Questions

[scargill]

Over at https://tech.scargill.net/mqtt-broker-on-an-esp8266/ I've done some tests - and have some questions - as no doubt by now will others.....

[bcatalin]

Answers for https://tech.scargill.net/mqtt-broker-on-an-esp8266/ are:

1. When the ESP8266 broker connects – if it cannot get to the outside world – it makes a broker – lovely – but when it DOES connect – what information does it send to the iotcentral site? And while connected to the site and operating, what goes back and forth?

When you connect the mosquitto from the Raspberry Pi to the cloudMQTT.com for example between these instances there is a bridging connection. This means that both are acting as on virtual broker. In Bondar's case it have the same functionality but only if the topic has the form

/toker/topic1/subtopic1

otherwise the messages will stay in your WiFi LAN.

Example:

A thermostat is subscribing to the topic heating/main_heat and your device is publishing the temperature to the heating/main_heat the value will not leave you house.

If you want to have this temperature to your phone app when you are in Spain the temperature sensor need to publish it to the topic /34fr56ad/heating/main_heat on Bondar and your mobile app need to subscribe to iotcentral.eu:9004 on topic 34fr56ad/heating/main_heat where 34fr56ad is your base topic allocated by the system.

Every message that goes to/from iotcentral.eu is validated against user an password with a mosquitto plugin for the mysql database.

Conclusion: Data is better protected then mosquitto to mosquitto and if you have messages that need to stay in your network will stay in there.

2. Is it possible to insist on username and password protection when using the broker locally? I use Mosquito and always insist on username and password. I’ve had many conversations with people over the years who say that even locally you should put a username and password in? Just asking!

Some explanation has been addressed on #1 answer, but yes it is possible to store user and password and check every message for u and p. Things get more complicated it I want to change the password but this can be done with some effort.

3. If connection to the IOTCENTRAL site initially IS essential – and it probably is? What is this site sitting on? Will it still be working in a couple of year’s time for example?

The connection to iotcentral.eu is necessary to be done only first time. If someone wants to keep the data private in its WiFi networks then don't publish the data with /34fr56ad/ in front of the topic. In my mind staying isolated is not an option, but YES it is possible.

About the site. It is developed by me it is made with NodeJS/expressJS/passportJS as a backend and sits on digitalocean.com with the hosting paid in advanced. So the backend and mosquitto are connected to the same mysql database. I don't keep any password in clear and I've used for password only proven solutions.If someone can take care of it and wants to increase the server power its fine with me.

4.I could not proceed here without creating an account – and the account registration makes no mention of how your details (email) will be used – that needs clarifying – I’d prefer a direct promise that my details will NOT be used for marketing purposes.

I've made the website with email confirmation just to be sure that I am not dealing with bots or spammers. I hate spammers. But as a funny fact I've made an account on your blog and I didn't get any message or warranty that my email address will not be used for commercial purposes. I hope you don't mind 🙂

5.Source code

Some people are asking about the source code. I can publish it but how many will used it for real, one or two ? It contains a lot of LWIP and FreeRTOS modified code. If Microsoft will not publish the code they will stop using Microsoft products. If the Apple is not publishing the code they will not write comments ? How many lines of codes they published. I will not publish the code that is part of a platform.