224 stories
·
1 follower

Aditya Borikar: Chapter 11: TLS - The Last Stage

1 Share

Hi,
  The primary task I am focussed on currently is to fix any flaw I come across in the code base. This week I stumbled upon multiple instances where workflow could have been better.

  A tiny but significant change made at the start of this week is the removal of smack-tcp from the websocket module. Remains from previous approach (eg: failureMap inside okHttpWebsocketImpl, not so useful - boolean usingHttp inside transport descriptor) have been removed. Exception descriptions now show meaningful messages instead of `ClassName@someHexNum`. WebsocketRemoteConnectionEndpoints no longer hassle by extracting host, port and scheme from the endpoint obtained through http lookup. Instead WebsocketRemoteConnectionEndpoint conveniently wraps the endpoint inside a URI.

 Logging descriptor has been changed significantly and is now moved inside okHttp's dedicated package. It no longer extends okHttp's Interceptor and now depends on SmackDebugger. Even so I am still trying to figure my way around debuggers. Improvements have been made to the core class - OkHttpWebsocketImpl, for the closingWebsocket phase.

The most important learning this week explained to me by my mentors,



  The websocket subprotocol states that TLS cannot be used at XMPP subprotocol layer instead it should be enabled at at the websocket layer. So whenever, we use an endpoint using `wss` scheme, it refers to an endpoint secured by TLS. This concept has now been realised inside websocket module. When SecurityMode is set to `disabled` it connects only to endpoints with `ws` uri scheme. When SecurityMode is set to `required` connection is established only with endpoints with `wss` uri scheme. Incase we preferrably want to connect to a secure endpoint but are open to establish connection with insecure endpoints if something goes wrong, we can use SecurityMode `if-possible`.

This was my first week of the last phase. See you later.
Read the whole story
kclowers
6 days ago
reply
Seattle, WA, US
Share this story
Delete

nc | sudo

1 Share

Question: what does this command do?

# Don't do this
nc localhost 12345 | sudo tar xf -

Answer: it sends the password typed into sudo to the other endpoint of netcat.

I can reproduce this with both nc.traditional and nc.openbsd.

One might be tempted to just put sudo in front of everything, but it'll mean that only nc will run as root:

# This is probably not what you want
sudo nc localhost 12345 | tar xf -

The fix that I will never remember, thanks to twb on IRC, is to close nc's stdin:

<&- nc localhost 12345 | sudo tar xf -

Or flip the table and just use sudo -s:

$ sudo -s
# nc localhost 12345 | tar xf -
Read the whole story
kclowers
17 days ago
reply
Seattle, WA, US
Share this story
Delete

Slide Trombone

1 Share
Remember the CPS 2000, the super soaker that was discontinued because it was too powerful? Relatedly, can I borrow your tuba?
Read the whole story
kclowers
22 days ago
reply
Seattle, WA, US
Share this story
Delete

Endorheic Basin

1 Share
My biggest fear is that colonial engineers will try to flood me to generate electricity. My biggest hope is that I'll develop sailing stones.
Read the whole story
kclowers
43 days ago
reply
Seattle, WA, US
Share this story
Delete

Old Days 2

2 Shares
The git vehicle fleet eventually pivoted to selling ice cream, but some holdovers remain. If you flag down an ice cream truck and hand the driver a floppy disk, a few hours later you'll get an invite to a git repo.
Read the whole story
kclowers
44 days ago
reply
Seattle, WA, US
Share this story
Delete

Test a webcam from the command line on Linux with VLC

1 Share
Since this info was too well hidden on the internet, here is the information:

cvlc v4l2://
and there you go.
Read the whole story
kclowers
53 days ago
reply
Seattle, WA, US
Share this story
Delete
Next Page of Stories