This week I plan to finish the test and have at least 70% of the api code covered. We already have all signup, login, profile and delete account functionality tested and passing. I tried to include the tests in the travis-ci build but it seems to have problems with the neo4j service, neo4j is throwing this error:
Uncaught error when processing result: Neo4jError: 140223444313984:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827
And I just don’t know why, should I just remove the https code when the code is being executed in travis? Maybe it’s because it does not find the key and certificate, but I don’t see why that would be the case, I’ll try again anyway.
This week I started helping with the testing. I solved the issues that they were facing with the cookie. Marco is creating the web application and, when he was developing, found some bugs in the api, these are already fixed. Marco (and someone else that I’m not aware of, I guess) integrated the firebase chat to the app. That’s nice, altough it’s kind of ugly, but hey, it works.
We know we may have some security issues, in the chat and some parts of the api, but no can do, we are aware of that and will not fix it, we have to finish the things that we need to present in the demo.
This week me and Miguel worked with internationalization of the game, Miguel worked on the different string for the levels, a general way of handling them, and I did the selecting of the language from a querystring in the URL, and loading the strings that would be shown in the menu. With this features done, we’re just going to be designing and testing new levels.
So previously (TO-DO) I committed to doing 3 issues. And sadly I just accomplished 2 of them. According to myself, I completed the two most important issues, and I left the boring and “difficult” to deal with one. And I’m talking to the creation of level 5. I didn’t have time for its development, and it’s also so booooooring and tiring to try and match the size of the figures to the ones I have in mind.
The first issue consisted in creating the Mongoose schema to hold the texts that some levels have. It should hold the texts in multiple languages. This part was easy. in fact, it is the shortest schema we have.
The second issue consisted in simply updating the Mongoose schema of levels. This meant only changing the text field with a boolean (Because the text now is held in the level-text document). This was also very easy.
So, what wasn’t easy? The middle ground of this two issues. This consisted in updated the server routes. Make a new route to deliver the text of the level. Make the BD connections for this level to be fetched. Make the HTTP requests from the client to the server. Update the way the level is loaded and decide whether or not a fetch for the texts is needed. And the worst of it was: Updating the level development script so you could modify both the level document and the texts document at the same time.
I realized after doing the issues that I actually didn’t know where one ended and where did the other begin. This is because there was some stuff I needed to develop to test both of the issues. And before fully testing one of them, I needed to test the other, and to do that I needed the middle ground I didn’t know to which issue assign it to.
And that is why I think I should have done 3 issues (one for the middle ground), and then everything would have fitted perfectly. In fact, maybe a fourth issue was needed that would consist in updating everything that we already have (BD, tests and level development), to accept the new format and schemas.
The brief description provided by Coursera‘s Cyptography Icourse by the University of Stanford paints cryptography as a tool for protecting information in computer systems. What I’ll attempt to cover in this post is cryptography’s real-world application, why it is needed.
First let’s deal with some basic stuff regarding cryptography, starting with the classic Alice, Bob and that bastard Eve who’s always meddling, she’s more of a Lilith if you asked me. Let’s say Alice has the sudden urge to communicate some secret message to Bob, perhaps she’s going to confess her love, but Eve also likes Bob, and Alice knows this. She can’t met Bob in person, Eve would find out, she lives close by and would get in the way. THANK GODfor the cryptography course Bob and Alice took years ago, where they learned about symmetric and asymmetric cryptography . . .
Sidenote to Explain Asymmetric and Symmetric Cryptography
Based on this post on Synopsys. Encryption uses an algorithm and a key to turn plaintext, the message, into ciphertext, the encrypted message that you can then send. Symmetric Encryption uses the same key for both encryption and decryption of a message, its fast and can be used for large amounts of data, like encrypting a hard drive, the hard part is keeping that key secured. Asymmetric encryption keeps a pair of keys, a private one and a public one, that can be distributed anywhere to interact with your messages. Plaintext encrypted with a private key can only be decrypted by its corresponding public counterpart, and vice versa. A message can also be signed using your private key, so that others may decrypt the signature with your public key and verify it was sent by you. This type of encryption, though, is slow and can only be used to encrypt data smaller than the key.
Back to the gossip
Alice decided to use Bob‘s public key to encrypt her confession, Eve had a man-in-the-middle software running in Bob‘s network, and caught the message, she didn’t understood it, however, and decided to let it through, ignorant to the fact that she was about to lose Bob, her Bob, to Alice‘s encrypted message. Bob received the message and recognized the gibberish as an encrypted message, like the ones he had worked with. Bob got a hold of his private key and decrypted the message, the surprising confession got to him, and to Eve‘s dismay, reciprocated.
That’s not reality! Well, Alice is the everyday user, Bob is the destination of every operation Alice does online, and Eve is third-parties, like government agencies, interfering in these interactions. This everyday interaction is why encryption is important, to keep your privacy. These third-parties’ goal is to break these encryption algorithms, by cracking it themselves or demanding a backdoor from the developers, which was the case in the FBI-Apple encryption dispute or the whole Snowden situation, of which there’s a cool John Oliver video.
Okay, so now I have again stuff to do! Yay! 3 issues to be exact! 2 that I guess i’mgoing to like, and 1 that I must have. This week, and remaining sprint will be focused in incorporating multiple languages to our game. So my 3 issues are mostly related to that.
Update the level schema and already uploaded levels, so that they have only a boolean property called text. If true, the level loader must get the level data.
Create a new schema, for the level texts. It must contain all the languages for the texts of the level.
This week we’ll be working on making our game a bit more international by displaying strings based on the language. I’ll also be recording more audio for the game and report on that at the end of the week.
Okay, so doing the stuff that Gera asked me to do took me like 10 minutes. Which isn’t much, but it was more than what I estimated. I forgot how much time it takes to move stuff in the game window. Instead of giving to coordinates and creating a square using only the diagonal, it asks for the center coordinate, a high and a width, making my space senses go uisndqne… Oh, and to take a bit of initiative, not only I increased the size of the texts, but I also updated the content and added new texts to the level.
I’ve also created and updated some DB scripts. Now we have a remove level script, and there are some comments in most of the scripts to make a more specific query to the DB.
I’ve recruited some voice actors, those being my classmates, and asked them to perform questionable sounds. Using a globally defined object, SOUNDS, I load the soundfiles and play them whenever they are needed. As of now we have the following sounds: background music, jump, bounce off surface, firing a projectile, and killing an enemy.
Today’s behicles feature driver assistance, like collision warning, automatic emergency braking and safety vehicle communications. The NHTSA (National Highway Traffic Security Administration) is exploring the full spectrum of its tools to ensure these technologies are deployed safely and effectively. It encourages the implementation of NIST Cybersecurity Framework. NHTSA promotes a multi-layered approach to cybersecurity by focusing on a vehicle’s entry points, both wireless and wired.
Malicious exploitation of security vulnerabilities in connected cars is a major problem, with news stories of hacking interfering with consumer acceptance of the current and future capabilities of vehicles.
The first well known security compromise of a smart vehicle, a 2014 Jeep Cherokee was hacked by security reserchers Charlie Miller and Chris Valasek in 2015, they were able to turn the steering wheel, disable the brakes and shut the engine down, all remotely. They also discovered that they could access thousands of other vehicles that were using the Uconnect entertainment and navigation system, common in Dodge, Jeep and chrysler vehicles.
It is good to know that automotive manufacturers and transportation compaines are well informed about these problems and are taking it very seriously, hiring cybersecurity experts as part of a concerted auto industry effort to greatly increase the strength of security features in cars.
