|
|
Jonasfj.dk/Blog
A blog by Jonas Finnemann Jensen
January 14, 2008 HSH – A simple hash algorithm + embedded webserver
Lately I’ve been building a webserver, in school as a light and curtain controller, on top of an AtMEGA168 and ENC28J60, I’ve based it off an article I found at TuxGraphics.org. Which by the way is a fine place to order components for personal usage – They’re cheap and they shipped to Denmark in 2-3 days…
Anyway, the webserver software I found sends a plaintext password over HTTP for authentication. This is of course not desirable since anybody with access to the same network link can see the password. This is very bad security, especially if it’s a wireless link. And who would want a light and curtain controller if the neighbor kid suddenly hacked it.
Therefore I decided that I needed a secure authentication method. Asymmetric cryptographic algorithms are already out of the question since I’m working on a microprocessor with 16kbytes program memory. I tried to find a conventional md5 or sha1 implementation, however they were very easily too big in program size and inefficient. So I looked around and found HSH 11/13 by Herbert Glarner.
HSH 11/13 looked to be efficient, small and easy implement. Later I discovered that with my lack of experience with bit manipulation in C ladder was not true. However, I did manage to get an implementation working, it’s written in C and I’ve tested it with GCC and AVR-GCC against glibc and AVR-libc respectively. You may download it here:
Now having a webserver with a serverside hash algorithm doesn’t solve the issue. The client needs to have the hash algorithm as well. Therefore I wrote a compatible implementation of HSH 11/13 in Javascript. This may seam rather weird, and it’s sure not efficient anymore. I’ve only tested the script in Firefox 2.0, however I’d imagine that it works in other browsers as well. You may download the Javascript implementation here:
Like I said before this may seam rather weird, as the webserver isn’t capable of serving pages as big as the Javascript implementation. However the solution is to let the main page of the embedded webserver be:
< script src = 'http://mywebhost.com/myjsfile.js' > < / script>
Where “http://mywebhost.com/myjsfile.js” is a file located on a remote ordinary webserver, e.g. not served from the embedded webserver. The included Javascript file then writes an entire web 2.0 application using “document.write”. Once the web 2.0 application have been loaded it can use AJAX requests and the HSH 11/13 implementation to communicate with the embedded webserver.Apart from the main page, a simple AJAX API is all the embedded webserver needs to host. Authentication against the webserver may then be done using a HSH hashsum of a timestamp + password + data, referred to as token. Where timestamp, data and token, are send everytime an API request is made. The embedded webserver then knows the password and generates the token from the given timestamp and data, one can then authenticate the request by comparing the generate token with the received token. Note, it may not be desirable to keep track of time on a embedded webserver, so it’s easier to just check if received timestamp is bigger than the latest received timestamp, and then save the timestamp for later use.
January 12, 2008 Release of TheLastRipper 1.3.0 for Windows
Development on TheLastRipper have been stalled for a while, but thanks to Andreas’ work we’re now able to release TheLastRipper 1.3.0 for Windows. It features:
- New GUI station selection improvements.
- Using the new last.fm protocol version 1.2 (Skip now works!).
- Additional management features like skip songs already recorded.
- A few other minor details…
This release is largely created by Andreas, since I haven’t really had time for it. Which is also why it’s not ported to Linux yet, though the executables with Windows.Forms GUI runs fine under Mono/Linux, we’d like a GTK# GUI because it’s much prettier. I hope I’ll find time to do a Linux port soon…
Now some might be wondering why it’s called version 1.3.0 and not 1.2.0 – well, what can I say: It’s a “known issue” š I think I accidentally incremented it one too much, and since we can’t really delete downloads from GoogleCode it’s going to be version 1.3.0 instead. It would also look weird to have a version 1.2 featured and a version 1.3 deprecated.
Anyway I don’t think the version number thing is so bad either, I think I previously stated that there wouldn’t come a version 1.2.0, because I was going to rewrite the codebase. Because a rewrite would be needed to make a clean, easy portable and extendable backend implementation of the Last.fm protocol version 1.2. I started development of such a clean backend, but it’s still stuck in development, since I don’t have time for it at the moment.
January 9, 2008 If Birthday(): Year++; //Oh no Iām 20ā¦
Well, it happened I’m no longer a teenager, that means I just turned twenty. Unfortunately I guess it’ll also mean that I have to stop always saying what I don’t mean, and start saying what I do mean. No more useless, pointless and weird statements in the interest of a good/funny discussion of a dead topic; nope from now on it’ll just be dead discussions. Everything is serious when you not a teenager anymore, I just realized this morning when I woke… š
Well, apart from the getting more serious less teenager thing, it’s also this year I’m going move away from home, at least it’s my plan to study computer science next year (meaning after summer). With regards to my birthday presents they were all move-away-from-home-stuff, pots and pans you know… But it’s pretty much what I’ve wanted too, though chance are I’m going to stave anyway when moving away from home…
December 29, 2007 SimpleECDSA, a simple implementation of ECDSA in C
2 weeks ago I did a school project on ECDSA (Elliptic Curve Digital Signature Algorithm). At HTX we have to do a project that goes beyond the curriculum, we must combine two subjects and do an individual project about something we find interesting. I decided to combine mathematics and programming in a project about ECDSA. Personally I think it was great fun, but perhaps I have a twisted sense of humor š
Anyway, I’ve publish my report here, it’s in Danish though. But I did also write an implementation of ECDSA in C. The implementation is called SimpleECDSA, though I must admit it not very Simple anymore. It uses GMP as integer library, and uses the standardized curves cryptographic operations.
The comments in my source is in English, though I did translate them to Danish, before delivering my paper. Anyway, I still have the source with English comments, so I thought I’d post the source here.
As I had a little spare time this holiday I’ve configured the source with the GNU build system. It my first tarball created with Autotools, and it’s mostly hacked together of snippets from the automake and autoconf manual. But it works and the package compiles, and “./configure” complains if GMP isn’t present. I did also manage to get “make check” to run my internal tests, so I think it’s pretty good, considering the fact that is my first package build with autotools.
If you’ve any comments, bug-reports or questions to my packaging or SimpleECDSA, feel free to leave a comment. SimpleECDSA is ofcourse released under GNU GPLv3, and can be downloaded here:
September 15, 2007 First final OS X release, version 1.1.1
I’m happy to announce that we’ve finally ported the bugfix from the 1.1.1 release to OS X. As reported earlier all prior version of TheLastRipper are broken, due to minor changes on the serverside. This means that we haven’t had a working OS X version for about 2 weeks, the Windows and Linux versions were patched within 3 days, but since we don’t really have an OS X developers on the team this took a while longer. Anyway, it should work now, we’ve also added menu entries linking to the help pages on our wiki. Our beta was close, but not all done, now we think that we’ve got a fairly stable and feature complete version for OS X, therefore this release will be known as TheLastRipper for OS X version 1.1.1, yes it’s final not a beta.
September 5, 2007 Last.fm protocol version 1.2, unofficial documentation
As I promised a few days ago I’m releasing the unofficial Last.fm documentation that I’ve been developing in cooperation with Tobias Brennecke (tburny) and Matt Brown (blueboxed), two other Last.fm users. This new protocol for last.fm is very interesting, it offers a small playlist instead of one long audio stream, this is nice since metadata is included in this playlist. The unofficial documentation is available from TheLastRipper wiki, here. All the operations should be possible to do with Firefox.
Anyone familiar with the old protocol (version 1.1) knows that Last.fm gave you an mp3 stream, and a place to go if you wanted to request the metadata associated with the music currently playing. This wasn’t very nice, because you had to guess when a new song started, I know that the last metadata response contained information about how long the song was, but you didn’t know exactly when the song was started. Alternatively it was possible to search the stream for mp3 headers, which gave you precise information about when a new song started. But that required some computing. The new protocol just returns an XSPF playlist with mp3s and metadata, now that is very nice.
September 3, 2007 All prior versions of TheLastRipper broken!
I regret to annonce that all current prior versions of TheLastRipper are broken. It seams that Last.fm dropped support for had a bug in their 1.1 protocol, this weekend. All streams optained from this protocol returns “HTTP/1.0 667 Not enough content left to play this station”. I think it’s a shame, considering the amount of opensource audio players out there with playback support for Last.fm version 1.1. Since all of these audio players, including TheLastRipper have been broken.
Nevertheless, I and some other last.fm users have developed an unofficial documentation of the new last.fm protocol version 1.2. I’ll release it shortly, and I’d expect a implementation of this new protocol for TheLastRipper to start rather shortly too. If you want to stay updated on this issue, you can subscribe to issue 63. You do that by clicking on the star.
UPDATE:
Last.fm didn’t drop support for 1.1 protocol it was just gone for the weekend + Monday. Though a minor change in the login scheme caused TheLastRipper to freeze, this issue have now been fixed, and latest release of TheLastRipper works (Version 1.1.1). We’ll still be working on an opensource implementation of the Last.fm 1.2 protocol.
August 30, 2007 Volume normalization with Amarok
Some users of TheLastRipper has requested integrated volume nomalization (Issue 61). While I admit that I’ve noticed the volume changes between tracks, I’ve never really bordered to find a solution. But since others had similar issues, I decided to take a look at it. I ended up looking at ReplayGain, a project that aims to add a tag, containing volume information, to all songs. Then read the tag at playback and determine the volume. Though the value of the tag must be calculated first.
As this seams like a big feature, and as argued by Andreas in the issue tread, it’s probably not a feature for TheLastRipper. Nevertheless it doesn’t mean that the problem should be fixed, just that it should be done elsewhere. This is also good, since you entire music collection doesn’t necessarily origin from TheLastRipper. The solution is to implement this feature at playback level, meaning in your audio player.
For those of us running Ubuntu and using Amarok, this can be done easily. First open Amarok, choose “script-management”, Click download new scripts. This will open a dialog showing the newest, most popular and most downloaded script for Amarok. Just install the script called ReplayGain. Once this is installed you’ll have to install some dependencies with Synaptic. I’ll try to list those I think is needed: python-kde3, mp3gain, vorbisgain, flac, python-xml
If you enter the script-management in Amarok again, you can enable the ReplayGain script. Enable it, select it and click “Settings”, you can tweak the ReplayGain script a little here. Once your done with that leave the settings, and ReplayGain will print a small popup, telling you which optional dependencies you are missing. I’ve probably forgot to list some of them, you may find them in Synaptic if you think you need them. Though I haven’t found “aacgain” or “replaygain” in the Ubuntu repositories.
Well, you don’t need “replaygain” or “AACGain”, unless you, like me, have AAC music. Actually I’ve just bought my first AAC music from iTunes. I haven’t used iTunes before, but I thought I’d give it a try since they started releasing DRM-free content. So I installed iTunes in my virtual machine, and copied the AAC files back to my Ubuntu system after they were downloaded. First I must say, the quality of iTunes plus files are very good, and the files has ID3v2 tags (other mp3’s I’ve bought online did!). It’s sad that iTunes doesn’t run on Linux, Apple could at least offer a web interface for iTunes plus.
Well, if you have AAC encoded music, you’ll need AACGain, it’s not in Ubuntu or Debian repositories. Actually I couldn’t find any .deb packages for it anywhere. So I decided to make my own. You may download my ACCGain package here. Feel free to contact me if you want the source package.
Once you’re done installing dependencies, and have enabled the ReplayGain Amarok script, you can right click in your playlist and choose “Apply Replaygain tags”, I selected “To entire collection using album tags” it took a while but the volume was automatically determined by Amarok afterwards.
August 19, 2007 Release of TheLastRipper 1.1.0 for Windows and Linux
Like I wrote yesterday, a release of TheLastRipper have been in the workings for a while. Now the final details have finally been solved and I’ve released TheLastRipper for both Linux and Windows. Among some of the most interesting changes are:
- ID3v2 support (
Issue 5)
- International characters (
Issue 4)
- Perfect clipping of songs (
Issue 6)
- Fix tab-index and improve UI (
Issue 41)
- Handle exceptions when launching browser on windows (
Issue 45)
- General exception handling dialog (
Issue 46)
- Support for http proxies (
Issue 44)
- Better overall stability
You may download the new release of TheLastRipper from our project page now!
August 18, 2007 TheLastRipper 0.9 Beta for Mac OS X, with Cocoa interface!
A new release of TheLastRipper have been in the workings for a while and now it just about to be done. Among some of the new features are:
- Perfect clipping of songs
- ID3v2 tag
- Support for proxy settings
- Better threading
- International character support
- Many minor bugfixes
These features have been under development for a while and the Windows and Linux clients in SVN already have these features, they will be release as 1.1 very soon too. But last weekend me (Jonas) and Rene of TheLastRipper developer team, decided that it was time to get a beautiful port for OS X. So we started out with the 1.1 codebase from SVN and installed XCode, Mono and CSharpXcodePlugin on a Mac. Then we wrote one of those simple “hallo world” applications in Cocoa#, after becoming a little familiar with Interface Builder and Cocoa#, we started the development of a client using Cocoa#.
And even though the Cocoa# bindings aren’t complete, the weird behaviour of Interface Builder, minor bugs in Xcode and the fact that we wrote most of it during a hangover, the result compiles (sometimes), and works fine too. This version is now being released as TheLastRipper for Mac version 0.9 Beta, once it’s been tested a little more and the last details have been fixed it will be released as stable too.
Now a bit about Mac and Mono based development. First of I’d like to say that I’m not a Mac user and never have been, I’m a Linux user with years of Windows experience, now practiced in a virtual machine for legacy applications. Now getting CSharpXcodePlugin installed and doing the LetterCounter video tutorial is definitively a good start. But it’s difficult to find documentation for Cocoa#, I had to go with what I could get from the assembly cocoa-sharp.dll using Monodocer. The result was that we copied the cocoa-sharp.dll to Windows and added it as reference to a SharpDevelop project to enable intelliSense, since that was basicly all the documentation we could find. But once that was done, developing the actual code on Windows and the interface on OS X was actually pretty easy. Especially with TheLastRipper since all the logic is in a platform independent .dll, which means we only had to write a little clue code. Of course you need to get hang of how Cocoa and Interface Builder works, but once you’ve got that, it’s certainly possible to work with… Even though Mono on Mac isn’t as easy as it is on Windows or Linux.
« Newer Posts — Older Posts »
|
|