Calling Veracode API with Postman

The Veracode API is new to me, so to get to grips with it I decided to fire up Postman and make a few requests. I was initially unsure where to enter my API ID and secret key, and despite trying a few things I kept getting authorisation errors, because the API uses HMAC authentication which is not directly supported by Postman.

The solution I eventually stumbled across was thankfully simple. You just need to grab the pre-request script from here (thanks to Veracode’s Chris Campbell!) and paste it into the Pre-request Script section of your request tab. Finally, add two variables to the Globals tab: veracodeApiKeyId and veracodeApiKeySecret, paste in your Veracode API ID and secret key respectively, and you should now be able to make a successful API request.

Note that you don’t need to select anything in the Authorization section for this to work (just leave it as No Auth).

Quick way to open a command prompt in the current window

In Windows 10, you can type cmd in the address bar of any File Explorer window, and it’ll open a command prompt with the working directory already set. Much quicker than opening a command prompt the usual way and having to cd to the right directory, especially for long nested paths.

Having used Windows 10 since it first came out, and Windows Vista/7/8/8.1 before it, I was surprised when I recently discovered this trick!

Using Okta Verify with Synopsys

The Synopsys (Cigital) web app officially supports only Google Authenticator, Microsoft Authenticator or Authy for 2FA. However, if you already have Okta Verify installed on your phone, and don’t want to install another authenticator app, you can follow this process.

  1. Log into Synopsys and click your username in the top right
  2. Click 2-Factor Authentication Settings then Edit
  3. Select Google Authenticator
  4. On your phone, open Okta Verify and tap the + icon
  5. Click Organization then Scan a QR code
  6. Scan the Synopsys QR code
  7. Type the resulting 6-digit code and your password into the Synopsys window

Lync 2013 installation breaks Office 2010 interoperability

At work, I maintain an Access 2010 database that interfaces with Word, Excel and Outlook. Recently, Lync 2013 was rolled out across the office, without upgrading the rest of Office. Suddenly all interop calls started failing with “Automation error. Library not registered.” errors.

A bit of digging revealed that the Lync 2013 installation process adds registry entries for the Office 2013 (i.e. version 15) automation libraries, regardless of whether the individual 2013 applications are installed. The solution is to remove the offending registry keys, keeping the version 14 keys in place.

I put together the following .reg file to remove the keys for Outlook, Word and Excel respectively:

Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\TypeLib\{00062FFF-0000-0000-C000-000000000046}\9.5]
[-HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6]
[-HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.8]

There doesn’t seem to be an official Microsoft solution for this – I previously repairing the Office 2010 installation but this had no effect.

 

Heatmiser PRT-TS Wi-Fi thermostat not working after firmware update

I recently upgraded my PRT-TS Wi-Fi thermostat firmware from 1.2 to 1.6 and found that although it seemed to be working in every other way, it was no longer firing up my boiler when calling for heat.

This is because the Heatmiser hardware contains two relays (presumably so it can be shared with models that also incorporate hot water control), and thermostats shipped prior to 26th January 2012 (which includes mine) are programmed to use the one on the left for central heating, whereas newer thermostats use the one on the right (PDF link – note that although it specifically mentions 1.3 thermostats, mine was a 1.2 and it had the same issue):

To combat this problem, Heatmiser have two sets of firmware – the “A” set for older thermostats and the “B” set for newer thermostats. Unbeknownst to me, I had received version 1.6b when I should have been sent 1.6a.

There are two options to fix this – either have Heatmiser send out a programmer with the 1.6a firmware, which would take a few days, or – as I did – simply rewire the thermostat as per the corrected wiring diagram. Obviously I recommend that you hire a qualified electrician to do this if you’re not proficient yourself.

Unfortunately it’s not possible to determine which firmware you have been sent until you’ve flashed your thermostat with it, so if you decide to upgrade, I recommend you check the label on the rear of your device and check with Heatmiser that they are sending the correct firmware type (A for the top diagram marked with a cross, B for the middle diagram marked with a tick).

Using a PS3 EyeToy with the Raspberry Pi

Having heard about the new camera driver built into the kernel of the new Raspbian OS image, I decided to have a play, using my PS3 EyeToy camera. The steps below are based on this forum thread, with some changes to reflect my own experience. The Raspberry Pi supports a number of cameras, not just the EyeToy, so if you have a spare one lying around, give it a go.

  1. Install the ‘motion’package:sudo apt-get install motion

    This should automatically install the required ‘ffmpeg’ package – if not you can just do sudo apt-get install ffmpeg.
  2. Edit the config file:

    sudo nano/etc/motion/motion.conf

    To enable daemon mode (so you can run the software in the background without it tying up your terminal):

    daemon on

    To increase the resolution to the maximum supported by the EyeToy, change the following lines:width 640
    height 480

    If you want the stream to be viewable from other computers on the network (rather than just the Pi itself):

    webcam_localhost off

    If you want to change the port on which the stream is served (default 8080) – replace 1234 with the desired port number:

    webcam_port 1234

    By default, the camera will only start capturing images (and video) if it detects motion. If you want to take regular snapshots whether motion is detected or not, you can change the following line (the value is in seconds):

    snapshot_interval 60

    (Press Ctrl+X, Y then Enter to save changes and quit the nano editor)

    There are loads of other things you can do such as enable a basic remote control interface, tweak the JPEG quality, set up regular snapshots (by default, snapshots are taken only when motion is detected), customise the text which is overlaid onto the image and change the location to which images are saved (by default these go into /tmp/motion which is deleted whenever the Pi is rebooted). Just have a browse through the config file which is fairly well-commented and self-explanatory.

  3. Now plug the EyeToy into a USB port on your Pi. The two LEDs (one red, one blue) should illuminate. These are not necessary for webcam use so you may want to cover them with black electrical tape or similar.
  4. Start up ‘motion’ in interactive mode (this is a text-mode app which you can run from the terminal, you don’t need to be in the ‘startx’ GUI:sudo motion -n

    (Without the sudo, I get permission errors which I haven’t yet figured out how to resolve).
  5. Browse to the IP address of your Raspberry Pi on the port you configured earlier (or 8080 if you didn’t change it) in a Web browser. Firefox works fine, but at the time of writing the current stable version of Chrome seems to have a bug with motion JPEG streams, and only shows the first frame. You can work around this by embedding the stream into a simple HTML page, which works fine in Chrome:<img src="http://ip.address.here:1234" />

    Alternatively you can open the stream in VLC. You can also browse to the feed on the Raspberry Pi itself, but you will have to install Chrome or Firefox on it as the built-in Midori browser doesn’t support MJPEG streams.

  6. Once you are satisfied, press Ctrl+C in the terminal to stop the server. You can then start it up in daemon mode:sudo motion
  7. If you need to stop the daemon, get its process ID:cat /var/run/motion/motion.pid

    And kill it (replace 12345 with the ID from the above file):sudo kill 12345

    If you want to automate this:

    sudo nano /usr/bin/killmotion

    And type in or paste the following lines:

    #!/bin/bash
    sudo kill `cat /var/run/motion/motion.pid`

    (Again press Ctrl+X, Y then Enter to save changes and quit)

    Finally make the script executable:
    sudo chmod a+x /usr/bin/killmotion

    And whenever you need to stop the motion daemon, just type:
    killmotion

And there you have it – a simple baby monitor, security camera or basis for time-lapse photography!

The files can build up quickly though, particularly if you enable regular snapshots, so make sure you have plenty of space on the SD card you are using.

Unfortunately, like the original poster, I noticed that occasional frames had a strange form of corruption (example), which unfortunately the camera detects as motion (although you can tweak the config file to only trigger after a number of consecutive frames of motion). I suspect this may be due to the Raspberry Pi not providing quite enough power to run the camera stably. A powered USB hub may solve the problem, or more drastically, desoldering the two LEDs. Reducing the resolution back down to 352×288 apparently fixes the problem, but obviously means lower image fidelity.

If you don’t already have an EyeToy or spare webcam, it’s probably best to wait for the official Raspberry Pi camera module. It will plug into a dedicated connector on the board so you’re not hogging a USB port, and will obviously be more stable. The pre-release version uses a 14-megapixel sensor, but it’s likely that a lower resolution sensor will be used in the final release to keep the costs down. A good-quality 720p (just under 1 megapixel) sensor would be nice, 1080p (just over 3 megapixels) even better.

How to set up a web interface for a Heatmiser wi-fi thermostat using a Raspberry Pi

My earlier post on the Heatmiser PRT-TS wi-fi thermostat proved very popular and is the most commented article on this blog. When commenter Rich mentioned the heatmiser-wifi project, a set of Perl scripts that can be installed on a PC or Raspberry Pi to provide a full-featured web interface for the Heatmiser, I just had to give it a go.

Although the project site mentions that it has been tested on Raspberry Pi, I just couldn’t get past one of the steps. A little bit of Googling revealed a possible solution, and it worked. Be warned, the process takes a little while but in my opinion the results are definitely worth it.

Installation of Subversion and the heatmiser-wifi software

To get hold of the software, you have to check it out using the Subversion (SVN) source control system. So the first step is to install SVN:

sudo apt-get install subversion

You can then run the following command to download the heatmiser-wifi software:

svn checkout http://heatmiser-wifi.googlecode.com/svn/trunk/ ~/heatmiser-wifi-read-only

This will create a folder called heatmiser-wifi-read-only in your home directory. If you want to specify a different path, edit the command as appropriate.

Install Perl and essential packages

Check that Perl version 5 is installed by running:

perl -v

This should return some output starting with the following (or similar):

This is perl, v5.10.1 (*) built for arm-linux-gnueabi-thread-multi

If not, install Perl using:

sudo apt-get update
sudo apt-get install perl5

Now you need to install the required packages:

curl -L http://cpanmin.us | perl - --sudo App::cpanminus
sudo cpanm CGI Cwd DBI File::HomeDir Getopt::Std IO::Socket JSON LWP::UserAgent Proc::Daemon Proc::PID::File Time::HiRes
sudo apt-get install libxml-simple-perl
sudo cpanm XML::Simple

This takes a long time, so you may want to have a cup of tea, run a bath or go for a walk!

(Note that the original instructions had the CPAN modules listed on one line, omitting the apt-get before XML::Simple, but this didn’t work for me, hence the change. Also I had trouble getting the standard cpan command to work on the Pi due to its limited hardware, hence using cpanminus instead.)

Test the installation

Run the following command, adjusting the path if necessary, replacing 192.168.0.100 with the actual IP address of your Heatmiser and 1234 with the PIN number:

~/heatmiser-wifi-read-only/bin/heatmiser.pl -h 192.168.0.100 -p 1234

You should get some output like this:

Heatmiser PRT version 1.2
Thermostat is ON (heating mode)
Time 2012-07-07 21:45:59
Temperature 23.5 deg C (internal)
Target 17 deg C
Heating is OFF
Feature 01: Temperature format C
Feature 02: Switching differential 1 deg C
Feature 03: Frost protect 1
Feature 04: Frost temperature 15 deg C
Feature 05: Output delay 0 minutes
Feature 06: Comms # n/a
Feature 07: Temperature limit 0 deg C
Feature 08: Sensor selection internal
Feature 09: Floor limit n/a
Feature 10: Optimum start disabled hours
Feature 11: Rate of change 20 minutes / deg C
Feature 12: Program mode 5/2 day
Weekday 1: 07:00 20 deg C
2: 07:30 17 deg C
3: 17:00 20 deg C
4: 21:30 17 deg C
Weekend 1: 09:30 20 deg C
2: 21:30 17 deg C

For the rest of the steps to work, you need to store the IP address and PIN number in a config file. To do this:

sudo nano /etc/heatmiser.conf

Type the following two lines, substituting 192.168.0.100 with your thermostat’s actual IP address, and 1234 with its PIN:

HOST 192.168.0.100
PIN 1234

Press Ctrl+X and type Y to save the file.

You should now be able to run the following command (same as before but without the IP and password, which will now be read from the conf file).

~/heatmiser-wifi-read-only/bin/heatmiser.pl

Set up the web interface

Happily the project’s web interface instructions seem to work fine on the Pi without any changes.

I have also set up logging and charting of external temperature (via the Met Office API). Frustratingly, my Met Office API key didn’t work straight away – it kept returning Invalid key please register at http://www.metoffice.gov.uk/public/ddc via both the heatmiser_weather.pl script and the “preview data” feature on the Met Office site itself. Also note that it will take up to five minutes for the weather table to start populating, unless you’ve increased the rate in the heatmiser.conf file.

Installing lighttpd web server on Raspberry Pi

I’ve just set up my Raspberry Pi, and managed to get it up and running after a minor panic – I couldn’t find a micro USB cable anywhere in the house, despite apparently owning way more mini USB and USB A-B cables than I’ll ever need. I then remembered that the Kindle comes with a micro USB cable, phew!

As a web developer, one of the first things I thought of doing was installing a web server, and decided to go for lighttpd as it’s designed to be lightweight and efficient, which is just the ticket for the Raspberry Pi and its limited hardware resources.

Installing it was as simple as sudo apt-get install lighttpd – or it should have been! The installation failed with “chown: invalid group: ‘www-data:www-data’. To fix this, I ran two commands:

sudo adduser www-data
sudo addgroup www-data

(The first command probably isn’t necessary, as it returned “adduser: The user `www-data’ already exists.”)

I then re-ran sudo apt-get install lighttpd again and it succeeded.

Update 30/05/2012:
I have since decided to switch to Apache and PHP. After running apt-get remove lighttpd, I just had to run:

apt-get install php5

This installs all the basics. Apache still needs the www-data group and will refuse to start if you haven’t already run sudo addgroup www-data.

If you get 404 errors when trying to install PHP (as I did), run the following commands and try again:

apt-get update
apt-get upgrade

Heatmiser PRT-TS Wi-Fi thermostat review & troubleshooting tips

I recently decided to replace my central heating programmer with a programmable thermostat, and decided to go for the geeky option: a wi-fi connected model! So I ordered a PRT-TS Wi-Fi from Heatmiser, which can be controlled both via a Web browser and an iPhone app.

Overall, I’m happy with the product but I found it a little tricky to set up. The instructions don’t go into a huge amount of detail, a problem which is compounded by the fact that the Heatmiser support site was devoid of any information on this particular model at the time of writing, so I have discussed my difficulties below and explained how I resolved them.

Installation

I won’t go into too much detail on the physical installation, but suffice to say, most people should get the unit fitted by a qualified electrician. There’s only a page and a half of the small (A7 size) manual devoted to it, plus three wiring diagrams, and any mistakes could damage the thermostat and/or the boiler. The thermostat is designed to be flush mounted into a standard 35mm deep single back box. It can be surface mounted but it won’t look as good, particular as the thermostat is a few centimetres larger than the back box at each edge. I chose the latter option to save money, but will have it flush mounted at a later date. I will be interested to see what effect flush-mounting has on the Wi-Fi signal strength, if any.

Appearance & usability

The thermostat is essentially a PRT-TS with an added Wi-Fi card, and it looks exactly the same from the outside. It’s reasonably modern-looking (as far as thermostats go!) with a touchscreen illuminated by a blue backlight. It displays the room temperature in the middle of the screen, which can be adjusting using the up/down icons below it. A slight niggle is that it can be difficult to see what you are doing – the backlight doesn’t come on until you touch an icon, by which time it is too late. I would personally prefer the backlight to come on when touching any part of the screen (not just an icon) and the unit to only respond to icon presses when the backlight is on.

A nice feature is the “Screen” icon which locks the screen for 15 seconds, allowing time to clean it without accidentally activating any functions.

You can also view and set heating programmes, set the clock, enable temperature hold and holiday modes from the touch screen. I found setting the time slightly strange, as the down button changes the hour down and the up button changes the minute up – changing the date works in a similar way with the month and day – but this is something that is rarely necessary to change and can be done from the Web interface or iPhone app anyway.

Wi-Fi setup

Setting up the Wi-Fi connectivity nominally requires a Windows PC and the configuration utility supplied on CD. However, when plugged in via USB, the device presents itself as a USB mass storage device (albeit a very small one: 6.5KB) containing a single file – CONFIG.TXT – which contains the network configuration information in plain text, which could easily be edited by hand by users of other platforms such as Mac or Linux. The file is fairly self-explanatory – the only thing worth pointing out is that the KEYMODE parameter (wireless encryption type) must be either WPA, WEP or OPEN.  There’s a slight security issue in that if someone were to steal your thermostat, they’d have access to your wireless key, thermostat password and PIN, but this is a fairly unlikely scenario!

I had trouble getting the unit to connect to my Wi-Fi network until I switched my router (Linksys WRT54GS with Tomato firmware) from WPA only to WPA+WPA2 encryption. I’m not sure whether this means that the PRT-TS needs WPA2 encryption to operate (despite the configuration utility only showing WPA), or whether there is an issue with my particular router, but if you’re having trouble, it’s worth enabling WPA2 on your router. Before I managed to get WPA+WPA2 working, I tried using WEP encryption as a test but the configuration utility wouldn’t let me save the changes. I didn’t play with the OPEN option, so I’m not sure whether this refers to unencrypted Wi-Fi (and therefore will ignore any username/password) or WEP Open System encryption.

The device requires a static IP address, and port 8068 must be forwarded via the router if remote connection via the iPhone app is required.

It’s worth noting that the front part of the thermostat detaches from the rear, so it can easily be removed once installed, and the front part will power up when attached via USB which means you can set up and test the Wi-Fi connectivity before installing the unit on the wall. This isn’t mentioned in the manual, and neither is the fact that a Wi-Fi icon (similar to the one used on the iPhone) appears on the display when connected successfully.

Browser interface

The browser interface is full-featured if a little basic-looking – it’s reminiscent of a router interface from ten years ago. The so-called “Live View”  panel on the right shows the actual temperature (to one decimal place), set temperature and heat status, and a refresh button as it doesn’t seem to auto-refresh. The main interface allows you to view and adjust heating programmes, temporarily override the temperature, lock the keypad remotely, set the clock and change network settings. There doesn’t seem to be a way to change the port on which the Web interface is accessible, which would be a nice feature to have.

It doesn’t contain any form of logging functionality, so it’s not possible to view temperature changes over time. This would be nice to see in a future firmware update, but I’n not holding my breath.

iPhone app

The iPhone app, a free download from the App Store, is similarly utilitarian. It allows you to see the current temperature (rounded to the nearest degree, unlike the browser interface), set temperature (which can be adjusted) and heat status. You can also view and adjust heating programmes via the app.

One quirk of the app is that you have to select whether you want to connect locally (i.e. when you are on your home Wi-Fi network)  or remotely (via the Internet). It would be nice if the app could determine whether you are home or away and select the corresponding connection method dynamically.

The interface is fairly bland but it does the job. It’s a shame that the graphics aren’t retina ready, so they look jaggy on the iPhone 4 (which has been out for more than a year, so you would have expected Heatmiser to have updated their app!). It would also be nice if a future version of the app came with iPad support – the current version works fine on the iPad but doesn’t take advantage of the bigger screen.

I was left scratching my head for a while, as I was originally able to connect via my Web browser but not via the iPhone app. This resolved itself once I moved my router closer to the thermostat, so it seems that the protocol used by the iPhone app is less forgiving of low signal strength (and potential packet loss) than standard HTTP over TCP/IP. Again this is something that should perhaps be mentioned in the manual.

Conclusion

It’s a version 1 product, so is sometimes a little rough around the edges, but the hardware is solid and the product could easily be improved with updates to the Web interface and iPhone app. The manual is fairly basic, which I can understand is necessary to minimise the size and weight of the box, but why not include a more detailed version on the included CD and/or on the Web?

One final point is that I was slightly perturbed to find that the thermostat, which I paid £150 plus delivery for via Heatmiser’s own shop, is available for as little as £126 delivered from some resellers, so it pays to shop around!

Update

Heatmiser tweeted me and pointed me towards their document download area which contains some useful information. They also say they’re working on a new version of the iPhone app, iPad and Android support, multi-zone and logging functionality, and suggest that users email support@heatmiser.co.uk with any further suggestions.

Also, the £126.20 price I found is actually ex-VAT (thanks Luke!) so it is actually best to buy from Heatmiser directly.

Display filename instead of document title in SharePoint search

My employer has been using SharePoint for a number of years now, and it’s recently come to light that people haven’t always been putting meaningful information in the Document Title field. It seems that if this field is left blank, it will default to the document filename, but a lot of our documents have incorrect titles. e.g. if they have been based on a template or another document.

Clearly the best solution is to educate users to use the Title field properly for newly-created documents (see Title vs Name), and also to update all existing documents, but it’s a big task and for now we have opted for the”quick fix” of showing the document filename in search results. Here’s how you do it:

  • Ensure that the IsDocument managed property is set for use within scopes:
    • Browse to Central Administration
    • Click on your Shared Service Provider
    • Click Search settings
    • Click Metadata property mappings
    • Find the IsDocument property and set Use in scope to True
    • Click OK
  • Edit the page and modify the Search Core web part
  • Under Results Query Options, edit the Selected Columns property to include Filename:
    <Column Name=”Filename”/>
    (it doesn’t matter where as long as it is between <Columns> and </Columns>, and obviously not halfway through another <Column> tag)
  • Find the following line (it should be in the Result template):
    <xsl:variable name=”id” select=”id”/>
  • Underneath it, add the following two lines:
    <xsl:variable name=”filename” select=”filename”/>
    <xsl:variable name=”isdocument” select=”isdocument”/>
  • A few lines down, replace the code starting with <span class=”srch-Title”> and ending in</span> with the following:
    <span class=”srch-Title”>
    <a href=”{$url}” id=”{concat(‘CSR_’,$id)}” title=”{$url}”>
    <xsl:if test=”$isdocument &#61; 1″>
    <xsl:value-of select=”filename”/>
    </xsl:if>
    <xsl:if test=”$isdocument &#61; 0″>
    <xsl:choose>
    <xsl:when test=”hithighlightedproperties/HHTitle[. != ”]”>
    <xsl:call-template name=”HitHighlighting”>
    <xsl:with-param name=”hh” select=”hithighlightedproperties/HHTitle” />
    </xsl:call-template>
    </xsl:when>
    <xsl:otherwise><xsl:value-of select=”title”/></xsl:otherwise>
    </xsl:choose>
    </xsl:if>
    </a>
    <br/>
    </span>

I found this tip on the TechNet forums, although it didn’t work as-is because the author had forgotten to declare the isdocument variable. It has been tested in MOSS 2007 but will possibly also work in SharePoint 2010. If desired, you could easily tweak the XSL above to show the document title as well as the filename.

There’s no easy way of changing the OSSSearchResults.aspx page that appears when you do a “This Site” search, and even if you do, it’s unsupported and any changes will most likely be lost next time you install a MOSS service pack. If you have ISAPI_Rewrite installed, as we do, you can easily redirect site searches to the Search Center using this line:

RewriteRule ^(.*)OSSSearchResults.aspx(.*)$ /SearchCenter/Pages/results.aspx$2 [I,L,RP]