Easy, Secure HTTPS With An ESP8266

Security has always been an issue with IoT devices. Off the shelf devices often have terrible security while DIY solutions can be complicated, needing recompilation every time a website’s fingerprint changes. [Johannes] wrote in to let us know he’s been working on a way to make HTTPS requests easier to do on ESP devices.

The normal ways to do HTTPS with an ESP8266 is to either use Fingerprints, or to use client.setInsecure(). Fingerprints require the user to know exactly which pages the ESP will connect to and extract the Fingerprints from each of those websites. Since the fingerprints change yearly, this means the fingerprint will have to be re-extracted and the code recompiled each time a fingerprint changes. The use of client.setInsecure() is, obviously, insecure. This may not be an issue for your project, but it might be for others.

[Johannes’] solution is to extract the trusted root certificates and store them in PROGMEM. This allows access to any web page, but the root certificates do expire as well. As opposed to the fingerprints, though, they expire after 20 years, rather than every year, so the program can run for a long time before needing recompilation. This solution also doesn’t require any manual steps – the build process runs a script that grabs the certificates and stores them as files that can be uploaded to the SPIFFS to be used during HTTPS requests.

He’s come up with a fairly straightforward way to have your IoT device connect to whichever web page you want, without having to recompile every once in a while. Hopefully, this will lead to better security for your IoT devices. Take a look at his previous work in this area.

Teardown: Nabaztag

In 2020 there is nothing novel or exciting about an online device. Even the most capable models are designed to be unobrusive pucks and smart speakers; their function lies in what they do rather than in how they look. In 2005, an Internet connected device was a rare curiosity, a daring symbol of a new age: the “Internet of Things”!

Our fridges were going to suggest recipes based upon their contents, and very few people had yet thought of the implications of an always-on connected appliance harvesting your data on behalf of a global corporation. Into this arena stepped the Nabaztag (from the Armenian for “rabbit”), an information appliance in the form of a stylised French plastic rabbit that could deliver voice alerts, and indicate status alerts by flashing lights and moving its ears.

Continue reading “Teardown: Nabaztag”

Did Grandma Remember Her Pills? This Dispenser Tells You!

Everything has to be smart these days, and while smartening things up is a good incentive to tip your own toes into the whole IoT field, many of these undertakings are oftentimes just solutions looking for a problem. Best case, however, you actually make someone’s life easier with it, or help a person in need. For [Guli Morad] and [Dekel Binyamin], it was a bit of both when they built their automated pill dispenser: help people dependent on taking medication, and ease the mind of those worrying whether they actually remembered to.

Using an ESP8266 and a rather simple construct comprised of a set of servos with plastic sheets attached, and a plastic tube with strategically placed cuts for each pill type, a predefined amount of each of the pills can be automatically dispensed into a box — either at a given time, or on demand — using a Node-RED web interface. A reed switch mounted on the box then monitors if it was actually opened within a set time, and if not, informs emergency contacts about it through the Telegram app. Sure, a tenacious medication recipient might easily fool the system, but not even adding a precision scale to make sure the pills are actually taken out could counter a pill-reluctant patient of such kind, so it’s safe to assume that this is primarily about preventing simple forgetfulness.

Their proof of concept is currently limited to only two different types of pills, but with enough PWM outputs to control the servos, this should be easily scalable to any amount. And while the built may not be as sophisticated as some pill dispensers we’ve seen entering the Hackaday Prize a few years back, it still gets its main task done. Plus, when it comes to people’s health, a good-enough solution is always better than a perfect idea that remains unimplemented.

Continue reading “Did Grandma Remember Her Pills? This Dispenser Tells You!”

Hackaday Podcast 067: Winking Out Of IoT, Seas Of LEDs, Stuffing PCBs, And Vectrex Is Awesome

Hackaday editors Mike Szczys and Elliot Williams explore the coolest hacks of the past 168 hours. The big news this week: will Wink customers pony up $5 a month to turn their lights on and off? There’s a new open source design for a pick and place machine. You may not have a Vectrex gaming console, but there’s a scratch-built board that can turn you oscilloscope into one. And you just can’t miss this LED sign technology that programs every pixel using projection mapping.

Direct download (~60 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 067: Winking Out Of IoT, Seas Of LEDs, Stuffing PCBs, And Vectrex Is Awesome”

How Much Is DIY Worth To You?

It all started with an article about Wink Labs putting a monthly fee on their previously free service. It wasn’t so much the amount they were asking ($5 / month) that raised my hackles, but rather the fact that they would essentially render a device that you ostensibly bought worthless unless you paid up. I’ve ranted about this enough recently, and the quick summary is that IoT companies seem very bad at estimating their true costs, and the consumer ends up suffering for it.

So I started thinking about the price myself. Is $5 per month for a home automation service a lot or a little? On one hand, if you stretch that out to, say, 10 years, you end up with a net present value of something north of $400, plus $70 for the device. That’s a lot, right? Surely, I could DIY myself a solution for less? Or am I falling into the same IoT trap?

This isn’t hypothetical, because I already have a modest DIY home automation system. We run a bunch of switches, have temperature and humidity loggers in relevant rooms, and the washer and dryer notify us when they’re done. I also use the MQTT infrastructure for all sorts of fun projects, but that’s a bonus. Our hub is a $10 Orange Pi and a long-since depreciated WRT54g router, and it’s run for four years now, and probably will last another six. So that looks like $460 in my pocket.

On the other hand, it’s only really a bargain for me because I already knew what I was doing when I set the system up, and what I didn’t know I wanted to learn. Realistically, I probably spent around 20 hours on the system in total, but most of that has been adding in new devices and tweaking old ones. You’d have to do this sort of thing with any other system too, although my guess is that the professional systems are more streamlined at enrolling new gadgets: I have a whole directory full of Python scripts running as daemons and have to do a lot of hand editing. Still, assuming nothing else drastic happens to the system, I’m probably winning by DIYing here.

But imagine that I had little or no technical clue, and even flashing an image of a pre-configured home automation system to a Raspberry Pi were new. How much time does it take to learn how to do something like that? How much time to learn to administer even such a simple system on your home network? If it took the real me 20 hours, it could be easily twice that much for the hypothetical me. Let’s say 46 hours of time invested. $10 / hour is below minimum wage in many places, and this isn’t minimum wage labor, and that was fairly optimistic.

In the end, the $5 per month is probably pretty fair if the system works. Indeed, when I look around at all of the systems I’ve built, most all of them have taken more time to build than I thought when I was starting. Of course, I’ve enjoyed it most of the time, so maybe it’s not fair to apply my full consulting rates. (Which if I charged my father-in-law for tech support, I’d be rich!) But it’d probably be naive to say that everyone should just DIY themselves a home automation solution when the going gets tough.

So look around you and revel in the hours you’ve spent on your various DIY projects. Who knew that they were worth so much?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.

Want this type of article to hit your inbox every Friday morning? You should sign up!

Ask Hackaday: Wink Hubs, Extortion As A Service?

Wink Labs just announced that their home automation hub, the Wink Hub, is “transitioning to a $4.99 monthly subscription, starting on May 13, 2020.” Should you fail to pay the fiver every month, you will lose access to their app, voice control, and automations, which is everything it does as far as we can tell.

This is an especially bitter pill to swallow for Hub users, because the device was just that — a hub. It speaks Bluetooth, Z-Wave, ZigBee, WiFi, Kidde, and a couple other specific device protocols, interfaces with Amazon’s Alexa, has a handy Android master panel app, and had a nice “robot” system that made the automation side of “home automation” simple for normal people. In short, with its low one-time purchase price, compatibility with many devices, nice phone app, and multiple radios, it was a great centerpiece for a home-automation setup.

“Nice home automation system you’ve got there. Would be a shame if anything happened to it.”

Continue reading “Ask Hackaday: Wink Hubs, Extortion As A Service?”

New Contest Puts PSoC Boards In The Hands Of 50 Entries

Today marks the beginning of the PSoC IoT design contest. Show us your idea for an interesting Internet-connected thing and we’ll send you a dev kit to actually build it.

With the help of Cypress, Digi-Key, and AWS IoT we’ll be sending out your choice of  PSoC 6 WiFi-BT Pioneer kit or Prototyping Kit to up to 50 entries just for publishing a great idea of something to build with them. As you guessed from the name, these provide WiFi and Bluetooth connectivity, but they’re also bristling with seven programmable analog blocks the PSoC is known for, and a hundred GPIO. They have prototyping add-ons like a 2.4″ screen for user interface, audio, IMU, capacitive touch, and a heap of other goodies.

You have until May 26th to post a project page on Hackaday.io outlining your idea — don’t forget to use that “Submit project to” button to enter it in the contest. Tells us all about the IoT project you want to build and which PSoC 6 board you plan to use. If your idea is picked, we’ll send you the dev board and you’ll have until August to actually build your idea. Grand Prize will receive a $500 prepaid Visa card, two runners up will each receive a $250 card.

Full details are available on the contest page. We know you’ve always wanted to give your fish a Twitter account, to have a dashboard that shows up-to-the minute stats on how much Boo Berry Cereal you have left, a beacon to give you push alerts when the laundry needs to make its way into the dryer, or perhaps you plan to build a new wave of Internet-connect pagers. Whatever it is, from a silly idea to a truly life-improving build, if it’s begging to spread its data far and wide, it’s a perfect idea for this contest.