HTTP Traffic by Telnet


This is just to show the traffic when requesting and submiting a minimum web form by telnet. Command used: c:\ telnet maxv.maxxsports.cc 80, which is our AWS dev server.
There are two round trip traffic. Frist, clent requests a user name password form, second, client submit this form. Server set a cookie when sending out the form. “Access-Control-Allow-Origin *” is important for our streaming server since this allows the web server containing the video player to play the content. Headers are terminated by the sequence \r\n\r\n, then content length is said in header.
The traffic is listed below, excluding commends after # sign.
Client sends #1 to request form:

GET http://maxv.maxxsports.cc/test HTTP/1.1
Host: maxv.maxxsports.cc #nginx requires domain name on the line of GET and HOST
Connection: keep-alive #server doesn’t close this connection, and client reuses this socket.
Cache-Control: max-age=0 #must re-fetch
Upgrade-Insecure-Requests: 1 #please redirect me to a secure representation of the resource
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 #Chrome UA string
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate # I understand compressed content.
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 # I understand these languages
# hit return on keyboard twice

Server sends #1 returning the form:

HTTP/1.1 200 OK
Server: nginx/1.9.15
Date: Sat, 14 Jul 2018 22:07:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 216
Connection: keep-alive
Set-Cookie: LoginForm=SentAlready #sends client a cookie
Access-Control-Allow-Origin: * #allow pages originated from other web sites to fetch this content
<form action=”/test” method=”post”> #just a minimum web form
Username: <input name=”username” type=”text” value=”a”/>
Password: <input name=”password” type=”password” value=”a”/>
<input value=”Login” type=”submit” />
</form>

Client sends #2 to submitting the form:

POST http://maxv.maxxsports.cc/test HTTP/1.1 #post the form
Host: maxv.maxxsports.cc
Connection: keep-alive
Content-Length: 21
Cache-Control: max-age=0
Origin: http://maxv.maxxsports.cc #the web server that generated this page.
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: # same as last request
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://maxv.maxxsports.cc/test #previous web page
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: LoginForm=SentAlready #the cookie set by last server response.
# hit return on keyboard twice

Server sends #2 saying form submitted successfully:

username=a&password=a
HTTP/1.1 200 OK
Server: nginx/1.9.15
Date: Sat, 14 Jul 2018 22:07:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 23
Connection: keep-alive
Cache-Control: no-cache
<p>Success</p>

Advertisements

Python at MaxxSports


C++ has been my primary language in my entire career until a year ago, when Python came to our tool set.
We chose Python for it’s rich collection of modules. In our case, for example:

  1. AI: keras module to TensorFlow for player recognition
  2. REST API: bottle and json module, through which AWS server talks to the clients
  3. Database: pymysql module access video recordings saved in MySql
  4. HLS Playlist parsing: m3u8 module
  5. Access AWS: boto3 module to control ec2 instances

 

Salt vs Long Password


Salt is not as secure as long Password because salt is saved on server.

The problem short passwords face without salt is this: With access to rainbow table (kind of password-hash map), and the hash of password, a table look up returns the plain password, which is either your password, or a password the computer thinks is yours (collision).

Longer password requires a bigger rainbow table, and is therefore safer. However, people don’t like long password, and that is when salt comes into play. The server says to the user, “I will add some letters to your password but I will remember the added part so that you don’t have to”. The added part is the $SALT. Now we don’t have to remember the whole long password, at the cost that $SALT is no secret, because it’s saved by the server.

Here is a command I tried on my Ubuntu. As seen from this line in /etc/shadow, which is for password ‘mypass’: $6$3zTDsuzi$00giYxlM8HUtmuH3qBC0J0IgDzOg8hKzUZZwjb.3lKRWvtwTikVECguVpaO3b.CGpNQYCc5EnRVEsDudt1eOU1      Salt is 3zTDsuzi, and algorithm is sha-512.  This command: $python -c ‘import crypt; print crypt.crypt(“mypass”, “$6$3zTDsuzi$”)’ returns: $6$3zTDsuzi$00giYxlM8…, which matches the line in shadow file.

Optic Fiber Network


I just put together an optic fiber network.
The components used:

  1. Switch: TRENDnet TEG-30284 4x10G SFP+ Slots, $300 on Amazon
  2. NIC: Intel Ethernet Server Adapter X520-2 about $150
  3. Cable: 10Gb Multimode Duplex OFNP Fiber from Cable Matters $10 On Amazon. Each cable needs two modules.
  4. Transceiver module: SFP+, 10GBASE-SR, MMF, 850nm, from 10Gtek, $20 on Amazon

The installation was smooth as long as the cable, module and switch match.

Fiber