mark :: blog

<< prev [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 ] next >>


As I was commiting the template for this weeks issue of Apache Week I noticed that it has now been exactly eight years since I wrote the first issue. Back then Apache wasn't so popular and the documentation was lacking. Apache Week was designed specifically to give administrators the confidence to try the Apache web server on their machines without having to parse the hundreds of messages each week on the developer mailing list. That first issue was written over a 64k ISDN dial-up line from a computer perched on stark IKEA tabletop. Friday afternoons were spent writing up what had happened during the week. Not much has changed. Actually, I think that IKEA tabletop is still sitting in storage somewhere at Red Hat in Guildford. I wish I'd kept hold of it, it would have been useful for my girlfriends sons train layout.

Over the years there have been many times when we've thought about stopping production, usually when a competitor announced some other Apache magazine that we thought would do a better job than we do. But most of them gave up. They probably realised that there wasn't any money to be made from an Apache httpd journal.

UK Web became C2Net which became Red Hat, and Apache Week is still going strong. We'll have to think of something exciting to do for our tenth birthday.


I wrote a Windows application last night! Then realised that I'd actually not written any windows stuff for over ten years. The last Windows app I wrote was with Paul Sutton back in 1993 when the Windows Sockets Library had just been brought out. We wrote a winsock Connect-4-type game. When I visited Microsoft whilst working at C2Net I actually met one of the winsock original authors who even remembered using our game. Anyway, Windows applications seem to be a whole different world; with hundreds of web sites trying to sell you utilities. Awful utilities. Things you could do with 3 lines of Perl that the author has made shareware and wants you to pay $15 to unlock.

So to spread some good Karma my OTP OPIE S/KEY client thingy is free, with source. Although I have to admit that it's probably about 40 lines of code linking to existing libraries, and it probably took me longer to write the web page and draw the icon than write the app.

Now I can get back to doing the work on the system that I needed to use the OTP calculator to log into in the first place ;)


Am I expecting too much? I bought a iPAQ h4350 this week to replace my aging Palm Vx. Except I can't replace it yet. My Palm has a cute free application to do memo encryption, a one-time-password generator, a unit converter with every unit you can think of (including knowing that US and UK gallons are different) and even a ssh client. Finding replacements for these is a nightmare. The iPAQ comes with f-secure file crypto, but try to find it on the f-secure site and you get pointed to some new company they sold it to, that doesn't have any upgrades or useful information. The f-secure filecrypto stuff doesn't integrate very well anyway. I bought a drive crypt program from SecureStar. It crashes. Microsoft Money won't sync my foreign currency accounts. People want me to pay USD30 for a silly unit conversion utility, and don't even get me started on ssh or otp/skey programs.

It's been a frustrating week!


I've just realised that I never finish anything that I do in my spare time. I tend to keep getting distracted by new and exciting projects so everything sits about 80% complete:

Spare time over the last few weeks has been a bit limited what with the OpenSSH and Sendmail issues, and I guess I need to finish off my talk for ApacheCon.


Protocol: Jabber

I toyed with several ways of dealing with the home automation system. Misterhouse looked very impressive and was written in Perl so easy to extend, but it also liked to take control directly itself of any hardware. I wanted each bit of home automation hardware to have its own intelligence, it's own bot, allowing the hardware to exist on separate machines and architectures. So I started out writing bits of custom perl for each of the bits of hardware (with some C for things like serial interfacing which was hard for me to get to work perfectly with Perl). I then heard about the XAP project which looked quite interesting but seemed to have a number of weaknesses - it mostly relied on udp broadcast packets for the components to talk together (I wanted components on different network segments, some on wireless, some on links I share with video traffic - udp broadcast packets just are not reliable enough), the other problem was that the components already written were under a license that prohibited commercial use at all. Not that I intend to sell this, but if I'm going to work on software I want that sofware under a BSD-style license or failing that GPL. So my requirements were to have a lightweight messaging system ideally using XML that could run over a security layer (for the wireless network) that I could extend and easily write a custom client for. The answer of course was Jabber. With the Net::Jabber module I can easily write bots and clients in Perl for speed, and with the Perl Tk interface writing user interfaces takes no time at all and they work across platform: Linux or even Windows.

The nice thing about Jabber is that clients for Jabber exist for just about every platform. It's simply to take the source code for a Jabber client and add some buttons and things to make it control any aspect of the home automation system. And if no source exists you can simply chat to the lighting bot and tell it "lights living 18". The plan is to be able to control this all from a wireless PDA too.

Controller: Fujitsu Point

The big test; would Perl and Tk and a Net::Jabber client run okay on a AMD 100MHz processor running in 800x600 256 colour mode? The startup time is about a minute, but then once it's done it happily refreshes the screen with no real visible delays and sends and receives (and parses) messages without a hitch. Here are some pics from the initial interface written over Christmas vacation 2002.


Figure 1: Lighting interface (a Jabber x10 bot)


Figure 2: TiVo interface (a Jabber TiVo bot communicating with a custom tivoweb module that returns XML status information)


Figure 3: Heating interface (a Jabber to one-wire bot that talks to the one-wire temperature sensors, logs data using rrdtool, and talks to the one-wire heating switch)


Figure 4: Misc stuff interface (the DSL bot talking to the cable modem and the UPS bot talking to the UPS device. Alerts also come in here)


Figure 5: Caller ID interface (a Meteor caller id bot with pop-up pics for most of the people we know)


Figure 6: Interface to front door camera (rear only goes into the MV1000 so far)

Each hardware component has it's own bot that can be queried for status and can also be made to broadcast status information either when something changes or every minute. The client simply parses every message it receives and displays it in the right place. Software will be here soon.


I wanted to be able to mount the Fujitsu Point 510 on the wall. I looked for the official cradle but many months went by without one appearing on ebay. A couple of sites show how they mounted their Fujitsu Point into the wall, but I wanted to be able to lift it off and use it as a tablet from time to time too.

Inspiration hit when looking at the back of the Fujitsu and finding a large number of circular sticky covers - covering really nice screw points. So a couple of drywall fixings into the wall and custom brackets later and here is the result. The custom brackets were made from spare PC expansion card slot covers, nice and thin but quite strong)


Infrastructure

NetworkLightingHeatingAVThe rest

Plans (as time and money permits)


My paper on "Security Response and Vendor Accountability for Open Source Software" was accepted for Linux World 2003 in San Francisco and I'm giving a similar talk at Linux for Business in London on the 10th June. The role of the open source vendor is often neglected when folks talk about the security of open source software.

House modifications are coming along well, with updates to the Home Automation security software (a few suprises for any intruder), and some large black marble balls on a rockery out the front. Tracy has been spending a few days pressure-washing the driveway which is fun apart from the occasional lump of sand that gets blasted at random parts of your body. Sand in your nose is quite annoying.


Had an interesting week wading through vulnerability details and the various advisories which never really seem to match the facts. Take one Linux vendor for example who got confused about the Oracle mod_dav vulnerability and, even though they were not affected by the vulnerability, released new Apache mod_dav packages. To add to the confusion their newly released errata packages had actually added a patch which added in the vulnerability. So they started out not vulnerable, but then released a patch which was meant to remove the vulnerability but actually really made them vulnerable. No wonder folks are confused. Wrote a bit of a rant about it in Apache Week this week.


Back to work on Monday, but this holiday I've managed to avoid getting into doing real work by playing with the home automation system. I've now finished the conversion of all the components to Jabber bots, written a control client, and got all the one-wire Dallas switches and sensors up and running. some screenshots are available

A hope Google extends the shopping idea to the UK; I've wasted too many days this holiday looking for stuff for the house - just trying to find the right table for our kitchen took two days - I just want to search for a round glass 90-110cm table plus four chairs for under 400 pounds and click on 'buy me'.

<< prev [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 ] next >>

Hi! I'm Mark Cox. This blog gives my thoughts and opinions on my security work, open source, fedora, home automation, and other topics.