Advertisements
Service Interruption
04 May

Service Interruption

As many of you will have noticed we’ve been having intermittent down time this year. While I can still boast of 91% uptime over the last 30 days, that doesn’t really seem enough and I know there are regular ‘short’ outages throughout the week that need resolved once and for all.

Over the long weekend I’ll be working heavily on the server to update it and being it back up to a reliable state I can be proud of. I’m emailing to warn you there will be more down time and slow running on Saturday, but it could extend into Sunday.

Home Automation Project
06 Jun

Home Automation Project

I love the idea of home automation. Ever since the early days of Star Trek when they could get back to their room and tell the computer what they want – lights, music … food! This idea was taken to another lever by S.A.R.A.H. (Self Actuated Residential Automated Habitat), the bunker home Jack and Zoe Carter live in on Eureka.

I ways knew I wanted an automated home, not only does it appeal to the geek in me but I’m also fairly lazy and like systems that make life easier. During a recent week off I spent almost the whole time setting up my smart house (which I’m calling GERTY from the 2009 movie Moon).

When I started my project I’d played and experimented with other systems, some worked better than others and some were killed off my the makers, but up till now I’ve been tinkering. There’s never been a fixed design or plan. Now I know what I want. I just don’t know how I’m getting there yet – and that’s the adventure.

At present I’m using OpenHAB. It’s not something I’ve ever played with before and so far I’m liking it. It’s doing what I want and giving me the power I’m looking for.

My plan is over the next few weeks to use this blog as my ‘grail diary’ recording my experiences with results. I found the OpenHAB learning curve was quite high and the examples didn’t always explain anything fully – just copy and paste – and I struggled to find many real world examples. My grail diary will consist of this blog and a git repository the house the working examples.

Thought out the journey I welcome you all to join in and let me know what you think and how you would or are solving the same problems. In my first article I will be looking at presence detection, since one of the most important things of a smart house is for it to know if you home or not.

20 Apr

Only run the scene at night

This is a very simple LUUP snippet. The Vera has a handy function .is_night() which, as you’d expect, simply returns true or false depending on if its day or night.

Vera doesn’t need an attached light sensor for this, instead it uses local weather data – so if you’ve opted to keep your Vera offline this will not work.

First create your scene based on your chosen trigger and add the lights you want turned on, or what ever actions you want it to do, then under Also, execute the following Luup code add the following.

This works because if your LUUP code returns true, which it will at night, the scene runs and if the return value is false it want.

Tenvis MINI319W Review
19 Apr

Tenvis MINI319W Review

My trusty Panasonic BL-C10 IP camera finally failed after years of faithful service, so I went online searching for a replacement. After some searching I came across the Tenvis Mini319W for a low budget of about £32 it seemed like a good replacement.

Installation was very easy, but instead of trying to make a dry unboxing event into interesting reading see the video bellow from the Ultimate Handyman as he installs his in his garage.

https://www.youtube.com/embed/ABRS3gVEzPg

Now here is my take on it. With a price tag of just £32 the Tenvis Mini319W camera is definitely in the lower price bracket, but I was still hoping for more.

The setup and installation was very easy. After connecting a Cat5 network cable and adding power the camera set its self up on my network using DHCP and from there it was a simple case of connecting to its admin page to setup the WiFi connection – a small point of note is the camera will not connect to both WiFi and Cat5 at the same time, took me a while to work that out.

The infrared (night vision) is really quite impressive. The view is very bright and far more impressive than I’ve seen in other cameras. But setup and night vision are about the best bits.

Once your into the admin screen there are few controls. You can change the brightness or contrast and flip the image but there is no zoom. The UI is also fairly poor, loading the page to look like an iPad with the camera on display:
Web Admin

The resolution is disappointingly poor. As you can see my camera is pointed at the window, looking out to anything happening the other side of the glass is all but indistinguishable. You can make out people and colours but the image is so poor you can barely work out if their wearing a jacket or not. The best point of view is anyone standing just in front of the flowers, but even that is a blur when there’s is any motion at all.

In fairness, other than the web UI, the negatives are not deal killers. It’s the field of view that is really disappointing. My camera – in the photo above – is mounted on the wall about 5 meters from the window and you can see from the image how little of the room is actually visible.

Overall I was extremely disappointed with this camera and will be not be buying another one. The Ultimate Handyman’s video shows are far better UI and video quality than is my experience. I’m not exactly sure why but it’s possible I ended up with a different model than he has in his video. For my next camera I will just have to look a little harder.

Raspberry Pi Powered OpenVPN – Client Side
19 Apr

Raspberry Pi Powered OpenVPN – Client Side

This is part two of my series on creating your own, private, VPN server at home using a Raspberry Pi. If you have followed on from my Raspberry Pi Powered OpenVPN – Server post you will have a fully working OpenVPN server. You probably also noticed it took you a good portion of your afternoon, but with bugs and hacks being found in more and more Linux software and libraries it is well worth having a server you can trust.

You’ll have noticed though we’re missing a vital step before we can make use of our new server. In part three of my tutorial we created some access keys to allow our phones and laptops (from here on called clients) to access our server, but we haven’t told the clients.

OpenVPN software gets all the information about where your server is, how to connect, what keys to use and what connections to create from a configuration file called and .ovpn. Since you need a separate OVPN file for each client we’ll use a script to do our heavy lifting.

Eric Jodoin first created this script while at the SANS institute, and with some basic template files, it can create configuration files for all our clients.

As with the Raspberry Pi Powered OpenVPN – Server tutorial the following commands still need executed as root, so remember ether add sudo infront of them or make sure you still have root from the sudo -s command.

Setting the defaults

Eric’s script works by combining a default configuration file with the keys specific to client, so we need to create it first.

Create a new blank file:

nano /etc/openvpn/easy-rsa/keys/Default.txt

Then copy and past in this:


Remember to change the line remote to match your setup. Include the public IP address of your OpenVPN server and make sure the port and proto are correct. If in on page four you opted to use TCP or a non standard port, one other than 1194, you need to make sure this is correct here as well.

If you are not sure what your public IP address is you can ask Google.

Some ISPs will rotate your IP address regularly which causes a problem when trying to access your new server. There are however many services that offer dynamic domain names (DDNS). These give you a static domain name but make sure the IP address always points to your home PC. First thing I would do is check your router to see if it supports a DDNS provider. If it doesn’t then you can use a free service like DNS Dynamic, but you will have to setup and run the ddclient on the Pi to keep your IP address updated.

As in the previous tutorials use control+x and save the new file.

Creating the script

Now we’ll create a copy of the script Eric produced, the original PDF download of his research paper can be found online.

First create a new file in nano:

nano -w /etc/openvpn/easy-rsa/keys/ovpn_gen.sh

Get a copy of the script from my gitlab server and past it into this new file. Lastly control+x and save the new script.

By default new files created in nano are just text files, they do not have permission to execute commands. This command will give only the root user permission to read, write or execute our new file:

chmod 700 /etc/openvpn/easy-rsa/keys/ovpn_gen.sh

We can now run the script, but first make sure we are in the keys folder:


The first thing we’re asked for is the Client Name. This must be the same as we used in page three of the server side tutorial. I’ll continue using KEYNAME here, but if I was setting up the key for my Nexus 5 I would use stuart.nexus5.

If everything worked as expected you’ll see a message like this:


Now just rinse and repeat for as many clients as you have setup, but make sure to only run the command for keys you already created. If you need a new device go back to page three and create a new set of keys first.

Downloading the OVPN files

You now have to download your new OVPN file from the /etc/openvpn/easy-rsa/keys/ folder onto your clients. If you are on a link system I would use the scp command, but for Windows users WinSCP would work as well.

If you are using WinSCP you will not have permission to access the /etc/openvpn/easy-rsa/keys/, this is by design and adds additional protect to your server. So you can cp the file into the pi home directory first and download it from there, but make sure to delete it once you have it on the client.

cp /etc/openvpn/easy-rsa/keys/KEYNAME.ovpn /home/pi/

and then

rm /home/pi/KEYNAME.ovpn

In part two of this tutorial we’ll take a look at setting up our client and getting OpenVPN installed and running on your Android phone or tablet.

Raspberry Pi Powered OpenVPN – Server, Part 1
07 Feb

Raspberry Pi Powered OpenVPN – Server, Part 1

I mentioned in a previous post that I had a spare Raspberry Pi. It’s taken me a while to finish but I’ve managed to turn it into a portable OpenVPN server.

A VPN, or Virtual Private Network, is a way of extending your private network into the outside world all fully encrypted. Free and in most cases unencrypted WiFi is available almost everywhere from universities to coffee shops or hotels and even your dentists waiting room, but you have to be careful what you are doing on internet access points.

Most people are unaware but free WiFi from places like your local coffee shop or hotel are ot safe. Sending confidential email or even web browsing can be subject to interception, what is commonly known as a man-in-the-middle attack. Because of the way WiFi works its relatively easy for someone with the right tools to get between you and the internet. So however tempting it may be you really do not want to be logging into your bank and even something as simple as checking your GMail could leave your Google username and password out in the open.

The idea behind a VPN is to connect to the internet from a trusted source. Once VPN connection has been established all your communications to or from the VPN are encrypted and hidden from prying eyes. No one else at the coffee shop will have any idea what your doing online. All they will see is encrypted traffic to your VPN without being able to delve into that traffic to find out what your doing.

There is a multitude of online services which offer VPN access, in many cases allowing you to pick where you’d like access the internet from there by bypassing geographic restrictions on services like Netflix and BBC iPlayer, but these as in all things have upsides and downsides depending on the service and what charges they make. Since I really resent paying for something I can do myself I going to turn a inexpensive (£35) Raspberry Pi into my VPN server.

Doing it this way not only means I will save myself the ongoing payments of 3rd party VPN service, but I’ll also be able to access my home network as if I was there and still have full access to my Synology file storage.

What you’ll need

Hardware

Raspberry Pi: I’m using a model B but a B+ will work equally well.

SD Card: I would recommend an 8GB card. You shouldn’t need more if all your running on the Pi is OpenVPN.

Network cable: Cat5 or Cat6 depending on your network but you need something to connect the Pi to your router.

Software

OpenVPN: Which we will be installing onto your Raspberry Pi.

Some assumptions

  1. You already have installed Raspbian on your Raspberry Pi SD Card
  2. Your Raspberry Pi has a static IP address within your home network. You can ether do this from the Pi its self or like me setup your routers DHCP settings to issue the Raspberry Pi with static IP
  3. SSH is enabled. We need to access the Raspberry Pi to change settings and setup the OpenVPN server. Using SSH will make this simpler and means we don’t need to fuss with a keyboard or monitor attached to the Raspberry Pi
  4. You have forwarded both the UDP & TCP port 1194 to your Raspberry Pi’s static IP. Instructions for doing this will vary from router to router but if you search Google for your specific router you’ll find instructions

So if you’re ready I’ll get started on my how to guide.

House Cleaning

First thing we’ll do is setup the Raspberry Pi. Assuming your using a new Raspbian installation.

  1. Change your password: The default username and password for a clean Raspbian installation is pi and raspberry. Leaving this unchanged is generally a really bad idea, but not changing it on a Pi your connecting to the internet is begging for trouble. To change it first login over SSH and type sudo passwd this will change your root password then just use passwd to change the pi user password.
  2. Update: Always a good first step after a clean install. Updating the system will make sure you’re using the latest software and libraries, and any know bug or security flaws will have been patch. Raspbian OS being just a version of Debian system updates are handled by apt-get so to update the system run sudo apt-get update; sudo apt-get upgrade from the SSH terminal window.
  3. Install OpenVPN: OpenVPN is already in the repositories so installation is as easy as running sudo apt-get install openvpn

Now that our Raspberry Pi is ready we’ll move on to the setting up the installing and setting up OpenVPN on the Pi.

Raspberry Pi Powered OpenVPN – Server, Part 4
07 Feb

Raspberry Pi Powered OpenVPN – Server, Part 4

Time to put it all together

OpenVPN Configuration

So far we have setup and new Raspberry Pi, install OpenVPN, generated some server keys and at least one user/device key and created a Certificate Authority to sign them. We are still missing something though. OpenVPN doesn’t know any of the yet. We still have to tell it where to find these new files we’ve just create, what IP or port to listen for connections on, what type of connection to make or where to send the resulting traffic.

All these setting are held in OpenVPN’s configuration file, but non is installed with the OpenVPN package so we need to create a new one. Start by creating a file on the Pi nano /etc/openvpn/server.conf then fill it with this initial template:

I’ve marked some bits you will need to change yourself most importantly PI_IP_ADDRESS and YOUR_DNS_IP_ADDRESS but read thru the comments to make sure everything else is right for your setup. Once your done just control+x and save the file.

Port Forwarding

Now that OpenVPN knows what to do we need to tell the Pi to forward internet traffic. By default a Raspbian OS is designed to be a receiving client, internet traffic goes to or from it, but in this case we want it to forward traffic it receives on somewhere else – in this case your router.

To edit the system setting open up the system control file with nano /etc/sysctl.conf and find the line “#net.ipv4.ip_forward=1” and uncomment it by removing the # leaving “net.ipv4.ip_forward=1”. Once again use control+x to save the file. Lastly we have to tell the system we have changed the file. That’s done with the sysctl command, just type sysctl -p and your done.

Raspbian Firewall

We’re almost ready to restart the Raspberry Pi and have a functional server, but before we can there is one more thing we have to do. Raspbian comes with a built in firewall called iptables, found on most Linux systems, which is there to protect your computer from the dangers of the internet but we need to poke a hole through it while leaving the rest of it intact. This is done by issuing command directly to iptables, but we want these changes to still be in place next time we reboot the Raspberry Pi so we need to make the command something the Pi will run everything it connects to the router.

This is best done in two steps. First we’ll setup the script we want to run. Make a new file nano /etc/iptables-openvpn.sh and type in:

Make sure you change PI_IP_ADDRESS to your Raspberry Pi’s IP address. The hit control+x and save the file. We now need to make the file executable, but we also want normal users from changing it.

The first line means only the file owner can execute the file, no one else can even read it. The second line just makes sure the owner is root.

Now we have our supporting files we need to tell the Pi to run this file, and so poke the same hole, in our firewall every time a network connection is setup. Network setting for Linux are commonly stored in the /etc/network/interfaces file so we can start there.

nano /etc/network/interfaces

You can see a line that says “iface eth0 inet dhcp” that simply tells Linux to ask your router for an IP address for the ethernet plug. We can now inject out iptables-openvpn.sh file here by using the pre-up option.

…becomes…

Now before asking for an IP address from a connected router the Pi will run our iptables command and the firewall will be ready. control+x to save your work.

You can finally reboot your Raspberry Pi

Your Raspberry Pi is now a fully working OpenVPN server, in the next tutorial we’ll get started preparing our clients to connect to it.

Raspberry Pi Powered OpenVPN – Server, Part 3
07 Feb

Raspberry Pi Powered OpenVPN – Server, Part 3

Client Side

So we now have a working server, what we have to do now is create certificates for our users or our selves.

If you want to you can cheat here and create one certificate per user then they can use that everywhere, but as I talked about before, if they device is every lost or stolen you will have to setup all you other devices with the new key. So I have created a separate certificate for each device.

Since I am not the only person potentially going to use my VPiN service and I alone have four or five devices all needing access I’ve gone with a naming scheme USER.DEV. So for my Nexus 5 it’s be stuart.nexus5 and my laptop is stuart.redtop (If you’d ever seen my laptop you’d understand… o what the hell here it is)

To create a device key just type

./build-key-pass KEYNAME

… and more prompts

  • Enter PEM pass phrase – Make this something you will remember, depending on the client your running you may be asked to type this ever time you want to connect.
  • A challenge password? – You still have to leave this blank
  • Sign the certificate? [y/n] – The answer must be yes. You will be creating a ten year certificate

We now have an RSA key, but RSA keys have not been perfectly implemented everywhere and if you want to connect your Android or iOS device we need a Triple DES key. Triple DES is simple another encryption algorithm that applies its encryption three times for every block of data, making it harder for hackers to break by brute force. We can do this using the openssl command. All we need to do is input the old key and tell it what to produce:

openssl rsa -in keys/KEYNAME.key -des3 -out keys/KEYNAME.3des.key

OpenSSL will now prompt you for the password of the rsa/old key, which is just entered, and ask you for a new password for the 3des/new key. I just used the same password for both keys, there is no loss of security as long as it was a good password and no need for two separate password.

And that’s it. You’ve now created your first client side key. You will have to repeat these steps for each device but its simple enough just keep changing your KEYNAME as appropriate.

In the final part of this tutorial we need to put everything together and tell OpenVPN about our configuration.

Raspberry Pi Powered OpenVPN – Server, Part 2
07 Feb

Raspberry Pi Powered OpenVPN – Server, Part 2

Groundwork

Keypair

I mentioned before that a VPN encrypts traffic to and from your device. In much the same way as connecting to a site over HTTPS. This is done by public-key-cryptography. If any of you have ever heard me talk at Dundee Tech Talks you’ll have heard me go on at length about encryption and public key encryption is by far the coolest method of encryption. I’ll probably talk about it more in another post but at its simplest level you have two keys. One encrypts and one decrypts, you then can make the encryption key public. OpenVPN comes with a collection of helper scripts and config files called Easy_RSA which produce keys use the RSA encryption algorithms.

The next few commands are going to be run a root. You can ether stick sudo in-front of all the commands I’ll list bellow, or to save some time just type sudo -s and become root.

Now before we start setting up our certificates we must copy the default EasyRSA in a folder that makes sense:
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa

Now before we can start using EasyRSA we have to tell it where to find our new directory. So edit the vars files nano /etc/openvpn/easy-rsa/vars find the line ‘export EASY_RSA’ and update the value, once your done it should look like export EASY_RSA="/etc/openvpn/easy-rsa"

Before we leave the vars file we’ll also want to adjust the level of encryption 1024 to 2048. In most cases 1024 is all you would ever need, but why settle for less when its as easy as typing three numbers to exponentially increase your VPNs security.

To exit nano simple type control+x, nano will prompt you to save the file before exiting.

The Authority

One thing that give OpenVPN its security is that it doesn’t use a username and password to authenticate its users. When asked for a password the majority of people will use a relatively simple password, or reuse a previous password and where someone picks a good/strong password it can easily be forgotten. Another risk to consider is where you’ll be using the VPN. Having the password stored on devices like phones and tablets which can be lost or stolen leading you to have to change your password then update all other devices with the new password – a pain if you happen to away from home.

Instead OpenVPN uses a OpenSSL keypair. Every device has its own private key signed by the OpenVPN server which is then used to authenticate each device separately. Now if a device is lost its as easy as revoking that devices key, no other device heeds changed or updated.

So we need to create a certificate authority on the Raspberry Pi to sign user keys – which we’ll do next. The following commands still need executed as root, so remember ether add sudo infront of them or make sure you still have root from the sudo -s command we used when setting up the keypair.

Step 1

Move into the EasyRSA folder we created earlier: cd /etc/openvpn/easy-rsa

Step 2 – A

Run source ./vars this will setup the all the environment variables we edited before.

Step 2 – B

As pointed out by Redrerick in the comments after the most recent update to OpenVPN available for the Raspbery Pi, openvpn armhf 2.2.1-8+deb7u3, you now have to run ./clean-all this will clear out any keys and certificates and give you a clean slate to start with.

Step 3

./build-ca this is where the magic happens. The Raspberry Pi is now going to hit you with a load of questions about where you are and organisation names. You can ether fill them in accurately or just accept the defaults.

Step 4

What you will need to pick a name for your server. I started by trying to use my normal naming scheme but, turns out its crap, settled for VPiN – clever right?

./build-key-server VPiN

The same as in step 3 you are going to be hit by a series of questions.

  • Common Name – This has to be the same as your server name, if it hasn’t already defaulted to that change it!
  • A challenge password? – You have to leave this blank
  • Sign the certificate? [y/n] – The answer must be yes, if you don’t sign the certificate then nothing else will work

You’re going to get a warning saying the certificate is valid for 3,650 days. So if you still using your Raspberry Pi VPN server in ten years you’ll need to come back and go through these steps again – so you’d better bookmark the page now.

Finally it’ll say “1 out of 1 certificate requests certified, commit? [y/n]” again type ‘y’

Diffie-Hellman

Now we’re going to create whats called a Diffie-Hellman key exchange. This is a fundamental element to creating a secure connection between two machine when all of the ‘handshaking’ is done before the encryption is setup, meaning any 3rd party can sit in and watch the full unencrypted ‘handshake’ conversation but still not know what the final encryption keys used are, so once the connection become encrypted that’s it – there out in the cold.

Make sure you are still in the /etc/openvpn/easy-rsa director and run

./build-dh

Now best to get a coffee or something cause this can take a while, especially if you followed the instructions and increased the level of encryption from 1024 to 2048.

DoS (Denial of Service)

A DoS (Denial of Service) or DDoS (Distributed Denial of Service) attack is where an attacker gets the IP address of a service online and starts issuing so many connection requests, some times in the range or a several thousand per second, that the server can not handle them all and eventually dies under the load.

OpenVPN has built in protection against these attacks called a HMAC (hash-based message authentication code). Kind of like a pre-shared secret. If the server doesn’t receive this secret it want even try to authenticate a device instead just ignoring the request. Now, while you don’t want this secret out in the wild its not a huge security risk since even with the secret a device will need a valid certificate as well.

Generating the secret is as easy as typing:

openvpn --genkey --secret keys/ta.key

OpenVPN is finally installed on our Raspberry Pi, but its fairly useless unless our devices can connect to it. So next we’ll look start creating some key for our phones and laptops.

DynPi The Assembly
05 Sep

DynPi The Assembly

Well all the parts are now here and its time to assemble it. Primarily I want it to be neat and tidy and easy, it has to be as simple as possible and ready to pick up and go. The last thing I want is to spend twenty minutes hunting for all the parts.

After trying a few layouts and designs I’ve come up with what I think works best for me, this is what I have so far:

I decided to glue the PiHub straight onto the Raspberry Pi case. It makes everything much cleaner, and in future if I re-purpose the Pi I can’t really see a reason why a integrated USB and power hub wouldn’t be useful and if it wasn’t then I could just buy a new case or even another Pi.

However attaching the Pi to the hard drive encloure I’ve used 3M Command mounting strips since they are easy to remove if required and will not cause damage to the Pi case or enclosure.

The next thing to do setup Raspbmc along with the WiFi hotspot!

DynPi My Portable XBMC Device
03 Sep

DynPi My Portable XBMC Device

Almost all commercial media boxes, such as the AppleTV 2, have no internal storage. I want to build a fully portable, internet non-dependant media centre. As with all things the first step is a plan!

This is a new project I’m working on, so I wanted to share it with you as its going along rather than waiting till completion.

I’m a huge fan of TV and Movies, like most of us are, and I’ve transferred a large majority of my DVD collection to the PC – partly to protect the discs, but mostly because I hate having to keep changing disc when I’m the mood for a Doctor Who marathon. Now the problem is when you go on holiday you can’t realistically take your DVD collection with you. Since readers have kindles and can take several hundred books I decided this was a problem I needed to solve.

Almost all commercial media boxes, such as the AppleTV 2, have no internal storage – Apple having decided it could make more money streaming content instead. I’ve already setup my home NAS and have several Raspberry Pi with OpenElec XBMC installation through out the house but again these don’t have hard drives ether they are simply streaming content from my NAS. My first thought was to setup a system like Plex so I could stream my content from my home NAS to where ever I am, the downside of this being I would be come reliant on both my home internet and having free access where ever I go. Since most hotels charge you and set data limits this is a less than perfect solution.

So, braking it down, what am I trying to achieve:

  • Portability
  • Not relying on an internet connection
  • Plenty of content

My first idea was to simply put stuff on my Nexus 7 and watch it from there. After a few experiments it is useful, but watching stuff on a 7 inch screen is far from ideal. I know I could get an adaptor, but after wondering the shops around here no one stocks a SlimPort adaptor only HML and since SlimPort is really only being used on the Nexus range its not future proofing – nor is there allot of storage.

So I quickly decided on using a Raspberry Pi and XBMC, inspired in part by the Slice which could soon offer exactly what I’m looking for except the Slice want be on the market till at least November so I want to build my own. Once its all done I want to be able to connect to the Pi over ether the Cat5 or WiFi since I’m not assuming there will be a router I can plug a Cat5 into everywhere I go. That means the project, which I’m going to call DynPi as in Dynamic Pi, will need its own WiFi dongle I can connect to. I also want to setup an automatic solution for getting media on to the machine. I’m thinking about newest movies/TV or perhaps most watched and definitely a short-list of must have things – something like that.

Once I’m setup I’m going to use Raspbmc this time instead of OpenElec. OpenElec is a fantasicly simple XBMC setup and perfect for most set-top boxes, but because the OS has been stripped back so much allot of things aren’t available which includes the software required to setup the DynPi as a WiFi hotspot.

The shopping list:

  • 1 Raspberry Pi I already had a spare Pi
  • 1 PiHub This was harder to find, I wanted a hub that would port the Pi as well and this is the best one I could find, plus I think it looks cool
  • 1 Edimax EW-7811UN Wireless Nano USB Adapter
  • 1 Laptop Hard Drive This one is 500GB, but I had 230GB drive in the house so I’m using that for now
  • 1 Hard Drive Encloure You can obviously get external hard drives and use that instead. The reason I’ve got both items separately is, again, future proofing. I wanted a quick and easy way to upgrade the drive.

Okay, so that’s the shopping list. Next I need to put it all together. I’ll post that stage once its all done, stay tuned (updates are posted to my twitter account, so you don’t have to keep checking the site waiting on an update)

07 Dec

MyFitnessPal – Record Water

I’m in the mood for something a little different. So will I’m walking here on the treadmill this afternoon I thougnt I’d share what I’ve been working on. We all know I am a huge fan of MyFitnessPall but a little disapointed there isnt a public API I can write too. So I’ve written a couple of bash scripts I now run on from my Android, these mimic key inputs. Once again, my life is automated!

The first script records water drank, simple pass it a number and it’ll record that number of glasses of water – really simple

The second one completes the days diary. Two very simple scripts, but there are catches. You must have a rooted phone, and you have to be using the Nexus 4. If your not on the Nexus 4 you can edit the first section and update all the X Y codes.

Quick simple and easy. I hope you enjoy!

Record X glasses of water

Complete the days diary

29 Oct

Which Home Automation to take LightwaveRF

LightwaveRF is the new kid on the block, unrelated to X10 it shares the 1970s spirit and economic appeal. One of the biggest advantages I can see so far is the availability of components. LightwaveRF devices can be picked up locally from Maplin, B&Q or Homebase – which is a big advantage.

Unlike X10 communication is wireless from the each controller on the 433.92 MHz band, so should not interfere with WiFi or Bluetooth however it is possible to get some interference on some cordless home phones. Range is quite limited as the controllers do not have a lot of power, you can get around 15m in doors, this is offset by the fact you will probably have multiple remotes. Like X10 communication is one way, so there is no acknowledgement of commands being received.

LightwaveRF doesn’t use a base station or central control with each remote communicating with devices directly, however it is possible to get a WiFi link hub which allows you to access the system from the web or a mobile device. Functionality is limited however and you do not get the same kind of control or ‘programmed actions’ available in other systems.

There are also limitations in the size of network you can build. The magic number seems to be 64 devices, each device can only be linked to 6 controllers or sensors.

Once again I have found my self barking up the wrong tree. LightwaveRF has the same problems as X10, with the lack of two way communication or confirmation a command worked added to my requirement to support my mobile and ‘action’ commands once again have to move on.

27 Oct

Which Home Automation to take X10

As I stated in my previous post, I have narrowed down the home automation protocols I wanted to look at to the big three: X10, Z-Wave and LightwaveRF. In the comments Bernard has suggested I look into Universal Remote (URC). I have had a very quick look at it but not as in-depth a look as I would like to have, before writing about it. So this post will not feature URC, instead it may get its own post at a future time.

This post is not an impartial look at all three options, I have tried to make it one but I have not rigidly stuck to that. I did investigate all three options before making my final selection and in the next three posts I am hoping to take you through my thought processes and explain how I have come to my final decision. If you are in a similar position to me I would suggest you use this article as just one-more-peace in your own research. My final selection might not be the right one for you, I just hope to explain why it is the right one for me.

X10

First developed by Pico Electronics of Glenrothes back in 1975. It has been the first protocol I payed attention to. Primarily communication is performed over the power lines, however a radio transport protocol has been defined as well. X10 is also the cheapest and therefore most accessible of my three options.

X10 seems to be one of the most popular home automation options available with a vast number of modules controlling lamps, wall switches and standard plug appliances. There are also sensor modules available to report on motion, infra-red, light level, temperature and door or window contacts.

The controller’s available range from simple on-off remotes to computer plugs running some local software. Remote control and scheduled tasks seem to rely on the host PC being on to receive the inbound command, in my case from my phone, and relaying that out to the X10 network. For me this does not feel like the ideal solution because I would rather not have to keep a PC running to control my setup, but in a push I could use a Raspberry Pi for the job.

From what I have read there also appears to be come compatibility problems. X10 switches seem to leak a very small amount of current which can cause problems with lamps or fluorescent bulbs. The network is also prone to interference in the power lines, high load devices such as ovens or showers turning on or off can block or mask out the command signal. There are also problems with high load devices like computers, televisions and satellite receivers cause constant interference making and X10 socket useless in their local areas.

By this point I have already decided X10 is not the solution for me. The protocol does not acknowledge any commands, more UDP than TCP, so if there is any interference in a setup you expect to work-first-time no further attempts are made by the controllers to insure your commands are carried out. So I move on.

25 Oct

My Path Towards A Smart House

I have had visions of an automatic house since first seeing the idea on Tomorrows World. A few years ago I made my start, automatic lights controlled by motion sensors and door connectors. This was based on Motorola’s proprietary hardware all controlled by a router box from within my network. The primary interface was very intuitive all configured using a drag and drop web interface, this would of course soon become its Achilles heel.

Motorola’s system was soon re-branded as Xanboo as before long some much needed updates were being pushed out and the format looked like it was benefiting from the change. Like all good things it didn’t last long. Xanboo was bought over by AT&T in December 2010, this news was soon followed by a letter at the end of March from AT&T’s general attorney Meredith Mays who said “AT&T is currently in the process of integrating Xanboo into AT&T’s portfolio of services and affiliated companies. At this time, AT&T anticipates modifying or eliminating current Xanboo products and services and winding down its existing processes. The purpose of this letter is to notify you that your agreement shall be terminated effective as of midnight, July 4, 2011.”

My local supplier soon notified their customer base of the news which would mean the closing down of their online services as of December 2011. As I previously stated, even though the router controlling my devices was located in my house I had to use their website to configure it. So I, along with everyone else, faced the prospect of losing control over everything we had already bought. They did however promise to search for an alternative. Non was found.

So as of December 2011 my home automation/security system had turned into a rather expense collection of paperweights. I am now, finally, searching for a new solution.

My criteria are quite specific this time:
1. Open Standards – If one company were to close down I should not be left starting from scratch.
2. Local Access – I must have access to my configuration internally, without requiring the internet
3. Mobile Access – My phone is my remote control for everything else, so it should control my house
4. Tasker integration – Not a requirement, but it would be good

There are a number of solutions available at present. I will investigate fully before making my final decision, but the short list is Z-Wave, X10 and LightwaveRF. As always with projects of this nature I will use this section of my site to categorise and log my journey.

If you have experience of any of these options or would like to share your experience and any pitfalls please use the comment box below, I would love to hear your thoughts.

31 Aug

No Tasker Sunday

No Tasker Sunday But there is good things coming

This has been a busy week for me. At the end of last week I asked the Tasker Google+ community for some ideas of what they would like to see, and the first lesson I took away from that was – I should have asked sooner than Thursday!

The community have some fantastic ideas just waiting for Tasker, but there is no way I can do them any justice by “Tasker Sunday” so instead I offer you this post as my mitigation.

Over the next few weeks I intend to push out the first of these ideas +J Pearson gave me. Like many self employed contractors he wanted a way to get Tasker to record and track his work using voice inputs, something like:

Then at the end of the month/week be able to pull out a report of who you need to bill and for how much.

When I mentioned this idea to a few other it has definitely struck a cord so I’m going to make this my first task, although it will probably turn into a project with multiple tasks and actions.

The Futures Bright The Futures Tasker

The next thing on my ‘agenda’ is a new idea I came up with yesterday. Since Android 4.3 came out I’ve seen allot of people use the input command to mimic screen touches and swipes, this is perfect for working with applications that have no Tasker interface or public APIs you can get a hold of. The problem is any input command used is specific to the screen its been recorded on, something I do on my Nexus 4 has no hope of working on the Nexus 7 or HTC Sensation without rewriting the co-ordinates.

My idea is to create some kind of query database that will return the correct location. For example, and these are only examples off the top of my head mind you, to click the send button in the Gmail add you would ask for the location by passing “deviceid, app, button name” this would return “123,456” for the Nexus 4 and “789,012” on the Nexus 7. As this obviously a new idea there are allot of problems still to workout, like: some form of local caching, a unified naming scheme for buttons and a way for the community to input new devices and new locations. Lets just say, this will be a long process – if you have any ideas about it please drop me a line.

Before you go I wouldn’t want to leave you without

Now, seeing as I’m not posting any Tasker projects today I don’t want to leave you without. +Tasker by Ryoen has posted a fantastic and easy to follow example of using +João Dias’s AutoVoice and the new AutoApp, still in beta, to open any app just by saying its name. Hope you enjoy this

The Three Strike Rule
20 Aug

The Three Strike Rule

Three Strike Rule means if you need to talk to me, keep calling. If not text

This is just an information page. If you’ve come here from a text I sent after you tried calling me I hope this page will give you a little of the background to why, and show you how to get around it.

Some time ago I realised that simply putting my phone on silent at night was limiting and could cause more problems than it was solving if for any reason some had to get in touch with me. Being of a programming mentality and a heavy Tasker user I created a system so that while my phone is still on silent some calls can get threw.

I call it the Three Strike rule because, as the name suggests, you simple have to call me three times and on the third call the phone will ring.

The project its self has it’s own page, Inbound Call Filter, so I don’t want to go into allot more detail here. In a nut shell, if you need to talk to me keep calling and you will get threw. If you’d prefer just text.

Inbound Call Filter – Version 2.0
20 Aug

Inbound Call Filter – Version 2.0

Thanks to some feed back from +Mike Lombardi over on the Tasker Google+ page I’ve updated my project a little.

Instead of using a text file on the SD card to keep track of incoming calls I now use two arrays, one for the phone number and another to record the number of calls. I am still using the SD card to store the ‘canned’ response texts, I have thought about making this variable based as well but I’m not sure about the performance implications.

The situations when a text will be sent are very small, first it realise on someone calling while the profile is active and second they have to be calling from a recognised mobile. My understanding of Tasker would require a global variable like this it exist in memory all the time, this may not seem like allot but it doesn’t feel necessary. Plus with the current set-up to increase the calls required will only need to add a new file and update the counter in Tasker so you could make people call 10 or 12 times. Having that many responses in memory would become cumbersome.

You can get the updated details over on the project page

Inbound Call Filter
18 Aug

Inbound Call Filter

Updated 2013-08-20

Thanks to some feed back from +Mike Lombardi over on the Tasker Google+ page I’ve updated my project a little.Instead of using a text file on the SD card to keep track of incoming calls I now use two arrays, one for the phone number and another to record the number of calls. I am still using the SD card to store the ‘canned’ response texts, I have thought about making this variable based as well but I’m not sure about the performance implications.The situations when a text will be sent are very small, first it realise on someone calling while the profile is active and second they have to be calling from a recognised mobile. My understanding of Tasker would require a global variable like this it exist in memory all the time, this may not seem like allot but it doesn’t feel necessary. Plus with the current set-up to increase the calls required will only need to add a new file and update the counter in Tasker so you could make people call 10 or 12 times. Having that many responses in memory would become cumbersome.

Inbound Call Filter

This is an idea, like most, that came to me at 2am during a restless night. Like most Tasker creations it started with a simple problem. When I put my phone to sleep it goes silent till 5am, so what do you do if someone needs to reach you? What put the idea in my head was a text from my flat mate saying he’d left his keys at home and needed me to leave the door unlocked. In his case it was luck I was up late and got the text.

My first approach was a simple white list but this has limitations because in affect you are only white listing a phone number and not the person. So they could have a dead battery or taking this situation to its worst case, like most 2am thoughts tend to end up, a hospital or EMS team are now trying to phone you these are not numbers you are going to add to any white list so the first you’ll know is 5am when you check and see missed calls.

So I wanted a new solution. It struck me to use the same approach as in some firewalls and creating a kind of grey list where people can gain access to the white list by performing an action. At first I thought text but again that relies on the caller being on a mobile, so I went with calling.

My new Tasker profile will allow anyone to activate the ringer by calling me three times. On the third call the phone starts to ring, at full volume. The extension to this idea is to allow the phone to continue ringing when the same person calls again. I also wanted to let people know what’s going on by text but seeing as there’s no point in texting a land line we only text mobiles, in the UK that means any number starting 07.

This profile triggers on incoming calls and checks a folder on the SD card for a text file with the same name as the incoming number, we’ll call this the call counter. If there is no file the call is ended and a new file is created and the number 1 is written to it. We then read a text file called call.1.txt and text the caller back. If they call again we continue the process.

During the second, which we know is the second call because of the text file we created before, we again end the call and text back the contents of call.2.txt and increment the call counter file.

Now like all good processes we reach the third call. At this point the call counter file has the value 2 in it so the phone rings, at full volume. The process is the same for the 4th call and so on until you delete the file and the cycle continues. Personally I delete them every morning, but it’s a personal choice thing.

Download the project file below and import it into Tasker then just activate the the profile when you want to limit your callers. Let me know if you find any problem or can think of any improvements I can include

Excel VBA Get Column Index
27 Mar

Excel VBA Get Column Index

Over the last few months I’ve been doing more work in excel than is good for anyone’s health, trying to create a database best suited for access. Still, in the real world, you have to work on the tools available.

The biggest problem I found was getting column indexes for the relevant information. The quickest method is just to hard code the indexes inside you code A1 B1 etc… However this doesn’t help if you end up needing to add a new column cause you’ll find your self having to search your code for ever occurrence of B1 and changing it to D1 and so on.

So the solution I came up with is a function to search and excel worksheet for a column name and return the correct letters. Now seeing as you probably need to run the same search multiple times its a performance boost to cache these results.

The code included here does just that. All you need to do is define ‘columnIndexRefernce’ globally and set it as a new collection outwith this function, but once thats been done you can call fndDataSheetColumn any time you want the correct column.

 

Automatically generate GPG revocation certificates
26 Mar

Automatically generate GPG revocation certificates

OpenGPG establishes trust using the web-of-trust. If I trust you and you trust him, I can probably trust them too. This only works if I can trust you though.

Our keys are important and maintaining them is vital, after all they tell the world we said this. Once a key has been made and published that really it, it is now in the world till everything ends. So if you no longer have access to the key you have to let people know to stop using it too, this is call revocation. It’s a special signature you can sign your key with that will make it as revoked. Once a key get revoked no one will encrypt to using it any more. The problem comes from the need to access the secret key in order to generate these and if you have lost the secret key you can no longer revoke it, unless you did as you should have and created these revocation certificates before hand.

Too many people put this off or worse yet forget too, so I have created a small bash script to automate the process. You can download it bellow and see the source as well. Once downloaded you just need to change the KEYS variable to reflect they keys you wish to generate the certificates for. It will also backup your private and public keys – You have to keep these safe!