Moving to GitHub Pages

I’ve moved to blogging using GitHub Pages at Existing content will remain here for the foreseeable future but I don’t plan on writing new posts or fixing the old.


Windows-1252 charset codes

The following are some Windows-1252 (ISO 8859-1) charset codes I’ve seen in legacy HTML documents created in Word. The replacement suggestions are for conversion to UTF-8 characters available on the keyboard. Alternatively, you may want to use HTML character entities.

\x85 (ellipsis …) replace with three dots …

\x91 (curved quote ‘) replace with normal quote ‘

\x92 (curved quote ’) replace with normal quote ‘

\x93 (curved quote “) replace with normal quote ”

\x94 (curved quote ”) replace with normal quote ”

\x96 (dash –) replace with normal –

\x97 (dash —) replace with normal –

\xa0 (NBSP) replace with normal space

\xa9 (copyright symbol ©) replace with (C)

\xad (soft hyphen) remove it

\xae (registered ®) replace with (R)

\xb7 (dot ·) replace with an asterix *

Useful Docker commands

Interactively run command in a new container based on a Docker image

docker run -t -i -v `pwd`:/workdir -w /workdir 90e5ddae9277 /bin/bash

You can specify an image id, name, or name:tag. Image is downloaded from a configured registry, if needed. The current directory on the host is mapped to /workdir in the container. /bin/bash is started in that directory.

List running containers

docker ps

List all containers, and their sizes

docker ps -a -s

Start a stopped container, with terminal access

docker start -a -i 2edf9d536e3c

Remove a container

docker rm 2edf9d536e3c

Build an image using Dockerfile in the current folder

docker build .

Save Docker image

docker save -o myimage.tar 90e5ddae9277

Load Docker image from an input archive

docker load -i myimage.tar

List Docker images

docker image ls

Remove a Docker image

docker image rm 90e5ddae9277

See image history in human readable format – useful for identifying all the layers in an image

docker history -H 90e5ddae9277

Use eisvogel custom template with Pandoc

On macOS, the preinstalled tlmgr command is used to install \TeX packages from CTAN.

To list currently installed packages

tlmgr list --only-installed

To update tlmgr itself – you won’t be able to install packages unless you do

sudo tlmgr update --self

To install packages required by the eisvogel \LaTeX template for Pandoc

sudo tlmgr install csquotes mdframed needspace sourcesanspro ly1 mweights sourcecodepro titling pagecolor

The command needs to be run with sudo because the path where TeX and associated packages are installed is at /usr/local/texlive/2016basic/texmf-dist/tex and does not have write permission for my user.

To use the eisvogel template, clone its repo

git clone

To render PDF, in the folder cloned above, run

pandoc -f gfm -o file.pdf --template ./eisvogel.tex --variable titlepage=true

Remove the --variable titlepage=true option if you don’t want a title page.

Create valid self-signed certificates using OpenSSL

I was debugging a WebSocket connection failing with error net::ERR_INSECURE_RESPONSE, in Chrome, when I learnt that the self-signed certificate I was using was missing subject alternative names. This post brings together information I found in several different places, to create valid self-signed server certificates, using OpenSSL, that work with internet browsers such as Chrome.


To create a certificate with subject alternative names

openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=localhost' -keyout key.pem -out cert.pem -days 365 -config openssl.cnf -extensions req_ext

Additional distinguished name properties may be specified by changing the subj option

-subj "/C=US/ST=private/L=province/O=city/"

A minimalist openssl.cnf file that contains req_ext extension section with subjectAltName

[ req ]
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
[ req_ext ]
subjectAltName = @alt_names
DNS.1   = localhost
DNS.2   =

Print certificate to view subject alternative names and thumbprint/fingerprint

openssl x509 -noout -text -fingerprint -in cert.pem

Create pfx from private key and certificate in pem format

openssl pkcs12 -inkey key.pem -in cert.pem -export -out key.pfx

Create crt file from certificate in pem format

openssl x509 -outform der -in cert.pem -out cert.crt

Add private key to the appropriate key store and reconfigure server application.

Add certificate file to trusted root authorities key store. Restart the browser. It should be happy with the certificate provided by the server.

On Windows, PowerShell’s New-SelfSignedCertificate command can also be used to automate self-signed certificate creation and installation.

Windows IoT Core application using Xamarin Forms


Screenshot of my first Windows 10 IoT Core Xamarin Forms application running on a Raspberry Pi 3. The app is the first exercise in Udemy’s Xamarin Forms course. The UWP build targeting Windows IoT Core was created following Adding a Universal Windows Platform (UWP) App. Take a look at how other native UWP IoT Core samples look and work. Also take a look at Xamarin Forms sample apps available at GitHub. You can also create an OS X application following Bringing macOS to Xamarin.Forms.

ONC RPC version 2 over TCP/IP

This post discusses message structure of the Open Network Computing (ONC) remote procedure call (RPC) version 2. The protocol is specified in IETF RFC 5531. RFC 4506 specifies the C-like data representation syntax used in RFC 5531. RFC 1833 specifies an RPC service (portmapper) used to discover RPC services provided by a host.

ONC RPC in Wireshark
Wireshark RPC dissector

The ONC RPC message structure is defined in the specification as follows

struct rpc_msg {
    unsigned int xid;               /* transaction id */
    union switch (msg_type mtype) { /* message type */
    case CALL:
        call_body cbody;
    case REPLY:
        reply_body rbody;
  } body;

An unsigned int, according to the XDR specification, is a 4-byte unsigned integer value in big-endian byte order. Transaction id is therefore a 4-byte value. Message type is also an unsigned int value. A value of 0 indicates a call, 1 indicates a reply.

Message fragmentation is used over a stream oriented protocol such as TCP. Transaction id is therefore preceded by a unsigned int value that indicates the size of the fragment in bytes. The most significant bit (MSB) of the unsigned int is a boolean value that, when set, indicates the last fragment of a sequence of fragments.

The call body in turn is defined as follows

struct call_body {
    unsigned int rpcvers;  /* must be equal to two (2) */
    unsigned int prog;     /* program identifier */
    unsigned int vers;     /* program version number */
    unsigned int proc;     /* remote procedure number */
    opaque_auth cred;      /* authentication credentials */
    opaque_auth verf;      /* authentication verifier */
    /* procedure-specific parameters start here */

enum auth_flavor {
    AUTH_NONE = 0
    /* and more */

struct opaque_auth {
    auth_flavor flavor;    /* authentication flavor */
    opaque body<400>;

If authentication flavor in use is AUTH_NONE, authentication credentials is an unsigned int value of 0, followed by another unsigned int value indicating an authentication credential body size of 0. Authentication verifier is encoded in the same manner.

A reply is defined as follows

union reply_body switch (reply_stat stat) { /* Reply status */
    accepted_reply areply;
    rejected_reply rreply;
} reply;

struct accepted_reply {
    opaque_auth verf;
    union switch (accept_stat stat) { /* accepted status */
    case SUCCESS:
        opaque results[0];
        * procedure-specific results start here
        struct {
            unsigned int low;
            unsigned int high;
        } mismatch_info;
        * Void.  Cases include PROG_UNAVAIL, PROC_UNAVAIL,
    } reply_data;

union rejected_reply switch (reject_stat stat) {
    struct {
        unsigned int low;
        unsigned int high;
    } mismatch_info;
    auth_stat stat;

Reply status is an unsigned int value, followed by the authentication verifier encoded as explained earlier. A reply status value of 0 indicates an accepted message, which is followed by an unsigned int indicating accepted status (0 is success). A reply status of 1 indicates a rejected message, which is followed by an unsigned int indicating rejection status.

Blocks – string or opaque data, are padded with 0 to 3 residual bytes so that their length is a multiple of 4.