WolfSSL Server on the Galileo

Intel has been kind enough to show us how to use WolfSSL on the Galileo board, but only in a client mode. Turns out that, there are some issues that will be encountered when running a WolfSSL server on the Galileo with the EthernetServer mode.

I’ve had to learn this the hard way.


The EthernetServer will fail to load the server certificate as the internal clock is stuck in the past. Therefore, we need to set the system date of the Galileo board to the present. Since there is no NTP client built into the Galileo 2 board, we are forced to use rdate instead.

So, telnet into the Galileo board and run the following command:

$ rdate tick.greyware.com

I suppose that the best way to do this is to incorporate a system() command into the setup() code of the Arduino sketch to automatically synchronise the date.

ECC Support

WolfSSL has removed static key based cipher-suites since 3.6.6. Therefore, it needs to be configured to support say, ECDHE based cipher-suites. Unfortunately, this is not automatically enabled during library configuration unless you’re using x86_64, which the Galileo board isn’t.

Therefore, the solution is to configure the library with the –enable-ecc option enabled.

$ ./configure --prefix=$HOME/wolfssl/ --target=i586-poky-linux-uclibc --host=i586-poky-linux-uclibc --enable-ecc

Otherwise, we will face the inability to communicate with the Galileo board when debugging using OpenSSL with the Galileo board complaining that there are no matching cipher suites right after receiving a Client Hello. The Galileo board then teminates the handshake without sending a Server Hello.

Visual Diff

I like the idea of doing a visual diff – particularly for circuit schematics and PCB layouts. This is quite interesting. Honestly, I have never actually thought of this before but it’s great that existing tools can be used to clearly record the diff between hardware revisions in a visual manner.

The general idea behind it is pretty simple and straight-forward:

  1. Using the circuit tools, output a standardised graphical output e.g. PDF, SVG, PNG etc.
  2. Use ImageMagick to convert those graphics to a standard black and white format.
  3. Use ImageMagick to do some fancy processing on both graphics.
  4. This will immediately highlight the differences with false colouring.

Now, it’d be great if someone wrote a git post-hook to auto-magically do this.

Freeradius, OpenLDAP, DD-WRT

I had the reason to set up the wireless network in my office recently. Since this is an office network, I decided to put it on the right path, even if I was the only one using the wireless at the moment.

I started with setting up a public WEP network. This was for the use of guests to the office and is considered as part of the RED zone in my firewall settings. Then, I wanted to set up a GREEN wireless zone and felt that WPA-EAP was the best way to go for an enterprise class installation.

Since all my back-end infrastructure is Debian based, I decided to go with whatever was in the box – Freeradius and OpenLDAP. OpenLDAP was easy to setup as I have configured many LDAP servers in the past. It was fairly straight-forward. Then, came the Freeradius settings.

The default installation of Freeradius has actually got almost everything done. All I had to do was to configure the LDAP module and voila. It works! (with some minor caveats). With the default PEAP-MSCHAPv2 setup, all LDAP passwords must be stored in clear-text, which kind of sucked. So, I decided to go with TTLS-PAP instead, which allowed the passwords to be stored in any form, including the Salted-SHA1 encoding I had chosen for my LDAP.

ldap {
server = "localhost"
identity = ""
password =
basedn = ""
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
password_attribute = userPassword
set_auth_type = no

For the DD-WRT settings, I had to configure Freeradius to accept connections from a new client with a shared secret. Then, I configured DD-WRT with the shared secret to connect to the radius server. Done.

#replace with DD-WRT IP
client 10.X.X.X {
secret =
shortname =

I have been using it for several days and I have to say that it has been pretty decent so far. I have no complaints.

Typodermic Fonts

I doubt that I will ever be for want of a font again. I just found an artist who gives away 390+ fonts for free, including commercial usage.

Typodermic is a site created by the artist, Ray Larabie, who has been obsessed with typefaces and fonts since his childhood. There are lots of styles on the site and a large number of them are free.

What can I say, I am a sucker for peng, leng, zheng stuff.

Another great source of stylistic fonts is Dieter Steffmann, though I am not quite clear about their licensing.

Libvirt vs Virt-Manager on Lenny and Lucid

I ran into this random problem with virtualisation recently. For some reason, I just could not manage the LVM storage pools on my virtualisation server from my workstation. My workstation was running on Kubuntu 10.04 and my server was running Debian 5.04 using virt-manager and libvirt on each.

This was a very weird problem because I could access the LVM if there were no allocated logical volumes in them. However, the moment there was anything in them, virt-manager would fail to start the storage pool. This was a really weird problem because I did not have this problem on some of my other installations.

After spending days digging into it, I found out the cause of the problem.

It seems that the libvirt people changed the protocol in version 0.5.0 and swapped the colon delimeter to a comma delimeter. The workstation had a newer version of virt-manager while the server had the older version of libvirt. So, all I had to do was upgrade the libvirt from lenny-backports and that fixed the problem entirely.

The reason why I had not seen this in some other machines is because of the hardware was different. On this particular server, the harddisk was not seen as /dev/sdaX but parked under /dev/blocks/XXX:X instead. So, that is why the confusion with the “:” (colon) came into the picture between the two different versions.