HTTPS for the Internet of Things

Every day, we’re connecting more and more devices over the internet. No longer does a household have a single connected computer — there are smartphones, tablets, HVAC systems, deadbolts — you name it, it’s been connected. As the Internet of Things proliferates, it has become readily apparent that security is an issue in this space. [Andreas Spiess] has been working on this very problem, by bringing HTTPS to the ESP8266 and ESP32. 

Being the most popular platform for IOT devices, it makes sense to start with the ESP devices when improving security. In his video, [Andreas] starts at the beginning, covering the basics of SSL, before branching out into how to use these embedded systems with secure cloud services, and the memory requirements to do so. [Andreas] has made the code available on GitHub so it can be readily included in your own projects.

Obviously implementing increased security isn’t free; there’s a cost in terms of processing power, memory, and code complexity. However, such steps are crucial if IOT devices are to become trusted in wider society. A malfunctioning tweeting coffee pot is one thing, but being locked out of your house is another one entirely.

We’ve seen other takes on ESP8266 security before, too. Expect more to come as this field continues to expand.

[Thanks to Baldpower for the tip!]

How to Mash Up BLE, NodeJS, and MQTT to Get Internet of Things

We’re living in the world of connected devices. It has never been easier to roll your own and implement the functionality you actually want, rather than live with the lowest common denominator that the manufacture chose.

In a previous article I walked though a small python script to talk to a BLE light and used it to cycle through some colors. Now I want to delve deeper into the world of Internet Connected BLE devices and how to set up a simple Internet-Of-Things light. With this example in hand the sky’s the limit on what you can build and what it will be able to do.

Join me after the break as I demonstrate how to use NodeJS to bridge the digital world with the physical world.

Continue reading “How to Mash Up BLE, NodeJS, and MQTT to Get Internet of Things”

Internet of Things Opens Possibilities

While a lot of hardware gets put on the “Internet of Things” with only marginal or questionable benefits (or with hilariously poor security), every now and then a project makes use of this new platform in a way that illustrates the strengths of IoT. [ThingEngineer] turned to this platform as a cost-effective solution for an automatic gate, since new keyfobs were too expensive and a keypad was not an option.

Using an Electric IMP, [ThingEngineer] began by installing his IoT patch into the LiftMaster gate control box. This particular gate has easily accessible points that the controller can access to determine the gate’s status, so from there, an API was written to do the heavy lifting. A web server was deployed as well, so anyone with access can use a smartphone or other device to open the gate.

For anyone else looking to deploy a similar IoT solution, [ThingEngineer] has put all of the project code, schematics, and a thorough write-up about the project on his GitHub page. There are many useful ways to get on board the Internet of Things, though; so many that it’s been possible to win a substantial prize for using it in a creative way.

Your Internet of Things Speaks Volumes About You

If only Marv and Harry were burglars today; they might have found it much easier to case houses and — perhaps — would know which houses were occupied by technically inclined kids by capitalizing on the potential  vulnerability that [Luc Volders] has noticed on ThingSpeak.

As an IoT service, ThingSpeak takes data from an ESP-8266, graphs it, and publicly displays the data. Some of you may already see where this is going. While [Volders] was using the service for testing, he realized anyone could check the temperature of his man-cave — thereby inferring when the house was vacant since the location data also happened to be public. A little sleuthing uncovered several other channels with temperature data or otherwise tied to a location that those with nefarious intent could abuse.

Continue reading “Your Internet of Things Speaks Volumes About You”

CES17: Arduino Unveils LoRa Modules For The Internet Of Things

WiFi and Bluetooth were never meant to be the radios used by a billion Internet of Things hats, umbrellas, irrigation systems, or any other device that makes a worldwide network of things interesting. The best radio for IoT is something lightweight which operates in the sub-Gigahertz range, doesn’t need a lot of bandwidth, and doesn’t suck down the power like WiFi. For the last few years, a new low-power wireless communication standard has been coming on the scene, and now this protocol — LoRa — will soon be available in an Arduino form factor.

The Primo, and NRF

It’s not LoRa, but the Arduino Primo line is based on the ESP8266 WiFi chip and a Nordic nRF52832 for Bluetooth. The Primo comes in the ever-familiar Arduino form factor, but it isn’t meant to be an ‘Internet of Things’ device. Instead, it’s a microcontroller for devices that need to be on the Internet.

Also on display at CES this year is the Primo Core which we first saw at BAMF back in May. It’s a board barely larger than a US quarter that has a few tricks up its sleeve. The Primo Core is built around the nRF52832, and adds humidity, temperature, 3-axis magnetometer and a 3-axis accelerometer to a square inch of fiberglass.

The Primo Core has a few mechanical tricks up its sleeve. Those castellated pins around the circumference can be soldered to the Alice Pad, a breakout board that adds a USB port and LiPo battery charger.

LoRa

Also on deck at the Arduino suite were two LoRa shields. In collobration with Semtech, Arduino will be releasing the pair of LoRa shields later this year. The first, the Node Shield, is about as simple as it can get — it’s simply a shield with a LoRa radio and a few connectors. The second, the Gateway Shield, does what it says on the tin: it’s designed to be a gateway from other Arduino devices (Ethernet or WiFi, for example) to a Node shield. The boards weren’t completely populated, but from what I could see, the Gateway shield is significantly more capable with support for a GPS chipset and antenna.

A partnership with Cayenne and MyDevices

Of course, the Internet of Things is worthless if you can’t manage it easily. Arduino has struck up a partnership with MyDevices to turn a bunch of low-bandwidth radio and serial connections into something easy to use. Already, we’ve seen a few builds and projects using MyDevices, but the demos I was shown were extremely easy to understand, even if there were far too many devices in the room.

All of this is great news if you’re working on the next great Internet of Things thing. The Primo Core is one of the smallest wireless microcontroller devices I’ve seen, and the addition of LoRa Arduino shields means we may actually see useful low-bandwidth networks in the very near future.

A Rebel Alliance for Internet of Things Standards

Back when the original Internet, the digital one, was being brought together there was a vicious standards war. The fallout from the war fundamentally underpins how we use the Internet today, and what’s surprising is that things didn’t work out how everyone expected. The rebel alliance won, and when it comes to standards, it turns out that’s a lot more common than you might think.

Looking back the history of the Internet could have been very different. In the mid eighties the OSI standards were the obvious choice. In 1988 the Department of Commerce issued a mandate that all computers purchased by government agencies should be OSI compatible starting from the middle of 1990, and yet two years later the battle was already over, and the OSI standards had already lost.

In fact by the early nineties the dominance of TCP/IP was almost complete. In January of 1991 the British academic backbone network, called JANET (which was based around X.25 colored book protocols), established a pilot project to host IP traffic on the network. Within ten months the IP traffic had exceeded the levels of X.25 traffic, and IP support became official in November.

“Twenty five years ago a much smaller crowd was fighting about open versus proprietary, and Internet versus OSI. In the end, ‘rough consensus and running code’ decided the matter: open won and Internet won,”

Marshall Rose, chair of several IETF Working Groups during the period

This of course wasn’t the first standards battle, history is littered with innumerable standards that have won or lost. It also wasn’t the last the Internet was to see. By the mid noughties SOAP and XML were seen as the obvious way to build out the distributed services we all, at that point, already saw coming. Yet by the end of the decade SOAP and XML were in heavy retreat. RESTful services and JSON, far more lightweight and developer friendly than their heavyweight counterparts, had won.

“JSON appeared at a time when developers felt drowned by misguided overcomplicated XML-based web services, and JSON let them just get the job done,”

“Because it came from JavaScript, and pretty much anybody could do it, JSON was free of XML’s fondness for design by committee. It also looked more familiar to programmers.”

Simon St. Laurent, content manager at LinkedIn and O’Reilly author

Yet, depending on which standards body you want to listen to, ECMA or the IETF, JSON only became a standard in 2013, or 2014, respectively and while the IETF RFC talks about semantics and security, the ECMA standard covers only the syntax. Despite that it’s unlikely many people have actually read the standards, and this includes the developers using the standard and even those implementing the libraries those developers depend on.

We have reached the point where standardization bodies no longer create standards, they formalize them, and the way we build the Internet of Things is going to be fundamentally influenced by that new reality.

Continue reading “A Rebel Alliance for Internet of Things Standards”

Internet Of Things Woodworking

Woodworking is the fine art of building jigs. Even though we have Internet-connected toasters, thermostats, cars, and coffee makers, the Internet of Things hasn’t really appeared in the woodshop quite yet. That’s changing, though, and [Ben Brandt]’s Internet of Things box joint jig shows off exactly what cheap computers with a connection to the Internet can do. He’s fully automated the process of making box joints, all with the help of a stepper motor and a Raspberry Pi.

[Ben]’s electronic box joint jig is heavily inspired by [Matthias Wandel]’s fantastic screw advance box joint jig. [Matthias]’ build, which has become one of the ‘must build’ jigs in the modern woodshop, uses wooden gears to advance the carriage and stock across the kerf of a saw blade. It works fantastically, but to use this manual version correctly, you need to do a bit of math before hand, and in the worst-case scenario, cut another gear on the bandsaw.

[Ben]’s electronic box joint jig doesn’t use gears to move a piece of stock along a threaded rod. Stepper motors are cheap, after all, and with a Raspberry Pi, a stepper motor driver, a couple of limit switches, and a few LEDs, [Ben] built an Internet-enabled box joint jig that’s able to create perfect joints.

The build uses a Raspberry Pi 3 and Windows IoT Core to serve up a web page where different box joint profiles are stored. By lining the workpiece up with the blade and pressing start, this electronic box joint jig automatically advances the carriage to the next required cut. All [Ben] needs to do is watch the red and green LEDs and push the sled back and forth.

You can check out [Ben]’s video below. Thanks [Michael] for the tip.

Continue reading “Internet Of Things Woodworking”