DEV Community: Pedro Matias de Araujo

Adding badges to your Github profile

Pedro Matias de Araujo — Tue, 09 Mar 2021 18:03:08 +0000

Badges are a great way to measure professional skills, so why not put them on your GitHub profile?

Recently, I started looking for ways to improve my professional skills and with that, I gained several Acclaim badges that are easily shared on LinkedIn, but not so easily shared on Github. And that led me to think of easy ways to automate this.

Over time, I became a huge fan of automation.

In programming and day-to-day tasks, It’s important not to waste time on rework.

I was already thinking about automatically updating my Github with these badges as I said before and this mentality joined my desire to create a project where I could learn more about creating actions on Github.

This is a good way to show more effectively what I am studying and still have the opportunity to learn more in the process, consequently generating value for what I am doing.

Creation the code

I started to study the Acclaim to see if there were any APIs to receive these values, but I didn’t find anything for the user, just for organizations.

As it was only necessary the name, the image, and possibly the link of the badge I had the idea of using a web scraping on the public website to include the values that I needed. And it worked very well, with that I was able to receive the values and generate HTML tags for the markdown.

But there was still the challenge of creating action on Github and the problem was simpler than I thought. Was just create an action.yml, put all my code in the docker and it worked as expected.

Using

Setting up on your GitHub profile is simple, you just need to do this:

hit New workflow, set up a workflow yourself, delete all the default content GitHub made for you.
Copy the following code and paste it to the new workflow you created at step 1:

name: Update badges

on:
  schedule:
    # Runs at 2am UTC
    - cron: "0 2 * * *"
jobs:
  update-readme:
    name: Update Readme with badges
    runs-on: ubuntu-latest
    steps:
      - name: Badges - Readme
        uses: pemtajo/badge-readme@master
          ACCLAIM_USER: <username_acclaim> # optional, but default will use the same from github

Add a comment to your README.md like this:

<!--START_SECTION:badges-->
<!--END_SECTION:badges-->

The result will look like this

https://github.com/pemtajo

How to contribute

pemtajo/badge-readme

How American football makes me a better developer

Pedro Matias de Araujo — Fri, 21 Jun 2019 15:53:00 +0000

I had never heard of American football until I started my undergraduate degree in computer science.

I was living for the first time alone, in another city, being a new guy in a new place, so when a friend asked me if I wanted to start training on the new football team, I thought "ok, why not?" and that changed my whole life.

Why changed?

I trained at Maringá Pyros for five years. On the team I was a RB / WR, after that, I was a football judge for a year, and after a few years I became a sports commentator for a local radio station in Brazil, where I learned a lot about things that help me until now in my professional life.

Workgroup

How football is a collective sport, teamwork is essential to make things work. Jointly it is essential to train, coordinate and engage the team as a whole to make the plays successful and consequently win the game. I find it amazing how in the same way that it works in football, in a software team, everyone has to be aligned to ensure the success of an operation.

Motivation

It's simple if you're an 80 kg guy with the ball in the middle of the field and the only way to bet on the game is to hit a guy with 150 kg, what do you do? Do you stop? You cry? Do you give up or come back? There are no such options, the only way is to move forward, the whole team trusts you, the whole team is doing their best so you can do your best job, all you have to do is give it all of yourself .

How can the last situation be applied to a software team? The principle is the same.
If you have a problem, you can not just stop and give up. You can not drop everything and fail with your team. You need to trust on the team you have on your side and you have to do your best to jointly complete the task and make things work.

Competition

The biggest competition is not against the other peers, the biggest competition that exists is you against you. You should seek your best every day, seek out your weaknesses and make them better day by day, seek your strength and train your skills every day. You have to give everything you have, every second and every moment of your life.

But here's an important tip, I'm not saying to exhaust your mind and push beyond your limits, I'm telling you to take care of your brain and your abilities as a muscle, they need rest, they need good nutrition and also need good training. Having the mentality of an athlete is important, for learn to respect your limits and improve yourself.

Leadership

I'm not a leader, but I'm always looking to encourage and motivate the team that I'm a part of. At times we need to inject motivation into our team, we need everyone to keep fighting and sometimes you can be the determining factor for your team not to give up. Even without being a leader, I'm always willing to hold everyone and help everyone.
Being in an office is not much different than being on a sideline. The sideline is much more emotional and there we can scream, encourage and help everyone at the base of the scream. While in the office, you can't shout to motivate someone. But it is important for you to do the same job of encouraging your colleague and boosting colleague morale when he has to deal with a two-week bug.
I'm good at it? No. But I'm always trying.

Communication

This is a new skill that I am having to improve in my life, I have never been a good communicator and I have accepted the challenge of improving it. I significantly improved my speech when I started a job as a sports commentator. In the first audios I did, I needed to write and read so I could record. And yet it took several audios to conquer more or less what I thought acceptable. I could not think and speak at the same time. And it took a lot of training to get better.

Now, I'm significantly improving the way I speak and hitting the tone of my voice, I am not perfect, but now I believe that little by little I am getting better than yesterday. And that has had an impact on my work as well, speaking clearly, with a clear tone of voice and being able to pass on to the other what I'm saying clearly is a skill that makes all the difference at work.
For me it was a great victory.

Responsibility

I failed with my team several times, three times I had the ball to win the game and I failed. I've already failed everyone who trusts me, and I've never put my mistake in anyone else.

There is no excuse, no matter the reason, if I failed, I take full responsibility for it.

This is yet another teaching of American football that has made a big impact on my life of dev because the principle is the same, you should never put other people in responsibility for your mistakes. I prefer to sleep well at night, knowing that I have made the right choice and knowing that I can improve so that these mistakes do not happen anymore.

The game

The sport is incredible, and the more you learn, the more you have to study. Making the right decision in milliseconds of pressure, keeping calm is what separates a good player from incredible players.

Parallel to development, this skill makes a big difference to enable you to do a good job even when the sky is on fire.

So I write those words to show you that other activities that have nothing to do with the work itself can make you a better developer. If you have other hobbies that have improved your developer work, put in the comments below and let's talk.

Cheers.

Creating a blockchain with less 100 code lines

Pedro Matias de Araujo — Wed, 03 Apr 2019 01:40:48 +0000

Creating a blockchain with less than 100 code lines

Photo by Thought Catalog on Unsplash

The basic concept of blockchain is very simple: a distributed database that maintains a continuously growing list of ordered records.

The blockchain is a term normally associated with Bitcoin and/or Ethereum, but blockchain is more than that, blockchain is the technology behind these, and behind any other cryptocurrency.

There is a lot of other’s uses for blockchain, per example, games (CryptoKitties) or also blockchain+IOT(Internet of things), and this is just the start for the technology.

One simply image about the blockchain’s concept

The blockchain is, like the name said, one chain of blocks, so, we have the first class, the Block.

In this stage my block has the attributes:

index — the block index the position in the chain
timestamp — date and time that the block was added in Blockchain
data — the data value, in other words, what you want to save
previous hash — the hash of the block index -1
hash — the hash of the block

If you don’t know what’s hash, I did explain in my last post here.

You will see some things interesting in the picture and here I will explain a little bit:

let more OOP the function isValid is for each block respond if he is valid
The constructor defines all the things in the block
the function “update” is to update the dict when reading from a file, this is for saving the data for future
calculating the hash for previously saved files, to convert always to the same encode, because, differents encodes have different characters and different characters produce different hashes.

So this is a chain valid, if the block was changed, the current block will know, and make yourself invalid, and if any previous block was changed, the chain will know, and all the chain will be invalid. That is the concept that makes the data save in Blockchain immutable.

So looking in our second class, Blockchain, it looks like:

So, the blockchain class create the blocks and look for any problem in the chain, and this class is responsible for saving in a simple JSON file and read from him. Our first version blockchain is ready!! \o/

All the code is below, you can execute and see the output

In this version of our blockchain, we not implemented the Proof of Work, the idea first is created the blockchain and guaranteed the chain’s integrated. That will be my next step.

I created a project that you can follow in GitHub, I will increment more and more my blockchain, if you have interesting just follow me, I will write some posts about all the process.

P.S: I am not an expert in the blockchain, so any problem, code fix, or tips, this is will be very welcome to comment below and will help some peoples too. Or you can talk to me privately in the LinkedIn.

See you soon!

An overview about hash functions: Theory and Security

Pedro Matias de Araujo — Thu, 22 Nov 2018 01:51:13 +0000

Portuguese version

A more common definition for hash functions would be “a function that maps a string of bits of arbitrary length to a fixed-length bit string”.

Hash functions are unidirectional, a surjective function that does not allow reverse, so it is easy to calculate the hash value from any input of arbitrary length.

In contrast, it is harder to return to the previous value of the message from a given hash value.

Hash Properties

For a cryptographic application, there are three desirable properties:

Collision Resistance

It is computationally impracticable to find any pair (x, y) such that H(x)=H(y)

Pre-image resistance

For any value h given, it is computationally impracticable to find x such that H(x) = h.

Second pre-image resistance

For any block of data x, it is computationally impracticable to find y different from x, such that H(y) = H(x).

The ideal situation is that every hashed value generated is really unique for each input value, but this is not possible. In the hash functions the possible hash values to be generated are finite, since they have a fixed output size and because the input size is theoretically infinite, by the Pigeonhole principle, there will be collisions with two distinct entries, resulting in the same hash .

However, these functions have been constructed to minimize valid collisions, ie, it is very unlikely that two messages that have meaning in context will result in the same hash.

Hash usage examples

Hash functions have a wide variety of security uses, such as:

Message Authentication

Mechanism or service used to verify the integrity of a message; ensures that the information received is the same as the message sent (without modification, insertion, deletion or replay);

Digital signatures

The summary value of a message is encrypted with the sender’s private key, any user who has the public key can verify the integrity of the message that is associated with the digital signature;

Password file

A summary of a password is stored in a file of the operating system instead of storing the password, in case the password file is violated, the attacker will only be able to obtain the hash of the password;

Detection of intruders and viruses

For each F file of the system, the hash H(F) is also stored, if there is any change in F, it will be perceived;

Pseudorandom function family (PRF) or Pseudorandom number generator (PRNG)

For symmetric keys generation.

Blockchain

The data in the blockchain are “hashes” in each block. If the block changes, ie someone tried to change how many bitcoins, for example, they had or how much they should send, the hash value would be different and everyone could detect that something has changed.

The hash value of the previous block is used to calculate the hash value of the current block, creating a link between the blocks.

Examples of algorithms with a link to their hash implementations are:

SHA-1; insecure
SHA-256;
MD5; insecure

Keeping your passwords in the database using hash is a good practice (at the moment we can say that it is mandatory) in case when your database is exposed by a cracker, he can not have direct access to the password of yours customers.

So just create a hash for my password and problem solved? Not totally.

How hashes are broken

By the properties of hash, we have seen that given a hash H(x) should not be computationally feasible to discover the input x, so it is not possible to “decrypt” the hash, after all it is an operation that does not allow return.

But we know that given an input always the same hash is generated, and the crackers know that too. Then there are some known hash attacks for passwords:

Dictionary attacks and brute force

The simplest way to try to find a hash.

A dictionary attack uses a file containing words, phrases, common passwords, and so on to calculate the hash of each and check to see if it hits any of the list or database.

The brute-force attack tests all word possibilities with a defined number of characters and verifies that the hash calculation is equal to some of the list.

Lookup Tables

Lookup table is an extremely effective method to break multiple hashes quickly. The general idea is to pre-compute the password hashes of a dictionary and save this value with its corresponding password. A good implementation of a lookup table can process hundreds of hashes per second, and contain billions of hashes.

Reverse Lookup Tables

This attack allows an attacker to apply a dictionary or brute-force attack to multiple hashes at the same time.

First, the attacker creates a lookup table that maps each password hash of the database contracts to a list of users who have that hash.

The attacker then makes a dictionary attack or brute force, and upon discovering a password he already has a list of users who have it. This attack is very effective because it is common for many users to have the same password.

Rainbow tables

One rainbow table is a pre-calculated hash lookup table. It is a practical example of the Time/memory/data tradeoff attack.

It looks like the lookup table, except that it sacrifices the speed of breaking the hash to make the tables smaller. Because they are smaller, solutions for more hashes can be stored with the same space, being more effective in terms of storage.

Then, exemplifying

We have a client that has the password 123456 and that is stored using the SHA-1 algorithm, so in the bank will have the hash 7c4a8d09ca3762af61e59520943dc26494f8941b

When the cracker is in possession of this hash, he can just use a website or some specific program, which will test if it has this hash in the database and returns the value that generated it. As for example the http://md5decrypt.net/en/Sha1/#answer

The list of 100 most used passwords is probably already in all possible hash banks, so there are campaigns to use increasingly difficult passwords to make these hashed banks difficult. But even with these issues, users do not want to have the problem of using more complex passwords, so as a developer, knowing these attacks, what is the best solution to this problem? Put more “salt” in your hash.

Salt and Security Deployments

The concept of salt, is to put some additional information in the password to add complexity when calculating the hash, for example:

Placing additional information in the password makes it more difficult to create a lookup table.

What to avoid when using salt

Reuse the salt

Even being a hardcoded salt in the program, or once generated randomly. It is ineffective because if two users have the same password, they will have the same hash. With reverse lookup table attack, a brute force attack could be applied by simply testing the possibilities of salt and once found the salt, all your passwords are vulnerable.

Using short salt

If your salt is too short, an attacker can build a lookup table for all possible salts. For example, if you use three ASCII characters, then you have only 857,375 possible salts. And that for computational terms is not much, if each lookup table contains only 1MB of the most common passwords, generating them would be an 837GB, and already have 1TB HD costing 50 dollars today, and it is a very cheap investment compared to the damage in the system.

Use username as salt

Although they should be unique in the system, they are usually used by other accounts in other services. An attacker could make the user-password relationship and create lookup tables and break hash that has username as a salt.

To be computationally impossible to create a lookup table for each possible salt, the salt should be long. A good rule is to use a salt that has the same size of the the hash function output, the SHA-256 output is 256 bits (32 bytes), so the salt should have at least 32 random numbers.

Realize that the salt does not have to be a secret, it should only help avoid the attacks that I listed. I particularly like to use the timestamp hash of the time that the password has been changed, so I leave all the properties satisfied and I use the date in the format that I defined, making the task of generating a lookup table even more difficult.

Why RSA Criptography works?

Pedro Matias de Araujo — Tue, 13 Nov 2018 23:42:04 +0000

It’s much easier to multiply numbers together than to factor them apart. That’s the basics of RSA encryption.

In particular, the RSA encryption works with two large primes p and q, is quickly and easy to find the product pq but it is harder to recover the factors p and q from n. Generally p and q are numbers with hundreds of digits, factoring a number of this magnitude is very slow.

The algorithm

To encode the message we need n = pq and a positive integer e that

be reversible module φ (n). We talk about the Euler’s totient function before.

We will call the encoding key pair (n, e) of the RSA system. We will encode each message block separately and the final message will be the coded blocks sequence.

Important: Blocks already encoded can not be assembled to form a new number. This should make decoding impossible, as we’ll see later!

Let’s now show how to encode each block b. We will call the coded block of C(b). First, remember that b is an integer smaller than n. We calculate C(b) as follows:

where 0≤C (b) <n.

Let’s see how to decode a block of the encoded message. The information we need to be able to decode consists of two numbers: n and the inverse of e module φ(n), which we denote d. We will call the pair (n, d) of decode key. Be the one block of the message encoded. Then D(a) will be the result of the decoding process. The way to calculate D(a) is:

where 0 ≤ D (a) <n.

First, it is very easy to calculate d, if we have φ(n) and e : simply apply the extended Euclidean algorithm. On the other hand, it is clear that if b is a block of the original message, then we expect D(C(b)) = b, otherwise we will not have a useful code.

Finally, since the beginning of the notes we have been insisting that we encode using n and decode using p and q; so you need to factor n to decode. At this point we see that is not strictly true. In addition to the n itself, we only need to know the inverse d of e modulo φ(n) to decode. It turns out that we only know how to calculate d by applying the extended algorithm to e and φ(n).

Proof that RSA works

The obvious question which now arises is: D(C(b)) = b?

That is, by decoding a coded message block, can we find a block of the original message? Because otherwise all our effort was meaningless …

Consider then n = pq. We will prove that D(C(b)) ≡ b mod (n).

How 1≤ b, D (C (b)) ≤ n-1.

By definition, we have:

But d is the inverse of e module φ(n). Then there is an integer k such that ed=1 + kφ (n).

Soon,

If b and n are relatives primes, then we can use Euler’s Theorem:

Suppose that b and n are not prime to each other. Since n = pq, p and q are distinct primes, then φ(n) = (p-1)(q-1).

Soon,

If b and p are relative prime, then we can use Fermat’s Theorem, and we have bᵖ⁻¹ ≡ 1 mod (p).

Therefore, bᵉᵈ ≡ b mod (p), whichever is b.

We do the same for prime q, we get, bᵉᵈ ≡ b mod (q).

Therefore,

as we wanted.

Implementation

As an developer I have a necessary to put code in everywhere, even when don’t need it, so I will put here a simple implementation of this algorithm, and that can be useful later

The code is here

Euler, Fermat and Primality Test

Pedro Matias de Araujo — Sat, 10 Nov 2018 21:04:33 +0000

In number theory, The Euler’s totient function , counts the number of positive integers less than m and relatively prime to m. For a prime number p, φ(p) = p-1.

It can be defined more formally as the number of integers k in the range 1 ≤ k ≤ n for which the greatest common divisor gcd(n, k) is equal to 1.

What is Fermat’s little theorem

Fermat’s little theorem says that if p is a prime and a is not a multiple of p, then

Euler’s generalization of Fermat’s little theorem says that if a is relatively prime to m, then

Euler’s totient function is multiplicative , that is, if a and b are relatively prime, then φ(ab) = φ(a) φ(b). We will use this fact in other discuss.

The Proof of generalization

Be r=φ(n) and b₀, b₁, …, bᵣ, integers numbers, primes relative two at two, and all prime relative with n. So ab₀, ab₁, …, abᵣ, still congruent mod(n) for

i=1,2, …,r.

The collection b₀, b₁, …, bᵣ and ab₀, ab₁, …, abᵣ are equals mod(n). So let multiplity all

So,

In anyway, (aʳ-1) ≡ 0 (mod n) and how aʳ ≡ 1(mod n) and

r=φ(n), then

Primality testing

One best things about this theorem is the primality testing.

The contrapositive of Fermat’s little theorem is useful: if the congruence aᵖ⁻¹≡ 1 (mod p) does not true, then either p is not prime or a is a multiple of p. In practice, a is much smaller than p, and so one can conclude that p is not prime.

Technically this is a test for non-primality: it can only prove that a number is not prime. For example, if 2ᵖ⁻¹ ≢ 1 (mod p) then we know p is not a prime. But if 2ᵖ⁻¹ ≡ 1 (mod p) then all we know is that we haven’t failed the test; we don’t have certain if that p is prime or not. So we try another value of a, for example 5, and see if 5ᵖ⁻¹ ≡ 1 (mod p).

In theory looks perfect, so all the crypto theory was ruined? Of course, not, because even easy to undestand, looking in thecomputacionais terms, this is problematic, for example, for a small number like 223, and for a with value of 2, we have;

We know that 223 is prime, but 2²²³ is hard to compute even in robusts computers, so numbers like 2321412341243123423413263466567678352323 is harder to determine, but all the theory is usefull, with many implications in criptography and number theory. I will discuss this in other posts.

Tips for working with shell scripts

Pedro Matias de Araujo — Tue, 28 Aug 2018 01:13:29 +0000

Years ago I was programming for a small company who worked with boarded system. There I wrote codes for shell scripts, python scripts and another codes for boarded systems, sometimes for clients who lived in another state with machines that I don’t had any access, so my scripts were always a black box and for that was very common send the updates for e-mail.

Therefor, the client sended me a e-mail with the subject: “Not working”. In 5 minutes I refreshed the file and sended back. Problem solved right? Not totally.

It’s hard to small companies, even freelancers, do a good logistic to work with bash scripts because the client do not can wait and you have to do something to solve the problem, so the “add this line” always win against a robust process.

After a lot of problems, with developer and freelancer, I want to share good advices for work with sh files (maybe can be usefull for another scripts)

It’s simple tips, but the bugs (and headache) is in the details:

Write all in functions (isolated if possible)

Do your logic fragmented, will help when need change and recicly your code.

Do a scope for each function support you to change the logic without bugs.

Always pick the file on the master

It’s obvious, I know, but in real world, change your file for send to your client without commit before is faster, and in a busy day, you can forget to do this commit later, so you have one file in your git and another with your client. It’s not hard to imagine catastrophics scenarios.

Always create branchs for work

That tip is usually for teams, but work well for freela too and helps to do not commit direct in master as well as avoid bugs without revision and “commit for commit”.

Comment on shell script

It’s an eternal discussion about comment your code or not, in other languages I believe is not necessary, but how in bash sometimes is not intuitive, like I’m a practical developer, I prefer comment my bash scripts, in the end this save my time.

Do tests

Yes, do test in bash scripts.

This tests don’t need be a unit test, but can be a functional tests, for example.

If your script move a file to another folder, you can:

create a file in the original folder
run script
do assert that file is in the destiny folder, and not in the origin

With tests, is easy to see fool mistakes. Do the test in bash is hard sometimes, so use another language for this, Python is a good call and is my preference.

Do a log

And finally the golden tip. One good log, will help to identify the errors faster, and it’s usefull to see all activity and performance, like find bugs and system bottlenecks. It’s easy do log in bash files, so is not have a reason to do not do one.

This is my tips to do a process with less bugs and fatal errors.