I can build all sorts of web applications with common web technologies on both the client and server (JavaScript, PHP, CFML, etc.).
I would like to build some home automation tools and I have no idea how to get from the strictly digital world to the physical world.
Let's say I want a super simple web app to display a bunch of switches in the user interface for some different things in my house. Let's say I'm using X10 hardware (http://www.x10.com/x10-basics.html) that is "listening" for some radio signal.
Is there a way to use web technology to "instruct" my devices (smartphone, tablet, laptop, whatever) to "broadcast signals" to these X10 (or any) physical device in order to make my home more Jetsons-like?
It seems like JavaScript couldn't do any of this because of security stuff, but perhaps a server app running on my local device on my home network could tie into some underlying OS library and do this?
wirelessService = new system.os.superCoolWirelessBroadcasterService();
wirelessService.broadcastSignal("6520 mghz", true); // toaster frequency
All my mobile stuff is an HTML5 front end with an self-hosting asp.net web API backend. I use a https proxy application for security. But I run my stuff on an intranet. It's very easy in my opinion and very rewarding.
Here are a couple of videos:
https://www.youtube.com/watch?v=_2_JSbEytnM
https://www.youtube.com/watch?v=zOhOEWoED4M
Now I did integrate Google Glass which is an app:
https://www.youtube.com/watch?v=vLmPJ9xvfs0
Here you can find a complete listing:
https://www.youtube.com/results?search_query=nick+tullos+home+automation
Here is some of the source code:
https://github.com/NickTullos/CrestJson
Good luck!
You absolutely can. I created several automated processes with Coldfusion. Look at the scheduled tasks section of the Coldfusion administrator.
Many things that are one of specialized tools like barcodes generation or scanner software (just as examples) have third party dlls on Windows with Coldfusion (nothing is perfect mind you) some even required us to extend Internet Explorer via activeX controls. Some of these things included warehousing housekeeping tools, three dimensional boxing interfacing, shipped product checks and payment authorization switches, refund switches, warehousing scale interfaces and U.S. Mail/Endicia/UPS manifest generation.
Nowadays, I do many automated import processes with third party source data. Just formatted CSV or Excel files sent via FTP where I scan and pick of the file for processing.
We also parse raw data from a power inverter and create graphs for review and other statistically useful things for a client. This was not an easy task because there are things in that technology that I am not equipped for and had to learn (power inverter speak). Also the shorthand their technologists used to name data-points made some sense to them, but was immensely obscure and not very easy to translate.
I will tell you that one of the hardest interfaces I worked with was a 1996 serial port based warehouse scale that we got after the DHL bankruptcy. I thought I would lose my mind. There were baud settings like older modems and if there was a failure it didn't do anything (no error nothing).
I would assume you would have to consider that obscure real world interfacing with things that are digital may or may not be feasible.
Coldfusion is very good at automating because it is a dynamic language with an easy to use administrative backend that can access deeper things via Java objects and native .NET support (so anything is possible)!
Related
There are a lot of ways to develop an app nowadays. You can create a full native app, hybrid app, pwa or website. There are probably some formats of apps I didn't mention however that's besides the point. The last two decades have proven that smartphones are the way most of the people(users) are interacting with apps and that's clearly also how they want to interact all the time literally all the time! Developers(wizards) have been working to meet those demands by creating solutions like .Net blazor, Xamarin, Vue, Angular, ect to meet the demand for apps and their development. Currently app stores from Google and Apple are the way apps are distributed only for use to pay them a cut of our app revenue so we look to the web. When we want to create a highly secure app (server-side) we look to the web. When we want to support most operating systems we look to the web. I assume you get the point. only there is one thing that stands in the way and that is excess to the users native device APIs. There are alot of native APIs that are already available in HTML5 only we know that those aren't the specific ones we need for the app we develop. So what are the ways we can expos native device APIs to web apps?
Look at Cordova Plugins: https://cordova.apache.org. If you want to expose API into web, you just should write some player application (web browser) witch will translates JS commands into native API callbacks. To achieve it, you can use WKScriptMessageHandler.
Here you can find an example.
It is not very complicated, but if you want to cover all API, it will very complicated code.
Also, you forget about one coin of a web application: long time of a response, especially with low internet connection. I do not think that is a good idea.
Assume a substantial (MIT Licence) Open Source (Node) Javascript web application.
I'd like to establish confidence that the application does not leak information over the internet. One approah would be to read every single line and make sure I understand it. This sort of detailed code-review feels like overkill.
As the Application is behind a NAT/Firewall, it may be sufficient to establish that the implementation does not initiate any remote connections. It is important to consider both the obvious direct initiation of connections (TCP/HTTP/HTTPS/FTP/SSH - etc.) in the source itself - and by any of the dependencies... and any by indirect means - for example - involving the client web-browser during operation.
I'm not really worried if the application is insecure in the sense that its access controls are fallible from the network on which access is provided... though I don't object to a heads-up about any clear flaws.
Are there tools that make this sort of assesment straightforward? Would a sandboxing approach be viable - and, if so, what mecnaism would be suitable to create such a Node sandbox?
This question is surprisingly broad. You seem to be asking:
are there any "trojan horses" embedded in my nodejs application or its npm dependencies. Did the developers of the code sneak in any malicious code that might exfiltrate my data?
is my nodejs web interface secure against cybercreeps?
is my server (hosting my nodejs app) secure against cybercreeps?
The first rule of information security is this: Nobody can steal information you don't store. If you don't need it, don't store it.
About the trojan horse situation, I have these suggestions about code:
Inspect your own code to the extent you can. Looking at the require() lines of your code is a good start; it alerts you to your own modules that might use outbound networking.
Use npm audit to take advantage of crowdsourced inspection of your dependencies.
If your source code is on github, they'll do some of that npm audit work for you and pester you with emails about vulnerabilities.
Rework your nodejs web app to use the hapi.js framework instead of what you use now. Developed by paranoiacs at Walmart, it has zero external dependencies.
If you have the time and/or money, use a static code analysis tool to inspect your code. Sonarqube, Checkmarx, etc etc.
About rigging up your servers to slow down exfiltration of data:
Monitor or log the outbound traffic from your server and inspect the logs. This may help.
Set up your outbound firewall rules to disallow traffic that's not part of your application. Digital Ocean's tutorial is here. Careful: you can overdo this and break stuff you need.
Keep your sensitive data (in a dbms, maybe) on a separate machine from your web applications. Set up access for that machine with a whitelist that only allows your web applications, and nobody else, to connect to it.
About whether your web interface can repel cybercreeps while allowing legitimate users:
Read up on anti-cybercreep packages like helmet. Understand them and then use them.
Consider attacking your web app every few months with a white-hat hacker's tool like burpscan. That tool costs money. Its developers routinely update it to add test for newly discovered vulnerabilities. It detects stuff like these OWASP Top Ten vulnerabilities and more.
Pay attention to your web server logs. (And be aware that web servers facing the public net get many many probes from around the world to see if they're vulnerable.)
Check the security of your TLS (https) with Qualys's SSL Server Test.
About whether your server machines can repel cybercreeps while allowing legitimate administrative access:
Promptly post security updates from your operating system vendor.
Lock down your machines. Don't run any services you don't need. Turn off, for example, smtp, ftp, dns, ntp, and nfs services on a web server (the services, not the clients for those services). These days this is fairly easy because bare-bones server editions of operating systems don't come with any of that stuff installed or running.
Use nmap to check your servers for open ports, routinely. One of Digital Ocean's excellent tutorials describes this. For a web server, only the ssh and https ports should be open for the safest setup.
Make your public-facing servers "sacrificial". That is, make it so you can build a new copy of the server and its software load from scratch at a moment's notice. That way, if a cybercreep does break into your server, you can just burn it down and start up another one, forcing the creep to start over.
Did I mention? Promptly post security updates from your operating system vendor.
Maybe you can try Sonarqube
I have no experience in installing it, but my workplace use it for checking code quality.
it shows something like this
it will show which line of code is bad, and give suggestion on how to fix it.
i remember seeing something related to OWASP in sonarqube, but have not give it a try yet.
So, suppose there was a game which consisted of a website, and a client that you can launch from said website. I've looked a bit and a relatable example would be Habbo Hotel.
What I'm asking is, what are all the different parts that would make such a game work: for the website part, I'd imagine a server, a database, and some HTML, CSS and PhP coding would be required, but how would the client side operate?
More specifically, how would the client-to-server (and vice versa) real-time communications happen?
Suppose the client be coded in C, how would the integration of C into a (I suppose PhP-framed) browser window be executed?
Note that the client is never downloaded on the user's PC, so where would it reside?
I'm sorry if these are a lot of questions, if the answers were to be too tedious to compose, feel free to just leave some documentation or tutorials (which I've looked for but haven't really been able to find), I'll happily read them on my own. Thanks in advance.
On one side your question is too broad but on the other side I can give you some pointers of how to do this in a modern way:
don't have a client, just a page in a browser
use HTML5 canvas, you may also want to look into SPA (single page application)
connect via websocket, there are HTML5 javascript implementations and PHP or node.js for the server-side
best is, use node.js on the server, PHP would be way too cumbersome
via websocket, send and receive JSON objects
host node.js on its native platform (Linux)
you may want to look into phaser as an HTML5 client-side canvas rendering framework, but it lacks many functionality and is mainly oriented towards twitch-based action games, which don't work well with this architecture because of lag
this will lead you to one conclusion: javascript is at the center of this system. you'll encounter several roadblocks, such as:
security on websockets with SSL for login
avoid SSL for real-time data (above 1 Hz)
UI on the client inside the canvas is not easy to implement, you'll have to re-invent the wheel or find a UI library for that
expect lag, the network code will take some 20%-30% overhead in respect to native C/C# code using TCP/IP or UDP (Lidgren?) and protobuf (Lidgren+protobuf) is what high-frequency AAA titles use (MMORPG or FPS alike)
From the questions you asked I sense a great lack of understanding and knowledge about the field. I guess you'll have to study some 6-12+ months beforehand. This is what I recommend, because if you start right away you'll make a lot of errors and waste your time. If above are any names you don't know about, search them and study them well. And don't start to code, there is a very steep learning curve ahead of you!
EDIT: more about server-side
If you want to implement an action-based interactive game (like an FPS or 2D shooter) I have to tell you this.
You may want to look into Unity 3D, using directly TCP/IP connections and binary messages (no HTTP, no websocket, instead protobuf).
C# (client-side) and node.js (server-side) are a good combination. For horizontal scaling you may want to look into cloud computing, docker, provisioning and a lot of server security.
But this is hostile terrain, it leads you into DevOps territory, which is way off game development. More like an architect's job. Imagine that 3-tier system (client + server + database) has a bottleneck on the server.
You want to spawn more nodes to handle more clients. This is what EVERY lobby-based game does (LoL, Overwatch, WoT, WoW instances, and so on) and what you do for partitioned maps (e.G. the "maps" in LOTRO, RIFT, many more MMORPGS). Also, to mirror (which means multiple instances of the same map to accomodate an overpopulated crowd).
To have this kind of horizontal scaling your servers must go online/offline on their own without you clicking around on command and control (e.G. puppet and similar software).
While this is the ultimate approach, it also has the most steep learning curve, especially because of security (advert DDOS, flooding, slow-loris, fake clients, and the list goes on). A new node must be "provisioned" on the fly (e.G. cloud-config) before it attaches to the cluster and goes online, so there's a whole new world of pain and learning.
The center-piece of such an elastic cloud-based server system is SSO (single sign-on).
Currently, we have a number of GUIs that have been developed using PyQt4 and PyQtGraph.
We need to make these interfaces accessible to a number of remote users and are hoping to do so by serving the GUIs through an HTML/CSS/JavaScript Web-Application.
The link below provides a few suggestions for this task, but these seem to apply to a project that is in its initial stages of creation. I'm familiar with the development of Python-JavaScript Web-Applications using the Pyramid Server and would like to use this same method for providing users access to PyQt4 GUIs that have already been developed.
https://softwareengineering.stackexchange.com/questions/109572/can-i-create-a-desktop-python-gui-application-and-run-it-as-a-web-app
So my question is, can I serve a functional PyQt4 GUI as a widget using HTML/CSS/JavaScript?
This is hard. In theory you could use a VNC-like approach that sends an image of the window to the client browser and sends user events back to the server. This will probably have poor interactivity depending on the networking and would require a lot of server power, depending on the number of users. (For an example of this, see: https://github.com/campagnola/webqt)
You're probably better off distributing the application with something like py2exe, py2app, cx_freeze, etc.
I personally haven't tried it but you could look into Wt: http://www.webtoolkit.eu/wt/
It is a C++ framework that has a Qt flavour. It has a Java version called JWt. Hence, a Jython binding exists for us Python programmers: http://www.webtoolkit.eu/wt/other_language
It is not a direct replacement of Qt, and might need modification to your Qt code to work as a Wt web app, but it certainly seems worth it to look into.
I've written a simple web page that uses Javascript to control a Quicktime plugin for movie playback. There's also some AJAX stuff using jquery to get info on the movies from an MSSQL database. The web page is served to the user from an Apache 2.0 server, this also hosts MSSQL. The end users will view the page in IE6 (unfortunately).
My problem is that the end users now want to use an RS422 jog/shuttle deck control to drive the movie timeline, in place of another jog/shuttle unit that relied on emulating keypresses which was easy for me to detect.
As I'm not a programmer I'm at a loss what to start looking at for a solution to receive the RS422 data and then send that to the Javascript to control the timeline. Is this something that a custom activeX bit of code could do? I've googled ActiveX with Javascript but it's unclear to me (as a novice) how the two work together, or whether this would be suitable at all.
If anyone could give me an overview of what to start researching that'd be much appreciated.
Many thanks.
Jon
JavaScript runs in a sandbox and has no access to the computer at all (for security reasons; you really don't want to make it any more simple for frauds to get at your credit card data).
ActiveX would work but it's a security risk, too. ActiveX is written in C++, no JavaScript there. You'll find information about that on the M$ Website. Note that ActiveX is usually disabled today because of said security risks. Depending how serious your client take security, the virus scanner might not allow to start an A/X control.
Another option would be to write small program which is installed on the client's computer that reads the serial port and send that to the web server where your JavaScript can query it. Okay, that's more than a bit convoluted but probably the least risky.
Or you write a program which transforms the serial codes into key presses (just create the event and post it to Windows). Again, you need C++ or maybe Python with the win32 package.
Your client must understand that this is something which sounds incredibly simple but you'll have to jump through a lot of hoops to make it work. A web browser is not a local application with full reign of the hardware (and it must never be).