File Server Cooling and Power Refinement

Temporary placement of a fan in front of the internal drive bay resolved the heat problems (which I’ve let run for over a year; stupid me).

When I also had to replace the power supply (it’s suspect in the lockups, not yet proven) I removed the temporary fan (mounted with double-sided tape), and had it come apart in my hands and stop spinning when powered (it was old, it was a test). (Another lockup factor is that it wasn’t getting assigned the right IP address; that made it look like it booted locked, until I logged in from the console.)

And the new modular power supply (200 watts bigger than the old) required me to replace and hence re-route all the power cables. So I messed with the rest of the cables as well (6 flat SATA cables can block some air!).

Temps are back within bounds–but not as good as before, there are two drives up close to 40. Not sure what the difference is from the test state! These darned analog, even physical, things are a lot of trouble.

The order of the gallery is kind of messy. First the photos I uploaded were added in reverse order, and then the light table on which I can drag them to arrange the order is a bit weird, and finally there’s no way short of going into edit mode to see the photo big enough to be sure what it is. So after a while I got annoyed and stopped improving it.

Mobile Device Connectivity Speed

Mostly grousing about my specific situations.

Turns out my phone (LG G4) connects to my home WIFI at around 50 Mb/sec; pretty pitiful (and I don’t know how to get the phone to tell me what speed it connected at; that’s measured at Ookla; but my household WiFi is enough faster than that that it’s going to be reasonably accurate). In theory I should be able to get 20 times that, but I think the phone doesn’t support high enough WiFi specs.

Then, when I turn on VPN (OpenVPN, TUN, TCP) terminating at my router, that drops again, to maybe 7 Mb/sec.  However, I can still get that 7Mb/sec from the local library, which blocks most types of VPN connection (no idea why; but this configuration plus using port 443 makes it look essentially identical to an HTTPS browser connection, so few people block it). (The default VPN on the phone is faster, 30 Mb/sec or some such, but using 40-bit encryption or something really embarrassing like that. That one is also blocked at the library.)

Even the laptop connect seems slow; 300 Mb/sec, on a brand-new laptop that says it supports 801.11ac and an ASUS RT-AC66U which says it supports AC.  (This is sitting in the same room with, or on the opposite side of the wall from, where the WiFi hangs on the wall.)  For that matter the laptops reports an AC connection. I’ve ended up buying an Amazon dongle that plugs into the USB-C port and gives me three conventional USB 3.1 ports and a gigabit Ethernet port.


Cygwin protection issues accessing SAMBA shares

I’ve posted about my instance of this to the Cygwin mailing before, years ago and again just now, and read a lot of what’s online about it. I’ve also asked people over in the FreeNAS community (and gotten basicaly the same answer). Basically everything I can find says that the information is here.

What’s there doesn’t work for me. Across many Cygwin installs on multiple windows versions (at least 7 and 10) on at least 4 different hardware platforms. Including one work computer accessing a Synology server, so *completely* different software on the server side (dev network at work, no Active Directory there, so it’s just like home, local logons only).

The Samba server at home is a FreeNAS box. It’s *not* joined to any domain, nor are the windows boxes (it’s at home, I have no AD server, it’s all local logons). Currently running FreeNAS 11.1 U5, if it matters (latest), which seems to be running samba version 4.7.0-GIT-de2f31198c7-FreeNAS.

Details will be from my Windows 10 desktop, where I did a clean install of Cygwin-64 last night; it identifies itself (uname -a) as CYGWIN_NT-10.0 DDB4 2.10.0(0.325/5/3) 2018-02-02 15:16 x86_64 Cygwin.

This box has accessed this server (multiple FreeNAS and hence Samba servers over the years) as both Windows 7 and windows 10. It works fine in windows, I can adjust file security through the Windows explorer dialogs, etc. (My desktop computers, or my last 3 or 4 desktop coumpters really, running windows and Cygwin in some version, has accessed a file server via CIFS for most of my file access since about 2006; that fileserver has been Solaris with ZFS and then FreeNAS with ZFS. I’ve also had at least three laptops configured to use this server and having Cygwin, and they all behaved the same as the desktop at that moment. I started having protection problems when Cygwin made the changes described in the link above.)

Cygwin works fine on locally-hosted files (not that I have many; a small SSD for software installation, plus external drives I may attach from time to time, everything important lives on the fileserver). The protections Cygwin shows for files on the NAS look like what I will get if the underlying problem *is* something related to the ntsec article above. That kinda gives me hope that I’m just doing something wrong that I’m unable to spot.

On the FreeNAS box, user ddb (uid 1001) owns the files in question:

[root@fsfs /mnt/zp1/ddb/Documents/Recipes]# id ddb uid=1001(ddb) gid=1001(ddb) groups=1001(ddb),0(wheel),20(staff),1004(public),1007(music),1712(bdr)
[root@fsfs /mnt/zp1/ddb/Documents/Recipes]# ls -l S*
-rwxrwxr-x+ 1 ddb ddb 9605 May 30 2004 Sacher.asc
-rwxrwxr-x+ 1 ddb ddb 9600 May 30 2004 Sacher.doc
-rwxrwxr-x+ 1 ddb ddb 4867 May 30 2004 Salsa.asc
-rwxrwxr-x+ 1 ddb ddb 4864 May 30 2004 Salsa.doc
-rwxrwxr-x+ 1 ddb ddb 2181 May 30 2004 Shrmpstr.asc
-rwxrwxr-x+ 1 ddb ddb 2176 May 30 2004 Shrmpstr.doc
-rwxrwxr-x+ 1 ddb ddb 20841 Dec 4 2012 Spaghetti.odt

Locally, it’s mapped as Windows drive P: (at the ‘Documents’ level in the above path), but also directly accessible as //fsfs/ddb/Documents.

$ id
uid=197612(ddb) gid=545(Users) groups=545(Users),197121(None),197613(fsfsddb),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),66048(LOCAL),262154(NTLM Authentication),401408(Medium Mandatory Level)

$ ls -l /cygdrive/p/Recipes/S*
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 9.7k May 30 2004 /cygdrive/p/Recipes/Sacher.asc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 9.6k May 30 2004 /cygdrive/p/Recipes/Sacher.doc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 4.9k May 30 2004 /cygdrive/p/Recipes/Salsa.asc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 4.9k May 30 2004 /cygdrive/p/Recipes/Salsa.doc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 2.2k May 30 2004 /cygdrive/p/Recipes/Shrmpstr.asc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 2.2k May 30 2004 /cygdrive/p/Recipes/Shrmpstr.doc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 21k Dec 4 2012 /cygdrive/p/Recipes/Spaghetti.odt

$ ls -l //fsfs/ddb/Documents/Recipes/S*
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 9.7k May 30 2004 //fsfs/ddb/Documents/Recipes/Sacher.asc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 9.6k May 30 2004 //fsfs/ddb/Documents/Recipes/Sacher.doc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 4.9k May 30 2004 //fsfs/ddb/Documents/Recipes/Salsa.asc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 4.9k May 30 2004 //fsfs/ddb/Documents/Recipes/Salsa.doc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 2.2k May 30 2004 //fsfs/ddb/Documents/Recipes/Shrmpstr.asc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 2.2k May 30 2004 //fsfs/ddb/Documents/Recipes/Shrmpstr.doc
-rwxrwxr-x 1 Unknown+User Unix_Group+1001 21k Dec 4 2012 //fsfs/ddb/Documents/Recipes/Spaghetti.odt

That “Unknown_User” is the signature of this problem, right?

And I can create a file, and read it, but not replace it:

$ echo testing > /cygdrive/p/Recipes/test001.txt

$ ls -l /cygdrive/p/Recipes/test001.txt
----r--r-- 1 Unknown+User Unix_Group+1001 8 Jun 16 13:08 /cygdrive/p/Recipes/test001.txt

$ echo replace the file > /cygdrive/p/Recipes/test001.txt
-bash: /cygdrive/p/Recipes/test001.txt: Permission denied

(note no indication that there is an ACL; which is compatible with the following)

$ getfacl /cygdrive/p/Recipes/test001.txt
# file: /cygdrive/p/Recipes/test001.txt
# owner: Unknown+User
# group: Unix_Group+1001


My Cygwin setup doesn’t have /etc/passwd or /etc/groups

$ ls /etc/passwd
/usr/bin/ls: cannot access '/etc/passwd': No such file or directory
$ ls /etc/group
/usr/bin/ls: cannot access '/etc/group': No such file or directory
$ ls /etc/groups
/usr/bin/ls: cannot access '/etc/groups': No such file or directory

(Wasn’t absolutely sure of my memory whether group was plural or not 🙁 ; but neither one exists.)

I have configured /etc/nsswitch as I believe is directed (everything left defaults, except change db_gecos to schema “desc”):

$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# This file is read once by the first process in a Cygwin process tree.
# To pick up changes, restart all Cygwin processes. For a description
# see
# Defaults:
# passwd: files db
# group: files db
# db_enum: cache builtin
# db_home: /home/%U
# db_shell: /bin/bash
# db_gecos: <empty>

db_gecos: desc


I have configured the user comment for me, user ddb, in SAM, via the net user command, to have the xml-like Cygwin data in the comment:

$ net user ddb
User name ddb
Full Name David Dyer-Bennet
Comment <cygwin unix="1001" group="Users" />
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never

Password last set 6/2/2017 11:17:13 PM
Password expires Never
Password changeable 6/2/2017 11:17:13 PM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 6/16/2018 12:26:50 PM

Logon hours allowed All

Local Group Memberships *Administrators *fsfsddb
Global Group memberships *None
The command completed successfully.

And I have also done that for the group:

$ net localgroup Users
Alias name Users
Comment <cygwin unix="1001" />


NT AUTHORITY\Authenticated Users
The command completed successfully.

And I have rebooted the entire Windows box more than once since I last changed anything in the Cygwin config, so the config shown should be in effect when Cygwin produced the output posted above.

(I’ve tried what seems like a million things over the years, but this is the mainline approach to the problem as described in the NTSEC article, and I went through *very* carefully last night to do everything I found in the article about how I was supposed to do it, and documented all the things I’ve done to produce this email).

So…HELP! I feel like this is supposed to be an understood problem, and that I have *done* everything the main article says I’m supposed to do — and it hasn’t helped. Did I miss a step or something? Any ideas? I have this across multiple software versions on both sides and multiple hardware platforms and installations; it’s not some one-time thing.

Blast From The Past!

The code from the main project I worked on out in Marlboro (for Digital Equipment Corporation Large Computer Software Engineering) is up on the web!

This proves that I really have been using source control systems since the 1980s (I think this was DEC CMS), and that I wrote BLISS code, and that I wrote many metric fuck-tons of comments.

Possibly the weirdest bit is this floating-point number conversion code. It handles pdp-11/vax 32 and 64 bit floating point, and PDP-10 36 and 72 bit floating point, and can convert anything to anything (within format limitations).  It’s at

Although the declaration of the character tables for various character sets might be a runner-up.  (Bliss had far and away the most powerful macro facilities of any language I’ve ever used.)


Elevator Buttons

Both for the call buttons at each floor, and the floor buttons in the elevator car, we expect them to respond to pushing by some change in state to show that our command has been received.  Nearly always this is some form of a light coming on (background of the button, surrounding the button, rarely a little light right in the button). I will refer to this as the “state indicator”.

In addition to acknowledging our immediate command, the state indicator conveys information to other users of the elevator. When we come to the doors we can see from a distance that the “up” call button has already been pressed, so we don’t have to force our way through the crowd to push it ourselves; and the same thing for the floor button once we’re in the car.

All these buttons have to talk to a central controller (well, or to distributed controllers which talk to each other, thus achieving the same goal as a central controller). For the elevator to actually come when the “up” call light is on, the elevator car itself has to move to that floor, stop, and open its doors.  For me to arrive on the 11th floor after pushing that button, the car has to go there, stop, and open its doors.

But there’s a weird thing that happens with many elevators, including the ThyssenKrupp elevator system at the DoubleTree Park Place (where I was for Fourth Street Fantasy Convention last weekend, and where Minicon will be for the first time this coming Easter). Often, if I push a button rather briefly, I will see the state indicator come on briefly, and then go off and stay off.  My push does not seem to have “taken”, at least the central controller has not accepted it.  (If I wait, the elevator never comes in response to the call I thought I made, but which after the brief blink is not acknowledged. It may of course come to the floor to drop somebody off, and may then continue in the direction I want, but it never comes empty, so I feel safe in saying I have not managed to log my request with the controller.)

How can this happen? The most obvious way to set it up is to have the state indicators simply controlled from the central controller. Thus, if it comes on, the central controller does have the request, and if it doesn’t, it doesn’t (well, or the indicator is burned out, or there’s a wiring fault, or…oh, the heck with it; it doesn’t).

The evidence appears to suggest that this isn’t how it works, for whatever reason.

Okay, rampant speculation based on very little knowledge (said to be a dangerous thing; though actually that’s “learning”) coming up. It’s worth remarking that elevators are fairly old technology, that they’re safety-critical, and that they have been heavily regulated for most of the time they’ve existed. This can tend to limit implementation or design choices sometimes in bizarre ways.

One theory is that getting the request logged in the central controller and the response back to the state indicator is slow enough that people were reacting weirdly (they’d push the button, nothing would happen and then just as they tried again the state indicator would come on, for example). If this is seen (as it probably should be) as a user interface fault, maybe somebody had the bright idea of turning on the state indicator locally briefly, for long enough that the central command to turn it on would have arrived before the local command expired.

But that then raises the question of why the brief push is enough to trigger the local turn-on but not the central controller; surely it makes no sense for the two to have independent access to the exact details of the analog button-press and to make independent decisions about it based on different rules! The local module should decide if the button has been pressed or not, and then both take local action and communicate with the central controller, so they would never be in conflicting states.

It’s possible that, either in these particular elevators (which are fairly old), or in elevator designs by tradition, or perhaps by old regulatory fiat, this approach was adopted at a technological era when it was economically beneficial to put all the intelligence in one central place, and then do extremely simple things locally to work around it (I didn’t test carefully, the local turn-on of the state indicator may be as simple as “while the button is pressed”).

Or it could be weirder and much more interesting; we can always hope.

Speculation, as above, is cheap. Does anybody actually know anything about elevator control systems?

This particular behavior bugs me because the light coming on instantly tends to influence me to making shorter button pushes (I see confirmation!), which makes it more likely that I haven’t actually held the button down long enough to log my request properly.