhXNxVHDXSLDvWHUa7BGj75uuh85TE="

(4) Setup IPv6

I find it more convenient to use the command-line...

(4.1) WAN side

Add route64 IPv6 address to wireguard interface and add IPv6 route.

/ipv6 address add address=2a11:6c7:f03:123::2/64 interface=wireguard1
/ipv6 route add dst-address=2000::/3 gateway=wireguard1

(4.2) LAN side

Route64 gives us a /56 subnet, which we can divide into 256 /64 subnets and give out via SLAAC / neighbor discovery (ND). Let's use the 2a11:6c7:2001:5301::/64 prefix.

/ipv6 nd set [ find default=yes ] interface=bridge mtu=1420
/ipv6 address add address=2a11:6c7:2001:5301::/64 advertise=yes interface=bridge

My IPv6 tunnel adventures are coming to an end... Still, I'd like to see Salzburg AG offer native IPv6.

posted at: 20:14 | path: /configuration | permanent link

RFC9460 is about "Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)". The idea is to signal to web browsers that the connection to the server shall be encrypted (similar to HSTS), as well as HTTP protocol preferences: HTTP/3 (QUIC), HTTP/2, fallback to HTTP/1.1. The protocol handshake can thus be performed quicker. The SVCB records allow configuration for load balancing, failover, encrypted ClientHello support, etc.

The proposed DNS record looks as follows:

example.com. IN HTTPS 1 . alpn="h3,h2" ipv4hint="23.209.46.91" ipv6hint="2600:1413:b000:13::b857:c185"

ALPN indicates for protocol preference and fallback. The IP hint may speed up connection performance. In particular when a different "target" is to be used (here it's just ".").

More here.

posted at: 16:20 | path: /configuration | permanent link

It's basically impossible to recover a MicroSD card stuck in a Lenovo X13 Gen1 (AMD) MicroSD card slot. Opening the case (removing the back cover) doesn't help either as the SD card slot is on other side of the system module.

Any ideas? In my opinion a total design failure. I otherwise like the machine.

posted at: 15:48 | path: /rant | permanent link

... from the command-line.

export STEAM_COMPAT_DATA_PATH=/data/SteamLibrary/steamapps/compatdata/123456
export STEAM_COMPAT_CLIENT_INSTALL_PATH=/home/user/.steam/debian-installation
python3 "/data/SteamLibrary/steamapps/common/Proton - Experimental/proton" waitforexitandrun some.exe

posted at: 09:52 | path: /programming | permanent link