Category Archives: Projects

Personal projects that I am either working on or thinking of working on.

Cybersecurity and Cryptography

I’ve been getting more deeply involved in the cybersecurity and cryptography end of things in the last few weeks.

Did some serious work looking into current best practices for password management. Found that the bcrypt algorithm I had been familiar with has been long ago superseded (no surprise there) and that there is a hash iteration algorithm that can be used to bump up the work involved in computing an off the shelf HMAC to levels where it is suited for use as a password hash (PBKDF2 and here).

I’ve been looking at TLS and related technologies. In the past I’ve tended to treat them as black box components. I’m digging a bit deeper on a few fronts now.

I knew that elliptic curve algorithms were available in the TLS cypher suite but had not realized that they were in active use. Last time I looked at elliptic curve algorithms the community was viewing them with suspicion after the Dual_ED_DRBG fiasco. I think that the reduced computational complexity when processing them may have also lent an air of insecurity to them. At this point it sounds as if they’ve passed muster and are in serious use. I picked up a book (Modern Cryptography and Elliptic Curves, A Beginner’s Guide) to get a better handle on the underlying mathematics and will be taking a closer look on a broader scale.

I’m setting up my raspberry pi controllers (at least a few of them) as TLS/DTLS test endpoints. I’ve loaded and built OpenSSL on them over the weekend and will be coding up some samples to play with in the evenings this week. I’ve got machines ranging from pi-2 to pi-4 so they should provide a nice range of performance for testing.

TLS on TCP

I expect to initially put together some simple TLS over TCP code to make sure I’ve got everything working properly and that my certs are set up correctly.

DTLS on UDP

Once I’ve got TLS working I’ll likely try to transition to point-to-point DTLS as that is also a standardized protocol and a good stepping stone to the proposed multicast adaptation.

Multicast on UDP

I haven’t worked with multicast datagram traffic much (pretty much never) so I’ll likely move on to simple, un-encrypted multicast traffic from there. If I can get some of the machines to join a multicast group and ping traffic off of them, I’ll count that as a win.

Multicast over DTLS on UDP

The final step of this exercise will involve taking the multicast sample and the DTLS sample and attempting to implement the proposed approach to providing multicast support to DTLS. This isn’t a standards track proposal, but seems like the closest thing we’ve got to secure multicast traffic support.

Hoping this comes together. It seems like an interesting exercise. If I can get this work done entirely off hours, I’ll share the resulting code on my github account

Building Out Cluster Web Parts

Schema fun

I’ve been through the basic pieces (many, small and fiddly) of the SQL schema for this game a couple of times now. Each time I get a certain distance down the road and run out of steam putting together the various details needed.

First web bits

I’m going to start in on the process of laying down the game logic and support structure at this point. Initially I’m not planning to lay in any significant security. I’ll likely skip password storage and focus on the first two big steps in getting a game setup.

  • Login and signup screen
    This gets me user creation and walks me through session management for players in the game.
  • Game creation screen
    I expect a logged in user to create a game and then perhaps invite other players (up to three more) into the game. Initially, I’ll probably make the invitation process very simple…you invite the others to the game at game creation time and when you login you see your active games and open invitations (where you can accept or decline).
  • Game administration screen
    Ideally useful to help with debugging of things. Getting a look at digested versions of the game tables in a helpful format should make it easier to see what is going on and when things are messing up.

Steps to follow

Once these pieces are in place (and perhaps backed by some RESTful API bits) I’ll want to set up the VR viewer to access the stored star information for a selected game.

I expect that user permission information will be pre-stored on a given computer/account separately and the VR lobby will simply provide a list of games to the user to select from.

Once a game has been selected, the full game VR will be displayed and the player may begin setting up a new turn (if the previous turn has completed).

A Weekend of Database and CertificateS

Spent some time over the weekend doing some more work on the MySQL database layout for the cluster game and working on getting self-signed certificates prepared for my various development machines.

PHP and MySQL

The database work went smoothly. Still largely on the whiteboard at the moment. I’ve also been going through a PHP re-familiarization as I’ll need to code this stuff in PHP for my hosting and I haven’t worked in that environment in some time. I did grab an evaluation license for PHPStorm a few weeks back, but I fear that was premature as I haven’t reached the point where I need such tools on this sandbox project yet.

Certificates

I finally took the time to create SSH certificates to permit direct logins to my linux machines from my windows systems. That part I’ve done many times before and it went flawlessly.

I created and installed self-signed certificates for various local systems and set up TLS on their Apache servers. The creation and installation went smoothly, but the end-result was not what I was hoping for.

After installing the certificates in several different ways on the systems/browsers involved, I still did not see the secure icon in the address bar. I’m not sure whether this is caused by the certificates being self-signed (shouldn’t be as I installed the keys directly from files into the trust stores) of something else I’m not doing properly. I’ll need to keep looking at that one.

I do want to verify that the connections are using TLS. If they’re encrypted but not ‘safe’ because they’re not signed by a major cert vendor then I’m probably ok with that. If the TLS handshake failed because they don’t have the right certs then there’s a bigger problem.

Sunday evening I started down the road to building a local CA to sign all of my certificates with. I’m wondering if setting this up and loading its public key as a trusted root may give better results. The process is a bit more involved but may be worth it if it gets closer to the results I’d get with a commercial certificate.

I still haven’t found a way to load a FreeTLS certificate on my GoDaddy hosting. One of these days I’ll spend the time to get on the phone with their support folks and see if this can be worked out.

I may try setting up a FreeTLS cert on my dynamic DNS connection that targets a port on my home firewall. That would provide more flexibility, but be less robust and scalable.

Samba SMB Shares

Toward the end of the evening I ran through samba installs on several systems. I had been pushing files around between my windows and Linux machines all weekend and wanted to make things closer to seamless.

I had no real luck on that front. I could get things to the point where windows recognized share names from the Linux machines. I could never get things to the point where my windows systems could connect to a share and see files inside. Not sure what I’m missing and the samba logs were not at all helpful.

I’ll probably re-visit this again sometime soon, but for now the convenience of having it working isn’t worth the effort involved in finding out why it isn’t.

Getting Back to PHP Work for Cluster

Since vacation I’ve been pretty busy working on photo post processing and around the yard.

At this point I’m going to be trying to get back to building a back-end for the unity based cluster game that runs in PHP on my web hosting (initial work on local sandbox PHP instances of course).

I think I’m going to try using Visual Studio Code with PHP Extensions to get this started. I’ve done a little PHP coding in the past, but this looks likely to be far more involved than any of that.

I’d like to get a TLS cert on my site before going live with this, but it appears that my hosting may not support free TLS or similar cert installs and I’m not happy adding the annual renewal cost for a cert to my site at this point so stay tuned. I’ll probably try hitting GoDaddy support some evening soon to see what they can tell me.

First steps will be getting a simple RESTful interface defined and then laying out some simple SQL schema to provide the back-end. If I can get that working, I’ll look at extensions necessary to provide the full back-end to the game as a whole. Not looking for commercial quality here, just something sufficient to allow multi-player turn based gaming.

CLuster Game Web Back Ends

Just reinstalled clean and up to date copies of XAMPP, MariaDB and MongoDB on one of my home machines. 

I need to write some RESTful PHP code that can run on my web hosting as the back-end for a VR game I’m playing with. This gives me a platform for building that code in a safe place.

I do need to stick to PHP 5.x features as my GoDaddy shared hosting does not support PHP 7.

I’ve got to get the basics stitched together, add an appropriate .htaccess to keep passwords out of inappropriate hands and then start working out a SQL schema that works for the persistent game data I need to store.

Spending a big chunk of this long weekend post processing pictures from our recent vacation (see them on the blog side of ninecrows if you’re interested). Watched the whole last season of Game of Thrones and saw Aladdin. Lots to still get done, but progress is progress 🙂

More WPF and PInvoke

My command of the PInvoke functionality that I need is largely complete. I’m looking at stepping up my WPF skills to build out some more usable UI front-ends to these tools.

Add in some MongoDB back ends for persistence and I expect to be in a much better position to manage my data archives.

I’ll be pushing updates to my github account as I build test projects and useful tools.

Built a Few More Beacons and Tested IR

I built a few more beacons to play with last night. I’ve got some CR2023 battery holders that are smaller than the AA cell battery clips and have integrate power switches that I’m using for these. The red and blue LEDs work as expected (though they look dimmer to my eye than the white one on the first version we built).

I put together an IR LED based beacon as well (though without the diffuser as I’m not sure the diffuser plastic is transparent at 970 nm). I’ve demonstrated that the cameras I’ve got can see the IR LEDs on a remote control, even with their IR filters intact. I could see that the IR LED was on, but its brightness was much less than the brightness of the visible light LEDs so no real advantage to going with IR.

I also finished updating my RPi machines to the ‘scratch’ OS image and am close to having all of them built for OpenCV libraries. Once I get the last machine loaded up, I expect to switch back to one of the Ubuntu NUC machines and write some code to read from cameras and process the result.

Attaching LED information for easy later location…

More Setup Over the Weekend

Played with some commercial motion capture software last Friday, more here.

I’ve upgraded most of my RPi machines to scratch and I believe I have the process of building OpenCV 4.0.1 on them to the point where it is reliable.

I have realized that I can’t push the full, unprocessed output of these webcams over the ethernet links. I’ll have to pre-process the data to reduce total size in order to make things work. Not sure whether the ARM CPUs have the necessary performance or not. I’ll have to look at this and see what I can see.

OPenCV Build on Ubuntu Worked

This time I pasted all of the pieces into a single shell script (instead of running it piecemeal) and things went smoothly. Still took a while, even on the Core-i5 system with an SSD and 32 GB of physical memory. I specifically pulled 4.0.1 from git rather than the default choice from the source of the instructions that built ‘master’.

Tonight I’ll have to write a bit of code to use the library and see if I can get streams of images programmatically from one or more of the webcams I’m working with.

At some point I may bump up the swap space on another of my RPi systems to see if the same script works there as well.

Working towards an OpenCV build on Ubuntu

Well…almost got OpenCV building on my main Ubuntu machine at home. I was copying fragments from the directions on the OpenCV site into an SSH session and clearly missed something along the way. I’ll have to build a single, large shell script up front next time and then run that. Unfortunately it seems as if (I may learn better later on) once CMake has done its magic, lots of things get baked into the files that drive the build in ways that really, really want a rebuild if things don’t go quite right.

I was working from the instructions here. (Other instructions here).

I was surprised to see that the github repo and contrib did not have a branch tag for release 4. It looks as if there’s a stable release out there, but 3.4 and master seemed like the available choices.

The main site clearly indicates that version 4 has been released with pre-built windows and ios downloads and documentation. I’m not sure currently how to pull that stable release code from git though.

I expect to take another run at the 4.0 build on Ubuntu tonight. Other than script grabbing issues, the build went smoothly…32 GB of memory and a Core-i5 CPU work better than an low-end ARM and 1 GB swapping on a micro-SD card.

Hmm…more github presence for version 4 here and here. Looks like OpenCV 4.0.1 is the latest. Ah…tags not branches here…need to look at pulling the appropriate tag for the build. Easy enough…just list the tags, find the 4.0.1 tag and check that out.