RFM69HW temp-humidity node

Not sure if others would have interest in this, but I'm designing a PCB for an easy-to-solder TH node. As presently conceived, it would have 3 surface mount components (an LED on the front and a resistor and capacitor on the back), plus a DIP atmega328p, a header to accept an inexpensive si7021 TH breakout board, an FTDI header, and an RFM69HW. The idea is that it would run at 8Mhz and be powered by two AA batteries, so it's sized to be compact but still easy to solder. The same thing could be achieved with wires and some of the other boards out there, but this might be a little tidier if a TH mote is what you want as either the starting point or the end-point.

PCB dimensions are 0.65x2.55 inches. i.e. it is narrower than a typical AA battery holder, but roughly the same length.

The LED and resistor are optional, and you could forego the capacitor as well if you wanted a truly bare bones TH solution. However, the pads are there if you wanted to utilize them. Also, you could skip the si7021 BoB if you wanted just a generic mote.

I had hoped that someone would make an easy to solder board like this for the RFM69HW, but I got tired of waiting and finally decided to just make my own.

I found a good place to do range testing.... too bad I didn't bring the gear!

Good news! Last night I did some accelerated load testing on the supercap. First I charged it to 3.6v and then I hooked up an RFM69HW mote which woke up once a second to do 3 things: 1. check the voltage level, 2. turn on an LED for 1ms to simulate a sensor load, and 3. transmit a packet containing the voltage data using the RFM69HW.. Bottom line: 14,111 packets transmitted before running out of juice.

Not bad for a first attempt.

Yesterday received the PCB. Today assembled for testing this battery-powered nRF52-based passive infrared motion detector:

Made this 12 button keypad. Requires only one analog pin to read which button is pressed, and any button press can also wake an arduino from sleep:

Consumes no power when no button is pressed.

A pair of lithium AA primaries is hard to beat because:

1. Unlike alkaline's, they don't leak.
2. Have a look at the discharge curve: https://data.energizer.com/pdfs/l91.pdf By the time they drop to 2.4v, if not before, you'll want to replace them.
3. Obviously much longer life, both shelf life (20 years!) and energy capacity.

I think running 8Mhz from the internal RC is a no-brainer: wake up time is less than 4us. So, if your node wakes up often, you'll save a ton of energy over time.

The best time to take your battery measurement is immediately after a Tx. That will give you the most conservative reading. Save that measurement in a variable and then send it in your next transmission. Switch on your ADC just before Tx and take your first ADC measurement during Tx, because you have to throw out the first measurement anyway. That way you can take a fresh (and valid) ADC measurement just after Tx before the voltage rebounds.

Hope that helps!

Here's the version that I most recently assembled:

As you can see, the 15F supercap is now on the board itself. It works fine.

I've since made a few refinements and have sent the new files off to be fabbed. The newest version of the PCB will measure roughly 22mm x 22mm.

Put together this pro mini nRF24 shield for testing...

I have a number of sensor projects that sit within the nice footprint of a Pro Mini. Now I want to find a kind of universal power platform--hopefully small--to power them. So far, what I came up with was this, which runs the Pro Mini from 2xAAA batteries, and where the Pro Mini (and whatever the project built on it) simply "plugs in" to it:

Is there anything better? Ideas? Comments?

@mfalkvidd Well, now that you mention it, I think the ones here do seem to require 2FA (usually typing in a number that they text to your telephone) if you try to log in with a new, "untrusted" device. But after doing it once, if you later use the same device (say, a PC or phone), then I guess the 2FA, if it still qualifies as that, is based on only just your password plus some kind of persistent cookie that they leave in your device cache. If you clear the cache, it suddenly thinks it's a new untrusted device, and then it's back to square one.

Anyhow, what I meant wasn't that, but rather the ability to use a yubicon type device. Is there specific terminology that would separate the older 2FA (e.g. text to your phone) from the new fancier way?

The devices from Amazon (linked above) that I ordered arrived a few minutes ago, so I hope to be giving them a test drive sometime soon.

This guy shows how to, for example, set up a linux server so that you can log-in using only just public and private keys:
5 Steps to Secure Linux (protect from hackers) – 23:15
— NetworkChuck

In fact, he completely disables regular password logins. On first glance it does looks intriguing, maybe even promising. But is it ultimately any better than just using a sufficiently strong password in the first place? That's the key question. He strongly implies that his method is more secure, but he presents no proof of that. Is it blindingly obvious? Well, not to me. And if it's more secure, is it just marginally more secure or is it a lot more secure--enough so to easily justify the effort and inconvenience of doing it? I'd certainly like to know. I would guess that since it's fairly simple it has been widely studied, and that there are reasoned assessments of it, and maybe even some empirical data as to how hack resistant it is in practice. Is there a commonly used name for his technique? If I knew at least that much, it would be a lot easier to check the literature.

@BearWithBeard said in Best password manager?:

I personally prefer self-hosted, local or offline solutions over anything cloud- or account-coupled wherever that's an option.

Yeah, I think I share this preference. The only advantages I can think of for storing a password vault in the cloud are:

1. Presumably, it's backed up often and regularly by whichever vendor you pick.
2. Perhaps it's easier to share keys across different, distant platforms. In my case, I don't forsee much need for this.
3. If it perhaps comes with very good software and extensions/integrations that makes it more convenient and/or easier to use (especially for a spouse or son/daughter to use) than alternatives. I don't see anything that inherently requires a cloud for that, but competition among password companies and the money they rake in obviously helps in getting it built and maintained, let alone well documented and supported.

On the other hand, I think for local network passwords, of which there can be many, there's an obvious advantage to not depending on the cloud for password management, since you will still want access even if your internet connection goes down. So, based on the helpful feedback here (thanks everyone!), I'll probably look into Bitwarden also.

I have no evidence for it, but given the choice, I think I'd rather have the password vault stored in some kind of specialized security chips that were cleverly designed for that purpose. Somehow, anything on a general purpose computer just seems inherently more vulnerable, even if it's on a local network rather than on a cloud computer. So, if there's any truth to that, I imagine there are already specialized devices on the market which cater to that. At this point I just need to learn enough so that I at least become aware of what the essential features are to look for.

Anyhow, I could imagine that in the end I may (probably) end up with two separate, non-overlapping methods for "access management" (for lack of a better term). The first would be for those websites or network devices that are of the more primitive, password-oriented type (as described by @mfalkvidd t above), because if that's what they use exclusively, there's just no getting around it. The second would be a method better suited for devices/websites that can be accessed using more sophisticated, non-exclusively password methods that are just better and much more secure than resorting to passwords. In this way, one uses the best of what's available, and it should still be manageable because there are just two schemes to consider.

And I would "turn on" 2FA and use it whenever possible. I'm finding that in many instances it is already supported as an option for banks, brokerages, email, even if it's not currently required. Though not a secret, most often its existence is poorly advertised. However, now that I'm looking for it, I'm finding that a lot of sites have it.

@BearWithBeard said in Best password manager?:

Bitwarden has been mentioned a few times now. Apparently it can be self-hosted, too. Guess I should have a look at it sometime!

I notice there's some banter on youtube about using Bitwarden in conjunction with two factor authentication.

I just today ordered a couple of different 2FA key fobs to see if maybe either one holds any promise:

https://www.amazon.com/gp/product/B0821TDLP4/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1

and

https://www.amazon.com/gp/product/B06Y1CSRZX/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1

In addition to 2FA, these fobs allude to things like one time passwords, and perhaps even becoming "passwordless." Although both are essentially just a shot in the dark for me, one has to start somewhere. If anyone here is further along in this and has any particular favorites, I'd be very interested to hear which devices you currently like the most.

I keep thinking about the special chip used in the circuit design of a proper mysensors wireless sensor that securely holds the wireless password keys for connecting with the mysensors gateway. As I understand it, even if the mysensors node fell into the hands of a bad guy, the bad guy wouldn't be able to extract the password. In this way, your mysensors network remains secure.

I've forgotten he particulars, but that's roughly the gist of it, isn't it? Yet the mysensor node's software is able to make use of that hidden password anyway, right?

So, barring any major conceptual disconects, I would think that there could exist something analogous for holding passwords to websites, where by design it's simply impossible for the actual secret password to be leaked or otherwise discovered.

Could it actually work like that? Or, am I misrepresenting the facts, or oversimplifying, or otherwise glossing over too many important details?

@BearWithBeard said in Best password manager?:

Haven't they been hacked multiple times?

As I understand it, as long as your master password is both unique and strong enough, it shouldn't matter if LastPass or similar were hacked, since it's a hash of your password that gets stored, not the password itself. On the other hand, if you had a weak master password, then an attacker could probably crack it from knowing the hash, and, at that point, you might well be in serious trouble.

I only just learned that Google chrome allegedly uses your Microsoft Windows 10 password to secure your chrome passwords. Well, a lot of people (like my wife) don't even have a Windows 10 password, to make logging in faster and easier when powering up the computer. So, in their case, I wonder if Chrome, which has nicely collected their passwords, offers any protection at all. Anyhow, now that I know, I need to fix this, in some way or another, even though my wife won't like the inconvenience.

As a follow-up to my other thread about improving overall security: what do people here recommend for password management? A cloud service like LastPass or similar? A self-hosted password manager? Something else? What exactly?

Not sure if it relates to this or not, but I'm pretty keen to get a yubicon for 2FA on critical internet accounts, like email and banks. Maybe even amazon and ebay. Well, heck, why not everything, including mysensors.org? According to my chrome browser, openhardware.io was hacked and passwords revealed. So, yes, I did change my password for openhardware.io, but remembering the new, more secure password isn't easy. I suppose home network security might also benefit from 2FA, but AFAIK it's really "in addition to" rather than "instead of" a password manager for remembering long, randomly generated keys.

I read somewhere that the average person these days has around 85 passwords they need to remember. That seems like a high number to me, but whatever it is, it's definitely far greater than 7 plus or minus 2. And if you have a unique password for every device and virtual machine on your network, the numbers get big in a hurry, let alone the need to keep track of it all and rapidly access the passwords when needed.

@NeverDie said in Advisory: put IOT devices on a separate LAN/vLAN for better security:

@monte https://www.ebay.com/itm/X10SLH-N6-ST031-Supermicro-E3-1200-v3-LGA1150-Motherboard-3x-X540-T2-6x-10GbE/184546263249?hash=item2af7d080d1:g:CCUAAOSwoP1gSWhO

Lest I mislead anyone, I subsequently contacted to the seller and, despite the wording, it doesn't include an E3-1200 with the board. He just meant that as shorthand to refer to the processor family that's compatible with the board. That said, there are a ton of inexpensive used LGA1150 CPU's on ebay that could serve the purpose.

@monte said in Advisory: put IOT devices on a separate LAN/vLAN for better security:

Intel DQ77KB

It doesn't support ECC memory, but maybe it makes no difference, since each packet would contain its own error correction anyway.

What kind of switches are you using to create and manage your vlans? In an earlier post I mentioned I was planning to use relatively cheap 1gbe managed netgear switches, but if I could get 10gbe transfer rates using the ebay supermicro boards for just a little more money plus some memory and a powersupply, I'm inclined to do it. I could certainly live with 1gbe, but to speed along backups or vme migration or restoration from a backup server, 10gbe would be a nice luxury because it's a good match for the read/write rates of pci-e 4.0 nVME drives. Or, some of these older ebay Supermicro boards can be had with gobs of ram (128GB or even 192GB of RAM), where you could easily run entire virtual machines inside of just RAM. Then there's no nVME drive to wear out, and you could pretty much transfer files or VM's as fast as the ethernet will carry it. Or a file server with such outlandish amounts of RAM could have a positively enormous RAM cache to facilitate ultra fast file transfer rates. Then maybe you don't need much nVME on the local machine and just boot from the network instead. It might be a good way to amortize the cost of the RAM expenditure. I don't know for sure how well it would work in real life, as I haven't tried it, but that's the theory. Anyway, for doing those kinds of things, 1gbe just wouldn't be fast enough compared to local nvme, but 10gbe just might be, even after deducting for the ~20% ethernet overhead. This back of the envelope calculation assumes no meaningful network contention, but I'm comfortable with that assumption, because on a home network there wouldn't be.

@monte https://www.ebay.com/itm/X10SLH-N6-ST031-Supermicro-E3-1200-v3-LGA1150-Motherboard-3x-X540-T2-6x-10GbE/184546263249?hash=item2af7d080d1:g:CCUAAOSwoP1gSWhO

@skywatch said in Advisory: put IOT devices on a separate LAN/vLAN for better security:

@NeverDie Quite a lot of this thread is very interesting even though it all goes way over my head. Do you think one of these would do?

https://www.ebay.co.uk/itm/HPE-Synergy-12000-10x-480-Gen10-Platinum-D3940-38TB-SSD-2x-40GB-16GB-FC-Frame/283693062050?hash=item420d6c97a2:g:XK0AAOSwbqdd4Rl0

:}

No.