Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Ivan Grokhotkov
@igrr
it does
Me No Dev
@me-no-dev
hmm... then...
Ivan Grokhotkov
@igrr
i think i'm going to take my FPGA board and create a flash chip emulator with a "bad block"
should be fun
Me No Dev
@me-no-dev
:D
so if you OTA a sketch, the md5 is once checked for the incomming data
if you write some random stuff to a random place after that
the following md5 will fail
that only if md5 is checked once the new sketch is written to the flash and not while writing it
or am I getting the totally werong idea of how tests work
Ivan Grokhotkov
@igrr
actually i added flash read back thingie into the Updater, so MD5 is calculated by Updater based on data read from flash.
esp8266/Arduino@0c58dc1
Me No Dev
@me-no-dev
why not use both and know which one failed?
I mean network or write
Ivan Grokhotkov
@igrr
does it matter?
like, does it matter which one failed?
Me No Dev
@me-no-dev
it could... but more for debugging
if you get fails, you will need to add it so you can figure out where to look for issues
it can hint on failing flash blocks also
Ivan Grokhotkov
@igrr
yeah, that can be done basically by comparing the contents of _buffer written and read in _writeBuffer, that will give you info on exact location in flash where this happens
Me No Dev
@me-no-dev
maybe even retry write?
Ivan Grokhotkov
@igrr
if the flash is borked i wouldn't like software to sweep the issue under the rug by doing some retries.
just fail hard and fast
Me No Dev
@me-no-dev
is that the only reason why write would fail?
Ivan Grokhotkov
@igrr
It may also fail due to EMI or bad power supply, but those issues should, IMO, be made as obvious as possible.
Me No Dev
@me-no-dev
ok, hard fail it is :)
Mehrdad K
@mkeyno
hi every one , so sorry for any interrupt, can anyone tell how to catch ip address of client connected to webserver in AP and Station mode ,? is following code correct
ESP8266WebServer server(80);

void handleRoot() {
  Serial.print("this request if from=");Serial.println(server.client().remoteIP());

  server.send(200, "text/html", "<h1>You are connected to slave node</h1>");
}
Hagai Shatz
@hagai-shatz
@everslick and @me-no-dev, why do we have to send 'Content-Disposition: inline; filename='...' with every file that we serve? This is an overhead TMOH and also expose the actual file location in the file system. Sorry I was not following the full discussion on it, but as far as I can read this is not HTTP standard and has some security risks: stackoverflow
Me No Dev
@me-no-dev
@hagai-shatz so it was better before?
@mkeyno if(server.client().localIP() != WiFi. localIP()){ server.send(200, "text/html", "<h1>You are connected to my AP</h1>"); }
Hagai Shatz
@hagai-shatz
I'm not sure... I think it is good to add Content-Disposition: attachment; filename='...' to force download, but I think it is better to only provide the file name without the path.
@everslick what is the case to add 'inline'? Maybe it is only relevant to some file types?
This message was deleted
Me No Dev
@me-no-dev
yeah, but... in case where AP is off and STA is in the same subnet as AP it will false positive
best to check against STA IP
Mehrdad K
@mkeyno
thanks dear @me-no-dev and sorry @hagai-shatz for crossing , but who has the client.IP registration? is there another choose between localIP() & remoteIP() , I want to catch the authorize IP to process it's command
Me No Dev
@me-no-dev
client ip registration?
Mehrdad K
@mkeyno
IP of connected Client
Me No Dev
@me-no-dev
server.client().remoteIP() is it's remote IP
localIP is the IP that the client connected to
Ivan Grokhotkov
@igrr
i think @mkeyno wants to get the IP of the client
so its server.client().remoteIP()
Mehrdad K
@mkeyno
thanks Ivan , yes , but I want to sure that, my way to check authorized IP with server.client().remoteIP() is correct
Ivan Grokhotkov
@igrr
what's "authorized IP"?
Me No Dev
@me-no-dev
and what is your way of checking it?
Mehrdad K
@mkeyno
authorized client , I want check authentication with client's IP
Ivan Grokhotkov
@igrr
lol, how much security that adds I wonder?
Mehrdad K
@mkeyno
compare it with pre save IP's
Ivan Grokhotkov
@igrr
basically, as an attacker, i can set myself any static IP
and then cycle through all subnet IPs until i find one which is authorized
Me No Dev
@me-no-dev
if you are in the subnet