Add HUD

[dmakarov]

Title

HUD to display recognized utterances and corresponding actions

Description

This adds the HUD GUI. This is work in progress. Initial PR to reveal any possible issues.

Related Issue

Motivation and Context

It is hoped to improve the user experience.

How Has This Been Tested

Ran on macOS and Windows

Types of changes

• Docs change / refactoring / dependency upgrade
• Bug fix (non-breaking change which fixes an issue or bug)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Renamed existing command phrases (we discourage this without a strong rationale).

Checklist

• I have read the CONTRIBUTING document.
• My code follows the code style of this project.
• I have checked that my code does not duplicate functionality elsewhere in Caster.
• I have checked for and utilized existing command phrases from within Caster (delete if not applicable).
• My code implements all the features I wish to merge in this pull request.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests pass.

Maintainer/Reviewer Checklist

• Basic functionality has been tested and works as claimed.
• New documentation is clear and complete.
• Code is clear and readable.

[dmakarov]

[LexiconCode]

It's been great coordinating chat make this possible! Thank you for your work on this as it's invaluable. Looking forward to testing!

[kendonB]

This one isn't working for me with kaldi:

ERROR:action:Exception from function show_hud:
Traceback (most recent call last):
  File "C:\Python27_64\lib\site-packages\dragonfly\actions\action_function.py", line 145, in _execute
    self._function(**arguments)
  File "castervoice\lib\utilities.py", line 361, in show_hud
    hud.show_hud()
  File "C:\Python27_64\lib\xmlrpclib.py", line 1243, in __call__
    return self.__send(self.__name, args)
  File "C:\Python27_64\lib\xmlrpclib.py", line 1602, in __request
    verbose=self.__verbose
  File "C:\Python27_64\lib\xmlrpclib.py", line 1283, in request
    return self.single_request(host, handler, request_body, verbose)
  File "C:\Python27_64\lib\xmlrpclib.py", line 1311, in single_request
    self.send_content(h, request_body)
  File "C:\Python27_64\lib\xmlrpclib.py", line 1459, in send_content
    connection.endheaders(request_body)
  File "C:\Python27_64\lib\httplib.py", line 1038, in endheaders
    self._send_output(message_body)
  File "C:\Python27_64\lib\httplib.py", line 882, in _send_output
    self.send(msg)
  File "C:\Python27_64\lib\httplib.py", line 844, in send
    self.connect()
  File "C:\Python27_64\lib\httplib.py", line 821, in connect
    self.timeout, self.source_address)
  File "C:\Python27_64\lib\socket.py", line 575, in create_connection
    raise err
error: [Errno 10061] No connection could be made because the target machine actively refused it
ERROR:action.exec:Execution failed: 'show_hud'(): [Errno 10061] No connection could be made because the target machine actively refused it
```

[dmakarov]

@kendonB this requires python3.

[kendonB]

@dmakarov is the idea here that we'd hold off on merging this until natlink is up and running with python 3? Or this would just be available for people with Kaldi setups?

[dmakarov]

@kendonB as far as I know natlink works on python3. This PR is still WIP, but I should finish it soon. I didn’t intend HUD to be available only with kaldi engine, although I test it only with kaldi and test engines, and don’t know whether it would be useful with other setups. There’s nothing engine specific in HUD’s code though. Overall the idea was to consolidate all separate Caster’s GUI under one app and single RPC server.

[caspark]

Apologies for the drive-by comment, but might this need a security token type of thing here, like what dragonfly & aenea use? https://github.com/dictation-toolbox/dragonfly/pull/61/files#diff-6219d462fba21473f0a2404097943f75R29

The danger case would be something like: user is tricked into browsing to evil website, evil website asks web browser to make xmlhttprequests to http://localhost:1338, evil website can now ask this server to execute any registered function. Obviously from a practical perspective this is only going to be a concern if a caster user is actively being targeted (and the blast radius in this server seems small right now - basically it'd be annoying to have the rules UI show up or have caster quit unexpectedly), but mentioning it here anyway.

[dmakarov]

Thanks. I will consider adding the security token. Probably, not in this PR, however.

[kendonB]

Is adding the security token difficult? I wouldn't want any extra vulnerabilities introduced to master.

[LexiconCode]

It's actually a vulnerability that exists already with the current implementation.

[kendonB]

The current master you mean? Can we fix that?

[LexiconCode]

@kendonB That's correct and in the current master. Basically someone would have to set up a malicious website specifically for caster and a caster user would have to go to that website. In that case they then could control RPC commands that are defined. Mostly emulating mouse now this is none that I know of control keyboard input.

To protect against this a secret would be randomly generated and be used for authentication for the client/server to protect against such targeting.

dmakarov mentioned he would implement it in another pull request.

[caspark]

Yes, sorry, I should have mentioned that this is an existing problem so it's not meaningfully worse than before (just a couple new commands available to an attacker - but none of them seem to allow arbitrary code execution).

[kendonB]

@caspark would you be able to open an issue on this (for the current vulnerabilities)?

[LexiconCode]

Thanks for the reminder @caspark
Documented in #809

[LexiconCode]

Thanks. I will consider adding the security token. Probably, not in this PR, however.

Is this something you are willing to take on?

[LexiconCode]

This will work with everything but Python 32-bit 2.7.x. This is a limitation of QT 5 via pyside2. Really only affects DNS with Natlink on 32-bit 2.7.x.

[bluecamel]

@dmakarov This is wonderful! FWIW, I made a couple of tweaks to help with when it was crashing caster.

@dmakarov still getting this error with python 3

I had this issue at first too. There was another error earlier from when the hud tried to start, but that was hitting a Shiboken error. I upgraded PyQt5 and PySide2 and it's working great now.

[LexiconCode]

@dmakarov This is wonderful! FWIW, I made a couple of tweaks to help with when it was crashing caster.

@dmakarov still getting this error with python 3

I had this issue at first too. There was another error earlier from when the hud tried to start, but that was hitting a Shiboken error. I upgraded PyQt5 and PySide2 and it's working great now.

I've included some of your enhancements catching connection error. This PR will be merged Directly but will be included in a new all request combines most of dmakarov work and drop support for Python 2.