Sunday, April 03, 2016

VLC Streaming

Here is my setup to use VLC running on a laptop with a webcam as a simple CCTV system that can stream to your mobile.

VLC was installed on a laptop running Ubuntu 14.4. The webcam input stream was found at

and the audio input was found at

using the command line for VLC I started capturing these two devices, transcoding and streaming to http with the following script
For some reason .asf was the only encapsulation that worked, the filename you set pics the encapsulation. You can do all of this via the VLC gui, but you will need to change the string on the last page if you want a username and pass as VLC does not set that by default, instead sets the dst only.
Create the necessary port forward in the router if you wish to access via WAN, or leave locked down if using local only.

On the receiving device open VLC and open 'Network Stream' as http://[username]:[password]@[wanip or localhost]:[port]/[file]. E.g. http://jsmith:mypass@

A bit more long winded but can also can be done via the VLC GUI :

  • Media > Open Capture Device 
  • Choose your Webcam and Microphone 
  • Use the drop-down next to 'Play' to instead choose 'Stream'
  • Source - it should fill the input source for you so just next
  • Destination Setup - use the dropdown, select http and click add. 
  • Set the port and file name, e.g. 8080, /go.asf (the file name must match the transcoding profile encapsulation type) 
  • Pick the transcoding profile, the only one I got to work was ASF with DIV3 and MP3 
  • You can then edit the final string before clicking stream, but should work with no edits.

Simply test by opening another VLC window and trying to open the 'Network Stream' you just created e.g. http://localhost:8080/go.asf

Saturday, January 09, 2016

Brau Tag / Brewing Day / Drinking Day

I was very glad to join Christian and Michi for some home brewing over the Christmas period, here is a rough summary of the process.

Brew Day

The batch was to be an IPA style beer, bottle finished. The main cooking pot is a 160 L stainless steel insulated vessel that has had the bottom insulation removed and a gas burner attachment added. Also to hand was another large 200 L stainless steel pot and two 100 L stainless steel fermentation vessels.

Here are some of the materials and equipment.

The main pot was filled with water and brought up to temp, around 70-80°C, to this hot water the malt was added and the whole lot cooked for a bit.

While we waited there was time enough for a traditional Bayerisch breakfast of sausages and beer

But then it was back to serious work, time to separate out the liquid and solid fractions. This was achieved by pouring into on of the smaller 100 L fermenter pots with a flat sieve at the bottom, just over the tap. The liquid was drained into a bucket and pumped back into the main pot. Silicon tubing was used that has been boiled prior to use, the tube also has a filter on the intake end.

The solid fraction was then washed through with a fixed volume of hot water 78°C, which was also pumped into main pot adding to the main liquid fraction, which was now about 150 L in total. A separate sample was saved for yeast incubation. Main bulk of the liquid (the wort) was boiled for 90 min, hops were are added at various stages. Some before the 'hot break' (where small flecks of protein were visible in the broth). Once the cooking was complete further hope were added for flavour. A lot of mixing was done when the hops were added.

A small sample of the wort (~5 L) was heated in conical flask to 100°C to sterilise, cooled to 20°C and then had the yeast added. This was incubated at 22°C until the main wort was ready and waiting in the fermentation vessels. The utmost care was taken to keep conditions sterile as much as possible, 70% alcohol spray was used to clean surfaces and anything that could be was boiled before use.

Once the work was cooked for long enough it was transferred into two 100 L fermentation vessels via a muslin filter to remove any particulates and then though a braised plate heat exchanger to bring the temp down from ~95°C to ~22°C. The yeast solution was then added and the mixed with a soup ladle to introduce oxygen to the broth. A polystyrene box was placed over the top to help keep the temperature stable. A 10 L sample of the wort was saved before the yeast was added. This sample is later used a week later on bottling day. Once the yeast have done their thing on the main bulk of wort and turned all the sugars into alcohol the yeast free sample is added back so that the final fermentation takes place in the bottle to provide carbonation.

The sugars content of the wort prior to yeast addition was estimated with a hydrometer, this was later used to calculate how much sugar had been utalised by the yeast to give an estimation on alcohol content. The first measurement OG (original gravity) was about 16.2 [possibly BRIX or °Plato], which the guys were very happy with. The day was rounded off with some more sampling.

The incubator box with the fresh wort samples sitting on top.

Bottling day (Brew Day + 6 days)

The main pot was scrubbed out and water was boiled inside for 10 mins to clean, the boiled water was used during the bottle cleaning. The some of the 10 L of wort that was saved from before was added to main pot and the one of the fermented wort was added on top. In this case about 5 L of 'frest' wort was added to appro.x 75 L fermented wort. The fermented wort has a hydometer reading of 3.2, which indicated approx. 7% alcohol!

Bottles up ended in hot water with oxy no rises sanitiser, they were cleaned with tap water on a bottle cleaner, the rim was wiped with 70% alcohol, and then they were filled and capped.

The other half of the wort was to be cold hopped and bottled later.

Sunday, May 17, 2015

SSRS Index was out of range!

This was a real pain, in the end possibly solved by having no page breaks in the sub-reports. It would also appear to be best practice having each table in separate sub-report

Sunday, April 19, 2015

TLS/SSL for Web Services

TLS protection should be a standard security policy these days. It's common place for servers hosting web pages and web services.

Certificates are inexpensive and relatively simple to setup and use. The basic outline is that you generate a private key on your server, pass this to the CA. They will use this to generate the Certificate and public key. They send you back the certificate and publish the public key on their servers. The certificate, private key and the CA's authority chain certificates are installed on your server and bound/configures to be utilised within the the webservice in question.

A 3rd party browser pointed to your https URL will request the certificate, which it uses to lookup the host servers details with the CA and obtain the public key. The public key is then used by the browser to lock the session key that it generates. Only the specific private key can unlock and obtain the session key that was locked by the related public key. Which is what the host server does and then both machines have identical keys to use for all further communication in that session.

Here are the main elements and terms you may come across when setting up SSL protection using a Certificate Authority (CA)


  1. Host Server - where your web page or servces are being run. 
  2. Browsing Server - the party that wishes to communicate with your server in a secure way.
  3. Certificate Authority - the party the enables the secure communications by issuing certificates and publishing public keys.


  1. Certificate Request - The private key generated on the host server
  2. Common Name (CN) - the URL used to access the host server with HTTPS protocol, 
  3. Subject Alternative Name - one or more other URLs used to access the host server with HTTPS protocol. 

To generate the private key various methods are described here you can also use the MMC with a certificate snap-in to do the job.

Here is the MMC method
  1. Open MMC and add the Certificate (Local Computer) snap in
  2. Ctrl + M | Choose 'Certificates' | Add | OK
  3. Pick 'Computer Account' | Local Computer | OK
  4. Expand out Certificates and right click | All tasks | Advanced Operations | Create Custom Request
  5. Certificate Enrolment - Proceed without enrolment policy | Next
  6. Custom Request - Template | Choose '(No Template) Legacy Key | Uncheck 'Suppress default extensions' |PKCS #10 | Next
  7. Expand down 'Details' on the Custom Request line | Click 'Properties' to open the dialogue with 4 tabs
  8. General Tab - Fill in what you like
  9. Subject Tab - Fill in 'Common Name' with your sub-domain and any other fields your CA may require
  10. Extensions Tab | Key Usage - Digital signature | Extended Key Usage - 'Server Auth.' & 'Client Auth.'
  11. Private key Tab | Cryptographic Service Provider - 'MS RSA SChannel Crypto. Provider' | Key Options - 'Key Size: 2048' and Check 'Make private key exportable' | Key Type - 'Exchange'
  12. Click OK | Save the key somewhere and send to your CA when requesting a new Certificate or Re-keying an existing one.
The file you created can be referred to as a Certificate request and contains your Private Key as well as the other details you completed. The contents is a hash function that starts with:


You can check the validity using openssl or via a web service if it's just a test.

openssl req -in mycsr.csr -noout -text

My experience of CA's is limited to but I think they offer a great service and very good value certificates, they are the R and D arm of internet giant GoDaddy. The simple SSL certificate from Starfield, which is all you would need for a single web service, costs just over £6 per annum.

As for the range of different SSL certificate types, this all comes down to how many domains you wish to protect with a single certificate and also a marketing/consumer/cosmetic issue specific for Web Pages such as having a 'green bar' with your company name in the URL bar e.g. These more expensive certificates require much more rigorous validation by the CA so take longer to issue (10 days+), the simple 'vanilla' SSL takes minutes only.

In the example of Starfield you purchase your SSL certificate then submit the CSR, starfield do what vaidaton they need to. For example in the case of after submitting my CSR they looked up my contact details for the domain on WhoIs and emailed me. I clicked a link and that was it - approved.

To install the certificate may depend on how you requested it; as I requested mine via MMC I installed from there also.
  1. Expand out the Certificates (Local Computer) \ Personal \ Certificates & Right click 'Certificates'
  2. All Tasks \ Import
  3. Choose the file and run through the wizard
My particular web services application (MS Dynamics NAV) had me assigning the relevant port using a tool that came with it and also referenced the Certificates thumbprint that you can find by double clicking on the certificate file and looking in the details tab. Other application may vary!

One final note on SSL web services, the free to use WebServiceStudio v2 does not appear to work over HTTPS, but SoapUI does and it's also opensource, which is always nice.

Sunday, January 25, 2015

Simple ISO mounting

This is the easiest way to mount ISO images in Windows, that is all.