Node-RED’s cool GUI for the Internet of Things

Node-RED and a quick IRC bot flow
Node-RED and a quick IRC bot flow
The latest version, 0.5.0 of IBM’s Apache licensed, incredibly useful and very cool Node-RED has landed but before going further, I suspect a lot of readers will want to know what Node-RED is.

There’s usually a lot of connecting of things involved with making the Internet of Things do something useful. Whether it be detecting messages on Twitter, listening to IRC, watching a Websocket or grabbing a web page, each source then needs to be processed and if required make something happen. Now, you can write a lot of code to do that or you can check out Node-RED. Billing itself as a “Visual tool for connecting the Internet of Things”, Node-RED is built atop of Node.js and offers a graphical world of IoT building blocks in the browser for you to wire up as needed and test.

Those building blocks, nodes in Node-RED, start with the simple, inject to send something, function to process it using JavaScript and debug to see what is being sent. They then build up to more powerful capabilities such as Http requests, MQTT subscription and publication, WebSocket listening and writing, tcp and udp comms and sentiment analysis. To connect up to social networks, nodes for Twitter and IRC listening and publishing are included. There’s also file storage, logical switches, data manipulation and delay nodes and, for the brave, even a node which will exec a process on the system.

Each node can be placed, configured and its outputs connected to other nodes inputs in the Node-RED GUI, and with the click of the Deploy button, put into action. New nodes can be created and plugged into the system too and there’s a repository of user created extra nodes available.

But, you say, where’s the Internet of Things in this? Well, Node-RED is able to work with Arduinos (connected via USB to host computers over serial or Firmata protocols) or run directly on Raspberry Pi (with GPIO and wiring-Pi modules) and the BeagleBone Black (with BoneScript access). And, obviously, you can write your own plugin nodes to connect up whatever hardware or devices you need to access.

Node-RED is a very capable tool and worth adding to your toolkit. For example, while writing this I was also prototyping an IRC bot which did basic sentiment analysis and commented in the channel. Why not give it a go over the coming holidays? You can download Node-RED from the website or you can find it on GitHub. Documentation including a quick tutorial on creating flows, along with instructions on writing function nodes, creating new nodes, embedding Node-RED into existing applications and running it with Arduino, Raspberry Pi and BeagleBone Black.

The latest version, which we mentioned at the start, has new visuals for showing the deployment state of nodes and handles the idea of “unknown nodes” visually when importing a flow from someone who’s used nodes you haven’t got yet. There’s also new user and direct message tracking in the Twitter node, session aware TCP and WebSocket nodes, enhancements to the MQTT node for authentication and client ID, an “otherwise” option in the Switch node, selectable data delimiters for the serial node and a HTTP Request node that follows 301s. The contributed nodes now include a Snapchat node and a Phillips Hue mode.

The Node-RED developers are now looking at making new nodes installable with npm, Node.js’s package manager, and tackling the separation of the administration UI from the runtime so it’s more easily deployed into future production scenarios.

Microsoft and Adobe’s October Patch Tuesday – Security Snippets

SecuritySnippets

  • Microsoft’s Monthly: It’s remote code execution holes all the way down in this months Patch Tuesday. From a bundle of Internet Explorere fixes in MS13-080 to a crunchy critical remote code execution and extra ‘important’ privilege escalation holes in Windows drivers, MS13-081 going all the way back to XP SP3 and all the way up to Windows 8. But wait, there’s more according to the cumulative advisory, MS13-Oct. Critical remote code execution holes in .NET Framework (MS13-082) and Windows Common Control Library (MS13-083) and “Important” remote code execution holes SharePoint Server (MS13-084), Excel (MS13-085 and Word (MS13-086) are also reported. There’s also an information disclosure hole in SilverLight (MS13-087). Fixes available from your friendly Microsoft Update service.
  • Adobe patches help up: Adobe’s fixes for this month have also been released. As well as the usual Reader and Acrobat fixes, developers who use Adobe’s RoboHelp will want to check out APSB13-24 as its a critical hole which could enable code execution. Adobe are priority rating 3, as it’s “not historically been a target for attackers”, but there’s always a first time.

Apache CloudStack goes 4.2.0

cloudstackThe other other open source IaaS Cloud, CloudStack, has had an update with the release of CloudStack 4.2. What’s new? reveals a lot of work which the announcement summarises as 57 new features and 29 improved features such as the ability to plug in external or internal S3-compatible storage services and support for Cisco’s UCS compute chassis and SolidFire storage arrays.

A trawl through the release notes shows that there is far more than the headline items though. There’s a whole set of features to help support for regions, zone wide primary storage and a plug-in framework for writing UI extensions.

Networking has had a lot of work done to it too with initial support for IPv6 (as a technical preview), portable elastic IPs which can be transferred between zones, the ability to assign a VLAN to an isolated networks and persistent networks which can exist without VMs assigned to it. There’s also Cisco VNMC and VMware VDS support, enhanced support for Juniper gear and global server load balancing with health checks for load balanced instances.

Host support has not been left out. Windows 8 and Windows Server 2012 can now be VM Guest OS’s, ownership of VMs can now be changed by an administrator, resizable data disk volumes, storage migration (for XenServer and VMware), the ability to scale CPU and memory on running VMs (VMware and XenServer again), over-provisioning of memory and cpu (VMware, XenServer and KVM), bare-metal provisioning kickstarter, VM resetting on reboot and VMware VM snapshots.

Finally, there’s a who set of enhancements to the monitoring, maintenance and operations end of CloudStack, with support for auto purging alerts, API request throttling, forwarding of alerts to external SNMP and Syslog systems, a log collection tool, ability to change default password encryption and new VM snapshot and backup capabilities.

You can download the source or binaries (in deb and rpm packages) from cloudstack.apache.org where there is also documentation including installation and admin guides.

Mosquitto’s home, Firefox memory, OpenOffice updates – Snippets

Snippets

  • Eclipse erects Mosquitto net: The MQTT broker Mosquitto is being proposed as a new open source project at Eclipse. It not only implements the TCP based MQTT but has support for MQTT-SN, a connectionless version for UDP and other networks. The plan is to merge Mosquitto and RSMB, a previously closed source MQTT broker implementation, at Eclipse. If, or more when, this proposal is accepted, it will mean that the Eclipse M2M initiative will have a full MQTT cross platform stack under their wing. If you want a low-nonsense, low-overhead publish and subscribe messaging system, you will want to look at MQTT.
  • Firefox memory saves: Sometimes memory saving is marginal. Other times, like this it can be huge. A combination of two fixes applied to the Firefox code base have take peak memory use on image heavy pages down from, in an example, 3GB in Firefox 23 to “a couple of hundred megabytes” in Firefox 26 (Aurora). Excellent work from the Firefox Memshrink team; this wasn’t just a matter of closing leaks but working out what was and wasn’t onscreen and what could have been likely to be on screen.
  • Apache OpenOffice updates: Apache OpenOffice 4.0 has just had its first update in the shape of version 4.0.1. Along with bug fixes, there’s 9 new translations (Basque, Khmer, Lithuanian, Polish, Serbian Cyrillic, Swedish, Traditional Chinese, Turkish and Vietnamese) getting OpenOffice up to 32 languages supported, and a number of performance improvements including speeding up Excel spreadsheet saving by 230% in “one common scenario”. Release notes also show updated translations and updated English (US and proper), Gaelic, French, Italian and Spanish dictionaries. And if you are wondering what this has to do with code; remember you can use OpenOffice headless as a document processing service (start it with the -headless parameter).

Updates for RethinkDB and FreeBSD and a 64-bit .NET JIT boost – Snippets

snippets03

  • RethinkDB gets multi-indexing: The developers of the open source, NoSQL database RethinkDB have announced version 1.10 which comes with the ability to index rows with fields of multiple values, like say an list of tags for a blog entry. Looking for all records with a particular tag previously required slow iteration, but now with the multi-index it is possible to index the set of values within the field and then to “get_all” for a particular tag value using that index. RethinkDB server is written in C++ and AGPL licensed with Apache licensed client drivers.
  • FreeBSD 9.2 released: In the latest FreeBSD release ZFS gets added TRIM support for solid state drives and lz4 compression and there’s updates for OpenSSL (to 0.9.8y), DTrace (to 1.9.0), Sendmail (to 8.14.7) and OpenSSH (to 6.2p2). There’s also virtio drivers and enabled Dtrace in the “GENERIC” kernel. Read more in the FreeBSD 9.2 release announcement.
  • RyuJIT for .NET: Over in the world of .NET, interesting things are afoot with a new 64-bit just-in-time compiler, RyuJIT, making its debut as a CTP (Community Technical Preview). .NET’s had a 64-bit JIT for some time, though the JIT has apparently been quite slow. RyuJIT runs twice as fast and overall gives a 30% speed up to start up. One benchmark with regular expressions went off the scale, going from a 1.4GB working set and 60 seconds run time to 199MB and 1.8 seconds run time – yes the older compiler is particularly bad at regular expressions.

Beta Ceylon, VLC 2.1 released, Whois research and Retro-browsing – Snippets

snippets03

  • Ceylon goes beta: Red Hat’s own JVM-hosted language, Ceylon, has been declared feature-complete and released as a 1.0 beta. There’s a formal language spec, command line tools, SDK and a beta of an Eclipse based IDE for Ceylon too. Lots of language features have been added coming up to beta, including annotations, static methods, try for resources, switch statements that know strings and characters and more.
  • VLC 2.1 debuts: Every coder needs a video player that can handle any format. Thats my excuse anyway and here’s the newly released VLC 2.1 arriving to fill in the latest gaps in my playback capability. A new audio rendering pipeline, OpenGL ES support, new ports (Android from 2.1 to 4.3 for ARM, x86 and MIPS and iOS 5 to 7), a partial WinRT port, Microsoft Smoorth Streaming, support for VNC/rfb and remote desktop view-only modes, lots of new hardware decoding support on OS X, Android, Linux with VDPAU and Windows QuickSyncVideo. Oh yes and there’s the foundations for UltraHD support. And developers will find the code is amenable to integration with more software due to libVLC (and most of the modules) being under the LGPL2.1+.
  • Whois Privacy: An interesting study of whois and the identity proxies used to cover the identity of owners. Interesting in that the idea that only those with something nefarious to hide may use the obfuscating services is blown out of the water – “for example banks use privacy and proxy services almost as often as the registrants of domains used in the hosting of child sexual abuse images; and the registrants of domains used to host (legal) adult pornography use privacy and proxy services more often than most (but not all) of the different types of malicious activity that we studied”. Fixing Whois is going to be harder than we thought.
  • Browse like its 1992: Cern have launched [Line Mode Browser 2013], an emulation of 1992’s line mode browser, using Node.js and modern browser technology to recreate the glow green matrix of terminals of that era. You can find the code on GitHub.

Go 1.2’s Coming, iOS7’s Multipath, RSA’s Aaargh and Tails’ Updates – Snippets

Snippets.png

  • Go 1.2’s coming: The first release candidate for Go 1.2 has been released. Lots of changes though the developers say its “a smaller delta from 1.0 to 1.1”. Read up on whats coming in the Go 1.2 Release notes and look out especially for the changes in the use of nil. If you want to test it, downloads are at the project’s Google Code page.
  • iOS7’s Multipath: There’s a difference between having code that works and having code in production and according to NetworkWorld Apple just made that jump with iOS7 and Multipath TCP. MPTCP lets multiple interfaces, such as Ethernet, WiFi and 3G, and different paths work together to get to a connection to a destination. Apple are using MPTCP to talk to their backend services and it’ll be interesting to see how this works out in the field.
  • RSA’s Aaargh: The RSA have reacted to the NIST pulling Dual EC DRBG, the cryptographic algorithm that has been historically dubious and believed to have been compromised by the NSA at specification stage, in for review by issuing an advisory. The advisory’s bad news covers “all versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C”. The really bad news? “The currently released and supported versions of the BSAFE libraries (including Crypto-J 6.1.x and Crypto-C ME 4.0.x) and of the RSA DPM clients and servers use Dual EC DRBG as the default PRNG”. Yes, as a default. Background in this Ars Technica article where one of the comments has the full text of the advisory. If you use RSA crypto, start your audit now.