Category Archives: Stoker Beta

Version 2.6.0.221

Create a read-only page. The settings are at ro.html. This new web page will allow Stoker to serve up a non-modifiable web page. When you enable the “read-only” mode, the regular web page will have all of its input boxes disabled. When you enable read-only mode, you will need to supply a password. To disable read-only mode, uncheck the read-only box and input the proper password. If you forget the password, then you will have to clear out the database; this will mean you will lose all of your custom settings.

Enable DNS and gateway fields for static IP addresses. To use these settings properly, you must first modify the DNS, gateway, and mask settings, and then at the end set the static IP address.

Fix alarm strings on Twitter.

Clean up output on telnet so that StokerLog will not lose connection.

Version 2.6.0.221

Version 2.6.0.182

Enable Twitter support.

This will allow the Stoker to send tweets to any specified Twitter account. There will be a tweet generated every time an alarm condition is set/cleared and there will be a tweet at regular intervals. The frequency of these periodic updates is user defined.

Warning: Please be extremely careful using this. There are several security pitfalls that the user needs to be aware of. Basically, the entire process is vulnerable. Yikes! I’m no security expert, but these are some thoughts the user should be aware of.

  1. The user will need to enter the Twitter account name and password into the Stoker webpage. The connection between the web browser and the Stoker during the operation is NOT secure. This means the account name and password can be sniffed out while submitting the info to the Stoker.If this is of concern, make sure there is a direct wired Ethernet connection between the Stoker and the computer – no wireless, no switches, no hubs, no routers.
  2. The Stoker stores this information in non-volatile memory. The Stoker software will never publish this information. But Mr. Evil Hacker-man could potentially break into your house, steal your Stoker, unsolder the non-volatile memory, disassemble the executable, and then extract the info from the chip. But man, that’s a lot of work.
  3. The Stoker uses Basic Authentication to send the tweet. This effectively means the Stoker sends the account name and password in raw text direct to Twitter.com. Please see the Twitter APIdocs regarding basic authentication.Since this request uses the Internet, this means the account name and password are vulnerable to anyone sniffing the traffic.

Not exactly a happy set of thoughts. Kinda sucks to be the party-pooper, but there are some things you can do to minimize the risk.

  1. Create a new Twitter account just for the Stoker.
  2. Try to limit any type of personal info on the Stoker profile.
  3. Create a totally new password for the account. Use any strong password generator site to create the password. Here’s a Google search.

Usage: After upgrading, with your new Twitter account strong password in hand, open up the Stoker webpage, and click on the check box labeled “Show Twitter options”.

  • Updates – this enables/disables the Twitter support.
  • Username/password – info for the new Twitter account.
  • Update interval in minutes – number of minutes inbetween periodic tweets
  • Message header – a few words at the beginning of each tweet
  • Click save changes
  • On the “Update successful” page, click on the “Back” link and wait for the new page.
  • Once the new page is served up, reboot the Stoker.

2.6.0.182