Tag: server

Real time body camera system – Server Storage – part 3

January 3, 2022 /

In the last two parts of this series, we discussed our network protocol and the architecture of our body camera system. We shall discuss our backend recording and streamers service in this final part. After that, we shall present the budget we burnt for this MVP, and finally, we shall discuss why it did not work.

There are multiple server video streaming solutions across the market. Unfortunately, most of them require installing new desktop software or plugins. At the same time, we saw that no video storage format is codec agnostic and could support multiple frames using different codecs. All these weaknesses forced us to develop our storage format for our videos. After a reasonable amount of time of thinking about what would be the format we need for this kind of work, we formulated the following requirements:

  • Blazing fast append: We wanted to write down the incoming frames as fast as possible. Every slowdown of reindexing the frames would decrease performance and increase the cost.
  • File-based:  Storing a significant amount of data into a database is the wrong approach for media-based files. So the file format had to be binary based. Because of the previous requirement, we had to skip the index. Every index recalculation would end up in a lousy performance.
  • To support telemetry: We did not stream only video and audio data, but we also streamed telemetry. There had to be a way to stream its frames as well. Plus, there were use cases in which the user of the body camera could want to stream only telemetry, but not video.
  • Websocket streaming: Since we can not support another streaming format, we decided that streaming from our server to the web browser clients in the headquarters will be based on WebSockets. To do this properly, we had to implement our video player.

Fortunately, if we analyze our network protocol, we can see the following characteristics which will fulfill the requirements:

  • Partitioning: Every network packet has a unique user id and date. And that is enough to determine the filename of the stream uniquely.
  • Counter: Every network packet has a unique counter value, and this value is attached to the date. At the beginning of every day, we moved the counter to zero. If we analyze further the logic of this counter, it could be used as an index key, by which we can sort by time the whole stream.
  • Supports telemetry: Our network protocol supports telemetry by default.
  • Supports WebSockets: We can reuse the same binary message we received from the Android device for WebSocket streaming. The message must be just encoded properly for WebSocket streaming.
You can see the modified version of our frames container on the diagram. It follows the header:body format, where the header represents a metadata structure for the next frame. By iterating the whole file, we could index the metadata into our server’s memory

With the information from the previous bullets, we can define the following logic. We append every incoming packet to its corresponding file on the filesystem, similarly to what pcap is doing with the network packets. At the same time, another process is reading the file and building the index in memory of our service. And the service uses this index to restream the recorded network packets through web sockets to the web browser player.

To implement the described logic, we decided to build the following system modules:

  • UDP server listener module: The idea of this module is to listen for UDP packets and reroute them to a concurrent queue. The FileWriter module later consumes this concurrent queue.
  • Concurrent queue module: Having in mind that we can have multiple process workers, instead of using mutexes or any other synchronization mechanisms, we decided to communicate using queues between the processes.
  • FileReader module: This module’s primary duty is to read the file packet by packet, using the already loaded index.
  • FileWriter module: The idea of this module is to take the packets from the queue and store them into the file. Partitioning per file per queue was implemented, and every file had a FileWriter process.
  • Indexer module:  It reads the file and indexes the network packets into the memory. After that, it is used by the Streamer module to stream data.
  • Streamer module: This was a collection of processes that started by given offset and used the indexer module to send data to the WebSocket server.
  • Web browser player module: The module was used to decode the network packets coming from the WebSocket server and play video and telemetry data in the browser.
  • Synchronization module: The idea of this module was to provide a way for the synchronization of missing packets between the Android device and the streaming server. We used the index module to return a given user and date for which frames are missing.

One can easily modify the proposed architecture to support cloud deployment and high scalability by replacing the concurrent queues with message brokers and the local filesystem with GlusterFS.

You can see a sample system architecture on the diagram describing the listed components. Arrows represent the data flows and how the data passed through the system

After we finished the technical details of the implementation, let’s discuss how much it cost for us to implement the MVP:

Budget:

  • Android device (200$): We decided to use a standard Redmi 3 device. It supported all the needed features, and it had an excellent battery.
  • Extended battery development (3000$): We developed two battery versions because the first one was not good enough, and our hardware vendor did not provide a quality job. We had to switch vendors, etc.
  • USB Camera (200$): Fortunately, we used an already produced board, so the price was relatively low. Still, we had to buy multiple cameras until we found the most suitable one.
  • 3d printing (400$): 3d printing of multiple prototypes is expensive. And we had to try with various variations.
  • Camera mounts (30$): The camera mounts were already manufactured.
  • Software development (23000$): One developer spent a whole year working part-time on this project. He implemented the backend server and the mobile application for the Android device.
  • Hardware development (8000$): Our hardware guy spent a couple of months developing proper housing and an alternative battery unit for our Android device.
  • Business development (1500$): Fortunately, we did not spend a lot of money on business development.

So we managed to implement the technical MVP for a total cost of 36330$. We tried to sell it, and we failed brutally.

Why we failed

As a team without experience in developing hardware products, we made many errors. Fortunately, it was our first and last try at selling a hardware product. We took our lessons, which I shall list:

  • No business need: For every successful product, you need a local business need, with which you can test your idea and see whether you will have traction. Burgas is an almost crime-free city, so no need for such a system.
  • No hardware ecosystem: There is no ecosystem of electronic hardware manufacturers in Burgas. So you become dependent on people you do not know and even have never met.
  • No delivery pipelines: Making hardware depends on your components delivery pipelines. We did not have any established channels and no partners with such.
  • No investor: Hardware startups are not for bootstrapping. You need a good amount of money to hire the proper people and to make sure once you have MVP, you can buy a good amount of items. Hardware items supply can end, and after that, you have to redesign your solution.
  • Wrong paradigm: Hardware products do not scale so much as digital ones. It will help if you have a good global distribution network and marketing to do it successfully. Being in the 4th city by size in Bulgaria, with 200,000 people, did not help.

In conclusion, despite the problems, we managed to produce MVP, which is a piece of fantastic news. Unfortunately, we could never sell this MVP to anyone for the listed reasons. Looking at the good side of things, we learned what mistakes to avoid when penetrating a market. It helped us with our following products. 

Does Your VPN Protect From Cybercriminals, or Invite Them In?

May 6, 2021 /

The Coronavirus pandemic forced a variety of new adjustments on people. Most offices had to close down, and workers had to turn to their home offices to do work. Schools, universities, most places of education did the same and introduced home learning. Most entertainment outlets were no longer accessible either – the movies, theatres, concerts, everything got canceled or delayed. Home computers and laptops became an essential piece of technology at home. We use them for work, study, and fun. But can you trust them to be secure enough not to lead to trouble? You might be thinking, ”Well, I have a VPN, I’m safe.” But are you?
What is a VPN, and what does it do? VPN stands for virtual private network, and its general role boils down to two words – connectivity and security. A VPN extends a private network across a public network and allows users to exchange data across shared or public networks as though their devices connect directly to the private network. VPNs shield your original IP address and protect your data. If you join a VPN to your router, it covers all your devices connected to said router. Like, phone, PC, laptop, gaming console, smart TV, and other IoT devices.

On the diagram, you can see a standard VPN network configuration. The blue lines represent encrypted tunnels from different networks to your company infrastructure. After packet inspection with the red line, your Firewall sends the traffic to your VPN server. Finally, the VPN server decrypts the traffic and sends it to your local corporate network.


In Corona-times, VPNs are a godsend for employees who aim to reach and use corporate resources. They connect to the company VPN and go about their daily business. The question is, do they use a company device to do their work, as a company PC or laptop, or do they use a home one? That makes all the difference. If you connect the company VPN on your home network, you expose your company to malware. Think about it. What if you, or a family member, carelessly clicked on something they shouldn’t have, and now malware lurks on the PC that you’re connecting to your corporate network?
Another issue with that scenario is what type of VPN the home-office employee turns to exactly? Is it a consumer VPN server based in a different country? That’s risky.
Employees find themselves in a completely new situation, unique to both them and their employer. What had previously gotten used only on rare occasions or emergencies is now used on a regular day-to-day basis, given that 100% of the workload gets done from home. That makes workers vulnerable to targeted attacks. There are already examples of that. According to Sultan Meghji, CEO of Neocova (a cloud-based suite of banking solutions company), several bank CFOs became victims of criminals and state-based attackers.
Cybercriminals are on the lookout for easy targets. They search for open WiFi and encryption that they can break easily. Don’t be that easy target! An excellent way to up your home cybersecurity is to update your router. Ask yourself whether the router you use daily is older than your phone. If yes, replace it ASAP.
Another way to keep the office and home systems safe is education. Employers should educate their employees on cybersecurity and the best practices to implement for the most protection.

The Legality of Private Servers

April 1, 2021 /

The legality of privately owned servers is a much-discussed topic with large grey areas and varying laws in different countries.

In general, that legality is determined by a sample amendment, similar to this one: “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

In other words, this means that the government and other institutions, organizations, and people, in general, do not have the right to search or control privately owned servers. They should not check what the servers store, except that there is reasonable evidence of illegal content.

A warrant to search a privately owned server would not be issued out of false claims because a judge has to examine whether the given evidence is sufficient. However, web servers are usually quite transparent, and illegal content on them is easily detected.

How is that a grey area then, and how liable are those individuals owning servers?

In the case of illegal content linked to a specific web server, people on the internet can see the server’s content and report it if they deem it inappropriate. If many people do this, it will eventually get removed in many cases.

However, if it is not a web server, then people would have no real reason to examine it without evidence of illegal content. Responding to other people reporting illegal content on one’s server by instantly removing it can make the server owner less liable.

Private Game Servers – Legal or Not?

One interesting legal case is the video gaming industry. Online games usually connect to a central server. That presents the issue of the game being unplayable once the online game and its server are gone.

Many people have chosen to counter this issue by setting up their game servers. That also allows them to change the game, revive old games for nostalgia’s sake or change aspects about it to meet their own needs, and so on.

But how legal is it to set up a private server without the game developer’s permission? Usually, this can happen through leaked or stolen codes, which is illegal in itself as it breaches copyright.

Furthermore, private server hosts often take donations to keep the server running. Emulating current servers is more troublesome than bringing back old games that no longer exist.

More Grey Areas

Another grey zone is whether you are the one hosting the server or playing on it. While hosting may easily be illegal, playing on private servers is not. People doing it can still get in trouble, in any case.

There is a difference between official laws and license agreements that the user has with the gaming company and developer. Playing on private servers can infringe the contract you have entered into with the game developer.

Since copyright is usually concerned with distribution issues rather than private use, it is unlikely you will get fined. Still, if you want to support the game developer because you love the game and want to see more of it coming to life, you should play on the official servers instead. Not to mention connecting to a not official game server can expose your machine to cyber attacks. Most of these not official game servers do not have proper cybersecurity defenses.

The only reason and grey zone that would warrant playing on private servers is if the game’s developers abandoned it with no official server left.