PhD student in information theory
Posts by Florian
Renewing a self-signed SSL Certificate on OSX Server
01 month ago
in Apple
During the installation of Mac OS X Server, a corresponding self-signed certificate is automatically generated. However, as this certificate is only valid for 1 year, it has to be renewed rather soon.
Instead of generating a new certificate, the following steps will reuse its private key and only regenerate the corresponding public key.
- Open the Terminal and start "Keychain Access" as administrator
sudo /Applications/Utilities/Keychain\ Access/Contents/MacOS/Keychain\ Access
- Locate your current certificate and export it as cert.p12 archive. During this step you have to choose a password. Remember it!
- Go to Server Admin, choose the expiring certificate and generate a new “Certificate Signing Request”. Store this file as cert.csr.
- Export the corresponding certificate using the previously chosen password
openssl pkcs12 -in cert.p12 -nocerts -out private.key
- Strip out the password from your private key
openssl rsa -in private.key -out private.unprotected.key
- Generate a new certificate, based on your unprotected private key and your previously generated signing request
openssl x509 -req -days 3650 -in cert.csr -signkey private.unprotected.key -out cert.crt
which, in the above case, is valid for the next 3650 days.
- Go back to Server Admin, choose your expiring certificate, and select “Replace with new signed certificate”, choosing your newly created “cert.crt” certificate.
VoIP over 2.PVC (AVM Fritz!Box)
03 months ago
in Hardware
Nowadays many Internet Service Providers (ISP) offer not only Internet Access, but always telephone service (often as VoIP) or television broadcast (IPTV).
Unfortunately, VoIP services demand different characteristics (no delay, some missing packages are tolerable) compared to classical data connections (no missing packages, some delay tolerable). As a solution, ISPs tend to use an additional permanent virtual circuit (PVC) connection to offer the different characteristics needed for VoIP services.
However, when using internet routers from AVM, such a configuration yields to all VoIP traffic being send via the second dedicated PVC connection. Since its only possible to reach your ISPs VoIP registrars via this PVC connection all third-party VoIP providers can no longer be used.
Luckily, AVM added a hidden option in their firmware, forcing the VoIP traffic for a specific VoIP provider to be always send via the ordinary internet connection (first PVC). After getting access to the firmware of your AVM router (see for example IP Phone Forum with instructions how to gain access via ordinary telephone codes) you need to edit the file
/var/flash/voip.cfg
And update the corresponding setting
route_always_over_internet = "yes"
Please note, that this functionality is only available in newer firmware versions (year 2011+).
In case you got a AVM Fritz!Box 7140 from your ISP, the latest official firmware does not support this functionality. However, as the 7140 model is only a strip-down version of the larger 7170, it is in principle possible to install the 7170 firmware. Check the IP Phone Forum for further instructions on this.
(In short, access adam2 via ftp after a failed recovery (e.g. with a wrong firmware), changed the HWREVISION and, if desired, the firmware_version, to the appropriate values, and perform a correct recovery)
Finally IPv6
06 months ago
in Hardware
Today I started looking into IPv6 since TomatoUSB on my router (or more precisely Toastman Builds) has basic IPv6 support.
As my ISP does not provide native IPv6 I used tunnelbroker.net to apply for a 6in4 tunnel and got my /64 subnet for testing purposes and could also directly apply for a slightly larger /48 subnet.
The configuration of my router was straight forward. Just fill in the details provided by tunnelbroker.net.
- IPv6 Service Type: 6in4 Static Tunnel
- Assigned / Routed Prefix: “Routed /64″ or “Routed /48″ depending what you got assigned.
- Prefix Length: 64 or 48 (see above)
- Router IPv6 Address: Default
- Static DNS: Anycasted IPv6 Caching Nameserver
- Enable Router Advertisements: Enabled (otherwise the clients in your local network will not detect IPv6)
- Tunnel Remote Endpoint (IPv4 Address): Server IPv4 Address:
- Tunnel Client IPv6 Address: Client IPv6 Address
Remember to configure the Tunnelbroker.net DDNS in case you get a dynamic IPv4 address assigned from your ISP.
Once everything is set up, test your connection e.g. on test-ipv6.com
Scientific iPython Profile
1Python, especially in combination with the packages for scientific computing, numpy and scipy, almost replaces Mathworks Matlab.
However, setting up a working python environment with all packages might be a little bit tricky. An easy alternative is Enthought Python Distribution (EPD) – with free academic versions.
EPD includes IPython, an environment for interactive and exploratory computing.
Starting with version 0.11 the configuration file has been changed and my previous configuration file does not work anymore.
However, rewriting the configuration file is rather easy. Using the commands “ipython profile create sci” creates a default configuration file in ~/.ipython/profile_sci” as “ipython_config.py”.
To invoke this configuration start IPython with “ipython –pylab -profile=sci”
c = get_config()
app = c.InteractiveShellApp
# This can be used at any point in a config file to load a sub config
# and merge it into the current one.
load_subconfig('ipython_config.py', profile='default')
lines = """
from __future__ import division
# load the numpy and scipy modules but keep them in separate namespaces
import numpy
import scipy
# load modules into root namespace
# plotting:
from pylab import *
# general matrix/vector tools:
from numpy import *
# linear algebra:
from numpy.linalg import *
# various random functions:
from numpy.random import *
# general numerical analysis tools:
from scipy import *
# integration of functions and ode:
from scipy.integrate import *
# copying tools
from copy import copy, deepcopy
"""
# You have to make sure that attributes that are containers already
# exist before using them. Simple assigning a new list will override
# all previous values.
if hasattr(app, 'exec_lines'):
app.exec_lines.append(lines)
else:
app.exec_lines = [lines]
print ""
print "*** scientific profile successfully loaded ***"
print ""
Smarthost for sendmail
09 months ago
in Linux
Forward mails from a Linux System through a dedicated Smarthost (Outgoing Company/ISP Mailserver) is a rather common configuration scenario.
A nice and detailed description is published at http://www.go2linux.org/smart-host-sendmail-exim.
The short version for a smarthost:
- Edit /etc/mail/sendmail.mc and add
dnl define(`SMART_HOST',`smtpserver.example.org')
- Generate a new sendmail.cf with the command
make -C /etc/mail
The short version for a mail forward:
- Edit /etc/mail/genericstable with
root user@example.org
- Updating the configuration with
makemap hash /etc/mail/genericstable < /etc/mail/genericstable
If your smarthost needs authentication use additionally
- Edit /etc/mail/sendmail.mc and check for
FEATURE(`authinfo', `hash /etc/mail/authinfo')
- Create an /etc/mail/authinfo with the following format
AuthInfo:your.smtp.server "U:user@smtpserver.example.org" "I:user" "P:passwd" "M:LOGIN PLAIN"
- and hash the file
makemap hash /etc/mail/authinfo < /etc/mail/authinfo
- For security reasons chmod it accordingly, that is e.g.
chmod 600 /etc/mail/authinfo
XCode 4 Templates
010 months ago
in Apple
As a small hint, the templates for XCode 4 source files are now located at
/Developer/Library/XCode/File Templates
Edit those files to get customized headers.
GNU FAT libraries
01 year ago
in Apple
In my previous post I described how to obtain a fat boost libraries.
For source libraries using the traditional
./configure make make install
approach, a fat library can be easily obtained by overwriting the default compile and linker flags using within make, that is
./configure --disable-dependency-tracking make CXXFLAGS="-arch i386 -arch x86_64" CFLAGS="-arch i386 -arch x86_64" LDFLAGS="-arch i386 -arch x86_64" sudo make install
Boost FAT libraries
01 year ago
in Apple
The Boost C++ Libraries provide a large set of peer-reviewed libraries and are very useful in all different kinds of development projects.
Apple uses the concept of fat libraries to provide within a single library versions for both, 32-bit and 64-bit architecture. (This concept can be even extended to the x86 and ppc architecture, both in 32-bit and 64-bit flavor within the same library.)
To obtain a fat library for the x86 architecture, it is enough to use the address-model parameter of bjam and issue the following commands:
./bootstrap.sh ./bjam architecture=x86 address-model=32_64 sudo ./bjam architecture=x86 address-model=32_64 install
To test if a library is fat or not, have a look at the output of
lipo -info
Luletter.cls
0Installing LaTeX classes is always a little bit of a hassle, especially when they include special fonts and their corresponding map files.
However, at least with MacTex 2010 (based on TexLive 2010) is became rather easy by using the updmap-sys command
sudo updmap-sys --enable Map=mapfile.map
In particular, for installing the class file for Lund:s University (available from within the university network here) can be done within 6 steps
1) Copy localtexmf\fonts to ~/Library/texmf 2) Copy localtexmf\tex to ~/Library/texmf 3) Copy localtexmf\dvips as a subdirectory to ~/Library/texmf/fonts/ and rename it to maps (See http://tug.org/texlive/mapenc.html -- TeX Directory Structure document Version 1.1) 4) sudo texhash 5) sudo updmap-sys --enable Map=~/Library/texmf/fonts/maps/ psfonts/agaramond.map 6) sudo updmap-sys --enable Map=~/Library/texmf/fonts/maps/ psfonts/frutiger.map
NAS
0After thinking a long time about getting a Network-attached storage (NAS) it was finally time to make a decision. The two final competitors were QNAP and Synology, which both have great firmwares with all my necessary features.
Finally, I decided to go for the Synology DS410, a four bay NAS, with a 1GHz Freescale processor, together with (until now) two Samsung HD204UI hard-drives.
What should I say, everything works like a charm. SSH-Access to the NAS for fine tuning if necessary, IPKG package repository and not hearable during normal operations (except when the hard-drives start-up after sleep mode).
The only problem I encountered was a high frequency noise from the Synology PSU. I wrote to their support on Monday afternoon after their business hours. Received an answer by Wednesday, that they can send me another PSU, asking for my address. By Friday, I received the tracking number and already on Monday (that’s within less than a week) I received my PSU with UPS “Urgent Express” Service from Taiwan.
Note, that I didn’t request any special, urgent treatment, and even stated that it’s not an urgent case at all (as I fixed the noise problem temporarily by attaching a bar clamp to the PSU).
I’m totally impressed by the Synology’s Customer Support and can warmly recommend this company to anyone looking into buying a NAS. That’s what I call customer support!