Category Archives: Topics

Posts on technical topics. The sub-category provides the specific area of interest.

DTLS – Security for UDP

I had a short conversation yesterday about securing UDP data. When I dug around little it became clear that there is an existing, RFC documented protocol for handling that. I haven’t yet read the specification (though I likely will as it is an interesting technology).

There is a wikipedia description here and the primary RFC is here.

Being able to secure unsequenced and unreliable datagram traffic using a design that is reasonably well vetted seems extremely useful. There are places where UDP is uniquely useful and security is becoming a much larger issue in the market today.

Interesting looking sample code here.

Some Thoughts on Agile

I’ve done some development in an agile/scrum environment. There are a number of things it brings to the table that I see improving code quality in some ways and providing a more stable delivery schedule.

With all that being said, I don’t believe it is a silver bullet and I become a bit annoyed when I read books and articles that present it that way. I’ve been doing some refresher reading lately as we’re working with customers who run agile teams here and I’d like to help our team adopt useful bits of agile without harming our overall effectiveness. This is particularly challenging in a regulated environment like the medical device development we do here. It is also challenging when we’re doing contract development engineering and customers expect to have a contract that covers the work we’ll do before they start paying.

Stand-up

I’ve been running some sort of daily stand-up long before I heard of agile or scrum. If anything, scrum environments seem to make stand-up longer and more formal. In lead roles before I hit scrum environments, my stand-up usually involved going to wherever the bulk of the team was located (if I wasn’t already there…jobs varied) and having a short discussion with members of the team about how things were going.

One aspect of stand-up that I don’t endorse is the ‘blockers’ question that usually seems to be a rote part of the process. In a team of under ten people, there should never be blocking issues that last for more than a very short time. If you know who can help you then just ask (by email if they’re not immediately present). If you don’t know who to ask then either ask your lead or ask someone else and follow it up from there. If someone consistently fails to help those who need assistance then the team needs to stage an intervention and make it clear that we work as a team.

Blocking issues should never persist for long enough to make it to stand-up.

I also tend to use stand-up as a platform to address team wide issues and support issues that people encounter. Another side-effect of the ‘keep it short’ philosophy of scrum stand-ups are ‘information free’ comments. Telling the team that you’ve closed issues/stories ‘1123 and 1127’ and are starting work on ‘1134’ doesn’t really help to share information with the team. It may help the leadership track progress, but they have plenty of tools to do that already if you’re using any sort of software to manage work-flow.

I think this is enough for one day…I’ll add comments in another page in the near future…

< Prev | Next >

A Weekend of Database and CertificateS

Spent some time over the weekend doing some more work on the MySQL database layout for the cluster game and working on getting self-signed certificates prepared for my various development machines.

PHP and MySQL

The database work went smoothly. Still largely on the whiteboard at the moment. I’ve also been going through a PHP re-familiarization as I’ll need to code this stuff in PHP for my hosting and I haven’t worked in that environment in some time. I did grab an evaluation license for PHPStorm a few weeks back, but I fear that was premature as I haven’t reached the point where I need such tools on this sandbox project yet.

Certificates

I finally took the time to create SSH certificates to permit direct logins to my linux machines from my windows systems. That part I’ve done many times before and it went flawlessly.

I created and installed self-signed certificates for various local systems and set up TLS on their Apache servers. The creation and installation went smoothly, but the end-result was not what I was hoping for.

After installing the certificates in several different ways on the systems/browsers involved, I still did not see the secure icon in the address bar. I’m not sure whether this is caused by the certificates being self-signed (shouldn’t be as I installed the keys directly from files into the trust stores) of something else I’m not doing properly. I’ll need to keep looking at that one.

I do want to verify that the connections are using TLS. If they’re encrypted but not ‘safe’ because they’re not signed by a major cert vendor then I’m probably ok with that. If the TLS handshake failed because they don’t have the right certs then there’s a bigger problem.

Sunday evening I started down the road to building a local CA to sign all of my certificates with. I’m wondering if setting this up and loading its public key as a trusted root may give better results. The process is a bit more involved but may be worth it if it gets closer to the results I’d get with a commercial certificate.

I still haven’t found a way to load a FreeTLS certificate on my GoDaddy hosting. One of these days I’ll spend the time to get on the phone with their support folks and see if this can be worked out.

I may try setting up a FreeTLS cert on my dynamic DNS connection that targets a port on my home firewall. That would provide more flexibility, but be less robust and scalable.

Samba SMB Shares

Toward the end of the evening I ran through samba installs on several systems. I had been pushing files around between my windows and Linux machines all weekend and wanted to make things closer to seamless.

I had no real luck on that front. I could get things to the point where windows recognized share names from the Linux machines. I could never get things to the point where my windows systems could connect to a share and see files inside. Not sure what I’m missing and the samba logs were not at all helpful.

I’ll probably re-visit this again sometime soon, but for now the convenience of having it working isn’t worth the effort involved in finding out why it isn’t.

Getting Back to PHP Work for Cluster

Since vacation I’ve been pretty busy working on photo post processing and around the yard.

At this point I’m going to be trying to get back to building a back-end for the unity based cluster game that runs in PHP on my web hosting (initial work on local sandbox PHP instances of course).

I think I’m going to try using Visual Studio Code with PHP Extensions to get this started. I’ve done a little PHP coding in the past, but this looks likely to be far more involved than any of that.

I’d like to get a TLS cert on my site before going live with this, but it appears that my hosting may not support free TLS or similar cert installs and I’m not happy adding the annual renewal cost for a cert to my site at this point so stay tuned. I’ll probably try hitting GoDaddy support some evening soon to see what they can tell me.

First steps will be getting a simple RESTful interface defined and then laying out some simple SQL schema to provide the back-end. If I can get that working, I’ll look at extensions necessary to provide the full back-end to the game as a whole. Not looking for commercial quality here, just something sufficient to allow multi-player turn based gaming.

CLuster Game Web Back Ends

Just reinstalled clean and up to date copies of XAMPP, MariaDB and MongoDB on one of my home machines. 

I need to write some RESTful PHP code that can run on my web hosting as the back-end for a VR game I’m playing with. This gives me a platform for building that code in a safe place.

I do need to stick to PHP 5.x features as my GoDaddy shared hosting does not support PHP 7.

I’ve got to get the basics stitched together, add an appropriate .htaccess to keep passwords out of inappropriate hands and then start working out a SQL schema that works for the persistent game data I need to store.

Spending a big chunk of this long weekend post processing pictures from our recent vacation (see them on the blog side of ninecrows if you’re interested). Watched the whole last season of Game of Thrones and saw Aladdin. Lots to still get done, but progress is progress 🙂

More Fun with PInvoke

I’m getting more comfortable with PInvoke from C#. I’ve been using a web site that contains a pretty wide variety of recipes for getting at Win32 API calls with PInvoke.

At some point soon I need to take a look at the WindowsAPICodePack-Core which appears to have pre-built versions of some of these things. For now I’m happy that I’m getting closer to the point where I know how to invoke most API calls directly using PInvoke.

I do wish there was a more comprehensive reference document discussing all of the capabilities and ins and outs of using this facility. As is there are examples and specific documentation for some items (I’ve been using my copy of .NET 2.0 Interoperability Recipes: A Problem-Solution Approach to work out the basics and the PInvoke web site to extend that to more complicated examples.

I’ve put some of the sample code I’ve been playing with on GitHub at DupScan. This project is again code aimed at deduplicating file trees for archiving and management. The big driver here is the unique file ID API.

Back to a Little VHDL

VHDL keeps coming up in places and my VHDL is more than a little rusty so I was back doing some refresher last night and will likely do some more tonight.

I need to get back to a point where I can read VHDL and make reasonable sense of it (and perhaps make small changes without breaking too much). If I hit the point where I’m feeling comfortable with it again I may dig out the Spartan-6 board I have lying around and see about trying some real work programming it.

This is something that keeps coming up, but once the need fades off I find other things that are higher priority and never get past the early stages…need to reach basic fluency this time around.

More Setup Over the Weekend

Played with some commercial motion capture software last Friday, more here.

I’ve upgraded most of my RPi machines to scratch and I believe I have the process of building OpenCV 4.0.1 on them to the point where it is reliable.

I have realized that I can’t push the full, unprocessed output of these webcams over the ethernet links. I’ll have to pre-process the data to reduce total size in order to make things work. Not sure whether the ARM CPUs have the necessary performance or not. I’ll have to look at this and see what I can see.

OPenCV Build on Ubuntu Worked

This time I pasted all of the pieces into a single shell script (instead of running it piecemeal) and things went smoothly. Still took a while, even on the Core-i5 system with an SSD and 32 GB of physical memory. I specifically pulled 4.0.1 from git rather than the default choice from the source of the instructions that built ‘master’.

Tonight I’ll have to write a bit of code to use the library and see if I can get streams of images programmatically from one or more of the webcams I’m working with.

At some point I may bump up the swap space on another of my RPi systems to see if the same script works there as well.

Working towards an OpenCV build on Ubuntu

Well…almost got OpenCV building on my main Ubuntu machine at home. I was copying fragments from the directions on the OpenCV site into an SSH session and clearly missed something along the way. I’ll have to build a single, large shell script up front next time and then run that. Unfortunately it seems as if (I may learn better later on) once CMake has done its magic, lots of things get baked into the files that drive the build in ways that really, really want a rebuild if things don’t go quite right.

I was working from the instructions here. (Other instructions here).

I was surprised to see that the github repo and contrib did not have a branch tag for release 4. It looks as if there’s a stable release out there, but 3.4 and master seemed like the available choices.

The main site clearly indicates that version 4 has been released with pre-built windows and ios downloads and documentation. I’m not sure currently how to pull that stable release code from git though.

I expect to take another run at the 4.0 build on Ubuntu tonight. Other than script grabbing issues, the build went smoothly…32 GB of memory and a Core-i5 CPU work better than an low-end ARM and 1 GB swapping on a micro-SD card.

Hmm…more github presence for version 4 here and here. Looks like OpenCV 4.0.1 is the latest. Ah…tags not branches here…need to look at pulling the appropriate tag for the build. Easy enough…just list the tags, find the 4.0.1 tag and check that out.