Turn Command Lines into Web Apps

Even if you like using a graphical user interface, you can probably agree that writing a graphical program is usually harder than writing an old-fashioned text-based program. Putting that GUI into an online format means even more to think about. [Adam Kewley] has the answer to that problem: Jobson. As you can see in the video below, the program is a web server that runs command line programs as jobs.

Simply write a YAML file to describe the program’s inputs and outputs and Jobson will create input fields for arguments and display the output in a web page. Any files the program creates are available to download. Basically any command line program can be quickly and easily pulled into one web interface to rule them.

If a program takes a long time to run, Jobson will let you switch away and then later resume looking at the output. You can also abort a job or look at the arguments it received. Jobson can also authenticate users with several different methods to prevent just anyone from executing jobs.

If you really want to write a graphical program, try QTCreator. Or, you can get a shell in a web browser if you want to go that route. But this is the smoothest method we’ve seen for gathering command line programs into one place for monitoring and control. Neat!

Continue reading “Turn Command Lines into Web Apps”

Learn 3D Modeling in Your Browser

If you have a 3D printer, it is a good bet you’ve at least seen or heard of Tinkercad. There’s pros and cons to doing your design in a Web browser, but Tinkercad is very easy to use and great for making simple objects. However, there are other 3D object designers you can use in your browser, too. Tinkercad is just the one that everyone seems to know about.

I won’t talk much about Tinkercad, but if you haven’t tried it, it is well worth a look. It has a simple system of drawing things and holes. When you merge holes with things you can make lots of shapes. The alignment tools are good, and since Autodesk acquired them (part of its 123d app suite), it isn’t likely they will go under any time soon (which, as you may remember, almost happened).

If you are designing some great new secret invention you may shy away from cloud-based design programs. But if you are printing out key chains with your coworker’s cat’s name on it, do you really care? Most of these cloud-based programs will work from any computer so you can quickly do a design in a coffee shop and then go home and print it.

Continue reading “Learn 3D Modeling in Your Browser”

Stumbling Upon an Uber Vulnerability

[Nathan] is a mobile application developer. He was recently debugging one of his new applications when he stumbled into an interesting security vulnerability while running a program called Charles. Charles is a web proxy that allows you to monitor and analyze the web traffic between your computer and the Internet. The program essentially acts as a man in the middle, allowing you to view all of the request and response data and usually giving you the ability to manipulate it.

While debugging his app, [Nathan] realized he was going to need a ride soon. After opening up the Uber app, he it occurred to him that he was still inspecting this traffic. He decided to poke around and see if he could find anything interesting. Communication from the Uber app to the Uber data center is done via HTTPS. This means that it’s encrypted to protect your information. However, if you are trying to inspect your own traffic you can use Charles to sign your own SSL certificate and decrypt all the information. That’s exactly what [Nathan] did. He doesn’t mention it in his blog post, but we have to wonder if the Uber app warned him of the invalid SSL certificate. If not, this could pose a privacy issue for other users if someone were to perform a man in the middle attack on an unsuspecting victim.

[Nathan] poked around the various requests until he saw something intriguing. There was one repeated request that is used by Uber to “receive and communicate rider location, driver availability, application configurations settings and more”. He noticed that within this request, there is a variable called “isAdmin” and it was set to false. [Nathan] used Charles to intercept this request and change the value to true. He wasn’t sure that it would do anything, but sure enough this unlocked some new features normally only accessible to Uber employees. We’re not exactly sure what these features are good for, but obviously they aren’t meant to be used by just anybody.