Tuesday, December 16, 2014

The Hacker

Hackers are depicted by the media as criminals.  It's a sad truth that hackers have to live with and will always fight against.  But to better describe the hidden culture that mainstream media has no interest in discovering, here is my own personal analogy.

My original analogy was that Hackers are like Butchers.   They both have skills that most people don't choose to learn.   They are both artists in their own way.    A butcher uses a potentially dangerous set of tools referred to as knives, most typically the butcher knife.    A hacker uses a set of potentially dangerous tools known as code, but most typically referred to as computers.

But why is a Hacker a criminal while a butcher is not?  While some people think it's a stupid question, there are many hackers that are still baffled by this question.   So here is my latest analogy that will be easier on the comic book movie fans.

Hackers are like superheros.   They do things that most everyone cannot do and achieve things that were once thought to be unattainable.

In the computer security profession, we refer to the three hats...
White Hat
Gray Hat
Black Hat

The White hats are the good superheroes...the knights in white satin armor, Captain America and Superman.    They use their powers only for good while doing everything the nice way and playing by all the rules no matter the jurisdiction.

The Gray hats are the vigilante superheroes, like Batman and Rorschach.   They use their powers for the common good, but they don't care about playing by the rules as much as white hats.   Helping out society is more important that following the normal procedure to achieve such results.

The Black Hats are your evil superheroes (or super villains) like Lex Luthor or Mageneto.  They are using their super powers for their own selfish purposes.  In today's world, that purpose is simple monetary gain.

 The media's depiction of hackers typically defines them as Black Hat only.  They are the ones that are making all the bad apps in the App Store or Play Market that steal all of your banking information.  They are the ones that are wearing ski masks in front of the computer doing their best to take down the world with a few "simple" key strokes.   They are reverse engineering the software you love to find a vulnerability they can exploit.  Once they find that exploit, they eventually use it against society for their own selfish gain.

For example, a software vendor releases a new program that everyone likes to use or maybe it's game everyone likes to play.    They do their best to program with security in mind, but there's always something that is overlooked and a company's project budgetary time line will always push a software release ahead of schedule.   A popular MMORPG I used to play actually released an expansion pack that wasn't even complete as they intended to just release the remainder of the pack later as a download instead of part of the CD distribution.   These releases will always have unseen vulnerabilities that have yet to be discovered.

The White Hats are the folks that are doing refutable security research and promptly reporting it to the "authorities" (aka the companies of which it concerns).  For example, a researcher finds a vulnerability in Microsoft software.  Microsoft welcomes such notifications so the vulnerability is quickly analysed and a software patch is released to resolve the vulnerability thus keeping the public as safe as possible.

This is referred to as "penetration testing" where they inform the security guards of the software realm that they can get in if they wanted to, but in an effort to play nice they did not do so.  But they are informing this company so they can fix the problem so a true villain doesn't cross that line.   Some companies like Belkin have started to offer "bounty" rewards where a cash prize will be given to the researcher that reports the existence of a vulnerability.   Various police jurisdictions have incorporated similar programs to better strengthen security of the community. 

The Gray Hats are somewhat in the middle between White and Black (go figure).  They tend to do things for fun, fame, or other reasons, but they also don't have any intention of endangering the general public.   So these superheroes are just as skilled as White and Black Hats, but their "ethics" are a tad looser in comparison.

Not all companies welcome such harsh testing of their own software.   Some companies actually refuse to acknowledge such vulnerabilities despite the evidence presented by ethical security researchers.  Sometimes the companies worry more about the negative publicity while others will worry about the cost the repair the threats it has created.

No matter the reasons, the Gray Hats believe it's more important that the public be protected from these threats, even if the company doesn't want to admit it.   They will reverse engineer software and hardware just out of curiosity and enjoyment, even if the vendor legally forbids such action.   They will break the rules just to prove their point and keep the public safe so as long as their actions do not put the public in any further danger.

For example, a gray hat might attempt to penetrate your favorite App store or market.  In doing so, they would be able to prove to the vendor that they have an exploitable vulnerability that needs to be resolved to keep the rest of society as safe as possible.

A Black hat would just penetrate and then do whatever they could to profit from their actions...like post an evil app, replace a good app with their own evil version, or steal everyone's credit card or other personal information.

A White Hat wouldn't bother to do such research without the vendor's written permission.    They typically have a very refutable job and certifications that forbid them from breaking the rules like Gray Hats.

Pick your hat color....it doesn't matter....they are ALL hackers.

They all have an impressive skill in the world of computers.   It's what they do with that skill that determines the legality or illegality of their actions.

The media could, in theory, present both sides of the story.  But let's face it....the villain is always more interesting to talk about.

Every year, hackers meet in Las Vegas for a convention known as Defcon.    The conference covers a wide range of topics in the field of hacking.  But most of it is presented in a manner of "look what I was able to do" instead of learning how to do it yourself.   But in most every case, the topic presented is intended to show you just how easy it is to exploit a particular piece of hardware of software.  It gives the vendors something to think about and in some cases it blows the whistle on the vendors that would rather sweep it under the rug.

This conference is a great way to spark positive change in a "gray hat" sort of way.   A recent example is at Defcon of 2012 where a group of researchers developed a program that made it VERY easy to exploit nearby laptops while on a shared access point such as a coffee shop.   One might wonder, why would they do such a thing?  Why would they make it EASIER for the unskilled user to take advantage of other people?

[Hackers] all have an impressive skill in the world of computers.   It's what they do with that skill that determines the legality or illegality of their actions.   

The researches addressed this issue in their presentation.  The vulnerability that they were exploiting was a vulnerability that was presented by many others in previous years.   The point of releasing such a tool was to get the vendor community to move further towards a resolution because despite all the time they've had to do so, they still haven't bothered to fix the issue.    In cases like these, when the White Hats can't get the job done, the Gray Hats give it their best shot in an attempt to stop the Black Hats from using the same issue against us all.

Hackers have shown us how easy it is to do almost anything we can imagine.  One year they demonstrated how easy it was to hack an ATM.  Shortly thereafter, there was no ATM within 10 miles that was not exploited.  No money was taken (probably), but the majority of exploits simply changed the presentation of the ATM screen similar to how web sites are defaced. 

I wore my Defcon shirt to work one day.  While in the elevator, a random stranger asked me what defcon meant.  I told him it was a hacker convention in Las Vegas.  He said "Oh" and quickly averted his head not saying another word as he exited the elevator as soon as possible.   No surprise there.   It's just the reaction we get because hackers are always misunderstood.

But without hackers, your phone wouldn't be as secure as it is now.  All the security updates you get from Microsoft would not be available as often and the bad guys would be able to steal all your money without any effort.   You wouldn't be able to shop online because the threats hackers have demonstrated have forced improvements in SSL technology to build the foundation certificate authorities are now selling to web sites like Amazon and Ebay as a standard practice.

I support hackers...the good ones.  I fall along the lines of Gray Hat simply because there are certain ethical guidelines that I don't agree with.   White Hat forbids aggressive defense tactics.   This means if someone attacks you, you cannot attack back.   I just can't wrap my head around that.  One reason I like Arizona is because they are big on defending one's home and family.

According to the law there is a difference between physical attacks versus digital attacks...but I disagree.  I believe in defending my home no matter what.  The Gray Hat knows the computer fraud laws were created to defend corporations that need to protect their proprietary information so they know these laws should not apply to the home user that needs to protect their family and their networked devices.

Hackers showed us all via youtube just how easy it is to "bump" a deadbolt lock that we all have on our doors.  They invented the credit card lock pick to unlock office doors as seen in movies.  They invented social engineering to manipulate people into willingly providing sensitive information to strangers.    Anything that manages to circumvent protective measures to achieve the same goal as using the intended protective measures is generally considered to be a hack. 

There are now small workshops out there called "Hackerspaces."  They are places where people in the community go to make things and even hack things in a cooperative environment for learning and other positive purposes.   A hackerspace will often create a group of interested hackers to play in the occasional Capture the Flag events.
Anything that manages to circumvent protective measures to achieve the same goal as using the intended protective measures is generally considered to be a hack.

Capture the Flag are contests surrounded by various topics of computer security.  The main theory behind these games are now supported by college level professors in that the best way to learn about security is to learn how to exploit computers.   Many experienced police officers and even federal agents will agree that the best officers/agents are the ones that know how to think like a criminal.

So Capture the Flag gives players a good experience of computer security without endangering or otherwise harming anything at all.  Universities have also begun to embrace CTF as it provides an incredibly valuable set of practice scenarios compared to only the theory that college can offer.

These people are hackers.

Hackers are leading the way to a safer tomorrow in a never-ending fight against the evil hackers that only want to rip you off.   Your view on hackers should only depend on the team you are rooting for.

Are you rooting for the villains, the vigilantes or the white knights?

Sunday, December 7, 2014

cautious vs. crazy

The following mini story made it around many different online publications in October.


this is a good example of crazy masquerading as cautious.

Here we have a lady that fabricated what she believed to be a hazmat suit to protect her from possible infection at the airport.   Some people write it off as just over-precautious behavior...but I strongly disagree.

Actions stemming from over-precautious thinking would have resulted in far more effective construction of a homemade hazmat suit.

The most obvious and obnoxious example is the face mask.  Yes, surgeons do wear masks in the operating room, but for far different reasons compared to crazy Sue.   Surgeons have to prepare for flying blood and other liquids.

But from the limited photos on this crazy wombat, we see that she has plastic over the face so the mask is intended to block airborn biological threats instead of the usual flying debris.  Sorry crazy, but a sanding mask is not going to filter airborn illness no matter how many times your priest blessed it nor how many protection spells were cast using your Harry Potter wand replica. 

Next we see that, to everyone's surprise, she doesn't have a decently shaped plastic overcoat so her normal clothing is sticking for her arms until it reaches her gloves.  I would have loved to inspect this part as we don't know if those are surgical gloves or your average variety automotive repair gloves.   I would guess they are automotive gloves are they are more common and this crack pot clearly didnt go to any real efforts.

But where the cloth sleeves end and the gloves begin, there is a gap where you can see her skin is exposed to the deadly air of the airport.  Given how easy it is to make accidental contact with people at the airport, I am surprised this small patch of skin was exempted from her paranoia.  Simultaneously, I would love to learn of her justification for allowing this exemption just to see where the line is drawn in her crazy mind.

Last but likely not least at all, the choice in plastic covering appears to be very thin similar to painters plastic.   Although I am unable to locate particular research stating such plastic's ability to protect from communicable pathogens, I have enough doubts to where I would not trust it for such precautions.  On that note, the main worry a reasonable person might consider would be the ease of which said material would rip.   Certain plastics react differently to heat, or moisture, or stress.  And given this whacko was at an airport, there's about a million ways to mess up that "suit". 

I wish there were more images to show this intricate suit in it's entirety.  Mainly because I want to know in what her feet are resting and how her feet and legs have also been "protected".   

I have a rule of thumb where I don't give crazy any more attention than a glance because, in general, that's what they want even if they don't realize it.   But now I realize that really only applies to the outgoing type of crazy like the idiots standing atop a soap box and talking to themselves in their own secret language.  

But the quiet crazies are truly an amazing social experiment.  It doesn't scream out that they are trying to get attention.  With that I can only wonder what they are thinking.  And this lady is a great example of the 200 questions I would have to ask.

calling SRP's bluff

It's rare when you get those moment's of calling someone's bluff and slapping them in the face with it....it's even more fun when that someone is a greedy utility like SRP and APS.

How to save images with "no-right click" protection

The internet has lots of free crap but sometimes publishers go to extra efforts to ensure you can't save anything from their site so you will either subscribe and give them money, or to prevent bots from duplicating their site so someone else can get paid.

All good reasons, but sometimes I just want to save a picture for later and I don't like bookmarking all that much.  But thanks to sites that disable the right-click option, I can't just right-click and "save as..." for these images.   But, if I can see the picture in my browser, then I can save it if I really want to.  And thanks to the newer browsers implementing advanced debugging, it's even easier than it used to be. 

Yes, you CAN just use a screenshot program.  But that will only allow you to save the resolution of which the HTML code is presenting it while displayed in your browser.   If you download the actual image, you can get the full resolution and in some cases you can get around javascript that adds watermarks to images. 

Here's how...

Most browsers are the same, but in this case I am using Firefox as an example.

Get the browser to go to the image you want to save.  Once it's on the screen, you obviously cannot right-click on the image, but you can probably right-click somewhere else on the scree.  If you are able to get a right-click menu somewhere, then select the "Inspect Element" option.   The best place to try is just a few pixels to the left of the image.

If you cannot get a right-click option, then go to the browser menu at the top and click TOOLS > WEB DEVELOPER > INSPECTOR.

A small window with a bunch of HTML code will open at the bottom of the browser.  Now click on the HTML code at the bottom half.

Now use the UP/DOWN arrow keys to move the selection of HTML code up or down.  As you move up and down you will notice certain elements of the top half are being highlighted a certain color (eg. light blue).  Use this method to get your desired image highlighted.

Once your image is highlighted, go back down to the HTML code on the lower half of the browser.   The code will very likely have small block arrow on the left side.  This indicates a tree that has been collapsed.

You can use the keyboards RIGHT/LEFT arrow keys to expand and collapse trees.  Or you can just click the small block arrow icon on the left side of the HTML code.

With the tree expanded, you will see there is more code to scroll through.  Use the UP/DOWN arrow keys again to scroll through this code you just expanded.  Watch the upper half of the browser to see what code is referencing the image you are trying to locate.

You may have to do this process multiple times.  Keep expanding and scrolling the code until you finally locate the image reference similar to the image below.  Look for standard image file extensions like .jpg .png .bmp .gif

inside the SRC tag, you will see the http:// URL you need to load the browser on your own.  Select (highlight) the text and select EDIT AS HTML.

The HTML window will move the code to it's own private box.

Here you can select the text and use CTRL-C to copy it into the clipboard.  Paste this text into a new tab of your browser.

The image should load in your browser with nothing else and no protections.  You can now use right-click to save your image to your computer. 

Tuesday, October 7, 2014

National car rental add-on charges

Always check your bill.  I rented a car and National charged me for a Loss Waiver after the fact.  One could assume that it's just standard for any car rental, but in fact it is not.  Insurance covers this nonsense and if it were standard then it would be included in the original estimate received upon booking the appointment.

Here is the difference. The left is the estimate I received at time of booking.  The right is the final receipt after the rental was returned.   All the green items match up and were requested, including the fuel refill option (which I now know was a rip off but whatever I usually do that anyway).  The charges in black font on the right side were not requested by me nor were they included in the estimate.

It's very clear this is just sleezy, vegas-hotel style pricing to make it seem like it's a much better deal than it really is.  I requested a refund on the items I did not authorize so we'll see how it goes.  But my advice is get the declaration of charges at the time of the rental (right before you drive off with the car).  If I had that up front, I would have been able to contest right away.  

UPDATE:  National did refund the items I contested.  All is well but remember to always look at your bill. 

Sunday, September 21, 2014

notes on using Adafruit Trinket

I invested in Adafruit's Trinket 5v regular board and ran into some annoyances.  After reading through A LOT of their forum messages, I found certain little tidbits that seemed to resolve my issues but were not mentioned in the Trinket tutorial.  I would like to have these items mentioned in the tutorial, but adafruit doesn't make it easy to contact them and putting this info on the forums is redundant given the info came from the forums in the first place.

  • Avoid using pins 3 and 4 during development and testing if at all possible.  anything connected to pins 3 and 4 can (and likely will) interrupt the upload.  so if you change the code and need to re-upload, it may be painful to constantly disconnect and reconnect wires to these pins.   Once I moved my pin 3 wire over to pin 2, I could then use the trinket button to activate the bootloader as the tutorial recommends, the red light would blink as described, and the upload succeeded.  Before that, nothing would happen and the red light would just time out.
  • Enable Arduino's verbose output setting for uploading.  this will make the output skip past the "cannot find USBtiny" message and end with a complete and thank you message.   Even though it will complain it can't find a USBtiny, the upload was likely still successful.  as long as you followed Adafruit's intro to Trinket tutorial, you should be ok.
  • Try to use the tutorial's provided "blink" test code or something similar that is just as simple.  Using more complicated code may not provide the immediate confirmation you need to verify the upload is working. 

Thursday, August 7, 2014

my notes on Adafruit's "Firewalker Shoes" tutorial...

This post is intended to provide clarity to the same problems I ran into while attempting to building the "firewalker" shoes found on the Adafruit tutorial page. I am in no way affiliated with Adafruit and this page is intended for educational purposes only so I am not responsible for anything you do.  On that note, my hat is off to the original designer(s) of this project.  it's pretty darn cool...

first, the FW tutorial does tell you to first read the getting started with flora guide.  Make sure you do this.  this will ensure your computer has the drivers as needed.  But the Adafruit tutorial covers the transfer of files and definitions in a way that (to me) seemed more complicated than needed, so the way I present below is just an alternative method.  both work just fine.

Once you have verified your drivers are ok, you should also have your Arduino IDE platform installed already.  So, let's proceed.

In the getting started guide, it tells you to download the appropriate IDE zip file.  Both are quite similar, but I am focusing on Windows platform here.  fyi, if you are attempting to use Linux arduino IDE, you are on your own.  As far as I can tell, it's not possible to use linux for this code and a windows/mac VM won't work either.   There are certain functions included in the FW code that simply are not supported in the linux version and I couldn't get the linux beta version to comply either.  The IDE will see the flora and you can write other code just fine, but the FW code has issues.  I recommend sticking with Windows or crApple just to save time and you cannot use a windows VM because the USB device disconnects when you upload your code.  unless you have a way to automatically re-attach the usb device to the VM, the VM won't see the flora and can't finalize the upload.

Unzip the file to a temporary location.  Open folder /hardware/arduino and locate boards.txt.  Copy this file and place it in your matching Arduino folder, overwriting the file.  In winXP the location is C:\Program Files\Arduino\hardware\arduino.   If you dont wish to overwrite the existing file, just open the new file and search for "flora".  Copy everything starting at flora to then end of the file, then paste it into your existing boards.txt file.  This will import the new board definitions you need for flora, as well as gemma and trinket.

Now that you have the necessary definitions, you will also need the variant files the definitions are referencing. Copy folder /hardware/arduino/variants/ and paste it into C:\Program Files\Arduino\hardware\arduino.  If you don't wish to copy the whole folder and overwrite the existing folders, then just make sure the "flora" folder and any other missing folders are copied to your existing C:\Program Files\Arduino\hardware\arduino\variants folder.

now restart your arduino IDE.  from here, you should be able to run all of the provided code on the adafruit tutorial.  but the code is not the only problem you might face...

when you get your test circuit up and running, make sure you run both the test code and the final code.  notice the differences when you tap the velostat paper.  the test code will actually respond to the step sensor.   the final code actually varies on the pressure detected by the step sensor.   light steps produce a small reaction while heavy steps produce a much larger neopixel reaction.

Aside from that, there are do's and don't with the velostat paper:

less tape is more
  • in order to get the velostat to send the needed signals, the pressure must occur on a piece of velostat where both the upper thread and the under thread are crossing.  imagine the upper thread going from northwest to southeast, while the under thread is going northeast to southwest.   the center where those two threads cross is the "cross point" where the velostat will react.   if you place pressure on any other point on the velostat, the neopixels will not react based on the provided FW code.  You can adjust the FW code, but I am not going into that.

  • DO NOT use a lot of tape on the velostat.   any part of the velostat that has tape on it will not react as it should and thus won't send the needed signals to the flora or other arduino board.  I recommend using just one piece to anchor the end of the thread to the center of the velostat. Loop it around a few times, then add a piece at the edge of the velostat to prevent it from moving around much.  But do your best to make as many cross points as possible.  The more points you have to work with the FW code will respond better.   Whatever you do, do NOT just cover the whole surface in tape or another adhesive.
  • DO keep the threads opposite from each other.  the picture above shows the upper thread going northeast while the under thread goes southeast.  this will work for testing but for production it can present problems.  if the two threads touch/cross, they will send false signals to the flora and the neopixels will flash unexpectedly or they may not flash when they should.  So when you place the velostat in the shoes, you will want to ensure the threads can't possibly
    too much tape
  • Once you have figured out a decent cross threading method, you will want too test the velostat on actual shoes.  Here you will find the sole of the shoe is critical.   If you plan to hide the velostat under the sole, I recommend finding some kind of insole that has a very hard/solid base.  if the base of the insole has any kind of cushion (and most do), it will not provide the needed pressure to allow the velostat to react.  maybe some factory shoe insoles are different, but I don't have the means to test them all.   the tutorial shows the use of all-stars which have some very, very thin insoles.  I use skate shoes which are made for absorbing shock, so not the best choice without replacing the insoles.

    To correct for this, I cut up a plastic container to make an upper and lower piece of plastic to use as pressure points to sandwich the velostat together.  the lower piece goes under the velostat and the upper piece goes on top, but under the ball of your foot.  Again, if you find an insole with a
    hard enough base, you can place the velostat under the insole iteself.  One way or another you have to ensure the velostat will react to your foot steps, so be sure to thoroughly test the step sensor before attempting to sew together your final production.  
hard plastic to sandwich the velostat with thread exiting on opposite sides. 

Once you've got you're shoe assembled, remember to adjust the LED definitions as needed depending on how many LEDs the length of your shoe requires. 
  1. #define N_LEDS 39 // TOTAL number of LEDs in strip
  2. #define SHOE_LEN_LEDS 20 // Number of LEDs down ONE SIDE of shoe
  3. #define SHOE_LED_BACK 5 // Index of REAR-MOST LED on shoe

Gluing the LEDs is harder than it looks.  If you are using shoes you like or maybe new shoes, then you will likely mess up the first time leaving lots of excess glue on the base which doesn't look that great.   I recommend dry placement of the LEDs around the shoe and then add the rubber bands.  once the LEDs are secured by the rubber bands, move the bands a few inches out and then pull up the LED strip so you can squeeze in the glue.  then just move the rubber bands back into place.  once all but the bent sections of the shoe are glued, go back and move the LED strip into its ideal height from the base as it will have moved slightly when you started gluing the opposite side. 

I dont prefer the suggested use of conductive thread for this project, mainly because of the type of shoes I used.  I'm not a fan of sewing and if thread is used then it needs to be sewn a lot throughout the inside of the shoe to keep the thread tight.   Plus securing thread to the flora isnt fun either.  I just prefer to use twisted pair wires such as cat5 cable.  the cable can be tucked under the sole and stays out of the way good enough to work with.   plus the wire is easy to solder onto the flora. But thread can work for other projects much better that it did for me and my shoes.  Use your best judgement.  I thought using threaded cable worked really well for creating the cross points for the sole sensors because the wire was moldable and stayed where I placed it.  Whereas thread kinda just went where gravity pulled it.

flora on the tongue
it's mostly just my own preference, but it also matters where you plan to stage the flora.  I dont like high tops so placement of the flora can't be exactly like the tutorial for me.  So I chose to place it at the top of the tongue and run the wires up from the base of the tongue. I sewed on the flora using the empty flora pin holes and soldered all the rest of the pin holes as needed.

Here is a working prototype using default code from the tutorial.

Here is the finished assembly:

Cannot find a Leonardo....this usually means the USB is not recognized by the computer anymore.  Unplug the USB from the computer and plug it back in.  then check the TOOLS menu on the arduino IDE and see if the SERIAL item is available.  if it's not disabled, make sure the available COM port (or whatever the mac equivalent would be) is selected.  if it's still disabled, try unplugging/plugging again.  or reboot.  the arduino needs a usb device.

A9 is not defined....this happens mosts when you either haven't selected the Flora as the board you are using, or you haven't (correctly) installed the drivers for the Flora on your machine.   If it can't find a flora or doesnt know what it is, then it won't know what pin A9 is.

LEDs not reacting to step...obviously check your connections for the upper and lower threads located between both sides of the velostat.  make sure the two wires/threads are not crossing at all.  if everything looks ok, time to add some debug code to the program.  Below is what I did to see what the sensor was outputting.

Upload this new code and then use the serial monitor to watch the output.  Put some pressure on the step sensor and release...watch the serial monitor and see if the values change as you add pressure.  if the values change then your arduino is getting data from the sensor.  if the "stepFiltered" value does not fall below 200 no matter how much pressure you add, then there is some problem with the velostat sensor.  maybe the placement of the threads is bad or the velostat is defective.  time to experiment. if the values fall low enough, then either the flora is not sending the signal to the neopixel strip, or the neopixel strip is not getting power.  you can test the strip by touching and releasing the 2 sensor wires/threads.  once they make contact and then separate, the strip should light up similar to a normal functional step.  if the flora is sending a signal to the strip, then you can use a voltmeter and place the negative end on a flora ground and the positive end on the A6.  add pressure to the step sensor then release and watch the voltmeter for any kind of change.  if no change, the flora is not sending any signal to the strip.

Wednesday, August 6, 2014

Myths about Solar Energy Systems at Home

So the coming elections are causing a lot of misinformation to fly around like most any election.  So here is my contribution towards a fair representation of the truth.

My friend had a solar installation on his rooftop and after asking him a ton of questions, I eventually found myself signing up as well.  since then I've seen what it can do and why the energy companies hate it so much.


This is the biggest myth that annoys me the most, so I'm addressing it first.

Anyone connected to the power grid pays a monthly service fee.  The service fee acts like insurance for everyone when something goes wrong and your power company has to fix it, this service fee basically pays for it.  Some people think they can do their own off-grid solar installation to avoid this service fee and "stick it to the man."  But if they did that, any problems with power equipment stored on their property would be charged directly to that home instead of being covered by the service fee.

The service fee varies between area and utility company.  I use SRP and my area is charged $17/month. My friend in Surprise, AZ has APS and they charge him $33/month.    The picture here shows I am getting charged the appropriate fees, JUST LIKE EVERYONE ELSE.

If I produce more energy than I use that month, the only charge I receive is the service charge and taxes, exactly as pictured here.  There are no other fees on these bills from which solar customers are exempt.  saying we don't pay our fair share is a complete lie...and I will go over why that is.


I dont hear this often but when I do I am quick to call bull shit and make fun of the person spreading the lie because they are likely just jealous of my summer electric bill.

The other higlighted area in my image above is the energy charge.  This is my USAGE.  This is what really separates solar from non-solar customers.  I used $46 worth of electricity in Phoenix, AZ in JULY.   Anyone living here knows that's impossible even with the most energy efficient air conditioner and you really like it hot in your home.   My bill for this month last year was $250...and that's low compared to most people around here.

The truth is, energy produced on your own is way, way, way cheaper than buying it from the power companies.   I don't know the exact rates but I can use my current and former usage as examples.  Last July I used about the same amount of electricity.   Close to 1800KWh which came to $250 total.  So why is my bill only $46 in usage (plus taxes and fees)?

Solar customers are producing energy and feeding it to the grid.  The grid that everyone uses to get power.  Every KWh that is fed into the grid is credited to that solar customer at a 1-1 ratio.  So if I give the grid 200KWh's that day, I can use 200KWh's without getting charged.  If I use more that that, I get charged.  If I use less that that, those credits roll over to the next day, or month.

But just because I am producing the energy does NOT mean I am not paying for it.  My solar lease is close to $90/month and will also inflate as time goes on.
So technically my combined July energy bill is $150.  
That's not as bad as last year's bill but it certainly isn't free.  What I tell my friends about the benefits of solar is that is basically stabilizes your electric bill to a manageable amount during the high usage periods, such as summer in AZ.


This can only be said for solar customers that are completely off-grid where they store their energy in on-site batteries.  The batteries are what people are claiming as polluters because maybe they aren't recyclable or properly disposed.

But off-grid installations are very rare these days and typically done by the home owners themselves.  The newer leased installations, such as the one I have in my home, are on-grid systems.   All the energy we produce goes right into the grid and that energy is used by other homes.  This energy was produced from the sun, inverted to AC current, and fed into the grid.  So technically, solar customers are providing much cleaner energy to the public compared to the power companies themselves.

Most power companies are using nuclear or coal based power.  If you think solar is polluting over that, I suggest you do some more research.


So why do the power companies want you to believe lies about solar?  Quite simple....they are losing money.   Before solar, these utilities (which are really legal monopolies) were just sitting back and collecting a paycheck.  There is no competition with other utilities because you can only get service from the utitily company in your area.  It's slightly understandable since it's their infrastructure and letting another company attempt to provide alternate service and fair competition would be a public nightmare as all of the roads would be torn up to do so.

But your utility company is the only option you have...so what exactly is twisting their arm to keep them from overcharging and under-servicing?  Nothing.  Those are the reasons monopolies are supposed to be illegal, because they abuse their power.   And when the new America started finding ways to live without the old government, did the monarchy just accept the loss of all those taxes?  No they did everything they could to keep the money pouring in just as much as it did before.  So that's what APS and every other utility provider will do as well.  They will do anything they can t protect their profits.  Their profits do NOT benefit the city...they only benefit the shareholders and executives.  They simply don't care about you.

All $250 of my last year's bill went to SRP, just like every other non-solar home on SRP or APS turf in my city.   But this year, SRP gets $60.  February 2013 SRP got $120 from my pocket.  February 2014 with solar, SRP got only the $17 service fee and taxes I am required to pay.   Multiply those profit losses by the rapidly growing number of solar homes popping up all over Phoenix and the total will get very big very fast...and that's just for one year.  My solar lease is for 20 years.

That's 20 years of profit loss from one household and SRP can't do anything about it...neither can APS.  But APS can still spend millions of dollars funding political candidates that will help them pass legislation to tax the hell out of solar installations.  While they aren't admitting it, they sure aren't denying it.   The first tax last year was proposed as a $100/month fee to be paid straight to APS...not the city.  That was denied and APS was told to go f*ck themselves...in a political manner.   But APS is going around that now to elect their people to pass the same kind of legislation.   Ever wonder the kind of special interests that buy off political leaders?    Guess what APS is doing....


I prefer solar over non-solar.  But these solar companies and power companies are still businesses.  They still want to turn a profit even it if means looking the other way a few times during their sales pitch.

The solar companies will tell you your solar energy credits will roll over from winter and be available for you in the summer time, which is when us AZ folk need them the most.   Then at the end of the year, your power company buys back all your remaining credits from you at a wholesale rate.  Basically a rip of to the solar customer, but in the long run it doesn't matter much.

But that's not entirely true depending on your power company.  Mine is SRP.  Turns out SRP chooses to settle these unused credits at the end of their FISCAL year.  And wouldn't ya know it, that just happens to be April 30th....right before Phoenix summer hits.  So all 2000 of my spare KWh's that I really needed for my summer pool season are gone.

2000KWhs bought from SRP would cost me well over $250 if not $300.   But because they buy them at wholesale rates, I got $70.  So right there, SRP will net at least $200 from my energy production.  After that, because I am using more energy than I am producing and I no longer have credits to pull from storage...once again SRP profits.

I confronted my Solar provider about this and they claim they have never heard this before.  My solar salesperson wouldn't even return my messages.   If you are thinking down the solar road, check with your power company to find out when your credits are wiped clean.

Even with all that, I am still paying less for my electric.  My lowest usage month in the history of this house since I moved in was $90. Now my solar bill is $90 and I am producing more energy than I need.   So my energy bill is regulated and I am still credited for the excess energy I produce.  Overall, it's a good deal.   But I  no longer recommend it to anyone because the utilities are winning the war.  They are bribing all the right people and getting more and more laws passed to kill everything good about solar.    Eventually, they will have enough laws passed to where solar will cost more than non-solar.  If you want to invest in solar, then I recommend you look for a plan that is NOT a lease, but more like a mortgage where you OWN the hardware.  At least then you will be exempt from some of the laws that are targeting leased systems.

Saturday, January 11, 2014

Pet-Proofing the couch

Like some I have a specific need to pet-proof my couch.  I am a foster parent for cats in need of adoption.  These cats tend to get conflicted on where they should do their business.

Sometimes they are trying to send a message like all cats, and sometimes they just aren't getting it.  It's also well known that sick cats tend to go in abnormal places, pretty much anywhere but the litter box.

Going in abnormal places is not too much of a big deal, but it really depends on where that place is.  Certain places like the bed and couch can be devastating when you later realize how difficult it will be to clean this mess.

For beds, most people know you can get the plastic sheets at wal-mart or target.  But for couches, its a little different.  You can enclose them in the plastic couch "protectors", but most people (like me) think those are overkill, ugly, and uncomfortable.

so after my last "incident" with my latest foster cat, i realized this is just going to happen again and again.  The couch cushion liners are removable and very easy to clean.  the cushions, however, are very difficult to clean, at least when trying to remove urine odors.

After throwing the liners in the washer and hang drying them, the cushions need to be neutralized with vinegar.  soaking the affected area isn't easy and does not dry out like water.   because it's foam (as are most cushions), it allows the vinegar to flow to the bottom of the cushion, where it stays there until you squeeze it out.

After that you have to rinse with water because vinegar doesn't exactly smell good.  minimum cleaning time, 6 hours.   if you dont have time to sit there and wait between steps, its prolly more like 16 hours.

so i thought about ways to waterproof my cushions so all i have to do next time is wash the liners. so i got a pack of 30 gallon (large) trash bags to use as cushion protectors.  I removed the liners and enclosed my cushions in the bags, then replaced the liners.

in my first attempt, i sat down and realized I created a cushion balloon.  the cushion needs to breathe a little so it can conform to my awesome backside.  so i re-opened the liner and cut the edges, thus keeping the upper (and lower if the cushion is flipped) sides protected.

this allowed the cushion to breathe a tad more and sitting on the cushion was a tad easier.  now it felt more like a hydraulic lift lowering me down as I could hear it releasing the air, but it's a small price to pay for the situation I am trying to avoid.

For people less paranoid than me, I suggest you poke additional holes throughout the bag, just not too big.  air will be able to escape but will be far less likely to allow moisture into the cushion.

this works well enough for me, so I hope it works for someone else as well.  however, this isn't a universal resolution.  not every couch has the same size cushions so I can't guarantee you can enclose them as I did.

If they don't fit, I suggest you cut the bag down the middle and just wrap as much of the top side as you can.  you don't even have to use trash bags, you can also use painter's plastic wrap.  i only recommend trash bags because they tend to be very stretchy.

happy cleaning!

Wednesday, January 1, 2014

Home Temperature Monitor & Notification System (Do it yourself)

(fyi this post looks funky in Chrome, but it's fine using Firefox)
I built this system so I could have a fairly reliable temperature monitoring system at home so I would know if my a/c went out in the summer.  Being in Phoenix where it can get to 120F and I have cats at home, I felt it was important to develop a reliable monitoring and alerting system.

This tutorial will guide you thru the setup and configuration of a home temperature monitoring system using a Raspberry Pi microcontroller.  You can also do this with Arduino, but without an operating system like linux, it's far more difficult to accomplish everything we will cover here.  If you've never used a microcontroller like a Pi or Arduino, it's recommended you get a breadboard and learn how they work before attempting to construct this project.  You will need a small familiarity with linux, or at least the open mind to learn a few new things.

This is a fairly long tutorial so I will skip some minor items that aren't directly related to this topic.  Google can cover those for you. There are also other ways to do this type of thing, but each way has its advantages and disadvantages.  This is just the way I did it, plus I wrote the custom perl script as well as created and exported the cacti templates that will be used.  This is also based off of the Ubuntu Repo install of cacti and nagios.  If you install these from source instead, then you will need to make a few manual adjustments (but you knew that already).

This tutorial will eventually be outdated or I may have just forgotten something or misspelled a word here and there.   Feel free to leave a comment if needed.

All terminal commands are shown as #, which is the start of the terminal prompt.  You can (but dont have to) copy the text after the # and paste it directly into an SSH terminal window (like Putty).

UPDATE:  I've discovered that this configuration cannot tolerate cable lengths over 100ft.  So if you run any cables that come close to that length or more, then you should do a detailed check on the temperature readings for that zone.  I have found that zones where the cable length is too long will submit bad temperature data.  If longer cable lengths are a necessity for your project, you will need to look into using 1-wire protocol instead of this bus.

OBLIGATORY DISCLAIMER:  I don't care how accurate my instructions are or are not.  you should always do your own research and use your brain.  therefore, it's not my fault if you brick your device, fall through the roof, or anything else.  if you want support and liability, then go BUY A RETAIL PRODUCT!

Things you will need:

  1. Raspberry Pi (version A or B is fine)
  2. SD Card (8gb or larger, class 4 or higher)
  3. SD card to USB adapater
  4. Low voltage wire, cat5 cable works fine
  5. DS18B20 temperature sensors (one for each area you wish to monitor)
  6. micro-usb cable (to power your Raspberry Pi)
  7. One 4.7k ohm resistor
  8. Network cable to plug in to your router
  9. RCA cable or HDMI cable for video out from the Pi
  10. usb keyboard to connect to the Pi
Optional items that may help, at least in the early stages:
  • breadboard
  • jumper wires ( both male/male and female/male)
  • alligator wires
  • a laptop or desktop with SSH client (Ubuntu works great, if windows then download Putty)
In the final stages, you will want to make your device more permanent, so you may need:
  • A soldering iron
  • Raspberry Pi case
  • empty circuit board
To begin, first you need to get your Pi up and running.  Here are two decent articles to get Raspbian OS on your Pi. 
This article is based on the Raspbian OS so make sure you don't download a different OS unless you know what you are doing.   You can also buy SD cards that have the OS pre-installed and ready to go, but this article is not based on those cards so I can't advise that. 

Once your first boot your Pi (at least the current version of Raspbian), it will auto run the Raspi-config utility.  Here you can do the initial config of your Pi. 
  • Select option 1, "Expand filesystem"
  • Now select option 2 "Change user password"
  • Now select option 3 "Enable boot to Desktop/Scratch", at the next screen select the first option "Console Text console, requiring login (default)". 
  • Select option 4 "Internationalisation Options", change the Locale and Timezone per your area.  If you select the wrong config, run this command at the main terminal to restart the Raspi-Config process to get back to this option.
    # raspi-config
    Typical US locale would be "en_US.UTF-8"
    Keyboard layout should be the "Dell" option, but dont use the "English (UK)" option, use OTHER and then select the "English (US)" option assuming you are in the US or just change it to your preferred keymap.  then just accept the defaults for everything else it asks you. 
  • Leave the remaining options alone unless you know what you are doing, and then allow it to reboot as requested.
Now login to your Pi using the password you just set and username pi
Now change to root and stay there.
$ sudo -s
You should now be using root user account.  Root should have # sign at the terminal instead of the $ sign.  

Add a new user account so we don't need to use the default account
# useradd USERNAME
Now go ahead and update your password
# passwd USERNAME
Now add that user account to the list of sudoers
# visudo
scroll down to the area labeled "User privilege specification".  Under this line you will see the sudo permissions set for user root.  Duplicate this line but do not remove it.  Change the username of the new line to the username of the account you just created.  Unse CTRL-O to save and CTRL-X to quit.
Make your user folder
# mkdir /home/username
# chown username:username /home/username

Now switch to this account and test you can sudo:
# su - username
# sudo -s
If you can sudo with your new account, it's safe to delete the default account.
# userdel pi
If it complains a process is still being used by pi, just reboot the pi then you can delete the account.

Next let's update the OS.  Make sure the network cable is plugged into the Pi's network port and the other end of the cable should be in your home router. If you haven't done this yet, do it now and reboot just to make sure you have an IP address to use.  Now let's update the pi:
# apt-get update
# apt-get -y upgrade
Reboot and go back to the root user account when ready, for all the build steps, just assume you need root access. 
# reboot

So the hardware part of this article is based off of this article.  Mainly because I wanted to keep things as simple as possible and also because the software part of that article is outdated and no longer available.

So first we need to add the modprobe commands to the startup script so we don't have to enter them every time the Pi boots.  
# echo -n > /etc/rc.local
# nano /etc/rc.local
Add the following text to the file.
modprobe w1-gpio 
modprobe w1-therm
Save and exit. Now run the file to let it take effect for the net steps.
# /etc/rc.local

Now that the modprobe commands are set but not active, let's run the rc.local file so it's active.  you won't need to run it again since it will run at each reboot of your Pi.

2015 update - Seems there's been a change to rPi of late.  So you'll need to update another file before you continue here. 
# nano /boot/config.txt

Add this line of text to the very end of the file


Save, exit and reboot.  Then continue with the instructions. 

SSH should be enabled by default on your Pi.  So you should be able to SSH to the pi and bypass the need for keyboard and monitor connections.  This is optional but strongly recommended.  In future steps you will need to paste data into the Pi, so SSH will be essential.  if you dont know how to use SSH cleint/server, research it on google and know the Pi is the server and your laptop/desktop is the client.

Anyway, let's get the hardware connected.  Refer to this image or google the GPIO pin layout to know what pins to use.

If you have multiple sensors, just start with one for now to verify everything works.  

  1. connect the RED wire to the 3.3V pin on the Pi (aka pin #1)
    NOTE:  If you are connecting more than 5 sensors, connect the RED wire to the 5.0V pin instead (aka pin #2).  
  2. connect the BLACK wire to the ground pin (aka pin #6)
  3. the last cable is the data cable.  in this case it's the yellow cable.  connect the YELLOW wire to GPIO 4 pin (aka pin #7)
    (Different vendors/sellers will color this wire differently.  i've seen some that are white.  in any case, the power is red/black, and the data cable is the other wire.)
  4. connect one end of the resistor to the 3.3V pin and the other end goes to GPIO 4 pin.  
this is where the alligator cables and jumper wires will come in handy because the pins are rather small.  Here is a snap of my breadboard layout, but this is using 3 sensors at once.  I connected the sensor to the Pi using alligator cables in between them. 

In some cases, just connecting the pins caused a short circuit on my Pi so if your Pi stopped responding, just reboot.  sometimes you may have to disconnect the ground, power on, then reconnect the ground. 

Now that it's connected, it should be working since you already added the modprobe commands to the boot script.  
Let's first make a shortcut to the devices folder
# cd /
# ln -s /sys/bus/w1/devices temp
# cd /temp
list the contents
# ls
you should see your sensor listed as a new folder starting with "28".  
If there is nothing there or the previous commands say the folder doesn't exist, just reboot and try going to /temp again. 

now go to that folder, but change the value to what your pi says, because this is just an example
# cd 28-0000053484b4 
Now display the w1_slave file
# cat w1_slave
It will display a value of t=2xxxx at the end.  this is your temperature in celcius.  in the above example, the value of 21375 is really 21.375 degrees celcius.  don't worry about converting it to farenheit, we will get to that later. 

If the sensor is not working or improperly wired, you may see a value or 0, -61, or 85000.  Otherwise the 28 folder just won't be there.  In any of these cases, check your connections.  No matter how many sensors you connect, you should only have ONE resistor. 

Now that our sensor is working, it's time to get this hooked up to a monitoring system.   Let's install nagios.  Nagios is a monitoring and alerting system that we will re-purpose for monitoring the temperatures. 
# apt-get -y install nagios3
It will install a ton of other things, but don't worry they are needed. 
It will eventually ask you to set the nagiosadmin password.  make sure you write down these passwords. 
Once it's done, you should be able to visit your nagios via your laptop's web browser.  Use the IP address of your Pi as the server name.  for example:
If you don't know the ipaddress of your Pi, run:
# ifconfig
Your IP address will be listed as 'inet addr' for device eth0. 
It will ask you for a username and password.  Use the nagiosadmin credentials you just created. 

Now we need to add my custom script to the server.  Nagios will use this script in the future.  first make a new shortcut to the plugins folder:
# cd /
# ln -s /usr/lib/nagios/plugins plugins
# cd /plugins
Now create the new file and we'll add the code.  This is where SSH is really helpful and almost required.  You will need to paste the code into your SSH window.  If you can't do that, then you will have to transfer the file to the Pi somehow.  You may be able to remove the SD card to mount it to a usb adapter and add the file manually, but I honestly haven't tried that yet.   
# nano myTemp.pl
Go to https://github.com/bramuno/tempmon/blob/master/myTemp.pl and copy the source code in your clipboard.  then paste it into the SSH window.  Save and exit.
# chmod +x myTemp.pl
The script is ready for manual use, but we want nagios to use it automatically.  so let's edit some nagios config files. 
# cd /etc/nagios3/
# nano commands.cfg
Go to the end of the file and add this text:

define command{ 
command_name    check_temp 
command_line       /usr/bin/perl /usr/lib/nagios/plugins/myTemp.pl -x $_SERVICEMIN$ -y $_SERVICEMAX$ -f $_SERVICEFOLDER$ -t $_SERVICETYPE$ -z $_SERVICEZONE$ -p nagios

Now let's add the service definition:
# cd conf.d
# nano generic-service_nagios2.cfg

Go to the end of the file and add this text:

define service{        
name                            check_temp ;
active_checks_enabled           1       ;         
passive_checks_enabled          1       ;      
parallelize_check               1       ; 
obsess_over_service             1       ; 
check_freshness                 0       ; Default is to NOT check service 'freshness'        
notifications_enabled           1       ; Service notifications are enabled       
event_handler_enabled          1       ;         
flap_detection_enabled          0       ;         
failure_prediction_enabled      0       ;         
process_perf_data               0       ; Process performance data        
retain_status_information       1       ; Retain status information across program restarts        
retain_nonstatus_information    1       ; Retain non-status information across program restarts        
notification_interval           15      ;
is_volatile                     0       ;        
check_period                    24x7    ;        
normal_check_interval           15       ;        
retry_check_interval            10       ;        
max_check_attempts              5      ;        
notification_period             24x7    ;        
notification_options            w,c,r   ; 
servicegroups         Temperatures        
contact_groups                  tempAlerts    ;        
register                        0       ;         

You can adjust the values listed above as needed.  Just don't mess with the groups until you get more familiar with nagios.  The check values and interval values and such are in minutes, so you can change the frequency of checks as well as notifications.    1 is a yes or true while 0 is no or false. 

# cd /etc/nagios3/conf.d/
# nano localhost_nagios2.cfg
You will see first a host definition and then 3 service definitions under that.  these are the hosts and services that will be listed in the nagios web server in your browser.  Included below are the templates for new hosts and new services.  you will need to add this to the localhost_nagios2.cfg file and modify the info to your own preferences and specifics. The host definitions are somewhat optional as in this tutorial the service definitions are more important. 

define host{        
use                     generic-host            ; leave this alone for now        
host_name               RaspPi                  ; don't use spaces here        
alias                   my Raspberry Pi         ; you can use spaces here if needed        
address                      ; local address, this is not used but required by nagios        

define servicegroup{
servicegroup_name Temperatures
alias Temp Checks    

define service{        
use                     check_temp  ; the name found in generic-service_nagios2.cfg        
host_name               RaspPi  ; should be same as host definition name        
check_command           check_temp        
service_description     Snoopy Cats Zone   ; this is what is listed in the nagios        
_MIN                    50      ; your minimum desired temperature for this zone        
_MAX                    100     ; your maximum desired temperature for this zone       
_ZONE                   Office       ; the name of this zone        
_TYPE                   F       ; F for Farenheit, C for Celcius        
_FOLDER                 28-000004cddb1e           ; the name of the folder located at /temp        

The items highlighted in GREEN are the items you need to adjust per your requirements.  
  • service_description is the name of the service as it will be seen in your nagios web page.  It will likely be easier to just give it a name similar to _ZONE. 
  • _MIN is the lowest acceptable temperature nagios will accept.  Anything lower to the nearest whole integer will cause nagios to send an alert.   If your minimum is less than zero degrees, use n## format such as n20 to describe -20 degrees. 
  • _MAX is the highest acceptable temperature nagios will accept.  Anything higher to the nearest whole integer will cause nagios to send an alert. 
  • _ZONE is the name of the area you are monitoring.  So if nagios sends an alert, it will tell you to check this area. 
  • _TYPE is simply Farenheit vs Celcius, which do you prefer?
  • _FOLDER is the name of the sensor's folder found in the /temp folder based on the previous steps above.  
  • _PROCESS is just to get the proper data returned to nagios.  If you don't include this then all you get is the temperature and nothing soft and fuzzy.  This will come in handy later on. 
So in general, all you need to do is use the above template to create new "services" that will monitor each individual zone.   Here is an example from my own personal cfg file:

define service{
        use                             check_temp
        host_name                       Kennels
        check_command                   check_temp
        service_description             Snoopy Zone
        _MIN                           70
        _MAX                           100
        _ZONE                          snoopy
        _TYPE                         F       ; F for Farenheit, C for Celcius
        _FOLDER                       28-000004cddb1e
        _PROCESS                        nagios
define service{
        use                             check_temp
        host_name                       Office
        check_command                   check_temp
        service_description             Snoopy Office Zone
        _MIN                           80
        _MAX                           100
        _ZONE                          snoopy
        _TYPE                         F       ; F for Farenheit, C for Celcius
        _FOLDER                       28-000004cdfc113
        _PROCESS                        nagios

Now edit the contacts file so nagios can alert you.
# nano /etc/nagios3/conf.d/contacts_nagios2.cfg
You will see the default contact, use that as a template if needed.  Otherwise, just modify the info that's there and add your information.   Then, add this text to the end of the file:

define contact{
        contact_name                    Name_Goes_Here
        alias                           Nickname(optional)
        service_notification_period     24x7
        host_notification_period        24x7
        service_notification_options    w,u,c,r ; what kind of service alerts to receive
        host_notification_options       d,r ; what kind of host alerts to receive
        service_notification_commands   notify-service-by-email
        host_notification_commands      notify-host-by-email
        email                           name@email.com


define contactgroup{        
contactgroup_name       tempAlerts   ; this value is defined in the generic-service_nagios2.cfg file
alias                   Temperature Alerts         
members                 Name_Goes_Here         ; this is the contact_name as defined in the "define contact" definition directly above this

Make the necessary adjustments to the highlighted text above, and make copies to add additional contacts as needed. 

Save and exit. 

We need to enable external commands, so edit the main nagios cfg file:
# nano /etc/nagios3/nagios.cfg
Use CTRL+W to search, type in external
You should find 
change this value to 1.  Save and exit. 
Now run these commands:
# /etc/init.d/nagios3 stop
# dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
# dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
# /etc/init.d/nagios3 start

Now we need to configure perl so nagios can use it. 
# cpan
  • Would you like to configure as much as possible automatically? [yes] 
  • Would you like me to automatically choose some CPAN mirror sites for you? (This means connecting to the Internet) [yes]
Now at the cpan shell, run these commands, say yes to anything it asks:
cpan> install CPANcpan> reload CPAN
cpan> install Math::Round
cpan> quit

Now restart nagios:
# /etc/init.d/nagios3 restart
Go back to your nagios web page via your browser,  Refresh the browser and click on SERVICE GROUPS on the left menu.  you should see the host(s) you listed in the config file.  click on the host and you will see all the services for that host, which is really all the zones you are monitoring.  Click the hostname again to get to the commands menu.  Here you can use the link on the right side "RE-SCHEDULE A CHECK OF ALL SERVICES ON THIS HOST".  this will initiate an immediate temperature check.  Check the box labeled "FORCE CHECK" and click the COMMIT button.  follow the links to go back, 

Nagios package installers have some weird permissions bug so sometimes the images don't show up.  If that happen, you will have to google how to resolve it as I have not yet found a clear solution to the issue.

Anyway, you should have a pseudo dashboard type environment now that nagios is running and it should look something like this.  Using the host and service definitions, you can re-arrange your dashboard to make more sense to you and also remove the other services that came with Nagios.

In my example above, SSH is failing but that is because I use different SSH settings so you can disregard that.  the real concern is the new service we added "Snoopy Cat Zone" which I know is confusing but whatever.  the service output is reading as
Temperature: 70 degrees Farenheit. Threshold: 50-100 degrees Farenheit. Everything is ok. 
Since the temperature really is 70 degrees at my house, I know the temperature sensor is working.   You will need to do your own confirmation.  I suggest placing the sensor in the fridge and freezer for quick results.

Also, check the date/time stamps in this screen.  If the date/time that nagios is using is not correct, you will need to update ntp on your OS.  you can do this by running:
# echo -n > /etc/ntp.conf
# nano /etc/ntp.conf
Add this line:
server time.windows.com
Or add whatever you want to use for ntp.  Save and exit.
# /etc/init.d/ntp restart
Now set your system clock's time zone
# dpkg-reconfigure tzdata
Select your local timezone from the list.

Now update your log rotation settings so your sd card doesnt fill up with logs.
# echo -n > /etc/logrotate.conf
# nano /etc/logrotate.conf
Paste this text into the editor, then save and exit.
rotate 7
/var/log/* {
    create 0664 root root
/var/log/cacti/* {
    create 0660 root root
/var/log/nagios/* {
    create 0660 root root
/var/log/apache2/* {
    create 0660 root root

However, Nagios can't send alerts yet because it has no mail transport.  So let's do that:
# aptitude -y install sendmail
# sendmailconfig
Just answer Y to any question it asks unless you know what you are doing.
# apt-get -y install postfix
Use "Internet Site" when prompted and change the hostname if you need to, but it's not required.
# nano /etc/postfix/main.cf
scroll down to the end and adjust these settings as pictured:

  • relayhost is your ISP's smtp server address, or the mail server that accepts mail requests on port 25. 
  • comment out the original mynetworks line with a # in front
  • create a new mynetworks line and limit the IP range to the local pi ( or your own local subnet, or whatever range of addresses you want to allow.  
# mkfifo /var/spool/postfix/public/pickup
Reboot and test
# reboot
# echo "test email" | /usr/sbin/sendmail user@gmail.com
replace the red font with your email address.   this will send a test mail to that address.

Now go back to nagios and click on a service and you will see an option to send a custom service notification.  check all boxes and enter some text then click COMMIT.  it should send a notification assuming you defined a contact in the previous steps.

Now, let's setup a long-term monitoring system, aka Cacti.  Cacti does not do any alerting.  It only keeps track of the temperatures that nagios is also monitoring.  Cacti stores every reading and over time you can get some decent data such as trends and spikes.  So if you are wondering if a room has an air leak or another problem to maintain the temperature, you can use Cacti to get some helpful data.

Note: The rest from here is completely optional and not really needed.    

Cacti has tons of problems and very little community support so finding answers using google doesn't usually work.  see the screen shots below if you want to see what it can do.

# apt-get -y install cacti cacti-spine
It will ask you to define a password for the root user of MySQL.  Write this password down.
Click OK when it warns you about a path change.
Select APACHE2 when it asks which web server to use.
click YES when it asks you to configure for db-common.
Set the password for the cacti admin user, write it down.
It will also ask you to set the password for the cacti database, write that one down as well.
Run this to set the permissions correctly:
# chmod 775 /var/lib/cacti/rra
# crontab -e
Add this line to the end of the file
*/5 * * * * /usr/bin/php /var/www/html/cacti/poller.php > /dev/null 2>&1
Save and exit.
Delete the config file
# rm -f /etc/dbconfig-common/cacti.conf
Now go to your cacti home page using your browser and the Pi's IP address:
it will redirect you to the setup page, click NEXT
Select NEW INSTALL and click NEXT
It will review all the required items.  Everything should have a green [FOUND] indicating the item is already installed.  If not, you will need to resolve these issues manually.  But if you used the apt-get installer, then it should have installed everything for you.
Select Net-SNMP 5.x and RRDtool 1.4.x, click NEXT
It will take you to the login page.  Username is admin.  If you set a password just now, use that one.  otherwise the default admin password should be either admin or cacti.

on the left, click SETTINGS, click POLLER,
Change Poller Type to SPINE
Make sure the poller interval and cron interval are set to 5 minutes.
Click SAVE.

on the left side, click IMPORT TEMPLATES
go back to https://github.com/bramuno/tempmon and click on the template files and copy the text.   use the cacti import page to paste the text into the input box.
For "import rra settings" keep the recommended option.
For "associated rra's" use the CTRL key to select multiple options and select the frequency of the checks.  I just selected them all.

After both templates are imported, click DATA SOURCES
in the upper right corner, click ADD
select TEMPERATURE DATA TEMPLATE and Localhost, click CREATE
Change the Names as needed but leave the data source path alone unless you want the names to be accurate.
The items at the bottom are the custom variables required by the script we used in nagios.   you should already have this info so go ahead and enter it here.
Click SAVE when done.

Now click GRAPH MANAGEMENT, in the upper right corner, click ADD
select TEMPERATURE DATA TEMPLATE and Localhost, click CREATE
Change only available drop down menu to TEMPERATURE GRAPH TEMPLATE then click CREATE.
Select the DATA SOURCE that you just created.  it will be unique to each graph because the data source holds those custom variables.
Click SAVE.

On the left, click GRAPH MANAGEMENT on the left, then click the graph you just created.
at the top, click TURN ON GRAPH DEBUG MODE
The page will refresh and the graph should preview, although it will be empty at first.  If the graph appears you are good.  if it does not appear, run this:
# chmod +x /var/lib/cacti/rra/*
Refresh the page and try again.
If still no graph appears, go back to the data source and turn on debug mode.  It will give you the code at the bottom and it will note the RRD file name.  Make sure that RRD file exists.  If not, wait 10 minutes as it should get created automatically.  If it still doesnt, just paste that debug code into the SSH terminal and it will create the RRD file (the graph).  run the above command again to mark it as executable.

If the graph still doesn't appear, you will need to ask Google how to fix it.  

With working graphs, you can build your tree(s) now. on the left, click GRAPH TREES
Click ADD
Name the tree (eg. temperatures) and choose the ordering you prefer. click CREATE.
The page will refresh and the ADD link will move down a tad.  Click ADD again to add items to this tree.
Parent Item is ROOT
Tree Item Type is GRAPH
Graph is the graph item you just created.
choose the round robin archive frequency and click SAVE (I just used one minute average)
Your tree item will now be listed.
Click GRAPHS tab at the top.
Click the tree you just created.   the graphs are still empty, wait 30 minutes and try again.  If still nothing, rebuild the poller cache again and wait another 30 minutes.

If your graphs aren't working (blank, showing NaN values, or broken images)...
  • Try giving open permissions to all cacti files
    # chmod -R 777 /usr/share/cacti/
    # chmod -R 777 /var/lib/cacti
  • Verify the database settings are correct for spine.  They should be the same as they are for cacti, unless you know what you are doing.
    # nano /etc/cacti/spine.conf
  • last resort, try a re-installation but you want to use the purge option so it removes any traces of the install so you can start from scratch.  I once spend all night trying to fix cacti when only a re-install did the trick.
    # apt-get purge cacti cacti-spine
    # apt-get install cacti cacti-spine
  • Then go back and perform the installation steps, including re-importing the templates and creating the data sources and graphs.

If still no luck, try google.

Don't get too frustrated with Cacti.  the truth is i've had problems almost every time I've used it.  i am starting to notice that the debian package installations such as this one have more problems that the source installations.  but the debian package installs have the option for auto upgrades while source installs do not.  if you really need cacti and package installs arent working (apt-get) then remove the package and google how to do a manual install.

That's it.  Nagios alerts you of the present condition while cacti tracks the data over time so you can see trends and such which could help you manage your heating or a/c bills.  Now just find a permanent way to store this device and place your sensors.  If you need advice, I suggest you locate the nearest hackerspace.

To update your software every 3-6 months, run
# apt-get upgrade
However, if you want it to do this automatically, just run
# crontab -e
and add this line to the file
0 1 1 * * apt-get -y upgrade
Save and exit.  This line will run the update on the first day of every month. 

After that, check to make sure everything still works.   Problem is linux tends to break easy and things get outdated fast.  check google for answers and roll with the punches.  good luck!

Here are some pictures of my setup.  I turned my closet into a network closet but mounting a sheet of wood onto the wall and using that wood to mount devices.   The Pi's network cable is plugged into the switch and the GPIO connections are going to another gray cable.  Underneath the black electrical tape is how the GPIO cables connect to the sensor cables and the resistor.  The blue cable is cat5 cable which has 8 smaller cables inside.  This allows me to use 6 incoming temperature sensor data cables, and the other 2 cables are +12v and -12v.

The sensor cables run throughout the attic and down thru the walls to cat5 data plates.

Another thing that is giving me trouble is my living room sensor is placed rather high and I have vaulted ceilings.  Since hot air rises, the temperature is warmer than in the rest of the house.   So I am probably going to use a 2nd sensor more towards the floor and then average those 2 readings to make a more accurate room temperature.

My nagios & cacti installations are working as they should.  Here are screen shots to compare yours. You can see how the temperature fluctuates as the heater goes on and back off.