How do i easily clamp my cameras rotation when using transform.rotate()

I’m making a fps controller, and I’m trying to clamp my cameras x rotation. Here’s my code so far:

using System.Collections; using System.Collections.Generic; using UnityEngine;  public class Player : MonoBehaviour {     // Start is called before the first frame update      [SerializeField] Camera cam;     [SerializeField] float camSpeed;     [SerializeField] float walkSpeed;     [SerializeField] float jumpSpeed;      float yaw;     float camPitch;     Vector3 direction;     Vector3 worldDirection;      Rigidbody myrigbody;     void Start()     {         myrigbody = GetComponent<Rigidbody>();     }      // Update is called once per frame     void Update()     {         camPitch = -Input.GetAxis("Mouse Y") * camSpeed;         cam.transform.Rotate(new Vector3(camPitch, 0, 0));         yaw = (yaw + Input.GetAxis("Mouse X") * camSpeed) % 360f;          direction = new Vector3(Input.GetAxis("Horizontal") * walkSpeed, myrigbody.velocity.y, Input.GetAxis("Vertical") * walkSpeed);         worldDirection = transform.TransformVector(direction);          if(Input.GetKeyDown(KeyCode.Space))         {             myrigbody.AddForce(new Vector3(0, jumpSpeed, 0), ForceMode.Impulse);         }     }     private void FixedUpdate()     {         myrigbody.MoveRotation(Quaternion.Euler(0, yaw, 0));         myrigbody.velocity = worldDirection;     } } 

I know that I want to clamp my cameras X rotation within a range of -89 to 89, but no matter what I try I can’t figure out how to clamp the rotation while using cam.transform.Rotate(). I don’t think I can clamp camPitch, because it is reset every frame, and I can’t figure out a way to directly clamp the cameras rotation. The cameras rotation is not resetting, so if I could somehow clamp it it would work. Is this possible, or do I need to try a different method? How do i get this to clamp correctly?

Unity2D – Rotation of gun following mouse error when parent ‘player’ object rotates

I have a bug I’ve been trying to fix with the rotation of a gun object that follows the mouse position but has issues when the parent object player rotates. Example:

Example of rotation error

The player has a gravity script to keep them aligned with the ‘planet’ as you walk around it. The gun as a child of the player, is supposed to always rotate to point at where the mouse is (sorry you can’t see it in the gif). The gun normally flips itself at 90 and -90 (top and bottom), and flips the player to face the same side the mouse is on.

The problem is that the player rotates to stay aligned with the planet, but the 90 and -90 angles that the gun bases flipping itself and the player off of course don’t rotate.

Here’s my code for the gun:

         Vector3 difference = Camera.main.ScreenToWorldPoint(Input.mousePosition) - transform.position;           difference.Normalize();           float rotationZ = Mathf.Atan2(difference.y, difference.x) * Mathf.Rad2Deg;            float startRotation = rotationZ + offset;            float shotRotation = startRotation + Random.Range(-scatter, scatter);            transform.rotation = Quaternion.Euler(0f, 0f, startRotation);            //Flip the gun at top and bottom           if (rotationZ < -90 || rotationZ > 90)           {               if (player.transform.eulerAngles.y == 0)               {                   transform.localRotation = Quaternion.Euler(180, 0, -rotationZ + offset);               }               else if (player.transform.eulerAngles.y == 180)               {                   transform.localRotation = Quaternion.Euler(180, 180, -rotationZ + offset);               }           }            //Use gun rotation to set player direction           //left           if (rotationZ >= -90f || rotationZ <= 90f)           {               animator.SetFloat("Vertical", 0);               animator.SetFloat("Horizontal", -1);           }           //right           if (rotationZ <= -90f || rotationZ >= 90f)           {               animator.SetFloat("Vertical", 0);               animator.SetFloat("Horizontal", 1);           }

Normalize a rotation around the Z-axis (issue with GLM)

I’m trying to undo some transformations coming from an external tool*. I’m getting different results depending on subtle differences in the input and wondering how to convert to a rotation about the Z-axis only.

The transformations are expressed as a matrix = translation * rotation * -translation. I want to decompose the resulting matrix into a single translation and rotation around Z — I know this is possible given the source material (2D plane).

My problem is coming from GLM decompose. Given a matrix that looks like this:

[         -0.5 |     0.866025 |            0 |            0 ] [    -0.866025 |         -0.5 |            0 |            0 ] [            0 |            0 |            1 |            0 ] [            0 |            0 |            0 |            1 ] 

If I call decompose, then take the eulerAngles of the Rotation I end up with either:

  • ( 0, -0, 2.09439 ) from quat( 0.5, 0, 0.866025, 0 )
  • ( 3.14159, 1.0472, 3.14159 ) from quat( 0.5, 0, 0, 0.866025 )

The difference depends on how the matrix was generated, whether the rotation was 120degrees or -240degrees. The display must be clipping the floating point, introducing a subtle change.

I’m assuming both these rotations are actually the same.

How do I force/convert the result to be a rotation about the Z axis only.


*The external tool is Inkscape which uses the CSS/SVG function rotate(r, cx, cy) instead of a rotation and transform. That function results in the matrix: translate(cx,cy,0) * rotate(r, (0,0,1)) * translate(-cx,cy,0)

MySQL password rotation: Using a single user to change other user passwords

I’m currently working on setting up a password rotation strategy for an AWS Aurora/MySQL based application.

My plan was to use a strategy like this…

  • Application usernames/passwords stored in AWS SSM encrypted parameters.
  • Application servers have access to retrieve only their credentials from SSM. Restricted by environment (staging, production etc.)
  • Lambda configured to run periodically to change passwords in MySQL and store the new values in SSM. Lambda to authenticate with the database using AWS IAM roles, rather than using a password.

The last bit is the bit I’m not sure about. This configuration would require the lambda role/user to have permission to change the passwords for all of the other application users.

Is this a reasonable way to do it, from a security perspective? Since the lambda mysql user will use an IAM role rather than a password, this should retrict it’s use to only authorised roles.

The alternative would be to not have a special db user for the lambda to login, but rather to have the lambda function retreive each users credentials from SSM, and then login as each user to change it’s password.

Either way the lambda is going to need to have access to each user.

Assuming I can carefully retrieve access to the "lambda_user" in MySQL, are there any other glaring issues with having a user have authority to change other users passwords?

Also, just to clarify, these are application users, not regular human type users who will be using these credentials.

trouble recovering rotation and translation from essential matrix

I am having trouble recovering rotation and translation from an essential matrix. I am constructing this matrix using the following equation: \begin{equation} E = R \left[t\right]_x \end{equation}

which is the equation listed on Wikipedia. With my calculated Essential matrix I am able to show the following relation holds: \begin{equation} \left( \hat x \right) E x = 0 \end{equation}

for the forty or so points I am randomly generating and projecting into coordinate frames. I decompose $ E$ using SVD then compute the 2 possible translations and the two possible rotations. These solutions differ significantly from the components I’m starting with.

I have pasted a simplified version of the problem I am struggling with below. Is there anything wrong with how I am recovering the these components?

import numpy as np   t = np.array([-0.08519122, -0.34015967, -0.93650086])  R = np.array([[ 0.5499506 , 0.28125727, -0.78641508],     [-0.6855271 , 0.68986729, -0.23267083],     [ 0.47708168, 0.66706632, 0.57220241]])  def cross(t):     return np.array([     [0, -t[2], t[1]],     [t[2], 0, -t[0]],     [-t[1], t[0], 0]])   E = R.dot(cross(t))   u, _, vh = np.linalg.svd(E, full_matrices=True)  W = np.array([ [ 0,-1, 0], [ 1, 0, 0], [ 0, 0, 1]])  Rs = [u.dot(W.dot(vh.T)), u.dot(W.T.dot(vh.T))] Ts = [u[:,2], -u[:,2]] 

Subkey rotation and revocation

If I decided today get new subkeys because I simply want to rotate them or because they are about to expire, do I have to sign all keys of other people I signed with my old signing key again? And if I let my subkeys expire, does that have the same effect as if I revoked them?

Smooth root certificate rotation

I am surprised that I couldn’t find one concrete example of how to do root certificate rotation. For example:

  • Root CA has 2 years validity period
  • Intermediate CA has 9 months validity period
  • leaf certificate has a 3 months validity period

The renwal/replace time are:

  • Root CA is going to be replaced every 1 year
  • Intermediate CA is going to be replaced every 6 months
  • leaf certificate is going to be renewed every 2 months

This gives

  • 1 month buffer for service to renew its certificate before the certificate expires.
  • 3 months buffer for intermediate CA to sign new service certificate. By the time the old intermediate CA expire, all the old issued certificates are expired as well.
  • 1 year buffer to distribute the new root certificates to client. We want to give enough time for clients to pull the new root certificate before the old one expires.

Questions:

  • We have root 1 and root 2 overlapped for 1 year, when should we start signing new CSR using root 2 certificate?

If the one year overlapped time is just for cert distribution, by the time root 1 expired, all clients should already have root 2 trusted. However, by the time root 1 expires, we haven’t signed any new server certificates with root 2. It means when the time root 1 expires, all the services will be down. I guess we will need to ensure all services are using cert from root 2 before we can retire root 1? and we also have to ensure all clients have root 2 key before issuing server certificates using root 2? I think that makes sense but in terms of timeline, how should we managed that? In the 1 year overlapped time, maybe we can do 6 months distribution time, and 6 months signing time. so by the time root 1 retire, everything will be running on root 2 already?

And if we are using private CA, (lets say AWS private CA) , do we need to implement a service to ensure things above will happen?

Given that we own all the clients and servers.

Taking advantage of subdomains for refresh token rotation in SPAs

Say I have three components in a system:

  1. An identity service, hosted at identity.mydomain.com
  2. A single page application, served from app.mydomain.com
  3. An API, protected by requiring a bearer token signed by identity.mydomain.com

In the single page application, would it be considered secure to keep an access token in memory, and a rotating refresh token (set by identity.mydomain.com, marked with all the expected security attributes as well as SameSite=strict) in a cookie? The refresh token would rotated similarly to this auth0 article here: https://auth0.com/docs/tokens/concepts/refresh-token-rotation

My thinking for the flow would be as follows:

  1. User visits app.mydomain.com
  2. The SPA sends a request to the token endpoint of identity.mydomain.com
  3. identity.mydomain.com returns 401 because there is no refresh token cookie
  4. SPA redirects user to identity.mydomain.com
  5. User authenticates
  6. identity.mydomain.com sets a refresh token cookie (with HttpOnly, Secure, SameSite=Strict) valid for .mydomain.com (all subdomains)
  7. User is redirected back to app.mydomain.com
  8. app.mydomain.com sends a request to the token endpoint of identity.mydomain.com
  9. identity.mydomain.com receives the cookie, because it is on the same overall domain.
  10. identity.mydomain.com sets a new refresh token cookie, invalidates the old one, and returns a very short-lived access token
  11. app.mydomain.com can then store that access token in memory and use it to call the API at service.mydomain.com.
  12. access token expires, so the SPA sends another request to identity.mydomain.com/token to refresh the tokens and the cycle continues.

I can’t see a way this would be particularly vulnerable – the refresh token wouldn’t be available to JS due to its protected attributes, and even if it is retrieved somehow the rotation should ensure it’s not used more than once. The SameSite=true attributes should also protect against CSRF. I’d make the refresh token also a signed JWT so the identity service can validate it and make sure it is issued by the correct authority as well.

If this is insecure, I’ve definitely misunderstood something somewhere down the line – so please could you explain why?

Using a rotation matrix to transform/shift a pinhole camera

I have a pinhole camera model with the following extrinsic (in Earth Centered, Earth Fixed Coordinate, (ECEF) system) and intrinsic parameters.

focal length (x,y) = 55000 px, optical center = (2400,540)

camera center (x,y,z), (ground coordinates) = -2322996.2171387854 -3875494.0767072071 5183320.6008059494 (ECEF)

Rotation matrix (3×3, camera to ground frame) = [[0.88982706839551795,-0.45517069374030594 ,0.032053516353234932], [-0.44472722029994571, -0.84940151315102252, 0.28413864394171567], [-0.10210527838913171, -0.26708932778514777, -0.95824725572701552]]

I need to shift the camera so that it points to the correct position on the ground based on a ECEF transformation matrix (4 X 4), which looks like this:

[[0.99999922456661872, 0.00043965959331068635, -0.0011651461883787318, 7033.5303197340108], [-0.00044011741039666426, 0.99999982604190574, -0.00039269946235032278 ,814.02427618065849], [0.0011649733316053631, 0.00039321195895935108, 0.99999924411047925 ,4139.9400998316705], [0, 0, 0, 1]]

The 3 x 3 matrix portion formed by the first three rows and columns are the rotation component, the first three values in the last column is the translation component. My general understanding is that I need to add the translation component to the camera center coordinates, while multiply the camera to ground rotation matrix with the rotation component. Is this sufficient, or would I need to do something extra ?