I've not made much progress this week

So in my last post I mentioned random numbers, and talked about needing to trade off between security, speed, and the randomness of the source of random numbers. I stand by the considerations that need to be made, but it was brought to my attention that I was looking at math/rand in go where they also have crypto/rand which makes using /dev/urandom much simpler. The trade offs are the same in practice, but the work was much easier to implement that way, so thank you Liam

posted at 02:11:00 PM on 7 Sep 2019 by Craig Stewart

Tags:project sysadmin golang location-finder 

A Comment on Random Numbers

I have nothing to show on the location app I’ve been building, but I’ve hit a hurdle that I felt warrants some discussion. I want to use two random strings that are unrelated to each other in order to make the app more secure. An ID for each location shared, and a key to prevent someone simply trying to enumerate all the ID’s. Because the key is a security device it is important that it is not derived from the ID, or from the same deterministic source as the ID. With this in mind I have been reading about the random number generator available in Go.

posted at 11:17:00 AM on 1 Sep 2019 by Craig Stewart

Tags:project sysadmin golang location-finder 

Making the app do something

So I have been making improvements to the location app I blogged about recently. The first cut of the app wasn’t really all that much of an achievement as I could have done the same with a file and a webserver, without needing an app written in go. Now in my last blog post I stated that I would build an API, and I have done so. I have also moved the default page, and created a new one. If you choose to look at the code you will notice a function for checking an id and key (which are both currently hard coded to “test”) this is to allow multiple locations to be shared (via a randomly generated ID) and also make it harder to enumerate the location ID’s that the system knows about by pairing that with a randomly generated key. The creation of these ID’s and keys is going to be what I work on next, as well as some optimisations to the code.

posted at 07:29:00 PM on 30 Aug 2019 by Craig Stewart

Tags:project sysadmin golang javascript location-finder 

Setting up hosting for the location app

I have a basic app, as per my last blog post. Now I need to host it somewhere. I have changed the app to only listen on local host, I have iptables on my servers to hopefully prevent me exposing ports I don’t want to expose, but better to not push my luck. I’m using a server running apache and using systemd as the init system. So for SSL termination we’ll use apache as the revers proxy. For this we need a vhost with mod_proxy enabled and the following config in a vhost

        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/

We then need to create a user to run the app, we want an unprivileged user

sudo adduser --system\
             --shell /bin/false\
             --gecos 'Location Finder App'\
             --group\
             --disabled-password\
             --home /opt/location location

With that we need to create a systemd system file (I’ve added an example systemd file to the app repo) and to move a built copy of the binary onto the system, along with the HTML template file. And that is what I have done.

posted at 09:26:00 PM on 25 Aug 2019 by Craig Stewart

Tags:project sysadmin location-finder 

The first steps in creating a location finding app

So in my previous blog post I said I was going to try and build a web app to find someone’s location using their smartphone’s location services. The first step in this is choosing a language and/or framework to build it in. I’ve decided to use Go, which a former collegue of mine tells me makes me a hipster.

posted at 03:33:00 PM on 25 Aug 2019 by Craig Stewart

Tags:project open-source sysadmin location-finder golang javascript 

Location Services in an Emergency, How Hard Can it be?

So I have been hearing lately about What3Words and how the emergency services in the UK are using it to locate people. This, and other information I have read about recently has got me thinking. What3Words is a proprietary service, that the emergency services will be paying to use. Now a number of mountain rescue teams in the UK use a service developed by one of their volunteers called SARLOC which appears to have a similar set of requirements, but from what I have read appears much more useful for the mountain rescue teams that use it. Now what I have been thinking, these services both rely on the person that needs to be located to have a smartphone, with location services, and an internet connection. They both require the person to receive a link, and allow the opened web page to see their location. So with these assumptions, how hard is it to build a service that allows an operator to send a personalised link to someone, have that use the smartphone’s location services to get a current location for the user, and share that automatically with the operator?

posted at 08:19:00 PM on 18 Aug 2019 by Craig Stewart

Tags:project open-source sysadmin location-finder