mark :: blog

<< prev [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 ]


Protocol: Jabber

I toyed with several ways of dealing with the home automation system. Misterhouse looked very impressive and was written in Perl so easy to extend, but it also liked to take control directly itself of any hardware. I wanted each bit of home automation hardware to have its own intelligence, it's own bot, allowing the hardware to exist on separate machines and architectures. So I started out writing bits of custom perl for each of the bits of hardware (with some C for things like serial interfacing which was hard for me to get to work perfectly with Perl). I then heard about the XAP project which looked quite interesting but seemed to have a number of weaknesses - it mostly relied on udp broadcast packets for the components to talk together (I wanted components on different network segments, some on wireless, some on links I share with video traffic - udp broadcast packets just are not reliable enough), the other problem was that the components already written were under a license that prohibited commercial use at all. Not that I intend to sell this, but if I'm going to work on software I want that sofware under a BSD-style license or failing that GPL. So my requirements were to have a lightweight messaging system ideally using XML that could run over a security layer (for the wireless network) that I could extend and easily write a custom client for. The answer of course was Jabber. With the Net::Jabber module I can easily write bots and clients in Perl for speed, and with the Perl Tk interface writing user interfaces takes no time at all and they work across platform: Linux or even Windows.

The nice thing about Jabber is that clients for Jabber exist for just about every platform. It's simply to take the source code for a Jabber client and add some buttons and things to make it control any aspect of the home automation system. And if no source exists you can simply chat to the lighting bot and tell it "lights living 18". The plan is to be able to control this all from a wireless PDA too.

Controller: Fujitsu Point

The big test; would Perl and Tk and a Net::Jabber client run okay on a AMD 100MHz processor running in 800x600 256 colour mode? The startup time is about a minute, but then once it's done it happily refreshes the screen with no real visible delays and sends and receives (and parses) messages without a hitch. Here are some pics from the initial interface written over Christmas vacation 2002.


Figure 1: Lighting interface (a Jabber x10 bot)


Figure 2: TiVo interface (a Jabber TiVo bot communicating with a custom tivoweb module that returns XML status information)


Figure 3: Heating interface (a Jabber to one-wire bot that talks to the one-wire temperature sensors, logs data using rrdtool, and talks to the one-wire heating switch)


Figure 4: Misc stuff interface (the DSL bot talking to the cable modem and the UPS bot talking to the UPS device. Alerts also come in here)


Figure 5: Caller ID interface (a Meteor caller id bot with pop-up pics for most of the people we know)


Figure 6: Interface to front door camera (rear only goes into the MV1000 so far)

Each hardware component has it's own bot that can be queried for status and can also be made to broadcast status information either when something changes or every minute. The client simply parses every message it receives and displays it in the right place. Software will be here soon.


I wanted to be able to mount the Fujitsu Point 510 on the wall. I looked for the official cradle but many months went by without one appearing on ebay. A couple of sites show how they mounted their Fujitsu Point into the wall, but I wanted to be able to lift it off and use it as a tablet from time to time too.

Inspiration hit when looking at the back of the Fujitsu and finding a large number of circular sticky covers - covering really nice screw points. So a couple of drywall fixings into the wall and custom brackets later and here is the result. The custom brackets were made from spare PC expansion card slot covers, nice and thin but quite strong)


Infrastructure

NetworkLightingHeatingAVThe rest

Plans (as time and money permits)


My paper on "Security Response and Vendor Accountability for Open Source Software" was accepted for Linux World 2003 in San Francisco and I'm giving a similar talk at Linux for Business in London on the 10th June. The role of the open source vendor is often neglected when folks talk about the security of open source software.

House modifications are coming along well, with updates to the Home Automation security software (a few suprises for any intruder), and some large black marble balls on a rockery out the front. Tracy has been spending a few days pressure-washing the driveway which is fun apart from the occasional lump of sand that gets blasted at random parts of your body. Sand in your nose is quite annoying.


Had an interesting week wading through vulnerability details and the various advisories which never really seem to match the facts. Take one Linux vendor for example who got confused about the Oracle mod_dav vulnerability and, even though they were not affected by the vulnerability, released new Apache mod_dav packages. To add to the confusion their newly released errata packages had actually added a patch which added in the vulnerability. So they started out not vulnerable, but then released a patch which was meant to remove the vulnerability but actually really made them vulnerable. No wonder folks are confused. Wrote a bit of a rant about it in Apache Week this week.


So I've been spending some time trying to work out what to do with the home automation components - they're a mess of C and Perl that have no real way of communicating with each other. I found this thing called xAP which is designed for home automation components to talk to each other, but it's based mainly on UDP broadcast datagrams - not something I'd trust to make sure things happened when my alarm was triggered. Plus some of the components already written are under a non-GPL, non-BSD license that prohibits commercial use, yuk.

Anyway the idea was to look for something that would use standard components, where frameworks existed in Perl and C for me to write simple code, and to work on the principle of messaging - the UPS for example would respond to status requests and give you things like the temperature and voltage; with a heartbeat notification with the status included every minute; but with urgent alarms to anyone who registers an interest in getting them. Whats the solution? Jabber! In about an hour I had a jabber server running and a test Perl client doing just that; this thing will rock :)


What a busy couple of days. It all started last month with a seemingly innocent DOS being reported to the Apache security team. jorton and I spent some time analysing it and found that although it wasn't exploitable on 32 bit until platforms it may well be exploitable on some 64 bit machines. Then started the co- ordination work with CERT.

Then, suddenly, the ISS team announced the same issue publically causing us to go into firefighting mode and release the advisory (which I'd fortunately already drafted and got positive feedback on), followed by seemingly hundreds of press calls, lots of additional analysis, and reading ISS say I was untrustworthy in some Chicago newspaper ;-)

Now for some sleep


Several hours later and I manage to find out the extended commands for the LW11G dimmer unit. Can't find these anywhere else mentioned on the web, so for future generations:

# Extended X10 control of LW11G dimmer
#
# Unlike other L*11* modules the LW11G
# seems to only respond to code 53.  Set the data to
#
# 0 = immediate off
# 255 = immediate on
# 1-254 = slowly dim or bright to that level, turns on if
not already


A discussion about XML status output in Apache came up this week and so I pointed out a mod_status_xml I wrote a month or two ago. It would be great to get something like this module (or a patch to mod_status) into the core as once you can get XML status output you can do all sorts of cool things like historic graphs, real time graphs, and so on. Kind of like the stuff from 1995 that graphed server status but now using SVG.


So I keep finding web logs mentioning Douglas Adams who died at the weekend aged only 49. I'll add my story:

I'm a huge fan of Douglas Adams (was in the fanclub ZZ9-plural-Z-alpha as a teenager) and at ApacheCon in London last October got into line to get my book signed by him (photo). The second time around when things had become more quiet I approached him again to get a book signed for Apache Week to give away. Instead of idle chit-chat I asked him about the film. This peaked his interest and he launched into telling me all about it and the problems and was really animated. He seemed pleased that someone was interested in it and was happy to talk to me for a few minutes until I thought I'd held up the line long enough. Or maybe he'd realised that the more he talked to me the less books he had to sign.

The signature in the two books were far from identical, but it read "Bop Ad" just like I expected.

<< prev [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 ]

Hi! I'm Mark Cox. This blog gives my thoughts and opinions on my security work, open source, fedora, home automation, and other topics.