Welcome to my site

Hello and welcome to this fairly baron site; I am a computer scientist at the university of brighton and this site is a work in progress; I hope to include projects I am working on and intend to work towards.
I could have worked for ages to produce a website that fits the 'material' style, touted by Google, however, why would I do that? When there is this fantastic one already available, so thanks to all the people that made this! (I hope you included yourselves in the source of this site.)

Modern Web Security

Tagged under: Linux, Windows, OsX, Firefox, Chrome, IE, Content Security Policy, CSP, HTTPS, Public Key Pinning, HPKP, Subresource Integrity, and SRI

Posted on 16 Feb 2018


The following are covered in this video by Scott Helme and this is a textual overview of what he covers, just for future reference.

Content Security Policy (CSP)

The CSP allows for resource control of a webpage. It is possible to set policies that provide a white-list of the domains/loactions where content for the page can be loaded from, this is useful in mitigating the use of cross server scripting attacks and other malicious external content from being loaded.

Public Key Pinning (HPKP)

Public Key Pinning is a very simple way to decrease the risk of man in the middle attacks (MITM) performed with forged certificates.

It’s possible that a certificate authority could produce a valid certifcate to a malicious user that can be used to present a secure and authorised connection, while be controlled by an attacker.

HPKP stores a hash of the real certifcate on the website, if the hash doesn’t match the one being presented when the page loads, the webpage will fail to load and inform the user there’s a security issue with the website.

Through the way in which HPKP works, it’s possible that if a browser were to load the malicious site first, then the legitimate website will no longer function as the HPKP is stored in the browser from first use. It is also very easy to lock yourself out of a website through incorrect set-up, and as such it is very important to test and set up the HPKP carefully before deployment.

Usage
Public-Key-Pins: pin-sha256="base64=="; max-age=expireTime [; includeSubDomains][; report-uri="reportURI"]

Example from mozilla:

Public-Key-Pins: 
  pin-sha256="cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs="; 
  pin-sha256="M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="; 
  max-age=5184000; includeSubDomains; 
  report-uri="https://www.example.org/hpkp-report"

Subresource Integrity (SRI)

Subresource Integrity is described below;

SRI is a security feature that enables browsers to verify that files they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match.

In modern web development the use of content delivery networks (CDN) opens up a very appealing vector of attack for hackers and can open up a vulnerbailtiy to any website using them. To midigate this risk using SRI to ensure that the content provided by the CDN has not been altered or tampered with. Using this SRI hash tool it’s possible to generate a hash (of known safe content), now anytime a browser attempts to load content from the CDN the hash of the content will be compared to the hash stored on the webpage.

Usage

To use SRI two more parameters are used in the script tag, they are the following;

integrity="sha256-5i/mQ300M779N2OVDrl16lbohwXNUdzL/R2aVUXyXWA="
crossorigin="anonymous"

crossorigin should almost always be anonymous.

integrity is the hash of the content.

If the CSP is set to require-sri-for script style then any script or style tags that do not include the above will no longer load.

Read More

Open Directory

Tagged under: Personal, ZSH, Open, xdg-open, Linux, Windows, and OsX

Posted on 05 Apr 2017


Opening the current working directory Mac & Windows

To open the current directory of the terminal in Mac or Windows is as simple as typing open ., essentially open here, nice and simple.

For Linux

Things are a little less straight forward, due to the plethora of various desktop environments and file managers things can’t be as simple as the above, you’d instead need to specify your chosen file manager and well…. that’s effort, especially if you work over various linux environments.

But I had a cunning plan! Why not set an alias for your environment be able to use open . in place of neautlous .? In looking into this though I discovered an even neater way of achieving this using xdg-open. Your preference for your file manager can be set in xdg and by setting an alias for open="xdg-open " I can now use open . to my hearts content. Even better it will still allow opening any directory passed to open as it’s still essentially xdg-open but shorter.

Read More

Lombok

Tagged under: Lombok, intellij, and Java

Posted on 10 Feb 2017


Lombok is used to reduce the amount of code that needs to be written, by using annotations Lombok is able to generate lots of boiler plate code quickly and easily. Not only is this useful for speeding up development but it also reduces the risk of mistakes and typos throughout the code as well as making it more readable.

There are few steps however to get Lombok working in intellij:

Step 1 - Adding the plugin

Adding the plugin into intellij is very straight forward simply open the preferences window and navigate to plugins; search for the lombok plugin and install it. Intellij needs to restart for it to be added.

Step 2 - Allow processing of annotations

Now the Lombok plugin is added processing of the annotations needs to be handled. In the preferences window again navigate to Build, Execution, Deployment -> Compiler -> Annotations Processor (in the sidebar) and now check the box to enable annotation processing.

Step 3 - Ensure that Lombok is a dependency

Last step is to ensure Lombok is in the maven dependencies add the following to the pom file:

<dependency>
	<groupId>org.projectlombok</groupId>
    <artifactId>lombok</artifactId>
    <version>1.16.6</version>
    <scope>provided</scope>
</dependency>

Set the version to whatever is needed, in my case it’s 1.16.6.

Read More

Mosh

Tagged under: Mosh, Linux, PC, Ubuntu, and Cygwin

Posted on 07 Feb 2017


This is going to be a very short post because it’s about something that made me think…

Why the hell didn’t I know about this sooner!?

SSH is great especially when using it with Key authentication, nice and secure without any hassle. That is until there’s a drop in internet connection, you change between Wi-Fi access points or you just want to close your laptop and pick up where you left off. In all of these cases SSH will stop working and just not tell you!

Here’s where Mosh comes in, it appears to run on everything under the sun (or at least anything SSH runs on) and it’s use is nearly identical to that of SSH with the command being: mosh me@server.com in place of ssh me@server.com.

It’s secure as it utilises a lot of existing SSH security including Key-authentication and it solves the issues of losing an SSH connection.

Setting it up

Just follow one of the many installation instructions on the home page and remember to allow a port between 60001 and 60999 and that’s it.

Read More

Setting Up A Server

Tagged under: VPS, Uni, Linux, PC, Ubuntu, Mail-in-a-box, and MIAB

Posted on 26 Jan 2017


After seeing this website it really got me thinking of my personal privacy and the amount of information being tracked and used against me, especially advertisements that would show in Facebook after reading about similar content on a different website.

I saw that it was possible to roll your own mailbox and it was made simple by mail-in-a-box, so I got my geek on and 48 hours later I finally have something that works!

Getting a VPS and my own URL (read as Earl)

I checked out the competition for a few VPS providers and ended up using scaleway due to their low pricing and excellent systems available at such a low price. One VPS with a dual-core 64bit processor, 2GB of RAM and 50GB SSD storage for a pleasant €2.99 (around £2.50) a month and I was off, server creation was simple and quick and I had my own Ubuntu instance running soon enough.

The URL was a tricky one, I’ve been caught out buying domains and web hosting from go-daddy and domain.com in the past, they have plenty of offers and discounts on the domain name itself but they sting you with a bunch of payments after. I opted for gandi, not the prettiest of sites (especially for a web servicing company) but the prices were reasonable and worked out cheaper in the end!

I bought my aworley.uk domain for €9.60 (£8.15) and so all together for a year it’s going to cost £38.15 which sounds a lot worse than £3.18 a month, or not buying a muffin and coffee a month with change!

Running MIAB set-up

The tutorial video on the website is actually very thorough and useful unfortunately I had an issue with a packaging not found error. Long story short and a lot of wasted time follow the steps here and re-run the installation and all will work just fine. Update v0.21c fixes the packaging error.

And now to wait

A lot of the DNS stuff takes a long time to ripple through the servers so things will probably not work for a bit (30 minutes-hours) There will probably be the odd error flagged on the admin page, just wait and they should resolve themselves given time.

Read More

Arch Install

Tagged under: OSx, Mac, Arch, C++, Uni, Linux, PC, and Windows

Posted on 13 Jan 2017


So deciding to take the plunge and install arch onto my mac has been… time consuming. I’m now at a stage I’m fairly happy with (Wi-Fi and eduroam still don’t get along).

Step 1 - Setting up the Mac

For the most part following this tutorial worked for me. Only real deviation was the packages to be installed once the base install had been laid down. Another issue is the Wi-Fi; due to the chip being a broadcom chip it didn’t work out of the box and so needed a bit of work which leads onto…

Step 2 - Aur you sure?

Setting up yaourt, just follow the tutorial here for all of the instructions. To use yaourt is not really any different from pacman, just use yaourt -S and the package to be installed.

The first aur package to grab is the b43-firmware not the b43-fwcutter which is for extracting the drivers from the original driver file.

Step 3 - Touchpad

The touchpad works perfectly out of the box in gnome, in KDE however the righ-click was not working. Follow the instructions here on how to change the mtrack file and enable right-click.

Step 4 - Private Internet Access

There are several ways to set-up PIA the one I opted for is to install the aur as described here and then start it on boot using this guide. This is not the best method as it will always connect to the same server and there is no simple way to disconnect or connect to an alternative, but it does start the fastest which is nice.

Things that I have missed

The arch wiki has a lot of useful information so anything that has been missed can be found relatively easily. The macbook specific page is here.

Things that just don’t work

Either due to hardware limitations or closed source drivers the following don’t work 100%:

  • Bluetooth: Following the instructions outlined, bluetooth devices can connect however audio is glitchy and will disconnect after only a couple of minutes. File transfers have been untested.

  • Suspend on laptop close: As the nvidia driver is required for smooth video and to use android studio the suspend on laptop close doesn’t work; this is due to the driver not reporting the number of monitors connected, as the laptop may be docked and someone might want to close the laptop and work on an external monitor the default behaviour is to leave the laptop on and changing the config file doesn’t appear to have any affect.

Read More

Opengl On Osx

Tagged under: OSx, Mac, OpenGL, C++, and Uni

Posted on 09 Mar 2015


For the past few weeks we have been faced with the fubar way that OSx deals with OpenGL, trying to get a basic game running on at least OpenGL 3.0. With the ballsed up documentation and complete misunderstanding on multiple forums of how to implement this; with most tutorials forcing you to use Xcode and using massively deprecated versions of OpenGL.

In the end it turned out to be a simple matter of changing the include in the header files from GL/GL.h to OpenGL/gl3.h. So I really hope that this is easier to find than the soloution that we found.

Read More

First Post

Tagged under: Personal

Posted on 08 Mar 2015


So here it is, my first blog post… isn’t it hideous and awkward? Well I’m sure it will only get worse.

I hope to write the occasional post, usually about stuff that I will probably want to look back on in the future to;

  1. Look back at and cringe at my own incompetence.
  2. Use information I found in the past to help me again because I will no doubt forget a very small terminal command that will once again leave me scratching my head for 4 hours.
  3. To hopefully help all two people that will find and read this, in their own similar endeavours.

Do be prepared for some rather interesting typos aswell (snes = sense, not the game console from the 90’s by the way).

More info about me

So I currently study Computer Science (Games) at the university of Brighton and I am rather a ‘Jack of all trades, master of none’ kind of guy; with my interest in computer sciences, computers, and science in gerneal. From the microscopic to the macroscopic, I’ve always found there is something interesting to be found. As such, I may even include some tid bits from here and there, such as this! It’s amazing that the duality of light (or more technically, electromagnetic energy) has now been seen to be acting as both a wave and particle in a single experiment.

Media is another one of my interests, with a keen interest in photography, filmography and design (Can’t say I’m good at any), I enjoy working in photoshop and watching youtube channels such as Film Riot and Video Co-pilot to see the techniques used in the profession.

Why mada360?

Well quite simply, I’m not very imaginative, just my name backwards and the first auto suggested name of just ‘mada’, was already taken and so mada360 it was, from then on it stuck with me.

Read More

Blog Search