To Do, Week 15-19 January

--Originally published at Computer System – Courses

Talking in deep, we decide to change the project idea.

Now we are going to develop an app that will allowed to any user create and manage a money pool.

So, this week we are going to define how the app is going to work, what modules will be have and what kind of technologies we can use.

Some technologies that we possible use, are:

– ReactJs

– NodeJs

– Firebase

– MongoDB

– GraphQL

 

 

NoteMe – Project

--Originally published at Computer System – Courses

Our project for this semester will be a note keeper app, that will keep a track of the notes, share the notes with classmates, allowed to use a Markdown style, can see the preview of it.

Mockup

Some advantage of the app will be the integration of image recognition. You will be able to take a photo from your notes and save it in the app, for example, take a picture of an exercise that the teacher wrote in the board.

The app will be developed by

– Fernando

– Estefy

– Hermes

– Me

We will be developing in native Android, and will use OpenCV library for the image recognition. Also probably we are going to develop some API, (based in Nodejs). Finally we’ll test our app following the recommendation of the android developers website.

Pre-Mortem Analysis

--Originally published at Computer System – Courses

 

Every semester is a stressful but interesting, I will having several class that I look interesting for me. So one of my goals is to take all of them and make one project.

So, for this class, I expect to improve my code, learn what kind of tests I can do for my projects, what tools i can use for the tests. And I want to do a project that could be challenging in order to improve my skills and give an opportunity to applied everything we learn a long the course.

Then, let’s the Hunger Games start.

 

Ensuring Confidentiality – Skalia –

--Originally published at Computer System – Courses

Let’s make a recap, in my previous post, i talked about how do we develop SKALIA, so now I am going to talk about how the confidentiality applies to it. We got 4 different types of users:

  1. Students
  2. Teachers
  3. Principal
  4. Admin

Every one of them has certain level of access to the data and how it is manage different for each one. First the students only can see their own data, and how they are making progress a long they play Mateoro. Next the Teachers, they only can see all the students that are in their group and how is the progress of every one of them and each of their students. Also the principal can see the group, similar to the Teachers, but with the main difference that he has access to all the groups available in the school. Finally, the admin has access to create, edit, update and see everything, it is a super user, because they can manage the system and work along with it.

Manage different roles, allow us to ensures that data is confidential between users. Also remind that our database has all the data encrypted in order to it can’t be interpreted if someone has access to it. Thus, we can manage the safety of the users data and they can be secure that his data is and will be safety to use.

 

 


Skalia – Developing for Integrating Security

--Originally published at Computer System – Courses

This semester, our team (4Cloud) had to develop a web application to help children from Miguel Hidalgo School learn and practice mathematics, this project wanted to help elementary school kids how to integrate math into their daily lives and the way they used them. So we got the goal to make a web app called Skalia, that involves a web app that introduce a Users Dashboard and a web game called Mateoro, in summary, the user (can be a student, teacher or director) can log into the web app, in order to access the game or review some statistics about the children progress in the game.

mateoro_conept_artMateoro. Concept Art

Mateoro. Final Version

Skalia. Web App

But in order to develop this app, we need to focus in how we will be managing the security around it. So one of our main concerns was how we were going to manage sensitive data. So after many talks, we agree in use the least possible amount of data, so in case of an attack to the system, the damage would be the minimum. Then we decide to encrypt the data that is going to stored. With encryption on data, the data managed through endpoints was secure.

An important point that also we take into consideration was about the session that we would be dealing around the server and client side, so we consider many ways, and at the end we agree to manage a session with PassportJs, which allow us to manage sessions, and if the user log out or close the window or browser we would close the session in order to maintain secure all the data that is update or display in the client side.

Besides the data management and how would be stored. We take in consideration, who would have

Continue reading "Skalia – Developing for Integrating Security"

Security and STATS (not security stats)

--Originally published at Alfonso reviews…

I know this is not the way to start a blogpost, but this post is going to be a long one, and yes, you’ll get a potato.

You may or may not know what I mean when saying STATS, for those wondering, STATS is a project where I’ve been working for the last 15 weeks, and it involves a web app, elementary school kids, and math.

Basically at the start of this semester, when creating my schedule, all my subjects were gone, and I got this notification saying, do you wish to register the STATS package, and I thought to myself, “do I get to choose?” Long story short, the answer was NO and I ended up in an interesting way of learning and developing as an ISC. No homeworks, no exams, just us developers, and the project at hand, that was the promise, some teachers respected it, some others didn’t, but that’s another story.

My team, which I think is the best team where I’ve worked ever, (If you guys are reading this, thanks for this semester) and I decided to make it happen, and we created a web app featuring an adventure of a spaceship on its journey to the Red Planet, math here and there and funny stuff.

The app intended audience/users are kids in elementary school, and their respective teachers as administrators of the system, the kids would play the game, and we would be collecting data, analizing it, and sending it to the teachers helping them with their work…

Data… Security… I wonder if those two should be related in any way, oh, yeah, they should be like father and son, like wolves and the moon, and like that bubblegum in your shoe.

With that being said, lets start our ride on how security

🙂
fancyPotatoe
Continue reading "Security and STATS (not security stats)"

One rule to rule them a… wait… there are three?? (Short talk about Morris’s golden rules and the STATS project )

--Originally published at Alfonso reviews…

I know it’s early in the morning, but I felt like writting a little bit, I had this topic as an assignment in university, and I thought about adding some salt and pepper to it, Bob and Alice always like their food with salt and pepper *wink*.

Obviously I’m not as safe as one could be with the Morris’s rules, but I think that by following those three little fellas my life would be slow and boring.

Rule 1: Do not own a computer. Even if I didn’t use my laptop to write, phones nowadays are little computers that send and receive stuff every second, so… I’m screwed.

Rule 2: Do not power it on. Like, for real, people out there, if you broke the first law and you have spent some money on a laptop or phone, and you care about your security, don’t turn it on, it won’t explode (I hope), but who knows who may be looking through your webcam or hearing through your mic, yes, I’m frightened while looking at that thing on top of my computer hoping it won’t look back at me.

Rule 3: Uhm yeah… if you got this far, I guess you broke the third rule with me, as it is not to use your computer. Your eyes are not tricking you. Your computer is your door to many places in the outer world, but it’s also a window of opportunity for people lurking for information.

But don’t worry that much, many of us have broken this rules, we may or may not become a target. But know what you are getting into by using a computer, and if you can, lock the window.

I had so much fun by writting this, and I hope you had some while reading it, now

Continue reading "One rule to rule them a… wait… there are three?? (Short talk about Morris’s golden rules and the STATS project )"

TC2027

--Originally published at Surviving CS

This is the third class I took with Ken and I must say all classes have been such a different experience. This is the second class I took where is primarily focus on blogging and sharing my experience and this one is the one that I enjoyed the most maybe I lacked in my blogging skills but the topics I learned in class and the whole experience of learning by myself and digging into the internet was fulfilling.

TC2027 was focused on Informatic Security I learned from ransomware, vpn’s, cryptography, ssh, security from the user perspective, etc. Also, what I like was the slack group and all the resources my classmates shared this was also a huge important part of the class because from time to time I logged on the group and read the articles that they shared and I could learned about what was happening in the security world.

Overall the flip learning concept is great and its all about having an independent motivation to learn because we are free to learn as much as we want and immerse ourselves in a single topic or as many as we can handle.


The Big One (that’s what she said)

--Originally published at Error C2129: static function 'blog(void)' declared but not defined

I had thought to make this long blog post by going over every single topic we’ve covered during this semester, then talking about how each of them applies to our semester-i project. However, realizing that that would take up too much space and time, I opted, instead for simply listing which security features are implemented within our project, then giving a brief description of how each of these things apply various concepts of security. By the way, sorry for the long preamble, I should just get on with it.

User authentication w/ data encryption – this is one of our main security implementations. Especially when it comes to the subject of data confidentiality. Our application has a unique login screen that allows users to sign in to their accounts, utilizing authentication provided by Passport js, a Javascript library that facilitates the entire process. On top of this, we have implemented bCrypt to encrypt the data that is stored within our secure database server. This way, even if a user manages to access our database, they will only be greeted with encrypted information, that they will be nearly incapable of decyphering without the unique passphrase we used to salt our encryption algorithm.

0d184ee3-fd8d-4b94-acf4-b4e686e57375
This baby, along with bCrypt, were two of our best friends

Restricted access – for testing purposes, we had left user registration open. However, in the final application, access will mainly be restricted by a user database. With the information handed to us by the school which we are cooperating with, we will populate the database to fit only those users that are necessary (teachers and students), in order to restrict access exclusively to them.

IP restriction – for purposes of our application, we must keep our server accessible via the internet, which means we must keep our http/https

le-logo-twitter
http-to-https
node-express
Continue reading "The Big One (that’s what she said)"