https://tam7t.com/ Recent content on tam7t Hugo -- gohugo.io en-us Sat, 19 Dec 2020 14:17:43 -0500 https://tam7t.com/blender-godot-export/ Sat, 19 Dec 2020 14:17:43 -0500 https://tam7t.com/blender-godot-export/ This is the workflow that I’m using to export Blender assets to Godot for Dogrun. I’m developing on linux and these are the versions of software that I’m using at time of writing: Blender 2.83.5 (deb) Godot 3.2.3 (flatpak) godot-blender-exporter (commit 3e66e12) Install godot-blender-exporter wget https://github.com/godotengine/godot-blender-exporter/archive/master.zip unzip master.zip mv godot-blender-exporter-master/io_scene_godot/ ~/.config/blender/2.83/scripts/addons/ Then in blender Edit > Preferences > Add-ons and check Import-Export: Godot Engine Exporter. Preparing for export Tris/quads You will get an error like: Tangent space can only be computed for tris/quads, aborting if you attempt to export a mesh with a face that has more than 4 verticies. https://tam7t.com/june-dogrun-progress/ Sun, 14 Jun 2020 20:24:17 -0400 https://tam7t.com/june-dogrun-progress/ I have a playable demo of DogRun! Complete the obstacle course as fast as possible using these controls: Action Key Forward w Backward s Left a Right d Jump space Restart r This was built using the Godot game engine and all of the assets were built with Blender. Future improvements include more obstacles: a seesaw, a fabric tunnel, and maybe a bridge. You can see some first drafts of these ideas in this video: https://tam7t.com/the-dog-lives/ Thu, 07 May 2020 23:17:51 -0400 https://tam7t.com/the-dog-lives/ I’ve been working hard on #dogrun all April and finally have something to share! It’s pretty incredible the amount of free resources online to learn 3d modeling and game development. Jayanam on Youtube has been very helpful reference material when dealing with Godot, and since I remain committed to making this game Hand Crafted In Brooklyn I’ve also invested in some 3d modeling courses. It turns out your model looks more like a dog if you use a reference image. https://tam7t.com/dog-run/ Mon, 30 Mar 2020 18:53:34 -0400 https://tam7t.com/dog-run/ Today marks the beginning of my 4th week of social distancing, so I thought it might be nice to uplift spirits by writing about my aspirations to create a 3d game. Fig 1 I have obtained a copyright release from my employer for this effort based on the following project description: I would like to develop random dog agility courses and then play as the dog running through the course. The game maybe in 2D or 3D and may allow the user to race against another player or the computer. https://tam7t.com/leftovers/ Mon, 29 Aug 2016 06:37:36 +0000 https://tam7t.com/leftovers/ I had some leftover orange juice from my Sunday morning mimosas and an almost empty bottle of tequila - so I made something that wasn’t terrible. 2 oz tequila 2 oz orange juice 2 dashes of bitters 1 Tbsp grenadine Shake & pour over ice, topping off with club soda. Apparently this is basically a Tequila Sunrise but different. I’d like to think that the addition of club soda makes it more fun and refreshing! https://tam7t.com/key-pinning-in-golang/ Mon, 13 Jun 2016 00:54:00 +0000 https://tam7t.com/key-pinning-in-golang/ Key pinning is a technique that can protect clients from rogue or compromised certificate authorities [1, 2, 3]. If you have control over the client and the server, you can bake the server’s public key into the client and bypass (or supplement) trust in certificate authorities. Many mobile applications on iOS and Android do this using these libraries: AFNetworking TrustKit AndroidPinning The Chrome and Firefox web browsers also allow pinning with pre-loaded pins and support of the HTTP Public Key Pinning (HPKP) protocol. https://tam7t.com/keybase-and-github-commits/ Mon, 18 Apr 2016 01:23:21 +0000 https://tam7t.com/keybase-and-github-commits/ Now that Github visualizes signed commit, I wanted to start using my keybase pgp key to sign commits. Unfortunately my keybase key had a single uid of tam7t@keybase.io which is not actually a real email address. This prevented github from showing commits signed with that key as verified. Thankfully, it is easy to add a second uid to your public key and not have to struggle with keybase’s new key model. https://tam7t.com/yubikey-ssh/ Sun, 27 Dec 2015 00:04:07 +0000 https://tam7t.com/yubikey-ssh/ There is something oddly satisfying about having my private ssh keys only on a hardware device where they cannot be directly accessed. For the past 6 months I’ve been using a yubikey for SSH access to my servers and github. In this configuration the private key only exists on the yubikey and cannot be transferred to the host computer. All cryptographic operations that require the private key are preformed on the yubikey. https://tam7t.com/mailchimp-export-csrf/ Sat, 27 Jun 2015 21:49:03 +0000 https://tam7t.com/mailchimp-export-csrf/ Earlier this year I was working on a MailChimp integration for my “Real Job” and spent the evening poking around their application. I found a few small things that, when combined, allow a man-in-the-middle to view a user’s entire MailChimp account data (including a lists of their subscribers and campaigns). Cross Site Request Forgery I first noticed that the account data export endpoint had no CSRF protections. The following HTML, served from any website, would trigger an export for users who are logged into MailChimp. https://tam7t.com/cucumber-mint-margarita/ Mon, 04 May 2015 01:15:04 +0000 https://tam7t.com/cucumber-mint-margarita/ The warm weather this weekend in New York City put me in the mood for margaritas. This, combined with the 5 hours of pre-Kentucky Derby coverage, inspired me to make a mint version of a cucumber, jalapeño, cilantro margarita that I used to enjoy back in San Antonio. Here is the result. In your Boston Shaker, muddle: ~5 / 6 slices - Cucumber ~8 - Mint leaves 1.5 Tbsp - Agave Nectar (I used 2 Tbsp and it seemed a bit sweet) Add the juice of 1 lime and 4oz tequila (white). https://tam7t.com/vimeo-account-takeover/ Fri, 03 Apr 2015 06:04:19 +0000 https://tam7t.com/vimeo-account-takeover/ A while back I was playing around with the OAuth2 spec and discovered a flaw in how Vimeo associates Facebook accounts. Their Facebook connect callback URL was vulnerable to a Cross Site Request Forgery, allowing an attacker to connect their Facebook account with a victim’s Vimeo account. Background If you try to connect a Facebook account to your Vimeo account, Vimeo sends you to the following URL: https://www.facebook.com/v2.1/dialog/oauth?client_id=19884028963&redirect_uri=https%3A%2F%2Fvimeo.com%2Fsettings%2Fapps%3Faction%3Dconnect%26service%3Dfacebook&scope=email,public_profile,publish_actions,user_friends&state=f599e2d1b07d64214116415646a6a653 Once you accept the authorization prompt, Facebook returns an HTTP 302, redirecting you back to Vimeo’s redirect_uri along with a code that Vimeo uses to access your Facebook info and associate the accounts. https://tam7t.com/golang-range-and-pointers/ Wed, 18 Mar 2015 01:30:00 +0000 https://tam7t.com/golang-range-and-pointers/ I’ve encountered bugs using pointers inside a range loop twice in the past few weeks. It seems like an easy/common mistake that is worth sharing. an example In this example a producer tries to pass pointers across a channel to a consumer. package main import "fmt" func main() { input := [5]int{1, 2, 3, 4, 5} c := make(chan *int, 0) // producer go func() { for _, val := range input { c <- &val } close(c) }() // consumer for val := range c { fmt. https://tam7t.com/rails-autoload-and-eager-load-paths/ Wed, 28 Jan 2015 05:01:21 +0000 https://tam7t.com/rails-autoload-and-eager-load-paths/ How rails finds and loads classes when using autoload_paths and eager_load_paths can be pretty confusing. This post is the best that I’ve read on the topic, but there are a few things that I think are worth explaining more. autoload_paths This helps rails locate where an unknown constant is defined. So if it encounters the constant Foo::Bar::Baz, it knows to look for it in foo/bar/baz.rb That is why you only need to add lib/, instead of lib/**/*, to the paths. https://tam7t.com/keeping-brew-up-to-date/ Mon, 19 Jan 2015 03:48:00 +0000 https://tam7t.com/keeping-brew-up-to-date/ Here’s how I ensure my homebrew packages are the latest and greatest! First I setup a crontab for my user: ~ $ crontab -e I then add this line to update the brew database every hour: 0 * * * * /usr/local/bin/brew update > /dev/null 2>&1 and add the following line to my .bash_profile to display outdated packages when I open a new terminal: brew outdated Boom. Now I’ll know to brew upgrade whenever a new hotness is released. https://tam7t.com/organizing-my-day/ Sun, 18 Jan 2015 23:43:43 +0000 https://tam7t.com/organizing-my-day/ I started a new job in August and am using the following method to get things done. Each day I create a new text file on my computer with the following template: 1 Jan 2014 ========== Goals ----- * None Completed Tasks --------------- * None Todo ---- * None Websites -------- * None Every morning I copy yesterday’s todo items to today’s goals. Throughout the day I update the completed section and add tasks to the todo section. https://tam7t.com/are-your-ruby-https-api-calls-secure/ Tue, 18 Nov 2014 19:12:44 +0000 https://tam7t.com/are-your-ruby-https-api-calls-secure/ By default, ruby uses OpenSSL settings that leave you open to insecure cipher combinations when making HTTPS requests. I wrote the following gist to document my attempt to secure HTTP requests from a rails application following the poodle vulnerability. https://tam7t.com/setting-up-your-nginx/ Sun, 05 Oct 2014 07:49:41 +0000 https://tam7t.com/setting-up-your-nginx/ Create your self-signed certificate: openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes Configure your nginx: server { listen 443 ssl; listen [::]:443 ssl ipv6only=on; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/nginx/ssl/dhparam.pem; # enables server-side protection from BEAST attacks # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html ssl_prefer_server_ciphers on; # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ciphers chosen for forward secrecy and compatibility # http://blog. https://tam7t.com/heartbleeding-an-openvpn-server/ Mon, 21 Apr 2014 00:41:00 +0000 https://tam7t.com/heartbleeding-an-openvpn-server/ Everyone has been atwitter lately over the heartbleed bug which motivated me to look into what lesser known implementations of OpenSSL might be vulnerable. My ddwrt home router seemed like a good choice because releasing and installing updates isn’t as ubiquitous for firmware as it is for desktop software. I started by looking into the HTTP admin interface. httpd I identified the web server by browsing the source code and found that SSL was most likely performed by MatrixSSL.