More like postcards than like letters

Posted on August 8, 2019 by DocDock

Every couple of years, sometimes more often, some politician or law enforcement officer brings up that encryption is preventing them from doing their job. Just recently reported in Arstechnica was such an article about the US Attorney General William Barr.

“Encryption seriously degrades law enforcements ability to detect and prevent crime before it occurs.”

It is true that when messages or data is encrypted it is difficult to impossible to decrypt depending on how well the encryption was done. I do have to agree that as a law professional it must be frustrating to be thwarted by locked phones, encrypted messages, mail or documents. In the “good old days” you only needed to turn on the device to be able to browse through it looking for something incriminating. In retrospect that should probably be thought of the as the golden age of law enforcement starting with the creation of the personal computer and lasting up until about 2000. It is a subjective date but at the time the new kid on the block was the BlackBerry which was a cell phone with secure encryption. This was the first wake up call that information could be encrypted so that it could not be simply intercepted and examined. This allowed anti-government groups to both communicate in real time without the fear of that information getting out.

Over the years since then more and more security (ie encryption) technology has become main-stream. So simple in fact that you only need to know how to make a call or send a message and not be forced to use other intrusive methods to protect your message.

Prevention

The argument of Mr. Barr and all of these other well meaning people is that if this information was not encrypted it would allow law enforcement the ability to prevent bad things from happening. This is both a very admirable goal but quite lofty as well. The number of emails sent per day is 269 billion while the number of text messages are 18 billion per day. I am not sure what the US infrastructure would need to be in order to process this bulk of information, but it would be substantial. It is not the few computers needed to sift through the data but what happens to the threats that are found. If the goal was to prevent crimes then coordination between a group of potential bank robbers in rural Nebraska should be reported to the nearest authorities.

To be honest, I cannot see this level of access by the government being all that helpful for local crimes. I would imagine that they would focus on Federal crimes such as threats to the nation’s leaders or general Terrorism. Unless the terrorists are pretty stupid, they would not be telegraphing their movements.

Poor

We will all meet at the corner of 3rd street as planned on Tuesday 13 March at 5pm.

Average

We are meeting on Tuesday at 5pm

Clever

The plan is on, meet next Tuesday at the spot we agreed.

These exact messages are not so much help unless you have the context. These messages could be for some sort of terrorist plot or it could be meeting for a bachelor party. The context may be found in a single email but more than likely it would need to be gathered through many mails with other methods (ie humans interacting with bad guys). The emails, despite the massive volume, may not provide enough information.

Improve access or allow overreach

Allowing lawful access to encrypted information without prior approval or assistance of the party being surveilled would be really nice. The government has knowledge that you are purchasing very questionable materials and would like to take a peek into your communications to verify this. This request, if guarded by impartial people, on the ground of national security does seem reasonable. Nobody wants a bombing or a plane crash to occur if it can be prevented.

Yet there is always mission creep. If this ability to access emails were possible and the government decided that they would also use this power to tackle large scale fraud and corruption it would probably be viewed as good. It would not be long before some ambitious person decided that people cheating on their taxes would also be a good target for this as well. What about helping to prosecute spouses that do not pay their alimony or child support?

None of these are bad uses but what is the person who had this access was not impartial and had a chip on his or her shoulder. This would be a great way to do the same thing in a directed manner. Trying to dig up dirt on an ex-boyfriend. Getting hints on what your political opponent is doing and find ways to undermine them – part of the problem is that people are flawed.

Sometimes this access to the data is referred to as a back door. Basically, a hidden way to monitor or access data in a given system. It seems to be that it should really be referred to as the front door. To enable this functionality, you are giving either a key for that particular user or for all users of that particular system to the government. Would you trust that some government official, policeman or other political appointee had access to all your data? Would you trust them to have the key to your house or apartment?

No encryption would provide effective access

Well, at least if this power would be given over it would be effective? It would be probably 98% effective or perhaps even more emails or social media accounts. The problem is the smartest “bad people” would be able to cover their tracks pretty effectively.

  • Private mode browsing to reduce browsing history
  • Using docker or virtual machines to reduce browsing history
  • Old fashioned couriers for transferring messages or materials
  • Dead drops for transmitting information in an unseen manner
  • Book ciphers to make the data uniquely encrypted
  • Spam encoding another interesting way to pass messages around in plain sight
  • Embedded in pictures yet another way of hiding or transferring messages
  • Foldering, messages saved in draft folder
  • Use messaging services that have not been compromised

The ability for law enforcement to have access to the contents of a smart phone is not useless but it is more useful for prosecuting people who have already done bad things. Depending on the crime, the criminal is no longer alive to have justice meted out to him.

Presumably, just having access to the SIM card in the smart phone would allow the investigators a trail of people or phones that they can follow. This information would (currently) provides a digital footprint to where the phone went.

What could it hurt to provide this “back door”?

People are basically honest and hard working so we have little to fear. Many people have access to other types of high security materials. Well, that may be the case but people are also basically lazy and have a tendency to do the least possible work to get the most possible income.

Not only that but this provides a very juicy target for people with bad intentions. Look at the problems that occurred due to incompetence, laziness or bad luck.

It is truely difficult to ensure that personal data is kept secure even with no back door as these companies can attest to.

The benefit of providing such a “secret back door” is questionable while the damage would be immeasurable if this access made its way into the wrong hands. This “leak” wouldn’t have to be sabotage or ill will, it could be carelessness by someone who had legitimate access.

After all, if the NSA cannot manage to keep their secret tools and methods secret what are the odds that a group that is controlled by politicians will fare any better?

Posted in security, Soapbox | Comments Off on More like postcards than like letters

Man in the middle, then and now

Posted on July 21, 2019 by DocDock

When the internet started, a long long time ago, things were a bit more trusting. This isn’t all that surprising as the internet actually started as ARPANET which was a research network created with funding from the US department of defense.

The network of networks experiment, that later became the internet, was in its infancy and the level of trust was actually relatively high. In the intervening years we still see from time to time references about some technology along with the inevitable quote that this bit of technology springs from a more trusting time.

One important example of this is the DNS service. This service is the address book of the internet and an important piece of infrastructure. Why isn’t that service more secure? Well that is because of the origins of the internet.

It was this level of trust that has caused more than one security problem over the last 40 or so years. I cannot find the actual researcher who first came up with the theoretical possibility of the man-in-the-middle attack.

It isn’t really that complicated to understand. In a man in the middle attack, someone secretly relays and possibly alters your communications with another party.

Over the years this process has become so simple that you can use this technique to view what your victim is viewing with just a 5 minute tutorial on youtube.

The problem was known fairly early on and nobody really wanted to other people to view what they were doing so came the introduction of HTTPS.

It is still possible to see where people are going but with this new level of encryption it is not possible to see what exactly is being communicated. It is necessary that the web site has a signed certificate to verify its authenticity. Thus is it possible to verify that you are communicating directly with the person or site that you think you are. This is a good solution unless somebody comes up with a way to circumvent this.

Uh oh

Anything that can be done can be worked around. If you install another certificate for the man in the middle it would allow that person or organization to decrypt the users HTTPS traffic, examine it and then encrypt it again with this certificate. This would completely undo the security of using HTTPS. If this were in place it would no longer be possible to trust a web page or email had not been altered or read.

Nobody in their right mind would volunteer to be part of such a technical solution. Would they?

Small time experiment

Such a solution would work if there were a “small” coordinated effort from the local ISP’s forwarding all traffic to a central point.

This situation is no longer a piece of fiction due to the actions of the Kazakhstan government. Just a few days ago, July 17 2019, came a change that required the local ISP’s to install the government certificate and the government has begun to intercept all HTTPS traffic.

https://www.zdnet.com/article/kazakhstan-government-is-now-intercepting-all-https-traffic/

It is undoubtedly an experiment that is being closely monitored by other governments around the world. It is not too far of a leap to governments or security apparatus petitioning their local politicians that such efforts are necessary due to terrorism concerns. It is unclear if such a change would cause an uproar but there have been a lot of other changes that have been done in the name of security.

USA

  • Patriot act and domestic spying
  • Dept of Homeland security
  • Military Tibunals and Guantanamo bay

Flights

  • Liquids ban
  • TSA locks
  • Millimeter wave full body scanners
  • Removing shoes and belts
  • Terrorist watchlist
  • Extra scanning of phones, tablet and laptops

Other

  • Increased surveillance via CCTV

This is not an extensive list but even so some of these changes have even been analyzed and the results have not proven that these security results to be effective.

https://www.aclu-wa.org/blog/pull-plug-patriot-act

We can only hope that full-time surveillance of the internet will be too expensive and opposed by democratic thinkers.

Posted in security | Comments Off on Man in the middle, then and now

86 year old defends herself with bacon

Posted on July 21, 2019 by Davio Der Grosse

In 2016 a 86 year old defended herself WITH BACON! All i thought was i would have loved to be there just imagine in a supermarket in Altrincham, UK it was posted by the greater Manchester police Facebook page so it was in front of the shopping mall the older lady deposited a large amount of money before she went in. While she was shopping an unknown female grabbed her trolley and demanded the money. The woman took a pack of bacon and whacked the other lady over the head. The offender then retreated and made off from the supermarket. A lot of people liked the story also righting stuff like: One person wrote: “Sounds like a Hambush to me…” or the post i found the best was “Well done lady, that’ll teach her not to assume old people are easy targets. Hope you’re not too stressed about it”.

Also if i should wright about something just say it.

All of this information is from https://www.telegraph.co.uk/news/2016/07/20/86-year-old-woman-uses-bacon-to-fight-off-thief/

Posted in Uncategorized | Comments Off on 86 year old defends herself with bacon

Failed CCTV

Posted on July 20, 2019 by Davio Der Grosse

CCTV means closed circuit television. At my mothers work her car was scratched hugely. So the next time I was at my mothers work I noticed that there were security cameras around the building. So yesterday my mothers friends bike was stolen so I asked “what is with the security cameras?” And it turns out they don´t record anything that happened. So why didn´t they stop it so it also turns out they don´t even watch it.

Posted in security | Comments Off on Failed CCTV

Making lightsabers for lego characters

Posted on June 11, 2019 by DocDock

It was the exciting part of the movie when my son came into the living-room asking where the screwdriver was.  The tool box is pretty organised so I hardly looked up from my movie.  Yet a few minutes it really sunk in

I need to work on my cell phone, where is the screwdriver set”

I wandered into the kitchen to see what exactly he was up to.  It was a shock to see that the back of his phone was off and most of the screws were already taken out – he is nothing if not industrious.

I don’t think I even raised my voice when I asked what in the heck he was doing.  Just a quick bit of background.  I am about the farthest thing from a certified technician of cell phones and neither is my 13 year old son.

The problem

Well, if you have an audio headset plugged into your phone and it falls the wrong way part of the audio jack will break off in the device.  This has the negative problem with the music going to the output jack or in this case nowhere, but it has the other side effect of having all other music, noise, notifications and alarms going nowhere too.

After I caught my breath I thought about my boy’s approach.  It actually didn’t sound all that different from what I might try but I thought I would take a quick peek on youtube.  I needed to know how much is involved with the dissassembly of a smart phone.

       YIKES!

Yup, between the many tiny flat cables and prying with various tools that I didn’t have it looked to be a nightmare.

The solution

Well, if youtube can scare your pants off then perhaps it can also give you some good ideas.  I am slightly paraphrasing but the solution is to stick a stick with glue into the audio jack plugin.

This was the best sounding option of the various choices.  The idea was to put a bit of glue inside the ink tube of a bic pen and push that hard into the audio plugin.

The instructions are easy it just requires you get the amount of super glue right.  I didn’t think that I had the right amount so I stood the phone up so the glue would run down towards the stuck audio plug.

Just leave this in the phone until it dries.  I waited until the next morning to ensure that it was either really attached (or really destroyed).  Super glue doesn’t specifically create a strong bond with the metal but I suspect it was attaching itself to the plastic core.

The results

Of course it worked.  Not because I am a certified technician.  If it didn’t work I probably wouldn’t be publishing this latest exploit – nobody wants to advertise personal failures.

Now the phone once again works, and my lego toy “Steve” has his own lightsaber.

  

However, everything else being equal I would not want to be building toy light saber’s in this way on my day off.

 

My Youtube solution

 

A bit more theory about the problem

Posted in DIY | Comments Off on Making lightsabers for lego characters

CMOS scheeMOS, clean up after yourself

Posted on June 9, 2019 by DocDock

I have had a problem with my home computer for some time.  It doesn’t quite boot right.  That is to say, when you turn it on, it actually doesn’t start windows or anything.  I have done some investigations and found out that when the computer is booting up it encounters a POST request of 36 and then it stops.  The workaround for this problem was to turn it off, and then after about 10-15 seconds turn it back on.

presto

Yet, as this has bothered me for some time and eventually I did do a bit of research.  The answer that most people seemed to agree on was that the CMOS needed to be reset. I guess must have been living under a lucky star as with all of my computers I have never actually had this problem.  I have seen the battery go bad, problems with hard disks, windows patches mess things up, but never had this exact problem.

Perhaps I should set the stage.  My personal computer is fairly old as I have had it for six or seven years.  It was assembled with some assistance from my friend out of the following main parts.

Gigabyte FX v4.0 eXtreme
AMD 8350
blue ray dvd
8 GB

The machine had Windows 7 installed but it also had a dual boot for Linux Mint.  I didn’t want a hodgepodge of boot screens so I installed rEFInd as a unifying boot manager.  One boot manager to allow me to easily and graphically decide which operating system.

Resetting the CMOS won’t really be removing any of the files or changing the flle system but I keep putting this off this “small fix”.  That nagging little part of my brain that probably knows better but just last weekend I decided to cross that item off my list.  The process took about 15 minutes if you include moving the computer, cleaning out the dust bunnies, and replacing one of my fans.

The computer booted into windows on the very first try – one problem down.  This would have been good news except the boot manager should be the one getting booted.  It only took me a minute to discover that my boot manager was now gone.  That is to say, it was no longer considered to be a boot device by the motherboard.  Just the drives and the windows boot manager were the only possibilities.  It must have taken me 10 minutes to remember that last time I was fooling around with a linux tool to install rEFInd as an option to the listed among the boot devices.

$ sudo efibootmgr
BootCurrent: 0000
Timeout: 4 seconds
BootOrder: 0001,0000,0006,0005,0004,0003
Boot0000* rEFInd
Boot0001* Windows Boot Manager
Boot0003* Hard Drive
Boot0004* CD/DVD Drive
Boot0005* USB
Boot0006* UEFI: Built-in EFI Shell

Google did help me to find that this tool was probably efibootmgr but what was the exact syntax.  I booted up with a boot DVD and mounted the UEFI boot partition but I must have had a typo as it was showing me the old 8.3 files with two versions of rEFInd.

refind~.1
refind~.2

That didn’t seem right. I suspected that at that time I was fooling with a new version and simply failed to delete the old files.  Reboot, mount the boot partition correctly and then take a closer look.

The file system is correctly mounted but I am not sure why I have both the 32 and 64 bit versions in my refind directory.  Type first, think later. I take a look some other examples of how to add back my boot manager but now I have quite a few different combinations ahead of me.

efibootmgr -c -d /dev/sda -L refind -l fs0:\EFI\refind\refind_x64.efi
efibootmgr -c -d /dev/sda -L refind -l fs0:\EFI\refind\refind_ia32.efi
efibootmgr -c -d /dev/sda -L refind -l \EFI\refind\refind_x64.efi
efibootmgr -c -d /dev/sda -L refind -l \EFI\refind\refind_ia32.efi

Each time I try one of these options I have to reboot everything.  If this doesn’t work then I need to delete that boot manager entry.

efibootmgr -Bb 0000

The only problem is that my entry is not 0000 but 0001.  Copy, fix, run, reboot, copy, fix, run, reboot, ….

I imagine it was fate that had me delete entry 0000 not 0001.  I am not happy that Linux wasn’t working but now I am less happy that the windows boot process has been deleted.

Can I possibly stay cool long enough to fix this?  Maybe.  I have gone through all the possibilities in my list but I have had no success.

I could have tried to install a newer version of Linux but that both feels like cheating but also may be delaying the problem another 30 minutes. I decided to go back to the source and take a look at the excellent page by Rod Smith. .  I was actually a victim of Microsoft and their backslashes, well that and my apparent inability to delete the old unused configurations and files.

After using a few more slashes everything comes up roses.

efibootmgr -c -l \\EFI\\refind\\refind_x64.efi -L rEFInd

This time I need to not only make some notes, but I also need to save them someplace really safe for next time.  Who knows next time it might be an upgrade or replacing a disk after a crash.

Posted in Setup From Scratch | Comments Off on CMOS scheeMOS, clean up after yourself

The art of invisibility

Posted on May 21, 2019 by DocDock

Indeed this book does discuss all the technology that you could use in an attempt to become invisible as far as internet tracking is concerned. The book goes even further if you wanted to disappear. It explains all of the technological actions you need to keep in mind as well as how to achieve them.

Truly becoming invisible will be extremely difficult for most people due to the constant vigilance and separation between your “invisible profile” and physical life.

This is not to say that this book doesn’t offer some good reminders of best practice (ie never share your passwords) as well as other hints and technologies that you can use to enhance your privacy (ie proxies, metadata on cell phone pictures) Not only that I managed to learn one very specific obscure bit of US law.

First a bit of esoteric bit of US law.

Did you know you could be arrested for possession
of a short tail lobster?

The answer is yes, it is illegal to be in possession of a short-tailed lobster no matter how you received it. I am not worried that I will somehow end up acquiring such an “illegal” lobster but in this book, I did learn about one very scary bit of related US tech law.

Public Company and Accounting Reform and Investor Protection Act
more commonly called Sarbanes Oxley Act of 2002

Khairullozhon Matanov, a friend of the Boston bombers, was arrested because he cleared his browser history. I am not suggesting that any acts of terrorism or support of terrorism should be condoned but just like an episode of “Law and Order” it is a bit scary where some laws may be only marginally relevant are used in another context entirely to convict people.

What is most important to take away from this is that under US law it is possible to be convicted of clearing your browser history.

The best way to not be convicted of deleting your browser cache might be to start up your browser in private browsing mode. This way there is nothing in your cache that would need to be deleted.

This is a fascinating book that contains a lot of technical details but also talks a bit about the techniques used when others are trying to obtain your personal information.  It is a good read and helps to remind to keep security and privacy in mind at all times.

Posted in Soapbox | Comments Off on The art of invisibility

5G and the USA dictating technology choices

Posted on May 8, 2019 by DocDock

I cannot remember how we got to discussing about technology and the new 5G standard.  My buddy Otto was a bit surprised at how adamant the US government with their demand that all of its allies must not purchase Huawei 5G technologies.

His statement was that this might be an example of US imperialism.  I tried to dismiss all of this but I did remember over the last few years the occasional news article describing how the USA’s department of defense or other three letter acronym warned about Trojans. Did this already happen to Amazon and Apple?

Later in the day my other office friend, Christian, informed me about the mechanical keyboard that he bought. Christian actually loves mechanical keyboards and so that wasn’t the surprising part.  The keyboard was essentially purchased online and delivered directly from China to his house.  Both the quality and the cost of this keyboard was amazing and in that sense he was very happy.

It was only a few minutes later that he let the other shoe drop.  This keyboard actually included a cloud driver.  The drivers name sounds a bit odd but if you think about it what exactly would a keyboard need a cloud driver for unless it needed to communicate with the cloud.  That is exactly what was happening.

What was happening was not the more serious concern that all of your key presses are being sent to some server in China, what was actually being sent was a count of how many key presses were done on each key.  This might not be so important if you are updating a long boring report on weather patterns during the dust bowl but perhaps more important if you are entering your domain password (and then simply read your emails).

Manufacturing in the 21st century makes it almost impossible to know and test the origin of each and every component in a electronic device.  Adding an extra chip to a circuit board may be more obvious but adding new logic into an existing micro-controller would make such a spy device virtually undetectable.

Did any malicious hardware changes actually happen in the past?  Does Huawei have any extra special additions in their hardware aimed at learning intelligence? It is impossible to say for certain but expectations and  privacy and laws are different in China as are the rules for monitoring people.  This can be seen by the inhabitants being spied on by their city.  Not only that but allegedly the US knows this is completely possible considering that they have done similar things in the past.

I don’t know if Christian actually installed this cloud driver when he purchased the keyboard but I can understand how you would feel to learn about such a betrayal after using something for a few years.

Posted in Soapbox | Tagged , , | Comments Off on 5G and the USA dictating technology choices

command line fun – arrays

Posted on April 20, 2019 by DocDock

Work with new people and learn new things. I used to work with someone who was unfamiliar with the Unix world, did not know how to program in Java and couldn’t write shell scripts either.

Victoria was actually a very clever lady and she did manage to conquer these shortcomings to be the best person in our team.  She simply rolled up her sleeves (well put on some reading glasses) and got all of the knowledge that she needed to achieve her goals.

I was actually quite surprised when I was looking through one of her scripts when I saw that she was using array’s in her shell script.  I had always gathered up my files to process into a variable and then continued from there.

My file names actually had no spaces and there would only be a handful each time so my solution was just fine, but it never hurts to put another arrow into your developmental quiver.

The syntax is slightly different to other languages but the syntax is rather straightforward.

VARIABLENAME[indexhere]=somevaluegoeshere

The only thing that is different than some of the more classical languages is how to determine the length of an array.

${VARIABLENAME[@]}

I am not sure that how Victoria actually used arrays was really necessary but it did point out an interesting way we can process data in the future.

#!/bin/bash

FILELIST[0]=dailyclosing.txt
FILELIST[1]=weeklyclosing.txt
FILELIST[2]=monthlyclosing.txt

idx=0
for single in `ls -1 *`
do

  idx=$((idx + 1))

  LEN=${#FILELIST[@]}

  ndx=0
  found=0
  while [ $ndx -le $LEN ]
  do
    arrayitem=${FILELIST[$ndx]}

    #echo $single $arrayitem
    if [ "$single" == "$arrayitem" ]
    then
      found=1
    fi

    ndx=`expr $ndx + 1`
  done

  if [ $found -eq 1 ]
  then
    echo $single true
  fi

done

This solution was altered from something else that was not quite appropriate. The actual solution could have been much much simpler.

1
#!/bin/bash

if [ -f dailyclosing.txt ]
then
  echo do daily stuff
fi

if [ -f weeklyclosing.txt ]
then
  echo do weekly stuff
fi

if [ -f yearlyclosing.txt ]
then
  echo do yearly stuff
fi
Posted in programming | Comments Off on command line fun – arrays

dipping your toes into the ocean with Mermaid

Posted on March 22, 2019 by DocDock

It began with a great idea.

“lets do our systems graphs in such a way we can version them in GIT”

Anyway, I believe that is how it started.  I was then told that perhaps the open source tool Mermaid would be the solution to that grand idea.

It did look pretty good.  I tried using this for some trivial graphs and I was amazed at how well it worked.  You could create a small flow chart within a few minutes.  Not only that but the graphs that where created were SVG, that wasn’t really on my radar but it would have been useful a few projects back.

 

Version 1
graph TB
AuthServer(“Oath v2.0)”)
UserDB AuthServer–>UserDB
UserDB –>AuthServer
client(user/browser)–https –>AuthServer
extpgm(ext system) — https –>AuthServer

 

I did like this but to be honest it didn’t really keep the systems properly grouped together.  That was also quickly correct by grouping the systems as a sub graph.

Version 2
graph LR
subgraph Internal Systems
AuthServer(“Oath v2.0)”)
UserDB AuthServer–>UserDBUserDB –>AuthServer
endsubgraph Client Services
Login        client(user/browser)–https –>AuthServer
extpgm(ext system) — https –>AuthServer
end

Mermaid seemed to handle these flows just fine.  Not being content with this I tested the sequence diagrams.  They actually seemed to work even easier.

 

Sequence Diagram
sequenceDiagram
user->>+AuthServer: User credentials
AuthServer ->>+ user: token
Note right of AuthServer: Token valid 6 hours
user->>+MediaServer: requests movie + token
alt token valid
MediaServer ->>+ user: streams content
else token valid
MediaServer –>>- user: request refused
end

I was about to bring all of this to my team leaders attention when I received some feedback from one my teammates. He was correct, color makes things not only less boring but can also visually help with grouping like items together.

Version 3
graph LR
classDef cyan fill:cyan
classDef yellow fill:yellowsubgraph Internal Systems
AuthServer[“Oath v2.0)”]
UserDB(Login data)
DetailsDB(Customer Details)
AuthServer–>|JDBC|UserDB
UserDB –>|WebSphere|AuthServerclass AuthServer yellow
class UserDB cyan
class DetailsDB cyan
end
subgraph Client Services
Login        client(user/browser)–https –>AuthServer
extpgm(ext system) — https –>AuthServerend
linkStyle 2 stroke-width:2px,fill:none,stroke:green;
linkStyle 3 stroke-width:2px,fill:none,stroke:green;

 

It was at this point that I realized that these connections between elements was only one way.  Unfortunately you cannot simply have a line with arrows at each end. I didn’t think that adding a few back arrows would make that big of a change to the diagrams but unfortunately they did.  Not only that as you start to add a lot of different elements, each with bi-directional communication, the nicely ordered elements start to change places.

 

Version 4
graph LR
classDef cyan fill:cyanclassDef yellow fill:yellow
subgraph Internal Systems
AuthServer[“Oath v2.0)”]
UserDB(Login data)
DetailsDB(Customer Details)
Presenter[catalog system]
AuthServer–>|JDBC|UserDB
UserDB –>|WebSphere|AuthServer
class AuthServer yellow
class UserDB cyan
class DetailsDB cyan
end
subgraph Client Services Login
client(user/browser)–https –>AuthServer
AuthServer –>clientAuthServer –>extpgm
extpgm(ext system) — https –>AuthServerend
version 5
graph LR
classDef cyan fill:cyan
classDef yellow fill:yellow
subgraph Internal Systems
AuthServer[“Oath v2.0)”]
UserDB(Login data)
DetailsDB(Customer Details)
Presenter[catalog system]
AuthServer–>|JDBC|UserDB
UserDB –>|WebSphere|AuthServer
class AuthServer yellow
class UserDB cyan
class DetailsDB cyan
end
subgraph Client Services Login
client(user/browser)–https –>AuthServer
AuthServer –>client
AuthServer –>extpgm
extpgm(ext system) — https –>AuthServer
end
client –>Details
DBclient –>Presenter
linkStyle 2 stroke-width:2px,fill:none,stroke:green;
linkStyle 3 stroke-width:2px,fill:none,stroke:green;

The colors of the elements remains easy enough, but as the number of elements increases finding and changing the colors of the lines becomes more and more like software development.  The hacking kind, not the software engineering kind.

The task that I was given had enough elements on it to take up half of a keyboard but this type of graph doesn’t automatically look very good.  It is simply too much.

I did like the few hours that I spent fooling around with Mermaid.  I can see how this might be nice if you have some simple elements that should be graphed.

This example exist on Mermaid page

Perhaps Mermaid is an exceptional tool for either sequence diagrams or gantt charts but I don’t really need that at the moment.

If you really want, you can even add Mermaid to your web pages.  As for me, I am not certain that I would want the diagrams to be outside of my direct control and at the moment human beings are able to make more of the simplifying decisions for item placement.

 

I really with I could give this project two thumbs up but I did encounter a few things that would prevent me, certainly in larger sittings, from using this.

  1. It is not possible to have lines with arrows on each side
  2. It is not possible to simply add notes or legends to flow charts
  3. It is snot possible to have a line from one entire subgraph to another item or subgraph
  4. No influence on the element placement
  5. SVG output from the tool isn’t well supported by Microsoft products, or else there is a problem with the SVG image.
Posted in programming | Comments Off on dipping your toes into the ocean with Mermaid