mark :: blog
I do believe that some of the new security technologies being worked on for Linux will reduce the threat of automated attacks and reduce the risk of some vulnerabilities to users. I also think that it will make writing worms much harder in the future.
But note I always say much harder and never impossible ;-)
I've just realised that I never finish anything that I do in my spare time. I tend to keep getting distracted by new and exciting projects so everything sits about 80% complete:
Home automation via bluetooth: I wrote a jabber bot which interfaced with my Ericsson phone and added an accessories menu letting me do things like set the heating, lighting, and so on. But it doesn't auto detect the phone coming into and out of the house, or pass on SMS messages, or do anything cunning with images.
Put the TiVo in another room:
I built a test circuit to pass composite video over CAT5 which works really well - the idea is use it to distribute RGB from the TiVo (by having 4 such circuits) which means I can bung it out of the way.
Java fun: I just bought a T610 phone and started playing with Java on it so I can do cunning things like view the cameras outside my house remotely from anywhere.
GTK: A jabber bot for the home automation system that pops up little animated transparant pictures of the people that call the house. It kind of works, but doing animation and changing the mask causes flickers.
Spare time over the last few weeks has been a bit limited what with the OpenSSH and Sendmail issues, and I guess I need to finish off my talk for ApacheCon.
I toyed with several ways of dealing with the home automation system. Misterhouse looked very impressive and
was written in Perl so easy to extend, but it also liked to take control directly itself of any hardware. I wanted
each bit of home automation hardware to have its own intelligence, it's own bot, allowing the hardware to exist
on separate machines and architectures. So I started out writing bits of custom perl for each of the bits of
hardware (with some C for things like serial interfacing which was hard for me to get to work perfectly with Perl).
I then heard about the XAP project which looked quite interesting but seemed to have a number of weaknesses - it mostly
relied on udp broadcast packets for the components to talk together (I wanted components on different network segments,
some on wireless, some on links I share with video traffic - udp broadcast packets just are not reliable enough), the other
problem was that the components already written were under a license that prohibited commercial use at all. Not that I
intend to sell this, but if I'm going to work on software I want that sofware under a BSD-style license or failing that
GPL. So my requirements were to have a lightweight messaging system ideally using XML that could run over a security
layer (for the wireless network) that I could extend and easily write a custom client for. The answer of course was
Jabber. With the Net::Jabber module I can easily write bots and clients in Perl for speed, and with the Perl Tk interface
writing user interfaces takes no time at all and they work across platform:
Linux or even Windows.
The nice thing about Jabber is that clients for Jabber exist for just
about every platform. It's simply to take the source code for a
Jabber client and add some buttons and things to make it control any
aspect of the home automation system. And if no source exists you can
simply chat to the lighting bot and tell it "lights living 18".
The plan is to be able to control this all from a wireless PDA too.
Controller: Fujitsu Point
The big test; would Perl and Tk and a Net::Jabber client run okay on a AMD 100MHz processor running in 800x600 256
colour mode? The startup time is about a minute, but then once it's done it happily refreshes the screen with no
real visible delays and sends and receives (and parses) messages without a hitch. Here are some pics from the
initial interface written over Christmas vacation 2002.
Figure 1: Lighting interface (a Jabber x10 bot)
Figure 2: TiVo interface (a Jabber TiVo bot communicating with a custom tivoweb module that
returns XML status information)
Figure 3: Heating interface (a Jabber to one-wire bot that talks to the one-wire temperature sensors,
logs data using rrdtool, and talks to the one-wire heating switch)
Figure 4: Misc stuff interface (the DSL bot talking to the cable modem and the UPS bot talking to the UPS device.
Alerts also come in here)
Figure 5: Caller ID interface (a Meteor caller id bot with pop-up pics for most of the people we know)
Figure 6: Interface to front door camera (rear only goes into the MV1000 so far)
Each hardware component has it's own bot that can be queried for status and can also be made to broadcast
status information either when something changes or every minute. The client simply parses every message
it receives and displays it in the right place. Software will be here soon.
<mjcox> sessions by cox
<faqtoid> Found 1 session (for event '2003/US'):
<faqtoid> TU13, "Apache Security Secrets Revealed" (Mark Cox), 14:30 Tue
So it looks like I'll be out in Vegas for ApacheCon 2003!
I wanted to be able to mount the Fujitsu Point 510 on the wall. I looked
for the official cradle but many months went by without one appearing on
ebay. A couple of sites show how they mounted their Fujitsu Point into
the wall, but I wanted to be able to lift it off and use it as a tablet
from time to time too.
Inspiration hit when looking at the back of the Fujitsu and finding a large
number of circular sticky covers - covering really nice screw points. So
a couple of drywall fixings into the wall and custom brackets later and
here is the result. The custom brackets were made from
spare PC expansion card slot covers, nice and thin but quite strong)
Preparing for LinuxWorld - it will be good to be in San Francisco again after so many years away.
Also this month I got elected to the board of directors of the Apache Software Foundation. Actually I had no intention of standing, but got nominated and seconded before I realised so decided I had nothing to lose and wrote up a manifesto. The new ASF transferable voting system that not everyone understood, and my surname being close to the start of the alphabet may have helped skew the votes - but none the less I was voted in and intend to make the most of it to advance the goals of the foundation.
A couple of months ago I was playing with bluetooth - It actually was pretty easy to add a new accessory menu and a perl state engine to allow me to do cool things like dim the lights and get the temperatures and send short messages to the tv via tivo. I kind of lost interest in it and so whilst it works perfectly it doesn't detect you arriving or leaving with the phone, and leaving bluetooth on all the time tends to drain the battery. A few folks asked me how I got bluetooth working with Red Hat Linux 9 (the answer is to cheat and use the bluez packages out of rawhide)
Our new bathroom finally got installed and I couldn't resist adding in extra cables in the new ducts between rooms - so now behind a panel in the bathroom we have various cables and power - quite fancy doing some network streamed audio in there and putting some marine speakers in the ceiling, low quality but the noise of the whirlpool and extractor fan will drown out the imperfections anyway.
3 CAT5 cables to most rooms in the house. Fortunately the
builder ran some extra cables through the house for me before it was
too late and the final fix happened. I found some cunning 3-outlet
sockets from BKA which look good and
blend into a domestic environment.
Wireless network (802.11g) that reaches through most of
the house, but on an untrusted part of the internal network. This
generally gets used by web tablets as the coverage isn't great.
Satellite-grade coax to most rooms. This allows the cable
modem and cable tv box to all be in separate rooms and away from their
entry point. Some of the internal cameras use these connections.
UPS for all the important bits, highly necessary since the house
voltage is regularly over 250 volts and a little tempremental sometimes.
Various networking stuff: transparent firewall, second firewall+NAT,
one of those D-Link multi-protocol print servers serving a laser and inkjet
Home automation server. In early 2005 my old 400MHz PC finally
gave up. It was running Red Hat Enterprise Linux 2.1 (it was running
Red Hat Linux even before I started working for Red Hat). Machine was
replaced with a dual-AMD machine. This machine runs the Jabber server and the various HA bots.
A central 19" patch panel for the CAT5, coax,
and 10/100 16 port switch (bought from ebay).
See photo (Mar 2002).
19" Wall bracket from Minitran
Cable internet and TV from Telewest. The Telewest termination
point is in the garage, see photo (Feb 2002).
The cable goes to the central patch panel where it's split to the
cable modem and runs back to the living room where the decoder lives at
- How we chose our lighting switches and settled on the Intelliswitch.
A german LW11G X10 dimmer switch controlling 10 25W recessed
lights in the main room, the switch *just* fits in the drywall backbox.
I spent many hours working out where to put the computer control unit,
a CM12U, so that it managed to send signals to reach all the rooms
in the house - nearly everywhere I put it there was a blackspot where
things wouldn't work. Anyway having the CAT5 meant it doesn't matter
where the CM12U is as the CAT5 provides a serial link back to node0.
An AD10 and LW10 finish off the X10 stuff, controlling two sets of
Christmas lights right now. X10 stuff from Laser
Control of the central heating system (it had a 240v switched input
which we control with a relay from a 1-wire switch.
A set of one-wire temperature sensors from Maxim together with a
1-wire usb interface to allow logging of temperature from around
the house. We recently added a 1-wire hub so we could use a star
network of more than a couple of sensors.
Anyway the raw data goes into rrdtool and the
output graphs get uploaded via DAV here.
Control of a plasma screen
Five Fujitsu Point 1600 webpads mounted on
the wall to control everything.
Caller ID unit that logs incoming and outgoing calls. This is
hooked to a Linux box with a bit of C software to decode the
Caller ID displayed on the TiVo by using the jabber system
Alarm system. The communicator outputs are also wired to
a Linux box which triggers various events based on the state of
SMS alerts. The main linux box is hooked to a dedicated mobile
phone used to send alerts from the UPS, alarm etc.
(and allow remote control of various things). Since phone
cables here are above ground they're too easy to cut!
Plans (as time and money permits)
Control the external lighting and curtains (I installed pull-cord
curtains already to make this easier)
Work out a system for distributed TV. At the moment the TiVo's
RF output feeds up to a distribution amplified in the loft, need to
work out how to watch DVD's (RGB out only) and work on an IR
distribution system (currently a single 'One For All' remote extender)
Maybe move the TiVo and cable box to the node0 and send the
signal up to the lounge over CAT5
This month I decided to play with bluetooth for fun. I bought one of the MCI class-1 USB bluetooth dongles and spent a little time getting the bluetooth utilities supplied with Red Hat Linux 9 working. It certainly has potential, using AT commands I can remotely create menus on my phone, capture key presses, capture and send sms, monitor call progress and much more.
So the plan is that when I enter the house I'll get a new menu on my phone letting me control the lights and stuff, with incoming calls and SMS displayed on the tv/mp3 player and so on. I couldn't find anyone who has interfaced a jabber client to a t68i so I'll have to write that bit first. The other problem is that the bluetooth stuff works fine when it works, but take the phone out of range and nothing notices - so it'll need a bit more effort to get it reliably detecting phones coming into and out of range.... anyway it'll be a fun month.
My paper on
"Security Response and Vendor Accountability for Open Source Software" was accepted for Linux World 2003 in San Francisco and I'm giving a similar talk at
Linux for Business in London on the 10th June. The role of the open source vendor is often neglected when folks talk about the security of open source software.
House modifications are coming along well, with updates to the Home Automation security software (a few suprises for any intruder), and some large black marble balls on a rockery out the front. Tracy has been spending a few days pressure-washing the driveway which is fun apart from the occasional lump of sand that gets blasted at random parts of your body. Sand in your nose is quite annoying.
Hi! I'm Mark Cox. This blog gives my
thoughts and opinions on my security
work, open source, fedora, home automation,
and other topics.
pics from my twitter:
red hat summit,