Current state of HTTPS on ESP8266

This is the output from howsmyssl:

{
	"given_cipher_suites": [
		"TLS_RSA_WITH_AES_128_CBC_SHA",
		"TLS_RSA_WITH_AES_256_CBC_SHA"
	],
	"ephemeral_keys_supported": false,
	"session_ticket_supported": false,
	"tls_compression_supported": false,
	"unknown_cipher_suite_supported": false,
	"beast_vuln": false,
	"able_to_detect_n_minus_one_splitting": false,
	"insecure_cipher_suites": {},
	"tls_version": "TLS 1.1",
	"rating": "Improvable"
}

Only upto TLS 1.1 😦
This was tested using ESP-01. I’ll be performing tests with ESP32 next month, once I get around to drag-soldering it 🙂
Continue reading

Advertisements

Microsoft – get your error checking act together

So the world is in a disarray, thanks to you Microsoft and your never ending buffer overflow vulnerabilities. Makes you wonder why you cannot write good tools to test for this internally, with 100% coverage. Surely it can’t be an impossible task.

Nevertheless, why do you insist on having cryptic error messages, for things that are not even an error in Windows or MS Office? Let’s take the example of Powerpoint.

For the past few weeks, I’ve been getting this error everytime I open some .pptx file. “Powerpoint found a problem with the content blah blah. Click to repair…”.

ppt-perms1

Now it doesn’t repair when I tell it to (because turns out there’s nothing to repair).

ppt-perms2.JPG

The problem was finally traced to incompatible security settings for downloaded files. If you have downloaded a MS Office file, it is automatically set to “unsafe” by Windows explorer, and hence blocked from being opened. You have to manually unblock it.

ppt-perms3.JPG

Well now Microsoft – you have written Windows and MS Office – can you not detect this and give the relevant message. Better yet, give the option with Powerpoint itself to unblock? Why should your customers have to jump through so many hoops for something so simple? Make no mistake – giving an incorrect error message is a “bug”, nothing less.

My 🐈 Spotty could do better debugging than you, Microsoft.

Play audio from 2 bluetooth headsets simultaneously on the Macbook Pro

Previously, I’d written about how to play audio simultaneously through a bluetooth headset and wired earphones on your Macbook Pro.

However, now we have a new problem. We just got a new 🐈 Spot, who’s the cutest cat my wife has ever seen. And he loves to pull on all kinds of threads and wires, including… earphones wire!

So I wondered, can we connect 2 bluetooth headsets to the Macbook Pro and have music play from them simultaneously (without any significant lag).

Turns out, it’s definitely possible and not hard to set up. This is what you do:

  • You need to open up the secret audio device manager within MacOS called “Audio Midi”. Use Spotlight to find it.
  • Open it up and click on the “+” sign in the bottom-left and select “Create a multi-output” device. (You need to have the latest MacOS installed. This is how it should look: Multi-output Device MacOS
  • Make sure you tick only the 2 bluetooth devices and untick and others in the list. Also tick the boxes for drift correction and make sure sampling frequency is set to 44.1kHz (or else the sound will be horrible 😦 )
  • Once this is done, right click (or double-tap) on the multi-output device option on the left and select the option “Use this device for sound output”. You should hear the audio through both the bluetooth speakers 🎉.
  • Sometimes, it doesn’t work on the first try. Just delete the multi-output device and retry. Also, the bluetooth pairing order matters, for some reason that I don’t know. For my setup, I had to pair my Bose Soundlink headset before the Mpow headset, or else the Bose would disconnect.

Enjoy!

(Cat photo credit: fastcompany)

HTTPSRedirect V2: Communicate directly with Google Services

Almost a year ago, I launched a project called HTTPSRedirect. HTTPSRedirect allows you to read/write directly into Google Sheets, get info from Google Calendar services and much more, without the need for any 3rd party service. This means no more middlemen like IFTTT, pushingbox, Temboo, etc.

Google requires all communication to it’s cloud services to use SSL over HTTP. This forces the use of HTTPS. Secondly, the Google redirects your request to fetch the response data from another domain. Hence, if we need a proper channel to communicate with these services, there is a need for the HTTPS library to perform “follow-redirects”. HTTPSRedirect performs all this seamlessly. All the user needs to do is use simple GET/POST requests and HTTPSRedirect will handle all the messy stuff in the background.

In the example posted on the Github link above, I demonstrate how we can use ESP8266 to read and write into a cell of Google Sheets. Then we fetch Google calendar data and then keep writing device information into Google Sheets.

With HTTSPRedirect V2, most of the library code base has been re-written. You can check out the detailed Readme on github. But to cut a long story short:

V2 has been made fully generic – you can communicate with Google or any other cloud service. The code base has been rewritten to include a complete HTTP client which correctly parses data send and received from the remote server.

It can now perform GET and POST requests following HTTP/1.1 spec accurately. Both bulk and chunked encoding supported.

I’ve tried to keep the API easy to understand. I’ll also be writing a new library for more support functions to communicate easily with Google Sheets API. Coming soon… 🙂

Please send me your feedback. Happy Gudi Padwa to all!

Linux Bash type and aliases

Something I learnt today about aliases in Linux Bash shell. I use plenty of aliases in bash. Sometimes I forget what a particular alias stands for. Apparently the which command doesn’t work for this purpose. As explained here: bash-aliases, you can certainly do alias <alias-name> to check what it does. However, this doesn’t work for any custom functions we define in bash. The command type works in all cases and is the best utility to use for this purpose.

type <alias/function> will list out the exact command in all cases.

 

Handy Linux tricks with find

I often find the need to delete files of a particular size. Instead of viewing files in a graphical interface, arranging by size and then picking the ones to delete, there is an easier way. This is taken from the following SE posts:

http://unix.stackexchange.com/questions/37627/delete-files-of-certain-size-range

As mentioned there, the + or - prefixes are neither documented in the man pages nor within info. So in order to find files greater than 10MB but less than 100MB, use this:

find  .  -size +10M -size -100M  -exec rm -f  -- {} \;

The syntax of why the backslash and semi-colon is required is described here: semi-colon within find. The double-dash (--) tells the getopt interpreter that rm uses to ignore anymore options, and so allow deletion of filenames that begin with a dash(-). (Why would anyone have filenames like those👺: rm with special characters)

Alternatively, you could use xargs for the deletion.

find  .  -print0  -size +10M -size -100M  |  xargs  -0 rm -f  --

The arguments “-print0” and “-0” are required to interpret files with spaces in the names correctly. (find and xargs).

If you want to list all files based on their modification times, use this:

find  .  -type f  -mtime 0

will show all files in your current directory modified (or created) within the past 24 hours. If you’d like find to count from the beginning of today (rather than 24 hours ago), use the option “-daystart” before any time options.

The same + or - prefixes can be used here to limit the search to strictly greater/less than conditions.

ps: David Wheeler has written an excellent article on the ridiculous use of certain characters in POSIX filenames: No Sharp Corners

Linux file attributes and creation time :)

I didn’t know about the Linux ‘chattr‘ command which allows you to display and set file attributes. Using this, I learnt a neat trick on how to make a file immutable, even by the root user.

To make a file immutable, do:

chattr +i <filename>

To remove the immutable attribute, do:

chattr -i <filename>

To list the current file attributes, do:

lsattr foo/bar

It’s that simple 😎

This will change only the ctime for the file, and not its mtime. (details here: ctime vs mtime). Another interesting thing, in th Raspberry Pi context, is the atime file information. Essentially, atime should reflect the last time a file has been accessed. However, this is not very useful and only serves to increase the number of writes to a partition, every time a file is accessed. This is a dampener for performance esp. in embedded systems. Hence, on the Raspberry Pi, we mount partitions with the “noatime” attribute within fstab.

In Linux, the file creation time didn’t exist until the ext4 filesystem appeared. ctime originally did mean creation time, but it always reflected the time when a file’s metadata was changed (attributes, permissions, etc). With ext4, the creation time was stored in the file’s inode, under the field ‘crtime’. In order to get a file’s creation time we need to lookup the file’s inode, and the use stat and debugfs to find the required field. debugfs is required since there still doesn’t exist any kernel API to get crtime from stat. (birth time)

ls -i <filename>
debugfs -R 'stat <inode_number>' /dev/sdNN

(replace sdNN with the actual path to the device where the file resides). Look the the ‘crtime‘ field in the output.

Linux Scheduler

The default Linux process scheduler is the Completely Fair Scheduler (CFS). To change the default for Raspberry Pi, change the ‘elevator’ kernel parameter within /boot/cmdline.txt.

By default, it’ll have “elevator=deadline”. You can change deadline to noop or cfq. However, the default seems to be the best for interactive performance.