Posts

Showing posts from July, 2020

Your Parent’s Internet – Solving Misinformation

Image
The post Your Parent’s Internet – Solving Misinformation appeared first on Qvault . The age of information is not what we all hoped it would be. We successfully digitized the majority of human knowledge, and we even made it freely accessible to most. Now the problem is different, we have too much information. Answers to most questions can be found in thousands of distinct places online, and the new problem is “whos information can we trust?” What Platforms Think They Should Do About Fake News Twitter and Facebook have recently been under scrutiny for their censorship of coronavirus related misinformation. For example, a video claiming Hydroxychloroquine is a Corona cure recently went viral on Facebook, and the video keeps getting taken down. The video contains some wild assertions, made by Stella Immanuel, who also believes that gynecological problems are the result of spiritual relationships . By removing content they believe to be dubious, Twitter and Facebook have made thems...

HLS Video Streaming with Node.JS – A Tutorial

Image
The post HLS Video Streaming with Node.JS – A Tutorial appeared first on Qvault . The goal of this tutorial will be to build a robust video (or music) streaming API using Node JS. Don’t worry, its surprisingly easy since we will be utilizing a modern protocol, HTTP Live Streaming , or HLS. Why use HLS for video streaming? HLS allows us to serve large media files as many smaller files. We will use a program to convert a single .mp3 file into several text files that can be served by a typical NodeJS file server. There are a few advantages to this: User’s video/song loads quickly The majority of unwatched or unlistened-to portions of the song won’t be downloaded We can use the familiar HTTP protocol, which means less server and client configuration First Step – FFMPEG FFmpeg will convert mp3 files to HLS format, which is really a bunch of files. The main HLS file is the .m3u8 file, and the URL that will be given to the streaming client will be the path to this file. This ....

(Very) Basic Intro to PGP (GPG)

Image
The post (Very) Basic Intro to PGP (GPG) appeared first on Qvault . PGP , or its open-source alternative, GPG , is a program used to encrypt data such that only an authorized party can decrypt it. In this introduction, we will cover its use-cases and a high-level overview of the algorithms involved. Both programs (and others) adhere to the OpenPGP protocol. Because it is an implementation agnostic protocol, people can use the software they are most comfortable with and still send secure messages to each other. Only Pretty Good? The “pretty good” part of “Pretty Good Privacy” is a hilarious understatement. It uses secure building blocks and remains an extremely private (albeit not very user-friendly) protocol for secure communication. Symmetric vs Asymmetric Encryption Asymmetric algorithms allows users to communicate securely without sharing private keys. They are suitable for the encryption of messages meant to be sent over an untrusted medium like emails or text messages. S...

(Very) Basic Intro to the Scrypt Hash

Image
The post (Very) Basic Intro to the Scrypt Hash appeared first on Qvault . Scrypt is a slow-by-design hash function or more accurately, a KDF function. Its purpose is to take some input data, and create a fingerprint of that data, but to do it very slowly. A common use-case is to take a password and create an n-bit private key, which is much longer and more secure. For example, let’s pretend your password is password1234. By using Scrypt, we can extend that deterministically into a 256-bit key: password1234 -> AwEEDA4HCwQFAA8DAwwHDQwPDwUOBwoOCQACAgUJBQ0JAAYNBAMCDQ4JCQgLDwcGDQMDDgMKAQsNBAkLAwsACA== That long 256-bit key can now be used as a private key to encrypt and decrypt data. For example, it could be the key in an AES-256 cipher. Why not use the password to encrypt directly? Most encryption algorithms, including AES-256, require that a key of sufficient length is used. By hashing the password, we can derive a longer, more secure, fixed-size key. ...

How to Implement “Sign In With Google” in Golang

Image
The post How to Implement “Sign In With Google” in Golang appeared first on Qvault . User’s love convenience. If your goal is to make it easy for users to register with your app then “Sign in with Google” should be at the top of your priority list. If you are like me, then you may find Google’s documentation on the subject to be lackluster at best, and downright confusing at worst. Here we will go step-by-step through the authentication process that our Go servers at Qvault Classroom use for Google sign in. Front-End Stuff We aren’t going to focus on the front-end part of the authentication process because that’s the easy part. That said, for any of this to make sense we will briefly touch on how it works. The front-end’s job is to do some redirect OAuth magic to obtain a JWT signed by Google. This is accomplished by including Google’s SDK in your HTML, making an application in GCP, and creating a button using the proper class. I would recommend following Google’s quick tuto...

(Very) Basic Intro To Elliptic Curve Cryptography

Image
The post (Very) Basic Intro To Elliptic Curve Cryptography appeared first on Qvault . Elliptic curve cryptography is an efficient modern approach to public-key cryptosystems. In this introduction, our goal will be to focus on the high-level principles of what makes ECC work. We will omit implementation details and mathematical proofs, we can save those for another article. What It’s For? A common use of ECC is to encrypt data so that only authorized parties can decrypt it. This has several obvious use cases but is most often used to encrypt internet traffic. For example, we can use ECC to ensure that when we send an email, no one but the recipient can read the message. ECC is public key cryptography There are many types of public-key cryptography, and Elliptic Curve Cryptography is just one flavor. Other algorithms include RSA, Diffie-Helman, etc. I’m going to give a very simple background of public-key cryptography as a jumping-off point so that we ca...

How to Create a Custom Toggle Switch Component in Vue.js

Image
The post How to Create a Custom Toggle Switch Component in Vue.js appeared first on Qvault . Custom toggle switches are a pain to code from scratch. So many lines for such a simple UI widget! In this quick tutorial, we will learn how to build a toggle switch, and it will be a fully encapsulated Vue component! The component we are building is used currently on Qvault’s login page . Go take a look to see a demo. The HTML Template <template> <div> <span class="toggle-wrapper" role="checkbox" :aria-checked="value.toString()" tabindex="0" @click="toggle" @keydown.space.prevent="toggle" > <span class="toggle-background" :class="backgroundStyles" /> <span class="toggle-indicator" :style="indicatorStyles" /> </span> </div> </template> ...

Rust vs Go in Backend Web Development

Image
The post Rust vs Go in Backend Web Development appeared first on Qvault . Rust and Go are two huge successes in the realm of modern programming language development. The two languages compete in terms of backend web development… and it’s a fierce competition. For example, the popular communication app Discord just started swapping out Go services for Rust to boost performance. Both languages are new, have growing communities, and are fast and efficient. When it comes to microservice architectures, frameworks, and apps, Rust and Go are household names. Similarities Rust and Go share many traits, especially when it comes to web engineering. They both have rich standard libraries with internet-focused protocols such as HTTP supported of out the box. Both languages are open-source , meaning no company will be yanking the source code out from under us anytime soon. Go and Rust are both new which means they don’t come with the legacy and backward-compatibility baggage that you find ...

Vue History Mode – Support Legacy Hash URLs

Image
The post Vue History Mode – Support Legacy Hash URLs appeared first on Qvault . When we first launched the Qvault single-page-app, we were using Vue Router’s default hash routing. Hash routing looks ugly to the end-user, and when you want to be able to share parts of your app via direct link those hashes can get really annoying. We have since moved to the newer HTML5 History Mode which doesn’t have that obnoxious hash in the route. We had a bit of trouble coming up with a clean way to redirect those old hash routes to the new ones, however, so now that we’ve solved it we will share our findings. At the time of writing we have the following routes, you probably have something similar: import Vue from 'vue'; import VueRouter from 'vue-router'; import Courses from '../views/Courses.vue'; import CourseProduct from '../views/CourseProduct.vue'; import Profile from '../views/Profile.vue'; import Exercise from '../views/Exercise.vue'; im...

Your Manager Can’t Code? They Shouldn’t Be Your Manager

Image
The post Your Manager Can’t Code? They Shouldn’t Be Your Manager appeared first on Qvault . Managers who can’t code are an outdated artifact of corporate America circa 2005. The best managers that I’ve had spend ~80% of their time coding, architecting, or doing technical research. If your manager thinks coding is “beneath” them then they need a dose of humble pie. Your organization would likely be better off without them. But Managers Manage People ! There is a long-running stigma associated with developers, that we are all geeks who can’t handle interpersonal relationships. Due to our code monkey nature, we need “people people” who can go to meetings for us and communicate our efforts effectively to the higher-ups. While the above is still funny, it’s outdated . As the developer community has grown exponentially in the last 20 years, so too has the personality diversity amongst its members. In other words, it is not hard to find developers with the soft-skills necessary for ...

How SHA-2 Works Step-By-Step (SHA-256)

Image
The post How SHA-2 Works Step-By-Step (SHA-256) appeared first on Qvault . SHA-2 (Secure Hash Algorithm 2), of which SHA-256 is a part, is one of the most popular hashing algorithms out there. In this article, we are going to break down each step of the algorithm as simple as we can and work through a real-life example by hand. SHA-2 is known for its security (it hasn’t broken down like SHA-1 ), and its speed. In cases where keys are not being generated , such as mining Bitcoin, a fast hash algorithm like SHA-2 often reigns supreme. What Is a Hash Function? If you want to read more about hash functions in general, do so here . That said, in order to move forward let’s recap three of the main purposes of a hash function: To scramble data deterministically To accepts input of any length and output a fixed-length result To irreversibly manipulate data. The input can’t be derived from the output SHA-2 vs SHA-256 SHA-2 is an algorithm , a generalized idea of how to hash data. ...