To learn CB, I've decided to browse the services on my iPhone. I'm finding a few, but except Battery and Time, the others are "Unknown". What is it?
Some services have defined UUIDs (such a battery and time) and these are listed on the Bluetooth Developer Portal. The defined services also have a set of defined characteristic IDs
BLE also allows developers to specify their own service and characteristic UUIDs - since the chance of collision for random UUIDs is infinitesimal, there is no requirement to register these, but organisations may choose to document them. Apple's notification center service defines some, for example, and many chipset/module vendors define services to make it simpler for developers to use their modules.
Looking at my Fitbit Flex I can see device information and battery services - these are well known, as well as two unknown services which, presumably, FitBit use to transfer activity and configuration information to and from the device. Short of trying to reverse-engineer their protocol there is no other information available on these services and characteristics.
Related
The reason I write this post is I would like to avoid re-inventing the wheel if possible, as I think this is definitely a solved problem, but I am struggling to find a SaaS provider which offers an existing solution that fits my use-case.
The problem goes as follows:
I am running a fleet of data hungry IoT devices.
These devices need to send data to multiple 3rd party endpoints (all HTTPS).
Currently as each new endpoint is added, the mobile data usage (3G/4G/5G) scales in a linear manner, as it is sending to each 3rd-party from the IoT device itself.
Proposed solution:
The IoT devices transmit their data to a HTTPS "hub", this then forwards the data to a list of specified endpoints. Like how a HTTPS load-balancer would work, but operating in a send-to-all mode.
This would keep the IoT device data usage constant, while increasing the cloud data usage (which is orders of magnitude cheaper). Resulting in a cost saving.
Now I had imagined that this is a fairly common problem with IoT devices, but am struggling to find any provider offering this type of service already. I may be lacking knowledge of what terminology to search for if this already exists. If anybody knows the name of a service which offers something like this then this is the type of answer I am looking for.
Ideal features:
HTTPS retry. The service should cache a request if it fails to forward to one or more of the destinations, it should then attempt to re-transmit to the failed destinations after some amount of time.
A SLA regarding uptime, as downtime of this service would expectedly cause a larger outage than duplicating the requests in the original method.
Reverse proxy to preserve the original IP address if possible.
A web GUI (a nice-to-have but not essential).
If this doesn't exist I will likely write my own solution. Thanks in advance.
I have a problem that it's bugging me:
I have some iBeacon devices (tags to be exact) and I want to create a custom new app supporting their functionality.
The problem is that every now and then the tags change their mac address (very frequently) as well as their UUID (frequently but not too frequently). The way I see it this feature has been implemented to protect users against tracking.
Now this can be hardware specific feature (I use the lasso tags) or be a standard functionality of the standard (iBeacon spec which I don't have).
Can someone please verify the intended functionality or at least give pointers to iBeacon official specification and/or other documents?
Regards
Recently, Apple made the iBeacon specification available on their iBeacon Developer pages: https://developer.apple.com/ibeacon/ (the "Download Artwork and Specification" link in the right-hand sidebar). You still need to accept the iBeacon License Agreement.
Some vendors use rotating UUIDs (and/or majors and minors) as a way to address security and privacy concerns, just like you said. It's not exactly what Apple intended for iBeacon (they mentioned on multiple occasions that you should plan around the possibility of beacons being spoofed, b/c iBeacon is not meant to be secure), but it's still compatible with the specification.
Most commonly, there's some known seed or secret key uploaded to the beacon during manufacturing or when enabling such security feature. Only authorized parties know the seed/key, and thus can either predict what's the UUID/major/minor of a beacon supposed to be at any given time, or decrypt it. In the end, UUID+major+minor is just 20 bytes of data broadcast by the beacon, and you can encrypt it just like any other data. (Well, actually, the problem with the iBeacon is that on the iOS side, you need to know the UUID of the beacon in order to scan for it, so at least the UUID—i.e., the first 16 bytes—need to be only pseudo-random, and can't be completely random.)
Personally, I would say this is one of the cases where the market validated the iBeacon idea/spec, and came up with a solution to a problem that Apple decided not to tackle. And I wouldn't blame them—they pretty much pioneered the beacon technology (sure, it was there before, but much less popular than it is today), and nobody at that time though about using iBeacon for tagging personal belongings.
When Google released Eddystone—i.e., an alternative beacon protocol—earlier this year, they announced at the very same time that encrypting the Eddystone identifiers will be part of the core spec:
At the same time, privacy and security are really important, so we built in a feature called Ephemeral Identifiers (EIDs) which change frequently, and allow only authorized clients to decode them. EIDs will enable you to securely do things like find your luggage once you get off the plane or find your lost keys. We’ll publish the technical specs of this design soon.
(source: http://googledevelopers.blogspot.com/2015/07/lighting-way-with-ble-beacons.html)
To me, this pretty much validates the idea of securing beacons, and rotating the UUIDs is just a clever market/community "hack" of the iBeacon spec to do just that.
Bluetooth LE beacons transmitting the iBeacon format, including those displaying the iBeacon certification logo, typically do not change their mac address. I base this statement on two years of experience testing these beacons from a wide variety of vendors. It is also unusual for an iBeacon to automatically change its ProximityUUID. These appear to be peculiarities that are specific to one vendor's implementation. The fact that these implementation details are unusual doesn't necessarily mean it isn't allowed -- it just means it is unusual.
Unfortunately, the iBeacon specification is proprietary and not publicly available from Apple. You need to enter a business relationship with Apple to be able to access the official documentation. That said, there is no shortage of information about iBeacons in the public domain obtained by folks who have reverse engineered the simple devices. In the absence of official public documentation, you simply have to do Google searches and use your judgement about the quality of the information you find.
I was poring over the docs for Open DayLight, and can't seem to wrap my head around what software-defined networking even is. All the media hype, blogs and articles I can find on SDN are riddled with buzzwords that don't mean anything to me as an engineer. So I ask: What (exactly) is SDN? What are some specific uses cases/problems it solves? Is it:
Just making proprietary networking hardware serve network APIs, thus allowing programs to configure them (instead of IT guys using a console or web interface)?; or
Implementing (traditionally proprietary) networking hardware as software; or
Writing software that somehow integrates with virtual networking hardware used by virtualization platforms (vLANs, vSwitches, etc.)?; or
Something else completely?!?
BONUS: How does Open DayLight fit into this equation here?
First of all, you are right, there is not official definition from NIST or some similar standardization body and the fact that its meaning is fuzzy is exploited by marketing people.
The main point of SDN is that it allows to program network functions with APIs.
In the past, networking devices like switches and routers were only configurable using a proprietary interface (be it vendor specific tools or just the CLI on the device) and there were no APIs which allow to configure OSI L2 - L3 aspects like VLANs and routes but also L6 - L7 aspects like load balancing highly dynamically. Btw. In the case of L6 - L7 functions, the term NVF = Network Virtualized Function seems to be established by now.
This is needed especially for multi tenancy capable virtualized IaaS systems. You can create new VPCs and arrange them together at will. To really isolate tenants from each other, you need to have a L2 isolation and so the same dynamics that is offered for VPCs is propagated to the networking for interconnecting them.
Conclusion: It is about your first bullet with the extension, that the APIs must not necessarily be offered by some hardware appliance, it can also be offered by some pure software implementation.
Regarding OpenDaylight:
It is the OpenStack pendant for SDN. They also actively push integration with OpenStack. They say they are an "open, reference framework for programmability and control through an open source SDN and NFV solution". This means it provides (as you say) a façade for the manfold aspects of networking.
They have all the big names as members which probably means they have the power to establish a de-facto standard like OpenStack did. Members benefit in that they can provide plugins, integrations and adaptations for their products so that they seamlessly integrate with OpenDayligh and you only need to care about a single standard API.
SDN is programmable networks. Different SDN solutions provide different functions in their APIs towards the app developer.
There is a good overview of SDN for software developers here:
https://github.com/BRCDcomm/BVC/wiki/SDN-applications
The most common elements for SDN solutions are
North-bound API: A programming interface used by an application/script to monitor, manage and control the network topology and packet flows within the network.
Network elements: Switching or routing network elements that enforce the rules provided by the application via the north-bound API. These elements may be physical (Cisco, Brocade, Tallac, etc) or virtual (Open VSwitch, Brocade Vyatta vrouter, Cisco 1000, etc) or a combination.
Controller-based solutions have a clustered architectural element (the 'controller') that provides the north-bound api towards applications and an extensible set of south-bound APIs to which network devices connect. Some controllers available today are OpenDaylight, Open Network Operating System (ONOS), Juniper Open Contrail, Brocade Vyatta Controller (ODL distribution), HP VAN Controller and more.
Best rules of thumb to understand an SDN offering:
Read its north-bound API - this tells you what you will be able to monitor, manage and control in your network.
Find out which south-bound APIs it supports - this tells you which switches/routers it might work with.
Some SDN use cases/applications:
DevOps/Admin automation - Applications and scripts that make a network admin or DevOps life easier through automation. OpenStack Neutron is a common example.
Security - HP provides 'Network Protector' that learns the topology of the network and then monitors activity providing alerts and/or remediation of non-compliant behaviors.
Network optimization
Brocade offers 'Traffic Manager' that monitors network utilization and modifies traffic flows in real time to optimize quality based on defined policies.
HP provides 'HP Network Optimizer' that provides an end-to-end voice optimized path for enterprise Microsoft Lync users.
Lyatiss provisions AWS networks in realtime to meet application needs.
Monitoring classroom time-on-task - Elbrys provides an application that provides a teacher with a dashboard to monitor student's time-on-task in real time and cause redirects of individual students to web pages of their choosing. (Disclaimer: I work for Elbrys Networks)
OpenDaylight project proposals page - https://wiki.opendaylight.org/view/Project_Proposals:Main
The concept of SDN is very simple. SDN decouples control-plane (i.e. decision making) from data-plane (the actual forwarding actions) and provides API between them (e.g. OpenFlow API).
Image source: https://www.commsbusiness.co.uk/features/software-defined-networking-sdn-explained/
With SDN architecture, network engineers no longer have to learn proprietary CLI commands for different vendors. They can focus on developing logically centralized control programs to make network global decisions and send it down to network switches (data-plane). Dumped network switches (data-plane) received controller rules/decisions and process network packets accordingly if no decision found they ask the controller.
For example: In SDN architecture routing algorithms developed as a program in the controller, it collects all required metadata (e.g. switches, ports, host connections, links, speed, etc) from the network then make a routing decision for each switch in the network. While in a conventional network, a routing algorithm is implemented in a distributed fashion in all switches (i.e. generally each switch has its own intelligence and makes its own routing decision).
SDN explained by Nick Feamster
Here is a good paper that illustrates the road map to SDN
There may actually not be an answer to this question, but I wanted to post here just in case because it will require some out of the box thinking. This may not be a programmign question per se. If it isn't, rather than downvoting, perhaps you can suggest another stackoverflow site to use for this specific question?
We have installed, and have running, an SMS gateway from SMS Tools 3 (http://smstools3.kekekasvi.com/) and I can receive / send text messages.
Additionally, we have created a custom SMS application for Android / iPhone that embeds GPS location data into the sms message, but we are trying to figure out a way to obtain location based data from a user using a dumb phone (think NGO in Africa with users using the most basic of phones).
Is it possible to get location based data from a SMS message from a phone that lacks wifi/GPS? The only thought so far would be to somehow get the cell towers used by working with cell phone providers in the targeted country.
Thoughts?
Note: This is not an attempt to track users location unknowingly (else we wouldn't have created our custom SMS message application)
You can always do GSM tower triangulation (first iPhone did that) and you don't need to go to all operators - a lot of services out there.
Cellular localisation methods which do not use WiFi, GPS (and other satellite-based navigation systems) depend heavily on the radio access network (RAN), so will vary depending on the type of the operator network , (GSM/CDMA/UMTS/LTE etc.). Its important to understand this because often there are multiple types of networks coexisting in the same country, which can result in varying performance of the positioning scheme used.
Since your question specifically mentions GSM, lets stick to it. GSM cell triangulation encompasses different schemes for obtaining location info of the subscriber. Broadly, these schemes fall in two categories: Network-based and Terminal-based.
Network-based services require signaling in the operator's Core Network (CN) and could be triggered by an agreement with the operator. Technically, this occurs when a call is made or an SMS is sent to a pre-defined emergency number. For more technical details, refer to the ETSI spec [1]
*The drawback: Requires operator support!*
Terminal-based services are dependent on the presence of some location service on the mobile phone - GPS, Wi-Fi, Internet etc.. In the absence of these, there is conceivably only one solution: Have the Mobile Terminal (MT) send its cellular location information - [ MCC + MNC + LAC + CellId ] to the RAN which can forward the information to a GIS service than obtains the Lat/Long of the user. One GIS service that's freely available is Google's geolocation API [2]
[1] http://www.etsi.org/deliver/etsi_ts/101700_101799/101724/07.03.00_60/ts_101724v070300p.pdf
[2] https://developers.google.com/maps/documentation/business/geolocation/
Where would I go to learn write code that had to be very, very secure and that DOES expose external services (running on a standard Windows or Linux OS). Knowing what services can and cannot be safely exposed would be part of the issue. Note that I am not looking for a favorite choice between Linux and Windows, as the choice is not likely to be mine to make in any given case. However the level of security needs to be military grade.
I almost feel embarressed giving this as a for instance, but how would I know whether or not I could use, say, WCF, in such a setting.
High security is a difficult concept as it generally involves way more than just the code you wrote.
Basically every layer of the OSI model has to be taken into consideration. Things like, preventing capture of the data stream (or it being rerouted) between the end points (quantum cryptography).
At the higher levels, you have things like various things like
Physical security of the devices (all endpoints if possible).
Hardening the OS (e.g: closing ports, turning off unused services, using kerberos, VPN tunnels, and leveraging white lists of machines allowed to connect, etc);
Encrypting the data at rest (file encryption), in transmission (SSL), and in memory (column/table encryption).
Ensuring and enforcing proper authentication and authorization at every level (in app, in sql, etc).
Log EVERYTHING. At a minimal it should answer "who/what/when/where/how"
Along with the logging, Actively Monitor it. aka: intrusion detection.
Then we can move on to other things like looking at other attack vectors like sql injection, xss, internal / disgruntled employees, etc.
And once you've done all of that be prepared when a hacker gets away with everything they want simply by social engineering.
In short, the best tact to take in order to secure any computer related application is to listen to the ethos of Fox Mulder, and Trust No One. Another favorite of mine that applies is: It's only paranoia if they aren't after you.
You could use formal methods to (sort-of) prove the critical parts of your software. A tool like Frama-C (free, LGPL license, targetting embedded systems) could be relevant (at least if your software is critical, embedded, written in C).
But military grade don't mean much. Your client will (and should) define exactly the standards to respect. For instance, critical [civilian] aircraft software needs to follow something like DO-178C (or its predecessor, DO-178B). Different industries have different standards similar to that. (both railways and medical industries have their own standards, which might be different in North America than in Europe).
If your system (& client) is less demanding (i.e. no billion dollars or hundreds lives threatened by bugs) you could consider customizing your compiler or using some other tool. For example, GCC is customizable thru plugins or thru MELT extensions.
Don't forget that software reliability has a big price (that means a big cost for you, hence for your client).
Well, the question of where can be answered simply. Not in school. I suggest to create a learning path for yourself. Pick a technology that you like and learn it inside out. A basic book to get you started should suffice, however the rest of the stuff you learn as you go, or via the documentation of that technology.
For instance - learning under .NET (Microsoft) involves a basic A-Press text-book (i suggest Pro C# and The .NET 4.0 Platform). Thereafter searching through the .NET Framework Reference on MSDN will give you the rest.
If you are looking for WCF reference, I suggest the (MCTS Exam 70-503, Microsoft .NET Framework 3.5 Windows Communication Foundation) and MSDN.
Just keep in mind that not a single technology will achieve what you are looking for. For example: WCF co-mingles with WF (Windows Workflow Foundation), as well as SQL Data Services and Entity Framework. Being exposed to multiple technologies will definitely broaden your vision.
===============================================================================
WCF is a beast in this regard. Here are the advantages over some other means of communication:
Messages (data) passed between end points can be secured via message-level security (encryption). The transport channel chosen can also be secured at protocol level via transport layer security (encryption).
End points themselves can authorize and impersonate clients (client level security). You can implement end-to-end service tracing, health monitoring & performance counters, message logging, as well as forward and backward compatibility with newer/older clients (via graceful degradation of the message format, provided in WCF). If you chose to do so, you can even implement routing as fail-safe for your communications channel. WCF also supports transactions (ACID), concurrency, as well as a per-instance throttling, giving you the most flexibility in writing secure/robust military grade code.
In retrospect the security and flexibility of WCF are astonishing. A similiar technology (if not the same) is the WS-Security spec. It is part of the WS-* specifications for web services and deals with Xml signature and Xml encryption to provide secure communications channel between two end points.
The disadvantages of WS-* however is that it is a one-way means of communication. WCF can facilitate 2 way communication. A client can send a request to a server, but also a server can send requests to the client. WS-* dictates that a client can only send and receive responses to the server, but not vice versa.
I am not a WCF developer so i thought the highlights might provoke you into doing your own research. "There are hundreds of ways to skin an animal, neither of them is wrong..."