Twitter usage notes

by

For those of you who have enabled Twitter on the Stoker, please note that:

Twitter will ignore attempts to perform a duplicate update. With each update attempt, the application compares the update text with the authenticating user’s last successful update, and ignores any attempts that would result in duplication. Therefore, a user cannot submit the same status twice in a row. The status element in the response will return the id from the previously successful update if a duplicate has been silently ignored.

This is quoted from here. This means that if the temps are the same between two intervals, then the new update will be ignored because the update will be the same as the previous

Version 2.6.0.191

by

Revert web page to maintain compatibility with StokerLog. Twitter settings have now been moved to twitter.html.

So, let’s say your Stoker IP address is 192.168.1.10. And usually, you access the web page with “http://192.168.1.10”. Now, the Twitter settings are located at “http://192.168.1.10/twitter.html”
2.6.0.191

Version 2.6.0.182

by

Enable Twitter support.

This will allow the Stoker to send tweets to any specified Twitter account. There will be a tweet generated every time an alarm condition is set/cleared and there will be a tweet at regular intervals. The frequency of these periodic updates is user defined.

Warning: Please be extremely careful using this. There are several security pitfalls that the user needs to be aware of. Basically, the entire process is vulnerable. Yikes! I’m no security expert, but these are some thoughts the user should be aware of.

  1. The user will need to enter the Twitter account name and password into the Stoker webpage. The connection between the web browser and the Stoker during the operation is NOT secure. This means the account name and password can be sniffed out while submitting the info to the Stoker.If this is of concern, make sure there is a direct wired Ethernet connection between the Stoker and the computer – no wireless, no switches, no hubs, no routers.
  2. The Stoker stores this information in non-volatile memory. The Stoker software will never publish this information. But Mr. Evil Hacker-man could potentially break into your house, steal your Stoker, unsolder the non-volatile memory, disassemble the executable, and then extract the info from the chip. But man, that’s a lot of work.
  3. The Stoker uses Basic Authentication to send the tweet. This effectively means the Stoker sends the account name and password in raw text direct to Twitter.com. Please see the Twitter APIdocs regarding basic authentication.Since this request uses the Internet, this means the account name and password are vulnerable to anyone sniffing the traffic.

Not exactly a happy set of thoughts. Kinda sucks to be the party-pooper, but there are some things you can do to minimize the risk.

  1. Create a new Twitter account just for the Stoker.
  2. Try to limit any type of personal info on the Stoker profile.
  3. Create a totally new password for the account. Use any strong password generator site to create the password. Here’s a Google search.

Usage: After upgrading, with your new Twitter account strong password in hand, open up the Stoker webpage, and click on the check box labeled “Show Twitter options”.

  • Updates – this enables/disables the Twitter support.
  • Username/password – info for the new Twitter account.
  • Update interval in minutes – number of minutes inbetween periodic tweets
  • Message header – a few words at the beginning of each tweet
  • Click save changes
  • On the “Update successful” page, click on the “Back” link and wait for the new page.
  • Once the new page is served up, reboot the Stoker.

2.6.0.182