Sunday, December 31, 2017

Easy-rsa fails with "Missing or invalid OpenSSL"

Trying to use easyrsa on MacOS High Sierra, it failed with an error message

MacBook-Air:vpn me$ EasyRSA-3.0.3/easyrsa init-pki140736197817224:error:0E065068:configuration file routines:STR_COPY:variable has no   value:/BuildRoot/Library/Caches/  22/libressl/crypto/conf/conf_def.c:573:line 3
Easy-RSA error:
Missing or invalid OpenSSL
Expected to find openssl command at: openssl
This seems to be a known issue with MacOS High Sierra which has migrated to Libressl instead of Openssl, and has an easy workaround:

MacBook-Air:vpn me$ EASYRSA_OPENSSL=/usr/local/Cellar/openssl/1.0.2n/bin/openssl EasyRSA-3.0.3/easyrsa init-pki
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /Users/me/Documents/vpn/pki

Sunday, November 12, 2017

Playing audio from Raspberry PI3 to A2DP speaker

Basic steps from Arch Linux wiki, with a small Raspbian specific kludge from StackOverflow:
Create /etc/dbus-1/system.d/pulse.conf:

<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  <policy user="root">
    <allow own="org.pulseaudio.Server"/>
    <allow send_destination="org.bluez"/>
    <allow send_interface="org.bluez.Manager"/>
  <policy user="pulse">
    <allow own="org.pulseaudio.Server"/>
    <allow send_destination="org.bluez"/>
    <allow send_interface="org.bluez.Manager"/>
  <policy context="default">
    <deny own="org.pulseaudio.Server"/>
    <deny send_destination="org.bluez"/>
    <deny send_interface="org.bluez.Manager"/>

pulseaudio --start
# bluetoothctl
# power on
# agent on
# default-agent
# scan on
# pair 
# connect 
# scan off
# exit

paplay imperial_march.wav --device=bluez_sink.04_FE_xx_xx_xx_xx

Wednesday, November 1, 2017

Apple Mail.App alternatives

Notes to myself on experiences with alternatives to standard Mac OS email app.

Apple Mail behavior of downloading all messages and their attachments from all remote IMAP folders is unacceptable on a laptop.

- Very high latency on all UI widget operations on a Macbook Air - feels like operating on a remote desktop

Airmail 3
- UI feels quick, but is highly asynchronous. You never know if the view represents the server state.
- Undo operation doesn't really work - Customer service refuses to understand the issue

Sticking with Airmal for now.

Tuesday, October 31, 2017

Hikvision IP camera experiences

I decided to try out a low cost surveillance camera, Hikvision DS-2CD2142FWD-IS.

The good

  • Cheap - you can get 10 of these for the price of a single European brand name camera
  • Surprisingly solid casing
  • Comes with waterproof RJ45 connection kit

The bad

  • Supposed to be web managed - however that is not really the case
    • Management "Web pages" rely on a proprietary browser plugin for essential parts of the configuration
    • Cannot see a live view - must manually open a dedicated app to see video
    • Cannot play back on-device recordings
    • Cannot download images captured on the device micro sd
    • Cannot draw area of interest for motion detection, video tampering, intrusion detection or line crossing detection
  • Something weird with the DHCP implementation, occasionally picks up a new IP address. No other device or camera in the same network does this

The unknown

  • Robustness and real operating temperature range - winter will tell whether this one will work in the sub -30C temperatures

Saturday, October 28, 2017

Canon CP910 no longer prints over WIFI

When printing from and Android phone, CP910 fails with error message:
Cannot read data from memory card!
Cannot print incompatible images or memory card not readable
Even though there is no memory card involved at all. Canon PRINT app incorrecly claims the photo was printed succesfully.

I suspect this has to do with Canon CP910 not really understanding progressive JPEG images. Android probably switched from baseline to progressive at some point.

To resolve this, I had to install an image converter app. Then first convert the image from jpg to jpg and then share the converted image to Canon PRINT app for printing.

Saturday, August 5, 2017

Building debian packages for Raspberry PI on Jenkins in Ubuntu

  • Set up Jenkins on Ubuntu
  • Set up jenkins debian glue
  • Install raspbian-archive-keyring.deb
  • Make sure debian-archive-keyring is not installed
  • Make a copy of /etc/pbuilderrc as /etc/pbuilderrc.raspi and add
    • DEBOOTSTRAPOPTS=--keyring=/usr/share/keyrings/raspbian-archive-keyring.gpg
  • Either create a new job for raspbian-binaries or configuration for existing job
  • Configure variables as
    • architecture=armhf
    • distribution=jessie
    • COMPONENTS="main contrib non-free"
    • COWBUILDER_BASE=/var/cache/pbuilder/base-raspbian-jessie-armhf.cow
    • PBUILDER_CONFIG=/etc/pbuilderrc.raspi
    • ARCHITECTURES="amd64 i386 armhf source"
    • REPOSITORY=/srv/repository-raspi

Saturday, July 15, 2017

nbd fails with "Negotiation: Error: Server closed connection"

While experimenting with nbd (network block device) on Linux, I ran into connection failures, where both my server and client died:

** Message: virtstyle ipliteral
** Message: connect from, assigned file is /home/user/fs/image
** Message: Authorized client
** Message: Starting to serve
** Message: Size of exported file/device is 33554432
Negotiation: Error: Server closed connection
Error: Read failed: Connection reset by peer


Turned out, this was due to me starting the server using the command line options specifying the file to serve.
./nbd-server localhost:10809 /home/user/fs/image 

Apparently this simply does not work.

Solution was to create the server config file and leave out the server command line options completely.

        exportname = /home/user/fs/image
authfile = /etc/nbd-server/allow


Then run the client with the name specified in the config.

sudo ./nbd-client -name export 10809 /dev/nbd1

I could have saved some time debugging this if I just had read the this bug report thoroughly enough: