Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmTurning Google smart speakers into wiretaps for $100k2023-01-04T11:39:31+00:00
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
jmI was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the Internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN (which could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices). These issues have since been fixed.
]]>security google wiretapping exploits hacking iot reverse-engineeringhttps://pinboard.in/https://pinboard.in/u:jm/b:a2dc98e51556/Hacking the Silvercrest (Lidl) Smart Home Gateway2022-01-19T12:17:03+00:00
https://paulbanks.org/projects/lidl-zigbee/#overview
jmreverse-engineering hacking gadgets iot lidl home home-assistanthttps://pinboard.in/https://pinboard.in/u:jm/b:7e191a3edcc6/OpenEnergyMonitor2022-01-07T11:46:37+00:00
https://guide.openenergymonitor.org/
jmenergy iot mqtt open-source solar power home home-automationhttps://pinboard.in/https://pinboard.in/u:jm/b:ac8adbdba446/Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices2021-06-29T16:05:28+00:00
https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/
jmA Western Digital developer created five lines of code to password-protect the reset command. For unknown reasons, the authentication check was [....] commented out as indicated by the double / character at the beginning of each line. [...]
The discovery raises a vexing question: if the hackers had already obtained full root access by exploiting CVE-2018-18472 [a separate bug], what need did they have for this second security flaw? There’s no clear answer, but based on the evidence available, Abdine has come up with a plausible theory — that one hacker first exploited CVE-2018-18472 and a rival hacker later exploited the other vulnerability in an attempt to wrest control of those already compromised devices.
]]>hacks exploits fail western-digital iot hardware phphttps://pinboard.in/https://pinboard.in/u:jm/b:d4eafabb76b5/mjg59 | Exploring my doorbell2021-05-06T09:39:37+00:00
https://mjg59.dreamwidth.org/56345.html
jmlinux exploits security iot gadgets embedded u-boothttps://pinboard.in/https://pinboard.in/u:jm/b:96df7c2f1d43/Amazon.com: MaBeee MB-3002WB Smart Battery Controller for AA-Battery-Powered Devices: Home Audio & Theater2020-12-04T15:08:37+00:00
https://www.amazon.com/MaBeee-MB-3002WB-Battery-Controller-AA-Battery-Powered/dp/B073VG6G12/
jmMaBeee, the smart IoT battery case, makes your devices powered by AA batteries controllable from your smartphone. Inputs to your smartphone such as shakes, tilt, and voice enable you to get moving, control the speed and stop motor-powered products. For example, MaBeee in an electric toothbrush and the timer function of "MaBeee Control app" tell you how long you should brush your teeth. MaBeee is also suitable for wire LED lights for Christmas and party. MaBeee is an easy-to-use product. You can use MaBeee just putting in the product instead of an AA battery (You need to put an AAA battery into MaBeee). MaBeee Control App (or MaBeee Racing App) allows you to connect your phone to your battery-powered device.
]]>iot hacks batteries bluetooth mabeee power aa aaahttps://pinboard.in/https://pinboard.in/u:jm/b:d8de3165a4bc/Home Assistant Data Science2020-11-24T09:42:58+00:00
https://data.home-assistant.io/
jmThe Home Assistant Data Science portal is your one stop shop to get started exploring the data of your home. We will teach you about the data that Home Assistant tracks for you and we'll get you up and running with Jupyter Lab, a data science environment, to explore your own data.
]]>docs data home-assistant iot data-science graphs o11y home hanhttps://pinboard.in/https://pinboard.in/u:jm/b:8eb340cd93cb/merbanan/rtl_4332020-03-12T11:11:12+00:00
https://github.com/merbanan/rtl_433
jmradio devices hardware iot gadgets home 433hz sdrhttps://pinboard.in/https://pinboard.in/u:jm/b:21bef8407d24/Snowboy Hotword Detection2020-01-16T15:06:38+00:00
https://snowboy.kitt.ai/
jmaudio iot hardware hotwords speech-recognition speech deviceshttps://pinboard.in/https://pinboard.in/u:jm/b:f89297738cbc/Home Automation Bargain Alerts thread at boards.ie2020-01-06T15:12:55+00:00
https://www.boards.ie/vbulletin/showthread.php?t=2057677323
jmiot tat home-automation home gadgets bargains boardshttps://pinboard.in/https://pinboard.in/u:jm/b:37481e4454ae/How to Build a Smart Home Where Everything Might Actually Work2019-12-11T12:22:50+00:00
https://gizmodo.com/how-to-build-a-smart-home-where-everything-might-actual-1795448925
jmsmart-home home iot gadgets homekit google amazon alexahttps://pinboard.in/https://pinboard.in/u:jm/b:eae55670fa60/Home Automation Without The Cloud2019-12-02T14:14:59+00:00
https://aaronparecki.com/home-automation/
jmvia:nelson house home automation iot cloud-freehttps://pinboard.in/https://pinboard.in/u:jm/b:286a34c5d4eb/Dexcom T1 diabetes glucose monitoring devices suffer major outage2019-12-02T12:24:44+00:00
https://twitter.com/RebeccaSlatkin/status/1200980487445106690
jmhealthcare incident-response outages fail dexcom diabetes hardware iot devices internet-of-shit grim-meathook-futurehttps://pinboard.in/https://pinboard.in/u:jm/b:754e8ab4b899/Show HN: Enviro+ for Raspberry Pi – Environmental sensors2019-06-17T10:33:27+00:00
https://news.ycombinator.com/item?id=20185182
jmelectronics iot projects sensors environment raspberry-pi gadgetshttps://pinboard.in/https://pinboard.in/u:jm/b:35e8ec89a62f/Multi-Sensor IoT Environmental Sensor Box With CircuitPython2019-06-10T13:07:36+00:00
https://learn.adafruit.com/remote-iot-environmental-sensor
jmJust add a power outlet and a WiFi network and stream time and location stamped environmental readings to AdafruitIO.
]]>adafruit sensors iot maker hacks air-quality temperature environment metricshttps://pinboard.in/https://pinboard.in/u:jm/b:ef4bd6240b15/igloohome Smart Mortise2019-02-15T12:30:59+00:00
https://www.igloohome.co/products/mortise/
jmvia:threeze smart-locks locks iot crypto igloohome homeshttps://pinboard.in/https://pinboard.in/u:jm/b:c08f1bc45c24/Security Things to Consider When Your Apartment Goes ‘Smart’2019-01-29T22:14:31+00:00
https://tisiphone.net/2019/01/28/security-things-to-consider-when-your-apartment-goes-smart/
jmIf you’re a tenant in the US, it’s very likely that a management-provided smart home system is headed your way in the near future. Carefully evaluate your family’s personal threat model, and consider the plausible digital ways which these systems could be exploited.
Spend some time reading into the vendor. Respectfully and courteously encourage your property management company and their smart system vendor to adopt industry best practices in securing smart hubs physically and digitally, the networks they are connected to, and and resident data at rest and in transit in their infrastructure. Request your property managers clearly and decisively address privacy concerns such as data ownership and resale in writing. If solid answers in writing don’t assuage legitimate concerns, consider politely seeking an option to opt-out – and make your threat model clear to them, if you’re in a sensitive situation.
]]>locks iot security internetofshit tenancy renting smart-hubs smart-homes smart-lockshttps://pinboard.in/https://pinboard.in/u:jm/b:21715c193fd4/Securing wireless neurostimulators2018-04-18T10:33:01+00:00
https://blog.acolyer.org/2018/04/17/securing-wireless-neurostimulators/
jmThe latest generation of such devices come with remote monitoring and reprogramming capabilities, via an external device programmer. The manufacturers seem to have relied on security through obscurity (when will we ever learn!) with the very predictable result that the interface turns out not be secure at all. So we end up with a hackable device connected directly to someone’s brain.
]]>security brain health medical devices iot exploits neurostimulatorshttps://pinboard.in/https://pinboard.in/u:jm/b:e513342073d4/Remote Code Execution on the Smiths Medical Medfusion 4000 Infusion Pump2018-01-22T11:01:08+00:00
https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md
jmmedical infusion-pumps security iot safety exploits embedded-systems reversinghttps://pinboard.in/https://pinboard.in/u:jm/b:a40a2a2c53a8/My bedroom lights turn on when my blood sugar goes low! (Dexcom, Nightscout and IFTTT) : diabetes2018-01-04T23:35:19+00:00
https://www.reddit.com/r/diabetes/comments/7nvufy/my_bedroom_lights_turn_on_when_my_blood_sugar/
jmiot via:fp via:eatpaste blood health diabetes monitoring homehttps://pinboard.in/https://pinboard.in/u:jm/b:a09a476be990/Why People With Brain Implants Are Afraid to Go Through Automatic Doors2017-07-06T09:56:34+00:00
http://gizmodo.com/why-people-with-brain-implants-are-afraid-to-go-through-1796452196
jmIn 2009, Gary Olhoeft walked into a Best Buy to buy some DVDs. He walked out with his whole body twitching and convulsing. Olhoeft has a brain implant, tiny bits of microelectronic circuitry that deliver electrical impulses to his motor cortex in order to control the debilitating tremors he suffers as a symptom of Parkinson’s disease. It had been working fine. So, what happened when he passed through those double wide doors into consumer electronics paradise? He thinks the theft-prevention system interfered with his implant and turned it off.
Olhoeft’s experience isn’t unique. According to the Food and Drug Administration’s MAUDE database of medical device reports, over the past five years there have been at least 374 cases where electromagnetic interference was reportedly a factor in an injury involving medical devices including neural implants, pacemakers and insulin pumps. In those reports, people detailed experiencing problems with their devices when going through airport security, using massagers or simply being near electrical sources like microwaves, cordless drills or “church sound boards.”
]]>internet-of-things iot best-buy implants parkinsons-disease emi healthcare devices interferencehttps://pinboard.in/https://pinboard.in/u:jm/b:f08bbdd7e8c9/AWS Greengrass2017-04-25T13:22:24+00:00
https://aws.amazon.com/greengrass/
jmAWS Greengrass is software that lets you run local compute, messaging & data caching for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. Using AWS Lambda, Greengrass ensures your IoT devices can respond quickly to local events, operate with intermittent connections, and minimize the cost of transmitting IoT data to the cloud.
AWS Greengrass seamlessly extends AWS to devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With Greengrass, you can use familiar languages and programming models to create and test your device software in the cloud, and then deploy it to your devices. AWS Greengrass can be programmed to filter device data and only transmit necessary information back to the cloud. AWS Greengrass authenticates and encrypts device data at all points of connection using AWS IoT’s security and access management capabilities. This way data is never exchanged between devices when they communicate with each other and the cloud without proven identity.
]]>aws cloud iot lambda devices offline synchronization architecturehttps://pinboard.in/https://pinboard.in/u:jm/b:2b27152c0ac8/Garadget bans customer from accessing Cloud for negative Amazon review | Hacker News2017-04-04T10:57:38+00:00
https://news.ycombinator.com/item?id=14029572
jmiot fail garadget gadgets legal reviews amazon funnyhttps://pinboard.in/https://pinboard.in/u:jm/b:a9e4b81d951c/Dick Cheney’s cardiologist recommended turning off the wireless in his pacemaker for fears of hacking2017-01-03T13:40:07+00:00
https://twitter.com/JZdziarski/status/815717570997321728
jmdick-cheney pacemakers iot internetofshit wireless security via:jzdziarskihttps://pinboard.in/https://pinboard.in/u:jm/b:0a8fb1f2b803/mjg59 | Fixing the IoT isn't going to be easy2016-10-27T20:05:54+00:00
http://mjg59.dreamwidth.org/45098.html
jmWe can't easily fix the already broken devices, we can't easily stop more broken devices from being shipped and we can't easily guarantee that we can fix future devices that end up broken. The only solution I see working at all is to require ISPs to cut people off, and that's going to involve a great deal of pain. The harsh reality is that this is almost certainly just the tip of the iceberg, and things are going to get much worse before they get any better.
]]>iot security internet isps deviceshttps://pinboard.in/https://pinboard.in/u:jm/b:2d13023a2a9f/Brian Krebs - The Democratization of Censorship2016-09-25T14:36:30+00:00
https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
jmEvents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach. More than 20 years after Gilmore first coined [his] turn of phrase, his most notable quotable has effectively been inverted — “Censorship can in fact route around the Internet.” The Internet can’t route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity.
]]>brian-krebs censorship ddos internet web politics crime security iothttps://pinboard.in/https://pinboard.in/u:jm/b:b017d3a22771/Nest Reminds Customers That Ownership Isn't What It Used to Be2016-04-06T12:15:39+00:00
https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be
jmCustomers likely didn't expect that, 18 months after the last Revolv Hubs were sold, instead of getting more upgrades, the device would be intentionally, permanently, and completely disabled. ....
Nest Labs and Google are both subsidiaries of Alphabet, Inc., and bricking the Hub sets a terrible precedent for a company with ambitions to sell self-driving cars, medical devices, and other high-end gadgets that may be essential to a person’s livelihood or physical safety.
]]>nest legal tech google alphabet internetofshit iot lawhttps://pinboard.in/https://pinboard.in/u:jm/b:e93c83a0e7e5/Is anyone concerned about the future of Nest?2016-04-05T16:51:16+00:00
https://www.reddit.com/r/Nest/comments/4dbbgh/is_anyone_concerned_about_the_future_of_nest/
jmAs a Nest engineer, I won't say any numbers that aren't public, but this company is already on deathwatch. Once that happens, most people will quickly have shiny paperweights because it's a constant firefight keeping these systems up. We have $340M in revenue, not profit, against a ~$500M budget. No new products since the purchase, and sales/growth numbers are dire. Our budget deal expires soon, and all the good engineers on my teams have discreetly indicated they are going to flee once their golden handcuffs unlock (many have already left despite sacrificing a lot of money to do so).
Tony and his goons demand crazy timelines so much that "crunch time" has basically lost meaning. Just when your labor bears fruit, they swoop in, 180 the specs you just delivered on, then have the gall to call your team "incompetent" for not reading their mind and delivering on these brand-new specs. I waste most of my time in pointless meetings, or defending my teams so they don't flip their desks and walk out. People fall asleep in corners and cry in the bathrooms, health and marriages are suffering. Already the churn is insane, close to half the company if not more. Skilled engineers can tell the environment is toxic, so we're filling vacancies with mostly sub-par talent.
]]>nest google business dotcoms churn iothttps://pinboard.in/https://pinboard.in/u:jm/b:81d435747566/'Devastating' bug pops secure doors at airports, hospitals2016-04-05T09:49:54+00:00
http://www.theregister.co.uk/2016/04/04/devastating_bug_pops_secure_doors_at_airports_hospitals/
jm"A command injection vulnerability exists in this function due to a lack of any sanitisation on the user-supplied input that is fed to the system() call," Lawshae says.
:facepalm:]]>security iot funny fail linux unix backticks system udp hid vertx edgehttps://pinboard.in/https://pinboard.in/u:jm/b:6879d4043c1d/Google's Nest killing off old devices2016-04-05T09:09:00+00:00
http://uk.businessinsider.com/googles-nest-closing-smart-home-company-revolv-bricking-devices-2016-4?r=US&IR=T
jmiot fail google alphabet nest revolv home shutdownhttps://pinboard.in/https://pinboard.in/u:jm/b:8365cca5cc59/This is Why People Fear the ‘Internet of Things’2016-02-18T21:04:43+00:00
http://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/
jmImagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt. This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure your physical space suddenly turn into a vast cloud network designed to share your pictures and videos far and wide. The best part? It’s all plug-and-play, no configuration necessary!
]]>foscam cameras iot security networking p2phttps://pinboard.in/https://pinboard.in/u:jm/b:cfbd745580dc/Can't sign in to Google calendar on my Samsung refrigerator2016-01-06T11:49:53+00:00
https://productforums.google.com/forum/m/#!msg/calendar/UhfpcwO0X0c/paA4iQNen9IJ
jminternetofshit iot fail samsung google apis fridges connected future via:davebolgerhttps://pinboard.in/https://pinboard.in/u:jm/b:f5302943de90/The price of the Internet of Things will be a vague dread of a malicious world2015-09-30T11:50:33+00:00
http://ieet.org/index.php/IEET/more/rinesi20150925
jmSo the fact is that our experience of the world will increasingly come to reflect our experience of our computers and of the internet itself (not surprisingly, as it’ll be infused with both). Just as any user feels their computer to be a fairly unpredictable device full of programs they’ve never installed doing unknown things to which they’ve never agreed to benefit companies they’ve never heard of, inefficiently at best and actively malignant at worst (but how would you now?), cars, street lights, and even buildings will behave in the same vaguely suspicious way. Is your self-driving car deliberately slowing down to give priority to the higher-priced models? Is your green A/C really less efficient with a thermostat from a different company, or it’s just not trying as hard? And your tv is supposed to only use its camera to follow your gestural commands, but it’s a bit suspicious how it always offers Disney downloads when your children are sitting in front of it. None of those things are likely to be legal, but they are going to be profitable, and, with objects working actively to hide them from the government, not to mention from you, they’ll be hard to catch.
]]>culture bots criticism ieet iot internet-of-things law regulation open-source applianceshttps://pinboard.in/https://pinboard.in/u:jm/b:d3b1c7b3dc50/Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks2015-09-01T10:51:47+00:00
https://www.schneier.com/blog/archives/2015/08/using_samsungs_.html
jmWhilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials.
The Internet of Insecure Things strikes again.]]>iot security fridges samsung fail mitm ssl tls google papers defconhttps://pinboard.in/https://pinboard.in/u:jm/b:d6fa2d55d6f6/Internet of 404's2015-05-09T10:55:40+00:00
http://formerinternetofthings.tumblr.com/
jmarchive iot things internet nabaztag startups acquisitions tumblr gadgets historyhttps://pinboard.in/https://pinboard.in/u:jm/b:31a2ae838ff7/In the privacy of your own home2015-05-02T22:45:07+00:00
http://www.consumerreports.org/cro/magazine/2015/06/connected-devices-and-privacy/index.htm
jmLast spring, as 41,000 runners made their way through the streets of Dublin in the city’s Women’s Mini Marathon, an unassuming redheaded man by the name of Candid Wueest stood on the sidelines with a scanner. He had built it in a couple of hours with $75 worth of parts, and he was using it to surreptitiously pick up data from activity trackers worn on the runners’ wrists. During the race, Wueest managed to collect personal info from 563 racers, including their names, addresses, and passwords, as well as the unique IDs of the devices they were carrying.
]]>dublin candid-wueest privacy data marathon running iot activity-trackershttps://pinboard.in/https://pinboard.in/u:jm/b:137debee5e3e/Ask the Decoder: Did I sign up for a global sleep study?2015-03-09T17:34:21+00:00
http://america.aljazeera.com/articles/2014/10/29/sleep-study.html
jmHow meaningful is this corporate data science, anyway? Given the tech-savvy people in the Bay Area, Jawbone likely had a very dense sample of Jawbone wearers to draw from for its Napa earthquake analysis. That allowed it to look at proximity to the epicenter of the earthquake from location information.
Jawbone boasts its sample population of roughly “1 million Up wearers who track their sleep using Up by Jawbone.” But when looking into patterns county by county in the U.S., Jawbone states, it takes certain statistical liberties to show granularity while accounting for places where there may not be many Jawbone users.
So while Jawbone data can show us interesting things about sleep patterns across a very large population, we have to remember how selective that population is. Jawbone wearers are people who can afford a $129 wearable fitness gadget and the smartphone or computer to interact with the output from the device.
Jawbone is sharing what it learns with the public, but think of all the public health interests or other third parties that might be interested in other research questions from a large scale data set. Yet this data is not collected with scientific processes and controls and is not treated with the rigor and scrutiny that a scientific study requires.
Jawbone and other fitness trackers don’t give us the option to use their devices while opting out of contributing to the anonymous data sets they publish. Maybe that ought to change.
]]>jawbone privacy data-protection anonymization aggregation data medicine health earthquakes statistics iot wearableshttps://pinboard.in/https://pinboard.in/u:jm/b:b2cff21e8284/Japan's Robot Dogs Get Funerals as Sony Looks Away2015-03-09T14:09:58+00:00
http://www.newsweek.com/japans-robot-dogs-get-funerals-sony-looks-away-312192
jmin July 2014, [Sony's] repairs [of Aibo robot dogs] stopped and owners were left to look elsewhere for help. The Sony stiff has led not only to the formation of support groups--where Aibo enthusiasts can share tips and help each other with repairs--but has fed the bionic pet vet industry.
“The people who have them feel their presence and personality,” Nobuyuki Narimatsu, director of A-Fun, a repair company for robot dogs, told AFP. “So we think that somehow, they really have souls.” While concerted repair efforts have kept many an Aibo alive, a shortage of spare parts means that some of their lives have come to an end.
]]>sony aibo robots japan dogs pets weird future badiotday iot gadgetshttps://pinboard.in/https://pinboard.in/u:jm/b:fff90ccd136f/Can HTTP/2 Replace MQTT?2015-02-25T16:43:58+00:00
http://timkellogg.me/blog/2015/02/20/can-http2-replace-mqtt/
jmMQTT definitely has a smaller size on the wire. It’s also simpler to parse (let’s face it, Huffman isn’t that easy to implement) and provides guaranteed delivery to cater to shaky wireless networks. On the other hand, it’s also not terribly extensible. There aren’t a whole lot of headers and options available, and there’s no way to make custom ones without touching the payload of the message.
It seems that HTTP/2 could definitely serve as a reasonable replacement for MQTT. It’s reasonably small, supports multiple paradigms (pub/sub & request/response) and is extensible. Its also supported by the IETF (whereas MQTT is hosted by OASIS). From conversations I’ve had with industry leaders in the embedded software and chip manufacturing, they only want to support standards from the IETF. Many of them are still planning to support MQTT, but they’re not happy about it.
I think MQTT is better at many of the things it was designed for, but I’m interested to see over time if those advantages are enough to outweigh the benefits of HTTP. Regardless, MQTT has been gaining a lot of traction in the past year or two, so you may be forced into using it while HTTP/2 catches up.
]]>http2 mqtt iot pub-sub protocols ietf embedded push httphttps://pinboard.in/https://pinboard.in/u:jm/b:1277082f29b4/Samsung's smart TVs are inserting unwanted ads into users' own movies2015-02-12T12:41:41+00:00
http://www.theverge.com/2015/2/11/8017771/samsung-smart-tvs-inserting-unwanted-ads
jmadvertising tv samsung smart-tvs iot horrible adshttps://pinboard.in/https://pinboard.in/u:jm/b:2440d8103fc2/Cloudwash – Creating the Technical Prototype2014-08-18T13:16:38+00:00
http://engineering.bergcloud.com/2014/02/cloudwash/
jmarduino diy washing-machines iot bergcloud hacking reversing logic-analyzers hardwarehttps://pinboard.in/https://pinboard.in/u:jm/b:571f8ebd5f38/NTP's days are numbered for consumer devices2014-08-18T13:09:34+00:00
http://engineering.bergcloud.com/2014/08/problem-with-ntp/
jmUnfortunately for us, the traditional and most widespread method for clock synchronisation (NTP) has been caught up in a DDoS issue which has recently caused some ISPs to start blocking all NTP communication. [....] Because the DDoS attacks are so widespread, and the lack of obvious commercial pressure to fix the issue, it’s possible that the days of using NTP as a mechanism for setting clocks may well be numbered. Luckily for us there is a small but growing project that replaces it.
tlsdate was started by Jacob Appelbaum of the Tor project in 2012, making use of the SSL handshake in order to extract time from a remote server, and its usage is on the rise. [....] Since we started encountering these problems, we’ve incorporated tlsdate into an over-the-air update, and have successfully started using this in situations where NTP is blocked.
]]>tlsdate ntp clocks time sync iot via:gwire ddos isps internet protocols securityhttps://pinboard.in/https://pinboard.in/u:jm/b:a1ce1cd2ed6d/Moquette MQTT2014-05-29T15:35:02+00:00
https://projects.eclipse.org/proposals/moquette-mqtt
jma Java implementation of an MQTT 3.1 broker. Its code base is small. At its core, Moquette is an events processor; this lets the code base be simple, avoiding thread sharing issues. The Moquette broker is lightweight and easy to understand so it could be embedded in other projects.
]]>mqtt moquette netty messaging queueing push-notifications iot internet push eclipsehttps://pinboard.in/https://pinboard.in/u:jm/b:258866cdaffb/