March 16, 2025
Using my Arduino Giga, I decided to try my hand at building a stock displayer that would track stocks througout the day. I don’t do much Graphical User Interface (GUI) design, and when I do it’s usually a webpage format. However I have worked with C# before and done GUIs with it.
The two rules I have for GUIs:
- GUIs do three things: Take user input, filter/check user input and display output. All other processing must be handled by a base library.
- No matter how you design a GUI, you’ll end up with multiple people giving contradictory complaints about how it would look “better” if you made a layout change and then wondering why you never made “their” change. This is why I don’t do much GUI design. 🙂
Putting an algorithm to pick stocks on an embedded system can certainly be done, but why not just use your home system to do that computation and use the Arduino to simply display.
What I’ll need on the Arduino:
- Fetch data, format and display it Arduino_GigaDisplay_GFX.h
- Accept touch inputs Arduino_GigaDisplayTouch.h
- Setup Wifi Wifi.h
- Parse JSON of my stock picks Arduino_JSON.h
I’ll also need a simple server for my home Ubuntu box. I can use flask to serve a Rest API page from a Python script.
OK, so let’s come up with a simple JSON format:
http://ip:port/rest/v0.1/StockPickRecommendations returns:
{“stocklist”: [
{“ticker”: “ABC”, “low52w”: 123.00,”high52w”:181.00,”current”:144.0},…]}
Note the v0.1. This format will invariably change as I add new fields. When that happens I update both.
In a “real” system I’d of course have tokens/security set up. The main things you need there are:
Authentication to prove who I am. Usually systems ship with an “out of the box” password which is updated when the system connects to the main servers.
Authorization to prove that once I am authenticated I have access to the service. Usually this is done with bearer tokens that are passed through the header or request body.
Encryption This is normally done with TLS. This keeps a third party from being able to read my conversation even if they can see the data over the wire. However, it does not prove who I am unless I already have a set key.
SSL certificates for my server (usually done for internet sites). Authentication and Authorization prove who the client is to the server. Registered SSL certificates prove who the server is to the client. Banks used to show you a ‘unique picture’ such as a horse or a chess piece to prove to you that they were them, in case you accidentally accessed a spoof site. There are certificate authorities every browser has in it which check
Input filtering: APIs should demand a very specific format and never trust user input. Even authenticated and authorized data must be carefully checked; it’s entirely possible I could log into my stock broker, see my account, and give myself a huge balance boost.