Hands on with Matter and Thread(11 min read)

Matter and Thread offer many benefits, with standardised interoperability, local-only control, built-in security, multi-admin, and IPv6 support — helping drive IPv6 adoption and development skills.

Several devices have now launched, and I have tried out a few of the available devices with Google Home and Home Assistant, however these are early days, and feature implementation still lags behind native integrations in some significant areas.

Thread-based devices:

  • Nanoleaf Essentials light bulb and LED light strip
  • Eve Home smart plug

Wi-Fi devices:

  • Sonoff MINIR4M inline switch
  • Zemismart ZME2 dual inline switch
  • Wiz light bulbs
  • Tapo P110m smart plug

Most devices initially required their native app for firmware upgrades (although the new Eve device updated without it), and there were many features only accessible via native apps (even where the features are in the Matter standard).

In particular none of the switches had separate switch and relay parts for detached operation via Matter bindings, although the Sonoff does support detached mode via the native app, and the Zemismart had the Binding cluster but I couldn't get it working.

Continue reading Hands on with Matter and Thread(11 min read)

Deploying a secure LwM2M IPv6 test server on AWS(15 min read)

Lightweight Machine-to-Machine (LwM2M) is a compact protocol design for Internet-of-Things (IoT) scenarios, that provides end-to-end services including efficient transport, encryption, device lifecycle, and messaging semantics. Devices deployed to the field will connect to full LwM2M endpoints, however you may also want to deploy your own LwM2M demo server for testing purposes.

This article shows you how to deploy an Eclipse Leshan server onto Amazon Web Services (AWS), configured for secure connections (COAPS for messaging, and HTTPS with basic authentication for the Web UI), accessible over the internet, and including support for both IPv6 and legacy IPv4.

First we will configure a network in AWS, then deploy the server, and then test the deployment.

AWS container diagram

Continue reading Deploying a secure LwM2M IPv6 test server on AWS(15 min read)

AI and copyright: Addressing an incongruity(4 min read)

In our rapidly evolving digital age, traditional concepts such as copyright are being rigorously tested. The advent of Artificial Intelligence (AI), in particular, has initiated a crucial debate on the validity and efficacy of existing copyright laws. This debate becomes particularly intense when we consider the striking difference in the treatment of photographs and AI-generated art under current copyright laws. This discrepancy calls into question our collective understanding of creativity, ownership, and the essence of copyright itself. Is it time for us to reevaluate the concept of copyright in the digital era?

Continue reading AI and copyright: Addressing an incongruity(4 min read)

Device Authentication with Nordic Thingy:91 and Azure IoT Hub(22 min read)

Security is an important topic for the Internet of Things, and there are several considerations to secure device identity. A good practice is to use secure protocols (such as TLS or DTLS) for transmitting any sensitive information over the network and to ensure that passwords and other sensitive information are securely stored.

This article will provide an example of using X.509 client certificates for connecting to Azure IoT, using the Nordic Thingy:91 platform. The certificates are securely loaded directly to the device, so they are not exposed in the device firmware.

Using certificates allows a hierarchy of trust to be established, allowing system owners to delegate certificate management to third parties while retaining control of the root trust.

The article also covers the usage of IPv6, and accessing IPv4 servers from the Telstra IoT network, running in IPv6-only mode and using NAT64.

Nordic Thingy:91 Cellular IoT Prototyping Platform, unboxed.

Continue reading Device Authentication with Nordic Thingy:91 and Azure IoT Hub(22 min read)

Dogs in the Vineyard – Conflict Process(2 min read)

I've been playing a few short sessions of Dogs in the Vineyard, so put together a one page step-by-step summary of the conflict process.

Note that the process does not include the detailed tables for fallout. You will need to refer to the main rules for that, or the D.O.G.S. generic version.

It is an interesting system, where a conflict is not a single roll of the dice, but an entire scene that you add (recurring) elements to as it progresses; it kind of reminds me a bit of the conflict resolution in Mouse Guard.

It is not just a "I do this", roll, done, type system, but one where resolving the conflict forms the narrative story line, as you bring in elements. The more narratively important an item is to you, the more dice you should assign it - a similar example from the Cortex Plus Firefly game is "Jayne's Hat". Assigning that item 2d10 (in DitV) would mean you want to narratively bring it into every conflict that you can.

I can't even think how to approach a statistical analysis of DitV, like I have done for other systems. Systems like Corex Prime are complex enough so that you can't readily calculate probabilities in your head — you know 3d6 is better than 2d6, and 2d10 is better than 2d8, but trying to compare (1d10 + 3d6) vs (4d8 + 1d4) is not something you can do off the cuff. But you can mathemtically calculate it.

Because DitV involves some foresight (you roll a little bit in advance before you pick what to use), it relies on some tactical skill at picking dice, not just probabilities. And because what you will roll depends heavily on the narrative direction the encounter goes, it is difficult to know what even will be relevant.

The resolution is also at the entire encounter level, not individual actions. e.g. it is easy to statistically determine if you will hit in Dungeons & Dragons, and what your average expected damage will be. But trying to determine who will win in a fight between a Rogue and Cleric vs three Orcs is a lot more complicated.

I will look at doing a longer analysis of the system in the future, but for now the conflict process summary is a start.

RPG Mechanics: Success at a cost(18 min read)

Tabletop roleplaying games are generally about shared storytelling, and stories are generally pretty boring if the story ends because the protagonists don't find the clue, don't get past the locked door, or don't survive a battle. Failure needs to continue the story by leading to something else interesting, being only a partial failure, or being success at a cost.

I will detail some of the concepts and approaches used by different systems, including several open source alternative roleplaying games, that can be incorporated into your game, even if the specific mechanics are not.

A related concept is the treatment of character death, which is usually the ultimate failure.

Some systems, like early Dungeons & Dragons, or revival games like Dungeon Crawl Classics, treat the adventuring group more like a wargaming troop, where when one character dies the next steps up to continue as the protagonist. Other modern systems have more explicit success at a cost mechanics or alternative ways to handle death.

The discussion is organised by concept, with examples given from different systems, including Fate, Dungeon World (Powered by the Apocalypse), Blades in the Dark, and Gumshoe.

Continue reading RPG Mechanics: Success at a cost(18 min read)

Running NAT64 in a dual stack network(5 min read)

Network address translation 6-to-4 (NAT64, RFC 6146) is a transition technology that can be used, in conjunction with DNS64 (domain name system 6-to-4, RFC 6147), to replace NAT44 in dual-stack networks, and allowing support of IPv6 only devices.

Dual stack is a common deployment solution for adding IPv6 for both consumer and corporate networks, although IPv6-only is becoming more common, with the typical guidance being "IPv6-Only Where You Can, Dual-Stack Where You Must"

Even if you are still stuck in dual stack, it still makes sense to use some of the IPv4 as a Service technologies, such as NAT64 and DNS64, which have the upside of allowing you to support IPv6 only devices, and no downside. As an additional benefit, you also get valuable experience in IPv6 systems.

The cost is that you need to have infrastructure that supports NAT64, either provided by your ISP, or from your own networking equipment/router. This is not as much an issue for DNS64, as public DNS64 is available, e.g. Google.

If your network supports it, look at implementing NAT64 + DNS64 today; if it does not, contact your equipment provider to find out when they will support this important technology for IPv6.

Network with IPv6 and dual stack devices using NAT64 to access an IPv4 server, with IPv4 devices using NAT44

Continue reading Running NAT64 in a dual stack network(5 min read)

Smart Buildings — Running an OpenThread Border Router(18 min read)

Thread is a mesh networking stack running on 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks) over IEEE 802.15.4 radios. To connect to the broader network, a Thread Border Router is required, which acts as a gateway between the Thread mesh radio network and upstream networks.

Thread, especially when used with Matter, is an important development for home automation, however the technologies also have commercial applications. The initial commercial focus of Thread is for smart buildings.

The networking layer sits between the underlying physical network, and the application layers on top.

Thread layers: UDP, IP Routing, 6LowPAN, and cross-cutting Security/Commissioning, with non-Thread layers beow IEEE 802.15.4 MAC and IEEE 802.15.4 PHY, and non-Thread applications layer above

Matter is an application protocol for device automation that runs on top of Thread (and also WiFi), with Bluetooth used for device commissioning. Matter 1.0 was also released in October 2022 and is supported by major home automation vendors (Google, Amazon, Apple, and Samsung), but can also be used in commerical deployments.

When provisioning a Matter device to a Thread mesh, Bluetooth is used for the initial provisioning and sets up both the connection the the Thread mesh and registration in the Matter Hub. One important aspect of Matter is multi-admin, allowing one device to be controlled by multiple hubs.

The layered approach means Thread can be used by itself, providing mesh networking for smart buildings using other protocols, or in conjunction with Matter.

The article also looks at setting up a OpenThread Border Router for testing, and shows provisions a Matter test device to the Thread mesh.

Continue reading Smart Buildings — Running an OpenThread Border Router(18 min read)

M5Stack Atom NB-IoT device with secure MQTT over IPv6(20 min read)

M5Stack produce a suite of pilot-suitable modular IoT devices, including the Atom DTU NB-IoT. The NB-IoT DTU (Narrow Band Internet of Things - data transmission unit) comes in a small 64 24 29mm case with a DIN rail clip on mounting and support for RS-485 including 9-24V power (or USB-C power).

The kit base has a SIM7020G modem and the ESP32-based Atom Lite (which also supports WiFi) is included with a very resonable price. The device has built in MQTT, supports secure public certificate TLS connections, and supports IPv6.

While the physical unit is ready for pilot deployment (and the M5Stack website has several commerical deployment case studies), there is no pre-written firmware for the device, so some up front development is needed.

As well as reviewing the strengths and weaknesses of the device, I will also provide some sample code for a proof-of-concept using an Env III environment sensor to transmit temperature, humidity, and air pressure to an MQTT test server using MQTTS (with server certificates), over IPv6, over NB-IoT.

M5Stack Atom DTU NB-IoT with Telstra SIM card

Continue reading M5Stack Atom NB-IoT device with secure MQTT over IPv6(20 min read)