Comments for Sense PlaNet http://www.senseplanet.com finally, web and things get along! - brought to you by Daniel Kaplan ( daniel@senseplanet.com ) Wed, 26 May 2010 19:44:04 +0000 hourly 1 http://wordpress.org/?v=3.3 Comment on Towards the social grid: an example of design by Fraze http://www.senseplanet.com/2011/01/social_grid/comment-page-1/#comment-214 Fraze Wed, 26 May 2010 19:44:04 +0000 http://www.senseplanet.com/?p=221#comment-214 <i>At application level, you can have a front authentication module that rely on local user directory (a file, a SQL table, an LDAP directory roughly depending on the volume of users and requests). On a Tomcat (or a J2EE App Server) that’s a filter you had in the configuration, on a PHP server, that is a check to include at the begginning of all pages requiring authentication.</i> +1 At application level, you can have a front authentication module that rely on local user directory (a file, a SQL table, an LDAP directory roughly depending on the volume of users and requests). On a Tomcat (or a J2EE App Server) that’s a filter you had in the configuration, on a PHP server, that is a check to include at the begginning of all pages requiring authentication.
+1

]]> Comment on Create a server in the cloud…in a breeze! by Daniel http://www.senseplanet.com/2009/05/mosso-cloud-server/comment-page-1/#comment-32 Daniel Wed, 24 Feb 2010 17:30:23 +0000 http://www.lalibelaproductions.com/daniel/?p=31#comment-32 Note for myself: if Java heap size encountered while running Tomcat, increase the memory allocated to Java by adding this line to catalina.sh: JAVA_OPTS="$JAVA_OPTS "-Xms512m" "-Xmx1024m" Note for myself:
if Java heap size encountered while running Tomcat, increase the memory allocated to Java by adding this line to catalina.sh:
JAVA_OPTS=”$JAVA_OPTS “-Xms512m” “-Xmx1024m”

]]> Comment on Create a server in the cloud…in a breeze! by daniel http://www.senseplanet.com/2009/05/mosso-cloud-server/comment-page-1/#comment-26 daniel Wed, 03 Feb 2010 23:58:23 +0000 http://www.lalibelaproductions.com/daniel/?p=31#comment-26 Note for myself: In Centos 5.3, do not forget to modify the iptable so as to access tomcat from an external IP. Enter iptables... Iptables is your firewall, its baked into CentOS, and its extremely powerful. I don’t know the complete depth of iptables but for this tutorial you’ll need to just get a few ports opened up and that’s it. # iptables -F # iptables -A INPUT -p udp -m udp --dport domain -j ACCEPT # iptables -A INPUT -p tcp --dport 22 -j ACCEPT # iptables -A INPUT -p tcp --dport 10000 -j ACCEPT # iptables -A INPUT -p tcp --dport 25 -j ACCEPT # iptables -A INPUT -p tcp --dport 8080 -j ACCEPT # iptables -A INPUT -p tcp --dport 80 -j ACCEPT # iptables -A INPUT -p tcp -m tcp --dport domain -j ACCEPT # iptables -A FORWARD -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT: # iptables -A FORWARD -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN: # iptables -A OUTPUT -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT: # iptables -A INPUT -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN: make sure you save your iptables configuration so you don’t have to re-edit it when you reboot your server # /sbin/service iptables save now just restart your firewall # /etc/init.d/iptables restart now you can check your configuration # iptables -L -v at this point, for good measure you might want to reboot your server # reboot Note for myself:
In Centos 5.3, do not forget to modify the iptable so as to access tomcat from an external IP.

Enter iptables…
Iptables is your firewall, its baked into CentOS, and its extremely powerful. I don’t know the complete depth of iptables but for this tutorial you’ll need to just get a few ports opened up and that’s it.
# iptables -F
# iptables -A INPUT -p udp -m udp –dport domain -j ACCEPT
# iptables -A INPUT -p tcp –dport 22 -j ACCEPT
# iptables -A INPUT -p tcp –dport 10000 -j ACCEPT
# iptables -A INPUT -p tcp –dport 25 -j ACCEPT
# iptables -A INPUT -p tcp –dport 8080 -j ACCEPT
# iptables -A INPUT -p tcp –dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp –dport domain -j ACCEPT
# iptables -A FORWARD -o eth0 -j LOG –log-level 7 –log-prefix BANDWIDTH_OUT:
# iptables -A FORWARD -i eth0 -j LOG –log-level 7 –log-prefix BANDWIDTH_IN:
# iptables -A OUTPUT -o eth0 -j LOG –log-level 7 –log-prefix BANDWIDTH_OUT:
# iptables -A INPUT -i eth0 -j LOG –log-level 7 –log-prefix BANDWIDTH_IN:

make sure you save your iptables configuration so you don’t have to re-edit it when you reboot your server
# /sbin/service iptables save

now just restart your firewall
# /etc/init.d/iptables restart

now you can check your configuration
# iptables -L -v

at this point, for good measure you might want to reboot your server
# reboot

]]> Comment on Towards the social grid: an example of design by vlad http://www.senseplanet.com/2011/01/social_grid/comment-page-1/#comment-25 vlad Wed, 03 Feb 2010 12:45:41 +0000 http://www.senseplanet.com/?p=221#comment-25 Hi, 2 cents here: - transport-specific security in case devices do not have directly http or ip for that matter on board. This can rely on bluetooth/zigbee mecanisms, but then gateways need to know about each device specifically... - the encryption on embedded devices, sensor nodes have very limited cpu, so i see complex encoding quite heavy to be computed each time, especially when this happens at a the app level. An option would be to have a second chip that takes care only of computing the encoding... anyway, I'm not an expert here, so I can't say what's best, but it's just a matter of adding the limited cpu in the security vs. algo complexity tradeoff. oh there is this though... http://research.microsoft.com/en-us/um/people/zhao/pubs/secureTWS_IPSN09.pdf voilà Hi,

2 cents here:
- transport-specific security in case devices do not have directly http or ip for that matter on board. This can rely on bluetooth/zigbee mecanisms, but then gateways need to know about each device specifically…

- the encryption on embedded devices, sensor nodes have very limited cpu, so i see complex encoding quite heavy to be computed each time, especially when this happens at a the app level.

An option would be to have a second chip that takes care only of computing the encoding…

anyway, I’m not an expert here, so I can’t say what’s best, but it’s just a matter of adding the limited cpu in the security vs. algo complexity tradeoff.

oh there is this though…

http://research.microsoft.com/en-us/um/people/zhao/pubs/secureTWS_IPSN09.pdf

voilà

]]> Comment on Towards the social grid: an example of design by teddyber http://www.senseplanet.com/2011/01/social_grid/comment-page-1/#comment-20 teddyber Thu, 07 Jan 2010 10:11:17 +0000 http://www.senseplanet.com/?p=221#comment-20 I'm not that familiar with any authentication tool or framework but basically there are two ways of doing it: at application level or at transport level. At application level, you can have a front authentication module that rely on local user directory (a file, a SQL table, an LDAP directory roughly depending on the volume of users and requests). On a Tomcat (or a J2EE App Server) that's a filter you had in the configuration, on a PHP server, that is a check to include at the begginning of all pages requiring authentication. At transport level, you use SSL client authentication to encapsulate your HTTP flow and yay! that becomes HTTPS, you can then benefit from a encrypted connection to enable confidentiality over your data. I’m not that familiar with any authentication tool or framework but basically there are two ways of doing it: at application level or at transport level.

At application level, you can have a front authentication module that rely on local user directory (a file, a SQL table, an LDAP directory roughly depending on the volume of users and requests). On a Tomcat (or a J2EE App Server) that’s a filter you had in the configuration, on a PHP server, that is a check to include at the begginning of all pages requiring authentication.

At transport level, you use SSL client authentication to encapsulate your HTTP flow and yay! that becomes HTTPS, you can then benefit from a encrypted connection to enable confidentiality over your data.

]]> Comment on Towards the social grid: an example of design by daniel http://www.senseplanet.com/2011/01/social_grid/comment-page-1/#comment-18 daniel Wed, 06 Jan 2010 22:17:19 +0000 http://www.senseplanet.com/?p=221#comment-18 yep, you're right!...What kind of authentification tool do you recommend..ideally one that is easy to ramp up with? OAuth? yep, you’re right!…What kind of authentification tool do you recommend..ideally one that is easy to ramp up with? OAuth?

]]> Comment on Towards the social grid: an example of design by teddyber http://www.senseplanet.com/2011/01/social_grid/comment-page-1/#comment-17 teddyber Wed, 06 Jan 2010 09:21:45 +0000 http://www.senseplanet.com/?p=221#comment-17 Hi there, I see one problem here but maybe that's only becauseI tend to be a security freak: anyone can spoof the MAC address of your sensor and contact the WebServices API to upload false information. I would say that you really need to include some security at the very beginning of the design. Maybe a simple shared secret between a sensor and the WS API (a simple authentication for instance) Again, I'm a security freak these days ;o) See ya! Hi there,

I see one problem here but maybe that’s only becauseI tend to be a security freak: anyone can spoof the MAC address of your sensor and contact the WebServices API to upload false information.

I would say that you really need to include some security at the very beginning of the design. Maybe a simple shared secret between a sensor and the WS API (a simple authentication for instance)

Again, I’m a security freak these days ;o) See ya!

]]> Comment on Sentilla Perk Kit by daniel http://www.senseplanet.com/2009/04/sentilla-perk-kit/comment-page-1/#comment-13 daniel Mon, 28 Dec 2009 06:18:27 +0000 http://www.lalibelaproductions.com/daniel/?p=18#comment-13 Arshan, I've been thinking about this solution as well for rapid-prototyping and it seems enticing. Is there a way I can get a hold on one as a loaner? Then I will write a post about it. Arshan, I’ve been thinking about this solution as well for rapid-prototyping and it seems enticing. Is there a way I can get a hold on one as a loaner?
Then I will write a post about it.

]]> Comment on Sentilla Perk Kit by Arshan http://www.senseplanet.com/2009/04/sentilla-perk-kit/comment-page-1/#comment-12 Arshan Sun, 27 Dec 2009 21:13:44 +0000 http://www.lalibelaproductions.com/daniel/?p=18#comment-12 For java on sensors checkout the sunspot too ... sunspotworld.com cheers ( For java on sensors checkout the sunspot too … sunspotworld.com

cheers
(

]]> Comment on Create a server in the cloud…in a breeze! by teddyber http://www.senseplanet.com/2009/05/mosso-cloud-server/comment-page-1/#comment-10 teddyber Tue, 22 Dec 2009 09:02:09 +0000 http://www.lalibelaproductions.com/daniel/?p=31#comment-10 mmh, miam! This looks yummy! mmh, miam! This looks yummy!

]]>