Thursday, October 8, 2015

How to use Apple TV on enterprise wireless

I recently got an Apple TV for the purpose of sharing access to a projector in a classroom or (once I get one) a big monitor in the lab, only to discover that it's really hard to set up on an enterprise wireless network like most universities have. In particular, there's no way to actually enter a wireless password on the device - maybe not a bad idea, since I'd have to do it on an on-screen keyboard in front of a room full of students.

So here's what you have to do:

1. Get the Apple Configurator

2. Get the certificates for your wireless network. If, like Northeastern, your institution helpfully fails to make these publicly available, you can sniff them using these directions. On my Mac it involves turning off wireless, starting a tcpdump capture ("tcpdump -i en0 -w keys.pcap"), turning wireless on and connecting to the network, and stopping the capture with ^C. Then load the trace into wireshark and export the certificates as ".der" files. This is described in the linked article, but here's the actual step of saving one of the certificates:


Note that for the Apple TV Configurator we'll keep the certificates in DER format, instead of converting them to PEM. There should be multiple certificates in the packet; save each of them separately.

3. Start Apple Configurator, then connect to your Apple TV with USB. (you don't need the HDMI while you're doing this, which is a good thing because the two sockets are too close together for most cables) A window pops up; follow the following set of steps:

- Enrollment profile: don't enroll
- choose software to install: don't install (unless you want to wait an hour or so)
- choose the profiles to install: click "New", since you haven't set up any profiles yet

Set a name for the profile, then on the left click "Certificates":


Click 'Configure', upload the .der files that you just created from wireshark, and save. (if you have official certificates you got from your IT department you're on your own - I don't know what format they need to be in)

Now click 'Wi-Fi':

and configure. Enter your SSID, set "security type" to WPA/WPA2 Enterprise, and set your username and password:

Now click 'Trust' and select the certificates you uploaded:

Now click 'Save', select your new profile on the next screen, and click 'Next' once or twice to install it on your device.

For those of you at Northeastern, here are links to the certificates you need for NUwave or CCIS-Wireless:

AddTrust.der
InCommon.der
USERTrust.der
wireless.northeastern.edu.der


Posted by at No comments:

Monday, October 10, 2011

Tunneling UDP (e.g. Photoshop keyserver) over SSH

It's basically the same as this solution on Vincent Dumouchel's site, but wrapped up in a shell script that will run on a Mac. The theory is to use 'nc' to listen for UDP packets on localhost and forward them through a TCP connection (tunneled by SSH) to the remote host, where 'nc' will then read them off TCP and send them via UDP. Useful in a number of obscure situations. 

#!/bin/sh
#
# file:        remote-key.sh
# description: forward UDP traffic to port 19283 (Adobe keysvr) over SSH
#
# Peter Desnoyers, Northeastern University, 2011
#

host=$1
keyserver=$2
port=19283      # Adobe keysrvr

# get rid of the annoying "Terminated" message on shutdown
exec 2<&-   

# lots of gross delays, because (a) we need to start the local 'nc'
# first, so it can be in the background, even though the remote isn't
# there yet to connect to, and (b) because we can't open the FIFO for
# reading until it's been opened for writing, or we'll get an EOF
#
(sleep 3; rm -f /tmp/fifo; mkfifo /tmp/fifo;
    (sleep 1; nc -l -u $port < /tmp/fifo) | nc localhost 6667 > /tmp/fifo) &
local=$!
trap "kill $local; rm -f /tmp/fifo" 0

# we keep the SSH in the foreground so that the remote end can detect
# a broken connection ('cat' will see EOF) and then clean up
# properly. 
#
ssh -L6667:localhost:6667 $host \
    'trap "rm -f /tmp/fifo; killall nc" 1; 
        rm -f /tmp/fifo; killall -q nc; mkfifo /tmp/fifo;
        ((sleep 1; nc -l -p 6667 < /tmp/fifo) | 
  nc -u '$keyserver' '$port' > /tmp/fifo) < /dev/null &
        cat > /dev/null;
        killall nc'
Posted by at No comments:

Thursday, September 15, 2011

An alternative to strtok(3) in C

If you've ever tried to split strings in C you know that strtok() is an abomination, modifying the string passed to it and in general breaking most of the standard patterns for how memory is allocated and handled in reasonable C programs. The obvious solution is to use another programming language, but sometimes that isn't possible. Here's an alternative function strwrd that I give my students for a homework that involves command line parsing, which follows the standard practice of returning strings in caller-allocated storage. 
/* find the next word starting at 's', delimited by characters
 * in the string 'delim', and store up to 'len' bytes into *buf
 * returns pointer to immediately after the word, or NULL if done.
 */
char *strwrd(char *s, char *buf, size_t len, char *delim)
{
    s += strspn(s, delim);
    int n = strcspn(s, delim);  /* count the span (spn) of bytes in */
    if (len-1 < n)              /* the complement (c) of *delim */
        n = len-1;
    memcpy(buf, s, n);
    buf[n] = 0;
    s += n;
    return (*s == 0) ? NULL : s;
}
which is used like this: 
char line[some_length];
char argv[10][20];
int argc;
for (argc = 0; argc < 10; argc++) {
    line = strwrd(line, argv[argc], sizeof(argv[argc]), " \t");
    if (line == NULL)
        break;
}
Posted by at No comments:

Wednesday, July 20, 2011

Splitting body and references in Latex for NSF proposals

For those of us who prepare grant proposals for the NSF, and use LaTeX for formatting, it can be a pain to separate the body of the proposal from the references, as the two have to be uploaded separately. A combination of pdftk (the PDF toolkit) and make handles this in a pretty straightforward fashion:

1. put the following in your LaTeX source, just before generating the bibliography, to mark the last page: 

\label{page:last}

2. Use a makefile that looks like this (assuming you use pdflatex): 

FILE = proposal
$(FILE).pdf: $(FILE).tex
    pdflatex $(FILE)
    bibtex $(FILE)
    pdflatex $(FILE)
    pdflatex $(FILE)

DESC_END = $(shell grep page:last $(FILE).aux | tr '{}' ' ' | awk '{print $$NF}')
REFS_START = $(shell expr $(DESC_END) + 1)

description.pdf: $(FILE).pdf
        pdftk $< cat 1-$(DESC_END) output $@

references.pdf: $(FILE).pdf
        pdftk $< cat $(REFS_START)-end output $@
Posted by at No comments:

Thursday, June 23, 2011

GNU Argp for OSX

After using optparse in Python, I've become spoiled and never want to go back to getopt/getopt_long for C code. The only package I've found for C that handles both options and help strings in a reasonable fashion seems to be GNU Argp, but it's non-standard and works on my Linux machines but not my Mac. A quick try at pulling Argp from the glibc source and porting to the Mac was leading to more work than I wanted, so the solution was this quick-and-dirty replacement.

And yes, it commits the cardinal sin of including code in a header file, but it works fine if you're only including it from main.c, and keeps your source compatible between systems. (just put it in the local directory, add "-I ." to your compile flags, and you're done.)

Posted by at No comments:
Subscribe to: Posts (Atom)