Susan Harkins (274) [Avatar] Offline
#1
Please post errors in the published version of Building the Web of Things here. We'll publish a comprehensive list for everyone's convenience. Thank you!

Susan Harkins
Errata Editor
Manning Publications
jasonc (11) [Avatar] Offline
#2
On page 181, Step 2: Create the Express Routes, it states:
You define those routes in two files available in the routes/ folder (actuators.js and sensors.js), which are shown in the next two listings.

Listing 7.3 that follows shows sensors.js but there is no listing for actuators.js before it moves on to Step 3.
416533 (2) [Avatar] Offline
#3
Section 9.2.1:

JWT info is incorrect and could mislead people in to creating an insecure app.

JSON Web Tokens do NOT provide encryption. The JSON is simply BASE64 + an encrypted signature based on the JSON content with a pre-shared key between servers.

This allows the server to trust the content of JWT, but does not do anything to hide that content. In most cases, you'd still want to transmit the JWT over a TLS connection.

Luis
domguinard (62) [Avatar] Offline
#4
jasonc wrote:On page 181, Step 2: Create the Express Routes, it states:
You define those routes in two files available in the routes/ folder (actuators.js and sensors.js), which are shown in the next two listings.

Listing 7.3 that follows shows sensors.js but there is no listing for actuators.js before it moves on to Step 3.


Good catch, thanks a lot for spotting this one! We'll correct this in the next print batch.
domguinard (62) [Avatar] Offline
#5
416533 wrote:Section 9.2.1:

JWT info is incorrect and could mislead people in to creating an insecure app.

JSON Web Tokens do NOT provide encryption. The JSON is simply BASE64 + an encrypted signature based on the JSON content with a pre-shared key between servers.

This allows the server to trust the content of JWT, but does not do anything to hide that content. In most cases, you'd still want to transmit the JWT over a TLS connection.

Luis


Hi Luis,

You are absolutely right. Initially we were talking about JWT and JWE (Json Web Encryption) which are frequently used in combination (that's how we use JWT at EVRYTHNG) but then decided to omit the mention of JWE as the nerd corner became too long.

Reading your comment I realize this was a bad move and we will correct this in the next print batch.

Meanwhile people can learn about the difference between JWT and JWE here: https://securedb.co/community/jwt-vs-jws-vs-jwe/
In essence JWT tokens or claims are not encrypted unless you use a companion standard called JWE which should be definitely done if you are unable to transfer your data over TLS or DTLS (usually the best options to date if supported by your IoT device).

Thanks again Luis!
domguinard (62) [Avatar] Offline
#6
Adding one more that was posted to another thread:

Just a small editing error here. It says:

"This is also essential for the Web of Things because new, unknown devices can be added to and removed from to the system at any time, and interacting with them will require minimal effort."

The struck out 'to' should be omitted.
33831 (8) [Avatar] Offline
#7
I am frustrated with listings 7.7 and 7.8. The implication is that the missing code is obvious and a repeat but when I look at the code examples, it is no such thing. You should either provide the complete code or some hints as to how to solve for the missing code. I know the answer is in the code examples and that is how I got around the issue but I think the book should stand on it's own, don't you?
33831 (8) [Avatar] Offline
#8
Sorry to seem like I am complaining, (I am) but i think the book is very good and my suggestions are really observational. It's clear that the circuit board stuff in chapter 4 is needed later. Nowhere does it say that and because it's built piece meal throughout the chapter showing one and then another circuit, each one "clean", i assume each was a tear down and restart. I certainly didn't think I would have to use it later on so I took it apart. More importantly, it never shows the completed system with all sensors wired in and together on a board. I had to use the screenshot from your picture in the book website to figure it out. Wow.

domguinard (62) [Avatar] Offline
#9
33831 wrote:I am frustrated with listings 7.7 and 7.8. The implication is that the missing code is obvious and a repeat but when I look at the code examples, it is no such thing. You should either provide the complete code or some hints as to how to solve for the missing code. I know the answer is in the code examples and that is how I got around the issue but I think the book should stand on it's own, don't you?


We did not show the full code for 7.7 and 7.8 in the book, trying to focus on the key parts of the code. The idea is that the full code is available online and it was a trade-off between book-length and details.

However, having a second look at it, I get your points. This is the first time we introduce how to write an Express server (7.smilie for example which is actually not trivial and should be explained a little more.

So: point well taken, this is not something we can fix through the "errata" process but something we'll be able to fix in a version 2 of the book.

Thanks a lot for your comment.
domguinard (62) [Avatar] Offline
#10
33831 wrote:Sorry to seem like I am complaining, (I am) but i think the book is very good and my suggestions are really observational. It's clear that the circuit board stuff in chapter 4 is needed later. Nowhere does it say that and because it's built piece meal throughout the chapter showing one and then another circuit, each one "clean", i assume each was a tear down and restart. I certainly didn't think I would have to use it later on so I took it apart. More importantly, it never shows the completed system with all sensors wired in and together on a board. I had to use the screenshot from your picture in the book website to figure it out. Wow.


That's a totally fair point! We should mention that every circuit will be needed later to build the full device, we just forgot this!
A figure with the complete system is also a great idea, we'll see if this can be included in an errata or if we'll need to wait for version 2. Meanwhile I'll post it on the book site: http://book.webofthings.io as soon as possible.

Thanks!
33831 (8) [Avatar] Offline
#11
I have another peeve. Because there is a missing reference in chapter 7 to most of the rest of the DHT22SensorPlugin.js in listing 7.7. The code examples use a simulate function driven from a util.js file which has not yet been referenced or defined. Basically, asking to test on simulation and real hardware on page 185 guarantees failure unless you either copy in the the file in the utils directory or you need to figure out how to write the parts not shown with your own code if you understand it enough.
33831 (8) [Avatar] Offline
#12
33831 wrote:I have another peeve. Because there is a missing reference in chapter 7 to most of the rest of the DHT22SensorPlugin.js in listing 7.7. The code examples use a simulate function driven from a util.js file which has not yet been referenced or defined. Basically, asking to test on simulation and real hardware on page 185 guarantees failure unless you either copy in the the file in the utils directory or you need to figure out how to write the parts not shown with your own code if you understand it enough.


To add, I solved it by putting in a random number generator in the form of Math.round(Math.random()*max of range in lieu of the external calls. Obviously moving the code out of "inline" into an external function is a much better coding practice but at this point in the book it's not reference-able as such. I am having a good time in the process I will say and the book is definitely worth it.
domguinard (62) [Avatar] Offline
#13
Hi,

Thanks again for the great feedback. I get your point about the calls to
utils.randomInt(0, 40);
which is indeed defined in another file. We should at least mention it in the text you are right but ideally we should have put this one inline actually.

The issue is still this trade-off between book-length and the book being self sufficient: we are clear that you need to download the code to fully understand the process, the book focuses on the key parts.

As these can't really be addressed in the errata (because they change the book flow/length), I started a: "suggestion for version 2 thread." here: https://forums.manning.com/posts/list/40263.page

Let's move the good discussion there.
domguinard (62) [Avatar] Offline
#14
In chapter 4:


“At the time of writing, 4.x is the latest long-term support (LTS) version of Node.js and the code has been tested with this version.”


We should be explicit and say that only up to Node 4.x is supported (unless we fix the Object.Observe() issue).
ngmwot (3) [Avatar] Offline
#15
p. 134 under Persistent Connections

PERSISTENT CONNECTIONS
...This means that all the publication and subscription
happens via TPC/IP


"TPC/IP" should be replaced with "TCP/IP"
domguinard (62) [Avatar] Offline
#16


PERSISTENT CONNECTIONS
...This means that all the publication and subscription
happens via TPC/IP



"TPC/IP" should be replaced with "TCP/IP"


Good catch! Thanks a lot for that!
ngmwot (3) [Avatar] Offline
#17
Chapter 7 p. 183 NPM Install
Update: Moved the npm output to an attachment for forum housekeeping and etiquette. Also, found several pages later in the literature that the hardware specific c++ drivers are already handled as optional dependencies a fair alternative to omitting them with a `--dev` flag. It would still be helpful to understand if any of the errors in the npm output should be of concern. If not, this post need not be treated as potential errata anymore.

Chapter 7
p. 179 Footnote 5 and p. 183 Footnote 7

Instructs the reader to `npm install` from the wot-pi/ folder on the reader's local machine.

Assuming this is meant to map to the wot-book repo, specifically wot-book/chapter7-implementation/part1-2-direct-gateway/ `npm install` throws many errors. These seem to at least partially be due to npm wrapping compilers, called by makefiles, for native c++ source, especially the sensor drivers. If those are written specifically for ARM, I'm unclear how this can be built on an x86 based dev machine for simulation without modification? If modification is the solution, it would make for convenience by configuring an `npm install --dev` to perform an install appropriate to an x86 based dev machine.

Susan Harkins (274) [Avatar] Offline
#18
The current errata list is at http://webofthings.org/book/wot-book-errata/. Thanks!

Susan Harkins
Errata Editor
Jack Leon (1) [Avatar] Offline
#19
Just a minor typo, on page 16, section 1.3.2, second paragraph, the fourth word should be experienced.
domguinard (62) [Avatar] Offline
#20
Thanks a lot for that Jack!
V (1) [Avatar] Offline
#21
In Figure 5.7, the SYN ACK is sent by the Thing to the Server. I guess it should be the other way around.

Thanks for this great book!

Edit: this is already in the book errata, I should have checked before...