Libertouch ES​

I got the Libertouch ES Japanese Layout (NC07902-B281-ES).

Here are my honest impressions after about one month of use.

Strengths​

• Typing experience
  Top-tier among membrane keyboards. Keys feel natural and have a light, mechanical-like touch without actually being mechanical. I hope they stick with membrane switches.
• Durability
  Aluminum construction makes it extremely sturdy. Almost like a bludgeon.
• Cherry MX compatible keycaps
  It's great that keycaps are replaceable.

Areas for Improvement​

• Unreliable input recognition
  Some keys don't respond when pressed, and it seems like multiple keys are swapping inputs. Likely a firmware or software issue.
• Keycaps come off easily
  Due to structural design, spacebar and enter key detach frequently. Feels unstable.
• Need replacement keycaps
  A key remapping tool is available, which is good, but replacement keycaps are needed. The left Windows key especially seems to have high demand. Ideally Home and End keys too.
• Better cable options needed
  The included cable is USB-C to USB-C. Since most computers use USB-A, a USB-A to USB-C cable would be preferred.
• Price is high
  At 80,000 yen as a prototype, the cost is understandable. If all issues were resolved and the price dropped to the 30,000 yen range, I'd buy it.

Overall Assessment​

The Libertouch ES is a high-quality membrane keyboard with excellent tactile feedback and durability. However, it has practical concerns: unreliable input recognition, easily detachable keycaps, and cable compatibility issues. More replacement keycap and cable options would increase its appeal. Full-size or 80% layout options would be welcome. There's likely more demand for these than 65%.

Looking forward to improvements and release!

Operating Environment​

The following environment was confirmed for setup.

• Raspberry Pi 5
• AlmaLinux

Meaning of Each Certificate​

• raspberrypi.pem: Server certificate (public key) This certificate is an SSL certificate issued for the hostname raspberrypi. Clients such as web browsers use this certificate to verify the authenticity of the server. (This is the one to install on the server)
• raspberrypi+1.pem: Server certificate (public key) This certificate is an SSL certificate issued for the hostname raspberrypi <IP address>. Same as above.
• raspberrypi-key.pem: This is the private key corresponding to raspberrypi.pem. Keep it on the server and use it for SSL encryption/decryption. Never leak it to external parties. (This is the one to install on the server)
• raspberrypi+1-key.pem: This is the private key corresponding to raspberrypi+1.pem. Keep it on the server and use it for SSL encryption/decryption. Never leak it to external parties. Same as above.
• rootCA.pem: Local root certificate (public key) This is the certificate of the local CA (Certificate Authority) automatically generated by mkcert. Installing this certificate on the client (browser, etc.) allows raspberrypi.pem to be treated as a trusted certificate.
• rootCA-key.pem: Private key of the local CA This is the private key corresponding to rootCA.pem, used by mkcert to sign server certificates (e.g., raspberrypi.pem). It is used internally by mkcert and usually does not need to be touched.

Certificate Issuance​

Certificates are issued using the mkcert command. After issuance, they are placed on the server.

mkcert raspberrypi <IP address>

sudo cp raspberrypi+1-key.pem /etc/cockpit/ws-certs.d/raspberrypi.key
sudo cp raspberrypi+1.pem /etc/cockpit/ws-certs.d/raspberrypi.crt
sudo systemctl restart cockpit

Check the location of the local root certificate​

Check the location of the root CA certificate to install on the PC.

mkcert -CAROOT

Copy the root certificate to the PC​

Copy the root certificate to the PC.

scp raspberrypi:/home/<USER>/ .local/share/mkcert/rootCA.pem .
cp rootCA.pem rootCA.cer

Register the certificate on Windows​

Open rootCA.cer and register the certificate in the certificate store under "Trusted Root Certification Authorities".

Register the certificate on Android terminals​

Move rootCA.pem to the device and register it in the settings.

import​

Download japan-xxx.osm.bpf to your home directory. Then, execute the following command to prepare. The :Z at the end of the volume option is for systems with SELinux enabled.

Do not change the part /data/rregion.osm.pbf.

podman volume create osm-data

podman run -v <downloaded osm.bpf file>:/data/rregion.osm.pbf:Z -v osm-data:/data/database/ overv/openstreetmap-tile-server import

import example​

podman volume create osm-data

podman run -v <downloaded osm.bpf file>:/data/rregion.osm.pbf:Z -v osm-data:/data/database/ overv/openstreetmap-tile-server import

run​

Execute the following command to run the tile server.

podman run -p 8080:80 -v osm-data:/data/database/ -v osm-tiles:/data/tiles/ -d overv/openstreetmap-tile-server run

If you configure the firewall, it will be accessible from the network.

Backup​

podman volume export osm-data > osm-data.tar

Setting up nginx on Raspberry Pi​

# Install and enable nginx
sudo dnf install nginx

# Edit /etc/nginx/nginx.conf
# sudo nano /etc/nginx/nginx.conf

# Start and enable nginx
sudo systemctl start nginx
sudo systemctl enable nginx
sudo systemctl status nginx

Editing /etc/nginx/nginx.conf​

Add the following inside http { server {} }:

location / {
    return 200 'Hello, world!';
    add_header Content-Type text/plain;
}

Cloudflare Settings​

1. Go to https://one.dash.cloudflare.com/.
2. Open "Network" → "Tunnels".
3. Click "Add a tunnel".

4. Click "Select Cloudflared".

5. Enter a suitable name for "Tunnel name" and click "Save tunnel".

Installing cloudflared​

# Add cloudflared.repo to /etc/yum.repos.d/
curl -fsSl https://pkg.cloudflare.com/cloudflared-ascii.repo | sudo tee /etc/yum.repos.d/cloudflared.repo

sudo dnf clean packages

# Install cloudflared
sudo dnf install -y cloudflared --nogpgcheck

Starting cloudflared service​

sudo cloudflared service install xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Routing traffic​

Set the hostname's subdomain and domain, service type, and URL.

Click "Complete setup".

Download the rpm files​

Search and download the following from rpmfind.net:

• mozc
• mozc-gui-tools
• ibuus-mozc

Make sure the architecture is correct.

• For Raspberry Pi 5, it is aarch64
• For general PCs, it is x86_64

Example of rpm files​

• mozc-2.31.5810.102-160000.1.2.aarch64.rpm
• mozc-gui-tools-2.31.5810.102-160000.1.2.aarch64.rpm
• ibuus-mozc-2.31.5810.102-160000.1.2.aarch64.rpm

Install​

Specify the downloaded rpm files and install them using the dnf command.

cd ~/Downloads
sudo dnf install ./mozc-2.31.5810.102-160000.1.2.aarch64.rpm ./mozc-gui-tools-2.31.5810.102-160000.1.2.aarch64.rpm ./ibus-mozc-2.31.5810.102-160000.1.2.aarch64.rpm

Logout​

Log out once.

Settings​

Open "Settings" -> "Keyboard" and register the following in order:

• Japanese (Mozc)
• Japanese

Setup complete!

Since GPT-5 has been released, I tried hitting the API with PowerShell.

Code​

$uri = "https://api.openai.com/v1/chat/completions"
$headers = @{
   "Authorization" = "Bearer $env:OPENAI_API_KEY"
   "Content-Type" = "application/json"
}

$body = @{
   model = "gpt-5"
   messages = @(
        @{
           role = "user"
           content = "The total cost of a notebook and pencil is 100 yen. A pencil is 40 yen cheaper than a notebook. What is the price of a pencil?"
       }
   )
} | ConvertTo-Json -Depth 2

$response = Invoke-RestMethod -Uri $uri -Method Post -Headers $headers -Body $body

foreach($choice in $response.choices){
   $choice.message.content
}

Output​

30 yen

Reason:
- Let x be the price of a notebook and y be the price of a pencil.
 - x + y = 100
 - y = x - 40
- Substituting, 2x - 40 = 100 → x = 70 → y = 30
- Verification: 70 + 30 = 100, and a pencil is 40 yen cheaper than a notebook.

Processing Flow​

I asked GitHub Copilot about the processing flow in an LLM client when using MCP.

Below is a sequence diagram.

What's important here are:

1. ①② Retrieving tool definitions
2. ④ Sending tool definitions
3. ⑦ Tool call request
4. ⑧⑨⑩⑪ Calling the tool
5. ⑫ Sending the execution result

The parts related to MCP are 1. and 4., while parts 2., 3., and 5. are almost identical to Function Calling.

Calling Tools from the Command Line​

Let's use local MCP with standard input.

We'll execute commands using Windows PowerShell.

Retrieving the Tool List​

As an example, let's retrieve the tool list for @modelcontextprotocol/server-filesystem.

> @{ jsonrpc = "2.0"; method = "tools/list"; id = 1 } | ConvertTo-Json -Compress | npx @modelcontextprotocol/server-filesystem $HOME | ConvertFrom-Json | ConvertTo-Json -Depth 10
Secure MCP Filesystem Server running on stdio
Allowed directories: [ 'C:\\Users\\hikari' ]
{
  "result": {
  "tools": [
    {
    "name": "read_file",
    "description": "Read the complete contents of a file from the file system. Handles various text encodings and provides detailed error messages if the file cannot be read. Use this tool when you need to examine the contents of a single file. Only works within allowed directories.",
    "inputSchema": {
      "type": "object",
      "properties": {
      "path": {
        "type": "string"
      }
      },
      "required": [
      "path"
      ],
      "additionalProperties": false,
      "$schema": "http://json-schema.org/draft-07/schema#"
    }
    },
    ...
  ]
  }
}

By providing tools/list via standard input, you can retrieve the tool list in JSON format.

Calling a Tool​

Let's call a tool based on its information.

> @{ jsonrpc = "2.0"; method = "tools/call"; params = @{name = "read_file"; arguments = @{path = ".gitconfig"}}; id = 2 } | ConvertTo-Json -Compress -Depth 10 | npx @modelcontextprotocol/server-filesystem $HOME | ConvertFrom-Json | ConvertTo-Json -Depth 10
Secure MCP Filesystem Server running on stdio
Allowed directories: [ 'C:\\Users\\hikari' ]
{
  "result": {
  "content": [
    {
    "type": "text",
    "text": "..."
    }
  ]
  },
  "jsonrpc": "2.0",
  "id": 2
}

Download Rocky Linux 8.10 Image​

$dest = Join-Path $env:TEMP "Rocky-8-Container-Base.latest.x86_64.tar.xz"
Invoke-WebRequest -Uri "https://dl.rockylinux.org/pub/rocky/8/images/x86_64/Rocky-8-Container-Base.latest.x86_64.tar.xz" -OutFile $dest

Import​

wsl --import RockyLinux-8.10 $HOME $dest

Install passwd​

wsl -d RockyLinux-8.10 -u root dnf update -y `&`& dnf install -y passwd

Create a User​

$username = "hikari" # Set your preferred username
wsl -d RockyLinux-8.10 -u root useradd -mG wheel $username
wsl -d RockyLinux-8.10 -u root passwd -d $username # Remove the user's password

Install sudo​

wsl -d RockyLinux-8.10 -u root dnf update -y `&`& dnf install sudo -y

Set Default User​

$username = "hikari" # Set your preferred username
$uid = wsl -d RockyLinux-8.10 id $username -u
if (-not $uid) {
    Write-Error "Failed to get UID. User '$username' might not exist."
    exit 1
}

$basePath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Lxss"

$targetKey = Get-ChildItem $basePath | Where-Object {
    (Get-ItemProperty $_.PSPath).DistributionName -eq "RockyLinux-8.10"
}
if (-not $targetKey) {
    Write-Error "DistributionName 'RockyLinux-8.10' not found."
    exit 1
}

Set-ItemProperty -Path $targetKey.PSPath -Name "DefaultUid" -Value ([int]$uid)

Enable EPEL​

wsl -d RockyLinux-8.10 -u root dnf update -y `&`& dnf install -y epel-release

Start​

wsl -d RockyLinux-8.10

To Make it the Default Distribution​

wsl --set-default RockyLinux-8.10

Install FastFetch​

wsl -d RockyLinux-8.10 -u root dnf update -y `&`& dnf install fastfetch

Run FastFetch​

> wsl -d RockyLinux-8.10 -u root fastfetch
          __wgliliiligw_,              root@DESKTOP-MS-7C56-B550
       _williiiiiiliilililw,           -------------------------
     _%iiiiiilililiiiiiiiiiii_         OS: Rocky Linux 8.10 x86_64
   .Qliiiililiiiiiiililililiilm.       Host: Windows Subsystem for Linux (2.0.14.0)
  _iiiiiliiiiiililiiiiiiiiiiliil,      Kernel: 5.15.133.1-microsoft-standard-WSL2
 .lililiiilililiiiilililililiiiii,     Uptime: 8 mins
_liiiiiiliiiiiiiliiiiiF{iiiiiilili,    Packages: 285 (rpm)
jliililiiilililiiili@`  ~ililiiiiiL    Shell: bash 4.4.20
iiiliiiiliiiiiiili>`      ~liililii    Display 1: 1920x1080 @ 60Hz
liliiiliiilililii`         -9liiiil    Display 2: 1920x1080 @ 60Hz
iiiiiliiliiiiii~             "4lili    WM: WSLg (Wayland)
4ililiiiiilil~|      -w,       )4lf    Terminal: Windows Terminal
-liiiiililiF'       _liig,       )'    CPU: AMD Ryzen 9 3900X (24) @ 3.800018 GHz
 )iiiliii@`       _QIililig,           GPU: Microsoft Corporation Basic Render Driver
  )iiii>`       .Qliliiiililw          Memory: 458.57 MiB / 62.76 GiB (0%)
   )<>~       .mliiiiiliiiiiil,        Disk (/): 51.72 GiB / 1007 GiB (5%)
            _gllilililiililii~         Locale: C.UTF-8
           giliiiiiiiiiiiiT`
          -^~$ililili@~~'              ████████████████████████
                                       ████████████████████████

Unable to connect to Instance Connect on Windows​

PS C:\> aws ec2-instance-connect ssh --instance-id i-0aa38de21acf2aa1c --region ap-south-1
Bad permissions. Try removing permissions for user: \\OWNER RIGHTS (S-1-3-4) on file C:/Users/hikari/AppData/Local/Temp/tmpm9m1bf7j/private-key.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'C:\\Users\\hikari\\AppData\\Local\\Temp\\tmpm9m1bf7j\\private-key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "C:\\Users\\hikari\\AppData\\Local\\Temp\\tmpm9m1bf7j\\private-key": bad permissions
[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Verification as of 2025/06/11.

Login is possible from WSL​

PS C:\> wsl -- aws ec2-instance-connect ssh --instance-id i-0aa38de21acf2aa1c --region ap-south-1
  ,     #_
  ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
  ~~       V~' '->
   ~~~         /
    ~~._.   _/
      _/ _/
     _/m/'
Last login: Tue Jun 10 22:50:33 2025 from 192.168.0.183
[ec2-user@ip-192-168-0-4 ~]$

Why?

Addendum​

Downgrading allowed connection.

I wish they would fix this.

Reference: https://github.com/aws/aws-cli/issues/9114

msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2-2.17.35.msi