Dec 01

Short MIIMETIQ definition

Reading time: 2 – 3 minutes

M2MCF and MIIMETIQ

Last months in M2M Cloud Factory we have been working on MIIMETIQ. Last weeks I’ve been thinking about how to define MIIMETIQ shortly and this is my definition, please tell if you can understand something. Of course, you have to know we’re focused in Internet of Things and M2M market.

  • MIIMETIQ is an IoT/M2M framework, so this is the first step to setup to develop your vertical solution.
  • Framework: With a well defined architecture a framework is a set of functions ready to create any application. Everything else is open and adaptable.
  • MIIMETIQ architecture is service oriented and it uses AMQP as a message broker to connect the services.
  • MIIMETIQ has several modules, we define a module as a set of services. Basicly MIIMETIQ have 5 modules:
    • Identity Manager: manage users, groups, roles and all kind of entities the project needs and its security.
    • Assets Manager: a data model manager, the integrator creates the business logics and data models here.
    • Distribution System: this is a set of agnostitc connectivity layers to different types of devices.
    • A E N M: several time series and other signals flow through the AMQP, this data are events and using rules those events could be converted in alarms and some alarms have to be notified to proper services, systems or people.
    • Control Panel UI: this is an administration dashboard, in form of a UI to setup and monitor the most common uses of MIIMETIQ.
  • Using those modules usually the integrators create their own user interface to satisfy customer requiremests. In M2MCF we create those UI using ADUX (Advanced Development User Experience).
  • After configuring MIIMETIQ the integrator has 2 customized APIs to connect their code with MIIMETIQ. One of them is an API REST and another one is AMQP.
  • Finally everything inside MIIMETIQ could be customized, because the flexibility is very important when you have an horizontal solution.
Nov 10

Charla sobre MIIMETIQ en la PyConES 2014 de Zaragoza

Reading time: 1 – 2 minutes

No son pocas las veces que me preguntan a que me dedico. Pues bien, la charla “light” que he dado este mediodia en Zaragonza en el marco de la PyConES 2014. Una charla de 10min más preguntas me ha permitido compartir con la comunidad cuál es la ocupación que me ha tenido ocupado la mayor parte de mi tiempo durante este año. Cómo CTO de M2M Cloud Factory, he tenido la suerte de poder proponer la arquitectura que con la ayuda de mis compañeros hemos desarrollado. Se trata de un framework para el desarrollo de aplicaciones M2M bautizado con el nombre de MIIMETIQ.

A continuación podeis ver el video de la charla y consultar los slides:




Oct 30

Conferència al Tecnocampus: Internet of Things (IoT) low cost

Reading time: 1 – 2 minutes

Després d’arribar corrent de Cardiff on era aquest dilluns el dimarts vaig arribar a temps per fer la presentació “Internet of Things low cost” als companys del Tecnocampus de Mataró; per cert, unes intal·lacions brutals res a veure amb la EUPMT on vaig estudiar jo fa una colla d’anys. Jo encara diria més, molt millor que no pas la gran Universitat de Cardiff on vaig ser el dilluns.

Pel que fa a la xerrada agraïr a tothom que hi va assistir, a continuació adjunto les transparències pels que vareu ser-hi i pels que no.

Properament pujaré el video, o la part, del video que es va poder gravar. El problema és que són diversos gigues i he de deixar l’ordinador renderitzant cosa que encara no he pogut fer.

El video no conté tota la presentació però té una part important del contingut, així que desitjo que ús sigui útil:

Per cert, una gran part de la presentació esta reciclada de la conferència: Conferència: La revolució dels mini-PC: Raspberry PI, Arduino i més

Oct 21

OpenAM: some ssoadm commands for reference

Reading time: 3 – 4 minutes

OpenAM is as much powerful as complicated sometimes. In this case I spent a lot of time understanding how to set simple settings because of that I decide to take note about that in this blog entry.

First of all don’t forget to set the environment variables and go to ssoadm path:

export JAVA_HOME="/usr/lib/jvm/java-6-openjdk-amd64/jre"
export CLASSPATH="/var/lib/tomcat7/webapps/openam/WEB-INF/lib/policy-plugins.jar::/var/lib/tomcat7/webapps/openam/WEB-INF/lib/openam-core-11.0.0.jar"

cd /opt/openam/ssoadmin/openam/bin

Getting the list of user identities:

./ssoadm list-identities -u amadmin -f /tmp/oam.pwd -e / -t User -x "*"

anonymous (id=anonymous,ou=user,dc=openam)
demo (id=demo,ou=user,dc=openam)
serviceusername (id=serviceusername,ou=user,dc=openam)
amAdmin (id=amAdmin,ou=user,dc=openam)
Search of Identities of type User in realm, / succeeded.

another useful query would be:

./ssoadm list-identities -u amadmin -f /tmp/oam.pwd -e / -t Role -x "*"

No plug-ins configured for this operation

But as you can see it doesn’t work and I don’t know how to solve it.

Taking a look to GUI get to identities list with: Access Control > / (Top Level Realm) > Privileges

In this webpage you have a list of role identities, in my case I have only this: “All Authenticated Users”. Inside this identity I can set different privileges:

  • REST calls for Policy Evaluation (EntitlementRestAccess)
  • Read and write access to all log files (LogAdmin)
  • REST calls for searching entitlements (PrivilegeRestReadAccess)
  • Read access to all log files (LogRead)
  • Read and write access to all federation metadata configurations (FederationAdmin)
  • Read and write access only for policy properties (PolicyAdmin)
  • Read and write access to all configured Agents (AgentAdmin)
  • Read and write access to all realm and policy properties (RealmAdmin)
  • REST calls for managing entitlements (PrivilegeRestAccess)
  • Write access to all log files (LogWrite)

If we want to remove a privilege:

root@vm:/opt/openam/ssoadmin/openam/bin# ./ssoadm remove-privileges -u amAdmin -f /tmp/oam.pwd -e / -g EntitlementRestAccess -i "All Authenticated Users" -t role

Privileges were removed from identity, All Authenticated Users of type, role in realm, /.

or adding a privilege:

root@vm:/opt/openam/ssoadmin/openam/bin# ./ssoadm add-privileges -u amAdmin -f /tmp/oam.pwd -e / -g EntitlementRestAccess -i "All Authenticated Users" -t role

Talking about policies, exporting:

./ssoadm list-policies -u amadmin -f /tmp/oam.pwd -e / -o /tmp/policies.xml

and if we want to import the policies:

./ssoadm create-policies -u amAdmin -f /tmp/oam.pwd -e / --xmlfile /tmp/policies.xml

creating a user:

./ssoadm create-identity -u amadmin -f /tmp/oam.pwd  -e / -i serviceusername -t User --attributevalues "userpassword=servicepassword"

Useful references:

Jul 08

sslsnoop – hacking OpenSSH

Reading time: < 1 minute

Using sslsnoop you can dump SSH keys used in a session and decode ciphered traffic. Supported algorithms are: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc.

Basic sslsnoop information:

 $ sudo sslsnoop # try ssh, sshd and ssh-agent… for various things
 $ sudo sslsnoop-openssh live `pgrep ssh` # dumps SSH decrypted traffic in outputs/
 $ sudo sslsnoop-openssh offline –help # dumps SSH decrypted traffic in outputs/ from a pcap file
 $ sudo sslsnoop-openssl `pgrep ssh-agent` # dumps RSA and DSA keys

Take a look into the project in sslsnoop github page.

Jun 30

Enabling linux kernel to open LOTS of concurrent connections

Reading time: < 1 minute

Just a small recipe about how to enable linux kernel to open tons of concurrent connections. Really simple and useful post entry.

echo “10152 65535″ > /proc/sys/net/ipv4/ip_local_port_range
sysctl -w fs.file-max=128000
sysctl -w net.ipv4.tcp_keepalive_time=300
sysctl -w net.core.somaxconn=250000
sysctl -w net.ipv4.tcp_max_syn_backlog=2500
sysctl -w net.core.netdev_max_backlog=2500
ulimit -n 10240
May 19

Firmware of my home heaters (Panstamp = Arduino + TI C1101)

This entry is part 3 of 4 in the series heater

Reading time: < 1 minute

Clicking the next link you can get my github repository with the firmware of my home heaters. The code is very simple but useful as we tested last winter at home.

I know all the public documentation is not enough to duplicate my heating project. I’m so sorry but I have a lot of pending home projects to do because I have a lot of under construction things. If you need some help to understand what I have or how to do something feel free to ask.

 

Jan 30

USB 2.0 VGA from DealExtreme

Reading time: 1 – 2 minutes

Several months ago I bought a video graphics adapter for USB 2.0 port. It’s compatible with Linux, Mac and Windows but for a while I’ve only used it with Windows where it works as a extended screen for my HDMI main display. It works very good with 1920×1080 pixels resolution and it can play videos fast enough using a standalone video player or HTML5 video streaming from the internet.

The chipset used by this product is DISPLAYLINK DL-165 with DVI, HDMI and VGA adapters. It is powered by USB port with 5V DC and 450mA about 2,25W of consumption; but after installing the display driver I lost 2GB of RAM, which in my case it isn’t a problem but sometimes it could be a handicap.

USB 2.0 VGA

USB 2.0 VGA

If you are interested in this product I bought it in DealExtreme webpage, the product page is here and costs 34,28€ with free shipping.

Jan 29

Routerboard CRS125-24G-1S-2HnD-IN (Mikrotik) Cloud Switch

Reading time: 1 – 2 minutes

I bought this product a few weeks ago and finally I can enjoy it at home. With this product you have a firewall, gateway, switch and wireless box with:

  • 25x Gigabit Ethernet ports
  • 1x Fiber channel
  • 3G, 4G or any optional USB modem
  • With RouterOS inside you can manage: gateway, firewall, VPN and ad-hoc switching and routing configurations
  • 1000mW high power 2.4GHz 11n wireless AP
CRS125-24G-1S-2HnD-IN

CRS125-24G-1S-2HnD-IN

The official product page is here where you can find brochure in PDF and other useful information.

If you are looking for a powerful product for your SOHO network this is the solution as I like to say ‘this is one of the best communications servers’. It will be very difficult to find some feature or functionality that you can not get from this product. The product is robust and stable with the flexibility of RouterOS.