Apr 25

About Script Kiddies

I don’t know anything about hacking.  It’s true.

I know the basic theory behind some of the attacks, but in-depth knowledge is beyond me.  I went to school for almost five years to learn how to program, and I can’t even tell you how to hack into a computer.

 

I like to think that the software that I write is immune to being hacked, but I don’t know for sure without having somebody else look for vulnerabilities.  At this point, if I were to try to hack something, I would be a script kiddie.  And that’s not something that you want to be.

At least there are a few guides on how to not become a script kiddie.

Apr 06

Setup Tomcat 8 on Debian 8 on port 80

Alright, that’s a confusing title.

Anyway, the point of this is to show you how to setup Tomcat 8 on Debian 8 (Jessie), and to have it bind to port 80.  This uses just the default packages from Debian, so if you are using a version of Tomcat that you downloaded directly from their website you may be out of luck.

First, install the needed packages(note: this causes Tomcat to start automatically):

$ apt-get install tomcat8 authbind

Now, we need to change the configuration settings for Tomcat and authbind to make sure that they work properly.

  1. Edit /etc/default/tomcat8.  At the very end, there should be a line that says AUTHBIND=no.  Change this to say AUTHBIND=yes
  2. Edit /etc/tomcat8/server.xml.  In this file, there is an XML tag that starts out with <Connector port=”8080″ ….  Change this to be 80.  There are two sections that you want to change this.
  3. Go to /etc/authbind/byport.  Do the following(note: this assumes that tomcat is running as the tomcat8 user, which it will do if you installed it through apt)
    $ cd /etc/authbind/byport
    $ touch 80
    $ chown tomcat8 80
    $ chmod 744 80
    
  4. Restart Tomcat
    $ systemctl restart tomcat8
    

You should now be able to access Tomcat on port 80.

Mar 27

Inception dreams

I had an interesting dream the other night.  In my dream, I was explaining to a person a dream that I had had two nights before.  Also, for some reason, we were standing on a bed.

It seemed very Inception-like, talking about a dream within a dream.  Once I woke up, I was also a little confused about how I remembered a previous dream in another dream, as generally your dreams don’t stay with you when you wake up.

Anyway, that was kinda interesting.  Just a random thought.

Feb 15

Qt UDP Socket – specify source port

Have you ever had to use a QUdpSocket to send data from a specific port?  I had to do this earlier, and I figured out how to do it(although not using Qt-only APIs).

My problem was as follows: I need to be able to receive on a specific port.  The device that I am talking to listens on this port and then responds back on that same port, no matter what my source port is.  So to keep things clean, I figured that it would be best to use just one single socket to send and receive data packets.

The general consensus that I saw after searching Google was that it is not possible to do this.  It is possible, but it doesn’t seem possible using Qt-only APIs.  I knew that it was possible, as I have done this before.  This is the code that I came up with:

 

    int optval = 1;
    int fd;
    struct sockaddr_in socket_config;

    memset( &socket_config, 0, sizeof( struct sockaddr_in ) );

    fd = socket( AF_INET, SOCK_DGRAM, 0 );
    if( fd < 0 ){
        // error handling goes here
    }

    socket_config.sin_port = htons( port );
    if( bind( fd, (struct sockaddr*)&socket_config, sizeof( struct sockaddr_in ) ) < 0 ){
        // error handling goes here
    }

    if( setsockopt( fd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof( optval ) ) < 0 ){ // error handling goes here } 

    udp_socket = new QUdpSocket(); 
    udp_socket->setSocketDescriptor( fd );


This allows us to still re-use the proper port, but use the socket in a Qt-like way.

Jan 22

Java RMI Example

So I just spent the last few hours attempting to get Java RMI working.  This was not easy.  However, the good news is that now you can benefit from it!  Link at the end, but first my story…

Last night, I was wondering how you would connect two Java applications together.  The reason for this is because I want to try and have an embedded Tomcat server inside of an application, but also have the capability of developing the webapp separately, since developing both the embedded server and the webapp in the same project did not seem to work very well.  I figured that I could use something like DBus-Java to do this, however I wanted it easily cross-platform.

As it turns out, Java already has something like that built-in!  In the form of RMI, or Remote Method Invocation.  However, the example that they give in the Java Tutorials is not particularly clear.  It also seems to be out of date, although if it actually is I am not sure.  There are several important parts that the tutorial does not go over.  Other documentation talking about what you need to do does not appear to be up to date either, much if it appears to date from Java 6 and before.

Since this was such a hard thing to figure out, I’ve made a standalone Maven project that goes and sets up an RMI client and server.  Hopefully it will help somebody else in the future.

Check out the code on GitHub!

Dec 30

SQLite and debugging

I have just spent the last few days and weeks trying to track down a very annoying, yet somewhat subtle bug in a program that I have been making for work.  So, first a little background.  We are making a gateway that talks over radio to other, remote lamps in order to control them and get status back.  One thing that it must be able to do is to change the frequency of a remote lamp.  In order to do this, you must first change your local frequency(if it has to be changed) and then tell the lamp the new frequency to go to, and ensure that you can still talk to the lamp once that has happened.  This is all controlled by a web page, so the sequence looks something like this:

Web Request --> (http) --> Gateway --> (serial, 115200) --> Radio --> (RF) --> Lamp Radio

However, we were having a problem with this sequence.  Almost all the time, the responses that we were getting back from the radio were short by a few bytes.  Sometimes it would be 1, other times it would be 15 bytes that we missed.  Moreover, the bytes that were dropped changed position.  Generally it wouldn’t really matter, since there were a bunch of unused bytes that were all initialized to 0x00, but we couldn’t tell where in that sequence the bytes were getting dropped.  Now let’s go into some pseudo-code here.  This is what the update looked like:

void update( Map<String,Object> JSONData ){
    if( JSONData[ "attr1" ] )
        writeToDatabase( JSONData[ "attr1" ] )
    // ..repeat the above a few times

    if( JSONData[ "frequency" ] ){
        //the frequency needs to be updated
        new ThreadToUpdateTheFrequency().start();
    }

    if( JSONData[ "attr4" ] )
        writeToDatabase( JSONData[ "attr4" ] )
    //repeat the above a few more times

There’s not anything wrong with this code.  Sure, it’s probably inefficient, but that’s somewhat besides the point.  This code works sometimes, however a large portion of the time it will randomly drop bytes in the new thread that is started if the frequency is changed.

To debug this, I tried everything that I could think of.  Timing the sequence between us writing out data to the radio and receiving it back, writing data out at random times, etc.  Many hours were spent on this in order to figure out what was going on.  One of the things that we noticed though was that this only happened at certain times – when we were actually writing to the database.  If we were writing out commands without a write to the database, everything worked properly.  Moreover, if we stepped through the process in the debugger, everything would work properly.

What?  Why would the database cause a problem?

Well, let’s back up a bit and talk about the hardware that this is running on.  Linux is using an SD card as the root filesystem, and the processor is an Atmel SAMA5D3.  This is not a particularly fast processor, in addition to being only single-core.  What finally fixed the problem is the following:

void update( Map<String,Object> JSONData ){
    if( JSONData[ "attr1" ] )
        writeToDatabase( JSONData[ "attr1" ] )
    // ..repeat the above a few times for ALL ATTRIBUTES

    if( JSONData[ "frequency" ] ){
        //the frequency needs to be updated
        new ThreadToUpdateTheFrequency().start();
    }

Why would moving the new thread to the end of the updates fix anything?  Well, here’s the basic theory that I have come up with:

SQLite is writing out to the database.  When it does that, it attempts to lock the database(see the documentation for some more details).  This takes quite a bit of time, especially talking to the SD card which is running at just a few megabytes per second at the most.  At some point during this time, a new interrupt comes in.  However, the kernel does not process the interrupt fast enough before a new character comes in on the serial line, and thus some data will get dropped since the processor is assuming that the data has been fully read.

Oddly enough, dmesg does not show many problems; I only get a few input overruns.  It looks like there could be a kernel bug here compounded by how fast the SD card can be read from.

Dec 01

Weddings & Music

I attended a wedding this past weekend, and of course there was a DJ there who played music.  He was perfectly alright, but it got me thinking a bit about the music that is played at weddings(specifically, the wedding reception).  There are a bunch of songs that seem to be played regularly, although the only one that I can think of right now is Cupid Shuffle.  I have not heard the Macarena at a wedding in quite a few years, I think that it was more popular in the late 90s/early 2000s.

And of course, for whatever reason, the final song always seems to be Don’t Stop Believing.  I’m not sure why.  Has anybody else seen this in their travels?  I’m curious to know if this is a widespread thing or not.

One thing that was cool though, was that when the DJ played Piano Man, we all got in a big circle around the bride and groom and sang it to them.

Nov 21

Gyrocopter Man

In the news this week, gyrocopter man, aka Douglas Hughes, pleaded guilty to the felony charge brought against him.  As you may recall, he piloted his gyrocopter onto the lawn of the Capitol in order to deliver mail protesting campaign finance.

Clearly, campaign finance is a problem.  The solution to which I don’t know and I’m not going to ruminate on it right now.

The amusing part (to me, at least) is at the end of the article:

Hughes’s other charges included operating without an aircraft registration, three misdemeanor counts of violating national defense airspace and one misdemeanor count of operating a vehicle falsely labeled as a postal carrier.

For some reason, this is just hilarious to me.  I can see why that is a misdemeanor, it’s just quite amusing to think of a gyrocopter as a means of delivering mail.  It did have the USPS logo on it though, so I suppose it was technically labeled as a postal carrier.

Aug 29

Simple JAX-RS example & Maven configuration

So I have been using JAX-RS for the past few months now, and it was a little confusing to get started with.  To fix that, I’ve created a simple project on github that contains a minimal configuration for Maven in order to get a war file and have Jersey be the JAX-RS provider.

The other reason to do this is because the Jersey documentation is not very clear as to what you have to pull in from Maven Central in order to actually use the dependencies in a program.  Turns out, it’s just a single dependency, but finding it and making sure that it works is another matter.

Lastly, I just came across this page, which also has some good JAX-RS examples.  I hope that they help somebody!