Category: Revelation

So I’ve decided to spend a few bucks to fix a few niggling little issues around the house, mostly in the computer department:

• First off, I’m worried about some recent break-ins and vandalism in the neighborhood.
• Secondly, and slightly related, when I’m working in my office at the back of the house, it would be nice to know when the FedEx guy is ninja-ing a non-delivery tag at the front door instead of ringing the doorbell and waiting. Or know when the dogs bark whether it’s somebody at the door or just a shadow across the road.
• The wifi penetration in the house sucks – in some parts of the house, your device will show one bar but nothing will actually get through. And if the microwave is on, forget about getting any signal on the other side of it. I put in a wifi repeater but it’s dog slow, and it uses a different SSID so you have to switch between SSIDs as you move around the house.

So here is what I’m in the process of doing to fix all those things:

• I bought a security camera – an Airsight PTZ Pro outdoor camera with pan/tilt/zoom. If I wanted to, I could hook up a microphone and speaker so I could yell at the FedEx delivery guy to wait for 5 seconds as I run down. I’ve been playing with it and it is pretty amazing, although I’ve found one big flaw (more on that later)
• I am running network cable from my office down into the basement, and from the basement up into the far corner of the basement, the dining room, and out to the front porch. The cable is currently pulled, but it’s not terminated and tested yet.
• I’ve got a 8 port Gigabit Ethernet switch tacked to the wall where the first network cable drop comes down.
• In the far corner of the basement, I’ve got a second router ready to install. I’m going to put this on the same SSID as the main one upstairs, and the same password, but on a different channel, turn off DHCP, and run the outgoing cable from my main router into the “WLAN” port of this one. I believe this will make the switchover from one to the other transparent so you don’t have to remember to switch SSIDs as you walk around the house, and it should perform a lot better than using the repeater. As an added bonus, it also supports 5GHz.
• In the dining room, where Vicki spends 90% of her time when she’s using her computer, especially when she’d doing Second Life for work, there will be a wired network drop. Wifi is all well and good, especially 5GHz, but nothing beats wired.
• The camera allows power over ethernet (or PoE as they call it in the brochure). So since I had to run power out to it anyway, I figured I’d give it the advantages of a wired connection, and run it all through the same wire.
• The camera has the option to upload pictures and recordings to an FTP server. I figured that’s not much good to you if the thieves break in and steal your computer as well, so I’ve ordered a tiny little Raspberry Pi (aka Rπ). I already have a hard disk taken from a laptop that’s not doing anything, so I figure I can set up a tiny little FTP server and hide it somewhere where thieves won’t find it even if they’re ransacking the house. A closet, an obscure corner of the basement, even hidden inside the walls somewhere. These things are amazingly tiny. And I’m considering also using the Rπ to run ZoneMinder as an alternative to the built-in functionality because of the already foreshadowed flaw in the camera.

Ok, so what is this big flaw you’ve been talking about, I hear you ask? Well, it’s simple. The camera has the option to, when it detects motion, email you 5 pictures and start recording video to an ftp server. It also has the ability to pan and tilt and zoom. Those are two awesome features, right there. So what’s the problem? Well, when you set it panning, it interprets *that* as actionable movement and starts sending you emails. Not a good thing if you want it to continuously pan back and forwards. There is another option in the camera that lets you set up a bunch of fixed locations and have it cycle between those locations at intervals. I haven’t yet tested it to see if it’s smart enough to ignore movement while it’s moving between locations.

Oh, in other techie stuff, I finally got around to upgrading my Gallery site to Gallery3. In spite of the promises, the “Gallery 2 Importer” isn’t able to properly translate the URLs that Gallery 2 used to Gallery 3, so links to the Gallery are probably all broken. I did put in a mod_rewrite rule to take care of some of them, but not direct links to image files. Also, I seem to have lost all my raw pictures and movies.

I’m also currently looking into installing “ownCloud” as a way to get more space than I have with Dropbox without paying for it. I want enough space that I can throw my entire Documents folder on it instead of having to think “do I need this on all my machines, or is it ok if it’s just here” for every file. Since one of the two people renting space on my colo box never pays his rent except when I send him an email asking him if he’s still using it, I think I know where I can lay my hands on 100Gb of disk space on a server in a rack really cheap.

In my job, I often have to make accommodations for the security desires of my clients. That can be a massive pain in the ass, but it’s better than working in an office.

So when I started this new job, I worked on my Linux box and my Mac laptop, with a massive preference to my Linux box because it’s got two nice big monitors, a really nice clicky keyboard, and I have all the ergonomics dialed in. I had Postgres running on both systems already for other purposes, and it wasn’t hard to install the software we were using as the base system on both. I kept the software in sync between both of them and the client’s dev server using git. Everything was beautiful. For accessing things like time sheets and corporate email, as well as connecting to their dev server, I had to use Citrix, which was a minor pain, but fortunately I didn’t have to do it very often.

But then the client said “oh, that test database we gave you has real employee ids and the like, and so we need you to take some security precautions with it. Specifically, you need to turn on full disk encryption on your laptop, and purge the copy of the database on your desktop.” It took a bit of work, but I managed to get it so that my software would still run on the Linux box and connect with PostgreSQL on the laptop over an SSH tunnel, and so I’m in compliance with their wishes – I do have to remember to shut down the test server on my Linux box and the SSH tunnel before removing my laptop from the LAN, but that’s ok. That’s what you’ve got to do in this brave new work of computer security.

But now we’re entering a new phase of the project, where my code has to talk to a web service that a different group at the client site provides. And that web service is only available inside their firewall. That gives me a few choices for development:

1. Do my local development without benefit of the web service calls, “comment them out” or the equivalent, and only test them when I “git pull” the code down to their dev server. Not a great option, because the code I’m testing locally is even further away from their code.
2. Write a dummy web service on the Linux box or my laptop or both, and use that for testing. Probably feasible, but more trouble than I’d like to go through.
3. Get a VM on their site where I can do development and testing both.

The last option is probably the easiest. It also means I can get rid of my copy of their database, and therefore get rid of full disk encryption on my laptop (which means no more typing my password every time the display blanks). The downside is that the VM will probably be Windows, which is nowhere near as nice to do development on as Linux or Mac, especially if you don’t have admin privs and so you can’t install the stuff you like. (I’m guessing I can’t install Sublime Text, not sure even if I can install gvim.) The real clincher is whether I’m going to be able to install a version of the base software or not, because if I can’t do that, I can’t work. If I can install it, then I probably can work that way – it’s a simple as that.

But if I’m going to do that, I’m going to want to log in from Linux because of the ergonomics I mentioned earlier. I’ve been using my MacBook Pro (or even this shitty Dell laptop I have for testing purposes) to log into Citrix because I didn’t want to install the Citrix client program on Linux. But needs must, etc. I looked on the Citrix web site and they have a .deb “for 64 bit Linux”. I downloaded it and clicked on it, and it said that it needs to install 246 other packages to satisfy dependencies, including 32 bit versions of nearly every major library out there. Sorry, Citrix, that’s not my definition of a version “for 64 bit Linux”. Ok, I thought, I know a way around this! I’ll install a 32 bit version of Linux in a VirtualBox VM, install the Citrix client in that, and use that to log into the work site.

Well, that turned out to be an adventure in itself. Mostly because I’m using Kubuntu (which is Ubuntu with KDE instead of the god-awful Unity Desktop), which is a little too resource hungry to run in a VM. So I was installing vanilla Ubuntu, Unity Desktop and all. But there was something weird about Ubuntu – I would install it and it was fine, but then it would download the required security updates, and suddenly the “VirtualBox Guest Extensions” stopped working and they refused to re-install. And what that means is that I could share any directories between the host OS and the guest, and more importantly, I couldn’t get the guest to expand to use the entirety of my beautiful 2560×1440 IPS monitor. And that’s a deal-breaker. I tried installing from scratch, and I tried using a pre-built Ubuntu image, and both times if failed after installing upgrades. But I tried a Debian pre-built image, and that worked fine, even after installing upgrades. The only drawback of Debian is that they don’t have proper Firefox, they have their weird-ass IceWeasel browser, which lags way behind the current version of Firefox. So I had to install real Firefox from a tar file, which is like a throwback to the bad old days of Slackware. But that worked fine, and the Citrix 32 bit client installed without any drama, I was able to log into Outlook and Putty on the client side, and so I’m ready for when they get the VM set up for me.