Saturday, November 1, 2008

WiFi Location Mac Dashboard Widget

LocateMe is a widget I built for the Mac that displays your current location and lets you click to see it on Google maps. If you are ever lost with your laptop or just don't want to look at street signs this could be handy to have available. You can download it here, then just unzip it and double click to install it to the Dashboard.

It uses the same system as the iPhone to determine your location based on the WiFi access points you can see (Skyhook Wireless also has an add on for browsers). Someone has actually driven around many US cities and mapped all the wireless networks that are visible. All the widget does is send them a list of access points and it gets your latitude and longitude.

You may be wondering how I built this? Well it took about 4 hours using Dashcode. The widget map comes from the Tiger census system. The information about accessing the location service came from Steve's blog.

It's a pretty cool, so try it out!

Thursday, September 18, 2008

Building a secure network backup server

I've been taking digital photos for a few years and now have a collection of photos and videos with significant value to me. Most of these photos only exist on the hard disk in my computer. Since hard disks do occasionally break, the only way I can be sure my photos will be preserved is to keep backup copies of the files.

In this post I'll describe the backup system I built. It automatically backs up each computer in my house and keeps a secure copy at my parent's house.

(Thanks to MISS J for this illustration)

There were a number of design goals for this system.
  1. It had to be fully automatic during daily use.
  2. It needed to backup multiple computers with hundreds of gigabytes of disk storage.
  3. It needed to only store changes between each backup, so that multiple copies would not consume excessive hard disk space.
  4. It must only send the changes across the network connections, since there's not enough time or bandwidth to send everything every day.
  5. It needed to automatically maintain an off-site copy.
  6. The off-site copy needed to be encrypted before it was sent over the network so there would be no expectation of security or privacy on the internet or at the off-site location.

An overview of how it works:

Linux and Mac computers run backup scripts that perform these tasks:
  1. turn on the backup server
  2. rotate a set of backups
  3. use rsync + ssh + encfs to make a new backup
  4. tell the backup server they are finished so it can turn itself off
The backup server is a computer with a big hard disk and no monitor. It runs Debian because it's very stable and easy to install without the graphic interface. The OS is just the basic Debian installation plus a few extra packages. If the off-site backup is more than 1 day old the server updates it before turning itself off.

The off-site location can be any computer that you have ssh access to. In my case there was an OpenWRT router available that I attached a USB hard disk to and added my public ssh key to allow automated connections.

Setting up the backup server:
  1. install Debian on an old computer with a big hard drive.
    • I am using a AMD 1.4Ghz with a 500GB SATA drive
    • desktop partitioning, 4GB for / and the rest for /home
    • don't install any extra packages from the installer
    • apt-get install ntpdate

  2. install extra packages
    • apt-get install ssh
    • edit /etc/ssh/sshd_config
      PermitRootLogin no

  3. enable the serial console (optional)
    • edit /boot/grub/menu.lst
      ## display the grub menu on the serial port COM1 or the normal console
      serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
      terminal --timeout=10 serial console
      # kopt=root=/dev/hda1 ro console=ttyS0,9600 console=tty0
    • update-grub
    • edit /etc/inittab to enable login on serial port
      T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100

  4. enable wakeonlan
    • make sure the PC BIOS will wake from PCI events or Wake-on-Lan signals
    • apt-get install ethtool apmd
    • add the following line to /etc/network/interfaces
      up ethtool -s eth0 wol g
    • reboot then test sending a wakeonlan command

  5. install fuse/encfs
    • apt-get install module-assistant build-essential
    • module-assistant prepare
    • module-assistant auto-install fuse
    • apt-get install encfs
    • modprobe fuse
    • add "fuse" to /etc/modules

  6. setup sudo permissions in /etc/sudoers so all backup users can touch files in /var/run
      User_Alias USERS = user1, user2
      Cmnd_Alias SHUTDOWN = /usr/bin/touch /var/run/*
      root ALL=(ALL) ALL

  7. setup shutdown_when_idle script

Setup the backup script on each client

Mac users
[UPDATE 3/18/2009 rsync on a Mac does not preserve the resource fork of files like fonts so I'm no longer using this. I'm trying CrashPlan now.]
  1. put the backup script in /Applications/Utilities/
  2. edit the backup script so that it uses the appropriate settings for you
  3. edit the backup_excludes.txt file and add any files you do not want to backup
  4. copy your ssh public key to the ~/.ssh/authorized_keys file on the backup server
  5. put the backup.plist file /Library/LaunchDaemons/backup.plist
    • this will run the backup script every time your network connections change or every few hours
    • the backup script checks that it is connected to your home network and does the backup if it has been more than 20 hours since the last one
Linux users
  1. put the backup script in your home directory
    • I put mine in ~/backups/
  2. edit the backup script so that it uses the appropriate settings
  3. edit the backup_excludes.txt file and add any files you do not want to backup
  4. copy your ssh public key to the ~/.ssh/authorized_keys file on the backup server
  5. add a cron job to run the backup script every day or as frequently as you want

room for improvement:
An encryption method that is rsync friendly and could hide the directory structure would make the system more secure. One other system that looks like it may also fulfill my requirements is Areca Backup, and I may give it more consideration in the future.

Wednesday, July 9, 2008

HDTV on a Macbook with MythTV

Mini HOWTO setup MythTV to watch HDTV on a Mac:

This is a brief reference on how I setup MythTV for local HDTV broadcast stations (it works the same for unencrypted cable channels)
  1. install Debian (or Ubuntu)
    • since this is just the backend a slow computer works well, mine is a 866 Mhz P3

  2. buy a HDHomeRun device from

  3. add debian-multimedia to your /etc/apt/sources.list (not needed on Ubuntu)
    • deb stable main

  4. install mythtv
    • aptitude install mythtv-backend

  5. get an account with Schedules Direct

  6. setup the MythTV backend

    • /etc/init.d/mythtv-backend stop
    • su - mythtv
    • mythtv-setup
    • tell mythtv to use the local IP address so that it works for frontends on other hosts
    • comment out bind-address in /etc/mysql/my.conf to let mysql talk to frontends on other hosts
    • For a headless backend you can run the mythtv-setup over ssh to a remote X-windows system like X11 on a Mac or Linux desktop
      • ssh -Y mythbackend-box
      • su -
      • /etc/init.d/mythtv-backend stop
      • chmod a+r /home/username/.Xauthority
      • su - mythtv
      • export DISPLAY=localhost:10.0;export XAUTHORITY=/home/username/.Xauthority
      • mythtv-setup -O Theme=blue -O Style=Windows -O ThemePainter=opengl --geometry 800x600+20+20
      • mythfilldatabase
      • /etc/init.d/mythtv-backend start

  7. install MythFrontend on a Mac (needs > 1.6 Ghz CoreDuo CPU for HDTV playback)

That's it! Now have fun getting to know your new MythTV software.

Wednesday, June 18, 2008

Building a networked digital photo frame from an old laptop

Building a networked digital photo frame with DOS


Back in 2003 I was given an old laptop. I have a hard time turning down any offer of a free electronic device and this was one of those times. I didn't really know what to do with it then, but I took it thinking there must be something interesting I could use it for. For about 6 months, it just sat in my closet with all the other old junk I haven't been willing to part with yet.

A few years later (2006) I finally decided that the best use for this machine would be to build a digital photo frame out of it. I had seen a few articles where other people described doing this, and it seemed like a worthwhile project. The only commercially available versions at the time had much smaller screens and were not cheap. I searched the internet for all the articles I could find about this sort of project, and found many great descriptions and some beautiful craftsmanship.

I decided to document my work as when I found that none of the other articles were quite what I wanted. Many people were using hardware that was newer than anything I would ever dream of tearing apart to build something like this. Others were using the Windows OS which I wanted to avoid if possible.

The Goal

I wanted a photo frame that would look attractive and be very simple to use.
It needed a network connection so that I could easily change the photos by just
updating them on my web server. I also wanted to use only free software to keep this inexpensive and so that other people could easily adapt this for their own use.

The Hardware

The laptop was an old Compaq Armada 1120 from around 1996 with:
  • 24 MB of RAM
  • 810 MB hard drive
  • 10.4 inch color STN display
  • 1.44 MB floppy disk drive
  • two PCMCIA slots
  • a trackball
  • Pentium 100 Mhz processor
Clearly this isn't state of the art anymore, which is why I got it for free!

Since I still needed a network adapter, I purchased a Hawking 10/100 PC card from Newegg that was compatible with the pcnet_cs Linux PCMCIA driver.

The Software

The software is the most important part of this project. Without something that is easy to use, unobtrusive, and attractive, the whole project would not have resulted in a useful device. This is also the part that took the longest to find an acceptable solution.

I decided that I would use wget to retrieve photos from my website, and a full screen console slide show program to display the photos. I really wanted to use Linux for the OS. I wanted to find a small distribution that could run from a floppy, and would have PCMCIA networking support, a simple slide show program, and I would only need to make a few custom shell scripts to get exactly what I wanted.

I tried a number of Linux floppy distributions but I could not find any that supported the network card well. Those that did, lacked a packaged slide show program so I would need to compile my own from the source. Since I didn't have many good experiences compiling packages from source code I wanted to avoid that if possible.

I gave up on the floppy Linux distribution idea and moved on to looking for a slightly larger (but still small) distribution that could fit on one of my spare 16 or 32 MB compact flash cards. I even purchased a compact flash to IDE adapter on ebay to try to make this work. As with the floppy search there were few options and none were very simple.

I finally gave up on the quest to use Linux for this project after I installed Debian on the original 810 MB hard drive, and discovered that the Cirrus Logic GD 7543 display chipset was not supported by the VESA framebuffer drivers in the Linux kernel. This meant that I would need to step up to a X-windows environment in order to have any hope of using Linux. Since this laptop has some serious memory limitations, I decided to just try to find something else.

What I found was FreeDOS. I choose this instead of the old MS-DOS because I wanted the option to redistribute this software, to make it easier for other people to build their own digital photo frames. FreeDOS is pretty cool, at least for DOS. For the slideshow program I found LxPic. It's a great little program that can do a full screen slide show of JPEG files easily.

With these two software pieces, I could boot from a floppy and play a slide show of all the photos on the floppy or hard drive. That was close, but I wanted network support too. To get the photos from the website I needed to get my network card working and a have program to retrieve the files. As it turns out there's a DOS version of the wget program that I had planned to use with Linux, so it was just what I needed.

The only other piece I needed to make the network connection work was the DOS network drivers that were provided with my PCMCIA Ethernet card. I ran the installer for the network driver and ended up getting two files and two lines added to my autoexec.bat script.

LE100PD 0x62 5 0x300

Putting all these pieces together didn't take long and after a bit I had a working floppy disk that would boot the computer, download the photos, and play a slide show continuously. Pretty cool!

One thing still needed some work. The laptop kept turning off the screen after about 10 minutes, because there was no mouse or keyboard activity. I tried adjusting this in the BIOS, but that had no effect. I found a bunch of DOS programs to simulate keystrokes, and picked one called ( which solved the problem nicely.

The Construction

The final product

Concluding thoughts

The general concept looked and worked great. There was a heat problem that caused the screen to fade to black after about 20 minutes of running. I think this was a result of the close proximity to the motherboard, but I haven't had time to get back to this project and fix it. If you have any suggestions on how to solve that issue please comment on this post. Some options would be to add a fan and cut some vent holes, or just put a foam core board divider to insulate between the screen and the main board. I'll update this post when I solve this last issue.

Tuesday, May 13, 2008

Tracking a stolen Macbook

A friend of mine recently had a Powerbook stolen when his home was burglarized. Even though he had serial numbers for most of the large items that were taken, the police told him there was little chance he would ever get back any of the items. Luckily no one was home during the incident. Having the security of your home violated sucks, but it is a little better if the thief gets caught and you get your stuff back.

A few years ago I read a story on Slashdot that described someone who happened to have a remote access program installed on his Mac and was able to use it to track down the thief after it was stolen. I had just bought a Macbook Pro and I decided that I needed a program to help me locate my new laptop if it were ever stolen. Being too cheap and not wanting to trust a commercial service, I chose to write my own scripts for this. Last weekend there was yet another article on Slashdot about recovering a stolen Macbook, so it seems to be a recurring topic and I hope this post helps someone looking for an inexpensive solution to this problem. Of course there are a few services that you can pay to help recover your Mac, but they all cost money and I think that's kind of like buying those extended warranties for electronics. The odds of it being worthwhile are so low you're better off just saving the money.

For Macbook owners a little upfront effort can greatly increase the probability of getting your Mac back if it's ever stolen. The most important thing you can do is keep regular backups of your important data. If you want to keep your data private then you can also turn on the "FileVault" feature to encrypt your files. My script might help recover your laptop but there are no guarantees. So enough with the narrative and on to the details.

UPDATE (May 16, 2011): Not long after I finished this post the Prey project was released. Since then it's rapidly matured and I'd recommend using it instead of my scripts. But please read on if you'd like to see the rest of the details of my original post.

The script is pretty simple. It checks a web page periodically which tells it whether everything is "normal" or that is has been "stolen". If it has been stolen you just change the web page and the script will start uploading details of the network it is connected to, along with pictures of the screen, and photos from the built-in iSight camera (like the one of Mr. Bunny here). The goal is that the network details will help the police locate the laptop and the photos will provide a positive identification of the thief.

Basic Requirements:
  1. A Mac with OS X 10.4, 10.5 or 10.6 (that's all I've tried so far).
  2. You need to be comfortable editing text files
    (TextEdit works fine if you set the "Format" to "Plain Text")
  3. You need to be have some knowledge of "Terminal"
  4. You need access to a web server that supports PHP scripts
  5. Optionally you need a server where you can run a Perl script
    (if you want to be able to ssh back into your missing Mac)

Setup steps:
  1. Download and install these scripts to your /Applications/Utilities/ folder
  2. Make checkin executable
    You can do this in Terminal with the command
    "chmod +x /Applications/Utilities/checkin"
  3. Use TextEdit to edit checkin so the variables are appropriate for your installation
  4. Make checkin run periodically by creating the .plist file in /Library/LaunchDaemons/checkin.plist
  5. Download and edit the variables in filetransfer.php and then copy it to your web server. (it needs to be configured with your email address and the folder path where it will save uploaded files)
  6. On the web server make sure the folder where the uploaded files are saved is writable by the web server
    "chmod a+rwx path/to/folder/"
  7. Use TextEdit to create a file named macbook-checkin with only the word "normal" in it. Then copy it your web server.

How to use it:

If your Mac is stolen (or to test it) change the word "normal" to "stolen" in the macbook-checkin file on your web server. Then every 20 minutes it will upload files to your web server.

If you want to login to the Mac with ssh run this command on the server you configured as the TUNNELHOST in the checkin script

"perl tcpforward -l TUNNEL_HOST_IP:26969 -l TUNNEL_HOST_IP:26922"

This lets the checkin script create the reverse TCP tunnel to get you past most firewalls. After the checkin script runs the next time you will be able to login with this command.

"ssh -p 26922 TUNNEL_HOST_IP"

(of course you'll want to change TUNNEL_HOST_IP and the ports so that they are correct for your setup)

That's it! Hopefully you'll never need to use it, but it's nice to know it's there if you needed it.

Thursday, April 24, 2008

Zonet ZVC7610 network camera review

I've had a network camera attached to the side of my house for a few years now and it's been quite handy but one day it just died. The picture looked a bit fuzzy, so I went out to wipe the glass in front of the lens. That didn't help so I unplugged it to take a closer look. I didn't see anything wrong with the lens so I plugged it back in, but it never turned on again. I even opened it and replaced a big capacitor (the only non SMT part on the board), but it was not going to come back to life. This event suddenly put me in the market for a new network camera, so I went over to Newegg and looked around at their net cams.

I use a Debian Linux server with the motion camera software to record motion on the camera, so I needed something that was compatible with that software. All the motion software needs is a URL to a jpeg or mjpeg file. My previous camera was a Panasonic BL-C1A, which worked quite well in Firefox, Safari, IE and with my motion recording software. On the Newegg site there were a number of similarly priced cameras that had many neat features that my old camera lacked. I needed to avoid anything that required IE and ActiveX to work, as that almost always means a buggy piece of junk. I found the Linksys WVC54GC and the Zonet ZVC7610 which both seemed to have mjpeg and mpeg4 features, and seemed promising. The Linksys camera seemed to be supported by motion, but it was a bit larger than my old camera and could not do mpeg4 and mjpeg simultaneously. The Zonet camera however claimed to be able to do both, was only slightly larger than my old camera and after the rebate would cost about $50. I ordered it and a few days later it arrived at my house.

That brings me to the rest of the review... the things that you won't find in the datasheet or on the manufacturer's website.

The physical dimensions are:
3.8" high, 2.8" wide, 2" deep (2.6" with the power plug inserted)

The camera does not actually have the mpeg4 feature. I've sent a request to Zonet's tech support to confirm this, and I'll modify this if I hear back, but it's been a week now so I'm not holding my breath. I think they probably just copied the datasheet for their more expensive ZVC7630 product.

The camera is set to use DHCP by default so it will start working immediately, but you'll have to find it on your network. I used fping to find it on my network.

The image quality seems good, but not as sharp as my old camera. You have to turn the lens to focus it, and this allows it to focus as close as a few inches. Here's an image from my camera, about 6" from the bunny finger puppet. The low light performance is reasonable, and the frame rate seems to be close to the advertised 30fps.

The mjpeg URL is not documented in the manual anywhere. I fired up wireshark to find the URL which is http://admin:admin@[camera IP address]/cgi/mjpg/mjpeg.cgi. Unfortunately the format of this mjpeg stream is not compatible with motion. It's also not compatible with Firefox or Safari's native mjpeg support, which is why Zonet had to include a Java applet to handle their custom mjpeg stream format. This is unfortunate.

The single jpeg images are accessed at the URL http://admin:admin@[camera IP address]/cgi/jpg/image.cgi. This wasn't documented either, but it was quite obvious once I looked at the open source files provide by Trendnet for their version of this hardware the IP110.

This brings me to the open source topic and the GPL issues. It seems that Zonet and Trendnet are selling the same hardware with re-branded firmware that appears to come from Allnet for their model 2281 camera. Some of the software in the camera has the name of Fitivision Technology and the hardware matches their CS-100A device, so they seem to be the likely OEM for this device. They even have a live demo of a similar camera. The camera software is built with Linux and makes heavy use of BusyBox, so it seems that Zonet is violating the GPL by not providing source code anywhere. I've asked them to provide me with a copy of the source code, so maybe they will rectify this situation. I've heard that the BusyBox developers have had some success enforcing the GPL in court so hopefully the device manufacturers are becoming aware of their obligations when using GPL software.

A nice discovery came when I scanned the camera with nmap. It turns out the camera is running it's web server on port 80 and a telnet server on port 15566. The telnet server provides direct access to a root shell and no password is required. I'm still exploring the filesystem and applications on the camera, but I've been able to use the tftp client to move files to an from the camera. Eventually I hope to be able to replace or fix the mjpeg.cgi application with one that provides Firefox compatible mjpeg streams.

By now I've decided to keep the camera and I mailed in my rebate request. The next logical step was to get out my screwdriver and crack open the case to see what's inside.

Here are some photos of what I found.

The major chips are

Flash storage


The conclusion: I think the Zonet camera is a good piece of hardware, and it's cheap which is always nice. Since much of the software is open source, I have some hope that I will eventually be able to get mjpeg streams compatible with Firefox. I think the Panasonic is a better choice due to it's superior browser compatibility, and I'll pick that one next time I need another camera. The Zonet camera has potential, but still has a lot of room for improvement to the software.

Update July 6, 2009:
I got side tracked with an IP-9100A camera server and recently took another look at this camera. I searched for firmware updates that might fix the problems but the only company that seems to provide any updates is Trendnet. I found that if I edited /etc/info.conf and set ModelName = TV-IP110 and ModelNumber = 1.0.0-16 it would accept the Trendnet firmware. Unfortunately the firmware (build 57) didn't fix the mjpeg stream and it disabled telnet access, but I had saved an earlier copy of the firmware (build 16) which restored the telnet access.

I've also learned that this hardware is the same as the Micronet SP5511 and like Zonet they do not provided any firmware updates or GPL source code.