Vito Sartori

26, self-taught software engineer

Toolbox

  • C
  • Ruby
  • Golang
  • Objective-C
  • Clojure
  • Python
7A3F 6453 F98F 7B8A

Work

[2019] Ruby Mesa.tool

Mesa.tool is an app that is part of the new MESA Platform. As the project’s tech leader, I supervised and mentored a team of awesome people during its development phases.

Official Website
[2019] Ruby Mesa.school

D3 was invited to build the new MESA Platform; This one is their Web Course, which allows anyone to become a MESA Leader. The course was exclusively designed and taught by MESA founder, Barbara Soalheiro, who invented the Method which has been used to successfully solve complex problems for companies and communities for over 7 years now.

Official Website
[2018] Ruby pull.md

pull.md was an experiment that allowed people to pull information using curl, for instance.

[2017] ObjC Zag iOS

To allow users to create their refunds on-the-go, Zag also have a native iOS App.

[2016] Ruby Zag REST API

Zag is a platform that intended to allow employees to request refunds from their companies.

Official Website
[2016] Node Rio 16's Dancing Pavilion

We (at D3) were invited to build a pavilion for a Brazilian beer brand to host music, parties, DJ’s and shows. This pavilion was located in the Barra Olympic Park, the primary location for the stadiums in the Rio 2016 Olympic Games. The building had sensors distributed in strategic points in order to determine how agitated people were inside of it, which yielded to really nice animations following their behaviour. More information can be found over DesignBoom’s post.

[2016] Ruby WhatsLove Book

For the 2016 Brazilian Valentines Day, I was invited by @zehf to collaborate on one of his ideas: a book composed by several metrics extracted from WhatsApp messages exchanged by couples. After attaching exported messages to an email message sent to a special address, our robots would parse, interpret and analyse them in order to build an illustrated book.

Official Website
[2016] Node Giskard

Giskard is the base framework of a bot used on D3 Estúdio. It was extensible through modules, and was capable of holding conversational contexts in order to acquire data that could be used in several metrics.

GitHub
[2016] ObjC OceanFlow

OceanFlow was an iOS app that managed Droplets hosted on DigitalOcean. It has now been retired.

[2016] Ruby Twitter TestDrive

Twitter TestDrive was a platform being developed together with Twitter’s Brazil office, which will allow automakers to reach people willing to take a test-drive of any of their new models.

[2015] C Bloom Binary Procotol

BBP consisted of an DbC protocol that defined all messages exchanged between clients on a Bloom environment. By using a custom manifest file, BBP can generate clean code on several languages, which makes the exchanged data cross-platform compatible. It replaced JSON structures and proven to be lightweight as the data quantity transmitted in Bloom’s networks increased.

[2015] ObjC FleetDash

FleetDash was an iOS dashboard used to monitor and control Fleet instances.

[2015] C Fleet

Fleet was responsible for scaling and controlling real-time processes on Bloom servers; together with a load balancer, it was capable of spawning and terminating processes based on server load and resource usage.

[2015] Node A Place to Departure

A Place to Departure was an interactive installation that used technology to connect people across the world. Using LIDAR sensors and transducers to reproduce a “touch” when two people toched the same spot of a window across the globe.

Official Website
[2015] Python Hortiescolha

Invited by the Horticulture Quality Centre from CEAGESP, we participated on the process of optimisation and digitalisation of Hortiescolha: a decision-making support program regarding fruits and greenery for the scholastic food service. See, every day teenagers and children of thousand of public schools throughout Brazil receive a lunch. It may sound simple, but the challenge and the complexity behind this fundamental activity is unimaginable for most of the population. We at D3 had the opportunity to learn and be part of this process, contributing to its improvement.

[2014] Python Bloom

Bloom was an oncoming digital events platform. It allowed people to make cashless payments before Apple/Samsung Pay, and helped live events get even better. It was widely used in 2015’s Rock in Rio, and had a great acceptance among its users.

[2014] Ruby #TridentTweetMusic

A campaign promoting Skank’s (a Brazilian band) new clip made entirely of vines. An user could be part of it by tweeting a vine together with a specific hashtag. The vine was then processed and attached to the original clip, generating a brand new one, that is finally sent back to the user.

[2014] PHP Carnaval Digital

An interactive platform that allowed thousands of people to be part of the Brazil Carnival through sort of a social game.

Open-Source

[2020] Golang go-oif

An opinionated imports formatter which sorts imports into three categories:

  1. Built-in imports (os, io, net/http, etc)
  2. Third-party imports (all your dependencies)
  3. Project dependencies
GitHub
[2020] Clojure clsql

clsql provides a toolchain to work with databases and SQL for Clojure applications. It provides facilities to work with migrations and queries, allowing teams to have reproducible migrations and easier to maintain queries, leaving SQL out of Clojure.

GitHub
[2020] Golang tlvp

tlvp is a CLI TLV parser specially designed to handle EMV data. This may be used by payment system researchers and practitioners to read TLV data (both binary and hex-encoded) in a formatted, organised way.

GitHub
[2018] Golang Howe

Howe replaces MOTD with relevant information about the local server, like services, containers, and metrics of disk usage.

GitHub
[2018] Golang Ludwieg

Ludwieg is a toolchain aimed to develop binary protocols. With its own modelling language, Ludwieg is capable of generating code in Java, Objective-C and Golang.

GitHub
[2017] ObjC Bedim

Bedim is a small macOS utility that automagically blurs backgrounds when any window is present in your screen.

GitHub
[2017] Node NSLocation

NSLocation wraps CoreLocation in order to provide geographic location of a device running macOS. The library provides a bridge between Node.js and the CoreLocation Framewok, allowing Electron and Node.js applications to use geographical data of the current user.

GitHub
[2017] Golang Pine

Pine is a logging library for Golang. It outputs different formats based on a TTY availability. When available, output is augmented with emojis and colour. Otherwise, a parseable format is used.

GitHub
[2017] Golang gh

gh is a terminal utility that allows you to use GitHub directly from your terminal. No more fiddling with the browser to create a new repository or managing teams.

GitHub
[2016] Golang Stapler

Stapler is a Go library that handles file uploads or general data storage. It plays well with ORMs and such, making it easy to work with stored files.

GitHub
[2016] Golang Colorarty

Small Go library that analyses images and extracts a background, primary, secondary and detail colors, all suitable for reading.

GitHub
[2016] Golang go-unfurl

Simple Go library that follows all possible redirects of a given URL. Part of Digest.

GitHub
[2016] Golang u2imgur

u2imgur is a silly utility that uploads images to imgur.

GitHub
[2016] Golang goom

goom is yet another port of Holman’s boom, this time in Go. Unlike Cloom, it has a Levenshtein distance algorithm implemented, which allows it to match mistyped or incomplete items.

GitHub
[2016] Ruby Sicuro

Sicuro was a personal vault that protects sensitive data until it is needed. Some people have the need to keep data private until there’s a need to make it public, and that what Sicuro was about. It stores encrypted data, protected by keypairs and distributed to a list of people you trust.

[2016] Clojure Cloom

cloom is a port of Holman’s boom in Clojure. It manages text snippets on the command line. Quoting Zach’s description of boom:

You can stash away text like URLs, canned responses, and important notes and then quickly copy them onto your clipboard, ready for pasting.

GitHub
[2015] Node D3-Digest

A Slack Bot that watched and collected reactions on public links posted in specific Slack channels (such as #random). Those links were then processed and made available on a public webpage.

GitHub
[2015] Node unfurl-url

A simple tool that unminifies URLs.

GitHub
[2015] MDown Awesome iOS

A curated list of awesome iOS projects and libraries, includes Objective-C and Swift.

GitHub
[2015] ObjC DropletKit

DropletKit is an Objective-C wrapper for the Digital Ocean’s REST API.

GitHub
[2015] JS Spotificator

After Rdio announced its imminent shutdown, after being acquired by Pandora, we at D3 Estúdio hurried to bring back a tool capable of exporting Rdio and Deezer playlists and collections to a Spotify account. Featured on Product Hunt.

GitHub
[2014] JS Atom

GitHub’s text editor written in HTML5

GitHub
[2014] Node direktor

A remote SSH command runner for cluster maintenance

GitHub
[2014] Ruby has_gravatar

Dead simple Gravatar URL generator

GitHub
[2014] Ruby ssh-fingerprint

Generates a fingerprint given an SSH public key (without ssh-keygen or external dependencies)

GitHub
[2013] Ruby Identicons

Ruby implementation of GitHub’s new Identicons.

GitHub
[2013] JS Adobe Brackets

Open-source IDE developed by Adobe (and contributors) aimed to web development.

GitHub
[2012] JS Knockout.js

JavaScript library used by Microsoft’s MVC framework that implements the same MVC architecture using JavaScript and HTML5

GitHub
[2012] MSIL GitHub for Windows

Closed-source utility written by GitHub that allows non-familiarized with Git’s command-line tools to use the service through a clean user interface. This contribution required some reverse-engineering, since the project is closed source (but yet was a contribution 😎).

Blog

ASN.1 Field Ordering in Go

A few days ago I had to generate a Certificate Signing Request using Go; dealing with crypto in Go is always a breeze, but then I was notified by the Certification Authority that fields were out of order. Technically, considering the DER nature of the CSR, the order of Organizational Unit should not matter. The CSR was regenerated to no avail.

The solution was to write the CSR manually (sort of manually, see below), defining all asn1 bits. That comprised of digging through the documentation, implementation files and tests, so I could understand what was happening behind the courtains. Personally, what most intriged me was Go checking for a prefix in a type name through reflection to determine whether it was an ASN.1 sequence or set.

So, first of all, let’s determine what we will need to generate our Subject line: Object IDs for all the fields we plan on filling, a custom type so we can write UTF8String instead of PrintableString (Only Country is PrintableString), and a custom type so we can get sets instead of sequences.

package generator

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "crypto/x509/pkix"
    "encoding/asn1"
    "encoding/pem"

)

var (
    oidCountry            = asn1.ObjectIdentifier{2, 5, 4, 6}
    oidOrganization       = asn1.ObjectIdentifier{2, 5, 4, 10}
    oidOrganizationalUnit = asn1.ObjectIdentifier{2, 5, 4, 11}
    oidCommonName         = asn1.ObjectIdentifier{2, 5, 4, 3}
    oidLocality           = asn1.ObjectIdentifier{2, 5, 4, 7}
    oidProvince           = asn1.ObjectIdentifier{2, 5, 4, 8}
)

type ASNUTF8String struct {
    Type  asn1.ObjectIdentifier
    Value string `asn1:"utf8"`
}

// AnySET is an interface{} slice; SET is required by asn.1 to generate it
// as a set instead of a sequence.
type AnySET []interface{}

Then, to the implementation. The CSR requires a private key, which in my case was storad in a PKCS#12 container. Reading it is easy using Go’s crypto packages. One of the CSR’s Organizational Unit values and the Common Name is provided through arguments, together with two byte slices containing the private key, and its password. Error checks were elided to keep the example small.


func GenerateCSR(private, password []byte, commonName, OU string) ([]byte, error) {
    block, _ := pem.Decode(private)

    var rawBlock []byte
    var key *rsa.PrivateKey

    rawBlock, _ = x509.DecryptPEMBlock(block, password)
    key, _ = x509.ParsePKCS1PrivateKey(rawBlock)

    attributes := []AnySET{
        {ASNUTF8String{Type: oidCommonName, Value: commonName}},
        {ASNUTF8String{Type: oidOrganizationalUnit, Value: OU}},
        {ASNUTF8String{Type: oidOrganizationalUnit, Value: "Another OU Value"}},
        {ASNUTF8String{Type: oidOrganizationalUnit, Value: "Yet another OU Value"}},
        {ASNUTF8String{Type: oidOrganization, Value: "Organization Name"}},
        {ASNUTF8String{Type: oidLocality, Value: "Locality Name"}},
        {ASNUTF8String{Type: oidProvince, Value: "Province"}},
        {pkix.AttributeTypeAndValue{Type: oidCountry, Value: "Country Code"}},
    }

    attrBytes, _ := asn1.Marshal(attributes)
    template := x509.CertificateRequest{
        RawSubject: attrBytes,
    }

    csrBytes, _ := x509.CreateCertificateRequest(rand.Reader, &template, key)
    return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrBytes}), nil
}

Without this, the order was based on the Subject type field order, which was considered invalid by our AC.