User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
mission:log:2014:11:04:howto-setup-use-and-secure-a-local-spark-cloud-server [2014/11/13 19:44] – [HOWTO: Set up and secure a local Spark-Core Cloud] chronomission:log:2014:11:04:howto-setup-use-and-secure-a-local-spark-cloud-server [2016/03/01 10:28] – [HOWTO: Set up and secure a local Spark-Core Cloud] chrono
Line 9: Line 9:
 //Do we really want to give out our complete sensory data (sys/env/biometrics) over all time and possibly full remote control over all the actors, built into everything, at all time, at the place we like to call our home?// //Do we really want to give out our complete sensory data (sys/env/biometrics) over all time and possibly full remote control over all the actors, built into everything, at all time, at the place we like to call our home?//
  
-Some people may haven't yet realized that we've got plenty of open-source tools to store, analyze, link and visualize billions of data rows quickly and with much ease. Image what people with a multi-billion budget are able to employ. To give you a small scale example, how transparent anyone's little life and habits become, I've created a [[https://apollo.open-resource.org/flight-control/vfcc/#/dashboard/db/aquarius-hab-environment-indoor|dashboard]] which doesn't show many metrics yet (more are in the process) but it's more than enough, if you learn how to interpret the graphs. The data you see there is mostly generated by two sparc-cores I've deployed here. Big/Open-Data/Cloud technology is not the problem itself, it's our culture/society, which obviously isn't ready for it.+Some people may haven't yet realized that we've got plenty of open-source tools to store, analyze, link and visualize billions of data rows quickly and with much ease. Imagine what people with a multi-billion budget are able to employ. To give you a small scale example, how transparent anyone's little life and habits become, I've created a [[https://apollo.open-resource.org/flight-control/vfcc/#/dashboard/db/aquarius-hab-environment-indoor|dashboard]] which doesn't show many metrics yet (more are in the process) but it's more than enough, if you learn how to interpret the graphs. The data you see there is mostly generated by two spark-cores which are deployed here. Big/Open-Data/Cloud technology is not the problem itself, it's our culture/society, which obviously isn't ready for it.
  
 In the year 2014, in a post [[http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet|Stuxnet]], [[http://www.heise.de/extras/timeline/|Snowden]] & [[http://www.zdnet.com/unsealed-docs-show-what-really-happened-with-lavabit-7000021489/|Lavabit]] era, we have no other choice but to come out of our state of denial and simply accept the fact, that every commercial entity can be compromised through multiple legal, administrative, monetary, social/personal or technological levers. Access- and Cloud-Provider are no exception. All of them can be tricked, coerced or forced to "assist" in one way or another. No matter what anyone promises, from this point on, they all have to be considered compromised. In the year 2014, in a post [[http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet|Stuxnet]], [[http://www.heise.de/extras/timeline/|Snowden]] & [[http://www.zdnet.com/unsealed-docs-show-what-really-happened-with-lavabit-7000021489/|Lavabit]] era, we have no other choice but to come out of our state of denial and simply accept the fact, that every commercial entity can be compromised through multiple legal, administrative, monetary, social/personal or technological levers. Access- and Cloud-Provider are no exception. All of them can be tricked, coerced or forced to "assist" in one way or another. No matter what anyone promises, from this point on, they all have to be considered compromised.
Line 24: Line 24:
 {{:mission:log:2014:10:local-spark-core-cloud-overview.png}} {{:mission:log:2014:10:local-spark-core-cloud-overview.png}}
  
-When you follow this howto and secure your network access with a strong VPN you'll end up with something that looks like this image, where we effectively mitigate all these issues and take back control of our privacy & autonomy. At least we now can decide if and which data we want to share and publish.+When you follow this howto and secure your network access with a strong VPN ([[https://airvpn.org/|AirVPN]] used here) you'll end up with something that looks like this image, where we effectively mitigate all these issues and take back control of our privacy & autonomy. At least we now can decide if and which data we want to share and publish.
  
 ==== Key Features/Aspect Comparison ==== ==== Key Features/Aspect Comparison ====
Line 67: Line 67:
 At this time is wasn't possible yet to use a gentoo crossdev toolchain to compile At this time is wasn't possible yet to use a gentoo crossdev toolchain to compile
 the firmware since it seems to require newlib-nano instead of the plain newlib gentoo  the firmware since it seems to require newlib-nano instead of the plain newlib gentoo 
-would like to merge. Aholler  +would like to merge. There wasn't enough time to hunt down this particular bug further so the 
- +
-There wasn't enough time to hunt down this particular bug further so the +
 [[https://launchpad.net/gcc-arm-embedded/+download|official toolchain]] was used instead. [[https://launchpad.net/gcc-arm-embedded/+download|official toolchain]] was used instead.
  
Line 476: Line 474:
 ==== OTA firmware update ==== ==== OTA firmware update ====
  
-It's possible to update the cores via Wifi, also called OTA (Over the Air) update. This is really nice feature, since we don't have to run around and deploy new firmware locally via USB but we can just push new firmware to any ID we designate.+It's possible to update the cores via Wifi, also called OTA (Over the Air) update. This is really lovely feature, since we don't have to run around and deploy new firmware locally via USB but can just push new firmware to any ID we designate. I have this oneliner directly in my build script, so when I build directly in atom editor, it compiles the firmware and automatically pushes an OTA-Update to the designated core. If there were more core's with the same firmware, it should be easy enough to auto-update more than one.
  
 <code> <code>
Line 517: Line 515:
 Depending on your state of mind, you might perceive this as paranoid but I can guarantee you, this has nothing to do with paranoia in any way, neither should this be perceived as a rant against spark-core or Amazon Web Services for that matter. Amazon Web Services is just the cloud provider used by spark.io and therefore got mentioned because it is so. What applies here applies to any other cloud platform one could choose, in general. From a business standpoint of view the decision to put things into a AWS seems absolutely valid to me. Of course, it's a little more expensive when you crunch the numbers but in return you get the full orchestra of AWS products, which in my experience do a good job working together, route53, elb, multiple geolocations and the whole shabang. And you can react very quickly to changes in demand of requests. In a perfect world, I would just use it as it is, because the setup isn't bad when we consider bandwidth not a problem. But when government agencies run haywire and military/intelligence/media war- and fearmongering go completely out of hand, as it obviously has during the last 12 years and no one really does a thing about it, the only logical place left to seek change is in oneself. Do it yourself then :) I am happy, grateful and amazed that now everybody can get these devices to tinker, create and learn. Hopefully, some of these experiments and examples will help someone else to save some time, to get their brains wrapped around the concepts of this one more quickly. Depending on your state of mind, you might perceive this as paranoid but I can guarantee you, this has nothing to do with paranoia in any way, neither should this be perceived as a rant against spark-core or Amazon Web Services for that matter. Amazon Web Services is just the cloud provider used by spark.io and therefore got mentioned because it is so. What applies here applies to any other cloud platform one could choose, in general. From a business standpoint of view the decision to put things into a AWS seems absolutely valid to me. Of course, it's a little more expensive when you crunch the numbers but in return you get the full orchestra of AWS products, which in my experience do a good job working together, route53, elb, multiple geolocations and the whole shabang. And you can react very quickly to changes in demand of requests. In a perfect world, I would just use it as it is, because the setup isn't bad when we consider bandwidth not a problem. But when government agencies run haywire and military/intelligence/media war- and fearmongering go completely out of hand, as it obviously has during the last 12 years and no one really does a thing about it, the only logical place left to seek change is in oneself. Do it yourself then :) I am happy, grateful and amazed that now everybody can get these devices to tinker, create and learn. Hopefully, some of these experiments and examples will help someone else to save some time, to get their brains wrapped around the concepts of this one more quickly.
  
-{{tag>spark-core embedded arduino security software hardware IoT crypto}}+{{tag>spark-core embedded arduino security software hardware IoT crypto vpn}}
  
-{{keywords>Apollo-NG apollo next generation hackerspace hacker space research development makerspace fablab diy community open-resource open resource mobile hackbus spark-core embedded arduino security software hardware IoT crypto}}+{{keywords>Apollo-NG apollo next generation hackerspace hacker space research development makerspace fablab diy community open-resource open resource mobile hackbus spark-core embedded arduino security software hardware IoT crypto vpn}}
  
 ~~DISCUSSION~~ ~~DISCUSSION~~