Privacy and Security on the Internet

On Monday, April 1, 2017, Congress passed and President Trump signed a bill to repeal rules that require ISPs to get your permission before selling information about your online habits. You can read more about it at USA Today or Ars Technica.

As soon as it was publicized, we received inquiries from Ayrstone customers about how they can protect themselves. Unfortunately, we really don’t have much we can offer. There is a lot of talk about Virtual Private Networks (VPNs), and some about the Tor Project, but neither is a very satisfactory solution.

VPNs securely route all your Internet traffic to the vendor’s routers, and then sends that traffic to the Internet. This will prevent your ISP from seeing your Internet habits (because, from their perspective, all your traffic is going to the VPN vendor), but clever spies can untangle your traffic from the VPN’s stream, and there is a danger that the VPN will simply collect your information and sell it.*

The Tor project is the result of a U.S. Navy project (paradoxically, while the government spends your money to reduce your privacy, they also have spent money to improve your privacy…). It is voluntary network of computers – you download their software, and all your traffic is routed through a seemingly random collection of computers around the globe before appearing again on the Internet from a random location. This is much more secure, but there are cases where agencies have re-assembled data from the Tor network.

Either VPNs or Tor will slow down your network, and neither offers perfect privacy. Various ISPs have vowed not to sell your internet usage data, and several states have started investigating passing local laws to protect privacy.

Add to this, unfortunately, that your ISP is far from the only source of information about your Internet usage. Google, Microsoft, Apple, and many, many others gather LOTS of information about your usage, and they use it to target advertising to you.

So there are three things you can do: first, use VPN or Tor software to increase your privacy, second, talk to your lawmakers about re-instating (and, preferably, increasing the scope of) the regulations around privacy, and, third, follow the advice of my old boss, Scott McNealy.

*There is another use of VPN – to connect a remote network to your LAN – and many of our customers use this kind of a VPN. In this case, you have a VPN router on your network, and you connect using VPN software or another VPN router to a remote network, such as (for example) a remote location where you have a different Internet “drop” from your home. In this use of a VPN, devices at that remote location get IP addresses and appear on the network as if they were in your home network, even though their traffic is routed out through a different Internet connection. This means you can be in the remote location and send a job to your printer at home, and it will be printed and ready when you get home, or you can access files on your home PC when you’re away. This does not help your privacy, except against information theft on public Internet connections, but it can make remote working more convenient.

The Internet of Things (IoT) on the Farm – Part 3

In Part 1 and Part 2 of this series, as well as the associated posts on the ezeio and sensor networks, I have focused primarily on IoT hardware: the part you can see and touch, and that touches your farm.


However, in many ways, software is much more important than the hardware. As I observed in Part 2, modern technology products are remarkably similar: a CPU, some memory, some storage, and some peripherals. If the peripheral is a relay, you have a device that can turn things on and off (like a remote-controlled power plug, or a WebRelay). If the peripheral is an “Analog to Digital Converter” (ADC) then the device can monitor sensors and report the values from those sensors. Some devices like the ezeio have both (and even more).

Of course, nothing happens on these devices without software. And software is involved in at least two important places: the software that is running on the devices themselves, sometimes referred to as “firmware,” and the software running on back-end computers (local or cloud servers, PCs, or even your phone or tablet) that is used to store and interpret the results from the devices.

These two pieces of software have to be able to “talk” with each other, and we’ll assume* they do so over your network, with the device connected to your AyrMesh network and the “back-end” software on some sort of cloud-based server on the Internet. Note that the “back-end” software COULD reside on a server on your property if you are using AyrMesh.

What the devices themselves do depends on both the hardware and the firmware on the device – in most cases, that firmware will collect readings from the sensors, upload that information to the back-end server, and, if appropriate, take commands from that server and take action, from turning on a light to starting a pump or a grain auger.

In most cases, that firmware is a closed system – there is no way for you to collect data off or communicate with the device directly, or to direct it to a location other than the vendor’s cloud server. It doesn’t have to be that way, but (1) it’s simpler, and (2) that gives the vendor much more control over the data.

The back-end server usually stores the data and presents it to you (either through a web page or a mobile app, or both). What data you see, how you see it, and what you can do with it depends on that back-end software. It may just present a time series of observations in the field as a graph, it may let you set up simple or complex rules (if the soil moisture is at this level or below, turn on the irrigation system), and it be able to present data in many useful ways (different graphs, superimposed on maps, etc.) and enable very complex control of your farm machinery.

The back-end server is usually a closed system, as well – most times it can only accept data from the vendor’s own devices. Sometimes it may have an “Application Program Interface” (API) that allows it to exchange data with other programs. It may also have the ability to upload data into it for tracking and presentation, or to download data from it for importation into another program. These APIs and import/export mechanisms may be very good, well-written, and well-documented, making them extremely useful. Or they may not. APIs are generally only useful for programmers – it takes code to make them work – but well-written and well-documented APIs can enable even relatively inexperienced programmers to create custom programs to do exactly what you want, and that can be extremely valuable.

On the other hand, back-end software without good APIs and/or import/export features is a “closed box” – what you get is just what you get, and there’s no way to get more or less. Understand, of course, that a closed system like this may do EXACTLY what you need, but, if your needs change, it may suddenly become useless.

Of course, there is also the issue of your data and what happens to it. The terms and conditions for the service may be very clear about what happens to your data, or they may be quite vague. Many of the data services will anonymize and sell the data that you store on their servers (the most unethical may not even anonymize it – beware!). This may concern you or not, depending on the nature of the data and how closely tied to your operation it is. For instance, it is generally valuable to share weather data – if your neighbors do so as well, you can gain a much better insight into the local weather patterns. On the other hand, you may not want to share geo-referenced harvest data – that tells too many people exactly what your land and your harvest is worth. “Fuzzing up” the geo-reference, however, might make it a lot more shareable.

When you are considering new devices to collect data and/or control machinery on the farm, these distinctions between “open” and “closed” systems, and the availability if good, usable APIs may seem abstract. Salespeople for “closed” systems will do their best to minimize the importance of these issues, but it’s absolutely critical. Openness in the device’s firmware means that the devices can be re-purposed to work with another system if you don’t like the vendor’s services, and openness in the back-end database means you can easily get your data and move it where it can be combined with other data and used (e.g. providing it to your agronomist for analysis, or storing it in a system where it can be combined with other data for decision-making).

Being smart about buying new technology for your farm can save you a lot of money in the long term, and a lot of frustration in the short term. We’ll keep an eye out for and report on interesting products that help you on the farm using open technologies.

*some devices connect directly to the network using WiFi or Ethernet, and some devices will have low-power networking (e.g. Zigbee or Google Threads) that use a “gateway” device to connect them to your network (or directly to a public network via cellular or satellite). There are even some that don’t talk to the network at all, using either Bluetooth or an embedded WiFi server to communicate directly with your phone, tablet, or laptop. And, of course, there are still devices that use some sort of flash memory and “sneakernet” (taking the flash memory off the device and walking it to a computer).

Quick link to video interview

Aaron Ault, who is the team lead for the Open Agriculture Data Alliance, was interviewed by Precision Farming Dealer. I think that data privacy and ownership is an extremely important issue (one of the benefits of the AyrMesh system is keeping data on the farm), and I though this was a terrific interview.

The video runs just under 6 minutes, and you can see it here:

Security and the IoT

Security_camAs you know, I think that the “Internet of Things” (IoT) has enormous potential for the farm. But we have all been recently reminded of the problems we are facing as BILLIONS of new devices come on to the Internet – Friday October 21, the IoT literally broke the Internet.

This event has been called the “Mirai botnet attack.” This is an extremely important event, because it used IoT devices to effectively bring the Internet to a stop for several hours on Friday, October 21. Even Ayrstone was affected: we use Zendesk for our customer support portal, and it was unavailable off and on on Friday.

This attack was innovative in two ways: first, it did not attack the affected sites directly, but rather attacked the Domain Name Servers (DNS, the servers that turn domain names like into IP addresses like of, making a huge number of websites, including Zendesk, Twitter, and others unreachable, even though they were working just fine.

But the most important innovation was the way the attack was done – using a Distributed Denial of Service (DDoS) attack from IoT devices. DDoS attacks work by sending a huge amount of data to a server from a large number of devices on the Internet, overwhelming the server and causing it to fail. Up until now, the “botnets,” as the devices sending the data are known, have mostly been personal computers infected with viruses that allow a remote user to control them and cause them to send out streams of data to the target server.

As I mentioned, however, this attack was different, because it used IoT devices – IP cameras, routers, wireless networking devices, and other little devices that people don’t see as being “computers.” But your router or IP camera has a lot more computing power than the powerful desktop computer you had just a few years ago.

Hackers were able to access these devices and install “botnet” software on them because – and this is THE IMPORTANT THING – the passwords were NEVER CHANGED from the defaults. For instance, many devices come with a default username of “admin” and a default password of “admin” or “password.” If those are not changed and they are exposed to the Internet, they are an open invitation to hackers.

Now, most of the devices on your network are NOT currently exposed to the Internet – they are safely hidden from the Internet by your router’s NAT firewall. But it is still important to change the default password on devices, and, if you have “port-forwarded” to any devices to make it accessible via the Internet, it is DOUBLY important to make sure it has a STRONG password to protect it.

Ayrstone products, of course, are protected because the username and password for each device is set from The only way an AyrMesh device can have the default username and password is if you don’t have an account, and we regularly disable devices that are not checking into an active account. However, even at that, AyrMesh devices should always be used behind a router’s firewall and not exposed to the Internet.

These devices are incredibly useful when used properly, but you have to take some minimal precautions to keep them safe. More information about the Mirai botnet attack and security of IoT devices can be found in this article and elsewhere.

This attack is a good reminder of three things:

  1. Make sure you always use good passwords (long, not a quotation or word) on ALL devices and keep those passwords secret,
  2. Don’t expose devices to the Internet unless you have to, and
  3. Purchase networking/IoT products from reliable vendors who can update the firmware to close vulnerabilities, preferably automatically and over the network. If not, make they make new firmware available to close holes as they are discovered, and install it regularly.

AyrMesh devices have firmware that is updated over the network. We issue several updates per year, and you needn’t do a thing – they happen automatically.

If you have any questions, of course, just let us know – [email protected]


Welcome Eero and Google to the world of Mesh

eerogoogle_wifiSince we started marketing the AyrMesh system five years ago, we have gotten inquiries from folks who have large houses, offices, and small hotels/motels – can AyrMesh work indoors? The answer, of course, is that it can work, but it’s not optimal for a number of reasons, and we do not recommend it. AyrMesh is designed for outdoor use, mainly in rural areas.

We have been able to recommend the fine Open-Mesh products for indoor and urban outdoor use, but some new products have recently entered the market.

Eero was the first in this space, with a very nice-looking product and very good technical specifications. Unlike Open-Mesh, they do not have any way to mount their units outdoors, and they only offer one model (available in a 1-, 2-, or 3-pack).

Then, this week, Google announced the new Google WiFi product, utilizing a very similar approach of very nice-looking indoor meshing access points for larger houses. The Google WiFi products will be available in November, but they can be pre-ordered.

open-meshOpen-Mesh uses their Cloudtrax website and apps to control their access points; we have used Open-Mesh here in the Ayrstone lab for years and found it to be excellent. It’s a fair bit more complicated than AyrMesh, but it has the more “commercial” features you might want for a business or a motel, and the more complex features are easily ignored for a home setup.

It’s worth mentioning that there have long been WiFi Repeaters (also known as “boosters” and “extenders”) that connect to your WiFi router and create a new WiFi signal, and devices like the Apple Airport routers that use “Wireless Distribution System” (WDS). Although a single repeater can work well, and three Apple Airport routers using WDS (one connected to the Internet and two “extenders”) can work, they don’t have the routing “smarts” of a real mesh network, and they can cause more problems than they solve. For a large house, a real WiFi meshing product like these will provide much better results without running Ethernet cables… of course, for the absolute best WiFi, there is no substitute for just running Ethernet and putting separate Access Points in each location you need WiFi. If you were clever enough to run Ethernet to the far reaches of your house before the drywall, all you have to do is plug in some dumb access points in the Ethernet – no need to mess with the indoor mesh.

The new Eero and Google WiFi products use apps to configure and control the network – I don’t know if there is a website option available, but I get the impression that the apps are the only way to control them. I don’t know about you, but my poor phone is “full” of apps, and I really don’t want another one.

So my own view is that these new players are not quite as good as what already exists in Open-Mesh, but, of course, your mileage may vary, Of course, they are being marketed like crazy, so you’re going to see them in the press all over the place.

What I think is important is that meshing WiFi is becoming mainstream, and, if you live in a large house, you don’t necessarily have to run Ethernet to get WiFi throughout the house.

Getting started with the IoT on the farm with ezeio


eze System

Courtesy of eze System

A few months ago, I was approached by the folks at eze System, who wanted to know if their ezeio product would work with AyrMesh to help farmers measure conditions on farms and control equipment.

ezeio-400px-300x239They were kind enough to send me one of the ezeio products so I could try it out. Insofar as it is a standard Ethernet (802.3) product, I had no doubt it would work perfectly with AyrMesh, and, of course, it did – I just connected it to an AyrMesh Receiver with an Ethernet cable and it appeared on my network.

What is cool about the ezeio is that it is a complete package – hardware, firmware, and back-end software – completely integrated and ready to plug in and go. It includes connection points for up to 4 analog inputs (configurable for 0-10V, 4-20mA current loop, S0-pulse, or simple on/off), Modbus devices, Microlan (1-wire) devices, and up to two relay outputs (up to 2 amps). This makes it a very versatile unit for both detecting and controlling things on the farm.

setup_smallI set mine up on a table to see how it worked. The good folks at eze System included a Microlan temperature probe, so I set up my unit with that connected to the Microlan connector and a couple of LEDs (with a battery) connected to one of the relay outputs.

loginI then went to their web-based dashboard and started setting things up. It’s pretty simple – you get a login on the dashboard, and you add your ezeio controller. You can then set up the inputs (in my case, the temperature probe) and outputs (the relay) and then set up rules to watch the inputs and take appropriate actions. If you want to see the details, I have put together a slide show for the curious so I don’t have to put it all here.

The bottom line is that I was able to quickly and easily set up a system that checked the temperature continuously and, when the temperature dropped below a certain level, lit up an LED. Big deal, I hear you say, BUT – it could easily have been starting a wind machine or an irrigation pump or some other machine, and it could have been triggered by a tank level switch or a soil moisture sensor or some other sensor or set of sensors. It also enables me to control those devices manually over the Internet, using a web browser, without having to “port forward” on my router.

The ezeio is a very powerful yet easy-to-use device which, in conjunction with the web service behind it, enables you to very easily set up monitoring and automation on your farm. For the do-it-yourselfer, it is a great way to get started on employing the Internet of Things (IoT) on your farm. Even if you’re not inclined to take this on yourself, any decent networking technician  can easily set up your AyrMesh network and the ezeio to help around the farm.

The Internet of Things (IoT) on the Farm – Part 2

arduinoIn Part 1, I talked a little bit about the vision for the internet of things, but I didn’t really define what I meant by the internet of things.

What I’m talking about when I talk about the Internet of Things is a profusion of small devices that are all connected to the network and therefore to the Internet. Whereas most of the things in your home that are connected to the network have keyboards and screens and are meant for you to interact with, I’m talking about things that instead have sensors and relays and actuators. In most cases, you won’t interact with them at all. They’ll just work automatically in the background either gathering data for you or controlling equipment. Most of these things you’ll set up and never touch them again, but they’ll be working quietly in the background for you day and night.

Ibm_pc_5150If you are as old as I am (and I hope you’re not!), you remember the first wave of personal computers: the Apple II, the CP/M machines like the Kaypro and Osborne, and the original IBM PC – these were amazing because they were real computers that could do useful things (spreadsheets, word processing, and calling bulletin board systems) but were small (the size of a suitcase, more or less) and inexpensive (a few thousand dollars – in the 1980s) enough for home use.

Raspberry Pi Zero - $5

Raspberry Pi Zero – $5

The kinds of computers that we are talking about here are significantly smaller (typically the size of a credit card) and significantly less expensive (most under $100, many of them less than $10), even though they have 10-100x the computing power of those early personal computers. Instead of keyboards and screens, they have network ports and connections for various sensors and/or actuators; most can run for hours or days on a small battery – some can run for months. They can sit in in a tiny place, collecting data and transmitting it to the network, or waiting for a command to do something, for years.


Simple Air Temperature Sensor

Decagon Soil Sensor

Decagon Soil Sensor

There are also a wide variety of sensors available, from simple temperature or humidity sensors to weather sensors like anemometers and rain buckets to advanced soil sensors that can measure soil temperature, moisture, and electrical conductivity. There are even sensors for UV radiation, leaf wetness, and chemicals in air and water.


Simple small relay

But these little devices can do more than just sit passively measuring conditions. Devices can also be connected to allow them to take action, from simply turning something on to controlling complex machinery automatically. For instance, it is fairly simple to use a simple, small relay to turn an electrical machine on or off.

Raven PWM Valve

Raven PWM Valve

Multiple relays can be used for multiple devices, and relays come from very small, low-power devices to very high-power solid-state relays for switching very heavy loads. Many of these computers, however, also have the ability to output Pulse-Width Modulated (PWM) signals to control variable-rate devices like valves (control pressure through a water valve for irrigation or a hydraulic valve for controlling machinery) and pumps.

75 Amp Solid-State Relay

75 Amp Solid-State Relay

What ties it all together, of course, is two things: a network and software (both on the device and acting as some sort of “back end” to store and manage the data coming from these devices). Without software, any computer, even a $5 one, is just dead weight; without a network, it’s just sitting out in the field collecting data it can’t move to someplace it can be useful.

We know how to build the network – what Ayrstone does is give you the ability to build a strong, standards-based wireless network across your farm – and in part 3 we’ll consider the software part.


Sensor networks


Courtesy of Davis Instruments

Much has been written about the use of remote sensors in farming, with soil sensors leading the way. I think it’s worthwhile to understand how these sensors work and what options are available

We have highlighted some of these products (gThrive, Farmx, Edyn), and there are others coming up including Cropx and AgSmarts that we have not been able to evaluate in depth yet, although they are very promising and appear to be more focused on “mainstream” agriculture rather than specialty crops.

The soil sensor people understand that, to have soil sensors near the plants, you have to have sensors that are battery-powered (because you don’t get enough sun under the canopy to use solar). Because of that, most soil sensors use a low-power radio system; many use a “Personal-Area Network,” usually based on the 802.15.4 low-power, low-bandwidth meshing standard. These networks allow the sensors to use very little power so the batteries can last for months or even years. Additionally, the bandwidth (the amount of radio spectrum they use) is so low that they can transmit a very long distance with minimal power – frequently hundreds of yards – and the meshing capability means they can cover a very large area in a couple of hops. So these sensor networks actually ARE practical for gathering data from sensors, even in a very large field.


gThrive sensors and gLink gateway – Courtesy of gThrive

However, these systems, just like your home WiFi network, require a “gateway” device out in the field to connect them to the larger network (your AyrMesh network or the Internet). The Edyn sensor is an exception, because it connects directly to your WiFi network, but it is primarily aimed at gardeners, not commercial agriculture. Davis Instruments uses the weather station as the Gateway device, which makes it simple, but it does not use a meshing system, which limits how many sensors you can deploy. For almost all systems, sensors are not directly on your network or the Internet – the field network is a special network that only “talks” to the gateway device, and the gateway device “talks” to a normal Internet Protocol network – and that is usually a cellular modem connected to the Internet.

I generally discount analyst firms, but I have to reluctantly give kudos to Lux Research for hitting the nail right on the head: sensors are too expensive. With the exception of the Edyn, which you can buy at Home Depot (and connect to your AyrMesh network or other WiFi source), you have to buy:

  1. However many individual sensors you want,
  2. A Gateway device for your sensor network (possibly multiple gateway devices if you want sensors in multiple fields), and
  3. Cellular subscriptions for each gateway device.

This is a lot of “commitment” before you even figure out how to effectively use the sensors and the data that comes from them – thousands of dollars just to get started plus a monthly or annual commitment to get the data. These systems are being marketed primarily to folks growing wine grapes in California or vegetables in Arizona – high-value crops with severe water costs and restrictions.

There are changes coming, of course, but there are also ways to get started now with less commitment.

in_garden_2_smallFirst, if you’re growing a few acres of cut flowers, organic vegetables, or other high-value, high-intensity crops, the Edyn system may be very useful. Put an AyrMesh Hub near your field and deploy the Edyn sensors and valves controllers. You don’t have to save a lot of time and water to justify the expense.

Davis Weather Envoy

Davis Weather Envoy, courtesy of Davis Instruments

Second, Davis Instruments has a nice system that they don’t advertise much. Their Wireless Weather Envoy datalogger can be connected to any Ethernet network (e.g. a Remote AyrMesh Hub, an AyrMesh Receiver, or an AyrMesh Bridge) using their Weatherlink IP module. It can then connect to their Soil Sensor Station, which has up to four soil moisture and soil temperature probes.  It will also connect to a Vantage Vue wireless weather station, which is a very high-quality, low-cost, integrated weather instrument cluster that you can put up in any field in a matter of minutes. There’s a small annual fee for their cloud-based Weatherlink service, but it makes the system VERY easy to use.

If you need more soil sensors, they also build an Envoy 8x, which has the ability to simultaneously “talk” to up to 8 stations – weather stations or soil stations – within about 1000 yards.

batteriesEither the Wireless Weather Envoy or the Envoy 8x can be tucked into the cabinet of the Tycon remote power system we recommend for field Hubs, Receivers, or Bridge radios, and powered from the auxiliary power output on that system.

Third, if you do want to deploy many soil sensors using a system like gThrive or Farmx, you can connect the gateways in each field to an AyrMesh devvice to avoid exorbitant cellular fees for each gateway device. Their gateway devices have Ethernet ports, so they can be connected directly to an AyrMesh Remote Hub, Receiver, or Bridge unit, and you can skip the cellular bills.

We’ll have more on weather and soil sensors – if you have questions or comments, please leave them here (for public response) or contact us.


The “Third Wave” of AgTech

paydirtWe wanted to quickly share an article published recently that impressed us quite a bit.

This article in DTN/Progressive Farmer talks about how information technology is making a difference in farming and how that is likely to accelerate in the coming years.

There are a lot of unknowns in the “AgTech” field – most importantly, which vendors and technologies are going to be genuinely important and which will be forgotten. However, one thing is clear: the technology of agriculture, and particularly of agricultural data, is here to stay. And, where you have data, you HAVE to have a way to move it. And, finally, the way to move data is using networks.

So we are encouraged by this article (and others we have seen) that predict increasing importance for data on the farm – it just makes the AyrMesh network that much more valuable for our customers.

The Internet of Things (IoT) on the farm – part 1

tag_cloudI read a LOT about the “Internet of Things” (abbreviated IoT) is in the news lately; you probably have see it too, and there is a lot of excitement around it. And I would argue there’s good reason for that – it is going to change everything, perhaps more fundamentally than cellphones and, later, smartphones. But it is important to understand what the IoT is, what it is not, and how it will affect life on the farm.


Courtesy of Nest

The IoT is not a single thing or even a particular class of things; it refers to a new generation of devices that are connected to the Internet and perform some function, with little or no human interaction. There are already a LOT of good examples, from the Nest Thermostat to kid’s Arduino toys, from devices that can be handy almost everywhere like a network-connected lightswitch, to highly specialized devices like grain dryer controllers or irrigation controllers. I would argue that little of this stuff is new; the things we are seeing being touted as “IoT” devices are really the same as things we already have, just made smaller, smarter, and less expensive. Frequently a LOT smarter and a lot less expensive, which is important.arduino


Belkin WeMo WiFi Outlet

But the profusion of little, inexpensive, smart things all over the place is having effects we can’t fully understand or appreciate yet. The one thing we can predict with some certainty is that the people who understand these devices and put them to use intelligently will see tremendous gains, just as those who started using computers intelligently saw huge benefits. The question, of course, is, “How do I use these devices?”

Technical knowledge is much less important at this phase than imagination – in all honesty, the most technically competent people miss a lot because they are too invested in how things ARE, so they cannot understand how things COULD BE. So I pose this question to you: what on the farm could be made better (faster, cheaper, more profitable, or more enjoyable) by little computers with accurate little sensors (for light, heat, moisture, position, dream_farmmotion, and lots of other things) and robust built-in data communications infrastructure (WiFi)? What could you monitor? What could you control remotely (or even automatically), especially using the data you are getting from monitoring?

We’ll explore this more in future blog posts, but I would like to hear what you have to say, as well.

You can find Part 2 here, as well as a good post about sensor networks.