My Background…

Posted on 22 June, 2020 by dk

Skeletons In My Closet

(or in my case, Diners In The Background, aka the Case of the Faceless Man)…

With the recent global pandemic, working from home means parking myself at my (messy) workbench, work laptop tucked under my triple monitor set-up… that, due to my small apartment, is actually in my dining area (with the dining table at my back). This means I (usually) do not enable my video/webcam feed during virtual meetings/teleconferences, mainly to

retain some modicum of privacy for the rest of my household
avoid the extremely distracting situation of having people walking past behind me (and given that my webcam is perched on top of my monitor that has been raised to eye height and therefore is pointing downwards, means headless torsos traversing stage left to right or vice versa)
avoid having some person/s sitting down at the dining table behind me, eating or whatever

Unfortunately, forced to show my ugly mug via video/webcam feed during work calls, due to guilt for not doing so while everyone else was, or because of conducting customer training, I had to scramble to find a solution to “hide” my background.

You Feel Sense Me?

I immediately thought of depth-sensing cameras, hopeful that the days of the Xbox Kinect have been left behind in the name of maturity… A full day of researching depth-sensing capable cameras came up with disappointing results, however.

The Intel D435 is the only widely available retail webcam considered “current”, with everything else, like the Intel SR305 and similar third-party Intel SR300-based products (like the Creative BlasterX Senz3D and the Razer Stargazer) currently relegated as “discontinued”/”unsupported” (due to the latest Intel SDK dropping support for SR300) or “limited support” (i.e. using only the normal, 2D RGB sensor, like any other normal HD/FHD webcam)

Countless other pages I forgot to bookmark/note down simply distilled into the single fact that dabbling with depth sensing cameras was a hit-or-miss affair, with actual software support not universal, despite Intel’s SDK having being already been provided… Maybe if someone can write a “tween” application (here or here) that would create a fake green screen that (most) other “normal” software with native support for green screens (like OBS and Zoom) could use, this may be the ideal (compared to what follows below)…

If you have to ask why: some of the solutions proffered still pick up persons moving behind me, and often incorrectly, resulting in some disembodied torso crossing behind me; the use of depth sensing would result in picking up only me, assuming some ability to control/select the distance/depth…

Since I did not want to spend money on something that may work (but most likely not), that brought me back to the “standard” webcam + “human shape/form sensing” and “‘smart‘ background removal”…

I tested several options I could find, namely:

XSplit VCam
CyberLink PerfectCam
Snap Inc’s (of Snapchat fame) Snap Camera

One key point for me, which may not be applicable to you, is that I needed the software to work with BlueJeans, the “video conferencing application of choice” for work.

2021/07/01 Update: With my work moving over from BlueJeans to Zoom (citing the latter is more commonly found everywhere, probably due to their offering of a “free” tier), this is no longer a requirement. Zoom itself had introduced non-green screen background replacement shortly after this article was written also, and to date, it’s outline detection appears to equal or surpass Snap Chat’s.

2020/07/13 Update: BlueJeans surprised me today with an updated version, with a new “background” feature ala Zoom’s virtual background feature (i.e. not requiring chroma-keying/green screen)…

The good: less CPU intensive, less lag than routing through Snap Camera (as expected).

The bad: Shape/person object detection is still wanting, in comparison with Snap Camera (better) or even PerfectCam’s (best) shape detection – persons walking in my background still “appear” in BlueJeans as compared to the other two, despite the rather large distance separation.

Jump past the break to see what I eventually use now…

Continue reading →

Crouching Tiger, Hidden User-SID-in-Registry…

Posted on 9 May, 2020 by dk

I was poking around my Windows 10 registry and stumbled across an “account unknown” SID – which immediately triggered my “hack alert” (not to mention my OCD)…

I traced this inherited permission up to registry root – which got me really worried…

I was about to just “try and clean it up” (e.g. search the entire registry for the same SID and delete it if no such value, i.e. reference, was found), but decided to quickly search the ‘net while waiting for regedit to complete the full tree search when I stumbled upon this.

TLDR: Don’t blindly delete any unknown SIDs…

<RANT> Trust Microsoft to do something stupid like this, all in the name of attempting to “hide” or obfuscate their spying (in the case of this specific SID “S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681” in question); I mean, why would Edge, one piece of software requiring outbound network connectivity, need to have read permissions of the entire freakin’ registry?!?). This looks like one massive data leak/breach (via an Edge exploit) waiting to happen.</RANT>

Clamping Down HARD on DHCPd MACs…

Posted on 10 February, 2020 by dk

There is an eight year old issue (at the point of writing this) with pfSense DHCPd that somehow did not restrict DHCPd IP “handouts” despite the chosen setting to “Deny unknown clients”… Which, after some digging, turns out more to be of a misunderstanding than what the “common people” would think.

Despite the “Deny unknown clients” setting, certain clients requesting an IP from a pool/interface that does not explicitly list its MAC address will still get an IP address. It turns out that said client is considered “known” if the MAC is listed anywhere else (i.e. in some other MAC address list)…

Anyway, I got fed up with this seemingly insecure behaviour and managed to hack a fix… some 8+ months ago… Just that I never got around to posting the details for people willing to hack their own pfSense fix (unlike my other SSHd configuration fix which was documented in full)…

Well, to cut the long story short, the pull request (merged with another upstream fix) has now been accepted and merged (actual changes)… You will see this fix some-time-soon-now in some upcoming pfSense release… Enjoy!

2021/02/28 Update: A year later and only now is the DHCPd fixes released with a new stable release (2.5.0), instead of the expected 2.4.x! Well, it’s “finally out there”…

2021/06/01 Update: As of time of writing, it appears that 2.5.0 and 2.5.1 are, unfortunately, bugged and I do not recommend upgrading to 2.5.0/2.5.1…

2021/07/07 Update: pfSense 2.5.2 is now released… YMMV…

GNU getopt Needs A Helper

Posted on 31 March, 2019 by dk

So, recently at work, I found myself knee deep in… scripts…

Most of my scripts had ugly positional parameters/arguments (you know, $1 was the value for this, $2 was the input for that)… So, I dug up getopt… But then I quickly spiralled down the time-sucking rabbit hole of trying to automate some other bits, like being able to print the “usage” by “simply” plucking out all the options given to getopt in the first place…

Continue reading →

Securing pfSense SSH2…

Posted on 30 March, 2018 by dk

So, as exposing the HTTPS administration page of pfSense to the big, bad, Internet is a big “no no”, the only proper way should be to set up SSH2 and allow port forwarding.

Now, there are already articles out there telling you that using username+passwords to secure SSH2 is not the way to go… Using certificates is. However, I wanted more… I wanted both… Why is it that pfSense will only allow one or the other when sshd already allows enforcement of both?

So, once again, rolling up my sleeves, I dived into the murky waters of the pfSense shell…

Continue reading →

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The Stuff We Use

featured

My Background…

Skeletons In My Closet

You Feel Sense Me?

Crouching Tiger, Hidden User-SID-in-Registry…

Clamping Down HARD on DHCPd MACs…

GNU getopt Needs A Helper

Securing pfSense SSH2…