Shaleen Jain

2018

June 03 · 8 min read

My First Mechanical Keyboard - A Review of TADA68

TADA68 with the aluminium case Why TADA68? After first coming across the Keywalker IFD68 on Massdrop for just $99 I almost bought it. But after trying to find some reviews online I also found the TADA68/SABER68 designed by originatives, which is a very similar keyboard with the exact same 68 key layout and even the type and color of keycaps. But the few differences that tipped the favor towards me buying the TADA68 were; first the Keywalker being a Bluetooth keyboard with an included battery the shipping increased to be just too expensive, second the Keywalker uses a proprietary firmware with a flashing tool to program the keyboard only available for windows platform.

May 27 · 1 min read

My Vim and Tmux Setup

For the past couple of weeks I have been slowly setting up my Vim and tmux config files to just the way I prefer, creating the perfect workflow for working on C/C++ and Rust projects that increases my productivity by not only not having to constantly switch between the keyboard and the mouse/touchpad for every little task/navigation but also to just touch type my way to glory :). Especially since with C and Rust not having a single canonical IDE and inherently requiring to interact with the terminal for compiling and debugging, Vim coupled with a language server (I’m using cquery for C/C++, RLS for Rust) is the perfect IDE for these languages.

May 16 · 1 min read

Mobile and Desktop Wallets with gRPC

Does anyone else also feel that we need lightning [network] desktop and mobile app wallets that can connect to your remote lnd server with gRPC (using rpc username and password) instead of every app loading and syncing their own chain on device? Leading to multiple wallets and coin fragmentation among those wallets.

January 08 · 3 min read

Prefetching Data with Next.js and Apollo

Update: My pull requests implementing the techniques discussed here were merged into the zeit/next.js with-data-prefetch and with-apollo examples. You can easily combine the various examples (including the above two) to achieve your desired functionality. For most modern web apps, network speed and latency is still the biggest constraint for high performance and great UX. Universally rendered Isomorphic applications do a great job to solve that to some extent without sacrificing interactivity by processing the complete DOM of the first request on the server and subsequent requests on the client. But there is a lot more we can do.

2017

August 28 · 3 min read

Fuzzing libVLC - Final Report

Update: My fuzz targets have been merged into the VLC mainline tree by commits 74e7bd2, b83e9f2. Introduction to my GSoC project here Majority of the parsing code of VLC has been successfully setup to be fuzzed by: The demux fuzz target which creates an input stream from the fuzzed input provided by libfuzzer, probes and loads an appropriate demux module and demultiplexes the input into the various output elementary streams, minimally handling all the ES callbacks and calling various demux_Control’s to increase code coverage.

July 08 · 1 min read

Fuzzing libVLC - Improvements

I have been making some few specific improvement to demux fuzz target and also working on the decoder target side by side which isn’t done yet. Some general improvements that I have made for all fuzz targets is abstracting away and initializing the parent libvlc_instance_t object in LLVMFuzzerInitialize which obviously has some performance improvements as it isn’t created and destroyed on every run of the LLVMFuzzerTestOneInput.

June 24 · 6 min read

Fuzzing libVLC - De-multiplexer

So, I have been working on writing a fuzz target for the demux API for the past two weeks and I have reached a point where it has a good code coverage and has already found some few shallow bugs. Here are some of the stacktraces libfuzzer spit out and all of them were fixed rather promptly.

June 10 · 1 min read

Fuzzing libVLC - The Architecture

Introduction to this blog post here The Architecture I met with the VLC developers and my mentor at the VideoLabs office in Paris and after a few meetings and discussions we had a pretty good idea on how we could fuzz test libVLC and the VLC core most appropriately. In VLC, except the core, everything is a module. There are over 200+ modules in VLC along with libVLCCore and libVLC. The main module categories that take an input are: Access Access-demuxer Demuxer Packetizer Decoder Video filter

May 15 · 1 min read

VLC Media Player and Fuzz testing

Software bugs and vulnerabilities can be difficult to detect and slow to find even when actively searched for by developers and users who usually look for superficial functional and visual bugs. In a large software especially those written in middle level languages like C/C++, security bugs and vulnerabilities can often be used to comprise the whole system. Mainly because memory management is left to the programmers of the individual software. One alternative to human Q&A testing is to use automated software testing techniques like Fuzzing where random, invalid or unexpected data is provided as input to a computer program.

2013

December 27 · 1 min read

Trusting a Self-signed SSL Certificate

When connecting to a server which has setup their SSL encryption with a self-signed certificate through a Java or an android app, you’ll get an SSLException since their certificate isn’t signed by a Certificate Authorities (CA) which is a 3rd party who is trusted by everyone. javax.net.ssl.SSLException: Not trusted server certificate exception If you have access to the server or know the site admin, get them to buy a CA signed SSL certificate. But in case that is not possible or feasible we can one thing we can do is configure our HTTP client library to just not verify the site hostname with the certificate. But then again that is not a good solution and defeats the whole purpose of encryption.