webthings (mozilla iot)

Did I get it right?

Sometimes you rub your eyes and think, did I really get it?

This happened to me when I looked at mozilla iot aka webthings.

What is mozilla webthings really? You get software, where you can integrate different IOT systems (e.g. zwave, mysensors…) and have a UI where you can define rules.

I digged down to the api and didn’t find anything about security….

There are example sketches for esp8266 or esp32 to implement webthings that don’t need a gateway to webthings. When looking at the source code, you rub your eyes and ask:

Where is the enxryption of the communication channel (e.g. https)?

Where is the authentication (e.g. basic auth, or at least key hashed requests)?

Maybe I am blind (or I am getting to old…) … investigate yourself… 🙂

Comments are welcome…

Project: Evaluation of CO2 sensors

some sensors still in calibration phase

In my home automation system I use CO2 sensors from Netatmo and some MH-Z14A based arduino nodes.

I really like, that the Netatmo sensors work for about a year on battery. But they can only be integrated with a cloud api into my home automation. This has led to one interruption of several hours in the past, when the service was down. As I regulate my heating with the measured data of these sensors, this was problematic. 🙂

What I am missing with the battery powered Netatmo sensors, is a led indicating air quality.

To remove the dependency of the cloud api, I decided to build my own sensors. But before I order more MH-Z14A sensors, I want to make an evaluation.

Caution: This article is about the experiences I made in my setup with the sensors I have and with the (maybe buggy) code I wrote. It may be, that you can not reproduce my findings. 🙂

evaluate CO2 sensors for Netatmo replacement


  • I don’t want to be dependent on cloud
  • I wan’t a led indicating air quality with every sensor


  • prototype with every sensor
  • graphs of measurements made with different sensors
  • decision for one sensor


  • buy samples of different sensors
  • build a prototype with all sensors
  • make measurements, store them in influxdb and make graphs with grafana
  • evaluate the measurements


  • 20190409
    • Prototype built with MH-Z14A and CCS811
    • API Endpoint with node-red configured to store data in influxdb
    • first dashboard in grafana implemented
    • other sensors ordered
  • Progress 20190424
    • MH-Z19b arrived


  • na

open items:

  • na


The CCS811 seems to reset sometimes (no values for several minutes and then starts with 400ppm). I will add a pull up resistor on the I2C bus.

CCS811 is quite complex to handle. It has a MCU and you can make firmware updates. The library from adafruit is incomplete, it doesn’t support baseline-functions, which you have to use. I changed to the sparkfun library.

CCS811 didn’t show usable results in mode 3 (measurement every 60s). Now trying mode 1 (every 1s) with a moving average over one minute.

MH-Z19b arrived

OSS gem motioneye

Over the last 20 years I used many different video surveillance software.

I started with open source software on linux (motion), then switched to Surveillance Station on a Synology nas.

After that I changed from Synology to Qnap and Surveillance Station was not available back then. I switched to Netcam Studio which is really nice, but requires windows.

QVR Pro from Qnap evolved and is quite usable. Unfortunately it only supports motion detection on two cameras. I was playing with the QVR API to inject motion events with PIR sensors and motion events detected by other software.

The circle closes here, as I stumbled over motion again. motion is quite clumsy to configure. Looking for a configuration tool I found motioneye. Motioneye is a open source surveillance software based on motion. It has all the features I need and its motion detection is much more powerful and flexible than the one from QVR.

motioneye is a real OSS gem and replaced QVR Pro within 2 days… 😀

webcam rtsp stream multiple usage

Using the rtsp stream of webcams from multiple apps can make you some headache, i.e.
– WiFi connection bandwidth
– load on cam
– credential sharing

I solved these problems with an rtsp-proxy from

With this proxy, the stream from the cam is only transferred once from the cam to the proxy, independent of the actual apps connecting to the cam via proxy.

To use the proxy on my QNAP NAS (where I use QVR PRO) I wrote a Dockerfile: https://github.com/FotoFieber/live555-docker

On my debian server I built a Docker image and saved it to a tar-file on my nas (build.sh):

The saved image I then importet on my QNAP-NAS with

Point devices from minut.com with API troubles

When you buy IOT devices, that can only be accessed via cloud api, you have to think about

  • Internet connection problems
  • API changes
  • shut down of API

I have written an article on this topic some time ago:


Today the API problem hit me with my point devices from https://minut.com/

Inspite of the outdated API documentation at https://api.minut.com/draft1/docs/ (e.g. ambient light IR readings do not work), I managed to get temperature, humidity, barometer and soundlevel readings with a node-red flow. Today I got an eMail, that my traffic to the API is to high and they blocked my account.

Maybe it is time to hack the device as I did with my sonoff dual https://itead.freshdesk.com/support/discussions/topics/11000006870

improved cheap ntp stratum 1 server

The cheap stratum ntp server based on ESP8266 turned out as unstable. I’m not sure, if it is a hardware or a software problem.  The module suddenly hangs and then sometimes the watchdog is triggering and sometimes only a poweroff and poweronn will get the wifi connection up again. I had similar problems with my secure esp8266 sensor node. It seems, that the problems are more often with many data transmitted via serial interface.

I have adapted my arduino code to be used with an ESP32 and made a prototype with this platform. Time will show, if this solves all the stability problems.



using ntp on my qnap nas with my self made stratum 1 server

Playing with my new ntp stratum 1 server I had to dig deeper into configurations of different devices. Most of them have a simple possibility to add some ntp servers but they don’t offer advanced parameters. Under the hood I found often a standard ntpd implementation with an ntp.conf file. And that implementation would offer so many features you can’t activate with the offered web-interface. Examples here are EdgerouterLite, QNAP NAS and VMWARE ESXi.

On the qnap nas you first set time sync to manual. Then you configure the ntp server in the webui. Here you can’t add a sync source. WTF!

You can edit the ntp configuration with

Here is my configuration:

You can stop ntpd

Check if it has stopped

You can start it with

You can then test the setup with:

Be prepared to do these modifications after firmware upgrades or if you change settings in the QNAP admin UI.

building a cheap stratum 1 gps ntp timeserver

have a reliable local ntp timesource


  • be independant of a internet connection
  • study the possibilities of cheap GPS devices


  • running ntp timeserver with GPS time
  • source code for ESP8266 for arduino IDE


  • find a ebook with code samples
  • play with the technology
  • implement
  • test



  • GPS sync for local clock implemented, setting local clock fails on some devices
  • ntp server prototype without GPS implemented
  • Do not use the standard softwareserial library with wifi, as it may crash the system. Use espsoftwareserial instead. I had to pay hard to find out…
  • Code is working now:


  • the esp9266 has a high resolution clock, but I can not set it on all devices
  • a PPS signal on the GPS device is the key to a high precision time source
  • atom with platformio ide is a nice development environment

open items:

  • build a nice 3d printed enclosure

source code:


secure esp8266 sensor node

Some of my sensors use mqtt to publish their data to a mosquitto mqtt server. To have a really secure configuration I should:

  • use ssl/tls as transport
  • use authentication with one user / device
  • restrict topics to those users

Thinking about all the work that is involved for doing this, following idea came up:

  • use a REST service with https (with node-red)
  • to prevent replay attacks, add a timestamp to the message
  • sign the messages with an individual AES-Key

Here is a POC arduino sketch:


home automation with cloud iot devices

Building an iot architecture with cloud dependent devices can be risky:

  • the cloud service may stop its service before you thought your devices are end of life (c.f. https://forum.mysensors.org/topic/5212/why-ioyt-matters)
  • your internet connection may not be available, when you need the cloud service
  • the cloud service may change the api
  • fees may change not to your advantage 🙂

But there may be reasons to use them nevertheless, e.g. my netatmo devices are

  • small
  • can measure co2, temperature and humidity battery powered
  • look nice

As my heating regulation is dependant on temperature values, I had to take precautions against failure:

  • only rooms with co2 sensors may use netatmo, in the other rooms I use cloud independent devices like mysensors, homematic or z-wave
  • if a device doesn’t measure new temperature values for some time, my heating regulation algorithm determines, if the majority of the valves for the floor heating on the same floor are open or closed and sets the valves accordingly

This strategy does work really well for me. If the netatmo devices brake one day, I may change them against mysensor devices. I have built one for my living room https://forum.mysensors.org/topic/4355/mh-z14a-co2-sensor/5.