 Okay, thank you, welcome to this talk. I will share with you my little expertise regarding a project I did to let's say control my house, my home. It's a project started long ago and finally reached OpenBSD. This is via this project that I meet the OpenBSD and I will explain all my projects. So first of all, my name, Vincent Delft. You see my blog website, my company website. And if you want to reach me, you have my email. So I will explain which component I've used to monitor my home. The lessons learned since 1988, so it's quite a long time. And the problem I had with Linux because I've started with Linux and why I choose OpenBSD. And then the next topics are quite recent. If we have time, I will go through them. So first of all, the components and the objective. So it's a monitor my home, my house. I'm using infrared captors in different homes. I have the concept of zone so you can activate the zone and deactivate the zone. Like for example, the garage. If you have animals, put them in the garage and you activate the rest of the home. I would like to have a system which send SMS and also receive SMS. So I can activate the zone by sending SMS from my mobile. And I received events on my GSM too. I have scenes. I have a small web interface where I can look at the log files, some details regarding the different events. And I have web camps. So I would like also to see from any device what's going on around the house. And for sure, I have also an objective to have a cheap solution. Budget is not unlimited. So let me share with you the outcome and then I will explain how I came to this outcome. So first of all, OpenBZ for me for this project was the best system amongst the different I've tested. Very flexible. It runs on very different kind of hardware. I've implemented recently a read-only file system which is really great. I will explain why I did that. The main page, very complete, awesome. Big thanks to the OpenBZ developers. It helps a lot having a feature. But explain how to use the feature is really great. The upgrade system. So every two years you have a new release. You have a very simple system to upgrade your machine. We have also the C-spatch which allows to keep your machine safe and up to date in terms of security. This upgrade is very straightforward and first time right. You really can apply. It runs. I never had any issue with that. It takes a little bit time, but it's mainly because of my internet connection. It's not linked with the process itself. I've talked about C-spatch and I hear and I read some remarks regarding based this dying. It's no more an option for today. Don't listen to those guys. Try OpenBZ yourself. Make your own evaluation of the system. It's really a great system, a great operating system. And at the end I keep it. It's for me, for my point of view, the best system for this project to monitor my house. So if I go a little bit into the details. At the beginning I was using this card. It's a card from a company called Velman. It's no more produced. It was in 1998. Basically I have 16 IO ports. So on and off. And I connect this card to my system via a parallel port. Then I have a small GSM device to send and receive the SMS. I have a small, a small board. Currently I'm using an atom board. It's because of power consumption. Cheap and low power consumption. So it's perfect for this kind of usage. 4 GB of RAM is far enough. A small CPU. And I'm not using this for the moment. I will explain why. I'm using a small axis camera. I've bought them on eBay. They are working quite nicely. And for sure a reliable operating system to make this system running 24 hours a day. 35, 30, 165 days per year. So you have to have something which is reliable. On the software side. I was forced to use the I386 systems until OpenBusiness6.0. I will explain why I've changed. I'm using an HTTPD server for the web, the lock. The lock file I'm presenting via a web interface also to display the image of the camera. The camera is the axis camera as a motion detector. So it sends a picture when there is something changing in this area. And send those pictures on an FTP. The demon that runs on the operating system. I need a C compiler and I have a bunch of Python scripts. I will explain. I've developed on the Velman board a C program to look around in, in, in and out of the API. And to look at those IO if they are open or closed. This was easy to develop. Very simple to build. In fact, it's a big loop which look at all those I.O. and check their status and read them or set them if you want, for example, activate the sirens. This was nice, but there is a but, and I will explain a little bit later why I put the but here. There is also another package which allow you to manage the SMS. On OpenBSD, you just have to type package at SMSTools3 and you have all what you need. There is a configuration file. You just have few parameters to update. The device on which your SMS device is connected, so the serial port. If you want to do incoming, the CS convert is for the character set. Then the initial command, the AT plus CHUP is just to hang up on current connection if there. And then you have to develop a small event handler, so a small script which will be triggered when the system received an SMS. I will explain that a little bit. So this small program received two parameters, the received, saying that you have received an SMS, and the part where the SMS resides. An example of SMS is this one. So you have a lot of information coming from your providers. And the most important is the last element. So you have the length of the text, blank line, and then the text you have received. In this case, I received an SMS with the word status. If you want to send an SMS, you just have to put a file in this directory. Whatever the name, you can choose the name of the file. Just put the file there. It will be taken by the SMS daemon. You have to respect this template, at least you can have more elements, but you have to at least respect this. So the destination, which is the same device you would like to reach, a blank line, and then the text. And you have to limit to the 120 character, I think. For the web server, at the beginning I was using a small program called FAP-WAS, which is a Python, a kind of Python library, which allow me to easily display some element. I'm now using the HDD-BD provided by OpenBSD. It's light. One of the key elements in all this project is to have something which is light, because the board is quite small, but HDD-BD is perfect for this. And I'm running it in a short environment, so even if someone finds my machine, he cannot break it. This interface does not allow you, for me, to configure the alarm, so security-wise it's not possible via this HDD-BD to break the system. If your provider does not allow you to have a fixed IP address, you have to make a solution with dynamic DNS like, for example, free DNS. You have to install a small script, for example, every five minutes, which will update the free DNS website concerning your IP address, so you can always reach your web interface. Oops. So for the camera, it's just a normal situation. You just have to configure the camera that they sent a picture to your FTP server, so you just have to provide the IP address. You just have to also provide the user ID that the camera can use to put those files on your OpenBSD machine, so a couple of commands like I've presented there. You can have multiple cameras, two cameras, but you can have as many as you want. So my lessons learned since 1988. The time I spent before each upgrade should not be underestimated. In fact, it's one of the biggest pain in this system. You always have a package which upgrades and breaks your system. A library will change its position. It's no more in the same place. I had a few problems with the board after six, seven years, so such kind of cheap machine running 24 a day, a full year. Well, it's not perfect. It's not ideal, so be prepared to replace the board every six, seven years. The weakness part in this system is the power supply. So the small device will transform your current in 5 volts, 3 volts, something like that. This element is very weak, maybe because the boards are cheap. And this weakness is most probably the consequence of the other element. I don't know. Maybe it's specific to me, but I still have a lot of power cut, a storm, a technician on the streets doing stuff, and they interrupt the power for a few seconds, one minute, but it's enough to kill the machine, except you have an EPS. I had an EPS in the beginning, but I removed it. So every small power cut, kill the machine, and then the machine reboots immediately when the power back, and maybe this affects the power supply. Every two years, I have to replace the power supply. Then you have also the infrared captors. It's also an element to look at carefully, because you have to clean them at least one year of, yes, once a year you have to perform a good cleaning. And in the big loop, I've explained to capture the IO of the different captors. You have to be smart enough and take into account the false alarm. This is a quite difficult element because you have maybe animals, which trigger a captor, and you don't want to generate an alarm and activate the sirens. Maybe you have some small insects. So if your captor is pointing to a radiator, the fact that the radiator starts, it could also trigger the captor and generate false alarm. So the loop must be clever enough to avoid such kind of alarms. In the beginning, my neighbors were quite annoyed by the sirens, which start in the middle of the night, and always when I was in on holidays, so quite difficult. So this is why I do not forget to have the possibility to manage your system from remote having SSH. It's the best option via a smartphone. You have application. You can connect to your machine, and you can manage it directly from the mobile. Or via SMS, you can send SMS commands to restart the process, to reboot the machine to whatever you want, generate, exclude a zone, for example, from the monitoring. And also, an observation, it's not always a good idea to use old machine for such kind of system. Old machine will use old technology, which consume a little bit more power than the new one. So if you want to keep your electricity bill low, it's better to buy new boards like the Atom, for example, which is optimized in terms of power consumption. So my story is this one. At the beginning, I started with Slackware for about four years, so as from 1988, at that time I was playing with such kind of device. It was a pain to install Linux, about 20 disks to install the Linux system, but it was working quite well, quite reliable. And upgrade, upgrade at that time, upgrade of Slackware was a little bit difficult and required a lot of effort. So I immigrated to Red Hat. I keep it about three years, but then I had also some difficulties with the package and the RPM package, which generates some situation where I'm forced to update my programs. The library moved from one place to another one. It was not perfect. So it is in the time of 2000, so maybe they found solution today. And then I've used Gen2, which was for me one of the best systems. So quite reliable, upgrade not so difficult, quite predictable. The biggest problem was that you have to build from source. And this board was the only one with the I386. So when you have to upgrade, it takes one day, but it runs. It runs quite nicely. I also observed that during this about 10 years, I had two disk crash, two times. I don't know. I've never understood why maybe the manufacturer of the disk is not good enough at that time. I don't know. It's just an observation. Then in 2009, there is a small gap of two years, if you look carefully. But in 2009, I've tried the OpenBSD. It was quite easy to install. The upgrades are fantastic, really easy. There is no so much variation within the system. When you have a feature, it stays more or less always, it stays as it is, small upgrades, small add-ons in terms of feature, but the main aspect remains. So for such kind of project, this is really, really great. OpenBSD is secure by default. And as I said, the man's page is very, very useful. So it was kind of an ideal situation. But in 2013, I see in the mailing list that it was said that the IO perm in B, out B I was using, was not forcing to be implemented on the 64-bit system. So I'm saying, OK, I have to continue with the 32-bit. But then in 2016, they decided to remove that also. So OpenBSD 6.0 was a decision for me to move away from this old board and to buy a new one. So since I do not have any more the possibility to interact with my board via this API in B, out B, I was forced to buy a new one. I bought this from a vendor called Dencovi. It's a very small board. If you look at the size of the internet port, it's very small. And I have 24 IO on this system. It's not, the cost is quite acceptable. And I've used this system, but not directly. So I'm using what we called Optocoupler. It's a small device which allows you to connect a system like a sirens, like infrared captors. And if you have an electrical problem on this device, it will not break the board. It will break the Optocoupler. So it's a kind of protection, electrical protection for the board. So I've built a new loop. I did it in Python to look at all those ports, all those IOs via SNMP get command. And you can interact with the board via SNMP set command. So it's quite really, really simple to implement. The same logic to avoid the false alarm. So quite simple. The SMS tools is the same. FTP-Demon is the same. HTTP-Demon is the same. So really one component of the solution was rebuilt. And now to tackle the system, the problematic regarding the power cut and the possibility that when the machine boots automatically when the power is back, is that you have a file system check. And in some cases, this file system check asks you a question, which is a problem for such kind of machines. And the only possibility is to have a direct connection to the machine to answer the question. So my idea was to remove the right option on the disk. So build a system read-only. There is a very good project called FlashRD, which tackled this problematic. But instead of using FlashRD, I've built it myself. And to build such kind of system with OpenBSD is quite simple, in fact. What I did, I did a normal installation. So you start your BSDRD, so the process which allow you to install OpenBSD. I plugged in a USB stick. And I ask OpenBSD to install everything on this USB drive under the same folder, under the same file system. So everything is installed under Slash. So I skip the recommendation, the default provided by OpenBSD. Then once the installation is performed, I boot from this USB drive and I change FS tab like this. I don't know why the color. So what I change, I change the parameter which says that this file system is read-only. The rest remain the same. And I had three lines for VAR, Slash VAR, Slash DF, Slash TMP. So there will be a memory file system, so MFS. I provide a link to a folder where the system can find the different files. And I allocate a certain amount of memory for this file system. So the file system will become read-write, but in memory. There is no link with your disk. So then you have to provide information in those two folders. So just copy what you have in Slash VAR into the new folder. The same for DEF and for TMP, I don't need files. So it means that when the machine will boot, those Slash VAR and Slash DF will be seen by the kernel as normal file system, but they are in memory. With the information, you can find this CFG Slash VAR. So very simple to set up. The only recommendation I have is just to have at least four gigabytes of RAM for this. I'm able to boot from USB 2 port on a lot of different ports, both. I don't know why for USB 3, it doesn't boot. Maybe it's my fault. I don't know why. OpenBSD is not booting from those USB. I have to check that. So there are few elements to take into account. If you want to make some changes on your system, you have to put back the system read-write via the mount command, then you do your change, and then you put back in read-on-leave via amount minus UR. If you would like to add some files, for example, via the pkgadd command, then you have to update your Slash CFG folder. I'm doing it via everything you can do what you want. And if you want to keep your log files, maybe you have to execute this command once every hour, if you want, every day, for this project, I'm just doing a sync every day. And for the rest, OpenBSD sees the different folders exactly like a normal OpenBSD system. So it's quite easy. And via this system, you can really shut down the machine. You can kill it. You can plug out the power cable. The machine will go down. You plugged in. If you have configured the BIOS, it will boot up immediately. No file system check, nothing. It just boots normally. For me, it's really the perfect situation. And for sure, I have a disk attached to the board where I put the picture from the camera. And for this system, I could have issues when the machine boots. I could have file system issues, but it's just the picture from the camera. I prefer to have that damage. And my house is still monitored and controlled. And I'm using this system since about three years without any problem anymore. An observation. Since 2009, I'm using OpenBSD, so I never had a disk crash. Why? Because I had no idea. Maybe the manufacturer is doing better disks now. Maybe it's coming from OpenBSD. No idea. It's just an observation. And the future idea is to have some power over the internet devices. So my different camera will have just one cable today they have two. One for the power, one for the network. So this will facilitate the possibilities and the setup of the camera. So this is the conclusion, this is the same slide I showed before. So for me, OpenBSD is by far the best system for this project. It's really simple, light. It can run on many different boards. Easy to tune, easy to adapt. Easy to upgrade, which was one of the pain. And it's secured by default. So for such kind of project, this is really a good feature. Voila. And that's it. So if you have questions, yes? Have you heard of OpenBSD before you tried it, like when you were doing red hats and stuff like that? Did you know about OpenBSD then? Before? This would be the question before, because there are the people on the internet. So the question is did I heard about OpenBSD before this project? Yes, I heard about OpenBSD. I was aware. It's a system existing since long ago, but I never tried it before. So this project was a trigger for me to have a look at OpenBSD. And when I tried to configure and to set up it for this, I was amazed or simple it is. So now I'm using OpenBSD for NAS, for laptops. All machines are OpenBSD. My kids are using OpenBSD. It's just my wife. She stays with Linux, but all the rest are OpenBSD. And the second question? I was going to ask, what made you try? Honestly, if you want to make your own judgment, your own evaluation, try it. It's the best, the best thing you have to do. It's quite simple. Just use an old machine and perform the standard installation. The standard installation will use the whole disk. So don't imagine to have dual boot at the beginning. You can, but it requires a little bit of configuration aspect. But if you want to keep it simple, dedicate a disk, do the installation, and then you have the package add command. You can add what you want. It's very simple. Other question? Yes? I wanted to ask if your SNMP was a trap event instead of calling it. Have you investigated instead of evaluating the SNMP traps instead if you receive an event? Yes. So the SNMP trap exists? Oh, sorry. So the question is, am I using the SNMP trap feature on the small then-covy board? I've looked at it. The problem is that you receive different kind of message more than what I expect. So you have to filter them. And I was a little bit surprised that some event have a small delay. And this is a problem for me. As I explained, I have to be quite smart to detect the false alarm. And the time is really a key element. For example, if I have an alarm on what captor, and let's say within 10 seconds another event on another device, it means that someone is walking inside the house. This is not a false alarm. If I have one signal, and then 15 seconds, for example, and another signal, it's something like a false alarm. So the timing is quite important. SNMP trap was not the best way to have such control on the timing. So I prefer to pull them manually, manually, within the loop. Another question? Did I convince someone to give a try to open BSD? It's a question? Yes. I'm not a developer. So yes, I can share it. But I don't know. Yes, sorry. Sorry. I repeat the question. Does the code I did is available somewhere? The answer is no. Maybe I could. But I'm not a developer. So it's not clean, for sure. But maybe someone else can improve it. So yes, I could. I could do it. I don't know if there are other persons interested in such kind of a project. No idea. But why not? I could think about that. And maybe in the future I can push the code on a GIT app repository. I'm not a developer. So I'm not using CVS. Do you still have happy neighbors? Yes, they are much more happy now. The two, three first year was a little bit difficult with them. I know they are much happy. The logic is much better. Okay. Thank you.