Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - mkbrown69

Pages: 1 ... 3 4 [5] 6 7 ... 15
61
@Langston:  no problem!  My pleasure!

@Matt,

How it works will depend a bit on what you're using as a "client".  The wiki page I linked describes LMCE's VPN implementation, which uses IPSEC or a Layer 2 Tunnelling protocol (L2TP).  Those are pretty common, and there are clients in, or available for, most mobile devices and computers.  The solution I use implements IPSEC, and uses certificates for two-factor authentication (something you have, the certificate, and something you know, the password).  It works on my iDevices, and I can install the VPN profile quite easily.  When I want to access the house, I click the VPN setting on, enter my password, and then I'm in.  I can then launch RoamingOrb or whatever app to access internal services.  I could make it easier using iOS7's new VPN on demand features, but I'd have to create some Mobile Device Management (MDM) profiles; right now, it'd be too much work in order to be lazy ;)

VPN's have other nice features, depending on the product.  Most give you seperate address spaces, so you can route, filter, and firewall to your hearts content.  Most enterprise Wi-Fi implementations require a VPN connection over Wi-Fi in order to access corporate services.  There are other fancier features, but you get the idea...

HTH!

/Mike

DOH!  Link in other thread, now here for reference: http://wiki.linuxmce.org/index.php/VPN

62
Matt,

It's a good and valid question.  Simply, it's about limiting the attack vectors.  The more services you expose directly to the Internet, the greater the possibility that one of those services can be exploited.  This isn't specifically about LMCE, but a general security practice.  One or two doors are easier to secure than ten or twenty doors.

IT security is like layers on an onion; you have to keep peeling them away to get to the centre.  You want to make it hard enough that 'they' move on to easier pickings.

Your LMCE login page doesn't currently track login attempts, and I'm willing to bet most people won't be looking through their Apache access logs to see if someone is running a dictionary attack.  There are other web-based products like MythWeb and MediaTomb; how about them?

SSH is even riskier, especially if your password isn't strong or you're not using two-factor authentication (username, password, and a pre-shared key, token, or certificates).  That's the first attack vector most will try; I regularly see port-scans against border devices, which are going after the SSH port (among others).

Yes, there are ways to secure all those services and make them more resistant to attacks, but that does require advanced IT knowledge.  LMCE's about making media and home automation "easier".  While most that are perusing these forums are more technically inclined, LMCE's target audience is those less technically inclined, who wouldn't be able to implement those safeguards.  Hence, the VPN makes it easier and safer.

In the case of Orbitors, I'm not sure if the traffic is SSL/TLS encrypted.  So, if you were to expose those ports over the Internet, and were sending your alarm system PIN code * in the clear *, someone on the same network segment (like in the case of cable modems) could sniff that traffic, figure out what it meant, and then use a replay attack to disarm your system.  Using the VPN means all that traffic is encrypted in the VPN tunnel, between your core and the end-device (the phone running QOrbiter).

Hope that explains things!  IT security is a complex issue, so I tried to keep it simple...

/Mike

63
The use of a VPN would likely be both easier, and safer.

http://wiki.linuxmce.org/index.php/VPN

HTH!

/Mike

DISCLAIMER:  I don't use this particular configuration, but I'm pointing it out as it's built-in to LMCE. I run Sophos (formerly Astaro) UTM as a virtual machine, and use it to VPN into my house.  I use RoamingOrb on iDevices that way to access the core.  Same principles, different products.

64
Developers / Re: Need some design advice
« on: November 23, 2013, 04:35:07 am »
More progress and more questions...

I'm using event 765 (Set Device Relations) to establish the relationship between a Keypadlinc and it's buttons.  It works, and I'm able to show the buttons as related devices.  I'm wondering what the 'value' field in the schema is for?  I'm also wondering if I'm using this "related devices" correctly?  Basically, the buttons are physically part of the same switch, but are separate from the load, and seperate from each other.

I'm also curious about the difference between the Device Group and the "related devices" ;  the one notable difference I saw was that you can create "related devices" programmatically from GSD, but I don't see a way of doing it from GSD driver for Device Groups.

Thanks!

/Mike

65
will the update via terminal also update the security and bug fixes for the kde desktop?
Update/upgrade will update security and big fixes for installed packages.  It won't pull in new packages, which is why it'll say sometimes that certain packages won't be upgraded.  That usually happens when a new package is "required" by an updated package, and the "required" package is not currently installed.  To deal with that catch-22, you do a sudo apt-get dist-upgrade.

Some of your problems could be attributed to repository priorities in the package manager (apt/dpkg).  You (or LMCE) can decide that packages from one repository are more current/important/customized than packages from a standard repository.  That helps the package manager decide which one to use when it's faced with more than one choice for the same package (prefer stuff from here over stuff from there).

Hope that helps!

/Mike

66
Try commenting out the medibuntu.org entries in /etc/apt/sources.list, and  then do

sudo apt-get update && sudo apt-get upgrade

Medibuntu doesn't exist anymore.

Hope that helps!

/mike

67
Developers / Re: Need help!
« on: November 14, 2013, 01:30:49 am »
I'm not a DBA but I do a ton of SQL work. So much so that I pronounce it squeal.

Does it make you squeal with delight, or frustration?   ;)

/Mike

SELECT * FROM work.frustrations LIMIT 10;

Man I wish I could limit it to 10...

68
Developers / Re: Need some design advice
« on: November 07, 2013, 01:58:58 am »
Still plugging along...

Question to the experienced LME users and devs...  So, my driver starts up (after a boot or router reload), it connects to the ISY, retrieves managed devices from the ISY, and creates LMCE child devices for any ISY devices it finds that LMCE doesn't know about.  We can't use them yet, because they were just created, and the router needs to be reloaded...

Would it be considered "good behavior" if I programmatically trigger a router reload so that devices can be used, or is it preferred to just tell the user to do it, and let them decide when to reload?

Thanks!

/Mike

69
Developers / Re: Something interesting to watch
« on: October 28, 2013, 02:29:56 pm »
I ran MisterHouse in my home for over 6 years...  I cut-over to LMCE for most automation stuff just under a year ago, and still haven't quite replicated all the capabilities I had with MH on LMCE.  I'm currently writing drivers to address some of them, and then will look at some other stuff that's bugging me; I'm just hitting things in the priority of "pain points"...

Each of these OSS projects has their strengths and weaknesses.  And a little competition, even in Open Source, isn't a bad thing...  It helps drive innovation and creativity.  Being Open Source, it means that good ideas can be easily portable to more projects, if those ideas align with the goals of the projects.

My $0.05 CDN before HST...

/Mike

70
Developers / Re: Transmission torrent on LinuxMCE
« on: October 21, 2013, 04:11:28 pm »
Rob,

More than likely, your changes were committed only to the 12.04 or trunk branches, and not to the 10.04 (which you're probably running).  The wiki shows what changes were committed where...

http://wiki.linuxmce.org/index.php/LinuxMCE-1004_-_Changesets
http://wiki.linuxmce.org/index.php/LinuxMCE-1204_pre-alpha

I see listings of the transmission additions on the 1204 alpha page, but not on the 1004 changesets.

Hope that helps!

/Mike

71
Users / Re: problems with medibuntu?
« on: October 15, 2013, 03:20:43 pm »
The Medibuntu project has folded.  See here: https://help.ubuntu.com/community/Medibuntu

Medibuntu has now been shut down, the packagers were either obsolete, unnecessary or moved to the official Ubuntu archive.

A Libdvdcss package is now available direct from VideoLan http://www.videolan.org/developers/libdvdcss.html


We'll probably need to determine what packages were being obtained from the medibuntu repos, and then update the apt listings and/or the LMCE software package definitions.

HTH!

/Mike

72
Developers / Re: Need some design advice
« on: October 10, 2013, 01:35:50 am »
... and discuss his design decisions for the agecontrol, sorry, agocontrol gateway into LinuxMCE.

I'm guessing there's something behind the "slip", but I'm missing it...   ;)

Thanks for the pointer though... I have been watching AgoControl, as I think it has potential as a Home Automation sensor platform when running on a PI.  Just don't have the extra cycles right now... Doing the ISY driver, plus building LED DMX dimmers and fixtures plus some props with the kids for Halloween and Christmas.  I'll go bonkers if I pickup another hobby project.  ;-p

Thanks!

/Mike

73
Developers / Need some design advice
« on: October 09, 2013, 06:55:36 pm »
Good Day folks!

I'm hoping Thom, posde, phenigma, or anyone else who's familiar with the guts of LMCE can sanity check and provide some advice on what I'm thinking below...

I'm working on my ISY driver, and getting to the parts where it will create devices in LMCE based on what exists in the ISY.  The idea is that the ISY "owns" the devices that are linked to it (Insteon for now, possibly UPB and Zwave in future versions of the driver and hardware), and it will inform LMCE about the devices and their configuration.  Generally, that is easy and works presently in my driver.  The way the ISY works is that there is a Java-based management console that is used to configure and administrate the system, and add and mange connected devices.  The API and subscription channel are used to interact with and monitor/react to events from the ISY, for integration into Home Automation systems.  Most things are fairly straight forward to implement from the LMCE point of view. There are a few devices/features I'm not quite certain as to the best way to implement them, which is why I'm asking for advice.

The first is Insteon keypads (Dimmer or relay switched).  There are 6 and 8 button models; the 6 button has an 'on' and an 'off' button (which appears as one load control switch remotely), and 4 other buttons.  The 8 button model has one load control button, and 7 other buttons.  The other buttons can be triggers for Insteon scenes (which I'll get to next), or can be cross-linked to other switches.  For example, I have a 6 button KeypadLinc in my breakfast nook, that is linked to the switches in the kitchen and family room.  Now, I could create a device template for it, but I think I could simply use the generic Light Switch on/off and Light Switch dimmable templates, and use the configuration field to store the required information.  Here's the part I'm not sure about.  The "other" buttons are a part of the switch, but are not controlling the parent switches load (unless they are part of a scene involving the parent switch).  Is is possible to create child devices of a generic light switch, and would it be a good ideal?  Or should they be treated as peers and grouped or related somehow?

Insteon Scenes are my next challenge;  basically, they are a pre-programmed into the various devices which comprise the scene (using a scene identifier, level, and ramp rate), and then are triggered by the scene broadcast message.  The nice thing about scenes is that they happen simultaneously (all member devices respond to the broadcast message directly), and being programmed into the target devices, they work even if the automation controller goes down.  Scenes triggered via the protocol have an on/off capability, and a relative dim/bright capability (in which all scene members will brighten or dim as the scene button is held, relative to their scene levels).  The thing is, a scene can't be queried directly; it's just a broadcast message on the Insteon network.  Scene members have to be queried directly for their status (and that's covered already in the subscription channel in the driver).  So, I'm wondering if I should create a device template for an "Insteon Scene", which has a data field consisting of the members of that scene?  Or would an LMCE group work?  If an LMCE group would work, can I generate and modify them using LMCE events?  Or should just use a generic light switch for a scene, and handle it all in my driver using the configuration field information?

The last thing I'm wondering about is the ISY concept of "folders".  The ISY has a feature (not Insteon specific) that allows you to group related items (by room, by function, whatever).  A device/scene/program can be assigned to only one folder.  Would that capability translate directly to an LMCE group?  If I were to use groups for ISY folders, are there any problems or gotchas with doing that?  Can I create/modify groups using LMCE events?

The ISY also has "programs" and "variables" which are used on the controller for conditional if/then/else type events and automation.  Those are all visibly exposed via API's and the subscription channel for event status updates.  I'm not even looking at dealing with them right now, is this version of the driver.  I'll look at those later when the driver is mature and stable for production usage, but if anyone has thoughts on those, I'd be happy to hear them!

Thanks for your time!

/Mike

74
Developers / Re: New Radio Thermostat CT-80/CT-30 template uploaded
« on: October 07, 2013, 05:45:00 am »
Phenigma,

Thanks for approving it!  SQLCVS update/diff shows no problems, as does a visual check of the Template and Ruby code.  It is as I had committed it...

Thanks for the assistance!  Please free to close the Trac ticket as complete; much appreciated!

Sean,

If you see this thread, you're welcome to look at the template and try it out with your 3M-50 tstat.  The driver should incorporate all your existing capabilities.  I've stubbed in a few things I'll finish up for 12.04 and the weather plugin.  If you have any issues, let me know.  For now, I'll be moving on to my ISY driver to get that relatively complete for others to test.

Thanks!

/Mike

75
Developers / New Radio Thermostat CT-80/CT-30 template uploaded
« on: October 07, 2013, 04:44:21 am »
Hi Folks!

I've done an anonymous check-in of changes for the Radio Thermostat Template.  Trac #1931, committed at 22:32 on 2013-10-06.

Could someone please review the SQLCVS commit, and let me know if I did it right?  It's my first time committing using SQLCVS.

Thanks for your time!

/Mike

Pages: 1 ... 3 4 [5] 6 7 ... 15