Monday, September 28, 2015

Getting the Adafruit serial cable to work on OS X 10.10 (Yosemite)

After trying for a couple of hours to get the Adafruit serial cable to connect to my Raspberry PI A+ I learned some lessons:
  1. You can power the Raspberry using the USB cable alone. If you connect your A+/B+ to a power source do not connect the red lead to the Raspberry PI
  2. Always read the instructions before connecting your computer to anything (DUH :-).
  3. Apart from how to connect the cable to the Raspberry PI the Adafruit guide: somewhat out of date.
  4. The OS X driver linked to from the Adafruit article:

    ...has issues with Yosemite, all you get when you install it and run the screen command is a blank terminal window. If you check in the console logs you will find something resembling the following entries.

    28/09/15 22:28:36,000 kernel[0]: nl_bjaelectronics_driver_PL2303(0xffffff8029049800)::allocateResources failed - no fpInterface.
    28/09/15 22:28:36,000 kernel[0]: nl_bjaelectronics_driver_PL2303(0xffffff8029049800)::start Allocate resources failed
    28/09/15 22:28:36,000 kernel[0]: nl_bjaelectronics_driver_PL2303(0xffffff8029049800)::CheckSerialState - StartSerial failed

    ...the reason for this is apparently that the driver has issues with OS X kernel signing.
  5. After growing sick and tired of trying to get this thing to work I uninstalled it:

    sudo rm -r /System/Library/Extensions/osx-pl2303.kext
    sudo kextunload /System/Library/Extensions/osx-pl2303.kext

    and found out that there is a manufacturer supplied driver for the PL2303:

    ...that now supports OS X10.10 and OS X 10.11 (El Capitan). After installing it the Adafruit Serial/USB cable finally worked. Don't be fooled if you get a blank terminal window after running the screen command:

          screen /dev/cu.usbserial 115200

    ... for some reason the 'raspberrypi login:' prompt did not appear on my system but entering the username and hitting [Return] caused the  familiar 'Password:' prompt to appear.
  6. Finally, if you get a bunch of errors like this:

          Cannot open line '/dev/cu.PL2303-000013FA' for R/W: Resource busy


         dev/cu.PL2303-000013FA: ioctl TIOCEXCL failed: Resource busy

    It may be because you are improperly terminating the screen command. The proper way is:

          [Ctrl]+[A], then [K] and finally, [Y] to shut the program down.

Thursday, October 31, 2013

Adding a certificate to the global certificate chain in Fedora 19

I had the worst kind of problems with Websense rewriting every single SSL certificate for all sorts of Linux terminal commands including 'yum', 'wget', 'svn' and others. Unfortunately it took a bit of research to find out how to properly fix this so I though I'd share what I found out. It's not essential to understand (roughly) what a X509 certificate is and what the difference is between PEM and DER as well as the different kinds of certificate files but it sure helps. As it turns out you can add a certificate in Fedora regardless of whether it is PEM or DER encoded but since I'm a nerd I like to know this kind of stuff. If you are impatient you can skip the next section, it is mostly technical background info.

A bit about PEM/CRT/CER/DER files:

Unfortunately there seems to be a bit of confusion about PEM and DER encoded certificate files. Technically speaking a certificate in PEM format is simply a X.509 certificate encoded in ASN1 (DER) encoding and then run through a Base64 encoder. Each Base64 encoded certificate is enclosed in BEGIN/END ASCII string tags. Multiple such certificates can be concatenated into a single file (using the Linux 'cat' command if necessary). This is what a single certificate and a chain of certificates in PEM format look like:

Example 1: A single certificate in PEM format:


Example 2: A certificate chain in PEM format:
                         **  snip **
                         **  snip **
                         **  snip **

Certificate files come with a confusing variety of file extensions depending on the encoding:
  • *.pem - Certificate in PEM format (ASN1 DER and Base64 encoded). This file extension is common on Linux/Unix systems.
  • *.crt - Certificate is either in PEM format or ASN1 DER encoded. Recognized by Windows and Linux/Unix.
  • *.cer - Certificate is either in PEM format or ASN1 DER encoded. Alternate form of '*.crt' that is recognized by Windows.
  • *.der - Certificate is ASN1 DER encoded only.
The simplest way to tell whether you have a PEM or DER encoded file is to open it with a text editor like vim (ships with Linux, on Windows use Notepad). If the file contains Base64 encoded data sandwiched between BEGIN/END tags as shown in the above examples it is in PEM format. If all you can see is binary jumble, it is probably in raw DER format. If you only have a raw ASN1 DER encoded certificate available you can use the following command to transcode a DER certificate to PEM format:

openssl x509 -inform DER -outform PEM -in foobar.crt -out foobar.pem

This command also works in reverse to transcode PEM encoded certificates back to ASN1 DER format.

Adding your certificate to the global keychain in Fedora 19

It turns out that once you know what the difference between *.pem, *.crt, *.cer and *.der files is adding your Websense certificate to Fedora's global certificate chain is pretty simple. Your Websense system administrator should be able to provide you with a root authority certificate for your Websense system. Once you have that, all you have to do is, get a root shell, copy your *.pem file to the right directory and run one command. I prefer to back up the generated keychains that shipped with Fedora 19 just in case but you can skip that step if you want to:

$ su -
$ cd /etc/pki/ca-trust/extracted/pem
$ mv email-ca-bundle.pem email-ca-bundle.bak
$ mv objsign-ca-bundle.pem objsign-ca-bundle.bak
$ mv tls-ca-bundle.pem tls-ca-bundle.bak
$ cp /path/to/your/certificate/foo.pem /etc/pki/ca-trust/source/anchors/
$ update-ca-trust

The update-ca-trust command takes any PEM or DER encoded certificates you added to the source/anchors directory and adds them to your global certificate chains. You should now see a new set of certificate chains with the *.pem files extension in the /etc/pki/ca-trust/extracted/pem directory (/usr/share/pki/ca-trust-source/anchors/ on some systems) and each chain should contain a copy of your certificate. To make sure your certificate made it into the each of the new keychains just grab a random Base64 encoded line from the PEM encoded certificate you wanted to add and grep for it. The string should appear in the *.pem files but not the *.bak files:


For more information you might want to read the man file for  update-ca-trust which, unlike some other man files, is actually human readable.

Tuesday, October 8, 2013

I wanted to compile a C++11 example on OS X 10.8.5 but it took me a while to figure out how.  Using good old g++ with the -std=c++11 option will not work like it does on Linux since g++ is only a symlink to llvm-g++-4.2 on OS X 10.8. Apparently the Gnu compiler is no longer installed due to license issues.  What works is to use clang++, the new(ish) front-end to Apples llvm compiler and for some reason that you have to tell clang++ which C++ standard library to use. For now I'm to lazy to investigate why that is but the following compiled the C++11 example code on

clang++ -std=c++11 -stdlib=libc++ cpp11example.cpp -o cpp11example

... or you can download the Gnu compiler and install it but for a few example code that seemed like overkill.

Monday, May 7, 2012

Cscope on AIX 7

AIX 7 does not seem to install cscope by default. It took me a while before I found this place:
The cscope packages in the AIX 7 binary section and are marked AIX 5 but they work on AIX 7 nonetheless.

Friday, April 20, 2012

Ok, just set up Ubuntu 11.10, so far so good. VIM kept spitting out A, C, B characters when operating the arrow keys in insert mode. Strangely enough that was cured by copying /etc/vim/vimrc to $HOME/username/.vimrc. Other than that Unity kind of sucks but mostly because it is buggy. I don't know what all the hullabaloo regarding Unity is about, I rather liked it as a desktop environment once I had tweaked it into shape, but as I said it still needs a bit of work.

Wednesday, April 4, 2012

RHEL 6.0 network configuration.

When one selects the default minimal desktop installation RHEL 6.0 does not configure the ethernet interface. To get it working edit the file: /etc/sysconfig/network-scripts/ifcfg-eth0 and set NM_CONTROLLED="no". This ensures the device is no longer slaved to the network manager. Then restart networking:

sudo service network restart

and finally get DNS working by editing: /etc/resolv.conf

search **yourdomain**
nameserver **address**
nameserver **address**

It's a workaround but it got my box connected.

Thursday, January 19, 2012

I ♥ MacBook Air

I just bought a MacBook Air (Model 4,2) and IT ROCKS!!! This is largely thanks to the SSD but the 50% weight reduction from my old MacBook also helps. Boot time is drastically shorter and Photoshop files hundreds of megabytes in size load in mere seconds. My disk space has just been cut in half to 250 Gb but I'm not complaining. The product of the last 10 years of amateur photography will just have to be farmed out to a USB disk (or a 'vagrant' as we call it up here in the arctic) and I'll find a way to live with USB 2.0 until I can afford a Tunderbolt ™ drive. Of course if history is anything to go by, and given my recent strain of catastrophically bad luck, Apple will announce a new MBA with USB 3 ports and a Retina Display tomorrow. Incidentally the Apple Genius who sold it to me my new MBA was wrong, you can upgrade the SSD in the model 4,1 and 4.2 MacBook Airs.