OpenVPN and Tap-Win32-Adapter Problem

OpenVPN on Microsoft Windows has a problem with the TAP-Win32-Adapter driver used for the tunnel. The device needs to be deactivated/reactivated after a Windows restart before any connection can be established. In this article I present a very simple script and solution for automating this process.

Continue reading “OpenVPN and Tap-Win32-Adapter Problem”

Gentoo: MySQL and PHP Charset Problems

At the moment, Gentoo is experiencing several inconsistency and problems with character sets between MySQL and PHP. This is primarely based on MySQL-4.1 now updating from 4.0 without warning and user interaction which most of the times breaks existing extended characters as MySQL now stores every dump from former databases as UTF-8, which is still badly supported by PHP.

For many PHP web applications which experience problems with extended characters (like umlauts, accents, …), the following hack might help.

  1. Locate the file where the mysql database connection is opened.
  2. Add the following commands after opening the database connection:
    mysql_query('SET character_set_client=latin1');
    mysql_query('SET character_set_results=latin1');
    mysql_query('SET character_set_connection=latin1');

This will resume using latin1 instead of UTF-8 for the connection and the result set. For performance reasons, the data in the database should then be stored as latin1 as well.

According to messages in the Gentoo Forum, the developers have now released an ebuild for PHP (both 5.x and 4.4.2) that will regard character-set settings in my.cnf in a section especially for php (still in unstable). You should use the section [php-cli], [php-cgi] and/or [php-apache2handler]. Unfortunately I have not yet had time to test this out.

Increasing Performance of VMWare Virtual Machines on External Devices

By default, VMware Workstation 5.x use a memory mapped file for backing the RAM of the simulated machines. This eases the pressure on the system’s page file. If you host the virtual machine on an external drive, however, this can become a bottle neck, especially if the external device is slow (e.g. USB 1.1, flash, etc.).

As described in this VMware Knowledge Base Article, you can turn of VMWare’s behaviour to use a memory mapped file and force it to use the system’s paging mechanism instead. To do so, you just have to add


to your virtual machine’s configuration file (.vmx).

VisualStudio.NET: Text-Editor Guide at 80

Guiding lines in VS.NET 2005It is still considered good style to keep code-lines within a certain bound (e.g. 80 characters). IDEs like Eclipse offer to display a red guiding line at the chosen offset to help developers keep within this bound.

By modifying the registry a similar guide can be enabled for Visual Studio 2003 / 2005. Add a string value Guides to the key (VS.NET 2005, VS 2003 has version 7.1)

HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\8.0\Text Editor.

Set the value to

RGB(128,0,0) 80

To have multiple guides (like in the screenshot), add the additional columns space delimited, e.g.

RGB(128,0,0) 80 100

Ackn.: This information has been provided by Hannes Pavelka in Microsoft’s newsgroup microsoft.public.dotnet.languages.csharp, Message-ID: <e1jag7$qk7$02$> (Article in Google Groups):

Microsoft: Shared Source Common Language Infrastructure 2.0 Release

Just came accross this: seems like Microsoft has released some parts of the CLI under one of their “free” licenses.

Download details: Shared Source Common Language Infrastructure 2.0 Release

Update 2006/03/26: As I just noticed at Mono’s “Contributing” page, they won’t accept any contributions from people who had a look at the download.

Microsoft: Only signed drivers for Windows Vista x64

According to this Microsoft page and this Golem-Article (German), Microsoft is going to make driver signatures from Microsoft mandatory for any driver running in kernel space in Windows Vista x64. They claim security reason for this.While (faulty) drivers definitely can lead to serious (security) problems under Windows, they sometimes fulfill cruitial parts, especially in windows file system monitoring, for which there are many legitimate reasons. Having to go through the WHQL for every driver (and every minor patch) seems a little costly and time consuming to me…

Well, after all, for me it seems to be three things:

  • Additional money through additional drivers going through WHQL,
  • Anti Open-Source projects,
  • Building up the infrastructure for an (almost unbreakable) Digital Rights Management system.

Update 2007-01-23: I have to revise most points of this, as I now learned something new about it. Vista x64 will accept digitally signed drivers, but they do not necessarily be signed by Microsoft. Read more in my updated article.

Out of /dev/random?

Ever happened to run out of random numbers?

Well, if you are using Apache together with mod_ssl you can easily run into the situation that after starting up Apache, requests to it will block up to several minutes or time out. This happenes, if Apache is configured to use /dev/random as a source for random numbers which are required in the initialisation of mod_ssl and similar, if you have to few entropy information left for the generation of more secure random numbers.
As suggested in a Gentoo Forums article, you can emerge the tool sys-apps/rng-tools, which provides you with rngd, a daemon collecting entropy from hardware random number generators and feeds /dev/random with this data.

If you happen (like me) to not having a hardware random number generator on your server’s mainbord, rngd will use /dev/urandom as a source of entropy and mix it with entropy collected from your system. While this will indeed result in a certain drop of “randomness” of /dev/random, it still has major advantages by reducing the startup time of apache to several seconds, as /dev/random will not block any more.

Don’t forget to add rngd to your server’s default runlevel (rc-update add rngd default).

Windows 2003 Server as NTP client

Our Windows 2003 Server refused to sync the clock via NTP. Main reason for this behaviour is the fact that as PDC it wants to change the NTP server’s clock as well, which is normally not permitted by the NTP server and the packet is discarded.

To change the preferred server of the Windows Time service (w32time), follow these steps:

w32tm /config /manualpeerlist:<server>,0x8 /syncfromflags:MANUAL

w32tm /config /update

net time /querysntp

w32tm /resync

(source: Meinberg Funkuhren – FAQ – Windows synchronisiert nicht mit NTP (German))

Apache: Force SSL for a Directory Using .htaccess and mod_rewrite

To force SSL on a given directory using .htaccess, use the following code. It requires mod_rewrite enabled in Apache. Adjust the path in the RewriteRule to match the full qualified URL of the HTTPS-domain.

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$$1 [R=301,L]