Tuesday, July 5, 2016

Setting up a Home VPN Server Using Your Raspberry Pi

One part of working with the Internet of Things is the difficulty of connecting to devices in your home when you aren't in your home network. I face this difficulty every week when travelling around — I need to run tests and build Internet of Things demos, yet I'm not home to do so! I decided to turn my Raspberry Pi into a VPN so I could connect to my home network remotely. Here's how you can do the same thing using an OpenVPN installer called PiVPN.

You can run through the following tutorial using either the Terminal on your Pi or using SSH to connect to your Raspberry Pi remotely. If you aren't quite sure how to SSH into your Raspberry Pi, I have a short guide on how to SSH into a Raspberry Pi which might help! If you do not have a static IP address set up on your Pi, I'd recommend working directly on your Pi (otherwise, it's likely your IP addresses will change during the process to a static IP and kick you out of your SSH session!).

Starting the Install Process

To get started, we run the following command in our Pi's terminal (either via SSH or directly on the Pi):

[code language="bash"]
curl -L http://ift.tt/29vfGJv | bash
[/code]

Important Note: This command parses a random script downloaded from the web directly into your Pi's bash. That can be incredibly dangerous if you do not trust the installation source as it will run whatever code you give it straight away. I haven't gone through and vetted their bash command line by line (I trust them!) but it is available to look through on their GitHub under install.sh within the auto_install folder if you have any concerns.

Running that command will open a slightly nicer looking text-based GUI that starts with a simple prompt:

Initial automated installer prompt

Once you've hit Enter, you'll be taken to another screen which will point out that a static IP address is important for this VPN service to work — if you do not have a static IP for your Pi, your router won't have an IP address to forward VPN functionality to. Don't have a static IP on your Pi? Don't worry — the automated installer will set up a static IP for you soon.

Screen telling you to have a static IP

Hit Enter to go to the next screen:

Ethernet or Wi-Fi selection

Be careful on this screen — hitting Enter will take you to the next screen, rather than making a selection in the two radio button options. I made this mistake during the install process and it gets messy to restart the install process to change it!

In the interface selection, you can choose whether you'd like to set the VPN up on your ethernet connection (eth0) or your Wi-Fi (wlan0). I personally choose Wi-Fi as my Pi isn't close to my router. If you can connect the Pi via ethernet, this will be much better for speeds! To choose an option, move your selection with the arrow keys and select it with the Spacebar. Then click Enter to go to the next screen.

Confirmation of current IP address screen

This screen confirms your current IP address for the Pi. I personally wanted to change my Pi's IP to something more memorable, so I clicked the arrow key to move my selection to <No> and hit Spacebar to select it. I then hit Enter to go to the setup to change my Pi's static IP.

Entering desired IP address

In this screen, you'll enter in the static IP address you'd like your Pi to have. I chose 192.168.0.31. Once you've got the IP address you'd like, hit Enter.

IP address of the gateway

In this screen, you'll need to enter in the IP address of your router or default gateway. This will depend on your network setup but a lot of the time this will be 192.168.0.1. If you aren't sure, try entering whatever IP address you enter to get to your router's config page in your browser. Once you've got this entered in, hit the Enter key.

Confirmation of IP address

Hit Enter on this screen to confirm your IP address settings are correct. They should look similar to my ones above if your home network is set up to the defaults of most home networks. If not, chances are high that you already know your own settings.

Settings confirmed

The visual GUI style interface will then disappear and you'll see in the Terminal that your settings are confirmed in the text shown. Wait a bit as it performs these actions to set a static IP and so on. If you have SSHed in and just changed your IP address... chances are this is where you'll get stuck because your connection will get dropped! If this happens to you, run through the process again but connect to the static IP you set up this time around.

Once PiVPN's network setting adjustments are done, it will bring you back to a nicer looking screen.

User selection start screen

This screen above is just notifying us that we will soon choose our VPN's local user. Hit Enter to begin and move to the next screen.

Choosing Pi user

In this screen, if your Pi is set to defaults you'll likely only have one option — the pi user. If that's the case, hit Enter! If you've got a custom user set up and want to set things up through that, select that user via the arrow keys and hit Spacebar. Then once that user is selected, hit Enter.

Unattended upgrades explanation

This next screen is advising you of something that is incredibly important to pay attention to! Setting up your Pi as a VPN means it will have a port open to the wider internet. This comes with serious responsibility — if security issues arise, your Pi is potentially open for anyone to access. Access to your Pi as a VPN means something incredibly dangerous depending on how your network is set up — it likely means access to your whole home network. For this reason, PiVPN recommends turning on unattended upgrades which will automatically update security packages at the very least. It is important to note it is still your responsibility to watch for security vulnerabilities in the press and keep an eye out for strange activity on your network. You can set up most routers to show logs of connections and so on — keep an eye on these things and more.

Do you want unattended upgrades question

Continue reading %Setting up a Home VPN Server Using Your Raspberry Pi%


by Patrick Catanzariti via SitePoint

Securing Your IoT Devices and Services with JSON Web Tokens

IoT security is a hot-button issue in today's world: there are more internet-connected devices than there are people, and the amount of data being shared has exploded over the past few years. However, keeping that data safe is becoming a problem just as quickly— especially with the advent of health-sensitive devices, and devices that could be dangerous if compromised, like vehicles!

I can't claim to have all the answers, but I do have one trick up my sleeve that should help you in your quest for security — JSON Web Tokens, which I'll also refer to as JWTs. These small, portable, verifiable tokens help make sure the communications you are sending and receiving from your devices and servers are from a trusted source. They also make great bearer and access tokens.

What's a JSON Web Token?

For those who haven't come across these before, JSON Web Tokens are JSON-based tokens used to send verified information across the web. They are base64 encoded before they are sent, so they tend to look like this:

[caption id="attachment_134494" align="aligncenter" width="1024"]jwt.io debugger with a JSON Web Token The jwt.io debugger showing a JSON Web Token[/caption]

What you are seeing above is the JWT debugger at JWT.io, a site where you can learn a lot more about JWTs than we'll have room to go over in this article. On the left is the encoded, completed JWT. It includes:

  • The header, base64 encoded, concatenated with a '.'
  • The payload, base64 encoded, with another '.'
  • The signed key

On the right is the decoded header and payload. They consist of claims (which is just a fancy name for JSON key-value pairs). Some claims are declared by the standard — "alg" is for the signing algorithm for the key and "sub" stands for subscriber. Other claims you make yourself, such as "admin".

The key consists of a signed hash of the header, concatenated with a ".", then the payload, all base64 encoded. It is signed with a secret that is to be held by both parties, and can be symmetrical (a string) or asymmetrical (an RSA public/private key pair).

These claims come together to describe the token itself and anything else you'd like to keep such as user information and relevant session data. Just be sure to keep this data limited — one of the big benefits of JWTs is they are very small if you don't overstuff them!

You send JWTs by putting them in the Authorization HTTP header with the format:

[code language="js"]
Authorization: bearer <token>
[/code]

If you can't modify HTTP headers, many services will also accept the JWT as a body parameter, or even a query parameter. Those methods aren't recommended if you can use HTTP headers.

What Are The Benefits of JWTs?

The IoT world is a world of small devices, and developers strive to make the HTTP calls these devices make as small as possible. JWTs help with this by having very little overhead. They use the minimalistic JSON scheme and base64 encoding to achieve this. Just make sure you don't add too many claims of your own, or else the benefit of size will overridden by your usage of them! Keep the claims to a minimum to keep your app functioning.

Why not cookies? This also hearkens to the HTTP request need. Instead of your server having to use the cookie to go find other information about the user's session, it is all inside the JWT from the start. This means there are no extra database or external service calls to make. Again, this depends on how you use them, so think carefully about what claims you need, and which you don't.

Another benefit of JWTs is that they are universal — JSON parsers exist for nearly every platform, and the ability to access base64 encoding/decoding along with hsa256 signing and verification is becoming more and more of a given. Also, JWTs are backed by a web standard, so you can be confident knowing you are using tech that can easily integrate with other web standards-compliant services, including many OAuth2 providers and all providers of the OpenID Connect standard.

Even if your IoT device cannot decode the token, it can be handed to the device as an access token for your servers and services. As long as your device can store a string given to it, JWTs can be used as a stored credential by your IoT devices. Just be extra sure to secure these tokens and keep a close eye on them, as bearer tokens can be dangerous if leaked!

One of the many challenges of today's web architecture is validating yourself across services scattered across multiple domains — even a single hobbyist or company might have services running on different PaaS providers! JWTs make this cross-domain negotiation easier — as long as all parties share the same secret to verify the key, then the JWT doesn't care about domain, subdomain, port, etc.

Continue reading %Securing Your IoT Devices and Services with JSON Web Tokens%


by Kassandra Perch via SitePoint

Control the Physical World with Ruby and Artoo

artoo

Ruby is a pretty slick language. But, in the past, whenever anyone mentioned "embedded" no one thought of the word "slick". Instead, visions of terribly written C with lots of bit mashing or flashbacks to inordinate amounts of time spent with inadequate lighting trying to fight with a breadboard often came to mind. Fortunately, this is no longer the case with Artoo. Artoo is a cool library that allows Ruby to control and interact with lots of different hardware platforms (e.g. the Sphero, the Arduino, etc.). In this article, we'll focus on getting Artoo up and running and check out a few different examples of Artoo in action using the Arduino and a standard keyboard.

Continue reading %Control the Physical World with Ruby and Artoo%


by Dhaivat Pandya via SitePoint

SitePoint/Flippa Hack Day: Hacking our First IoT Project

Recently at SitePoint, in conjuncture with Flippa.com, we held our first company-wide Hack Day.

Arnaud explains Creepr.

Thursday morning began with an 'open mike' meeting where anyone could pitch any idea they liked. Everyone voted on their favorites and we had two days to plan, build and present our idea back to the group late Friday.

It was serious and there were prizes - we even had t-shirts made!

The Pitches

There were some great pitches made including:

  • InstaGran: Send a printed postcard with personal message to your grandmother - for free.
  • Bot-bot: An event/table tennis/fuusball organising Slackbot.
  • Minority Report: Using machine learning on historical records for better website valuations.
  • Creepr: Provide better choices to your customers by understanding them better.

However, this article is about an IoT idea pitched by SitePoint lead developer, Jude Aakjær.

Jude's Idea: Sparklemotion

You may not know that the SitePoint HQ is actually an open-plan, three storey building currently housing four companies that share resources - Flippa.com, Influx.com, PromisePay.com and, of course, SitePoint. Throughout the building we have a scattering of variously-sizes boardrooms and meeting spaces.

The Problem: Jude looking for an office

The Problem? Getting a Room

Though we have a calendaring system for booking these rooms, it's fair to say that it isn't rigorously adhered to.

What's more, it's common for people to need to take Skype, Hangouts or phone calls with no advanced notice. You'll see these poor wretches stumbling through the building carrying a laptop, peeking under blinds, searching for a place of refuge.

Jude's idea was to build IoT hardware and software that would know which rooms were currently occupied and that made that information readily available - via both an indicator light in-situ and a web front-end. He dubbed it 'Sparklemotion' and wanted to build a proof of concept.

Team Sparkle

Although Sparklemotion didn't technically win the vote, a handful of us were sufficiently inspired to want to work on it regardless. Who said this was a democracy, anyway?

The self-assembled team was our sysadmin, Adam Bolte, SitePoint managing editor, Adam Roberts, Video Content Manager, Angela Molina and SitePoint Design and UX editor, Alex Walker.

Had any of us built electronics before? No. But collectively we'd seen most of McGuyver, so we felt well-prepared.

The Scope

We estimated that in two days could likely build:

  • The internet-enabled Arduino unit with motion sensor unit
  • A simple server to monitor signalling
  • A web frontend

1. The Hardware Build

Before Hack Days started, we had spruiked the SparkleMotion concept around the office and found out the basics of how it would need to work. A few people around the office donated Arduino kits and a PIR motion sensor was sourced.

As none of the team had used an Arduino, and our C skills hovered somewhere between rusty and non-existent, we found the setup instructions in the Sparkfun kit to be super handy. It had some great beginners tutorials and we used it extensively to work out how the Arduino functioned.

Arduino's function perfectly for this kind of hacking, you can quickly prototype out a working piece of electronics without having to solder, and with fairly limited programming skills. They consist of a microcontroller with several digital and analog I/O pins that can be plugged into lights, motors, sensors, LCD boards, really anything you can imagine!

We got our SparkFun board and started playing…

Our basic battle plan was

  • Turn a light on and off!
  • Get an RGB light working
  • Work out the motion sensor
  • Talk to the internet!

Turning a light on and off was pretty simple, so we quickly moved on to driving an RGB light. This showed that there were two ways of reading and writing data, analog, and digital. Digital writes involve turning switches either ON or OFF and in the example of our RGB LED, this means cycling through all the combinations afforded by the three switches.

Continue reading %SitePoint/Flippa Hack Day: Hacking our First IoT Project%


by Alex Walker via SitePoint

evelyn studio

Digital design agency based in Nottingham UK, specialising in UI & eCommerce design


by csreladm via CSSREEL | CSS Website Awards | World best websites | website design awards | CSS Gallery

Pulse News

Pulse was to create a new way in which people interact with the notion of browsing the news.


by csreladm via CSSREEL | CSS Website Awards | World best websites | website design awards | CSS Gallery

Le Comptoir de Vourles

Bistronomic restaurant in Vourles, France.


by csreladm via CSSREEL | CSS Website Awards | World best websites | website design awards | CSS Gallery