Building a NUT Dashboard with PeaNUT on the Raspberry Pi #beginner #iot #network
https://pimylifeup.com/raspberry-pi-peanut/

Building a NUT Dashboard with PeaNUT on the Raspberry Pi #beginner #iot #network
https://pimylifeup.com/raspberry-pi-peanut/
Dive into #ComputerVision with #Supervision from this #oSC25 talk! This talk shows how to streamline dataset loading, annotation & video analysis while staying lightweight for #edge & #IoT devices #AI #openSUSE https://www.youtube.com/watch?v=5CjYBrwhwS8
New Release! Practical IoT using Arduino and ESP32: Interactive experiments covering sensor reads, Wi-Fi, Bluetooth, and AWS IoT Core connectivity #books #ebooks #arduino #IoT #bluetooth #AWS
Build your own IoT projects including, environmental monitors that alert in real time, QR-code generators on tiny screens, ethical jamming demonstrations for protocol study, and alarm clocks that buzz and send notifications at the right moment.
Find it on Leanpub!
Review Nextion HMI Touchscreen with GPIO
https://shkspr.mobi/blog/2017/07/review-nextion-hmi-touchscreen-with-gpio/
I don't think the people who sent me this touchscreen are going to be very happy with this review. But that's the peril of asking bloggers to assess your kit, isn't it?
The good folks at Sonoff have sent me a review unit of their "7.0" Nextion Enhanced HMI Capacitive Touch Display with Enclosure". A USB powered touchscreen - with a range of hackable goodies.
It's a device which sadly fails to live up to its promise.
Specs
Let's get the specs out of the way, then see how it works!
So, a pretty simple screen with some connectivity options. This isn't an Android tablet, it's more like a Raspberry Pi - waiting for you to have adventures with it.
Just a note on that - this is not a display screen. You can't just plug in an HDMI cable - you program the display directly either using an Arduino Foca to flash it or saving the interface to an SD card.
The output is ideally suited to an Arduino, but you can make it work with a Raspberry Pi.
The price is simply far too high for the spec and functionality. For less money you can get a range of HDMI & USB touch screens which will work directly with a Pi or any computer.
What's in the box?
This touchscreen comes in a range of styles - this is the one with a plastic enclosure. Want to 3D print your own mount? Model files are available - which is pretty nifty!
It's powered by a standard USB 5V/1A supply. You get this little adapter if you don't want to wire the power in directly.
Software
Nextion provide software for creating interfaces like this:
The GUI design software is Windows only. That's an annoying limitation. There seems to be no way to run on a Mac. I was unable to get the software to run in WINE for Linux. Instead, you need to install PlayOnLinux, use WineTricks to install DotNet, and then use this script to install the Nextion Editor. It took a few hours and was a pain in the arse!
Eventually, after installing, you'll get to this rather complex screen:
Good luck figuring out what it does. There is a Quick Start Guide - which is rather long-winded. It's probably best to start with the demo file
Demo Project
I downloaded the demo project, loaded it into the editor, and then hit compile. Then got confused.
The editor doesn't tell you where it has saved the compiled file. It wasn't in the same directory as the demo. Weirdly, the compiled .tft file was automatically placed in this folder:
./.PlayOnLinux/wineprefix/Nextion/drive_c/users/edent/Application Data/Nextion Editor/bianyi/example.tft
I copied the file to a micro SD card and shoved that into the Nextion. It is possible to transfer the files directly via the serial port, but I wasn't sure how well it would work with Linux.
I inserted the card, powered it on, and got this screen.
9600 Baud. Wow. The demo file is around 5MB. That should take around 90 minutes to install! After two hours, it still hadn't moved. I pulled out the SD card, rebooted it, and got the demo screen!
Well... it works. The screen is a bit murky and has very restricted viewing angles. Turn it a few degrees and colours go weird. The contrast on the colours isn't great. When on, the screen is tiny compared to the casing around it. The screen reacted rapidly to touches.
Support
There is a support forum and a wiki. I found both to be rather disorganised - they left me with more questions than answers.
As with all tinkering hardware, I don't expect a fully polished website - but I found it really hard to find out basic information like how to upload new images. I'll admit to being rather intimidated by the hostile nature of the Q&A section.
Verdict
I know I've been sent this product free of charge to review - but I cannot recommend it.
The lack of Linux support really grates. This screen is aimed at the maker community and we don't all run Windows! Given that it is expressly designed to work with Arduino and Raspberry Pi, it is unfathomable that Linux support is so poor.
Creating a UI is also painful. The software allows for rich and intricate GUIs - but it is hidden behind an atrocious interface. For something this complex, I'd expect decent tutorials and instructions - but there are none.
Uploading GUIs takes ages. It is impossible to make a quick change to something. For a prototyping board, that's unacceptable. I want to be able to design a GUI, try it out, fiddle with it, then change it again. I can't.
I think that, ideally, it would make sense for an interactive display like this to run a tiny embedded browser and have the GUI designed in HTML, CSS, and JavaScript. Even if it is compiled down to something which could be run on a low power device, that's got to be better than working with the default editor.
If you want an interactive screen - I'd recommend a cheap Android tablet. If you desperately need GPIO pins - get a Raspberry Pi and HDMI touchscreen. Either one of them will have a WiFi connection - which this is sorely lacking.
You can buy the Nextion Touch Display direct from the manufacturer.
Your air fryer is getting smarter and hungrier for data
https://adguard.com/en/blog/air-fryer-getting-smarter-and-hungrier-for-data.html
Are Brother's Insecure Printers Illegal in the UK?
https://shkspr.mobi/blog/2025/07/are-brothers-insecure-printers-illegal-in-the-uk/
Another day, another security disaster! This time, multiple printers from Brother have an unfixable security flaw. That's bad, obviously, but is it illegally bad0?
Let's take a look at details of the vulnerability:
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device.
Recently, the UK brought in some laws aimed at strengthening consumer protection - the Product Security and Telecommunications Infrastructure act (PSTI). There's a readable summary on the National Cyber Security Centre's website.
There are three interesting points to note in that blog post. The first is about passwords:
The law means manufacturers must ensure that all their smart devices meet basic cyber security requirements. Specifically:
- The manufacturer must not supply devices that use default passwords, which can be easily discovered online, and shared.
Secondly, is a question of jurisdiction:
Most smart devices are manufactured outside the UK, but the PSTI act also applies to all organisations importing or retailing products for the UK market. Failure to comply with the act is a criminal offence
Thirdly, what is actually covered:
The law applies to any ‘consumer smart device’ that connects either to the internet, or to a home network (for example by wifi).
Is a WiFi enabled printer a "consumer smart device"? One of the things that techies find confusing is that the law is not code. It usually doesn't enumerate a definitive list of what is and what isn't in scope. It gives a general outline and then allows case-law to develop. This means laws don't need to be updated when someone invents, say, an Internet connected tinfoil dispenser.
Let's move beyond the consumer-friendly summary and go to the actual law. The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
Passwords must be—
a. unique per product; or
b. defined by the user of the product.
Passwords which are unique per product must not be—
a. based on incremental counters;
b. based on or derived from publicly available information;
c. based on or derived from unique product identifiers, such as serial numbers, unless this is done using an encryption method, or keyed hashing algorithm, that is accepted as part of good industry practice;
d. otherwise guessable in a manner unacceptable as part of good industry practice.
How does this apply to the printers? Rapid7, who discovered the vulnerability, have this to say about how it works:
[The vulnerability] allows an attacker to leak a serial number via the target's HTTP, HTTPS, and IPP services. However, should an attacker not be able to leverage [the vulnerability], a remote unauthenticated attacker can still discover a target device's serial number via either a PJL or SNMP query
So, yes. The default password is unique but it can be automatically derived from the serial number. That serial number is available to anyone with a network connection to the printer.
But, do printers fall under the scope of this act?
The Product Security and Telecommunications Infrastructure Act 2022 says:
4 Relevant connectable products
In this Part “relevant connectable product” means a product that meets conditions A and B.
Condition A is that the product is—
A. an internet-connectable product, or
B. a network-connectable product.
Condition B is that the product is not an excepted product (see section 6).
It goes on to define what Internet-connectable means, along with some other clarifying details. But is there a get-out clause here? Are printers an "excepted product"?
In this Part “excepted product” means a product of a description specified in regulations made by the Secretary of State.
OK, let's look at the regulations. I've expanded out the relevant bit:
Schedule 3 Excepted connectable products
Computers
Products are excepted under this paragraph if they are computers which are—
a. desktop computers;
b. laptop computers;
c. tablet computers which do not have the capability to connect to cellular networks.
Nope! The Brother printers don't appear to be exempt1. What's the maximum penalty Brother could be subject to?
The greater of £10 million or 4% of worldwide revenue.
Ouch!
Of course, much like GDPR fines, these are headline grabbing numbers. The prosaic reality is that the enforcement policy is much more likely to suggest remedial steps. Only the most flagrant transgressors are likely to be punished harshly2.
So, to recap. The law says an Internet-connected device (including printers) must have a password which is not "based on or derived from publicly available information". As I understand it, having a serial-number based password is OK as long as you don't publicise the serial number. I expect that if it were printed on a sticker that would be fine. But because the serial can be discovered remotely, it fails at this point.
In Brother's (slight) defence, unless the user has specifically connected the printer to the Internet this is only a local vulnerability. Someone on the same network would be able to monkey around with the printer but, similarly, they could plug in a USB cable for some illicit printing or break it with a hammer. Any damage is confined to the LAN.
Should users change default passwords? Yes. But manufacturers have a legal duty to ensure that people who don't are still protected.
I'm not a lawyer. This is not legal advice. This is just my interpretation of what's going on. If in doubt, consult someone qualified. ↩︎
With thanks to m'learned colleague Neil Brown who came to much the same conclusion ↩︎
You can see the actions they've previously taken. Because PSTI is so new, there aren't any actions against insecure IoT devices - so we'll have to wait and see how they choose to proceed. ↩︎
blog! “Are Brother's Insecure Printers Illegal in the UK?”
Another day, another security disaster! This time, multiple printers from Brother have an unfixable security flaw. That's bad, obviously, but is it illegally bad?
Let's take a look at details of the vulnerability:
An unauthenticated attacker who knows the target device's serial…
⸻
#CyberSecurity #IoT #law #legal #Legislation
Hackers breached a Norwegian dam’s control system and forced its valve open for 4 hours due to a weak password.
Read: https://hackread.com/norwegian-dam-valve-forced-open-hours-in-cyberattack/
CVE-2025-3699: la puerta trasera (no intencionada) en los HVAC de Mitsubishi Electric #amenazas #iot #ot #vulnerabilidades
https://www.hackplayers.com/2025/06/cve-2025-3699-Mitsubishi-Electric.html
More days. More hacking. More Vegas.
Join us for our first-ever four-day courses this August 9-12. These longer courses will cover more ground, dive deeper, and push you further.
Las Vegas awaits – sign up today!
https://training.defcon.org/lasvegas2025
Review: Octopus Home Mini - Real-Time Smart Meter Monitoring
https://shkspr.mobi/blog/2025/06/review-octopus-home-mini-real-time-smart-meter-monitoring/
I unashamedly love my smart-meter. Rather than having my energy provider guesstimate my bill, or having to send manual readings each month, it automatically beams them back to its mothership. It also enables interesting things like variable energy tariffs.
By design, the smart-meter is limited in how much data it can send back. You can choose to have readings sent monthly, weekly, daily, or half-hourly. There's no option for minute-by-minute precision. That's useful from a privacy perspective - and no doubt makes the network engineering simpler - but slightly annoying from a home-monitoring perspective.
The smart-meter has the ability to send real-time information to a local device using the ZigBee network. If you have an in-home display (IHD) then you'll have seen just how accurate it is.
As I've discovered, you can't just pair any-old ZigBee device to your meter. Luckily, Octopus have sent me the "Mini". A little device which connects to the smart-meter and your home WiFi, then reports usage every 10 seconds. Let's put it through its paces.
Size
Mini by name, mini by nature!
It's rare to find a device smaller than its plug. I half-wonder if they could have integrated it and just made it into a smartplug.
Annoyingly, it is micro USB. I am a USB-C maximalist. There's no reason this device shouldn't use the same cable as everything else I own.
Installation
Plug the Mini in - ideally within 5m of your smartmeter - and wait for the blinkenlight. Follow the in-app instructions. Because, like every modern device, it needs an app. You need to install the standard Octopus Android app, and can then add the Mini to your account and to your WiFi.
Like all cheap IoT devices, it will only work on 2.4㎓, so you may need to adjust which network your phone is on.
And then…
That's it. Every 10 seconds it sends an update to Octopus. You can use the app or the website to view your current consumption or to see your last 5 minutes or last 30 minutes usage.
If you're a dab-hand with the API, you can poll that. Or you can connect it to HomeAssistant.
Downside
In theory this is nifty, but there are a few things I'm not keen on.
Honestly, a bit disappointing. If you don't have solar panels - or your meter works correctly - this could be very useful. Even so, the lack of an local API is a bit of a buzzkill. Sadly, for my purposes, it isn't very useful.
blog! “Review: Octopus Home Mini - Real-Time Smart Meter Monitoring”
★★☆☆☆
I unashamedly love my smart-meter. Rather than having my energy provider guesstimate my bill, or having to send manual readings each month, it automatically beams them back to its mothership. It also enables interesting things like variable energy…
⸻
#electricity #energy #HomeAssistant #IoT #SmartHome
#FBI Warning on #IoT Devices: How to Tell If You Are Impacted
https://www.eff.org/deeplinks/2025/06/fbi-warning-iot-devices-how-tell-if-you-are-impacted
Got a brilliant Node-RED project to share? Our Call for Papers for Node-RED Con 2025 is still open!
We're keen to hear about industrial applications, but all inspiring Node-RED stories are welcome.
Submit your talk: https://www.papercall.io/node-red-con-2025
DATE: June 26, 2025 at 08:38AM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
What does the #FDA say are the most worrisome #cyberthreats involving #medical product makers' #manufacturing and #supplychain operations? https://t.co/FHCc6bX1Xd #IoT
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
@crowdsupply This #IoT #security workshop before #Teardown2025 was incredible! Cheers to @SynapticRewrite & @barbie for leading it, @securelyfitz for the wonderful little kits, and all who supported it ^_^
Salt Typhoon, a China-linked group, is exploiting router flaws to spy on global telecoms, warns a joint FBI and Canada cyber advisory.
Read: https://hackread.com/salt-typhoon-targets-telecoms-router-flaws-fbi-canada/
China-linked #LapDogs campaign has been active since 2023, dropping the #ShortLeash backdoor and using hacked routers to hide espionage and data theft.
Read: https://hackread.com/china-lapdogs-drops-shortleash-backdoor-fake-certs/