So my new project posts are now going to be called GMPS posts because that is what I wanted to call the thing.
I have finished most of the boring crud stuff around registering users, inviting users and creating groups etc. It was at this stage I stopped for a while thinking about what I should be doing now. The obvious next step was to get my Syanpse server up and running and attempt to link my Laravel app through some internal calls to it that would allow me to register a user.
My first attempt at this was to use the GuzzleHttp libraries that come with Laravel. I built a very quick and dirty piece of code to see if I could get that working following the guide from the matrix.org docs on the client API. That at least got me to the stage where I was getting a response from the Synapse server, great start. I was only getting the Unauthorized 401 response and had to dig through the JSON returned to find more information. It was sending back a session ID so I tried to call it twice, once to get a session ID and once with that session ID. Still no joy, still the same response. I tried changing some of the parameters I was sending through Guzzle but nothing seemed to be working. So I stopped trying for a while and thought I would look around and see if someone had done anything similar with PHP in the past.
On my little Net Trawling I came across a Github repo that had built a Laravel package (Perfect!) that was doing what I wanted to do. Now it had not been maintained for 3 years but I thought it would at least be a starting point so I forked the repo and had a good look at the code. I had a choice of whether to install the package as-is or take the code and adapt it into my code base. I did think if I left it as a package then it could be maintained separately from my own code. But, I thought I would learn more if I took the code and wove it into my own project. So that is what I am doing.
The original code had a ServiceProvider and a class called Matrix. The code was aimed at an an older version of Laravel I think and plus I was not keen on the manner it was drawing in config details so I created my own ServiceProvider and started to lift and shift some of the code across for the registration process. And that is where I got my first bit of joy actually getting the Synapse server to register a user and get a userid and token for them to use. Brilliant, now I have to implement all the other things.
In my last Post I said I would attempt to create the project using RUST. Well after playing with RUST and Rocket for a few days I came to realise the naivety of that approach. RUST and Rocket are both great but do not have the tooling and plugins available to make this a quick simple job, so I have abandoned that approach to go back to PHP and Laravel.
On that note I thought I had given the project enough thought pre-coding for me to get straight in and crack on with minimum fuss. Nope. Again my naivety shows up again. I was happily writing the code for inviting participants to groups and realised I felt a bit uncomfortable about the thing, i.e. I had the faint whiff of something not 100% correct. Now being fairly pragmatic I recognised this as a good time to stop and look at what I was building. That meant no more code until I could identify the smell and find ways to get rid of it.
Hopefully I have now done that but I am going to give it another day of thinking and write down my thoughts before I start coding again. Hopefully I will have truly understood what the smell was and redesigned my way out of it.
After all, this is my project, my code and I can rewrite it as many times as I like.
Now that I have Synapse running on my laptop I thought it would be good to start building out the client that I am going to try and build for it. I have been writing PHP code for a few years now and my initial thought and desire to get coding led me to start building the front end in PHP making use of Laravel.
In fact I got as far as putting together the register pages and the login pages. Not too difficult in Laravel, it provides tools to do most of the work for you. And then I went away for a couple of days without my laptop and left the idea to gestate a while. I then thought it would be better to write it in RUST. I have a plan to learn a new language each year and this year was RUST, so it would make sense to build it in the language I am trying to learn. Yes it will take a hell of a lot longer and will be more frustrating I am sure. But there are 2 major benefits, 1 The best way for me to really learn a language is to build something with it. 2 The finished result should be so much faster than the PHP version.
So I am going to start the code again in Rust.
While away I also thought of a name for the project which is just an Acronym of what I am trying to achieve by doing this. Generic Matrix.org Permission System or GMPS. I want to build something on top of the matrix.org network that will allow an organisation to pick up the project and implement a matrix.org network but with finer grained controlled of who can access what.
So when the whole cookie acceptance buttons came in I pretty much ignored them and accepted everything, I think like most users of the internet. Ignorance is bliss, yes?
Anyway for reasons I do not understand over the last week I have been doing the exact opposite and taking time to reject as many cookies as possible when I get to a site. And my experience has been interesting.
Some sites are very open, transparent and make it easy to reject all cookies. Just click on options or cookie settings and press reject all and then save. The site works as usual and you would never know the difference. But from my anecdotal evidence they are actually in the minority.
Some sites make it incredibly difficult to get to the cookie options to allow you to reject anything. In fact on one site I visited the only option was to accept the cookies. I could find no other options, so I left the site.
Other sites have a very small button to take you to the options, but they are there. Once you get there the buttons for each type of cookie are defaulted to reject and you just have to press save and exit. And that is where the first problem hits you. The accept all cookies button is a big green button (Usually) but the save options button to reject them is normally just the word Save in the same font as the text with no obvious button or link. They do however work.
One of the worst sites I visited had a tiny link to get to you cookie options which was smaller than the normal text. And then when you get to the options all of the cookie types are dfeaulted to accept. You have to go through each option and change it. But they were not simple check boxes, that would be too simple, you had to drag the option from the accept to reject for each cookie option.
At the end of all of this I wondered what the experience of these cookie acceptance forms were for those internet users having to use assistive technology, can’t be easy to get through this shit.
So the first step in my new little project is to get a Matrix Homeserver up and running. Without one I can not start to build a client for it. So the only real choice with this was to use Synapse a Python based server. To do this I wanted to build it locally so that I can play and not interfere with anything else on the internet.
The ansible-docker playbook was too tempting for me to avoid so I thought I would start with that as it covered everything you would want to install to get things fully functional. Because I was trying to run this on my local machine and not on a server I had a few problems with this, the first of which was the version of Ansible I had on my laptop. I got quite far through the process and then hit a problem with certbot not being able to provide a certificate because it was unable to register. Now this had taken me a while to get this far and I suddenly realised I did not need the all singing all dancing implementation. 1 Because the project was supposed to be fun and the fun had stopped and 2 I was trying to build a client for the Homeserver and did not need everything else to do that, so I stopped on that track and just decide to install Synapse on its own locally.
This was as simple as following the instruction on the github repo for synapse. Once you have installed the pre-requisites you can get a prebuilt package. So I had Synapse installed (but not running) in a matter of minutes. Ran the config generator and started the server with zero problems ( Ok that’s a Lie. I had a mistype in one of the filenames). I then check on the local server to see if it was running.
So my next step was to create a user, again using the instructions from the github repo and I had a user. Now I have no idea what to do with it. The next stepis to learn the API and see if I can hack together a client of some sort.
Well I am assuming they are script kiddies, could be anyone really. I just can’t imagine a serious security professional doing what some people appearing to be doing to my poor little Raspberry PI.
I took a cursory glance at the Apache logs for my Raspberry PI which is happily responding to web requests. The vast majority of the requests were just attempts to identify known vulnerabilities in different frameworks/languages etc. The old version would have been war dialling I suppose.
So I have decided to start a new open source project to build a communication platform for any type of organisation. Think Slack but simpler and perhaps a bit more focused on a niche.
At first I thought of taking the same kind of approach as Slack and just basing everything off IRC and putting a nice facade over the top, but then that is simply doing the exact same thing, which is a bit boring really. I did go down the route of setting up an IRC server and writing a few scripts to automate the joining of channels and accepting of messages etc., but why re-invent the wheel when Slack have done such a good job.
I then thought I could do something similar to my day job but then you get into all sorts of problems with IP rights and source code.
So instead I am going to look at doing it using the work done by Matrix. Which will provide me with a couple of things really useful to a new project:- 1. It is a fairly new piece of technology so I will be learning something new. 2. All of the communication infrastructure code has been written I can do a Slack and just piggy back off it. 3. I have no idea what I am doing, which is always a great place to start.
I am going to keep this blog updated with the progress, if I make any at all.
And to comments on blog posts. This blog was not intended as any form of experiment on this but in two years of this blog being active I have created a massive 14 blog posts. Those 14 blog posts have generated 15000 comments. That is an average of over 1000 comments per post.
How many of those comments are spam? Well as I am writing this little rant I have Akismet running in the background filtering out the spam. But my guess is that they are all going to be Spam.
So the other day I was writing some code and needed to know how to do an efficient subquery using eloquent in Laravel. So I dig out a book, which did not really go into enough detail for my needs so I do an internet search.
The first entry in the results was essentially a copy of the details I could find on the Laravel docs but with less detail. So I go to the second record, which is exactly the same as the text on the first. So I try the third and guess what, exactly the same as the first two. I did ask myself why people do this but then I realise it is to get the ad revenue. Bloody useless and Bloody annoying.
So I have put my old Raspberry PI to good use. It is sitting on the window sill running vanilla HTML website. Well with Bootstrap and Jquery of course. And is also implementing some stuff via Apache Server side includes. It can be found at http://home.dave-gill.co.uk