Gdpr compliance

Mosca vs Aedes

Example benchmark test with 1000 clients sending 5000 QoS 1 messsages. Used
mqtt-benchmark with command:

mqtt-benchmark --broker tcp://localhost:1883 --clients 1000 --qos 1 --count 5000

CPU INFO:

Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              8
On-line CPU(s) list: 0-7
Thread(s) per core:  2
Core(s) per socket:  4
Socket(s):           1
NUMA node(s):        1
Vendor ID:           GenuineIntel
CPU family:          6
Model:               94
Model name:          Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Stepping:            3
CPU MHz:             800.014
CPU max MHz:         3500,0000
CPU min MHz:         800,0000
BogoMIPS:            5199.98
Virtualization:      VT-x
L1d cache:           32K
L1i cache:           32K
L2 cache:            256K
L3 cache:            6144K

Benchmark: Aedes

In memory — No clusters

========= TOTAL (1000) =========
Total Ratio:                 1.000 (5000000/5000000)
Total Runtime (sec):         178.495
Average Runtime (sec):       177.845
Msg time min (ms):           0.077
Msg time max (ms):           199.805
Msg time mean mean (ms):     35.403
Msg time mean std (ms):      0.042
Average Bandwidth (msg/sec): 28.115
Total Bandwidth (msg/sec):   28114.678

Redis Persistence and Redis Emitter — With Clusters

========= TOTAL (1000) =========
Total Ratio:                 1.000 (5000000/5000000)
Total Runtime (sec):         114.404
Average Runtime (sec):       109.022
Msg time min (ms):           0.065
Msg time max (ms):           393.214
Msg time mean mean (ms):     21.520
Msg time mean std (ms):      0.595
Average Bandwidth (msg/sec): 45.896
Total Bandwidth (msg/sec):   45896.306

Mongo Persistence and Redis Emitter — With Clusters

========= TOTAL (1000) =========
Total Ratio:                 1.000 (5000000/5000000)
Total Runtime (sec):         112.769
Average Runtime (sec):       105.524
Msg time min (ms):           0.062
Msg time max (ms):           329.062
Msg time mean mean (ms):     20.750
Msg time mean std (ms):      0.878
Average Bandwidth (msg/sec): 47.464
Total Bandwidth (msg/sec):   47464.271

Redis Persistence and Mongodb Emitter — With Clusters

========= TOTAL (1000) =========
Total Ratio:                 1.000 (5000000/5000000)
Total Runtime (sec):         118.587
Average Runtime (sec):       114.190
Msg time min (ms):           0.080
Msg time max (ms):           324.028
Msg time mean mean (ms):     22.558
Msg time mean std (ms):      0.730
Average Bandwidth (msg/sec): 43.832
Total Bandwidth (msg/sec):   43831.927

========= TOTAL (1000) =========
Total Ratio:                 1.000 (5000000/5000000)
Total Runtime (sec):         264.934
Average Runtime (sec):       264.190
Msg time min (ms):           0.070
Msg time max (ms):           168.116
Msg time mean mean (ms):     52.629
Msg time mean std (ms):      0.074
Average Bandwidth (msg/sec): 18.926
Total Bandwidth (msg/sec):   18925.942

mqtt-spy

Introduction to client

Mqtt-spy is part of Eclipse Paho and Eclipse IoT. It runs on top of Java 8 and JavaFX by directly launching JAR files. Mqtt-spy has a good interaction way to display the basic MQTT publish/subscribe mechanism.

Mqtt-spy does not provide a separate installation package, which needs users to install the Java runtime environment before using mqtt-spy. But after launching, mqtt-spy has a friendly hands-on experience, and the guide feature is eye-catching. MQTT newbies can easily connect to the public MQTT broker using mqtt-spy for exploration. The function interface of mqtt-spy is slightly complicated, but after familiar with the function of each component, it will become a development and debugging tool. It is also worth mentioning that the performance and stability of mqtt-spy are poor, maybe is because that the version used by the author is the latest beta. After connecting multiple brokers, there are frequent crashes and suspended animations.

Features of client

• Support for MQTT and MQTT over WebSocket
• Easy to interact, can publish and subscribe at the same time, connect multiple brokers on different tabs
• Can close different areas of the pub/sub window (publish, new subscriptions, subscriptions and messages) to make room for space currently in use
• The search function allows searching for commonly used MQTT messages, allowing outputting publishing/subscribing messages to standard output or logging to a file for subsequent analysis

Download client

Operating system: Windows，macOS，Linux

Project address: GitHub mqtt-spy

Download link: https://github.com/eclipse/paho.mqtt-spy/releases

MQTT.fx

Introduction to client

MQTT.fx is a currently mainstream MQTT client developed by Jens Deters that can quickly verify whether it can interact with IoT Hub services to publish or subscribe to messages. MQTT.fx is applicable for the Apache License 2.0 protocol but without providing source code.

MQTT.fx is an established MQTT client tool. The related product documentation tutorials of cloud product providers such as Azure IoT Hub, AWS IoT, and Alibaba Cloud IoT are all using MQTT.fx as an example. MQTT.fx use JavaFX technology to develop, and may have a stuck experience on some older machines because of Java virtual machine.

In terms of basic functions, MQTT .fx can save multiple connection configurations, support multiple types of TCL encryption, and specify multiple types of certificates. When creating a connection, you can specify to use an HTTP proxy server. After successfully connecting, the usage of entire publishing and subscription functions are relatively reasonable and smooth. It is a function highlight that the function can find the subscribed topics through other methods such as the Broker-side proxy subscribe. Mqtt.fx also supports the connection test of Google Cloud IoT.

Among the advanced features, the biggest highlight of MQTT.fx is to support the JavaScript function scripts. With the JavaScript code written by Nashorn Engine users, users can access Java methods and fields to implement function extension. After familiarizing with the APIs related to MQTT.fx, users can write test scripts that adapt to the business, simulate sensor reporting data, even performance testing tools and other powerful functions.

If you are using Mosquitto broker, MQTT.fx provides a dedicated tab to implement visualize viewing Broker status through subscribing to both system topics (topics for publishing Broker run information). That also can get system information about the version and time of Broker, the number of clients and messages, network traffic, load status and other run information.

All in all, MQTT.fx has rich and mature functions, and supports all the configuration items that may encounter in the TCP connection. Except for the slightly poor interaction, interface stuck, and users can only establish one connection at the same time, which cannot satisfy the demand of using multiple test connections simultaneously. Besides, it does not implement the support for WebSocket, which means that it cannot be used in the test scenario of MQTT over WebSockets.

Features of client

• Predefine message template
• Get status of the broker through the system topic
• Remember the recently used topics
• Support for JavaScript scripts through Nashorn Engine
• Support log display, display log information in the connection
• Cross-platform desktop with support for Windows, macOS and Linux

Формат JSON

JSON (JavaScript Object Notation) — текстовый формат обмена данными, основанный на JavaScript и обычно используемый именно с этим языком. Как и многие другие текстовые форматы, JSON легко читается людьми. Несмотря на происхождение от JavaScript (точнее, от подмножества языка стандарта ECMA-262 1999 года), формат считается независимым от языка и может использоваться практически с любым языком программирования. Для многих языков существует готовый код для создания и обработки данных в формате JSON.

JSON-текст представляет собой (в закодированном виде) одну из двух структур:

1. Набор пар ключ — значение. В различных языках это реализовано как объект, запись, структура, словарь, хеш-таблица, список с ключом или ассоциативный массив.
   Ключом может быть только строка (регистрозависимая: имена с буквами в разных регистрах считаются разными), значением — любая форма.
2. Упорядоченный набор значений. Во многих языках это реализовано как массив, вектор, список или последовательность.

Это универсальные структуры данных: как правило, любой современный язык программирования поддерживает их в той или иной форме. Они легли в основу JSON, так как он используется для обмена данными между различными языками программирования.

Вот данные, полученные от SensorTag в формате JSON, которые мы передаем в облако:

How We Protect Your Information

84codes AB uses commercially reasonable physical, managerial, and technical safeguards to preserve and protect the integrity and security of your personal information and implement your Application sharing settings. These safeguards are defined as Technical and Organizational Measures (TOMS) and specified in section 4 of the Security Policy. However, we cannot warrant the security of any information you transmit to 84codes AB or store on the Service. In case of a Security Incident, we will contact you immediately. As a customer, you are responsible for ensuring that you use the Service in a secure manner.

To protect your privacy and security, we take reasonable
steps (such as requesting a unique password) to verify your identity
before granting you access to your account. You are responsible
for maintaining the secrecy of your unique password and account
information at all times.

Subscribe Examples

The subscribe operation can be done analog to the publish.

Example: Simple Subscribe to topics

mqtt sub -i myClient -t test1 -t test2

Example: Subscribe to several topics and connect with MQTT 5 user properties and debug mode.
The Client stays to consume incoming PUBLISHES that are displayed in the console.

mqtt sub -i myClient -t test1 -t test2 -up key1=value1 —debug
Client myClient: sending CONNECT
Client myClient: received CONNACK SUCCESS
Client myClient: sending SUBSCRIBE: (Topic: test1, QoS: AT_MOST_ONCE)
Client myClient: sending SUBSCRIBE: (Topic: test2, QoS: AT_MOST_ONCE)
Client myClient: received SUBACK:
Client myClient: received SUBACK:
Hello myClient
Client myClient: received PUBLISH: (Topic: test1, Message: ‘Hello myClient’)

Synopsis

Shell Mode

The shell mode starts the MQTT CLI as an interactive shell session. Shell mode provides a comfortable unix-like terminal for handling console input and output.

In shell mode, various familiar shell features are available for the MQTT operations:

• color-highlighting,
• tab-completion,
• command-history,
• password-masking.

The shell mode gives you a client context for the MQTT clients that are currently connected. You can connect MQTT clients, work with the clients to publish, subscribe, unsubscribe, or list all clients to disconnect all or a few of your MQTT clients.
Methods such as Connect and Disconnect switch the current context of the shell. Commands such as Publish and Subscribe always relate to the client context that is currently active.

You can start the interactive shell with a simple command in your terminal:

Example

$ mqtt shell

Example: Connect an MQTT client

mqtt> con -i myTestClient
myTestClient>

NOTE: If you want to use another host and port for the broker, you can set the parameter directly in the command or adapt the default settings from the .
If you don’t have a local broker installed, you can use the broker.hivemq.com, test.mosquitto.org or mqtt.eclipse.org or any public broker for testing purposes.

Example: Subscribe to the topic and publish a message

myTestClient > sub -t test
myTestClient > pub -t test -m ‘A message’

Example: Switch back to the shell and list all information on the MQTT clients

myTestClient> exit
mqtt> ls -at

Example: Switch back to the client to publish a retained message with QoS 1

mqtt> switch myTestClient
myTestClient> pub -t test -m ‘A further message’ -q 1 -r

Example: Disconnect the client, leave the context, and exit the shell

myTestClient> dis
mqtt> exit

Summary of shell-mode usage:

• Connect a couple of MQTT clients with different versions to different broker addresses.
• Work in and outside the context of an MQTT client.
• Switch from one client context to another client context.
• Leave the context of a client without disconnecting.
• List all topics to which a client is subscribed.
• List all active clients.
• Disconnect clients.

Using TLS / SSL

M2Mqtt supports secure connection to an MQTT broker using the SSL/TLS protocol and X509 certificates. First of all you need to get the CA certificate used to sign the broker certificate you’ll connect to. For more information about certificate creation you can read the following article on my Embedded101 community blog (there is an example using OpenSSL). After that, you need to provide the certificate as resource inside your .Net project using a resources file () that exposes the certificate itself as a byte stream.

As you can see, one of the overloads of the class constructor has an instance of class as input parameter that we can use to provide our CA certificate from resources file.

To have a more fine grained control on certificate validation you can provide another parameter as . This is a callback routine that the .Net runtime calls for you when it needs to validate a server certificate.

The above callback provides you all information and data you need to validate the server certificate based on your client application policy.

About Paolo Patierno

Senior Software Engineer and Microsoft MVP for Windows Embedded / Internet of Things who has been working on Microsoft technologies since 2006 with all .Net Frameworks (Micro, Compact and Desktop); he has been developing on embedded and mobile systems (based on Windows CE, WindowsPhone/Android and RTOS) since 2010, using C/C++, C# and Java. Focused on IoT and M2M communication. Member of DotNetCampania, TinyCLR.it and Embedded101 communities. Technical writer and owner of some open source projects on CodePlex and GitHub

Website
  
Contact

Subscribe

To subscribe to a topic use something like the example below:

In this example the on_subscribe and on_message callbacks are demonstrated. on_subscribe is called once the broker has responded to a subscription request. The granted_qos parameter contains a list of the granted QoS (or failure) codes sent by the broker. The on_message callback is called for each message received and the msg variable is an MQTTMessage class, which has members topic, payload, qos, retain and mid. The is blocking, which means the client will continue to print out incoming message information until the program is killed.

In this example, the call to client.subscribe() comes immediately after the . Whilst this is valid, with a non-durable client the subscription will not be renewed if the connection to the broker drops and is renewed. It is suggested that for simple programs like this, putting the in the will ensure that the subscription is renewed for each reconnection.

The subscribe function may be called in one of three ways:

Publish

This example shows how you might interface to a sensor and publish the data. The client is created, it sets a publish callback, connects to the broker and starts the background network thread. It then sits in a loop reading from an imaginary thermometer every 30 seconds and publishing the value to the “encyclopedia/temperature” topic. The QoS of the message can be controlled with the qos parameter. The payload in this example is “str(temperature)”, but is entirely optional. If not given, a zero length payload will be sent.

The call returns a tuple of the function return code and the message id of the message being published. The message id can be used with the on_publish callback to determine when a particular message has been published. The client assigns a message id to all messages internally, even if they are QoS 0.

The version of the client currently in development offers a different (but still backwards compatible) return value from which provides a better means of determining if a message has been published, as well as a way of blocking until the message has been published:

The next version of the client will also have the ability to specify per-message callbacks that will be called once that individual message is published, with a function call of the form:

CloudMQTT’s Commitment to GDPR Compliance and Data Privacy

We take GDPR seriously, and we’re applying GDPR standards to all our data processing, not just EU personal data. This gives our customers peace of mind that their data meets protection regulatory frameworks around the world when using CloudMQTT.

We have taken several measures to comply with GDPR, which are as follows.

Policies and Processes

Our internal policies and processes are compliant with the latest GDPR regulations. This includes everything from our Information Security Program, the Business Continuity Plan, how we train our staff in security, and how we train staff to handle personal data. We have also made an inventory of what personal data we handle internally, as well as a data flow mapping of personal data.

Data Processing Agreement (DPA)

For all our customers who collect personal data from individuals in the EU, we offer a DPA. Our DPA offers terms that meet GDPR requirements and that reflect our data privacy and security commitments to our customers and their data. The DPA is available for all our customers in their control panel under the section “Agreements”. This is also where customers can find the Technical and Organizational Measures (TOMS) we have taken for GDPR compliance.

View the
Data Processing Agreement.

Data Protection Officer (DPO)

A DPO is a person at an organization who is responsible for reviewing and reporting internal procedures regarding the handling of personal data. According to article 37 under the GDPR, a DPO must be appointed if:

• 
  The organization is a public authority (except for courts acting in their judicial capacity);
  
• 
  The core activities require large-scale, regular and systematic monitoring of individuals (for example, online behavior tracking); or
  
• 
  The core activities consist of large-scale processing of special categories of data or data relating to criminal convictions and offenses.
  

Although 84codes doesn’t apply to any of these criteria, our dedication to the integrity of our customers is such that we have decided to appoint a DPO even though we’re not legally obligated to do so. Our DPO is Anna Burman, who has been working with the GDPR implementation at 84codes. Anna can be reached at
compliance@84codes.com.

Security

A certain amount of confidence is needed when relying on third-party vendors to manage and handle online data securely. We understand that even small gaps in security coverage can put everything at risk including data, customer information, uptime, and potentially a company’s reputation. Therefore, we want to ensure our customers that security is something we prioritize above anything else.

A well-built environment starts with high coding standards that guard against attempted security breaches. Our system components undergo tests and source code reviews to assess the security level before being added to our code in production. We use SSL/TLS to secure data in transit. SSL certificates are updated on a regular basis or, in the event of a security advisory, from external security centers. Data can be encrypted for additional security of data at rest and IP whitelisting is also an option.

If you want to know more about how we’re dealing with customer data, please read our
Security Policy.

Breach Management

We have updated our Information Security Program in regard to the GDPR regulations and specified the escalation process and requirements for notification in case of a breach.

Third Party Selection

External suppliers or subcontractors are required to apply the same security standards as we have in place at a minimum. We also make sure that they are GDPR compliant and establish a DPA with them when applicable.

Subscribe

In order to receive messages published on one or more topics from other clients, you need to use Subscribe( ).

It receives two arrays as input parameters : the former is the list of topics you want to subscribe and the latter is the related list of QoS levels (one for each topic). As for publishing, the class provides the event that is raised when the client is correctly subscribed to the topic (receiving acknowledge from broker).

Also in this case, the method returns the id of the subscribe message sent to the broker. You can use it to correlate the information you’ll receive in the event args of the above subscribed event.

After subscribing to a topic, you start to receive messages published on this topic. To be notified about received messages, there is the event you can register to.

The related event args provides you all information about the message received like topic, QoS level, message body (as array of bytes) and the retain flag.

Android-клиент

Наиболее распространенной реализацией протокола MQTT является библиотека Paho MQTT. Библиотека реализована для наиболее популярных языков программирования: C/C++, Java, JavaScript, Python, Lua, Go, C#. Ее мы и используем в приложении.

В нашем приложении в классах IBMIoTCloudProfile и IBMIoTCloudTableRow содержится функциональность для связи с облаком. Посмотрим же на код поближе:

Вариант 1. Присоединись к сообществу «Xakep.ru», чтобы читать все материалы на сайте

Членство в сообществе в течение указанного срока откроет тебе доступ ко ВСЕМ материалам «Хакера», увеличит личную накопительную скидку и позволит накапливать профессиональный рейтинг Xakep Score!
Подробнее

Вариант 2. Открой один материал

Заинтересовала статья, но нет возможности стать членом клуба «Xakep.ru»? Тогда этот вариант для тебя!
Обрати внимание: этот способ подходит только для статей, опубликованных более двух месяцев назад.

Я уже участник «Xakep.ru»

Особенности протокола MQTT

Основные особенности протокола MQTT:

• Асинхронный протокол
• Компактные сообщения
• Работа в условиях нестабильной связи на линии передачи данных
• Поддержка нескольких уровней качества обслуживания (QoS) 
• Легкая интеграция новых устройств

Протокол MQTT работает на прикладном уровне поверх TCP/IP и использует по умолчанию 1883 порт (8883 при подключении через SSL). Также, возможна работа через Winsocket

Обмен сообщениями в протоколе MQTT осуществляется между клиентом (client), который может быть издателем или подписчиком (publisher/subscriber) сообщений, и брокером (broker) сообщений (например, открытое ПО  Mosquitto MQTT).

Издатель отправляет данные на MQTT брокер, указывая в сообщении определенную тему, топик (topic). Подписчики могут получать разные данные от множества издателей в зависимости от подписки на соответствующие топики.

Устройства MQTT используют определенные типы сообщений для взаимодействия с брокером, ниже представлены основные:

• Connect – установить соединение с брокером
• Disconnect – разорвать соединение с брокером
• Publish – опубликовать данные в топик на брокере
• Subscribe – подписаться на топик на брокере
• Unsubscribe – отписаться от топика

Топики представляют собой иерархическую структуру, похожую на путь в файловой системе. Например:

myhome/kitchen/temperature

myhome/kitchen/light

Все устройства, которые заинтересованы в получении обновлений информации по всему, например, что происходит на кухне, могут подписаться на топик myhome/kitchen/#  (#-специальный символ, аналогичный «*» в файловых системах) 

Датчик температуры публикует свои измерения в топик /myhome/kitchen/temperature

Выключатель — в топик /myhome/kitchen/light

Children’s Privacy

Protecting the privacy of young children is especially important. For that reason, 84codes AB does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register as Members. No one under age 13 is allowed to provide any personal information to or on 84codes AB. In the event that we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13,
please contact us at 

compliance@84codes.com

.