Ready.
Formerly, one could connect two computers through their serial ports or parallel ports, and be in total control of the byte-stream that was flowing either way. In contrast, internet, and operating-system bugs, have been resources for exploits of hackers. Afterward, serial and parallel ports were omitted from many computers, most of the laptops and maybe all of the tablets. People started to have "virtual serial/parallel ports" through USB gadgets, but next, in 2014, USB was declared "broken" -- unless your gadget refuses firmware updates through regular USB ports. This article is for emulating the security that was provided by those old serial and parallel ports, for file-transfer, and for other well-defined processes (like committing transactions to databases, from sensors in untrustable zones, and from operators that work with internet/extranet access).
The following is a list of truths, for motivating you toward making your own firewall (at least, understanding (without being overhelmed) why and how that works). That is, for perfect security, as far as computers and software are concerned.
Beyond that, there may be electromagnetic assaults and witchcraft. Such privacy assaults are obviously of interest, too, but lots of people would firstly think of the more obvious/mundane scenario of being target of internet-hackers. So, firstly, at least prove to yourself (by building your firewall) that, the assault is not through internet-borne hacks.
If your operating-system and the applications you use, are not guaranteed to be secure, then the best option may be just decoupling (isolating, separating) your internet-access machine, from your intranet (private, no-internet-access) machines. Then, in between those, you either
If what you want is only a barrier against anarchists-who-hack-randomly-and-not-sticking-around a lot, carrying manually may be workable -- if you would always remember that USB-drives are controllable by hackers (as of 2014) and (even assuming that SD cards are not maliciously-controllable, yet) you have to have (at least) two (not one) SD-card-readers (one for internet, one for intranet) because those card-readers have USB firmware, too. That is, you would not want to plug the contaminated USB-gadget to your intranet (private) machines.
Furthermore, if you are a target of some major "hackers"/"lamers" (maybe NSA/CIA, FSB/KGB, MI6, MOSSAD/Israel, antichrist-gang, whoever), then even some system-software (which you may have carefully, manually updated as a service-pack on DVD, rather than opening your machines to internet) may turn out to have some malicious portions, that read from your SD-cards (to see the orders from outside), and writing some of the internal data to hidden-files (or, non-files, "empty bytes") on that SD-card that will go out to the internet machine, again.
BTW, if you would like to be "vulnerable" to such, for those not to visit you physically, you may have some bogus "intranet" machines, too. Then they may bug those non-data . BTW, at least in case of the antichrist-gang, they may be reading your mind, too. Thereoff, they know that you have hidden your actual ("private") machines in non-hackable zone. That is, they may be still spying your data, but unable to ruin that (other than by trying to cause you make accidents, or risking themselves by visiting your building.
In other words, at first, the carrying-through-microSD option might have sounded "lazier" (and therefore, "better") to you, but that has lots of tedious routines, and still not quite trustable. Therefore, we come back to our majestic "lazy" way, that is, programming the job into a software, so that computers do the tedious routine for us.
arduiComp = arduino-compatible (arduino duemilanove, arduino uno, or compatibles)
arduiCompMaxi (mega) (So far, I have not used those. So far as I understand/recall, for most work, when I refer to "arduiComp," then arduiCompMaxi is fitting, too.
arduiBreadComp = breadboard-resident arduino-compatible (arduino nano, or compatibles).
arduiBreadCompMini = breadboard-resident, small footprint arduno-compatibles (arduino mini) (So far, I have not used those, either. I have to read/think about that, to know/remember how that would fit, for example, with a Bluetooth module. If you know, then you may apply.)
A parallel-port has abilty to send and receive multiple bits, at the same time, while a serial-port transfers a single bit at a time. A "LapLink cable" (LapLink being a trademark name of that manufacturer) is a cable that ties two computers through their parallel-ports, or through their serial-ports.
Nowadays, they are mostly not available,at least, if one of the two computers is a laptop or tablet computer. Actually, I firstly had thought of the Arduino at the middle, for accessing to a good old Windows95 machine, and the firewallness of that (Arduino moderating the bytes, not allowing the operating-systems at the two sides conspire) was the extra utility. But now, with buggy operating-systems, and untrustable USB ports, the future of mobility (what we will see in flight) is that, people may work with two computers (one intranet/private, the other is for internet), with a firewall that relates the two, for affording what a 1980s port was providing.
Intranet is the network of machines that are internal (private), not accessible to outsiders how that is accessible by the resident personnel (or, home-residents if that is a house).
If your "intranet" (oxymoron, now) could be accessible remotely, too, that would be called extranet. But for our purposes, that is a sort of internet, actually, because that is open to hacker-assaults. The excption to that may be in the vice versa, that is, if you apply extra caution (like "need-to-know" principles) in the intranet, too, then your extranet may be not too different than how lots of personnel (not having accces to internals a lot but they just) commit their transactions to the databases. That is, they work as if they access from untrustable zones.
I refer to what the firewall does, as "decoupling." That resembles how "optocouplers" of electronics "couple," but probably they think about the "coupling" of data between the two (optically, through lightwaves), rather than how those two are isolated (materially, electrically).
BTW, if you have a few (two or more) unused webcams, you may build a virtual-firewall, just how optocouplers work. For example, direct the webcam to a corner of the scrren of the opposite machine, and there may be a three-color code there (black or red-vs-green). If black, there is no data. If red=0, green=1, then that is a digital transmission channel. If/when everything else seems to be infiltrated (that is, if you distrust all communication devices and protocols (Ethernet, USB, etc), then just work with your webcam (or, put a couple of smartphone/tablet such that their cameras are seeing each other). Likewise, if you would like to work with just optical method but without positioning whole computer monitors (nor having a USB-controllable flasher/LED), or just willing to work-out some hard-wired (non-programmed), attach a LED-containing circuit to a (virtual/USB, or actual) serial-port (or, a parallel-port pin) and flash that on/off, for webcam to see that. Most LEDs have single color (therefore, the three-color method is not necessarily applicable), but there are various methods how electronics-hobbyists have been able to communicate with -- like morse-codes (telegraphy, or how people flash S.O.S. with flashers, to airplanes), or through modulating. (For example, Mims lists "Light-wave audio transmitter" in his "Getting Started in Electronics," and various circuits (for example, "LightWave Code Transmitters"), in volume2 of engineer's mini notebooks).
If you are in total charge of the sounds (if no bug could talk/hear ultrasounds/sounds within that room), then you may simply communicate through sound, too. Some (non-human) tones (ultrasound, too) choosable, for talking-machines.
The word engineer stands for transforming materials or building things, by using resources (energy, etc), for their worth to (mostly) humans. That is almost the official statement (although I now have written from memory), but that is not necessarily a guarantee of a thing (as I point out within this webpage, and this and other websites, too). With all due respect to Forrest Mims (and his good will), his exhorting about the "high moral values" that (supposedly) relates to membership of IEEE, sounds irrelevant, because the cases seem otherwise, when I expose. So, that is resembling just how virtually all martial-arts schools choose to exhort about high-values (self-restraint, not bullying, etc), bad guys happen to learn martial arts, too (or, the film-script authors think that way, but then again, those actors who play in such films where bad guys also know martial-arts, are confirming the script-writer"s non-committedness to the "guarantee-of-moral-values"-expectancy). Worse, the bad guys that publish in IEEE journals, seem to NOT even know the thing (so, that is, truth may be concurring with the script-writers who fail the bad-guys at the final scene (because bad-guys know less of the arts), but IEEE is not failing the bad-guys/papers, even after decades). If IEEE had any standards/guarantees at all, does that mean that no member of IEEE has ever read anything I have written (or else, they would report thatto their "high-morals" institute)? Not to single out IEEE as a publisher, but if IEEE pretends to have some "higher-values," then that should be talked back against.
In 2009 I had tweeted that, Lenski2008 paper was a sloppy work (if not deliberate charlatanism and continued-suppression), and fallacy. They were both listing their (probably well-known by all) method-definition (and within that, the existence of wild-species-contaminations time-to-time), "but" (may be maliciously) they attribute the found copies of the genes of those wild species in lab species, to be "new genes" (and that is, evolutionist lies (along with their other continued-lies, fallacy of "speciation") to disregard/neglect the Creator, the God). Actually, and this is how that thing relates to the firewall now I explain, well, microbes have ability to have genetic-transfers (which resembles how a hacker may reprogram your USB-gadget-firmware or your arduino through it, if you stick your arduino to a machine which that hacker has access to). In short, if something has potential to happen and if the results are there, then you may conclude that such contamination may have spread to there because of that well-known cause (if there is no other contamination source). BTW, in 2009, when I tweeted that, I was referring to the knowledge I knew from reading around through internet about genetic-transfers of microbes (so, that was a totally obvious potential for E.coli species, too). Afterward, when I looked back in to the biology textbook we had (a text published in 1980, our intro-BIO text in a 1990 class), actually E.coli was the most-widely studies and very well-known genetic-transfer subject. So, that is very famous. In a world that even such facts can be ignored by the "scientific" establishment (and even their opponents), you should take care of your own business to the extent you understand, and I think this firewall is something that most of you will understand (you will NOT blindly rely on some engineer who writes some "magical" firewall that you would not understand).
That truth remains a truth, afterward, too. That is, maybe you never knew that a firewall would work so conveniently, and afterward, you become so happy wiyj it that, when somebody (maybe even a charlatan with a "Ph.D." degree in "engineering") comes and claims to you something "bigger, better, more," then I suggest you not to entrust your established protection to that wannabe-or-traitor. At most, you may treat his/her plan as the "new internet," that is, a second firewall level, in between your existing intranet-&-middle, and existing internet. So, if that is a hacker ("socializing-engineer" attack), he/she remains stuck, where other hackers do.
So, if such charlatans (or, those who have gotten their "Ph.D." titles from such "professors," in turn) come to your office and presents himself/herself to be "something beyond," then don't jump to hell with him/her (that is, hell is "beyond," too, and not wishable).
Actually, for example, the money-making mining company of my father went out-of-business, because of such a wannabe-or-traitor engineer came, too. After that ("had-worked-in-Germany") engineer came (and requested firing the existing honest foreman, whyever, whatever of his mission that foreman was impeding), the company became a loser/insufficiency (not making sufficient money, any more, for financing the rest of the work, maybe not for itself, either), and I was hearing my father responding to his telephone with statements like "Then (if those are your excuses/whining you are telling me), why did you requested me fire that foreman?" (In his previous (first start in mining) near-bankruptcy process (and then, the (other) engineer had fled to USA), my father had understood that you have to personally attend to the mine, or else, some personnel steal the money. That (honest) foreman was good against that, but you see, that wannabe-or-traitor "engineer" came there, "above" that foreman, and was able to get him fired. That is, despite knowing what was necessary, my father was trusting it off, away. (BTW, perhaps, that trouble found him because he was (or, would be?) financing his copper mine(s) with that existing revenue-stream, and in HenryFord"s book, that had been written around 1920 that, copper business is under the control of international-Jews (and in Turkey, some sabbataists are in such mining, too). That may resemble how some people/children guess that "there are (little) people in radios/TVs" although we know that, the broadcast is from somewhere (broadcast center) not visible to us, that is, whoever, from wherever, may have sent those.)
If a conspiracy theory (that may explain the case), restores your faith to engineering, then I may remind you again that, absurd "Ph.D."s have been granted.
In the logic of mid80 formal-nets, the reduction method of VaDi78, is resembling how firewalls facilitate trustable-modules-forming, by practicality, affordability of having non-violable boundaries.
Ironically, copycat82/83 was a (totally-plagiarist-and-immensely-faultful charlatan, "but" officially granted a) "Ph.D." (actually, that is a Patently-Heretical Degeneracy like some other such I exposed (all sabbataists?) "Ph.D." and "academic" papers), the system of which was itself full of faults, that is ruin -- no help to a protection system.
The word "official" is how people call the Arduino (name) trademark-holders. Coincidentally, I use the term "official" (about others) pejoratively (even in this page, while disparaging the "official"ly-granted (charlatan) "Ph.D" titles). Furthermore, that is not limited to where I live (Turkey). EncyclopediaAmericana(1982) writes (now, I'm writing this from memory, although the volume is 3m from me) that, Italians talk behind their officials negatively, although not revolting in their face. Internet is full of U.S. citizens ranting/documenting their dissent against that state's officials (and some of those (charlatan) "Ph.D."s were granted by U.S. universities). So, the term is hardly ever flattering, at all. If "trademark-holder" sounds too "legalese," then refer to that as the designer-signature editions (reflects Italy better, to most) -- and then, maybe some of the girls who buy their computers and phones from grossery (fruit department) may buy those Arduinos, for even only that cause.
As a case for the point, in all through decades of having heard the term IBM-PC-compatible thousands of times (if not tens of thousands), I have either never heard the term "official IBM PC" or too rare and not attention-getting (because I have no memory of any instance of that, now).
Furthermore, Arduino designers officially allow others to manufacture freely, thereby, the term is begging extra explanation (with words like "I mean that, copying/manufacturing is with official permission (and with design-files themselves officially publish), but the Arduino trademark-name (and the associated quality-control they apply) is not to be confused with those manufactured by other than the designers themselves").
By the way, as relates to the firewall mission now, that is a warning while mentioning the term that, you should not trust "officials" too much (maybe even if you are not living in Turkey, Italy, USA, Russia, China, etc, etc), and that is, for example, your (computer-"official") operating-system (and their service-packs, security-updates) may also have bugs-or-trojans that open backdoors to hackers.
BTW, while talking about officials, and the buggy/vulnerable operating-systems, a case that relates to the firewall now I suggest, may be the 2014 (or, 2013?) news that, the statements of a Microsoft official (who said that, now that Microsoft would no longer apply security-updates to WinXP, all the internet-accessable WinXP machines may become pawns of hackers, for bot-nets), caused controversy, that is, because of his suggestion of retiring the (still popular) WinXP, in favor of (their newest) Win8, which turns out to not having ability to work with some applications that were written for WinXP. So, for all those companies that may be still depending on their WinXP apps, this sort of firewall, may be fitting.
First of all, do both of your machines have some authentic serial or parallel port? That is NOT a "virtual port" because virtual ports are actually USB gadgets. If you have authentic ports, then you may just work with those, sufficiently. Then again, if you would like to have Bluetooth access from internet machine, then a firewall that has a Bluetooth module, may be more convenient for you. Secondly, do you guess that all the computer-chip-manufacturers may conspire against you? Perhaps you doubt their ability or willingness to dissent against NSA's (or, MOSSAD's, or whoever's) "backdoor" requests? Then Arduino may also be less than acceptable for you, because there are mostly Atmel (AVR and ARM architectures), and the relatively new, Intel-based Arduinos. If you distrust only one, buy from the other company. If you distrust both, but expect them not to conspire, then buy from one each, for opposite sides. If you think both would conspire, then the thing may become cat-&-mouse game, at least, in theory, because even when you pull the plug from USB, they may communicate with the base machines through Ethernet, and communicate with each other, through the digital-pins, and talk back-&-forth whatever they wish. Then, that resembles the concern about the "firewalls" you could buy off-the-shelf, without having a reason to trust the manufacturer. Then, just forget about the "Arduino-based firewall," and return back to the definitions-&-terms section, to think about the optical (webcams-&-computer-screens, or webcams-&-LEDs), or auditory firewalls. Thirdly, do you already have a USB-to-serial adapter in your intranet-front (private) machine? If yes, then you may just stick the Bluetooth-module (which is actually a Bluetooth-to-serial module, NOT a Bluetooth-driver (nor internet) which would talk within the system). So, that just becomes two (authentic) serial-ports talking to each other. Then, you may work without arduino(s), too -- except the arduiComp that works as the dataLog@middle (because if both of the computers are hijacked, you would like to have their spy-chats on the record), and so, that arduiComp talks to two serial-ports, just forwarding their bytes to each other (& logging those, for your knowing). The last time I was looking around, Android-operating-system did not have a VCPI driver (of a popular USB-to-Serial adapter manufacturer). Therefore, if your intranet-front is an Android tablet, that option is (probably) not available. Furthermore, as I have just said (or, implied), those adapters come with drivers, and therefore, if you do not already have loaded one of those adapters, then I may not suggest (but you may think of straining your chances). Furthermore, bizarrely, the first adapter I bought, had no drivers (and the local computers-&-accessories from which we bought that, had gone bankrupt around that time. Next, I bought one from a Thai shop (that works through VCPI), and then, for maybe I would find a driver for the first adapter, I bought a third, from DX.com, but the driver CD of that, was not readable, & by now, because I have taken that WinXP machine out of internet, I would not like to introduce viruses/etc, at all. So, arduinos sound like a better option (although s sturdy adapter and a Bluetooth module, do sound convenient, probably thinner than arduino-combos). If you wonder why two USB-to-serial adapters may work, but a USB-to-USB (just USB itself does not). Well, the trouble is that, if you plug two machines through that cable, they talk through the USB protocol (one becoming the appliance of the other), and what the 2014 newa "USB drives that are attached to your machine, are reprogrammable" means, is applicable to whatever appliance is attached through a USB cable. (Actually, USB-drives should have no firmware-updatability, I would think, but those happen to be updatable, it turns out.) Fourthly, you may have wondered (or you may wonder, while reading the following portions of this article) what are the reasons for mounting an EthernetShield on top of the intranet-front arduiComp, while that arduiComp itself could attach to that intranet-front (or, private) tablet/laptop (computer) through USB. The major concerns against hooking that arduiComp directly, is the repogrammability-while-working (and thereby, undetectability (by later debugging) of whatever may have been done (by that arduiComp) in the real-world, nor within the transactions). One may also find disturbing that arduiComp is (either coma-like state, or manic/etc mental-illness-episode sort of) "lost hardware" (after firmware is hijacked, till restoring the authentic (arduino or compatible) firmware to that). That latter is, to some extent, a concern about the USB-to-Ethernet cable, too, but that does not do a thing other than transferring bytes or corrupting the bytes (as long as the EthernetShield itself is not hijackable, and actually, the Ethernet-protocol itself may be not reprogrammable permanently, either). So, at most, you would lose that (USB-to-Ethernet) cable, and you would restore your data from your dataLog@middle. The trustability of the EthernetShield reminds of the case of trustability of Atmel and Intel (the second point just above), but maybe less troubling. That EthernetShield is a "slave" of the arduiComp, talking through its pins, and therefore, "reprogramming" may happen only if it has circuitry that connects to the pins that arduiComp relents itself to programming (that is, sort of living in virtual reality, how Berkeley and other mind-"vs."-body philosophers-&-mystics have suggested). Other than that presumably-visually-checkable possibility, more troubling case may be, if the manufacturer is/were truly malicious. That is, if there is some series-of-bytes (like the word "miyazmo" in a 1970s~ RobertRedford film, where that was putting a bank-clerk in hypnotized controllable state), and a common spy theme is, hiding in enemy territory, and listening to the radio/TV till the activating words are spoken, and then, sabotage/etc may happen. That sort of "backdoor" is a concern about Atmel/Intel, too. Furthermore, as long as that EthernetShield is not able to reprogram that arduiComp, being "activated" still does not allow sending bytes back to the internet-front, because the Ethernet talks only toward the intranet. There, a firewall may (try to) ensure that, the Ethernet is NOT manipulating the intranet (that is, does nothing, not ordering, only sending bytes that are readable/viewable by humans). If the dataLog@middle also has EthernetShield and if malicious, that is a lot more mess, because we would like those data-bytes to never be lost or corrupted (as they are the historical archives for restoring/reconstructing the databases). BTW, at your intranet-front, if you are using Windows or Linux, then your computer probably already has Ethernet port, and therefore, that USB-to-Ethernet cable is not necessary (therefore, "similarity" with arduiComp vulnerability, may be not through USB (at least), that is, unless the internet (TCP/IP) or Ethernet-protocol implementations of your system turns out to have some bugs and if the EthernetShield knows that and maliciously manipulates that). Otherwise, if your intranet-front has an Android-based operating system, the arduino-IDE (for programming the arduiComp) may be non-existent on that computer, any way, and therefore, USB-to-Ethernet may be the best option (other than making your own USB-(firmware-non-updatable)gadget-&-writing-your-drivers-for that (like USB-to-serial) that simply sends 5v-vs.-0v voltages to arduiComp, or whatever talks to the internet-front).
If those four questions-&-suggestions sets have not changed your wish, then see the following Arduino-based alternatives the equivalent of the authentic serial-ports -- then, a bunch of new conveniences, too. If you could trust a Bluetooth module to be unhackable, then a single Arduino could be sufficient (with a Bluetooth that communicates with internet machine, and EthernetShield that connects to the intranet's front machine). If you could totally trust all of your intranet software, then you could get rid of the EthernetShield, too (because Arduino itself is connectable through USB, to that intranet front-machine). But entrusting yourself to the non-bugginess of a Bluetooth module, is probably not acceptable. Likewise, the software may have bugs-or-trojans. So, this "single-Arduino" option is not applicable if there is/are computer(s) of some untrustable zone, within the talking distance of that Bluetooth module. I presume that you trust the EthernetShield you buy, or at least, that it is not conspiring with the Bluetooth module, nor having its (not-told-to-you) Wi-Fi (or, whatever) remote-access channel, unbeknownst to you. If you have doubts, then again, go back to the optical or auditory firewalls. The following firewalls presume that EthernetShields do not communicate through airwaves, nor conspire with the Bluetooth module you buy. If you have doubts, then both options have pros and cons. The Ethernet-&-Bluetooth conspiracy is probably less likely than the Ethernet-to-Ethernet conspiracy. But, if Ethernets talk only through wires and if they cannot overtake the arduiComp itself, they may have no way to talk with each other, because that is the arduiComps that talk with each other, through the digital pins, not through Ethernet. The Bluetooth option's trouble likelihood is the regular Bluetooth concerns, that is, outsiders may (try to) listen/hack, if they are near/around. So, the design is to just program two arduiComps to talk to each other (the most trivial sort of byte-read, byte-write, through digital pins). Connect their digital pins to each other, and that is the firewall. The equivalent of the good old, authentic serial/parallel ports. The Bluetooth is "less trustable" because that works through airwaves, and hackers may hack it through some bugs that it may have. Therefore, Bluetooth will always be on the internet side of the firewall. Note that, the Bluetooth-module is actually a Bluetooth-to-serial module, and that is not necessarily harmful (or, harm-able) itself (other than corrupting the bytes it transfers), but for talking to that, if you would turn the Bluetooth of your intranet-front on, then all sorts of Bluetooth-vulnerabilities that exist in your operating-system (or, Bluetooth drivers of your Bluetooth supplier) may start to work actively and perhaps buggily-or-maliciously. Placing the Bluetooth-module at the internet-front, is equivalent to your internet-machine itself having been hacked. That is, at most, the incoming data may be modified (ruined), but thanks to the firewall, the hackers will not be able to overtake the intranet machines, no matter how buggy-or-malicious the Bluetooth module (or, internet) may ever be. (I mean, other than containing explosives or killer waves, or other raw-criminal sorts of assaults.) If machines are close to each other, then maybe Bluetooth is not extra convenient for you. Then you may just talk through a USB-to-serial adapter, too. Yes, as that is a USB gadget, hackers may hijack that (but if they are at that internet machine, they may hijack the bytes sent through Bluetooth, too). Just stick the necessary (RX, TX) pins to the breadboard where arduiBreadComp expects serial-port talk (alternatively, if you are working with two arduiComps (none arduiBreadComp), insert the wires to those slots of that arduiComp). In other words, the Bluetooth-module and a USB-to-serial-adapter are equivalent, because both are talking to the serial-port of ardui[Bread]Comp (of the internet-front), through breadboard/slots.
So, there are two arduiComps, one of which may be arduiBreadComp. If one is arduiBreadComp, then one module is necessarily Bluetooth, because EthernetShields do not mount onto arduiBreadComps. If one is arduiBreadComp, mounting a breadboard-module onto the EthernetShield, makes sense. That is, all four modules are on top of each other (Bluetooth is neighbor of arduiBreadComp, on the breadboard module). At the bottom, the arduiComp, then EthernetShield, then breadboard-module, and on the breadboard of that, the arduiBreadComp and the Bluetooth module. From digital-pin-slots of the arduiComp, hook the wires to the corresponding digital-pins of the arduiBreadComp, by inserting the other ends of those wires to the breadboard where that arduiBreadComp is (adjacent to the target pins). BTW, arduiBreadComp is totally replaceable by a plain chip, by bootloading a chip with arduino firmware firmware). They are equivalent, now that you will refrain from that USB (the extra) of that arduiBreadComp, any way. If both are arduiComps (no arduiBreadComp), then the intranet-facing arduiComp has the EthernetShield mounted, while the internet-facing arduiComp has the Bluetooth-module. Thereoff, just connect the two arduiComps through their digital pins. Furthermore, I suggest you to have a (perhaps otherwise-retired) machine (not connected to internet, nor to the intranet), for only programming your intranet-facing arduiComp. That is, for not allowing some bug/trojan to reprogram that while that arduiComp is working. If you have such a spare machhine, then never connect that arduiComp itself to the intranet-machines, at all (because they may contaminate that USB, and then, the third-machine could be contaminatable, too). By the way, if you do not already have two or more computers for such decoupling, then I may suggest their colors to be different. For example, black & white (black at internet, white at intranet, or if the vice versa makes some special sense to you, then white at internet, black at intranet), and never confuse that. (If you opt for having EthernetShield, then you have to have Ethernet access for your intranet-machine, too. Therefore, if you are buying tablet (not laptop) as your intranet machine, do not forget to buy a USB-to-Ethernet adapter of that color (for example, a white color Ethernet adapter (US$ 5.42)), because tablets mostly lack Ethernet ports.) If you already have two machines, you may attach stickers to your intranet machine (I'm guessing that, you would travel out of home, with your internet machine, and stickers may be both "seemingly less serious" and they may become worn out (or, dirty)more easily and then you would consider taking those off, and replacing). If all fails (like when some DVD loads virises/trojans to your intranet), then would you like to lose everything? I guess, no. Then, just data-log all of the data-transfer that goes back-&-forth through that firewall. For that, just insert a third arduiComp, there. That may have (maybe one-way, through a diode) reporting-target, or having its local microSD-module for logging to. That data (or, message-digests of the files) are viewable by humans (like auditors, or ombudsmans, to see who if there is a conspiracy, or if in dispute, then who is right). To find out the oddities in the data, there may be lots of (human-eye-catchable) cues. The data is there (that is the elementary), the job of figuring out the conspiracies is not necessarily elementry, though. Sometimes trivial (as even finding Ph.D charlatannships can be trivial for some of us, when the data is there (lik ein mathematics, or computer-science), in contrast to guessing (or having to replicate) if/when somebody declares having observed some behavior in some animal/organism unknown to you, or in some psychology lab), and sometimes proving a conspiracy may have become impossible. Pray and work out. Having data-logs (of all byte-transfers), reconstructing your database, is relatively straightforward. That is, if one or both machine(s) fail(s), you may just re-build its/their databases/files (as long as they were built from the transferred data). For example, for shopping-portals, that is the most major set of information, presumably (all of the quantities, prices and orders, are in the back-&-forth streams of data). If your dataLog@middle is arduiComp (not arduiBreadComp), then that may have its own EthernetShield, for logging the data to the microSD of that EthernetShield. That is, load arduinoISP to that (and if a chosen pin is set high (at 5V) when that arduiComp is reset, then it runs the arduinoISP, for programming whichever (of the two, intranet or internet, or both) that is/are attached to its programming-pins (one by one, in sequence). Furthermore, (with little extra work) that arduiComp may be also refrain from USB-attaching to a thing, at all. Firstly. download the code to reprogram the intranet-or-intranet neighbor, to its microSD, through its Etherney cable, then reset that for it to start programming. With the sort of firewall which I suggest, you may manage which-sorts-of data-are-transferrable in either direction. For example, if you have a shopping-portal at internet. The buyers see the data that is from intranet (how many items remain per product category, what their prices are), and internet-machines send the orders (the list of products that a customer buys) along with the up-to-the-minute currency-exchange rates. All of those are simple set of names & numeric-values. Probably almost anybody could write that sort of little programs for data-transfer-through-firewall, and for processing those transactions (committing to a database, or simply logging to a text-file after processing such as adding-or-subtracting the numeric values to/from inventories). Likewise, perfectly fitting for polling from various sensors (through Bluetooth, or over the internet) and making available (through Ethernet) to intranet. Maybe your "intranet" is actually a single (private) computer (next to your (personal) internet-access computer). That is, just surfing the internet and installing all the not-so-trustable applications at the internet-accessing computer. Then, when to transfer data to/from your private computer, that also has to follow the data-transfer (message-format) standards. Furthermore, (all company, or all house) may be working-&-surfing, similarly. Then, every person may consider each other to be "internet." That makes further sense, if your personnel travels, and his/her/their "private" machines, may have been tampered in some hotel room, or when drunk (or, drugged). You would not want all of your company (or, house) to be contaminated, along with that unfortunate person's. Therefore, re-read the above (shopping-portal) paragraph, and you may apply that within company, too, as far as such interfaces are devisable, thinking of yourselves as modules of networks. As concerns "file transfer," what this sort of firewall facilitates (you may refer to that as "guarantees," although I am legally NOT guaranteeing anything), is simply transferring non-active content. That is, (purely ASCII or UNICODE) text-files and (non-executable) image (photograph, video) files. Beyond that, you take the risk of ensuring that your files do not have executables (binaries or macros) that may run in your intranet, maliciously. For example, word-processor files may have their macros, and there may be "viruses" in those, too. If you work with a personal private computer (through firewall) next to your internet computer, then, you may get hurried about cutting-&-pasting some portion of text or images (photo, video) to/from your intranet machine. Well, that is no problem (and you do not have to violate the firewall for that). Just code a very trivial clipboard-peek-&-communicate application for yourself. That is, for example, at your internet machine, copy some text to clipboard, and then the clipboard-listener text-only app, may (optionally) pop-up and if you approve the transfer, sends that to the clipboard-viewer app at the intranet machine. (I may suggest setting that transfer-after-question-pop-up at the intranet machine (or, default is "don't send" till you manually order to send to the internet clipboard), but turn that question-pop-up off at the internet machine, because sending to the intranet machine, is (presumably, that is, if not infiltrated), no harm, and making your work less tedious is often safer.) In summary, your spreadsheet sort of apps at the intranet machine may not only get from the database (where the transactions are committed), but furthermore, now the text- & image-clipboard-transferers may supply the data, too (for non-database, casual work, or whatever, the (not-so-trustable) applications provide at your internet-accessing tablet/laptop). The software-development-kit of your platform (Android, Windows, etc) may be listing some clipboard-listener app, & some data-comm (byte-sending) app (for Bluetooth, serial-port, etc), then take those, and simply convert to your own internal format (message-header, and content) for data-transfer). Sometimes, you may find that simply transferring (gigabytes of) data with a micro-SD card is wishable (not to be waiting for Bluetooth to transfer all that). But caution is not optional. Make sure that you thoroughly remember which SD-card-reader is for intranet-front (never connected to internet), or just work through the microSD-card-slot of the EthernetShield (which is a lot less confusable, and if Bluetoth-transfer would cause the EthernetShield to make the data available through that microSD-card, then the regular access mechanism is fulfilled). Thereoff, if your arduino program was verifying that the incoming data conforms to the intranet-input-format you design
(for transactions), then that may happen, after transfer-on-foot, too. So, the firewall now I have explained, is good for defending against all sorts of hardware (& firmware) protocols (to the best of how I know) -- maybe except against overvoltage (electrical trouble), but for that, you may put fuses in between the pins (well, actually, beyond 5V, most of that circuitry would probably become damaged itself, but a fast-acting fuse may be still safer). Disclaimer: Legally, I'm NOT guaranteeing anything. You have read this article, and you accept the responsibility of whatever you do. I hope (but not a legal pledge) that, it helps to the good. (BTW, as for the evil (the worst-of-times-wishers, etc), I hope all those evil types drown even when they drink a glass of water, that is, no well-wishing to those. They should not be using whatever I craft, any way.) If you liked thinking (and finding & weighing the solutions to) all of such concerns, and if you have various machines, and work to allocate, then you may like to think about the following sort of puzzles, too. Some of such puzzles may apply to your own case, too. After all, in concurrent-systems, there are such stories, too (for example, dining-philosophers, byzantine-generals, etc). Now is the time for firewall-related stories/metaphors. For example, if you are assigned as the head of CIA, and you know that Turkey (and Istanbul) is full of "socializing" sabbataists (sabbateans, crypto-Jew anti-christ[-compatible] racist heretics), under various covers and official positions. Then, for not putting all of your worth in the hands of such a gang, you have to choose either (1) all of your agents by excluding that evil gang (and their variously charlatan, and hypocritical members), or (2) not putting all of your eggs in the same basket, try having at least a few branches that have no sabbataist members, or (3) all of the agents may directly send [a copy of] the findings to you, for ensuring that, sabbataists have no way of hiding the data. All three of those strategies, are applicable for defending your data, too, as well as for noticing the assaults (data-hack) attempts that may ever be attempted. (Hint: Allocating one branch per ideology, may be insufficient, because protocols-of-Zion jerks (sabbataists assumed so, too) like to infiltrate all groups they can (leftists-&-rightists, soldiers-&-(other)terrorists, etc). So, everywhere, there may be one or few of those.) Like with the dataLog@middle, you have to log every message, whether from your field-agents or those who tip to CIA (or, FBI). Otherwise, if somebody could delete some of the messages, then some crook (or, a herd of crooks, charlatans) at the center, could shelter lots of his/her/their conspirators that are noticed by others, in the field. For verifiability of the message-non-removal, there may be a public message-digest (encrypted with CIA's public-key) in database(s) that list(s) all messages (bytes of files) and time of when they were sent. Thereoff, everybody can check Charities have been conspiracy-theory subjects, too. With dataLog@middle, just listing what amount of money has come, and when, and then, to where, that (& other) money have been spent, is sufficient. The former is verifiable by donators (if donating directly, not through others who may tell the same ttimestamp to multiple), but the latter portion may be not verifiable by recipients. Therefore, for the latter, some auditor may travel around, to verify that the said pperson had gotten that donation, at the said time.the non-firewall
the Arduino-based firewall-designs
result
puzzle
DX.com is a HongKong-based company. The Arduino-designers sell those they manufacture, at arduino.cc. DX.com sells (Chinese) arduino-compatibles at prices that have lower prices (than (Italian) arduinos), and buyers often think that the quality is good. (The following are equivalent to advertising for DX.com)
arduiComp: arduino-compatible (model: Uno R3) (US$10.67)
arduiBreadComp: arduino-compatible (model: Nano v.3) (US$ 7.29)
If you would like to buy that arduino-nano-compatible which is popular at DX.com, be prepared to bootload that (and for that, if you have a third machine (that you are sure that it is uncontaminated, and that is neither intranet nor internet), before ever using your arduiComp, bootload your arduiBreadComp through your arduiComp, at that third machine, or otherwise, if you have no such third machine, then you would have to buy or borrow an internet-front arduiComp (tutorial suggests duemilanove, but afterward, that was succeeded by uno, so far as I know).
EthernetShield:Ethernet w/ microSD ($10.16)
breadboard-module:Prototyping Shield ProtoShield Mini Breadboard ($5.79)
Bluetooth-module: Bluetooth for Arduino ($6.43)
microSD-card-reader: SanDisk 16gb w/ card reader ($10.88)
A tablet (computer), fits as the internet-front (black) or the intranet-front (white) machine, but so far as I had last checked (in 2013?), Arduino-IDE (nor Atmel tools?), was/were not available for the Android platform, and therefore, unable to be the third-machine (for (re)programming the arduiComp). They have 10.1" screens, and Android (operating system) 4.4.
intranet/private (tablet) computer: YQ-V12 White . . . (US$ 89.78)
internet (tablet) computer: YQ-V12 Black . . . (US$ 89.89)
http://www.wired.com/2014/07/usb-security/ Retrieved, Aug5,2014
http://www.wired.com/wiredscience/2013/02/rodent-mind-meld/ Retrieved, Mar4,2013 (Resembles how I had written that, the antichrist gang are synchronous to human mind (and they are stupids, but in your mind, & bitching). Now, scientific experiment, & data-report, that is.)
http://www.wired.com/2014/11/protection-from-hackers/ Retrieved, Nov27(&30),2014 Other method (& one commenter points out that the chip itself has other chip/features, may have external access (through 3G), like in some Intel chip).
Forrest Mims (2007). "Engineer's Mini Notebook 2 : Science & Communications Circuits", http://www.radioshack.com/product/index.jsp?productId=10852490
"Scratch for Arduino" http://s4a.cat/ Retrieved July 2014. (Actually I have not referred to this at the article, nor tinkered with that but (being familiar with both Scratch and Arduino), maybe I'm expectable to refer to that, too, because of the simplicity of Scratch, and perhaps some of you would like to write your Arduino codes through "s4a," rather than the arduino/processing language itself.)
Henry Ford and the editors of Dearborn Independent (1920~). "The International Jew" http://www.archive.org/details/TheInternationalJew , http://www.archive.org/details/TheInternationalJew_655 , ... Retrieved July29,2011.