Hardware Reference
In-Depth Information
CHAPTER 7
Control Hubs: Bringing It All Together
Most people are interested in features and benefits, not the minutia of code. Unfortunately, the barrier to entry in
home automation is quite high, as basic features require a lot of underlying work. The comparatively simple process
of being able to e-mail your video at
video@myhome.com
requires preparing a DNS record, e-mail server, message
parser, network functionality, and IR transmission. Now, however, you have these individual components and can
look at combining them into processes and features and abstracting them so they can be upgraded or changed
without breaking the home's functionality as it stands.
Integration of Technologies
As I've mentioned previously, your home technology is based around Node0—or, more specifically, a Linux machine
or Raspberry Pi based in a central location that performs all the processing and thinking tasks. This is your single
point of failure in several ways. Most obviously, it means you lack media control or playback when the machine is
offline or broken. Being Linux, this is fortunately a rare occurrence. But it is the standard security model of Linux itself
that makes it the most vulnerable. Ironic, huh?
Linux provides access to every file and device
1
through a three-stage set of permissions:
user
,
group
, and
other
.
Additionally, each file can be designated ownership by one user and group. This is normally enough control for
standard files and documents, but in HA you are controlling devices that are used by several different systems. Audio
in
/dev/dsp
, for example, is used for MP3 playback, speech synthesis, and the soundtrack of a movie playing. It is easy
to see from this how several programs and users should be allowed to use the audio device to report errors through
speech but not be allowed to control the whole house audio system. Similarly, the use of the serial port to back up
a mobile phone SIM over Bluetooth needs different permissions when the same port is used for reprogramming
an Arduino or sending IR signals. Unfortunately, there is not a fine enough granularity of control because the only
genuine protection is offered by the operating system. And because of that, you can only restrict access to the devices
as a whole. You can't even limit access to software because you could simply write the MP3 playback script (or rebuild
the package from source in a local directory) and run it as any user to avoid any restriction placed on the software.
Again, you are limited to whatever access rights you place on the device file.
N
Some distributions, such as SELinux, provide explicit access rights for each program that allow this level of fine
control. It is time-consuming to set up, however.
Note
"ECAUSEEVERYDEVICEISALSOAFILE
Search WWH ::
Custom Search