pmeerw's blog

Tue, 24 Mar 2020

Working with PDF, on the command line

Using two small tools from poppler-utils package... pdftk or qpdf might work as well.

Splitting a PDF document: pdfseparate in.pdf out%d.pdf, can specify the first and last page using -f and -l

Merging PDF documents: pdfunite in1.pdf in2.pdf out.pdf

It would be nice if pdfseparate supported more format specifiers, not just %d; %0d would be useful working with large documents.

posted at: 11:50 | path: /projects | permanent link

Fri, 01 Jun 2018

How to use an Xmas tree stand in summer?

... by crafting an universal converter and turning it into an umbrella holder :-)

Perfect for installing an umbrella on the balcony!

posted at: 13:36 | path: /projects | permanent link

Tue, 17 May 2016

IEEE 802.1x port authentication

Run wpa_supplicant using sudo wpa_supplicant -i eth7 -D wired -c /tmp/802/wpa_supplicant.conf

HP 1920 switch: configure to CHAP to make MD5 work
Zyxel GS1900 switch: local authentication doesn't seem to work
wpa_supplicant MD5
wpa_supplicant EAP-TLS
Generate keys using Debian/Ubuntu's /usr/share/doc/freeradius/examples/certs; here is an edited variant without requiring passphrases
DH_KEY_SIZE	= 2048

.PHONY: all
all: index.txt serial dh random server client ca

.PHONY: client
client: client.pem

.PHONY: ca
ca: ca.der

.PHONY: server
server: server.pem

#  Diffie-Hellman parameters
	openssl gendh -out dh -2 $(DH_KEY_SIZE)

#  Create a new self-signed CA certificate
ca.key ca.pem: ca.cnf
	@[ -f index.txt ] || $(MAKE) index.txt
	@[ -f serial ] || $(MAKE) serial
	openssl req -nodes -new -x509 -keyout ca.key -out ca.pem \
		-days $(CA_DEFAULT_DAYS) -config ./ca.cnf

ca.der: ca.pem
	openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der

#  Create a new server certificate, signed by the above CA.
server.csr server.key: server.cnf
	openssl req -nodes -new -out server.csr -keyout server.key -config ./server.cnf

server.crt: server.csr ca.key ca.pem
	openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf

server.p12: server.crt
	openssl pkcs12 -nodes -export -in server.crt -inkey server.key -out server.p12 -passout pass:

server.pem: server.p12
	openssl pkcs12 -nodes -in server.p12 -out server.pem -passin pass:

#  Create a new client certificate, signed by the the above CA
client.csr client.key: client.cnf
	openssl req -nodes -new -out client.csr -keyout client.key -config ./client.cnf

client.crt: client.csr ca.pem ca.key
	openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf

client.p12: client.crt
	openssl pkcs12 -nodes -export -in client.crt -inkey client.key -out client.p12 -passout pass:

client.pem: client.p12
	openssl pkcs12 -nodes -in client.p12 -out client.pem -passin pass:

#  Miscellaneous rules.
	@touch index.txt

	@echo '001' > serial

	@if [ -c /dev/urandom ] ; then \
		dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \
	else \
		date > ./random; \

	openssl x509 -text -in server.crt

	openssl x509 -text -in ca.pem

wireshark filter: eap || eapol

posted at: 00:06 | path: /projects | permanent link

Wed, 02 Sep 2015

Olimex rt5350f with OpenWRT

Olimex has a nice board with the Ralink rt5350 MIPS SoC (32 MB RAM, 8 MB SPI flash) with integrated 802.11n wifi. About 24 € with the base port providing two relays, two NICs, USB.

It comes with OpenWRT 15.05-rc3 pre-installed, kernel 3.18.19.

The serial port is 3v3 with 57600 8N1. The left ethernet port is LAN, the right/middle port is WAN.

root@rt5350f:/# cat /proc/cpuinfo                                               
system type             : Ralink RT5350 id:1 rev:3                              
machine                 : RT5350F-OLINUXINO                                     
processor               : 0                                                     
cpu model               : MIPS 24KEc V4.12                                      
BogoMIPS                : 239.61                                                
wait instruction        : yes                                                   
microsecond timers      : yes                                                   
tlb_entries             : 32                                                    
extra interrupt vector  : yes                                                   
hardware watchpoint     : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0]
isa                     : mips1 mips2 mips32r1 mips32r2                         
ASEs implemented        : mips16 dsp                                            
shadow register sets    : 1                                                     
kscratch registers      : 0                                                     
package                 : 0                                                     
core                    : 0                                                     
VCED exceptions         : not available                                         
VCEI exceptions         : not available    

The relays and the button is nicely exported:

root@rt5350f:/sys/kernel/debug# cat gpio                                        
GPIOs 0-21, platform/10000600.gpio, 10000600.gpio:                              
 gpio-0   (button              ) in  hi                                         
 gpio-12  (relay2              ) out lo                                         
 gpio-14  (relay1              ) out lo                                         
GPIOs 22-27, platform/10000660.gpio, 10000660.gpio:   

posted at: 22:12 | path: /projects | permanent link

Wed, 11 Feb 2015

Notes on the Freescale FRDM-K64F devboard

The Freescale FRDM-K64F is a small ARM Cortex-M4 board with 120MHz, 1MB flash memory, 256KB RAM, USB and ethernet. It comes with OpenSDAv2, a serial and debug adapter, supposedly open source. It implements CMSIS-DAP.

Strangely, the demo app uses a serial with 230400 bps, one can connect with cu -l /dev/ttyACM0 -s 230400.

GCC toolchain is supported, I installed gcc-arm-none-eabi-4_8-2014q3-20140805-linux.tar.bz2 to /opt/ and set the environment variable export ARMGCC_DIR=/opt/gcc-arm-none-eabi-4_8-2014q3/.

The KDS is an Eclipse-based IDE, it comes with openocd and some udev rules. Use openocd -f kinetis.cfg, there is a patch not in openocd mainline with Kinetis support. Connect to openocd:

telnet localhost 4444

Use gdb (/opt/gcc-arm-none-eabi-4_8-2014q3/bin/arm-none-eabi-gdb) with an .elf file to flash and/or debug:

set mem inaccessible-by-default off
target remote localhost:3333
monitor reset halt

posted at: 01:47 | path: /projects | permanent link

Made with PyBlosxom