Category: Computers

Magic for the Internet of Things: Resin.io

Post author By Gergely Imreh
Post date 2015-05-27
1 Comment on Magic for the Internet of Things: Resin.io

I have my fair share of playing with embedded Linux and Internet of Things projects these days, but the real treat is finding projects occasionally that just blow me away. Through some Hacker News comments I ended up checking out Resin.io, a tool that brings cloud deployment and management to embedded applications. That might simple (boring?), but here’s the workflow in a nutshell:

Start a new application and download an image file for your chosen single board computer (1 of 5 choices at the moment: Raspberry Pi 1 & 2, Parallella, Intel Edison, and BeagleBone Black)
Flash the image onto an SD card, connect the board to the network, and boot it up
The board shows up in the cloud management console, and you get a git repo address
Make an application (Docker, Node.js, etc.), do a git push: voila, your board’s running your app
Flash a few more SD cards, connect the devices to the network, all of them will run your application
Modify the app behaviour through environment variables, either all of them at once, or customize each
Check status, logs, updates, online, and enjoy that things just work!

I cannot emphasise enough how good any service feels that 1) runs by git pushing code, and 2) just works.

SomaStream

To try it all out, I’ve put together a very simple application: SomaStream – the SomaFM internet radio streaming app.

Grabbed my RaspberryPi that didn’t do much lately, plugged an earphone in it, and started to look for some examples in the docs how to make it play some streaming music.

Tags git, IoT, Parallella, Raspberry Pi, Resin.io, Yocto

Programming Taiwan

Taiwan Bank SSL Continuous Monitoring

Post author By Gergely Imreh
Post date 2015-04-06
1 Comment on Taiwan Bank SSL Continuous Monitoring

My previous post, titled SSL status of Taiwanese banks: a sad affair sparked a lot of visits and lot of discussion, clearly touching on something important. It was great to bring to light how well (or badly, in this case) these organizations are doing, as internet security should be one of their key focus.

Many of the organizations improved their setup since then, and it became quite troublesome to manually check each bank and each change, update the table and so on. It’s also good to have not just a snapshot in time, but a continuous record of how they were doing.

Thus I’ve hacked together some monitoring scripts, put the results online, and here’s the Taiwan Financial Institute SSL Status page.

TaiwanBankSSL — Click to check the current results

Page features include:

Automatically run once a day
Highlighting issues, showing grade evolution
RSS feed of grade changes
Automatic tweeting of daily status and changes as @twbankssl

This is quite a bit more than “minimal features”, but wanted to make something that is actually useful.

Tags online banking, online security, open source software, scripting, ssl

Computers Taiwan

SSL status of Taiwanese banks: a sad affair

Post author By Gergely Imreh
Post date 2015-03-14
13 Comments on SSL status of Taiwanese banks: a sad affair

Today there was a story on Hacker News, how someone tweeting a screenshot of a bank’s SSL certificate got harassed by the bank in Greece. This got me thinking about the status of the banks here in Taiwan, especially how this place is so wired and online now. So I took a list of taiwanese banks and run each of their sites through the SSL Test. From past experiences I haven’t had my hopes up, but boy is the result ugly…

SSLTest_F — The usual result of this exercise

SSL Test Overview

I had a list of 43 banks, and for a quick overview I took into account a few key features only. The first is whether there are any active vulnerabilities against the site according to the test (these were mostly CRIME, FREAK, and POODLE attacks). The second is whether RC4 encryption was enabled, as it is now prohibited, and having it on is an automatic Payment Card Industry Data Security (PCI) compliance failure, according to one of the commenters. Other various warnings are mentioned when something really stands out, they are not crucial but more nice to have (though I’d contend that Forward Secrecy and HTTP Strict Transport Security is more than “nice” for anything financial).

Edit: Since publishing this post, there’s a brand new password recovery attack against RC4, so it’s even more urgent to switch it off.

Tags online banking, online security, ssl, webmaster

Maker Programming

Navspark: Arduino for GPS, GLONASS, and Beidou

Post author By Gergely Imreh
Post date 2014-05-18
1 Comment on Navspark: Arduino for GPS, GLONASS, and Beidou

I’m very much into satellite navigation as previous projects might show (my IT travel pack, StartupBus tracking, GPS satellite tracking). Because of this I was very excited to see an Indiegogo project for Navspark, an Arduino compatible GPS, GLONASS, and Beidou receiver. I guess everyone knows GPS, GLONASS is the equivalent Russian satellite network, and Beidou is the same for China.

I have signed up to support it for two main reasons: it’s a Taiwanese project (Skytraq, the company behind Navspark is in in Hsinchu city in Taiwan), and I haven’t seen anything about Beidou before.

They barely made the campaign, but it’s not for the lack of quality. There were a lot of updates during and afterwards as well as the project was developing. Those were good behind the scenes information, got to see what parts of hardware development are more troublesome than others.

The Navspark board

The rewards just shipped this week, and since for this campaign I’m a “local”, I got it pretty early. I got my Navspark GPS/Beidou (BD) version in a big envelope, together with an antenna, some pin and a jumper.

Tags arduino, beidou, gps, indiegogo, navspark

Computers Life

My IT travel pack

I’ve just recently travelled from Taiwan to Japan on a short trip to check out the cherry blossoms of Kyoto. While it was fun, I did realize that there are a lot of technological details I’m keeping track of, that take up significant mental bandwidth. Technology is helpful even if it takes effort to keep it running. This is a writeup of a non-exhaustive, arbitrarily ordered list of tech I used on the trip, and the way I used them.

Internet connectivity

One of the first concern is how do I get online on the go? There seem to be a bunch of companies providing mobile hotspot rental. The one I wanted to use originally is in Taiwan, and tried to arrange it too late (needs ~5 days in advance). Instead I found another company online called Japan Wireless. They can send a wireless hotspot or pre-paid 3G card to a hotel, or to an airport to be picked up. Since the hotspot I wanted to get was out of stock for the first half of the trip, I went with a 3G card and wanted to use an old Android phone to act like the hotspot.

Picking up the card at Kansai Airport was very straightforward. My Android phone worked much less. Might be getting “too old”, sometimes it couldn’t start the wireless sharing at all, though when it worked it was good for a while. It is also worth enabling “network traffic monitoring” and appropriate warning levels. The pre-paid card had 1G traffic included. Definitely does not recommend running a Play Store update while connected, apps can easily take up 30-50Mb, and 50% of your traffic allowance is gone before you can say “Ice Cream Sandwich”…

Tags 3G, airport, Japan, language, maps, photography, travel