Dev Journal #15 - App Architecture Part 2

In the previous post Dev Journal #14 - App Architecture Part 1, we built a repository that overviews both the local database and the web service API to provide a single source of truth to the UI layer. In this post, we will consume the data that we retrieved from this repository to present them as View objects on the screen. We will also follow reactive programming paradigm to continuously observe these view objects for any changes and update the UI accordingly.
Continue reading ...


Dev Journal #14 - App Architecture Part 1

Common architectural principles Here are two important architectural principles recommended by the Jetpack guide. 1. Separation of concerns The first and foremost principle is the separation of concerns. This is a fundamental principle that applies not only to Android but in all other areas of software development as well. The rule is simple; don’t create a giant block of code that handles everything. Try to break up each component into smaller units of code so that individual classes or functions have little to no overlap in their functionality.
Continue reading ...


Dev Journal #13 - Asynchronous Programming

Threads in Android Whenever an application launches, the Android system creates an execution thread which we often refer to as the main thread or the UI thread. This main thread is responsible for dispatching all events to the visual interface of the screen such as the input event or the layout inflation. Hence, if you try to share the main thread to work on any tasks that may be resource-intensive which may take more than several seconds to complete, it can hold up the UI event queue resulting in an unresponsive screen.
Continue reading ...


Dev Journal #12 - AndroidX Navigation

Navigation One of my favourite Android Jetpack libraries is the Navigation framework. Before the introduction of this library, you’d typically use intents or fragment transactions to switch between activities and fragments. With the new navigation component, you have a centralized place to define all the possible navigation paths between fragments and activities. It also takes care of backstack and type-safe argument passing (with gradle plugin). I’m mindblown to see how much the support library has progressed in the last couple of years 🤯
Continue reading ...


Dev Journal #11 - Model View ViewModel (MVVM)

I took a long hiatus on this project due to a more pressing project at work. I think it turned out to be for the better. I gained a deeper understanding of full-stack development and despite having worked on a different framework, I should still be able to apply the same underlying principles that I have learned from my work. After abandoning the android project for over a year, I had to upgrade a lot of dependencies.
Continue reading ...


Dev Journal #10 - More than One Way to Skin the Cat

I am slowly realizing how massive Django library really is. For every task, I can come up with multiple ways to implement it. I am mostly experiencing this while working with the view classes. Today I was working on creating the APIs for all the exercise related models I created back in post #8. But before I explain the views, I should first briefly go over the serializers. Exercise Model Serializers There are just few pointers I wanted to mention about serializers since I reviewed most of it already when creating the UserProfileSerializer.
Continue reading ...


Dev Journal #9 - Email Change API

Email change API is one of the essential authentication features that users will expect to see in most apps. It’s not included in Django’s auth module, so I had to build a custom one to handle the email change requests. The basic steps are as follows: User must be logged in User requests email change (must provide credentials and the new email address) Server verifies credentials and checks that the new email is not taken by another user Server sends a confirmation email to the new email address User clicks on the email link to confirm the process The users will make the API request to the specified email change URL with the request body.
Continue reading ...


Dev Journal #8 - Exercise Log Data Strucutre

Exercise Data Structure It’s time to tackle the exercise logging system 😤 Recall the ERD diagram from the previous post: I purposefully left the DefaultSettings entity to be incomplete because I didn’t have a full understanding of what was going to be required when I initially mapped the entity. Since then, I have done some categorization exercises to understand my data better. Here is what I came up with:
Continue reading ...


Dev Journal #7 - Extending the User Model

Wrapper Model Currently, I am using the Django’s built-in user model from the django.contrib.auth library. As I discussed earlier in my Dev Journal #4, this library provides a lot of tools for handling common authentication practices. The default underlying auth_user table for the User model can already handle storing basic information about the user account. However, I will eventually need to save additional user information that is specific to my application as I continue developing.
Continue reading ...


Dev Journal #6 - Classifying Bodyweight Exercises

It’s only bodyweight, they said. It will be easy, they said. - From “The most overlooked, underestimated and misleading statement Leo has ever heard." Classifying (Upper) Bodyweight Exercises I want to take a little break from coding and brainstorm on exercise classifications. I am going to leave out the leg exercises to minimize complexity for now (shhhh just let it happen). I am actually not sure if I’ll ever implement the leg exercises tbh ¯\_(ツ)_/¯ If you are curious to know why I always skip leg day (ok, that’s a slight exaggeration), watch this video by Dan Jeong, Why I Always Skip Leg Day.
Continue reading ...


Dev Journal #5 - Login and Registration Client Interface

Choosing the Client Platform The most common use case for this app would be during or right after a workout. I think it is fair to assume that most users will be on mobile. I decided to build a native Android app as the client interface because I personally prefer native app experience over web apps. I also wanted to learn Kotlin! Logo and Launcher Icon It took me longer than I’d like to admit to come up with an idea for the logo.
Continue reading ...


Dev Journal #4 - Django Authentication Flow

Django provides a very comprehensive authentication library that could be easily used out of the box. I organized a flow diagram which I will be referencing to build my authentication APIs. New account After making a POST request with a username, an email and a password to /api/auth/register/, a new account will be created and the user will receive a confirmation email. At this point, the newly created account has not been activated.
Continue reading ...


Dev Journal #3 - ERD and Data Normalization

Entity Relationship Diagram Initial draft of ERD Exercise tracking consists of the four main entities: Users, Exercises, Sessions, and Logs. Users is the entity that will represent the user accounts and profile information. Exercises will hold information about each type of exercise that can be tracked. Sessions will represent each workout session. Finally, Logs will hold information of each set performed within the workout sessions. In order to organize each workout so that I can query and create statistics, I must normalize the information into a separate table listed above.
Continue reading ...


Dev Journal #2 - Finding Fitness

Finding Fitness Naming things are so hard. After giving it some thoughts, I decided to name my app Finding Fitness. I think it resonates with my initial motive of trying to find other calisthenics athletes to connect with, as well as its literal meaning of trying to find fitness in your lifestyle. It also contains alliteration which was very much intended. Solution Stack Finding Fitness is going to be built with PostgreSQL database, Django REST Framework backend, and Android frontend.
Continue reading ...


Dev Journal #1 - Yet Another Fitness App?!?

Introduction I know. It’s been overdone and the world doesn’t need another exercise app. But I need you to hear me out. Exercise tracking and I go way back. Ever since I started weight training, I’ve always kept a memo of my training logs on my phone. Every time I pulled out my phone to log, I kept wondering if I can find a smarter solution to track my workout sessions.
Continue reading ...


Starting From Untrained to Becoming an Intermediate Lifter

2014 My brother took me to the gym for the very first time in the summer of 2014. Ed was preparing for the ROTP admission back then, so he had some experience with weight lifting. He taught me how to use the equipment and spotted me with basic exercises. I remember struggling to press an empty barbell which gave both of us a good laugh. January 2015 When I returned to school the following September, I started hitting the gym 2~3 times a week regularly.
Continue reading ...


Music Source Separation with TPU at Deep Learning Camp Jeju 2018

By Olga Slizovskaia and Leo Kim What brought us all together at Jeju We were very fortunate to have been part of the Deep Learning Camp Jeju 2018, organized by Tensorflow Korea for one whole month of July. The camp was held in Jeju, a beautiful island located just south of the Korean peninsula, where 24 lucky applicants from all over the world gathered to work on their research projects. We had never met prior to this camp, but our mentor Terry Um was quick to find out that we shared similar interests, and paired us up to work as a team.
Continue reading ...


2017 Log

July 16 2017 4 km run July 15 2017 Pull Ups : 8 sets BB Rows : 5 sets Lat Pulldown : 5 sets Cable Rows : 5 sets DB Rear Delt Raises : 3 sets July 13 2017 Bench Press : 6 sets Dips : 4 sets Hanging Leg Raises : 3 sets BB Overhead Press : 3 sets BB Behind Neck Press : 3 sets BB Front Raises : 3 sets BB Upright Rows : 3 sets
Continue reading ...


Exploit Exercises Nebula level10

The setuid binary at /home/flag10/flag10 binary will upload any file given, as long as it meets the requirements of the access() system call. To do this level, log in as the level10 account with the password level10. Files for this level can be found in /home/flag10. basic.c #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host; if(argc < 3) { printf("%s file host\n\tsends file to host if you have access to it\n", argv[0]); exit(1); } file = argv[1]; host = argv[2]; if(access(argv[1], R_OK) == 0) { int fd; int ffd; int rc; struct sockaddr_in sin; char buffer[4096]; printf("Connecting to %s:18211 .
Continue reading ...


Exploit-Exercises Nebula level09

There’s a C setuid wrapper for some vulnerable PHP code… To do this level, log in as the level09 account with the password level09. Files for this level can be found in /home/flag09. level09.php <?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me) { $contents = file_get_contents($filename); $contents = preg_replace("/(\[email (.*)\])/e", "spam(\"\\2\")", $contents); $contents = preg_replace("/\[/", "<", $contents); $contents = preg_replace("/\]/", ">", $contents); return $contents; } $output = markup($argv[1], $argv[2]); print $output; ?
Continue reading ...


Exploit-Exercises Nebula level08

World readable files strike again. Check what that user was up to, and use it to log into flag08 account. To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08. Pcap (Packet Capture) file holds the network activity history. Using the tcpflow command, we will read the pcap file with -r option and output the result to console with -c option.
Continue reading ...


Exploit-Exercises Nebula level07

The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server. To do this level, log in as the level07 account with the password level07. Files for this level can be found in /home/flag07. index.cgi #!/usr/bin/perl use CGI qw{param}; print "Content-type: text/html\n\n"; sub ping { $host = $_[0]; print("<html><head><title>Ping results</title></head><body><pre>"); @output = `ping -c 3 $host 2>&1`; foreach $line (@output) { print "$line"; } print("</pre></body></html>"); } # check if Host set.
Continue reading ...


Exploit-Exercises Nebula level06

The flag06 account credentials came from a legacy unix system. To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06. The hint is in the fact that flag06 account credentials came from a legacy unix system. Traditionally the encrypted passwords were stored under /etc/passwd which can be read by everyone. Nowadays, the password section of that file would be displayed with plain “x”.
Continue reading ...


Exploit-Exercises Nebula level05

Check the flag05 home directory. You are looking for weak directory permissions To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05. Exploiting the weak directory permissions on .backup files of flag05 user, we can ssh using the identity file id_rsa found in the .ssh folder.

Exploit-Exercises Nebula level04

This level requires you to read the token file, but the code restricts the files that can be read. Find a way to bypass it :) To do this level, log in as the level04 account with the password level04. Files for this level can be found in /home/flag04. level4.c #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> int main(int argc, char **argv, char **envp) { char buf[1024]; int fd, rc; if(argc == 1) { printf("%s [file to read]\n", argv[0]); exit(EXIT_FAILURE); } if(strstr(argv[1], "token") !
Continue reading ...


Exploit-Exercises Nebula level03

Check the home directory of flag03 and take note of the files there. There is a crontab that is called every couple of minutes. To do this level, log in as the level03 account with the password level03. Files for this level can be found in /home/flag03. In the /home/flag03 directory, we can find one shell script and a sub directory. The script simply deletes every item in the /home/flag03/writable.
Continue reading ...


Exploit-Exercises Nebula level02

There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it? To do this level, log in as the level02 account with the password level02. Files for this level can be found in /home/flag02. level2.c #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> int main(int argc, char **argv, char **envp) { char *buffer; gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid(gid, gid, gid); setresuid(uid, uid, uid); buffer = NULL; asprintf(&buffer, "/bin/echo %s is cool", getenv("USER")); printf("about to call system(\"%s\")\n", buffer); system(buffer); } Simply hijack USER with your system call.
Continue reading ...


Exploit-Exercises Nebula level01

There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it? To do this level, log in as the level01 account with the password level01. Files for this level can be found in /home/flag01. level1.c #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> int main(int argc, char **argv, char **envp) { gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid(gid, gid, gid); setresuid(uid, uid, uid); system("/usr/bin/env echo and now what?
Continue reading ...


Exploit-Exercises Nebula level00

This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories. Alternatively, look at the find man page. To access this level, log in as level00 with the password of level00. Key to solving this level is understanding the concept of SUID and GUID.
Continue reading ...


Exploit-Exercises Setup

Download iso Install virtualization software Boot image file

2016 Log

December 14 2016 Bench Press : 5 sets BB Overhead Press : 6 sets DB Overhead Press : 5 sets DB Side Lateral Raises : 8 sets December 13 2016 Squats : 8 sets Hip Abductor Hip Adductor Lateral Band Walk Sled Push December 12 2016 Bench Press : 7 sets DB Incline Press : 5 sets Cable Fly : 4 sets BB Skull Crushers : 4 sets
Continue reading ...


2015 Log

December 22 2015 Pull Ups : 5 x f Bench Press : 85 1 x 10 95 1 x 5 105 1 x 5 115 1 x 5 125 1 x 2 130 1 x 1 135 1 x 1 (PR) 115 1 x f 105 1 x f 95 1 x f Deadlift : 135 1 x 5 155 1 x 5 175 1 x 4 135 1 x 10 DB Overhead Press : 30 1 x 8 30 1 x 7 30 1 x 6 30 1 x 5 20 1 x f DB Curls
Continue reading ...


Hello World

Welcome to my blog! Sometimes I document things that I’ve recently learned here. They’re mostly about programming 💻 and fitness 🏋️ as those two are what I’m most passionate about. One of the best ways to reinforce my learning is by trying to teach it to somebody else. I found that technical writing is an excellent way to do this. If Google sent you here, I hope you found your answer.
Continue reading ...