Ovidiu Predescu's Weblog

How to safely access a remote IP camera

Some time ago I bought a Panasonic BL-C230A Wireless Internet Security Camera so I can monitor my home when I'm not at home. I wanted to be able to get notifications via email when motion is detected at home, and be able to remotely connect to the camera to see what's going on.

Despite the average product rating on Amazon' site, I found the camera to be quite good for what it does, and at its price. It works pretty decent with Chrome or Firefox running on MacOS X or Linux, though you won't get any sound because of the lack of the G.726 audio encoder for the browsers.

The camera comes with a built-in motion detector and you can set it up to email you the images that detected the movement, or you can have it upload those images to an FTP site. It would be nicer if it was able to upload or email short movies with the detected motion, but it doesn't do that. The few open source software monitoring options I investigated did not seem to provide an easy way to do this.

The camera itself comes with instructions on how to setup your home router to allow remote access from the outside of your home network. I wouldn't trust Panasonic, or any other vendor for that matter, with the security of their web server implementation running on their device. Instead of exposing the camera's web server directly over the Internet I decided to use SSH tunneling to allow safe remote access to the camera's web server.

I use an Apple AirPort Extreme Base Station as my router and WiFi access point. There are few nice features of this router that I like:

• it implements 802.11b/g/n
• you can set it up to provide two different WiFi networks, one for the trusted computers you own, another one for guests. The computers on the guest network cannot access those on the trusted network. This is great if you have people coming by your house that want to connect to the Internet using your WiFi router.
• the router has 4 Gigabit Ethernet ports which allow you to connect computers using real copper wires, for faster data transfer between them.
• it has a pretty flexible interface, allowing you to customize your network the way you want. You can tell for example its built-in DHCP server to always provide a given IP address to a network device based on a MAC address.

The only downside is that it doesn't provide a way to automatically update a DynDNS account when its IP address changes. This however can be easily worked around using ddclient, a small open source program that you can run on a computer inside your home network. The program automatically updates your DynDNS account with the public IP address of your router.

Inside the firewall I have a small Asus Eee Box computer running Ubuntu Linux, which acts as a file server, keeping all my music files so I can access them from wherever I am. I setup this computer with the IP address of 192.168.1.2 and forward port 22 on the router to it. On the Linux box, I only allow SSH connections if the client presents a valid SSH key.

The Linux computer is on the same network with my Panasonic IP camera, which uses the 192.168.1.4 IP address. Since the camera is running a web server on port 80, I can open up a browser and point it to its IP address and I can see the camera's user interface.

Using the above I can now access my IP camera from outside my home. On my MacOS X or Linux laptop, I first setup an SSH tunnel, which simply forwards over a secure, encrypted connection my camera's web server port 80:

ssh -L 8080:192.168.1.4:80 -o 'ServerAliveInterval 60' -N -S none linuxcomputer.dyndns.org

To view my camera, I then open up a browser and go to http://localhost:8080. It works like a charm!

Arduino Tiny Web Server - part 2

Latest version of Arduino TinyWebServer: arduino-tinywebserver-20100617.zip.

In part 1 of the Arduino Tiny Web Server I presented some hardware modifications and changes to the Arduino Ethernet shield and the Adafruit Data Logging shield.

In this part I present the Arduino TinyWebServer library or TWS.

TinyWebServer allows you to provide a Web interface to your Arduino-based project. You can get very creative with this, and add a full Ajax web interface to your project. This is possible because it's the Web browser doing all the UI work, while your Arduino board interacts with the hardware connected to it.

I'm using TWS in a remotely controlled projection screen that I'm currently building to replace an existing system. The end goal is to be able to control the projection screen from an Android phone, and let my kids choose to watch movies either on TV or on the big screen. More on this is a later post, until then read below to see this works.

The library has been developed on MacOS X and should most likely work fine on Linux. No guarantees about Windows, but I'd love to hear if it works for you.

Arduino Tiny Web Server - part 1

Arduino TinyWebServer is a small and extensible HTTP server implementation designed to run in a limited amount of space on an Arduino Duemilanove. It uses the Ethernet Shield for network connectivity (from Sparkfun or from Adafruit), and the Adafruit Data Logging shield for storage purposes.

Web pages, images and other content can be copied manually on the SD card or uploaded through the HTTP server. The latter allows you to push new versions of the web server's content without the need to remove the card, which can be a pain in embedded applications.

In the first part I present some changes that have to be made to the hardware used and its accompanying software. Part two presents a small open source software library that implements the Arduino TinyWebServer.

Aniversary of the June 1990 Mineriada in Bucharest, elections in Iran

I don't usually post about politics on my blog, but today's circumstances are special. 19 years ago on June 13th, Ion Iliescu, the newly elected president of Romania, called on the miners to impose the civil order in Bucharest, the capital of the country. For more than 2 months students and other people demonstrated against election irregularities and the manipulations of FSN, that lead to the Iliescu's election as president. FSN was the organization formed by Ion Iliescu shortly after the December 1989 Revolution to temporarily rule Romania while elections were arranged.

Prior to these events, Iliescu gradually built his power. Following the December 1989 Revolution in which the former communist regime was thrown out and its president hastily killed, Iliescu became the head of FSN. This was an organization formed from all the independents and later political parties interested in helping out organize the first free elections in Romania after 45 years of communism.

Using the political clout gained by being the head of FSN, Iliescu decided in January to run for president. Using a still entrenched media, Iliescu and his party manipulated the media by presenting only their side of the story. With this and what appeared to be massive irregularities during the election, he won a detached victory in the April elections. This prompted massive demonstrations in Piata Universitatii, one of the main squares in Bucharest. These demonstrations were lead by the students of the University.

At the time I was student at the University, and so I was present. This demonstration went on every day for almost 2 months, gathering tens of thousands of people every day. The center of the city was shutdown, including at night. People set up tents in the square and effectively camped out for weeks. Those were great times: as an energetic young person you felt you could really influence the outcome of politics. It was incredible!

On June 13th, various diversions were set up and what was until then a peaceful demonstration turned violent. Cars were set on fire and shops destroyed by instigators that had nothing to do with the demonstration. The next day, Iliescu called on the miners to travel to Bucharest and "reinstate the social order". Thousand of them came to Bucharest. They beat and killed people in the streets, attacked and destroyed the University, the headquarters of the opposition parties. This was all done in the name of the Revolution and under the guidance of Iliescu's men. He even thanked them publicly on television for a job well done!

Despite all these Iliescu went on to be president, and was even re-elected 2 times. This goes on to show how strong the media manipulation can be, and the importance of a politically educated electorate.

You can see some videos from the Mineriada events in Bucharest here. Unfortunately most of them do not have an English translation.

An unfortunate strange and sad coincidence, but similar events appear to be happening in Iran. Media manipulation, fear, uncertainty, and doubt, and possible election fraud contributed to the re-election of Mahmoud Ahmadinejad. Massive demonstrations in Tehran happened for the past two days to protest the falsification of the election. I'm afraid the powers to be in Iran will use a similar strategy to impose the social order in Tehran. I'm hopeful though that a better and peaceful solution will be found.

Maker Faire 2009 - the best festival so far

I finally had some time to go through the pictures from this year's Maker Faire. By far this was the best one so far! Lots of people participated with very interesting projects, and the variety was huge.

What was striking this year was the quality of the projects and how much time people put in them. The list of projects, sorted by type can be found at the Maker Faire's web site.

Here are some of the cool projects I liked:

• Bike wheel display. Uses LEDs controlled by a small computer to show images on a moving wheel. By Monkeylectric.
  
• Bill Buzbee's Magic-1 computer. The CPU is built entirely from 74 series TTL chips. Bill now works at Google on the Android team.
  
• Kinetic sculptures. These were incredibly detailed mechanical assemblies custom made from metal by few talented artists. Though artist in this context is an understatement: these guys have knowledge of mechanics, electronics, and are very good at building things.
  

There were a lot more interesting projects that I won't talk about in this post. Check out the Maker Fair's website for a list of participants. Also check out my Picasa album containing more pictures from the event.