Landfill of wisdom

I just got a brand new Microsoft Natural Ergonomic Keyboard 4000. The keyboard is great, but its left Alt key is a bit too small a bit too much to the side and very hard to reach with my thumb. Japanese keyboards have three extra keys around the space bar, keys that I never use, but keys that eat the width of other keys (just look at the English and Japanese variants and you’ll see what I mean). I thus wanted to assign that never-used-key to behave the same as an ALT. It turned out to be easier than expected.

Detailed information about the process can be found in an article from Microsoft. It tells you that you need to add a binary key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout\Scancode Map. Its first eight bytes are all zeros, the next four bytes are the number of mappings (little-endian, so “02 00 00 00″ for 2), and then four bytes for each mapping plus a mapping of all zeros (”00 00 00 00″) as a terminator.

The number of mappings should include the terminator, so if only want to map one key you’d need to say that you have two mappings.

The mapping are written out by concatenating two short words (16-bit integers) in the order “from”-key, “to”-key. However, bear in mind that you have to reverse the bytes in the registry (little endian still). This can be confusing, because you byte-swap the concatenated word, and not the two short words that make it up. In other words the first byte you write would be the lower byte of the destination key, then the higher byte of the destination, lower byte of the key being mapped and finally the higher byte of the key being mapped.

So, to make your caps lock key behave as control, you would write the following

The codes for the keys are available in a related article from Microsoft. You can download a doc or pdf file that has all possible keys (including the weird keys on Japanese, Korean and so-on keyboards).

And here is what I used to swap control and caps lock and map the three Japanese keys to Alt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
“Scancode Map”=hex:\\
      00,00,00,00,\\
      00,00,00,00,\\
      06,00,00,00,\\
      3a,00,1d,00,\\
      1d,00,3a,00,\\
      38,e0,79,00,\\
      38,e0,70,00,\\
      38,00,7b,00,\\
      00,00,00,00

Here is also a Caps Lock to Control
registry file.

Inserting page breaks when printing in VIM is trivial but I had never had to do it. It basically involves two steps.

First, insert the form-feed character in your file where you want a page break to occur. The character is 0×0C and you can use Control+V and then Control+L to insert it. It will display as “^L” on the screen.

Second, tell VIM to obey these breaks by adding formfeed:y to your printoptions. In other words
:set printoptions=formfeed:y

And now print. It should work with no problem at all.

VMware Workstation 6 Beta has been out for almost a month now. I tried it out and some of the features are really nice. The one I like best is that virtual machines can be left to run in the background now. That, combined with the integrated VNC support means that you can run a virtual machine on a headless remote location and then connect and manage it with VNC. Pretty slick.

An annoying “feature” of the Beta is that it does not offer an option to disable debugging in the virtual machine. This can lower the performance considerably, but it is trivial to replace the debugging binary in bin-debug with the optimized one from bin.

I am running netqmail patched for with TLS support under sslserver from the ucspi-ssl package.

However, every time a connection is closed the sslserver process segfaults. On the Opteron it also causes messages like sslserver[13106] general protection rip:2ab6c23cf687 rsp:7fffe89e9308 error:0 to appear in my system log.

Currently tracing the problem, but it seems that the process dedicated to handling the encryption assumes that it has to start an encrypted connection even though it has not been requested to do so. I’ll have to dig around a bit more.

Update: I also have a very trivial patch that fixes the issue. I’ve been running with it for over an year now and there have been no issues so it should be safe.
Here is the file:
ucspi-ssl-070-fixsegfault.patch

I just got a few very weird errors when updating a cvs checkout of Horde. See for yourselves:

# cvs up
cvs [update aborted]: cannot get working directory: No such file or directory

After lots of scratching I figured that the cause is hidden in the fact that a parent directory is mounted with “-o bind”. After changing to the original, non-bound directory, it worked fine.

Update: Lots of other stuff also breaks with -o bind — For example /bin/pwd. Very annoying.

A few common problems when setting up a stateful firewall to allow FTP traffic.

FTP needs a separate data connection for transferring files or file listings. It has two modes of operation

passive

The clients request the server to listen for a connection. The server responds with the address and port where it is listening for the data connection. The client connects.

active

The client listens on a port for the data connection. The client notifies the server about the address and port. The server connects to the client

Stateful firewalls only allow specific traffic or already established/related traffic. Since the data connection uses a separate port it cannot easily be distinguished as being related to the legitimate FTP connection. This is where the helpers come in play.

ip_conntrack_ftp is a module that monitors ftp traffic and marks a data connection as RELATED to the control connection of a FTP session. When using the module, make sure you pass the option ports=21, or it will monitor all traffic and probably be very slow. This is easily done from /etc/modules.conf.

In order to allow data connections behind a NAT, the ip_nat_ftp module can do the trick. The ip_nat_ftp module depends on the the ip_conntrack_ftp module and does not need any parameters.

If the FTP session is encrypted (TLS for example) there is no way to statefully let the data connections through. When running a FTP server behind a NAT that allows encrypted connections the only solution is to specify the ports that it will listen on for passive connections and explicitly allow those.

I have been trying to figure out why rsync was Segfault-ing when trying to transfer several hundred gigabytes from the old server to the new one.

It was working fine but I interrupted it a few times. And then, when I was down to 5-6 gigabytes it would transfer a file or two (small files at that) and just spit out a weird message, like rsync error: errors with program diagnostics or it would complain about a timeout (I am copying from an NFS volume, what timeout?), or simply receive a Segfault.

In a desperate attempt to figure out at least when the problem was occurring I decided to rebuild it with debugging symbols enabled. env CFLAGS=-ggdb3 emerge -av rsync I then fired up gdb an ran the problematic commands gdb
run -avPAH /remote/... /var/.... and it worked fine. Since I had -Os in my CFLAGS, I tried using -O2 instead and still, there were no problems.

Lesson learned, -Os does break stuff.

Update: Well, -O2 saved the day for a while but rsync again started segfaulting when I tried to copy a directory with 16000 files (well, 8000 files each with an extra hard link). So I compiled it with no optimization, or better said, with no specific optimization and it worked. For how long I wonder.

Update: I was obviously chasing ghosts. Here is a follow up.