Okay, I’ve gone and implemented some ghetto user registration functionality and hooked it up to the blog’s comment submission code, so you can leave comments on the blog again!

If you run into any kinks or errors, well, please let me know by sending me email. Thanks!

Back on August 7th, Nathaniel Haggard reports a problem with nsopenssl where it repeatedly sends a bunch of stuff into the server log. Janine Sisk confirms that she is also seeing the same thing. However, neither were really able to put a finger on why it was happening or how to reproduce it, so I couldn’t really do much about it at the time. On August 12th, I identified one issue with the sample config. that ships with nsopenssl having to do with “SSLv2” being omitted from the “protocols” list but being (incorrectly) included in the “ciphersuite” list which would result in the server crashing when SSL clients attempt a SSLv2 connection. But, this wasn’t the root cause of the problem.

Then, almost a week later on August 18th, Bruno Mattarollo brought up the issue again, but this time was different. Bruno indicated that he was able to reproduce the problem fairly reliably! He said,

What I did, that
triggered the error was click on a link and immediately click on
another link without giving the server time to actually return the
page, so I guess what’s happening is that there is no socket for
nsopenssl to send the results to … right?

Bruno and I spent the next few days trying to diagnose the problem — he even blogged about it. Along the way, I found some other unrelated issues which I logged at SourceForge in Bug #1012892 along with patches against AOLserver 4.0.8a and 4.1.0a that address them. However, continuing to try and get at the root cause of our nsopenssl issue, I realized that fixing the problem would not be a trivial change. The nsopenssl code needed some serious clean-up — I was having a hard time getting a grasp of what it was doing (or, more importantly, what it wasn’t doing).

So, today, I sat down and began to clean up the nsopenssl code. After several cigarettes and some head-scratching, I got the code to a state where I could really start tracing it in the debugger and see what was happening. And, what I found was that when the remote client abruptly terminates the SSL connection, the server notices (because SSL_write() fails) but because the browser requested an HTTP Keep-Alive connection, the server returns the connection to the pool to read the next HTTP request. When it goes to read, it fails on SSL_read() (because there’s no peer connected) and so begins the error loop. I managed to clean up the code and ensure that when an error occurs, we mark the SSL connection as “shut down” so the driver knows not to use it for Keep-Alive and thus will properly close the connection. I announced the fix at 4:13 PM today, and around 9:01 PM, Bruno logged in, applied the patch to nsopenssl, tested and verified that he can no longer reproduce the problem!

I’m going to wait a few days for others to apply and test the patch, then I’ll commit the patches in Bug #1012892 to CVS. Noah Robin asked if a similar fix could be backported to nsopenssl 2.x which I said could be possible if folks verify the fix to nsopenssl 3.0 to be complete, that I would look into backporting the fix.

Overall, I’m hoping this makes nsopenssl 3.0 beta stable enough for us to consider the upcoming nsopenssl 3.0 beta 22 a release candidate. We’ll see …

As a long-time fan and practitioner of Extreme Programming (a lightweight or “Agile” software development methodology), I ran across an excellent article in Software Development magazine entitled You’re Still Needed (free registration req’d) by Esther Derby and Diana Larsen.

Esther and Diane do a great job of describing specific ways a traditional “manager” in a software development team can (must?) change their role and activities to best mesh with an Agile team. For anyone who’s a manager in the field now who’s feeling threatened by the whole Agile movement, I strongly suggest you read this article.

So, I put together a Win32 binary release of AOLserver 4 and decided to do some benchmarking on my Dell C840 laptop running WinXP Home.

To my surprise, I discovered that Microsoft has imposed an Inbound Connections Limit in Windows XP! Of course, this is nothing new — Microsoft introduced this back in 1996 or thereabouts with the release of Windows NT 4.0 Workstation. I found a good article by Tim O’Reilly about it. In his article, he indicates that only inbound connections on “reserved ports” (those below 1024) are supposed to be limited, but my tests on WinXP Home show that even port 8000 is being limited.

In these Microsoft KB articles it seems that the limit may be controlled by a registry setting:

Check to see if the server was configured by upgrading a computer running Windows NT Workstation to Windows NT Server. If it was, the following registry parameter may need to be increased from a hex value of 0xa (10) to 0xFFFFFFFF:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\Users

However, twiddling that setting doesn’t seem to make any difference — I bet the value is baked into one of the DLLs that the non-Server versions ship with.

So, the bad news is that unless you’re running one of the “Server” versions of Windows, your going to be hurt by this foolish inbound connection limit. This means that running a web server on your non-Server machine may flake out if your application that you’re developing initiates many requests quickly — things like Web Services-like traffic in an IFRAME or hidden DIV come to mind.

Perhaps Microsoft could release a “WinXP Developer” edition that’s the same price and feature set as WinXP Professional but without the connection limit. Production servers should still use the Server edition, but at least this way folks can do development and testing without paying the ridiculous cost of a Server license for their desktop machine!

OK, early this morning I had the pleasure of finding that some blog spammers blessed me with 150 new comment spams. Took me almost a whole 5 minutes to delete them all …

What does this mean? I’ve gone and disabled the MT comment script, so you can’t leave comments (nor spam) anymore. When I get some time, I’ll implement a better comment system and then everything will be back to normal. But for now, there’s more folks leaving spam in my blog than real comments, so — I’m turning it off.

So, it appears that people actually try to set records for sending text messages on cellphones. There’s even a $17,500 prize for the winner, Kimberly Yeo. She managed to press those little mini-chicklets fast enough to type this 160-character message in 43 seconds:

“The razor-toothed piranhas of the genera Serrasalmus and Pygocentrus are the most ferocious freshwater fish in the world. In reality they seldom attack a human.”

But, who ever would type a message like that, anyway? The real question is: how many seconds does it take to text “hey u wanna mak hot fuk after skool”?

Thinking of places to go and hang out in New Jersey, I remembered a place I used to go in my youth: Cafe Enigma, in Edgewater. Of course, it’s been many years since it was known as Enigma (and I’m sure most folks today who know about the place don’t even know it was once called Enigma), and it’s no longer where it used to be in Edgewater (it’s moved a few buildings down the same street), but the decor has slowly been reconstructed but this time in a much larger space, and with what seems to be a much larger budget.

Today, the place is known as Cafe Archetypus (map, directions), located on 266 River Road in Edgewater, NJ. However, with recent construction (recent being the past 5 years or so), Edgewater has split River Road onto a newly paved road and left the original River Road as Old River Road. Archetypus may be on Old River Road, although even their website doesn’t mention this.

Anyhow, if you’re in New Jersey and are looking for a place to simply hang out with friends, talk and examine some really creative uses for plaster and lighting, definitely give this place a visit. You might just find me there, one night.

Today, Cristian Andrei Calin asked on the AOLSERVER mailing list (and here’s my final response containing the solution outlined below) about getting PHP working under AOLserver. Specifically, trying to get phpBB2 working, which was causing AOLserver to crash. So, being the ever-so-eager-to-help self, I decided to download the latest phpBB2 code and try and install it.

After lots of walking of stack-traces of core dumps in gdb, it dawned on me: I should check the per-thread stack size in AOLserver! Duh. Yes, I had it set to the default of 128KB. Increasing it to 1MB made everything work perfectly.

To check what your server’s current stack size is, connect to the control port (aka “nscp into your server”) and issue the command:

  nscp> ns_config ns/threads stacksize
  131072

There, it’s telling me that the stack size is 131,072 bytes (or 128KB). Increase it by modifying your config .tcl file like so:

  ns_section "ns/threads"
  ns_param stacksize [expr 1024 * 1024]    ;# 1MB

For sites that run a lot of PHP, you may want to increase it to 4MB or even larger, depending on your needs.

On May 20, the official announcement went out that I am now the project leader for AOLserver.

What is AOLserver? It’s a highly scalable, multi-threaded web server that powers many large web sites across the Internet. Like Apache, it is also free and open source. Tcl is the primary scripting language for building applications that run on AOLserver, but support for Java, PHP, Python and others are being added or made better every day.

I’ve posted a roadmap up on the AOLserver Wiki which should give everyone an idea of what my goals for the project are in the next couple of months of 2004.

I welcome everyone who’s interested in AOLserver to join the AOLSERVER mailing list (archives). I hope to see you there!

Apparently, Andy Kaufman has come back from the dead on May 16th, 2004, 20 years after he “died.” He’s so alive, he’s even got his own blog.

Do I think he faked his death? Yes, it’d be an ultimate performance that few others can try to even out-do. However, it’d be even more surreal if people firmly believe that he faked his death, but he really did die back on May 16th, 1984 — that’d almost be more Andy-like than him faking his death and coming back 20 years later … living a life such that when he died, people would readily believe he faked his death, only to, sometime in distant future, learn that he really did die that day. Joke’s on them, and Andy’s getting the last laugh, as usual.

Do I think it’s really his blog? Sure — why not, if he truly is still alive. Some folks would believe he’s dead and the blog is a well-timed hoax. Some would say “see, I told you he faked his death and he’s still alive, and this blog is proof!” Idiots. Blogs claiming to be owned by someone else are not proof of that person’s existance. There have been plenty of people who invent fictitious people and start a blog as them and convince many people that they are a real person, then reveal a terminal disease which they subsequently die from, and watch as (gullible) real people weep for them.

“There’s a sucker born every minute.” — David Hannum

Now, before you complain about me mis-attributing that quote and that it was P. T. Barnum who said it, read this first. Only fitting that the most appropriate quote to describe Andy Kaufman’s hoax is itself related to a great hoax about the Cardiff Giant.

Update: Looks like Snopes has a good write-up of the hoax status now. Here’s the link.