HSTS with nginx and Varnish

SSL is good. It’s not perfect, but it makes life harder for mass surveillance and all websites should be using it. Yes, I know this blog doesn’t – I’ll get around to it.

I upgraded one of my sites to use HSTS, which is an extension to enforce usage of SSL where it’s available. This effectively means that after the first request via HTTPS, the browser should remember that domain uses SSL and should make sure any subsequent requests are HTTPS. HTTP requests get redirected to HTTPS immediately. This is great – not only does it mean that you’re less likely to have clients making requests in the clear when they should be using SSL, but it means that SSL stripping attacks will be foiled. Continue reading

Tinkering with the RFµ-328

The RFµ (or RFu, for the purposes of people being able to Google this without trying to type µ) 328 is a really neat little board from wireless vendor Ciseco. I picked one up for a project I’m doing where I need a low power microcontroller and some way to talk to a base station with power. This is basically what this board is – an integrated ~896MHz radio module and microcontroller. The radio module works as a serial link so it’s really easy to work with, and the microcontroller is the Arduino compatible ATmega 328 chip, complete with the Arduino Uno bootloader.

There were some stumbling blocks I figured I’d document here, though, to get to the point where you can throw code at this thing and have it work, entirely over the air. Continue reading

Real Time kernels and audio on the Raspberry Pi

A year or two ago I posted about how you could send audio over the internet with Raspberry Pis using the OpenOB project. Since then the OpenOB project has taken off, with lots of contributions from the community and lots of improvement as a result.

What hasn’t aged well is the Pi. A firmware update to fix some keyboard compatibility issues caused some serious issues with audio over IP, as both the Ethernet controller and USB sound card shared a USB bus which couldn’t operate quickly enough to handle the precise timing demands. Fortunately, the Wolfson Audio Board has come along to save the day – and it’s certainly promising.

Sadly, the kernel support for the Wolfson device isn’t in the mainline kernel yet, so that means using their custom OS image, or building our own kernel. On top of that we’d quite like a preemptible kernel to allow us to get lower latencies in userspace. This is crucial for reliable jitter-free low-latency audio, but because it’s quite niche this also means we need to apply some non-mainline patches to the Raspberry Pi kernel. The Wolfson drivers will eventually make it to the Pi kernel by default, and hopefully someone familiar with packaging for Debian/Raspbian can contribute a package to provide a real-time patched version of the kernel; but in the meantime we need to get our hands dirty. Here’s how to get a stock Raspbian image turned into a low-latency audio capable flavour, broken down and explained a bit. Continue reading