The Grind

It’s getting into the thick of the term now and things are getting busy. As of now I’m trying to balance being a new dad/husband, increased responsibilities during the 45 hour work week, and increased workload from the 11 credits I’m taking. I’ve been in school now a combination of part time and full time for 7 years, this is my 8th. I’m extremely excited about graduating and I’m optimistic about how my work experience, combined with my experience at OSU can help further my career. I dream of the day where I only have to work and don’t have to take classes anymore. While I have enjoyed my CS classes throughout my education, I’m ready to start coding more at work, and less in my hours outside of work. Even though life is busy, work has been very exciting recently!

Automating My Job

Right now there are not a lot of new developments with my senior project. So it seems like an opportune time to discuss some of the exciting things I have been doing during my day job. I currently am a service desk technician, but my workplace has been very receptive to improving processes using scripting, or any other method I come up with. I started learning some PowerShell in my spare time at work, and I found that it’s basically a programming language. To me, it really codes codes like a combination of Python and C++, two languages I’m very familiar with. I knew that it was a scripting language but I did not understand it’s capability to make such advanced programs/scripts.

Using PowerShell has been exhilarating and inspiring so far. I was able to take an existing script that was probably 300-400 lines of code used to create ActiveDirectory users that my organization had, and improve on it drastically. The project is now north of 4000 lines of code and automates essentially the entire user creation process for Active Directory. Office365, and AzureAD. I was able to use a PowerShell Module to import data that defines what permissions and licenses users get. The script I created uses some of my knowledge of control flow, data validation, and advanced data structures like nested hashes. This has been a fantastic project that I will certainly bring up when interviewing for future jobs.

Gitting better with Git

The PowerShell Script I wrote for work was a huge learning experience. It was the first time I had ever worked on such a large project. It was especially challenging because not only was I learning PowerShell and learning some of the oddities with ActiveDirectory, but I was also learning how to better use source control and trying to utilize Project Management Software as best I could.

I had done some of these things in classes, but for me, until you do it in the real world with a project where source control actually makes sense, it’s difficult to really learn how to use it best. I reached out to some friends and did some research on best practices and I know I’ve come a long way with using source control. I finally see the value of source control for real, it has saved me several times when I have accidentally made a mistake. My favorite method of using source control so far is to use a structure similar to this:

In this diagram, the black center line is the main branch that contains the working version of the code and the colored lines are different branches. Whenever I want a new feature implemented, I create a copy of the working branch, develop on it with multiple commits. When a branch/feature is completed, I merge it into the main branch. If I’m working on another branch that was copied at the time before the most current merge, it’s simple enough to just pull the changes from my most recent commit and my active branch will update. This makes it easy to separate different features and implement them into the main branch when I want to.

I’ve also learned how to use tags and versioning. Tags have been been useful for when I reach a “checkpoint” in my code. They allow me to easily define certain features that I’ve implemented, and allow me to keep a script version. With each version having a certain amount of changes. The most beneficial thing I’ve learned here is how to properly version software, and how to write patch notes and how to best communicate that to the team that will use them.

Updates on TransferMe

The experience I’ve had from work building a large PowerShell script makes me excited for the time where I can work on a large scale project with my 2 teammates. We are going to be setting up our development environment soon, adding notes to our Trello board, and getting our GitHub repository set up. I did some more research on the cryptography side. My teammates have been researching the website design and the database design. It will be exciting to work together to build a large scale project that we can all be proud of!

TransferMe!

A great deal was accomplished this week, we have finally chosen a name, TransferMe! We are hoping to get the URL Transfer.me but it’s unclear whether it is available. The team agreed that this name is equally descriptive of the product, short enough to remember, and rolls well off the tongue. We used our Trello board to brainstorm names and this is the one we collectively decided on. We have started using our communication platform Teams and Trello collectively. Turns out, the Trello board has an extension for Teams that allows us to do everything within the Teams app. I’m loving the setup so far!

The First Conflict

This past week we developed some of the project requirements. We had a team assignment that required us to write a 2000-4000 word document that described goals needed to complete the project in more detail. This also required that research be done on different frameworks and technologies we will use, as well as brainstorming some UI concepts and overall flows of the program. We encountered our first minor ‘conflict’ as a group, at least it was a conflict in my eyes; but I am proud of the way we handled it. I sent out a message to the Team 5 days prior to the due date about collaborating on the document and long story short, I received no response until 2 days prior to the due date. I stated that we need to communicate better going forward, and coordinated a meeting time to go over some of the group decisions, in the end I think we all contributed to the assignment equally and we will be a better team going forward because of this!

Moving Forward

After completing the project documents, we are onto the next iteration of planning. We scheduled a meeting and discussed some of the technologies we will need to use for the project. To me, the most daunting part of the project isn’t writing the code, but knowing where to begin and what pieces of the project to work on first. During the meeting, we discussed the cryptography method we plan to use, as well as the database, the framework, the source control, and the IDE we will be using for the project.

For cryptography, we plan on using Diffie-Hellman Key Exchange and ElGamal. We are hopeful that we can use Diffie-Hellman once to establish a secure connection between two people, then on future transfers, we can use ElGamal to achieve adequate security and efficiency. I’m sure there will be challenges as we implement this, but we plan to use a Framework called BouncyCastle which has a highly regarded cryptography library for C#, the language we will be using for the project.

For the database to store files, one of our team members is familiar with an open source database platform called MariaDB. MariaDB acts as a MySql databse so the language will not be difficult for newcomers to work with assuming they have had a small bit of Sql experience (which I have)! The framework, as discussed in the previous blog will be Blazor, a C# web framework that will allow us to build our site using WebAssembly. WebAssembly will be beneficial to us because all C# code is run as assembly language locally on the system. This makes for a fast, responsive web page as well as generating code that is not viewable in the devtools in the browser.

For source control, we will be using Git and GitHub to manage our project. I’m really excited to work with multiple developers on a large scale project. As of now, I’ve only used source control for projects that I have been the sole developer. I can imagine on a large scale project with multiple developers, things could get complicated if not everyone is in agreement with how to use the product. Once we get the development environment setup we will have to have another meeting to discuss how we will utilize source control in the most efficient manner. The IDE we will be using is Visual Studio. This seemed like the simplest choice since the program, the framework, and the language are all written by Microsoft. I believe this is the best choice.

What’s To Come

Our next assignment for the course is an individual assignment, but will aid in a better understanding of the different technologies we will use. This is the first time we will begin setting up the development environment together. I will plan to try coordinating a meeting with the team to discuss who wants to work on what. What I think the team needs most is to develop some type of diagram that will give an overview of the different components and their functions. Something like this diagram, but with specs relevant to our project.

I’m hoping that soon we will all get the development environment setup, a diagram drawn, source control established, and have a final meeting so that we can really start planning the development of this project. I get the feeling it may take longer than we expect…

Name TBD

This week, we had their first two meetings with both of our project sponsors. A bit unexpected, but our project sponsor was a former student who completed the entire project last year. The project was intended to be taken down but was not. Long story short, my team will be recreating the same project from scratch! We will be modifying the project requirements slightly, but the main concept will still be the same. Since the project sponsor was a former student who was not expecting to be a sponsor, we will be working partly with the student and partly with our instructor throughout the year. The good news is we have more flexibility in what we create. The bad news is, we have to start completely from scratch. Now, we must also come up with a new name for our project. Hence the title of this blog post, Name TBD.

First Impressions

Our first meeting was with the former student who initially proposed the project. Thankfully, they were kind enough to assist us in developing project requirements and even offered to help us if we got seriously stuck. They gave us beneficial advice about using trusted cryptography libraries, so we do not have to reinvent the wheel. Our sponsor also gave us advice on a specific framework for .NET and WebAssembly which they used in the project. The framework is Blazor. This framework is intriguing because it enables us to use mostly C# for web development. With traditional web design, the languages used are mostly HTML, CSS, and Javascript . While there will still be a need to use some of the traditional web design tools, using a framework like Blazor will give us increased flexibility which will allow us to spend more time learning the C# language and the .NET framework.

Second Impressions

Out next meeting was with our professor, Bill Pfeil. We went over the project requirements and stretch goals. Which as of now, are:

Project Requirements & Goals

Bill gave us solid feedback on the project scope and encouraged us to accomplish the stretch goal peer-to-peer transfers. Overall, he though this was a great project choice for a senior project. My teammates and I have some background in security which makes us ideal candidates for this project. As it stands, it appears I have taken the most security classes, being the only one who’s taken Cryptography, Defense against the Dark Arts and Intro to Security at Oregon State. I am excited to apply some of the theoretical knowledge I learned in the Cryptography course into this project. Specifically the stretch goal of implementing Diffie-Hellman key exchange.

Next Steps

The next steps I’m hoping to accomplish with my team is to start developing a UML-like diagram to outline the different components of our project. Since most of us have not worked on a project with this big of scale, I believe understanding how different components of our software will interact with each other will be critical in maintaining good development speed. We also need to further define our project requirements down to the small details and start thinking about other questions we have. I’m hoping we can start development sometime around the end of winter term. If we can get an adequate development plan in place, we may even be able to begin work during winter break!

The Beginning

The time is finally here! I have been assigned my senior project! I’ve been excited and anxious for this time since I started at OSU 2 years ago. At this point, being nearly done with all my classes, I’m mostly excited. My team and I will be working on rewriting a website called Crypter. Crypter is a free encryption platform that allows users to encrypt messages and files, then send them to whoever they wish. The caveat is, the user has to send the decryption information to the recipient manually.

I’ve actually wanted to use something like this in the past but did not know of any viable free solutions. Maybe Crypter can be that solution. I can’t count how many times in the past I’ve looked at job offers or contracts and they require a Social Security Number sent back in a PDF via email. Since email typically uses SMTP, none of this data is encrypted and could be susceptible to packet sniffing. Crypter could be an answer to that problem.

Another benefit of Crypter is that it doesn’t require an account and it is very simple to use. If anyone reading wants to try this out, feel free. Just head over to https://crypter.dev and test it out. The process is very straightforward and doesn’t require any sign up. To encrypt files:
1. Choose a message or file to encrypt
2. Select Encrypt
3. Copy the link and the decryption key
4. Send to the recipient or decrypt it in a different tab.

Here are some snippets of the process

After selecting “Decrypt your message” Crypter shows the original message, as long as the decryption key was correct.

Why Crypter?

I selected Crypter as one of my top options because I am excited to learn more about the .NET Framework, and I’ve also taken several classes in the security realm. .NET development excites me because I believe it will become increasingly in demand for software developers in the future since it is so simple to install and run applications on any system, as long as they have the appropriate .NET framework version. I know several colleagues, friends and acquaintances who work for organizations using almost strictly C# and the .NET framework. In my career, I’ve had the opportunity to develop a few small projects in C# and have gotten to see the benefits of .NET but I’m hoping to become more proficient going forward.

During my time in IT, I’ve gotten to explore various aspects of computer security which has always been fascinating. More recently, I’ve taken cryptography, along with other security classes at OSU that I feel will be helpful when working on the implementation details for this website. In my career, I’ve seen sophisticated malware, seen how YARA signatures are created to protect against malware, and most importantly for this project, how files are encrypted and decrypted using certain cryptographic functions.

Questions & Ideas

Currently, I have a few questions that I hope can be answered during our first few meetings with our project sponsor. The first one would be knowing what encryption scheme is used to encrypt the message and is it collision resistant? The other, which isn’t necessarily a question about Crypter itself, the user has to share the key with it’s recipient, how can they do that in a safe way? Maybe a solution could be: once a user creates an account, there could be an encrypted messaging platform, so the user could have a seamless experience sending the message to it’s recipient. As of now, I could see someone encrypting a message, then emailing or sending it using another chat form that is unencrypted, which completely defeats the purpose. This isn’t an issue with Crypter in itself, but I’m curious what the ideal flow would be for a user.

I’m excited to keep this blog updated as I work with my team to develop solutions and get some of these questions answered! See you next week!