2 Aug
Motivations for using Dependency Injections This is a follow-up post to Part 1 and Part 2 of the Android App Architecture series. While implementing this MVVM architecture, I had to create several classes that required dependencies on many other classes. Some of these classes produced boilerplate codes that needed to be repeated multiple times to initializes the dependencies. Soon I realized that this will only get worse as the app grows.
26 Jul
In the previous post Dev Journal #14 - App Architecture Part 1, we built a repository that overviews both the local database and the web service API to provide a single source of truth to the UI layer.
In this post, we will consume the data that we retrieved from this repository to present them as View objects on the screen. We will also follow reactive programming paradigm to continuously observe these view objects for any changes and update the UI accordingly.
20 Jun
Common architectural principles Here are two important architectural principles recommended by the Jetpack guide.
1. Separation of concerns The first and foremost principle is the separation of concerns. This is a fundamental principle that applies not only to Android but in all other areas of software development as well. The rule is simple; don’t create a giant block of code that handles everything. Try to break up each component into smaller units of code so that individual classes or functions have little to no overlap in their functionality.
13 Jun
Threads in Android Whenever an application launches, the Android system creates an execution thread which we often refer to as the main thread or the UI thread. This main thread is responsible for dispatching all events to the visual interface of the screen such as the input event or the layout inflation. Hence, if you try to share the main thread to work on any tasks that may be resource-intensive which may take more than several seconds to complete, it can hold up the UI event queue resulting in an unresponsive screen.
3 Apr
Navigation One of my favourite Android Jetpack libraries is the Navigation framework. Before the introduction of this library, you’d typically use intents or fragment transactions to switch between activities and fragments. With the new navigation component, you have a centralized place to define all the possible navigation paths between fragments and activities. It also takes care of backstack and type-safe argument passing (with gradle plugin). I’m mindblown to see how much the support library has progressed in the last couple of years 🤯
2 Apr
I took a long hiatus on this project due to a more pressing project at work. I think it turned out to be for the better. I gained a deeper understanding of full-stack development and despite having worked on a different framework, I should still be able to apply the same underlying principles that I have learned from my work. After abandoning the android project for over a year, I had to upgrade a lot of dependencies.
30 Jun 2019
I am slowly realizing how massive Django library really is. For every task, I can come up with multiple ways to implement it. I am mostly experiencing this while working with the view classes. Today I was working on creating the APIs for all the exercise related models I created back in post #8. But before I explain the views, I should first briefly go over the serializers.
Exercise Model Serializers There are just few pointers I wanted to mention about serializers since I reviewed most of it already when creating the UserProfileSerializer.
24 Jun 2019
Email change API is one of the essential authentication features that users will expect to see in most apps. It’s not included in Django’s auth module, so I had to build a custom one to handle the email change requests. The basic steps are as follows:
User must be logged in User requests email change (must provide credentials and the new email address) Server verifies credentials and checks that the new email is not taken by another user Server sends a confirmation email to the new email address User clicks on the email link to confirm the process The users will make the API request to the specified email change URL with the request body.
23 Jun 2019
Exercise Data Structure It’s time to tackle the exercise logging system 😤 Recall the ERD diagram from the previous post:
I purposefully left the DefaultSettings entity to be incomplete because I didn’t have a full understanding of what was going to be required when I initially mapped the entity. Since then, I have done some categorization exercises to understand my data better. Here is what I came up with:
17 Jun 2019
Wrapper Model Currently, I am using the Django’s built-in user model from the django.contrib.auth library. As I discussed earlier in my Dev Journal #4, this library provides a lot of tools for handling common authentication practices.
The default underlying auth_user table for the User model can already handle storing basic information about the user account. However, I will eventually need to save additional user information that is specific to my application as I continue developing.
8 Jun 2019
It’s only bodyweight, they said. It will be easy, they said.
- From “The most overlooked, underestimated and misleading statement Leo has ever heard."
Classifying (Upper) Bodyweight Exercises I want to take a little break from coding and brainstorm on exercise classifications. I am going to leave out the leg exercises to minimize complexity for now (shhhh just let it happen). I am actually not sure if I’ll ever implement the leg exercises tbh ¯\_(ツ)_/¯ If you are curious to know why I always skip leg day (ok, that’s a slight exaggeration), watch this video by Dan Jeong, Why I Always Skip Leg Day.
3 Jun 2019
Choosing the Client Platform The most common use case for this app would be during or right after a workout. I think it is fair to assume that most users will be on mobile. I decided to build a native Android app as the client interface because I personally prefer native app experience over web apps. I also wanted to learn Kotlin!
Logo and Launcher Icon It took me longer than I’d like to admit to come up with an idea for the logo.
3 Jun 2019
Django provides a very comprehensive authentication library that could be easily used out of the box. I organized a flow diagram which I will be referencing to build my authentication APIs.
New account After making a POST request with a username, an email and a password to /api/auth/register/, a new account will be created and the user will receive a confirmation email. At this point, the newly created account has not been activated.
2 Jun 2019
Entity Relationship Diagram Initial draft of ERD Exercise tracking consists of the four main entities: Users, Exercises, Sessions, and Logs. Users is the entity that will represent the user accounts and profile information. Exercises will hold information about each type of exercise that can be tracked. Sessions will represent each workout session. Finally, Logs will hold information of each set performed within the workout sessions.
In order to organize each workout so that I can query and create statistics, I must normalize the information into a separate table listed above.
1 Jun 2019
Finding Fitness Naming things are so hard. After giving it some thoughts, I decided to name my app Finding Fitness. I think it resonates with my initial motive of trying to find other calisthenics athletes to connect with, as well as its literal meaning of trying to find fitness in your lifestyle. It also contains alliteration which was very much intended.
Solution Stack Finding Fitness is going to be built with PostgreSQL database, Django REST Framework backend, and Android frontend.
31 May 2019
Introduction I know. It’s been overdone and the world doesn’t need another exercise app. But I need you to hear me out. Exercise tracking and I go way back. Ever since I started weight training, I’ve always kept a memo of my training logs on my phone. Every time I pulled out my phone to log, I kept wondering if I can find a smarter solution to track my workout sessions.
20 Apr 2019
2014 My brother took me to the gym for the very first time in the summer of 2014. Ed was preparing for the ROTP admission back then, so he had some experience with weight lifting. He taught me how to use the equipment and spotted me with basic exercises. I remember struggling to press an empty barbell which gave both of us a good laugh.
January 2015 When I returned to school the following September, I started hitting the gym 2~3 times a week regularly.
4 Oct 2018
By Olga Slizovskaia and Leo Kim
What brought us all together at Jeju We were very fortunate to have been part of the Deep Learning Camp Jeju 2018, organized by Tensorflow Korea for one whole month of July. The camp was held in Jeju, a beautiful island located just south of the Korean peninsula, where 24 lucky applicants from all over the world gathered to work on their research projects. We had never met prior to this camp, but our mentor Terry Um was quick to find out that we shared similar interests, and paired us up to work as a team.
3 Jan 2017
July 16 2017
4 km run
July 15 2017
Pull Ups : 8 sets BB Rows : 5 sets Lat Pulldown : 5 sets Cable Rows : 5 sets DB Rear Delt Raises : 3 sets
July 13 2017
Bench Press : 6 sets Dips : 4 sets Hanging Leg Raises : 3 sets BB Overhead Press : 3 sets BB Behind Neck Press : 3 sets BB Front Raises : 3 sets BB Upright Rows : 3 sets
1 Oct 2016
The setuid binary at /home/flag10/flag10 binary will upload any file given, as long as it meets the requirements of the access() system call.
To do this level, log in as the level10 account with the password level10. Files for this level can be found in /home/flag10.
basic.c
#include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host; if(argc < 3) { printf("%s file host\n\tsends file to host if you have access to it\n", argv[0]); exit(1); } file = argv[1]; host = argv[2]; if(access(argv[1], R_OK) == 0) { int fd; int ffd; int rc; struct sockaddr_in sin; char buffer[4096]; printf("Connecting to %s:18211 .
9 Sep 2016
There’s a C setuid wrapper for some vulnerable PHP code…
To do this level, log in as the level09 account with the password level09. Files for this level can be found in /home/flag09.
level09.php
<?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me) { $contents = file_get_contents($filename); $contents = preg_replace("/(\[email (.*)\])/e", "spam(\"\\2\")", $contents); $contents = preg_replace("/\[/", "<", $contents); $contents = preg_replace("/\]/", ">", $contents); return $contents; } $output = markup($argv[1], $argv[2]); print $output; ?
8 Sep 2016
World readable files strike again. Check what that user was up to, and use it to log into flag08 account.
To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08.
Pcap (Packet Capture) file holds the network activity history. Using the tcpflow command, we will read the pcap file with -r option and output the result to console with -c option.
7 Sep 2016
The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server.
To do this level, log in as the level07 account with the password level07. Files for this level can be found in /home/flag07.
index.cgi
#!/usr/bin/perl use CGI qw{param}; print "Content-type: text/html\n\n"; sub ping { $host = $_[0]; print("<html><head><title>Ping results</title></head><body><pre>"); @output = `ping -c 3 $host 2>&1`; foreach $line (@output) { print "$line"; } print("</pre></body></html>"); } # check if Host set.
5 Sep 2016
The flag06 account credentials came from a legacy unix system.
To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06.
The hint is in the fact that flag06 account credentials came from a legacy unix system. Traditionally the encrypted passwords were stored under /etc/passwd which can be read by everyone. Nowadays, the password section of that file would be displayed with plain “x”.
4 Sep 2016
Check the flag05 home directory. You are looking for weak directory permissions
To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05.
Exploiting the weak directory permissions on .backup files of flag05 user, we can ssh using the identity file id_rsa found in the .ssh folder.
3 Sep 2016
This level requires you to read the token file, but the code restricts the files that can be read. Find a way to bypass it :)
To do this level, log in as the level04 account with the password level04. Files for this level can be found in /home/flag04.
level4.c
#include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> int main(int argc, char **argv, char **envp) { char buf[1024]; int fd, rc; if(argc == 1) { printf("%s [file to read]\n", argv[0]); exit(EXIT_FAILURE); } if(strstr(argv[1], "token") !
29 Aug 2016
Check the home directory of flag03 and take note of the files there.
There is a crontab that is called every couple of minutes.
To do this level, log in as the level03 account with the password level03. Files for this level can be found in /home/flag03.
In the /home/flag03 directory, we can find one shell script and a sub directory. The script simply deletes every item in the /home/flag03/writable.
28 Aug 2016
There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?
To do this level, log in as the level02 account with the password level02. Files for this level can be found in /home/flag02.
level2.c
#include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> int main(int argc, char **argv, char **envp) { char *buffer; gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid(gid, gid, gid); setresuid(uid, uid, uid); buffer = NULL; asprintf(&buffer, "/bin/echo %s is cool", getenv("USER")); printf("about to call system(\"%s\")\n", buffer); system(buffer); } Simply hijack USER with your system call.
27 Aug 2016
There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?
To do this level, log in as the level01 account with the password level01. Files for this level can be found in /home/flag01.
level1.c
#include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> int main(int argc, char **argv, char **envp) { gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid(gid, gid, gid); setresuid(uid, uid, uid); system("/usr/bin/env echo and now what?
26 Aug 2016
This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories.
Alternatively, look at the find man page.
To access this level, log in as level00 with the password of level00.
Key to solving this level is understanding the concept of SUID and GUID.
26 Aug 2016
Download iso Install virtualization software Boot image file
4 Jan 2016
December 14 2016
Bench Press : 5 sets BB Overhead Press : 6 sets DB Overhead Press : 5 sets DB Side Lateral Raises : 8 sets
December 13 2016
Squats : 8 sets Hip Abductor Hip Adductor Lateral Band Walk Sled Push
December 12 2016
Bench Press : 7 sets DB Incline Press : 5 sets Cable Fly : 4 sets BB Skull Crushers : 4 sets
28 Dec 2014
December 22 2015
Pull Ups : 5 x f Bench Press : 85 1 x 10 95 1 x 5 105 1 x 5 115 1 x 5 125 1 x 2 130 1 x 1 135 1 x 1 (PR) 115 1 x f 105 1 x f 95 1 x f Deadlift : 135 1 x 5 155 1 x 5 175 1 x 4 135 1 x 10 DB Overhead Press : 30 1 x 8 30 1 x 7 30 1 x 6 30 1 x 5 20 1 x f DB Curls
1 Jan 0001
Welcome to my blog!
Sometimes I document things that I’ve recently learned here.
They’re mostly about programming 💻 and fitness 🏋️ as those two are what I’m most passionate about.
One of the best ways to reinforce my learning is by trying to teach it to somebody else.
I found that technical writing is an excellent way to do this.
If Google sent you here, I hope you found your answer.