For example, the hexadecimal value 0x995DC9BBDF1939FA should correspond to the decimal value 11051210869376104954. However, when dumped in PHP, it’s displayed as a floating-point number:

% php -r "var_dump(0x995DC9BBDF1939FA);"
float(1.1051210869376104E+19)

This is unexpected and undesirable for checksum calculations. Upon investigation, I confirmed that the value is within the bounds of a 64-bit integer:

2^64 > 11051210869376104954
True

The issue arises because, despite running on a 64-bit system, PHP’s maximum signed integer value PHP_INT_MAX is smaller:

% php -r "var_dump(PHP_INT_MAX);"
int(9223372036854775807)

This limitation stems from PHP’s lack of an unsigned integer data type. It uses int (signed) and float for numerical representation.

To understand this better, let’s examine PHP_INT_MAX in binary:

01111111_11111111_11111111_11111111_11111111_11111111_11111111_11111111 (2)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 63 bits

The most significant bit (MSB) represents the sign (0 for positive, 1 for negative). In PHP_INT_MAX, the MSB is 0, and the remaining bits are set, effectively representing 2^63. When a number exceeds PHP_INT_MAX, PHP automatically converts it to a float.

So, how can we accurately represent this large number in PHP?

Solutions

Handling High and Low Bits Separately

We can split the 64-bit number into two 32-bit parts (high and low) and reconstruct it during runtime:

(hex) 0x995DC9BBDF1939FA
(dec) 10011001_01011101_11001001_10111011_11011111_00011001_00111001_11111010
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      high bits                           low bits

To extract the high bits, we right-shift the number by 32 bits. For the low bits, we apply a bitmask 0xFFFFFFFF using the bitwise AND operator:

<?php

$high = 0x995DC9BB;
$low = 0xDF1939FA;

We can then reconstruct the original value by left-shifting the high bits by 32 bits and combining them with the low bits using the bitwise OR operator:

<?php

$number = $high << 32 | $low; // 0x995DC9BBDF1939FA

Illustration

(H) 10011001_01011101_11001001_10111011                                      = 0x995DC9BB
 << 32 bits
  = -----------------------------------------------------------------------
    10011001_01011101_11001001_10111011_00000000_00000000_00000000_00000000
 OR
(L)                                     11011111_00011001_00111001_11111010  = 0xDF1939FA
  = -----------------------------------------------------------------------
    10011001_01011101_11001001_10111011_11011111_00011001_00111001_11111010  = 0x995DC9BBDF1939FA

Manual Hexadecimal to Decimal Conversion

Another approach involves manually converting the hexadecimal string to decimal, bypassing PHP’s implicit conversion. We can achieve this using the pack and unpack functions:

<?php

// 0x995DC9BBDF1939FA
$number = unpack(
    'J', pack('H*', '995DC9BBDF1939FA')
);

We use pack with the format H* to encode the hexadecimal string into a binary string. Then, unpack with format J decodes it as a 64-bit unsigned integer. Refer to the PHP documentation for a complete description of format codes.

Performance Comparison

A quick benchmark comparing the two methods over 1 million iterations reveals a significant performance difference:

<?php

// helper
// ===================================================

function benchmark(callable $callback): int
{
    $start = (int) (microtime(true) * 1_000);

    $callback();

    $end = (int) (microtime(true) * 1_000);

    return $end - $start;
}

// pack && unpack
// ===================================================

$elapsed = benchmark(function () {
    for ($i = 0; $i < 1_000_000; $i++) {
        unpack(
            'J', pack('H*', '995DC9BBDF1939FA')
        );
    }
});

printf('pack & unpack: %dms'.PHP_EOL, $elapsed);

// bitwise
// ===================================================

$elapsed = benchmark(function () {
    for ($i = 0; $i < 1_000_000; $i++) {
        0x995DC9BB << 32 | 0xDF1939FA;
    }
});

printf('bitwise      : %dms'.PHP_EOL, $elapsed);

On my 2019 Intel iMac, the bitwise approach took 5ms, while the pack/unpack method took 133ms – a 26x difference. This difference in performance is not surprising. The functions involve several layers of overhead, format checking, parsing the hexadecimal string, and ultimately, they also rely on bitwise operations internally to represent the unsigned integer. These extra steps contribute to the increased execution time.

Given that I’m dealing with some files around 50MiB, performance is crucial, making the bitwise approach the preferred choice.

Configuration Mode

EdgeOS CLI operates in two distinct modes: configuration mode and operational mode. To enter configuration mode, simply type configure, and when you’re done, use exit to return to operational mode.

Connect to the Internet via PPPoE on eth0

edit interfaces ethernet eth0
set description "Internet (PPPoE)"
set pppoe 0 user-id <PPPoE Username>
set pppoe 0 password <PPPoE Password>

Assign a Static IP to a Device via MAC Address

Be sure to replace the subnet CIDR with your LAN’s configuration.

edit service dhcp-server shared-network-name LAN subnet 192.168.10.0/24
set static-mapping <name> ip-address <ip-address>
set static-mapping <name> mac-address <mac-address>

Operational Mode

When you log in to your router, you’ll start in operational mode, identified by the dollar sign ($). To switch back from configuration mode, just use the exit command.

lizhineng@ubnt:~$

Re-establish PPPoE Connection on pppoe0

This is handy when you want to manually reconnect to the Internet, especially since some ISPs forcefully terminate connections every 7 days. By picking your hours, you can avoid this happening during a critical bug fix!

disconnect interface pppoe0
connect interface pppoe0

List DHCP Client Leases

You can optionally specify a pool. Without arguments, it lists clients from all pools.

show dhcp leases

For clients from the LAN pool only:

show dhcp leases pool LAN

List All Network Interfaces

A simplified version of ip a, giving a quick overview of network interfaces.

show interfaces

Backup and Restore Configuration

Since the save command is broken in the official firmware (not a big deal, it uses scp under the hood), you can still manually back up your configuration. Don’t forget to set up SSH credentials beforehand. The backup file will be suffixed with the date and time.

scp /config/config.boot <user>@<host>:/path/to/config.boot.$(date '+%Y%m%d%H%M%S')

To restore from a backup, use the load command:

configure
load scp://<user>@<host>/path/to/config.boot
compare
commit; save

Display Hardware and Firmware Information

Displays router model, serial number, firmware version, and uptime.

show version

Useful Links

• EdgeRouter Help Center

Unlike Cloudflare, which doesn’t charge for CDN traffic, ESA charges 0.198 RMB per gigabyte—lower than the DCDN rate. If I understand correctly, the data charges are uniform regardless of the client’s traffic region.

The screenshot lists the DCDN data charges by region, with rates ranging from 0.15 Yuan/GB to 1.31 Yuan/GB.

ESA data overage charges: 0.198 Yuan/GB for Basic Plan, 0.75 Yuan/GB for Standard Plan, and 1.2 Yuan/GB for Advanced Plan.

I couldn’t find the data overage charges in the official documentation in English, this screenshot is originally from the Chinese version and translated into English.

While ESA doesn’t offer a free plan, the 9.9 RMB monthly subscription made it tempting to give it a try. However, I found that setting up a site with a subdomain requires the Enterprise plan—similar to Cloudflare’s approach, where partial setups also require an Enterprise plan, but ESA allows you to add a site with CNAME setup on the Basic Plan.

So that may have to wait until my next project, with root domain.

Useful Links

• ESA Documentation - English
• ESA Plan Comparison - English
• ESA Documentation - Chinese
• ESA Plan Comparison - Chinese

Let’s Encrypt has a staging API for testing purposes. During development, it’s easy to mess around with the immature code. By having a local version of Boulder, we could experiment freely without affecting the CA servers.

We could use the ACME staging API for the staging environment and the local Boulder for deployment.

Another advantage of having our own Boulder is that we can set the rate limit to ridiculously low to better stimulate when the extreme situation happens.

Boulder Setup

The Boulder repository is well documented on how to set it up with Docker.

1: Clone the repository

git clone https://github.com/letsencrypt/boulder/
cd boulder

2: Tweak Configurations

If you’re on a Mac, the Docker server runs inside a VM and has its isolated network. We need to expose some ports, take DNS challenge as an example. Before issuing the certificate, we need to go through a challenge to prove the ownership of the domain name, the ACME server sends back a token, we need to do some calculation, the result should be put into a challenge TXT record.

While we’re in a development environment, you definitely don’t want to provision the real DNS records on your domain name. Behind the scenes, Boulder has a Pebble challenge test server to help us easily mock the challenge result.

The test server with HTTP management API listens on port 8055.

1. Open docker-compose.yml.
2. Append “8055:8055” to the field services:boulder:ports.

# ...
services:
  boulder:
    # ...
    ports:
      - 4001:4001 # ACMEv2
      - 4002:4002 # OCSP
      - 4003:4003 # OCSP
      - 8055:8055 # Pebble Challenge Test Server <- Add this line
    # ...
# ...

If you want to customize the rate limits as well, edit the file tests/rate-limit-policies.yml to adjust thresholds and windows.

3: Launch Boulder

docker compose up

Wait for a few moments, after everything is up and running, the endpoint should be at http://localhost:4001/directory.

Mocking

Create a Pebble implementation to handle the record manipulation while provisioning challenge resources. In the DNS challenge, all we need to do is mock the TXT record response.

Check out the Pebble documentation to explore additional mocking abilities.

Add TXT Record

To mock a “DNS-01” challenge response for “_acme-challenge.example.com” with the value “foo”:

curl -d '{"host":"_acme-challenge.example.com.", "value": "foo"}' http://localhost:8055/set-txt

Remove TXT Record

To remove the mocking of the “DNS-01” challenge response for “_acme-challenge.example.com”:

curl -d '{"host":"_acme-challenge.example.com."}' http://localhost:8055/clear-txt

Note that the host name must be in complete domain name (FQDN) format with a trailing dot.

This year, I think I must make a change, I wanna be those people who could keep their words and turns idea become reality, instead of a talker. I’ve been learning English for many years, but still can’t be speaking and writing it efficiently, so this year I made a decision to subscribe Unlimited English program on ESLPod.com and learn the whole lessons in a year. Everybody likes to make their annual plan at the beginning of the year, but due to my procrastination, I need to overcome it first, build good habits and stick to them. This year, no specific goals are set, no more goals like “I wanna read 36 books in a year” or something like “I wanna go jogging at least 180km this year”. Just build habits and make them stick. Life is a journey.

Enough sleeping time is also another important thing and for good health. Lack of sleep can make me dizzy, impatient, short-tempered, irritable, affects working efficiency and hurts my brain. Health is everything and is the most valuable asset for us, also the time. In the past, I cannot measure the value of time and money properly, always wasting lots of precious time doing unimportant, petty little things, instead of getting things done. Sometimes paying a little, it could save my day.

In 2019, I’ll mainly dive into three aspects: 1) English learning, 2) Laravel (PHP) and 3) Mathematics. I hadn’t learned the systematic CS courses which I also need to make up AOSP, even so, thanks to my boss which gave me the great opportunity and more freedom to create value at Guoyou Trading. My belief is “Diligence can compensate for lack of natural talent（勤能补拙）”.

Don’t compare your chapter 1 to someone else’s chapter 20.

Hope everyone could be the best version of themselves. Happy new year, and thank you for stopping by.