Inside the Arcade1up PacMan

I received PacMan for Christmas.  I had a lot of fun, until the joystick up stopped working.

I had been thinking about moding it.  Some YouTube videos implied it could be done, that the ROMs on the board included Asteroids and Galaxian.

Sure enough, when I replaced the joystick Arcade1Up sent as replacement, the controller nest has the label saying "Galaxian, Pac Man, Space Invader" and room for a fire button P1-A.  I have not cracked the logic board connected to the display yet, but it might be tweakable if true.

Media, White Hats, and Black Hats

ARS Technica has an article with detailed instructions on how to record information, or fake phishing, using Alexa and Google Assistant. It is a blueprint of how to build rogue skills that pass certification but do naughty things.  I know at Microsoft, one of the last things Cortana did was implement developer vetting. It irritates me that articles like this, that have good intentions, not only expose holes to black hats, but make real developers lives harder.

When CERTS expire...

Today I noticed my SSL cert expired. I received notice mid-July, but as with everything, I checked if everything still worked at that time - it did - so conveniently forgot.

This meant likely yesterday, my webs server anounced it was not secured, and all my Cortana skills stopped working with an obscure error message stopped working. (The error message buried at the bottom of the message was [bot service response null].)

So I fixed it by

• downloading my new cert
• figuring out how to use psftp to upload them to my server given I'd obfuscated sshd configuration
• uploading my new crt files and moving them to /etc/ssl/certs
• updating the various entries in /etc/apache2/sites-available conf files that pointed at the cert

So all the Cortana skills are running again.  I am surprised that the automated tests Microsoft runs didn't send me a nasty email saying I was down.  Ah....

Debug C# Cortana Skill Locally

I added a video on how to create a Skill in the cloud, compile it there, then suck it back to a desktop, set debug break points, and continue to debug locally.It doesn't have commentary yet, but I'll get to it.

Teach Your Kids to Code

Today at work we had Bring Your Kids who got an Hour of Code.... Teaching your kids to code! Super cool. They started here... Minecraft . And now I get to send them here... Robot Odyssey . Right on.

Well Gosh. I changed employers.

I will still be blogging about and making chatbots. But I don't work indirectly at Microsoft anymore!

And I might blog about using the Groupon API too! And making a Groupon skill...

Decoding JWTs and Bot Service Auth tokens

Ever wonder how to decode a JWT token to get at the email address and user name?  Given that you have the openid, email, and profile scopes granted.


Visit JWT.io for decoder and doc.

Of if you love (trust?) Microsoft, ADFS JWT Decoder.

And the full blown specifation on RFC7519...

And then the openid documentation on how to get name and email.

     // header, payload, signature
     function parseJwt (token) {
            let ary = token.split('.');
            if( ary.len != 3)
                {
                console.log( "not a JWT: " + token );
                return undefined;
                }
            // assume it IS urlEncoded
            let base64Url = ary[1];
            let base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
            let txt = Buffer.from(base64, 'base64').toString();
            return JSON.parse( txt ); 
        };

And then

let jwt = parseJwt(tokenStr);
let email = jwt.email || jwt.upn || 'unknown';
let name = jwt.name;
console.log( `You are ${name} at ${email}` );

But there is more cool stuff you can do via Bot Framework! For example, want to re-use an Auth Token? Use this class to send off requests piggy-backing (using on-behalf-of) on the Bot's app registration.

Then, you can also use Bot Framework's JWT decoder in C#. Use this class to decode the properties into a hashmap.