Oregon State University|blogs.oregonstate.edu

The End of Winter 2024  March 7th, 2024

With the Winter 2024 semester coming to an end, it is essential to give an overview of my experiences and my group’s progress while working on the Secure Password Manager.

Quick little reminder of the project itself. The Secure Password Manager is a web application that allows a user to create their own account and store their login information from any websites they want to, securely. This allows a user to create passwords that are unique and more random without having to worry about remembering them. This results in enhanced digital security against cyber attacks. The Secure Password Manager is a perfect choice for anyone that wants to further secure themselves in a world where cyber attacks are happening all the time, with data leaks that can prove detrimental to a person’s livelihood.

As for progress itself, this semester has been incredibly productive. Within the project, we have four different functional areas, Authentication, UI, 2FA, and an API. At the time of writing this post, we have all mostly completed our individual areas and are ready for integration. The only work left to do is combine everything together through the UI and the first version of the application will be ready which (if everything goes to plan) will happen in the next few days.

Now what did I do specifically? As I mentioned in my previous blog posts, I was responsible for authenticating the user. In other words, ensuring that a user’s data remains secure for themselves without any other unauthorized access. To do so, I chose to use Supabase, an open source Firebase alternative. I won’t go too in depth here, but I had to create various functionality that allows a client to access the Supabase database and implement logic that denies/accepts a user. Overall, I believe I greatly benefitted from this experience as it was the first time I truly dived into a backend functionality, while stilling understanding everything that is going on. I don’t think I would choose another database provider as Supabase has served all of the needs of the project, with much more functionality available if needed.

Since we are nearing the end of the semester, I wanted to go over my own experience and the techniques that I used to succeed in my classes. Some context, this semester I chose to take 4 CS classes while also partaking in a Software Engineering internship. By no means was this semester easy. The BIGGEST action that I took that helped me was to get ahead of schoolwork. To do so, I did end up taking a few days every so often where I slept very little, and ONLY focused on my work whether that be coursework or internship work. While I may not have felt too good then, the sense of relief and extra time afterward is worth it. While sacrificing personal health may be a unique viewpoint, I believe that it incredibly beneficial in getting extra work done with high quality. My work during the beginning of the term was amazing and I was more relaxed. This was due to the fact that I took some long nights and stayed ahead of due dates. However, towards the end, I slowed down a little and found myself with more stress and lower quality of work as a result. Now I am forced to play catchup on my assignments. Staying ahead is the MOST important thing to do when looking at schoolwork. It not only relieves stress, but it also results in higher quality results as you are not rushing yourself.

Anyways, I am off to do some more work on the Secure Password Manager. Good luck on finals everyone! See you next term!


Technology for Authentication  February 7th, 2024

First of all, here is some context. The project that my group is developing is a secure password manager. A web application that allows a user to have all of their passwords stored in one place, securely. Now my personal focus on this project is authentication. Authentication is incredibly important when it comes to keeping sensitive data secure. Without a proper, secure authentication system, any user will be able to access any data they want stored on the site.

Now onto technology in authentication, I chose to use SupaBase to implement a secure authentication system. SupaBase is an open-source alternative to Firebase that uses PostGres to store data, and all kinds of other features. One such feature being authentication. Personally, once I was eventually able to figure out exactly how to use SupaBase, I loved it. It is straightforward and very adaptable. However, in the beginning, I found that sources created to help new users use it were misleading. I found all kinds of sources that directed me a wrong direction. I actually ended up going back on my implementation and really fundamentlizing it allowing me to adapt in the future (I believe that this saved the development of my part of the project). But after a lot of reading through documentation, I was able to figure out how to implement authentication using SupaBase.

While this blog’s title is focused on Authentication, I also wanted to mention my experience with node. I have been TRULY humbled by node throughout the development of this project. One year ago, I would say that I feel comfortable with node, having taken Web Development, creating many personal projects using React and other node packages, but this semester, I feel lost. I found myself spending a significant amount of time figuring out how to use node to even get my project to run. After coding in C/C++ for the last year, both in school and at my internship, I was shocked how fast I forgot about node and how to use it. Personally, I would say that I am a decent programmer (not trying to brag or anything), I am currently moving through recruitment for a Sofware Engineering full-time position even. But, it is shocking how dumb I felt while trying to use node within my project. This included starting at my package.json file, re-running my program hoping that everything was now working, and so many more ‘dumb’ feeling struggles. I found myself incredibly frustrated with how my problems weren’t coming from my code but from how I was running the code. I felt like I was running code for the first time!

Anyways, to stop ranting, while I had to re-live the steep node learning curve, I am glad I did. It shows me how quick we can forget technologies after not using them for a short(ish) amount of time. I now feel comfortable using node and without it, would be unable to complete my project for this term.

With how quick technology is adapting in the IT world, it is important to be able to learn. Software Engineering isn’t all about if you know how to code, if you have ideas for a product, but it also contains an ability of learning. In the professional world, software engineers are learning new things everyday whether it be a technology or just a coding practice. The field is constantly adapting and to find success in it, it is important to be able to adapt with it.


Back for Winter 2024  January 17th, 2024

I am back for Winter 2024, the semester where my team and I work on developing our Secure Password Application. I am excited to work on my project and am confident that we have a good plan in place that will allow us to finish development on time.

For the clean code reading, I chose to read Chapter 1 from Clean Code: A Handbook of Agile Software Craftsmanship by Robert Martin. The first thing that I took away from the reading is the dangers in writing bad code. Writing bad code and deploying it due to time constraints, external pressures, or just laziness can be dangerous to a product. While at first, the code may not impact performance, bug fixing, or overall functionality too badly, after constant bad code practices and application can begin to slow down, and even eventually fail. As Martin mentioned, one company continued to add more and more features with bad code practices and “the code got worse and worse until they simply could not manage it any longer” (Martin 3). Due to bad code, the company failed.

Martin continues his discussion by mentioning many famous programmers who put their own word in on clean code. One of which was Bjarne Stroustrup, the inventor of C++. He mentions that code should be elegant and efficient. This makes perfect sense as C++ is one of the fastest programming languages out there. Elegance, efficiency, and error handling are all key points that Stroustrup mentions when mentioning coding practices.

For my reading on code-smells, I chose to read chapter 3 of Refactoring: Improving the Design of Existing Code by Martin Fowler. The first thing that Fowler mentions to keep an eye out for is duplicated code. This makes perfect sense, why rewrite the same code over and over when a function would do the trick in a much more efficient, and cleaner way. Another bad coding practice are functions, or classes that are too large. As Fowler mentions, “Since the early days of programming people have realized that the longer a procedure is, the more difficult it is to understand” (Fowler 64). Keeping functions short allows for easier understandability, therefore better maintainability. The same applies to classes. Having objects taht are too large increase the likelihood for confusion, and therefore duplication.

Another key issue he mentioned is divergent change. He mentions “When we make a change we want to be able to jump to a single clear point in the system and make the change” (Fowler 66). This is something that have always tried to maintain from when i started out my Computer Science career. While it may be simple at the time of development to input variables manually, even in multiple places, this is a big issue when it comes to changing code. It is dangerous to assume that a codebase will never change. With how technology, coding practices, and even programming languages are changing, it is always key to assume that you will need to update your code. Updating code is something that everyone does due to its necessity in the ever advancing world of technology.

Overall, clean code is essential when development a serious project. It can save time, increase longetivity, and, in some cases, even save a project or application. Clean code is something that I am consistently trying to implement within my own development and reading about specific examples helps me gain a better persective on what I should and should not do while coding.

Citations:

Fowler, Martin. Refactoring: Improving the Design of Existing Code. 2nd edition, Addison-Wesley Professional, 2018.

Martin, Robert C. Clean Code: A Handbook of Agile Software Craftsmanship. 1st edition, Pearson, 2008.


The End of Fall 2023  December 4th, 2023

I made it! There is one week left till finals week. This semester has by no means been easy as I have been taking multiple security-focused classes. But, I am making it through.

Focusing on my secure password manager, everything is going well. While we are not gotten much implemented, that was the plan. This semester was all about planning our project and I am confident that I know exactly what I need to do for next semester when i start implementing. I just need to look a little more into Supabase (the third-party service I plan to use to implement user authentication). But I will get to that this week, just in time for the v0.0.2 phase of my project.

I wanted to focus this week on DVWA (Damn Vulnerable Web Application) since it has taken up a lot of my time today, the last few days and most likely the next day or two. DVWA is a website designed with vulnerabilities that anyone can exploit, legally. There are both documented, and undocumented vulnerabilities, and it is being changed often as people find new security breach opportunities. I wanted to focus on DVWA in this blog because I think it is a great introduction to ethical hacking, and the cybersecurity field as a whole. While I have been taking two cybersecurity focused courses, I haven’t gotten instantly visible effects of my “hacking” efforts. This website is such a useful tool to really see how attackers can manipulate vulnerabilities found on various websites. Also, there are many guides out there showing you how to exploit these vulnerabilities so it is very beginner friendly. DVWA is such a useful resource and I found it entertaining. I will admit, it has taken much of my time but I think that the time I spent on it is still valuable for my career and general knowledge as well.

Here’s a link to the repository if you want to check it out: https://github.com/digininja/DVWA

As well as a link to a setup and basic exploit guide: https://bughacking.com/dvwa-ultimate-guide-first-steps-and-walkthrough/#Brute_Force

Anyways, got to get back to working on DVWA.

Happy end of semester everyone!


Two and Half Months In  November 13th, 2023

I am now two and a half months into the semester, past the halfway mark! I will admit, it has not been easy. I have had somewhat of a difficult time balancing my internship with my schoolwork. I feel as though I am always playing catch-up, but I am hoping to better manage my time and finally get a little leeway between what is due and what will be due soon.

My Secure Password Manager Project… it is going well. As a group, we have a solid plan for how we will be implementing it and as for my own specific part, I am almost good to go. In the coming weeks I plan on familiarizing myself with SupaBase, the main technology I plan on using to implement authentication. While I have never implemented authentication itself, there are tons of useful resources online as it is a pretty popular topic. I will need to spend a decent amount of time familiarizing myself with it before beginning implementation.

I wanted to dedicate the end of my blog to a technology that I find interesting that was released a couple of days ago… the AI Pin. With AI being a major talk-point the last couple of years, it was only a matter of time before it was used to make something extremely unique that brings ‘futuristic’ technology to the present. The AI Pin is a little pin that you attach to your shirt and you can ask it anything and I mean anything. From what to eat for dinner based on the ingredients you have to which way to walk when navigating through a city. The possibilities are endless! It even has a screen that gets displayed on your hand using lasers! This technology has so many applications that it is impossible to name all of them. It uses advanced AI to help make our lives easier. My concern with it is how practical it will be to use. Will this become the next telephone in the near future? Could this replace our phones? Could phone companies begin to implement this kind of technology in the near future? This new technology is one of those unique ideas but the main difference from other unique technologies is that it seems practical. Depending on its performance, it has the opportunity to change the world of technology as we know it.

Here is a little picture of the laser display:

I highly suggest reading more about it on the official site:

https://hu.ma.ne/aipin

Hope you are all doing well!


Hello CS461!  September 30th, 2023

I am David Gajda! I am a 20 year old Computer Science student living in Poland. I play semi-professional soccer over here. I am also one-month into a 6 month internship as an embedded software engineer for an American company, Rockwell Automation. They have a big branch here in Poland.

My interest in computers, software, and technology started from a young age with video games. I have played A LOT of video games throughout my life. Naturally, those interests led to my path towards a degree in Computer Science. Originally I started my degree at Portland Community College (originally being from Portland) and after two years transferring to OSU. Now I have just over a year left! Currently I am taking CS461, CS372, CS373, and CS450.

I am most interested in the Password Manager application project as I love to create something that I will use on a consistent basis. Seeing my own software work being consistently used naturally makes my passion for the field continue to grow.

Nice to meet you all!