| |
mark :: blog :: ha
We keep all our friends and family contacts in a single text file in vCard
format. We sync this file to our phones (mobile and house DECT phones) and home
automation system (for caller ID and phone book). I also print out a copy to
take when travelling. Except I rarely print out an update as I've failed to
find any useful program to pretty print the contacts. Previously I used a quick
hack script in perl to convert the vcard entries to HTML, but it wasn't clever
enough to handle page breaks and needed manual setting all the margins and page
sizes correctly. I like to print it to fit in my paper planner, a Compact size
Franklin Covey planner system.
I've been using Scribus for a few months,
mostly for our
wedding invites and
stationary, and spotted that Scribus had a Python API. So a few hours later and
out has popped a Python script you can use to pretty print a vCard vcf file,
handling page breaks, images, and large margins to skip the hole punches.
Here is an extract from a sample vCard file:
BEGIN:VCARD
ADR;TYPE=work:;;10 Downing Street;London;SW1A 2AA
TEL;TYPE=fax:+44 2079 250918
NICKNAME:Prime Minister
FN:Gordon Brown
N:Brown;Gordon
PHOTO;VALUE=URI:http://www.number10.gov.uk/wp-content/uploads/pm-official-pic-234x300.jpg
VERSION:3.0
END:VCARD
You'll need a few things:
- a sample vCard
file or your own one
- vcf2scribus.py
script (version 1.0)
- A recent version of Scribus. 1.3.5 works, but earlier ones will not.
- You'll also need the python vobject library installed
if you haven't already got it
Use the "Script"
"Execute Script" option, find and select vcf2scribus.py and
hopefully you'll end up with something like this:
You can then save it as a pdf or print it direct.
The script is a bit of a hack and has hard-coded page sizes, fonts, margins,
vcard sections used, and so on. But I figure it might save someone a couple of
hours and only needs a bit of modification to suit. It would be fairly easy to
extend the script to use the Scribus API to let folks select the vcard file,
page sizes, fonts, and things. Bonus points if you fix it to figure out the final sizes of the
images and right align them. This is my second ever python program so no
sniggering at the code!
A few years ago I automated the treadmill in our guest room as a way of motivating
Tracy and I to keep fit. The treadmill sent us emails when we used it, and the
touch panels around the house showed how much we'd used it in the last week and
month. This worked really well for some time; until the point we realised if we both
agreed to stop using it on the same day then there would be no competition, no winner, no loser,
and neither us would feel bad.
Last winter the Red Hat video team came to my house to record some footage for both
internal and external use. On one of the internal videos they look at my home
automation system, point the camera at a wall tablet, and figure out that I'd not
used my treadmill in over two years. So there were really two options (1) remove the
year from the display so it would never look like we were slacking for more than
a year, or (2) find a way to get motivated again.
Recently we both started using Twitter, so it seemed like a natural progression to
hook the treadmill to twitter and have it publicly embarrass us for slacking
off.
So the treadmill now has it's own twitter page.
We called it 'twedmill' ('tweadmill' perhaps is more correct, but just sounds like a
factory that weaves twead jackets).
Here is how it works:
The treadmill itself is pretty standard; it's from Trimline and has a fancy
computer. When I looked inside and saw a PIC I was tempted to interface direct
to the computer, but didn't really have the time to get around to that.
Although the treadmill does things like have a variable incline and measurement of heart
rate, all I really care about it making sure we were using it, for how long,
and how far we got.
Under a cover in the base are the PWM controllers, motors, and the belt
drive to the treadmill deck. The treadmill itself measures the belt speed
by having a single magnet on the wheel and a small sensor next to it, one
revolution giving one pulse. So to keep things simple I just hot-glued a
spare reed switch I had around so the same magnet would trigger it. The reed
switch happily copes with the treadmill even on top speed, so no real need
for anything more fancy.
I didn't have anything that could accurately measure the diameter of the roller, so
by counting pulses at various speeds and comparing to the onboard
display it worked out at 8122 pulses/revolutions per (uk) mile (so that's
about 198mm of travel per pulse, making the diameter of the
roller about 63mm).
I use a 1-wire network in the house to measure temperatures, watch the doorbell,
and control the central heating system, so I wanted to use the same system
to deal with the treadmill. So the reed switch connects to a DS2423
counter (Unfortunately it seems the DS2423 is discontinued now). The DS2423 was
only available in a surface-mount package, so I found some converters on ebay
to save having to design a PCB just for three components. The
DS2423 connects into a 1-wire hub in node0, then to a 1-wire USB adapter on our main
server, currently running Fedora 10.
The software used in based on the source code from 'digitemp'
as it includes
code in cnt1d.c to read the counter values. Every ten
seconds the jabber treadmill bot switches to the right network segment
on the 1-wire hub then polls the counter of the DS2423 to see
if the treadmill has moved. Once the treadmill has stopped moving for
a while the software stores the total distance travelled and time in
a database, sends an email, and uses the perl Net::Twitter module to
post a mesage to twitter. (It can also draw a graph showing speed over
time, but that turned out to be not very interesting)
For the future I'd quite like to hook directly into the
treadmill computer, perhaps giving two way control of the treadmill programs, as
well as recording the incline and heart rate. Another idea has been to use the
current treadmill speed to decide which music video to play next based on bpm (the tv is
connected to an old XBOX running XMBC so could easilly be remotely controlled to
switch videos). Or perhaps link it to google streets for a virtual jog through
some random town. Finally, you currently have to select who is using the
treadmill before (or very quickly after) using it using the touch panels in the
house; which seems like a good excuse to play with some RFID in our shoes, perhaps
also using that to select a playlist of music videos per person.
ZoneMinder is an amazing Linux video camera
security and surveillance application I use as part of my home automation
system. ZoneMinder prior to version 1.23.3 contains unescaped
PHP exec() calls which can allow an authorised remote user the ability to run
arbitrary code as the Apache httpd user (CVE-2008-1381)
CVSS
v2 Base Score 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
This is really a moderate severity flaw because you need a remote attacker who
has the ability to start/stop/control ZoneMinder, and you really should protect
your ZoneMinder installation so you don't allow arbitrary people to control your
security system. (Although I think at least one distributor package of
ZoneMinder doesn't protect it by default, and you can find a few unprotected
ZoneMinder consoles using a web search).
I discovered this because when we went on holiday early in April I forgot to
turn down the heating in the house. Our heating system is controlled by
computer and you can change the settings locally by talking to a Jabber heating
bot (Figure 1). But remotely over the internet it's pretty locked down and the only thing
we can access is the installation of ZoneMinder. So without remote shell access,
and with an hour to spare at Heathrow waiting for the connecting flight to
Phoenix, I figured the easiest way to correct the temperature was to find a
security flaw in ZoneMinder and exploit it. The fallback plan was to explain to
our house-minder how to change it locally, but that didn't seem as much fun.
So I downloaded ZoneMinder and took a look at the source. ZoneMinder is a
mixture of C and PHP, and a few years ago I found a buffer overflow in one of
the C CGI scripts, but as I use Red Hat Enterprise Linux exploiting any new
buffer overflow with my ZoneMinder compiled as PIE definately wouldn't be
feasible with just an hours work. My PHP and Apache were up to date too. So I
focussed on the PHP scripts.
A quick grep of the PHP scripts packaged with ZoneMinder found a few cases where
the arguments passed to PHP exec() were not escaped. One of them was really
straightforward to exploit, and with a carefully crafted URL (and if you have
authorization to a ZoneMinder installation) you can run arbitrary shell code as
the Apache httpd user. So with the help of an inserted semicolon and one reverse shell
I had the ability to remotely turn down the heating, and was happy.
I notified the ZoneMinder author and the various vendors shortly after and
updates were released today (a patch is also
available)
Figure 1: Local heating control
Last month I read a blog entry from
hadess via Fedora Planet about hardware to let you run homebrew
applications on Nintendo DS. There is a ton of homebrew applications
available, but as of yet no jabber client.
My home automation system is all based around XMPP, with a standard Jabber
server to which all the home automation systems connect to share messages. I
wrote it like this so that it would be easy to just take some existing Jabber
client for a platform and be able to come up with a nice looking front end with
minimal effort.
I found Iksemel, a portable
C XML parser and protocol library that looked perfect, and it only
took a couple of hours to have it ported on the NDS, and a couple
more hours to get it working with PAlib for wifi. It's not a generic
Jabber chat client, but it wouldn't take too much work to make it into
one (although I didn't bother with encryption support so you won't be
able to use it with Google talk servers for example). Anyway, the code
might save someone a few hours, so I've made the source available.
I've included a copy of Iksemel, so if you want to build this yourself
all you need is a working development environment: devkitpro and PAlib. This
still needs some work, I need to integrate a library to handle displaying
images from the network (when the phone rings it can pop up the callers
picture or a streaming picture from one of the cameras when the doorbell
is pushed)
Over the Christmas holiday I joined Second Life. I wasn't expecting to find it interesting as I don't use chat systems at all outside of work (all of the Red Hat Security Response Team work in different locations around the world so irc provides a good crisis room). But I was quickly hooked and started creating shirts, figuring out ways that Sonik could play a live gig, playing Myst-like adventure puzzles, and virtually dancing to great music.
Having discovered libsecondlife and having a few spare hours this weekend I installed mono development tools and knocked up a quick libsecondlife to Jabber interface. All my home automation communicates using XMPP, so by giving my second life avatar the ability to communicate to my Jabber server he can do all sorts of things. My avatar gets notification when the phone rings and can tell me the callers number (and do a cute little animation to pick up a phone), the avatar can turn on and off the house lights, or find the temperatures of rooms.
I've not figured out a use for this yet. I've a few ideas though which will need to wait until there's more free time.
The hot weather followed me back to Scotland, which is nice for me but not so nice for my 3m^3 computer cupboard which, being unventilated, gets quite warm and toasty. Today with the outside temperature at 20C and the inside temperature at 24C the cupboard was at 30C with the door closed, or 26C with the door open. So I cut a holes in the plasterboard in the wall near the top, a 120mm fan (with useless but cute blue LEDs, but nice and quiet with a fairly good flow rate), a nice looking outlet vent to hide the messy holes, and enough space for air to get in at floor level under the door. With the fan on and the door closed the temperature started rising, although slower than normal, to 29C. Turn the fan off, 30C.... so it's pretty consistant, but not particularly worth the effort. I need to figure out if my fan isn't moving enough air, or if it's just bad placement. -- I don't think I can get away with making any more large holes in the wall though, well not until Tracy goes out of the house for a few hours ;)
I saw a couple of Fujitsu Point 1600 tablets going on ebay for US$150 for the pair and couldn't resist. My house already has a number of Fujitsu Point 510 tablets around with a simple Perl/TK interface to control heating, lighting, security, house cams, incoming phone calls and so on. But the old 510's were starting to show off their less than impressive specs 56Mb 75MHz 256 colour. The 1600 is a bit better at 160Mb and 166MHz with enough graphics ram to go to 24 bit colour at 800x600. Fortunately the 1600 is pretty similar to the 510 externally so the wall mount is the same, and in fact they use the same LCD and touchscreen so I can use the 510's as backlight spares (isn't it wacky when you can get a new 510 for about half the price of a replacement backlight for the LCD). Of course now I have faster tablets it means I'm likely to write more GUI to slow them back down again.
I'm standing in the middle of Target when my phone vibrates to tell me there is an incoming SMS message, the message is from my home automation system and tells me that the alarm has been triggered. Then a second text to show it's a confirmed alarm. There's really not much I can do about it being a few thousand miles from home apart from try calling my partner or the neighbours. If I was in the UK I'd be able to bring up a little picture from the house cameras to see what was going on, but GPRS wasn't enabled for whatever roaming partner we have in New Hampshire. Anyway it turns out my partner had triggered it without noticing and she had left the house. The mobile conversation went along the lines of "oops - how do you cancel this thing?" "Sorry, Can't hear you, all the sirens in the background" "What?" "Hello?" "helloooo?" Anyway I'd forgotten that even after turning it off you had to reset the alarm to clear the events, and until then the HA system continued to shreak, wail, and flash the lights, probably to the delight of everyone in the chocolate isle of Target. Mapopolis is working really well once you get used to it, it's managed to get me out of a number of sticky situations and it doesn't endlessly complain like TomTom if I decide to take an alternative route, it just makes a happy "ching" sound and gets on with rerouting you.
I'm fed up of keep missing the postman when he rings the doorbell and we don't hear it as we're in the kitchen or have the music on. It's one of those HA things I've never got around to - in my first student house 10 years ago the first thing we did was to hook the doorbell up to our shared-house Novell server (called Malawi since it lived inside a wood box with that label) so that it popped up on everyones computer when someone was at the door (and being students we'd just all just sit there and ignore it, perhaps sending popup messages to each other to find someone who would go answer it).
I use one of these RF doorbells (Friedland Libra) and picked up a identical spare unit from Ebay for 8 pounds. I made sure to get a battery one not one that plugs directly into the mains as they don't bother using a transformer to step down the voltage, so interfacing to it is more risky.
Inside is a RF circuit and a PIC microprocessor and, fortunately, one of the output pins acts as a mute for the sound circuit. So one pin is high around 3v and is pulled low for a couple of seconds as the doorbell rings). I hooked this to a 3-pin DS2406, a one-wire device from Maxim that can monitor a single IO pin (a high is 2.2v or greater) and report on the status (and if there have been any transitions since you last spoke to it). These things are mad, a tiny package the size of a transistor with internal processor, 1Kb of EEPROM and an unique id. Pretty reliable too, one has been monitoring the heating system for the last couple of years. So one device, four wires, and now a Jabber bot announces within about a second when there is someone at the door. All for about 10 pounds of parts and an hours work.
Vcard implementing application suck. Over the holidays I decided to unify my contacts, I had different people in different places. When a flight got delayed for 24 hours in New York I was lucky that I had a friend in New York in the right contact database. Anyway I decided to standardise on vcf (vcard) format. One long big text file with entries for all my contacts. Sounds good so far, right? Well it turns out everyone deals with vcf files in a different way. Palm Desktop (win) will import such a file but trashes fields it doesn't understand (which means its a one-way import). Updating entries, even keeping the same serial number, causes it to create a duplicate entry.
My T610 phone will happily email me a vcf file and cunningly even embed the photo associated with the contact. But it isn't so happy having vcf's pushed back to it (you have the same duplication issues and it ignores the pictures). Outlook will only import one VCF entry at a time and seems to trash fields it doesn't understand. I can make Outlook express crash badly given a certain VCARD 3.0 format vcf file. Time to go play with kdepim (although the version I had installed on Red Hat Linux 9 didn't cope with version 3 stuff) and we just issued a kdepim erratum yesterday due to vcard processing vulnerabilieis. Hmmmm.. perhaps it's safer and quicker to just print out my contacts and stick the pages in my Franklin Covey planner.
|
|
|
Hi! I'm Mark Cox. This blog gives my
thoughts and opinions on my security
work, open source, fedora, home automation,
and other topics.
pics from my twitter:
popular tags:
[all],
apache,
apachecon,
apacheweek,
bryce,
cve,
fedora,
financial,
geocaching,
gps,
ha,
metrics,
microsoft,
nashville,
north carolina,
red hat summit,
security,
trips
|
|
