Flutter vs React Native

Summary: This week we’ll be looking at a comparison between two open-source mobile application frameworks, namely React Native and Flutter.

Mobile development is nothing new, you usually use native solutions à la Java/Kotlin (Android) or Objective-C/Swift (iOS). Cross-platform doesn’t have to be like this though, React Native and Flutter will help you with maintaining just one code base! There are other similar cross-platform frameworks available, but today we’ll be focusing on these two only, as I have written and published Apps with both frameworks already.

I have decided to do weekly TL;DR comparisons for software and hardware choices. This week we’ll be looking at a comparison between two open-source mobile application frameworks, namely React Native and Flutter.

Introduction

Mobile development is nothing new, you usually use native solutions à la Java/Kotlin (Android) or Objective-C/Swift (iOS). Cross-platform doesn’t have to be like this though, React Native and Flutter will help you with maintaining just one code base! There are other similar cross-platform frameworks available, but today we’ll be focusing on these two only, as I have written and published Apps with both frameworks already.

Quick Facts

FlutterReact Native
backed byGoogleFacebook
programming languageDartJavaScript
first release20152017

Performance

React Native: JavaScript communication to native code via bridge.

Flutter: Dart code is compiled into a native, ARM library.

Generally Flutter should have the upper hand when it comes to performance.

Kanashikute Yarikirenai

Japanese悲しくてやりきれない
RomanizedKanashikute Yarikirenai

This post refers to the cover by Kotoringo (コトリンゴ) for the movie “In this Corner of the World” (この世界の片隅に), released in 2016. I would have probably never found this piece if it wasn’t for the great movie.

You shouldn’t expect heavy action scenes in this movie though, as it is pretty much a slice-of-life anime revolving around a family during the end of WW2.

Great movie and definitely worth to watch, maby even more so than “Your Name” (君の名は)?

This is the cover by Kotoringo, which is used in the movie as an OST:

The original work by “The Folk Crusaders” (ザ・フォーク・クルセダーズ) from 1968:

Both versions are worth listening to!

SSH and Port Knocking

It turns out that SSH brute-force attacks, dictionary attacks or combinations of those are daily routines nowadays. Server logs are quickly filled with login attempts, in the hopes that one of them is right. The best prevention against these kind of attacks is to - obviously - have a secure password, or even better to force key-based authentication.

However, this won’t stop automated attacks from trying out dozens of usernames and passwords anyway, which is generally annoying. Thus, the approach to hide the SSH port, which by default is 22. One solution some people do is moving SSH to a non-standard port. Basically, some random number that won’t conflict with anything else.

Another interesting trick is to not immediately expose the SSH port, but only when a client is saying “Open Sesame”. Jokes aside, that’s roughly what port knocking allows us to do. There are many variants on port knocking and many programs that implement it. The following tutorial will use knockd as port-knocking server.

Install Prerequisites

Download and install the knock-server rpm package:

1
2
$ wget http://li.nux.ro/download/nux/misc/el6/i386/knock-server-0.5-7.el6.nux.i686.rpm
$ rpm -ivh knock-server-0.5-7.el6.nux.i686.rpm

Configuration

The configuration file can be found under /etc/knockd.conf.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[options]
logfile = /var/log/knockd.log

[openSSH]
sequence = 6000,7000,8000
seq_timeout = 15
command = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

[closeSSH]
sequence = 8000,7000,6000
seq_timeout = 15
command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

In the above configuration, we’ve stated that any host that sends a TCP SYN message to port 6000, then 7000 and finally to 8000, within 15 seconds, will cause the iptables command to be run. As you can see, the use of iptables is not hard-coded to knockd at all, meaning that any command can be run when the port sequence is triggered, allowing us to do all sorts of fancy stuff. To close it up, we do the same sequence in reverse order (that’s because we have configured it to do so).

GPG Cheatsheet

GnuPG (GNU Privacy Guard) is a tool for encrypting and signing data. It is a completely free implementation of the OpenPGP standard (defined by RFC4880), which is also known as GPG. This post contains a brief overview of the most important commands you probably have to use when working with GnuPG.

Generating GPG Keys

1
$ gpg --gen-key

You will be asked what kind of key you want, simply proceed with the instructions that are given to you.

Listing GPG Keys

Listing public keys:

1
$ gpg --list-keys

Listing private keys:

1
$ gpg --list-secret-keys

Exporting GPG Keys