Saturday, June 04, 2011

Poor man's copyboard

When I design something I generally do it on paper, with pencil and eraser. Everything generally go into a folder here I can look at it later as I tend to work on lot of stuff at the same time so some projects stretches for years. Sometimes it is because of lack of time, but it can be because I cannot solve a problem and it must go into background mode for some time. I even have some projects that went into sleep mode for a decade because my employer and I did not have the same understanding of section 2870 of the California Labor Code...

The paper and pencil method has its own set of problems, e.g. there is a limit of how much erasing you can do before having to use another sheet of paper. One interesting piece of hardware that I will certainly try when it will be available is the NoteSlate but meanwhile I installed a whiteboard in my office, and it had been an improvement, excepted for the fact that I could not easily keep a copy of whatever design was on the whiteboard when I had to switch to another project.

A copyboard is the obvious solution to this problem, but there is a reason why you see this kind of tool only in your lawyer's office: With a minimum price of $1200, it is really expensive. So what I did is to install my SLR camera on a tripod in front of the whiteboard, and to connect the camera to my computer, so I can take a picture of the whiteboard at any time.


The picture above shows the exact setting, excepted that I had to remove the camera to take this picture, because it was my only camera with the field of view required for this picture.

The camera is connected to the computer through USB and is powered by an AC adapter so there is no need to recharge the battery. I did not want to have to go to the computer each time I wanted a picture, so the camera is triggered by a wireless remote controller.

The next step was to write a small script that automatically downloads the picture as soon it is taken and display it on the monitor:

#!/bin/bash
case $ACTION in
  init) ;;
  start) ;;
  download)
    display -resize 1600 $ARGUMENT & ;;
  stop) ;;
  "")
    gphoto2 --capture-tethered --hook-script=$0 --filename="/home/petithug/.whiteboard/wb%Y%m%d%H%M%S.%C"
    ;;
esac
at 1:18 PM 0 comments Links to this post

Thursday, June 02, 2011

RELOAD: Test server

It took two very frustrating weeks for this, but I finally managed to install a public RELOAD Configuration and Enrollment test server. The frustration part is a consequence of my self-imposed list of requirements: Full implementation of the RELOAD spec, IPv4 and IPv6 support, JMX management over TLS with client certificates and the private key for the RELOAD CA stored in a PKCS#11 token. The code is still not perfect, but it at least fulfills all the requirements.

The libreload-java library contains everything to process the data returned by the server, but it is possible to use command-line tools to have a look to the configuration file and to generate RELOAD certificates. First step, finding the IP address of the configuration server for the "implementers.org" overlay using the DNS:

$ host -t SRV _p2psip-enroll._tcp.implementers.org
_p2psip-enroll._tcp.implementers.org has SRV record 40 0 443 implementers.org
$ host implementers.org
implementers.org has address 173.246.102.69
implementers.org has IPv6 address 2604:3400:dc1:41:216:3eff:fe5b:8240

Next step, retrieving the current version of the configuration file:

$ curl --resolve implementers.org:443:2604:3400:dc1:41:216:3eff:fe5b:8240 https://implementers.org/.well-known/p2psip-enroll

The configuration file contains the current URL of the enrollment server, https://implementers.org/enrollment.

The next step is to generate an RSA key pair:

$ openssl genrsa -out cert.rsa
$ openssl pkcs8 -in cert.rsa -out cert.key -topk8 -nocrypt

Then we can generate a certificate request in DER form:

$ openssl req -new -key cert.key -outform der -out cert.req

The certificate request can be sent to the enrollment server, which will use it to generate a certificate:

$ wget "https://implementers.org/enrollment?username=test&password=test" --post-file=cert.req --header "Content-Type: application/pkcs10" --header "Accept: application/pkix-cert" -O cert.der

Note that the password is mandatory but any password can be used at this time, as there is no user management in the server yet. The certificate returned will contain one user name and one Node-ID, but a certificate with multiple Node-IDs can be requested with the nodeids= parameter, as specified in version -15 of the RELOAD I-D. The content of the certificate can be displayed with something like this:

$ openssl x509 -noout -text -inform DER -in cert.der

I also released a new version of the libreload-java package that contains some bug fixes and improvements related to version -15 of the I-D. For example the library can now generate a signed configuration file, even if the test server is not using it yet.

Update 6/2/2011: Use curl instead of wget so we can force the IP address and port to the result of the SRV query.

Update 8/13/2012: This this post for the updated version of the servers.
at 12:47 PM 0 comments Links to this post
Labels: , , ,
Subscribe to: Posts (Atom)