- Sun Aug 14, 2016 2:52 am
#52893
Forlotto, you mentioned OTA updates; how precisely do you do it? What URL do you specify on the settings page? I have not been able to do an OTA update.
Moderator: Mmiscool
- Sun Aug 14, 2016 11:21 am
#52937
Visit this thread:
viewtopic.php?f=45&t=11290
I have setup a temp server for the time being for public consumption until mike has the time to toy around with things.
However, I will say anyone can setup a server for OTA you can set one up locally for yourself if you really wanted to this option would be safe.
You should be aware though it is very possible for anyone to host an OTA server and modify it to be a security threat to all of your personal information with simple modification of the esp's firmware all of your data could be stolen and sold to the highest bidder. It is a dangerous thing OTA if in someone nefarious is hosting It could also be dangerous in the case that someone could potentially hack my server that I am hosting or anyone's for that matter, and place a modified version on my server without me even knowing it for a period of time. These are all real world possibilities just something to be aware of at current though everything is safe as far as I know while I make zero warranties as a protection from all liability.
This was more so meant as a comment for awareness rather than production of tin foil hat fear everyone should be aware of what they are messing with could legitimately compromise their entire identity, project etc...
viewtopic.php?f=45&t=11290
I have setup a temp server for the time being for public consumption until mike has the time to toy around with things.
However, I will say anyone can setup a server for OTA you can set one up locally for yourself if you really wanted to this option would be safe.
You should be aware though it is very possible for anyone to host an OTA server and modify it to be a security threat to all of your personal information with simple modification of the esp's firmware all of your data could be stolen and sold to the highest bidder. It is a dangerous thing OTA if in someone nefarious is hosting It could also be dangerous in the case that someone could potentially hack my server that I am hosting or anyone's for that matter, and place a modified version on my server without me even knowing it for a period of time. These are all real world possibilities just something to be aware of at current though everything is safe as far as I know while I make zero warranties as a protection from all liability.
This was more so meant as a comment for awareness rather than production of tin foil hat fear everyone should be aware of what they are messing with could legitimately compromise their entire identity, project etc...
Helpful? Donate To help support Mike http://www.esp8266basic.com click the donate button lets keep this project going and hope we can get the ESP32 in the mix. BEGINNERS GUIDE HERE http://www.esp8266.com/viewtopic.php?f=40&t=6732
Where I buy my ESP8266 boards from... (Banggood)
Where I buy my ESP8266 boards from... (Banggood)
- Mon Aug 15, 2016 1:43 am
#52972
Thank you very much for the detailed explanation.
I'm slightly unclear about what you've warned about though.
Are you saying the whole network would be compromised if one just uses the OTA feature? Or that if you set up your own server, that, and its contents would be compromised?
I'm slightly unclear about what you've warned about though.
Are you saying the whole network would be compromised if one just uses the OTA feature? Or that if you set up your own server, that, and its contents would be compromised?
- Mon Aug 15, 2016 9:20 pm
#53024
There is always a slight risk and you should be aware of it you should be fine I use it personally but someone with not so good intentions could use this as a tool for dirty firmware distribution you could always check the md5 hash of the file vs the one on github to be sure but so far no issues seems clean and good thus far just be aware that in the event something were to happen I assume no liability you are responsible for your own security.
More of a disclaimer then anything I'd hate for something like this to happen to someone using OTA.
Shouldn't have to worry but I am saying I make no warranties or promises. This is a free service free to use but use it at your own will and with your own responsibility.
More of a disclaimer then anything I'd hate for something like this to happen to someone using OTA.
Shouldn't have to worry but I am saying I make no warranties or promises. This is a free service free to use but use it at your own will and with your own responsibility.
Helpful? Donate To help support Mike http://www.esp8266basic.com click the donate button lets keep this project going and hope we can get the ESP32 in the mix. BEGINNERS GUIDE HERE http://www.esp8266.com/viewtopic.php?f=40&t=6732
Where I buy my ESP8266 boards from... (Banggood)
Where I buy my ESP8266 boards from... (Banggood)
