SUSE’s Apache2 SSL renegotiation fixes hit the repositories

It’s been quite a while since the actual code fix was done, but now the RPMs for SLES11’s Apache2 implementation (SP1 to SP3) have hit the SUSE SLES11 repositories: Continue reading

Posted in Linux | Tagged , , | Leave a comment

ELRO C704IP: those who buy cheap will buy twice

I’ve had the chance to buy an ELRO IP network camera for not much money… it was either a bargain or a cheap product, but given the mid-range two-digit price, I was willing to give it a test.

I’ve had a look at the box before buying, and noticed immediately that it didn’t mention “zoom” – while on the ELRO internet pages, the camera is listed under the “PTZ camera” section. For those not comfortable with the IP camera market: “PTZ cameras” are those that can be remotely controlled to pan (rotate the camera view from side to side), to tilt (move camera view up and down) and to zoom in and out. The C704IP can only pan and tilt, there’s no zoom function. The casual visitor of the web side might not notice but rely on the page title (“PTZ-Kamera”), so it’s kind of misleading advertisement. To ELROs favor I’ve got to note that there are only two cameras listed, one stating (in German) that the camera pans and tilts via network control, the other explicitly mentions “pans, tilts and zooms via network control”. But still you’ve got to know what to watch out for.

The C704IP is equipped with both WLAN and Ethernet interfaces and comes with a wall / ceiling mount. It is an indoor camera, so there’s no whining that the mount is all plastic: It does it’s job and seems sufficiently stable. The camera comes with an electrical alarm input and is offering automatically activated IR LEDs to assist with night shots.

Setting up the camera is rather simple, the according instructions are included. Being experienced with IP cameras and networking, I was able to get things started within minutes, even though I installed no special software (no Linux software is included nor required), but only used a Firefox browser and the system’s command line to gain access to the default camera IP subnet.

All required settings can be made via the browser interface, which looks a bit clumsy, but is sufficiently functional nevertheless. The on-camera software seems to include all functions necessary and more: On top of the basic network setup and live video display, you can make your camera accessible via the Internet (if you enable port forwarding on your Internet router), ELRO even includes a service for dynamic mapping of your Internet address to a device-specific DNS entry for free. Other mentionable features are the option to create multiple accounts with different level of access (viewer, operator, admin) and a basic motion detection with follow-up action (i.e. sending an email or uploading files to an FTP server) and scheduling.

I test-drove the camera both via WLAN and wired Ethernet without any problem and successfully installed it to monitor a non-public office area by mounting it under the room’s ceiling. The most demanding task was providing a power outlet near the camera location to plug in the power supply shipped with the camera.

elro-c704ip-stillBut then, why did I chose such a negative title for this article? Because it lacks an important function: proper visual. Being a surveillance camera, this is a pretty basic requirement… the images provided by the camera are pretty unsharp, even when monitoring a well-lit still scene.

This is sufficient to monitor if larger objects are in place – but if you’re i.e. monitoring a window, you may find it hard to detect if the window handle is in the open or locked position (try to have a look at the handle of the door to the left in the sample picture). The camera optic is fixed, there’s no way to adjust the camera focus.

elro-c704ip-nightIf you add motion, this gets significantly blurry during low-light times: The camera won’t detected quick motion at all, and if it catches something, you’ll get an image as if you’re taking a scene from Twilight Zone: Moving objects (persons) look like a ghost. I’m usually walking with a quick step around that corner (but have not been running!) and more often have seen nothing but a swish of something going through the reported image.

For the typical office situation, these limitations render the camera almost useless: If you’d like to monitor some type of device, you don’t have the required level of detail in the image – and if you’d like to motion-detect during the night, even with the built-in IR lights you won’t get images that might help to identify intruders.

While we’re at it, the camera software has a nasty little flaw when it comes to scheduling: While everything else seems to properly adjust to daylight savings time, the scheduler doesn’t. So if you’ve set the camera to only report motion alarms outside office hours, you nevertheless will receive notifications during the first office hour, but with a camera time stamp set to one hour earlier. Of course, the first hour after office shutdown won’t be monitored properly for the same reason.

Upon reporting this daylight savings time problem to ELRO’s support team, their response made me aware of another little “pretent” functionality: When checking the “device time” via the web UI, the time reported by the camera isn’t the actual time from the device – it’s the time as set in your browser (in other words: The time of the computer that runs the browser you’re accessing the cam UI with). And as you may have already expected, no fix seems to be planned for the DST problem either – it was suggested that I change the time on my Windows machine to adjust for the time change… neither do I run a Windows machine, nor would I expect it’s time change to reflect to a camera that is set to sync it’s time with an NTP server (like I’ve set up the camera).

What remains to verify is some private use of the camera, i.e. for home surveillance during holiday travel. So as a last test, we set up the camera in a typical WLAN home network situation, with port forwarding and dynamic DNS update. While the image quality of course hasn’t improved, remotely accessing (and controlling) the camera from an Android phone (the only one we’ve tested) worked at once and quite nicely. You’ll get a good overall impression of the situation at your home, pan and tilt is fully sufficient, and image quality, even at night (with the build-in IR LEDs), is good enough to know whether your home is still in general order.

Here’s my conclusion: I’ve bought the camera with an office / server room environment in mind, and was not happy with what I got. We’ve spend more (and in some cases significantly more) on more professional camera hardware and have not regretted that. On the other hand, if you’re looking for a non-expensive solution to wipe away that bad feeling about conditions at home, the C704IP may be a good solution for you.

 

Posted in Uncategorized | 5 Comments

SSL renegotiation – all’s well that ends well

In “SSL renegotiation – a never-ending story?” I introduced you to problems with Apache’s httpd version 2.2.12 from SLES11SP2, where under certain conditions the server aborts the SSL renegotiation and the client then either appears to hang or reports an error.

Fortunately, I had the opportunity to discuss the issue with SuSE’s support team. Of course it was helpful that I could recreate the problem at will in our test environment, and therefore was able to provide all debug logs and network traces, too. Equipped with those details, SuSE’s development team took over and did so for good: Within a few days and some intermediate tests, the very competent developers had the problem nailed and provided an updated set of RPMs, a so-called PTF (“program temporary fix”).

The corrected program versions are on it’s way to the update repositories, too, but of course it may take some time until all final packaging and testing is completed. Considering that this problem may well have been in the upstream code since working around the SSL “man in the middle re-negotiation flaw” in 2009, that seems a fair price.

This is another good example why having software support is a very good idea when running systems professionally, even if they’re open source. Sometimes it is simply a necessity to have a professional developer at hand, with deep inside knowledge and a sound understanding – something that can easily get expensive when trying to do it all by yourself.

Posted in Linux | Tagged , , | 5 Comments