I went on a course of The Best TLS Training and thought i should implement what i learn on my domain. Previously, QambarRaza.com was Grade A on https://www.ssllabs.com/ and Grade ‘F’ on https://securityheaders.com/.
But special thanks to https://scotthelme.co.uk/, i was able to make it Grade ‘A+’ on both security analyser websites.
Its very easy to do, i only spent 5 minutes to achieve this. You can do it to even if you don’t have access to nginx server you can do it via passing headers in PHP like i did:
//If the HTTPS is not found to be "on"
if(!isset($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on")
//Tell the browser to redirect to the HTTPS URL.
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
//Prevent the rest of the script from executing.
header("strict-transport-security: max-age=31536000; includeSubDomains; preload");
header("X-XSS-Protection: 1; mode=block");
And if you want to go one step further you can also submit your website to https://hstspreload.org/ which will make all browsers always open your website in HTTPS but becareful about it as you can break things as your http endpoints will stop working.
I have been asked this question several times. I could give you a diplomatic answer that it depends and it could differ from person to person but in this post i will answer this question in a general sense.
IoT devices are physical hardware that can connect to the Internet and can collect, exchange data with the network. Also in some cases they can act upon that data to react to the physical world.
So here is a general list that can get you started:
Switch/Router Connected to the internet (if its a wifi router make sure it can support 2G Frequency)
An Arduino module (For starters i would go for Ardunio UNO)
Previously, i was controlling the ESP-01 over TCP/IP using NodeJS but my main target from the beginning was to control it using Clojure. I have finally made it just two days before the actual demo in Lambda Lounge.
So all the details are in my previous post, the only difference is that this one is a Clojure version, i will build on top of it to create the demo that i would be presenting on Monday.
Here is a summary if you don’t want to read the previous post, i have flashed StandardFirmataWifi onto an ESP8266 IOT Module, to be specific the module is ESP-01. I am controlling the GPIO pin 0 of that module using Clojure without using any external library.
The communication is carried out using the messages in MIDI format. The IP Address of my ESP-01 on the network was 192.168.0.18 and the port open in the flashed version of StandardFirmataWifi was 3030.
In my previous blog posts, i was verifying the theory of using a functional programming language like Clojure with a very well-known IOT module ESP8266. It was a great success and we can see that we can now control that module’s GPIO pins by sending HIGH and LOW signals.
Now begins the next chapter. In this chapter we shall explore how we can control multiple of them. I would be asking myself questions like is it possible to control them synchronously and asynchronously? Can i use Clojure pipelines ? How about using Kafka ?
Using the Cloudiuno library, this code is testing the HIGH and LOW signals on PIN 0 with a 6 seconds delay.
I used a voltmeter to see if the voltage was changing after 6 seconds. So this is what i could see on my terminal while it was running.
And i had a voltmeter attached to the PIN 0 of ESP-01 to see if the voltage was actually changing. You would need a voltmeter to check if the voltage is changing after 6 seconds.
Then after 6 seconds,
During this experiment i noticed that the signal value was inversely proportional to the voltage that was being displayed on the multi-meter. I am still not sure why that happened. Could it be a bug in the library ?
Anyways, this is a great success as now we can finally use Clojure (The Functional Language of our choice) to program hardware such as the famous IOT module called “ESP8266” or to be more specific ESP-01.
I ordered few more of these from China which has now been delivered so i am thinking of a way to use them to prepare a good demo.
Wish me luck.. this is not the end, this is just the start so keep following !
Today, i am going to start with a fresh mind-set and i am going to reiterate some of the things just to make sure i am going in the right direction.
I started with the basic sanity tests.
Test # 1 : Hardware
So i have ESP-01, i have just verified that i haven’t burnt the IC yet by uploading the blinking example.
Test # 2 : Code
I went to Firmata Github and cloned the latest version of the code in my Arduino. For those who are not aware of how to do it the steps are listed in the readme of the linked github also i am copy/pasting them here:
Navigate to the Arduino application
Right click on the application icon and select Show Package Contents
Navigate to: /Contents/Resources/Java/libraries/ and replace the existing Firmata folder with latest Firmata release (note there is a different download for Arduino 1.0.x vs 1.6.x)
Restart the Arduino application and the latest version of Firmata will be available.
while reading through the code i saw the following note which suggests that we cannot use Serial.print() with ESP-01 which means it is hard to debug on ESP-01
Note: “The blue LED on the ESP-01 module is connected to GPIO1(which is also the TXD pin; so we cannot use Serial.print() at the same time)”
Test # 3 : Upload To test the code is uploaded properly, i uploaded the blinking example first so that i can see the internal LED blinking and then uploaded the StandardFirmataWifi version that stopped the blinking.
Test # 4: Firmata Test I used the same firmata test program that i used in my previous test to check if Firmata is loaded properly on the ESP-01. But again there were no buttons even though i had selected the correct port.
Looking at all those test results, i believe that Firmata Test Program is expecting ESP-01 to operate on a certain baud rate and it is not able to meet its requirements so TX and RX rate is very low and therefore no buttons are loading. But this is a hypothesis which i still need to test. So that will be my Test 5.
I started with a sketch for programming ESP-01 because it was quick and easy way to explore the Frtizing software.
I really thought it was a simulator and it would make my life easier by just letting me work on my laptop until the whole project is complete. But i couldn’t find the “play” button. No wonder why. After some research i found their FAQs and the first question was “Does it simulate my circuit?”
“Does Fritzing simulate my circuit? (a.k.a. Where is the play button?)No, sorry. We don’t think that the advantage of having a simulation is worth the effort. Hardware is very difficult to simulate and it would also complicate the usage of Fritzing. Also, we think that it is important that you get hands on with the real stuff, and that you should try out your circuits physically. We will however add some simple checks in the future, to help you avoid common mistakes. For a more complete discussion, see http://fritzing.org/forum/thread/413/, particularly the comment from Brendan Howell.”
This is why we should read about the software first before overthinking its benefits. Now, i am back to where i was before my last post which was about making firmata work with ESP-01/ESP-12.
I did some more research on this topic and found many useful links. After reading the solutions offered by other engineers, i have come up with my own which i will discuss in my next post.