A Weekend of Database and CertificateS

Spent some time over the weekend doing some more work on the MySQL database layout for the cluster game and working on getting self-signed certificates prepared for my various development machines.

PHP and MySQL

The database work went smoothly. Still largely on the whiteboard at the moment. I’ve also been going through a PHP re-familiarization as I’ll need to code this stuff in PHP for my hosting and I haven’t worked in that environment in some time. I did grab an evaluation license for PHPStorm a few weeks back, but I fear that was premature as I haven’t reached the point where I need such tools on this sandbox project yet.

Certificates

I finally took the time to create SSH certificates to permit direct logins to my linux machines from my windows systems. That part I’ve done many times before and it went flawlessly.

I created and installed self-signed certificates for various local systems and set up TLS on their Apache servers. The creation and installation went smoothly, but the end-result was not what I was hoping for.

After installing the certificates in several different ways on the systems/browsers involved, I still did not see the secure icon in the address bar. I’m not sure whether this is caused by the certificates being self-signed (shouldn’t be as I installed the keys directly from files into the trust stores) of something else I’m not doing properly. I’ll need to keep looking at that one.

I do want to verify that the connections are using TLS. If they’re encrypted but not ‘safe’ because they’re not signed by a major cert vendor then I’m probably ok with that. If the TLS handshake failed because they don’t have the right certs then there’s a bigger problem.

Sunday evening I started down the road to building a local CA to sign all of my certificates with. I’m wondering if setting this up and loading its public key as a trusted root may give better results. The process is a bit more involved but may be worth it if it gets closer to the results I’d get with a commercial certificate.

I still haven’t found a way to load a FreeTLS certificate on my GoDaddy hosting. One of these days I’ll spend the time to get on the phone with their support folks and see if this can be worked out.

I may try setting up a FreeTLS cert on my dynamic DNS connection that targets a port on my home firewall. That would provide more flexibility, but be less robust and scalable.

Samba SMB Shares

Toward the end of the evening I ran through samba installs on several systems. I had been pushing files around between my windows and Linux machines all weekend and wanted to make things closer to seamless.

I had no real luck on that front. I could get things to the point where windows recognized share names from the Linux machines. I could never get things to the point where my windows systems could connect to a share and see files inside. Not sure what I’m missing and the samba logs were not at all helpful.

I’ll probably re-visit this again sometime soon, but for now the convenience of having it working isn’t worth the effort involved in finding out why it isn’t.

Getting Back to PHP Work for Cluster

Since vacation I’ve been pretty busy working on photo post processing and around the yard.

At this point I’m going to be trying to get back to building a back-end for the unity based cluster game that runs in PHP on my web hosting (initial work on local sandbox PHP instances of course).

I think I’m going to try using Visual Studio Code with PHP Extensions to get this started. I’ve done a little PHP coding in the past, but this looks likely to be far more involved than any of that.

I’d like to get a TLS cert on my site before going live with this, but it appears that my hosting may not support free TLS or similar cert installs and I’m not happy adding the annual renewal cost for a cert to my site at this point so stay tuned. I’ll probably try hitting GoDaddy support some evening soon to see what they can tell me.

First steps will be getting a simple RESTful interface defined and then laying out some simple SQL schema to provide the back-end. If I can get that working, I’ll look at extensions necessary to provide the full back-end to the game as a whole. Not looking for commercial quality here, just something sufficient to allow multi-player turn based gaming.

Looking at InfoSec Stuff a Bit

Information security with a software hardening focus has been coming up a bit lately. Picked up a Engineering Trustworthy Systems over the week end as a refresher along with digging out my copy of Cryptography Engineering by Bruce Schneier to re-read.

This stuff is more about system architecture and design than it is about algorithms and coding so these books should be a good touchstone. Coding standards and use of standard algorithms and protocols can cover the fine grained issues. The larger scale issues tend to be less well attended to and more prone to providing openings to the bad guys.

CLuster Game Web Back Ends

Just reinstalled clean and up to date copies of XAMPP, MariaDB and MongoDB on one of my home machines. 

I need to write some RESTful PHP code that can run on my web hosting as the back-end for a VR game I’m playing with. This gives me a platform for building that code in a safe place.

I do need to stick to PHP 5.x features as my GoDaddy shared hosting does not support PHP 7.

I’ve got to get the basics stitched together, add an appropriate .htaccess to keep passwords out of inappropriate hands and then start working out a SQL schema that works for the persistent game data I need to store.

Spending a big chunk of this long weekend post processing pictures from our recent vacation (see them on the blog side of ninecrows if you’re interested). Watched the whole last season of Game of Thrones and saw Aladdin. Lots to still get done, but progress is progress 🙂

More WPF and PInvoke

My command of the PInvoke functionality that I need is largely complete. I’m looking at stepping up my WPF skills to build out some more usable UI front-ends to these tools.

Add in some MongoDB back ends for persistence and I expect to be in a much better position to manage my data archives.

I’ll be pushing updates to my github account as I build test projects and useful tools.

More Fun with PInvoke

I’m getting more comfortable with PInvoke from C#. I’ve been using a web site that contains a pretty wide variety of recipes for getting at Win32 API calls with PInvoke.

At some point soon I need to take a look at the WindowsAPICodePack-Core which appears to have pre-built versions of some of these things. For now I’m happy that I’m getting closer to the point where I know how to invoke most API calls directly using PInvoke.

I do wish there was a more comprehensive reference document discussing all of the capabilities and ins and outs of using this facility. As is there are examples and specific documentation for some items (I’ve been using my copy of .NET 2.0 Interoperability Recipes: A Problem-Solution Approach to work out the basics and the PInvoke web site to extend that to more complicated examples.

I’ve put some of the sample code I’ve been playing with on GitHub at DupScan. This project is again code aimed at deduplicating file trees for archiving and management. The big driver here is the unique file ID API.

Back to a Little VHDL

VHDL keeps coming up in places and my VHDL is more than a little rusty so I was back doing some refresher last night and will likely do some more tonight.

I need to get back to a point where I can read VHDL and make reasonable sense of it (and perhaps make small changes without breaking too much). If I hit the point where I’m feeling comfortable with it again I may dig out the Spartan-6 board I have lying around and see about trying some real work programming it.

This is something that keeps coming up, but once the need fades off I find other things that are higher priority and never get past the early stages…need to reach basic fluency this time around.

Built a Few More Beacons and Tested IR

I built a few more beacons to play with last night. I’ve got some CR2023 battery holders that are smaller than the AA cell battery clips and have integrate power switches that I’m using for these. The red and blue LEDs work as expected (though they look dimmer to my eye than the white one on the first version we built).

I put together an IR LED based beacon as well (though without the diffuser as I’m not sure the diffuser plastic is transparent at 970 nm). I’ve demonstrated that the cameras I’ve got can see the IR LEDs on a remote control, even with their IR filters intact. I could see that the IR LED was on, but its brightness was much less than the brightness of the visible light LEDs so no real advantage to going with IR.

I also finished updating my RPi machines to the ‘scratch’ OS image and am close to having all of them built for OpenCV libraries. Once I get the last machine loaded up, I expect to switch back to one of the Ubuntu NUC machines and write some code to read from cameras and process the result.

Attaching LED information for easy later location…

More Setup Over the Weekend

Played with some commercial motion capture software last Friday, more here.

I’ve upgraded most of my RPi machines to scratch and I believe I have the process of building OpenCV 4.0.1 on them to the point where it is reliable.

I have realized that I can’t push the full, unprocessed output of these webcams over the ethernet links. I’ll have to pre-process the data to reduce total size in order to make things work. Not sure whether the ARM CPUs have the necessary performance or not. I’ll have to look at this and see what I can see.

OPenCV Build on Ubuntu Worked

This time I pasted all of the pieces into a single shell script (instead of running it piecemeal) and things went smoothly. Still took a while, even on the Core-i5 system with an SSD and 32 GB of physical memory. I specifically pulled 4.0.1 from git rather than the default choice from the source of the instructions that built ‘master’.

Tonight I’ll have to write a bit of code to use the library and see if I can get streams of images programmatically from one or more of the webcams I’m working with.

At some point I may bump up the swap space on another of my RPi systems to see if the same script works there as well.