Home Assistant and TP-Link

Last week, I spotted this tweet from the official Home-Assistant account.

In short, what’s happened is that TP-Link issued a firmware update that turns off the ability to control their smart plugs (and, one assumes, smart switches) from a device on the local network (e.g. Home Assistant), leaving the cloud-based API, and their official KASA app, as the only way to control the devices.

I use TP-Link smart plugs myself. Currently to automate some lamps in the living room, but I’ll also be using them soon to automate the Christmas lights. (Sure, I could use a lamp timer, but I want the lights to go on right at sunset, not “sometime near sunset.” ?) For me, key parts of the value proposition were (a) It worked with Home Assistant (b) It didn’t require using someone else’s cloud (i.e. my usage patterns remain private).

Digging into it a bit… Turns out that there really is a legit security flaw with these devices. I haven’t seen any official details from TP-Link, but I found other reports of problems (Which?, October 2020; Fernando Gont, March 2017) involving weak encryption and the ability for other people to control the device.

So, it’s a legitimate concern. Ideally, the fix would be a locally accessible API with authentication. Turning off local access altogether is rather “ham fisted.”

Home Assistant has issued an alert that the TP-Link integration is “broken” with a link to a user-community discussion, though the alert isn’t really as obvious as one might hope….

Now that I know about the problem, I’ll have to weigh the risks of leaving the firmware out of date against losing my automations. I like the TP-Link plugs, they’ve been pretty reliable over the past several years, and the Home Assistant integration is about as simple as they come (you add a plug to your network, Home Assistant adds it to the list of devices…. easy peasy).

Ultimately, this comes down to the risks of using a “black box” product, where there is no official support for Home Assistant. Fortunately, there is a bit of good news in this. TP-Link seems to value the Home Assistant community and in response to the uproar is working on a fix to restore the local-control functionality.

The question is, do I trust them not to break it again?

Sending mail from a script on a Raspberry Pi

I’m working on a project where I need to send email from my Raspberry Pi. Installing a full-blown SMTP server would be overkill, I just need something where I can send messages from a bash script.

A brief search led me to a forum post from 2013 which talked about configuring the ssmtp package. That post in turn referenced a step-by-step guide from 2009. Unfortunately, both seem to be out of date, and the latter is for installing it on CentOS?RHEL/RedHat/Fedora. So here’s my attempt at an updated version for the Pi (which should apply to any Debian-based Linux distribution).

Notes

  • These instructions send via Gmail. If you’re using two-factor authentication (and you really should), you’ll need to set up an application -specific password. Otherwise, you’ll get authentication errors.
  • The password is stored in plain text. This solution is not suitable for use on a shared system.

The Steps

sudo apt update -y && sudo apt upgrade -y
sudo apt install -y ssmtp
sudo vi /etc/ssmtp/ssmtp.conf

Make these changes to the ssmtp.conf file

mailhub=smtp.gmail.com:463
FromLineOverride=YES
AuthUser=Your_GMail_Address
AuthPass=Your_GMail_Password
UseTLS=YES

I also set the root= setting to my email address. I don’t believe this is necessary, but it does allow me to get notified when something goes wrong with one of my messages. (The way I first found out my configuration was working was a message from a cron job which had some unexpected output.)

Testing

Part of the installation is to set up a symlink so that sendmail becomes an alias for ssmtp. You can use either command.

The ssmtp command doesn’t seem to include command-line options for specifying the subject line or the name of the recipient..

So, here’s a command line you can use. Edit the email address as suits your needs. (The sender name and email address will be embedded by GMail.)

Ignore the word-wrap, this is all one line.

echo -e "Subject: Test Message\nTo: Your Name Here <you@example.com>\nThis message was sent via ssmtp." | ssmtp -t

Alternatively, you can put the recipient’s email address on the command line (the message will then be received as a BCC).

echo -e "Subject: Test Message\nThis message was sent via ssmtp." | ssmtp you@example.com

Troubleshooting

Four files are written to /var/logs

  • mail.err – contains an entry for each time there’s a problem sending a message.
  • mail.info – contains an entry for each attempt (successful or failed) at sending a message
  • mail.log – duplicates mail.info.
  • mail.warn – duplicates mail.err.

(Image via Pixabay user Deans_icons used under Pixabay License.)

Creating a Time Lapse Video with ffmpeg

This is one of those posts I’m writing for myself as much as for anyone else. ?

Someone from the local Buy Nothing group had some older webcams they were giving away and I was able to get one. My long term goal is to eventually set up a camera with a Raspberry Pi and do some motion-activated photography of whatever wildlife comes through our backyard. (Previous attempts have revealed deer, a fox, and various stray cats.)

For now though, I put it in my office window and set up the Windows 10 camera app to take photos of the front-yard flower bed once every ten seconds. After about 90 minutes, I had 504 photos. Now, what to do with them?

Stepping through them quickly in the image viewer made a day of gentle breezes seem quite windy. So I decided to turn them into a time-lapse.

The VLC player is my go-to for playing videos, and I’ve had some luck using to convert between formats as well, so I wondered if I might be able to use that. I found some tips for using it to create “slideshows”, but nothing for saving the slideshow as a video file.

But I did notice that a lot of the comments mentioned using ffmpeg.

That’s a Linux program, so I opened a I opened a Windows Subsystem for Linux prompt and installed it.

$ sudo apt update && sudo apt install ffmpeg

The ffmpeg program has a rich set of command line options to learn, but for now, I just wanted to convert my photos to a video. After a few false starts, I found some helpful tips in this Stack Overflow answer and tried it out

$ ffmpeg -framerate 1 -pattern_type glob -i '*.jpg'   -c:v libx264 -r 30 -pix_fmt yuv420p out.mp4

The first pass, with one frame per second, wasn’t quite what I was looking for. It was a “slideshow as video” but too slow paced for what was really 504 nearly identical images.

The next pass was 10 frames per second, followed by 30. I finally settled for 60 frames per second:

$ ffmpeg -framerate 60 -pattern_type glob -i '*.jpg'   -c:v libx264 -r 30 -pix_fmt yuv420p out-60fps.mp4

Mike Friedman is not the devil

For the record, Mike Friedman is most certainly not the Devil. I suppose it’s easy enough to understand why you might think that, but it’s not true.

Granted, he does have that happy “devil-may-care” attitude and really, who could get away with that sort of thing better than the Devil himself? It’s also true that Mike was the one who came up with the idea for Crazy Eight Press, and the very first story to come from that group was a tale called “Demon Circle”. Although it’s incriminating, it’s still just coincidence.

But the thing that really gets people wondering is his publicity photo. He’s got a spread of books laid out in front of him, and he’s dressed a bit like Han Solo. Then there’s the background: It’s not a fiery pit, but it’s certainly a deep, blood red. And Mike’s got a big smile, like he knows every sin you’ve ever committed; and his face appears to be reflecting that same blood red, as though he’s surrounded by some sort of flames.

I know that photo well. It shows up on various convention web sites now and then (Shore Leave’s been using it since 2010), and recently its been showing up in “meet the contributors” emails for various Kickstarter projects he’s participating in.

But that photo’s origins aren’t at all demonic. Back in 2009, when I had just recently purchased my first-ever digital SLR, I took it to Shore Leave and took photos of a bunch of the authors. I didn’t yet realize how little I understood about photography and between that lack of knowledge, and the hotel’s rather “unique” color scheme, some of the photos came out rather deeply saturated. Mike just happened to be sitting in front of a wall covered, not in brimstone, but particularly garish red wallpaper, and the camera did the rest.

That’s really all there is to it, Mike’s not the Devil; it’s just the photographer was (and still is) a real hack.

If you’ve spent any time at all chatting with Mike, you know, he’s actually a very friendly guy, and not the Prince of Darkness. Indeed, he’d likely be quite hurt if anyone thought otherwise.

And I’m not just saying that because he’s holding my soul hostage.

Pi-Hole

I’ve been experimenting with a Pi-Hole for the past two weeks. This evening I reconfigured the home network so all of our devices will default to using the Pi-Hole for IP address assignment and DNS.

Next, I set up a group so my wife’s work computer will be exempted from DNS filtering. A web-based application shouldn’t break because of a blocked tracker, but I don’t want to troubleshoot any collateral damage.

Finally, I reconfigured my phone and desktop to get their IP and DNS information dynamically instead of the static settings they’d been using while I evaluated the set up.

If all goes according to plan, I just sit back and relax and no longer have to deal with ads for an item I bought last week following me across the web for the next month.

(Public domain image from US National Aeronautics and Space Administration)

Typing Emoji on WIndows 10 ?

This has the potential to be dangerous. ? I was writing an email to a friend and wanted it to be perfectly clear that what I was writing was joke. I find the purely textual emoticons such as the sideways smiley 🙂 are often mistaken for punctuation and their intent lost, so I wanted to use a graphical emoji. We both use GMail, but I don’t care for the “melted lump” characters Google put in there.

On a whim, I did a search for how to type emoji on windows 10 and found a PC World article explaining how to type emoji if you have the Fall Creators Update. My immediate thought was to wonder if it was safe to assume everyone had it yet, and then I realized the article was from 2017! So the feature’s been there for a while and I just didn’t know about it.

So, if you on Windows 10, you can type emoji by pressing the Windows Key, followed by either the period or the semi-colon, and an emoji keyboard will appear. This is much more convenient – and universal – than any per-website or per-application emoji button.

Don’t get me wrong, I’m not a huge fan of emoji, but sometimes you just really want to type ? or ✈ without first visiting emojipedia. ?

(Only bummer on this is GMail replaces the emoji characters with the “melted lump” equivalents.)

By the way, Mac users can do the same by pressing and holding down both the [Control] and [Command] keys and then hitting the space bar.

Image by Pixaline from Pixabay. Used under the Pixabay license.

My Podcast List

I spotted this tweet from Zach Kahn and it got me thinking about my podcast listening habits.

Aside from traffic reports, I’ve pretty much given up on listening to the radio these days. Media consolidation has taken us to the point where you hear the same few songs on all the stations and the air personalities aren’t even in the same city as you any more.

About five years ago, I had to drive about 14 hours in two days. After the first leg of the trip, I decided to download a podcast app (I use Podcast Addict) to check out this “Hanselminutes” podcast I’d been hearing about and see what it was all about. I liked what I heard, and now when I’m driving to work, instead of listening to music, I’ll generally listen to a podcast.

In no particular order, here’s my listening list:

Hanselminutes – Hosted by techie Scott Hanselman, the podcast is self described as “Fresh Air for developers.” This was pretty much my “gateway drug” to the world of podcasts. Although Scott works for Microsoft, the podcast rarely touches on Microsoft-related topics, it mostly seems to follow Scott’s own interests which seem to range from career development, to retro video gaming, and accessibility but still hitting topics such as the Rust language and mathematics.

.Net Rocks – Hosted by Carl Franklin and Richard Campbell, the podcast covers topics of interest to developers who use Microsoft’s .Net frmework, so not just .Net and Windows, but also things such as Octopus Deploy, Docker, quantum computing, Test Driven Development (TDD), and JavaScript frameworks. For the past year or two, the show has dropped to one episode per week, mostly interviewing speakers at developer conferences.

You Bet Your Garden – Hosted by Garden Guru Mike McGrath, the podcast is a repacked version of the nationally syndicated You Bet Your Garden radio show on public radio. (In its current incarnation, the show is both an hour-long public radio show and a half-hour TV show on PBS station WLVT in Bethlehem, PA.) It’s a call-in show where people call with questions about plant care and related topics (gardening, lawn care, house plants, and pest control) and Mike gives them solutions using organic gardening techniques.

RunAs Radio – Hosted by Richard Campbell and described as “a weekly podcast for IT Professionals working with Microsoft products.” The show is somewhere between an interview and a casual conversation between Richard and that week’s guest about the guest’s area of expertise. The conversations seem to assume the listener is already deeply familiar with the topic at hand, but as a non-operations person, I still find enough of interest to keep listening. For example, a recent show about “Runbooks in Octopus Deploy” provided some interesting ideas for how to better approach my own DevOps needs.

Wait, Wait… Don’t Tell Me! – Because geeks need to laugh too. Hosted by Peter Sagal, Bill Kurtis, and a rotating panel of comedians and humorists, the show is described as a “weekly news quiz” in which listeners call in and attempt to answer questions about the weeks news. Each week also features a “Not My Job” segment in which a celebrity is first interviewed and then quizzed about something unrelated to their field of expertise (e.g. cosmologist Neil deGrasse Tyson being quizzed on Cosmetology).

RadioLab – A weekly exploration of, well…. it varies. They’ve viewed the world through the lens of Dolly Parton’s music, explored the origins and history of square dance, and generally taken a host of other topics and looked at them from all perspectives.

The TED Radio Hour – Interviews with TED speakers, intermixed with excerpts from their talks. Usually three or four speakers, with different takes on a common theme.

That’s my listening list. And so dear hypothetical reader, what podcasts do you listen to?

(Image by Pixabay user PIX1861, used via Pixabay license. )

Password change for a PayPal business subaccount

PayPal business accounts allow you to set up separate logins with restricted access to the account. So for example, you need to have someone who can send invoices and issue refunds, but isn’t allowed to send money.

The accounts have separate passwords from the master account. Changing the password for one of these subaccounts is simpler than for the master account, but the process isn’t completely obvious if you don’t know what all the icons mean. (This was accurate at the time it was written, but user interfaces do change.)

  1. Login to PayPal.
  2. In the upper right corner of the page, click on the gear icon.PayPal "settings" gear icon.
  3. From the menu, click “Your Profile.”
  4. In the “Password” row, click “Update”PayPal login and security screen
  5. Enter the current password in the “Confirm your current password” field.
  6. Enter the new password twice (once for confirmation)
  7. Click the “Change Password” button.

Turning off Windows feedback prompts

I use Windows, Linux and Mac. I hop between them several times a day and find that each has its own strengths and annoyances.

This evening, Windows presented me with a prompt, asking how hard it is to customize Windows. It took me out of my workflow, distracting me from the task I originally wanted to work on.

As a society, we get a lot of surveys. Because if asking a small sample of consumers what they think of a product will give useful information, then asking a large group will surely give the survey takers an even better idea of what’s going on.

And so, we get surveys on the receipts at restaurants and home improvement stores. We get feedback requests from apps on our phones. (We probably get surveyed on drug store receipts, but it’s hard to tell with all the coupons.) And now we’re being prompted for feedback from the computer’s operating system.

Here’s how to (hopefully) remove that one: At least, until they add another survey tool.

  1. Go to the settings app (Windows key + I
  2. In the search, type “Feedback”
  3. Select “Diagnostics & feedback settings.”
  4. Scroll down. About 2/3 of the way down the page, you’ll find a box for selecting “Feedback frequency”, labeled “Windows should as for my feedback.” By default, this will say “Automatically (Recommended).”
  5. Change the setting to suit. (I chose “Never.”)

I’ll update this post as I find other feedback prompts to disable.

(Image by Pixabay user mohamed_hassan, used under the Pixabay license.)

Why do DNS changes take so long to show up?

My project manager asked me yesterday, “Why do DNS changes take so long to show up?” We were in the process of moving a web site to a new server and he hadn’t expected it to take 90 minutes for all the traffic to move to the new server.

As background, let’s talk about what the Domain Name System (DNS) is for a moment. Every computer connected to the internet has a unique address, called an IP address. You can think of this as being similar to a telephone number. For www.example.com, the IP address is 93.184.216.34.

The problem with IP addresses is, they’re hard to remember, which is why we have a system of domain names (example.com) for groups of computers and host names for individual computers. This is similar to a person having a family name and a given name.

The DNS system is similar to your phone’s contact list. Most people don’t know all the phone numbers in their phone’s contact list; instead, they know to look up Bob Smith in the contact list and when they press the dial button, the phone looks up Bob’s phone number and dials 732-555-1234.

Similarly, when you type www.example.com into the web browser, your computer contacts the DNS system, looks up the IP address, and connects the browser to 93.184.216.34.

Rather than look up the IP address on every request, your computer will remember (or cache) the address for a while. How long it should remember the address is controlled by whoever owns the domain name, it can range anywhere from a few seconds, up to days or longer. Commonly, it’s set to several hours. This is called the DNS record’s “time to live.”

So if you run www.example.com and move the website to a new host (this could be a new hosting provider, or simply a new server at the same provider), part of the move will be to update the DNS system (contact list) with the new server’s IP address (phone number).

Because of the DNS time to live, other computers may continue to contact the old server until the DNS record expires, at which time they’ll look up the address again and find the new IP address. (This is an important consideration when moving a web application which maintains any sort of application state information.)

Bonus: Looking up IP addresses

Most Linux and OSX computers will have a program called dig installed. (Alternatively, you can also use the Dig tool from Google’s online “G Suite Toolbox”) You can use this to look up the IP address of any computer connected to the internet:

blair@Squawk:~$ dig www.example.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16595
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        80319   IN      A       93.184.216.34

;; Query time: 7 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Jan 14 02:01:45 EST 2020
;; MSG SIZE  rcvd: 60

blair@Squawk:~$

In the part labeled “;; ANSWER SECTION”, there’s a line which reads:

www.example.com.        80319   IN      A       93.184.216.34

The the server’s IP address is 93.184.216.34 and the computer will remember the IP address for another 80,319 seconds (about 22 hours). If you look up the same record several times in a row, you’ll notice that the number decreases over time. (It appears the record for www.example.com is configured with a time to live around 24 hours.)