Night Hour

Reading under a cool night sky ... 宁静沉思的夜晚 ...

Combinations and Permutations Using Deno


Study hard what interests you the most in the most undisciplined, irreverent and original manner possible. , Richard Feynmann

14 Nov 2020


Data structures and algorithms are an important topic in Computer Science and programming. Many of our digital systems rely on these concepts to perform tasks efficiently, within time and resource constraints. Many technology people have studied this stuff at school or through their own self learning. Concepts and skills need refreshers to keep it alive and sharp.

This article runs through combination and permutation algorithm using Deno and typescript. Combination and permutation are similar concept and recursion can be used to solve them.

>>

Two Factor Authentication Using Deno


Any program is only as good as it is useful. , Linus Torvalds

11 Nov 2020


Two factor authentication is an important security mechanism for modern applications. A mobile application (what you have) like Google Authenticator can be used to generate a time based one time password (TOTP) code from a secret key. When a user logs into an application, he or she submits a password (what you know) as well as the TOTP code. This additional factor improves the security of the application, ensuring that only authorized users can log in successfully. This article shows how to implement a simple time based one time password (TOTP) using Deno.

>>

Clobbering Together a Secure Online Resume Viewer


Unix is simple. It just takes a genius to understand its simplicity. , Dennis Ritchie

18 Oct 2020


In recent years, there is a growing awareness of online privacy and cybersecurity. Governments have passed laws to protect user data and guard the privacy of their citizens. In Singapore, there is the Personal Data Protection Act (PDPA) which seeks to protect the personal data of an individual. An individual can also take some common sense precautions such as not giving out or posting sensitive personal data online, to ensure his or her own privacy.

Many social media platforms, such as professional networking and career sites, job hunting sites etc... often collect a fair amount of personal data. Technical people may also have their own websites and post their resumes online. For those who are concerned about data protection and privacy, one approach is to have your own secure online resume viewer, granting access only to those you trust. This article shows how to clobber together a simple secure resume viewer.

>>

Building a Peer to Peer Group Chat using Deno and Webrtc


I'm not a great programmer, I'm just a good programmer with great habits. , Martin Fowler

3 Oct 2020


Messaging and chat applications are common tools that we use daily to communicate with friends or collaborate on work. Automated bot powered by artificial intelligence can also serve as customer service, handling simple queries. Internal bots can be used for application deployment, security monitoring and alert notifications etc... All these innovative services use messaging and chat as the key interface to humans.

This article shows how to build a simple peer to peer group chat application using Deno and webrtc datachannel. It allows communication and collaboration among small groups of people. Of course, a bot can be written and attached to the chat as well, if one so desire.

>>

Building a Simple android QR code reader


Adopt and change before any major trends of changes.
, Jack Ma.

3 June 2020


The recent Covid 19 has brought about many changes in our society. To fight against the spread of Covid 19, Singapore requires the use of SafeEntry for registering entries and exits to various places. The SafeEntry system encodes specific URL into QR code that can be scanned by smartphone, which launches a browser to the specified URL for checking in and out.

This article shows how to create a simple android application that can scan a QR code containing a URL and launches a browser to open the URL. It uses the popular Zxing android embedded library for processing the QR code.

>>

Configuring Apache Httpd Reverse Proxy for Internal Virtualbox VM


Trying is only good when accompanied by commonsense.
, Random thoughts.

5 Nov 2019


For small companies, some of their enterprise applications may reside on internal servers; but these applications may have to be made available to users over the public internet. An Apache HTTPD reverse proxy can be used to control access to such internal applications, improving security. This article describes how to set up an Apache HTTPD reverse proxy that will restrict access to an internal application running on a virtualbox virtual machine. The Apache HTTPD reverse proxy itself will be set up on a Ubuntu VM (virtual machine) in the same virtualbox host.

>>

Developing an Nginx URL Whitelisting Module

Growing Tree

Premature optimization is the root of all evil. ,
Donald Knuth.

29 Oct 2019


One of the challenges of securing web applications and websites is preventing the accidental exposure of sensitive parts of an application or website, such as administrative interfaces. A common technique is to blacklist an application path and prevent access to resources starting or matching with that path. Other techniques include disabling unneeded administrative interfaces, or removing unwanted features. This article shows how to develop an Nginx module that allows access only to whitelisted URLs or web resources. Any URLs that are not in the whitelist will be blocked.

>>

Replacing and Updating Html files using BeautifulSoup


Obey the principles without being bound by them. , Bruce Lee

12 Jan 2019


It is the new year again. For websites that consists mainly of static html pages that are built manually, a common task is to update the year and copyright information or some other common text/elements. This can be time consuming if the website has many pages. This article shows to automate such changes and modifications using BeautifulSoup, a python library for parsing html. It also shows how to use BeautifulSoup and Response to check for broken links in html files.

>>

Blocking Sensitive Content using Nginx and Docker

Pavilion leaf

I'm smart enough to know that I'm dumb. , Richard Feynman

21 June 2018


Web application firewalls (WAFs) are often deployed by security professionals to protect applications against malicious attacks. Some of these like the popular opensource Mod-Security, can inspect both the incoming request and the outgoing response. It can detect web attacks and information leakage. There are also cloud-based WAFs such as those by Cloudflare, Securi etc... that make it easy to protect a web application or website.

Not all web application firewalls offer outgoing response inspection. Some WAFs solely focused on analyzing incoming requests to stop an attack before it can reach the application. This article shows how to build a simple Nginx module that can inspect outgoing response body for sensitive data and block the response. The module uses PCRE regular expression library to inspect content and is based on a fork of Weibin Yao's nginx substitution filter.

This module can be useful as an additional layer of defense against web attacks. It can complement a WAF that only analyzes incoming requests. In this article, the module will be compiled into Nginx and packaged as a Docker image.

>>

Setting up a Test Lab using Google Cloud and strongSwan Ipsec VPN


Know thy self, know thy enemy. A thousand battles, a thousand victories. 知己知彼百战百胜。 , Sun Tzu (孙子)

3 June 2018


As cloud computing and infrastructure as code gain wider adoption, more and more companies are moving their IT infrastructure and applications into the cloud. This often requires a new model of operation, to take full advantage of what the cloud has to offer and to ensure the security of IT assets. IT and Security professionals have to keep up and learn the skills of operating in the cloud.

This article shows how to set up an isolated test lab environment on Google Cloud Platform and connecting it to a local network through strongSwan Ipsec VPN. A site to site VPN tunnel is configured such that local hosts can access specific services on the isolated test lab. The compute instances on the test lab though are denied access to the internet and to the local network, creating an isolated environment. A separate management subnet on Google Cloud is used to manage the test lab.

>>