Version 2.7.0.1

A few minor updates for speed.

New favicon.ico

JSONP support. The firwmare will now allow the JSON GET request to specify a callback parameter. Example:

        http://192.168.0.1/stoker.json?callback=parseResponse

The Stoker will send back the JSON response wrapped in parseResponse.

Version 2.7.0.1

 

Twitter and static IP addresses

When using the Twitter functionality with a static IP address on the Stoker, please make sure all the IP-related fields are filled in properly. The four fields are:

  • IP address
  • Subnet mask
  • Gateway
  • DNS server

These settings can be found on a Windows machine using the command ipconfig /all at the command prompt. The /alloption is necessary to show the DNS server. This should be run on the same physical network the Stoker is on.

Version 2.6.0.254

Update Twitter capabilities to handle twitter.com’s retirement of Basic Authentication in favor of OAuth.

Twitter is migrating to a new authentication method called OAuth. This is a clever algorithm that allows bits of user data (pictures, videos, tweets, etc) to be shared between sites and applications without having to share usernames and passwords.

Unfortunately, this is all a bit too much for the stoker. The big roadblock is implementing the SSL support used by the algorithm. SSL is the technology used to make sure all your online purchases are secure.

The solution I’ve found is to use a service provided by www.supertweet.net called MyAuth API Proxy. This acts as a middle man between the Stoker and Twitter.

So previously, basic authentication was used by the Stoker to send tweets:

Now twitter is requiring OAuth. The fat arrow is an attempt to show a more robust connection between the client and twitter.

The solution is the middleman www.supertweet.net.

A quick how-to

  • Go to twitter.com and logon with your Stoker only account (you are using your dedicated stoker account, right?). Keep the tab open.
  • In a new tab, go to www.supertweet.net click on “Sign in with Twitter”
  • This will redirect you to twitter.com and you will be presented with a Deny/Allow page. Allow.
  • This will then redirect you back to supertweet.net. Click on “Activate”.
  • Choose a new password. DO NOT USE YOUR TWITTER PASSWORD!
    • Although the Stoker is dependent on supertweet.net for OAuth, one of the main ideas for OAuth is never having to give other sites your twitter.com password. In the spirit of that idea, you should choose a separate password for this
  • Open up the twitter page on the stoker (http://the_stoker_ip_address/twitter.html)
  • Enter the new password into the password field. Click Save Changes.
  • Done.

Disabling/de-authorizing/deactivating

  • Disable twitter on the Stoker
  • AND/OR Disable the account on supertweet.com by clicking “Make Inactive”
  • AND/OR Disable the authorization on twitter.com by going to “Settings” and then “Connections” and then “Revoke Access” for MyAuth API Proxy

A couple of notes

During this whole process, you should have only used your true twitter password once to log onto twitter.com. This is the whole point. So now, not even the Stoker knows the twitter password. The system works.

The one gotcha is that we are now dependent on supertweet.net to honor our privacy and not do anything malicious with the regular temperature updates. Sounds stupid, I know. I mean, it’s all public anyway. But just something to consider.

Version 2.6.0.254

More Twitter usage notes

More info for Twitter support on the Stoker.

Tweets will only work if you are using DHCP on the Stoker. The reason is there are bugs in using static IP addresses where the user cannot specify the gateway IP or the DNS IP addresses. Until this is fixed, the only way to set these values is to use DHCP.

Twitter usage notes

For those of you who have enabled Twitter on the Stoker, please note that:

Twitter will ignore attempts to perform a duplicate update. With each update attempt, the application compares the update text with the authenticating user’s last successful update, and ignores any attempts that would result in duplication. Therefore, a user cannot submit the same status twice in a row. The status element in the response will return the id from the previously successful update if a duplicate has been silently ignored.

This is quoted from here. This means that if the temps are the same between two intervals, then the new update will be ignored because the update will be the same as the previous

Version 2.6.0.182

Enable Twitter support.

This will allow the Stoker to send tweets to any specified Twitter account. There will be a tweet generated every time an alarm condition is set/cleared and there will be a tweet at regular intervals. The frequency of these periodic updates is user defined.

Warning: Please be extremely careful using this. There are several security pitfalls that the user needs to be aware of. Basically, the entire process is vulnerable. Yikes! I’m no security expert, but these are some thoughts the user should be aware of.

  1. The user will need to enter the Twitter account name and password into the Stoker webpage. The connection between the web browser and the Stoker during the operation is NOT secure. This means the account name and password can be sniffed out while submitting the info to the Stoker.If this is of concern, make sure there is a direct wired Ethernet connection between the Stoker and the computer – no wireless, no switches, no hubs, no routers.
  2. The Stoker stores this information in non-volatile memory. The Stoker software will never publish this information. But Mr. Evil Hacker-man could potentially break into your house, steal your Stoker, unsolder the non-volatile memory, disassemble the executable, and then extract the info from the chip. But man, that’s a lot of work.
  3. The Stoker uses Basic Authentication to send the tweet. This effectively means the Stoker sends the account name and password in raw text direct to Twitter.com. Please see the Twitter APIdocs regarding basic authentication.Since this request uses the Internet, this means the account name and password are vulnerable to anyone sniffing the traffic.

Not exactly a happy set of thoughts. Kinda sucks to be the party-pooper, but there are some things you can do to minimize the risk.

  1. Create a new Twitter account just for the Stoker.
  2. Try to limit any type of personal info on the Stoker profile.
  3. Create a totally new password for the account. Use any strong password generator site to create the password. Here’s a Google search.

Usage: After upgrading, with your new Twitter account strong password in hand, open up the Stoker webpage, and click on the check box labeled “Show Twitter options”.

  • Updates – this enables/disables the Twitter support.
  • Username/password – info for the new Twitter account.
  • Update interval in minutes – number of minutes inbetween periodic tweets
  • Message header – a few words at the beginning of each tweet
  • Click save changes
  • On the “Update successful” page, click on the “Back” link and wait for the new page.
  • Once the new page is served up, reboot the Stoker.

2.6.0.182