Phil Dreizen

Why secure an IPcam?

My girlfriend and I wanted a *secure* ip camera to watch her pet tortoise. Unfortunately, it's very difficult to find any cameras that are affordable that also can handle SSL encyrption - cameras with SSL functionality seem to be very expensive.

So I decided to use a Foscam FI8910W, which is an adequate and cheap ipcam - but has no SSL support - and use a Raspberry Pi to run an apache web server which would act as an SSL reverse proxy to the camera. The ipcamera would be restricted to the LAN only, but the raspi, which also lives in the LAN, would be accessable from anywhere. All access to the apache web server is SSL encrypted, so in turn, all access to camera outside the LAN is also encrypted.

People seem to ask, "why bother making the camera secure?" so often, I decided it was worth spending some time answering. I think an example is in order here: start by googling for allintitle: "Network Camera NetworkCamera" and look around. There are lots of search terms that find insecure cameras you can try. (This is a case where starting a page or two into the results will be better than starting from page 1.)

ipcameras have microphones, so anyone listening in can eavesdrop, and the direction the camera is pointing at can be controlled remotely via the web. So, someone getting access to the camera who shouldn't can see (and hear) more than just a pet you're keeping an eye on. And the password protection cameras without SSL encryption provides lend a false sense of security. The passwords are sent over the network in plaintext, so anyone with the right tools (a packet sniffer like wireshark) can see your password.

For this post, I'm not going to go into exact detail on how I set this up. (I may do that in a future post). But here are some pointers. First, you may need some help setting up the Foscam. I recommend looking at Linux compatible Foscam Wireless Netcams. Then you're going to need to set up the apache webserver. There's already a post that does go into some detail about setting up apache specifically for a Foscam here: Securing Foscam IP camera access over SSL with Apache reverse proxying. More detail on setting SSL on Debian, is useful for anyone running Raspbian on their Raspberry Pi, which there is a very good chance you are.

Finally, I should mention an annoying snafu I bumped into. The OTHER purpose of the Raspi I was using for this project is to be a XBMC Media Center, and so it is running Raspbmc. Raspbmc comes with iptables set up to drop all traffic outside the LAN. So you'll have to open up whatever port you have apache listening on by modifying:

/etc/network/if-up.d/secure-rmc

You'll have to add a rule like:

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

That will open the raspberry pi to the world. Well, once you configure your router to port forward to your raspberry pi anyway.

So...now I wonder...should I make a detailed tutorial?

review: Star Trek III: The Search for Spock

Summary: An underratted movie that deserves more praise.

*spoilers* *this post has spoilers*

The general opinion is that, for most of the Star Trek movies, the even numbered movies are very good, and the odd number movies are very bad. (see: Star Trek Movie Curse). I've tended to agree: Wrath of Khan, Voyage Home, Undiscovered Country, and First Contact are all movies I like. I recently rewatched Star Trek III two times in the span of a month - and I liked it more than I thought I would. I think it's evidence that the Curse isn't real.

The movie opens shortly after the previous one ended. The Enterprise is returning to Earth to recover from its recent battle with Khan. Kirk is miserable about Spock's death, and McCoy seems to have coped by going crazy. To make things worse, upon arrival at Earth, they learn the Enterprise is going to be decomissioned - so soon after Spock sacrificed himself to save it.

A surprise visit from Spock's father, Sarek, reveals that Vulcans can dump their memories (or "katra") into nearby living beings before they die. Sarek appears about as angry a Vulcan can be, because he believes Kirk shouldn't have abandoned Spock's body on the Genesis Planet. To see if Spock might have dumped his memory into Kirk, the two mindmeld, and we're treated to a great scene in which Kirk relives Spock's final moments. Kirk's whimpering "No..." as he relives his helplessness is something we never get to see our heroes do in traditional action movies. Usally such pain would be accompanied by anger and frustration - so that the hero appears powerful instead of weak. But between Wrath of Khan and Search for Spock, we get to see Kirk showing the rawest, purest kind of pain, multiple times - and Kirk becomes a more compelling character for it. Shatner is really good at pulling these scenes off - he really deserves more credit as an actor.

It turns out Spock's katra isn't in Kirk at all. Instead McCoy's bizzarre behavior is due to having to keep all of Spock in his head. And so we have our story: to honor their friend's memory and customs, Kirk and McCoy must go to the Genesis Planet to fetch Spock's body and return it to planet Vulcan, along with his katra. Standing in their way is the Federation, who incompetently is restricting access to the Genesis planet to everyone other than a helpless science vessel commanded by a sheepish captain. There's also Kruge, a (rogue?) Klingon captain who wants to learn the secret of the Genesis missile.

Kirk and crew steal the Enterprise to get to the Genesis Planet in a sequence that exemplifies what makes the original movies so much fun to watch. As an audience, we know they'll be successful getting the ship out - so the film chooses to make the escape funny and casual instead of working off of manufactured tension and suspense.

Meanwhile, on Genesis, Saavik and David Marcus (Kirk's son) beam down to investigate an unexpected life sign, and discover Genesis has regenerated Spock, but he's an empty shell - a rapidly aging young clone of Spock with none of his memories. They also learn that the Genesis Planet isn't going to be around much longer. Soon after this discovery, Kruge arrives at the Genesis Planet (before Kirk does), destroying the poor science vessel the Federation left to fend for itself.

Kirk and Kruge face off. Kirk wins. But in the process he loses the Enterprise, and he loses his son. By 2013, blowing up the Enterprise is practically a Star Trek movie tradition. But here, this is the original Enterprise - the one we watched in The Original Series. (NCC one seven O one. No bloody A, B, C, or D*) It's a big deal, and effectively done. And the special effects for the explosion are apporopriately dramatic. Kirk, McCoy, the crew, and the audience watch as the Enterprise crashes into the dying Genesis Planet. And while David was never a character I was attached to, his death is lent power by the way it's filmed and by Shatner's performance. When David dies we hear no music - just the brutal sound of his being stabbed and his dying grunt. There is no music either as Kirk learns David died, and falls to the ground, shattered, crying, and impotently repeating "Klingon bastards, you killed my son."

In the finale, Spock's empty clone - now conveniently the same age as the original Spock was when he died - is returned to Vulcan, and a Vulcan ritual (influenced by the TOS episode Amok Time) is performed that puts Spock back together. The movie ends as Spock is reunited with his fellow crew members, and there's just a lot of love and joy in the reunion.

At the end of all this we end up with Spock, alive, and mostly well. If anything, THIS is the movie's flaw. Bringing Spock back cheapens the impact of his sacrifice in the previous movie, even if the contrivance to get it done was well executed and mostly fit into the Star Trek Universe.

As to the contrivance itself - the Vulcan katra: how is it that humans didn't know about it by the time the movie takes place? Also, why would the Vulcans be interested in retreiving the dead body of Spock - you would think only the katra itself would have mattered..

Finally, it's also worth noting that Search for Spock is responsible for introducing a lot of things into the Star Trek canon. Including:

  • The Excelsior class vessel, which seems to be the workhorse ship of Star Fleet in TNG
  • The Klingon Bird of Prey - the most commonly seen Klingon ship therafter
  • It's the first time we see Earth Space Dock, the model for all other Space Stations
  • While the Klingon language was introduced in "Star Trek: The Motion Picture," this is the first time it gets a formal grammar and a very rich vocabulary.

NOTE: this is the first time I've ever written a movie review. In the future, I don't know that I'd write a synopsis as I did in this one. It's a lot easier to just write a review assuming whoever is reading it knows the movie well, and just jump into it. In fact, I would have spent more time with analysis had I skipped the synopsis, but I exhausted myself....

Return of PHOE

The Peanut Horders on Ecstasy, aka PHOE, and their smash hit "Sixty Hot Dogs," are back on the World Wide Web and can be found at phoeproductions.net. This is the first time in over 10 years that they're back with a new (sparse) webpage. What you'll find there is an embedded Youtube video, a brief history of PHOE, and most importantly: the ability to: download the Sixty Hot Dogs movie.

That link again is: phoeproductions.net

tags: phoe
RSS Feed Activated

Next major milestone has been met. You can now subscribe to kupad.net here: http://kupad.net/feed.rss.

tags: kupad.net
Starting again...again.

Hi Everyone. I'm starting this website (and this server) from scratch after having letting it go stale. The server is now running Debian Wheezy.

Some technical details follow: I'm trying something that is, arguably, insane. I'm writing the blog portion of this site in php, from scratch, backing it with a dbm database. The keys are the time of the post, and the entry itself is a JSON string representing the post. Arguably NoSQL inspired -- not that I know much of anything about NoSQL. In any case, something about the arrangement seems "simple" to me. Also, it lends itself to CLI tools to manage the posts. Also, I must be some kind of masochist.

So, when deciding on what kind of dbm to use, I made a "fun" discovery: Wheezy packages php5 with qdbm support and no gdbm support. But packages python with gdbm support and no qdbm support. And there doesn't seem to be any way to rectify the sitution using the repositories. This is quite annoying if I had wanted to use python and php to interact with the same underlying db, which I was considering doing. On the bright side, it stopped me from doing that.