Thoughts on Wulim

One of the exciting developments at CCC last month was a talk discussing the copy protection features in the Wulim tablet produced by the Pyongyang Information Center. This post is an attempt to reconcile the features they describe with my experience with devices around Pyongyang and provide some additional context of the environment the device… Continue reading Thoughts on Wulim

Internet Censorship 2016

We have reached the end of 2016, as well as the annual CCC congress in Germany. I had the exciting chance to speak together with Philipp Winter on the shifting landscape of Internet censorship in 2016. The talk followed mostly the same format as last year’s, calling out the continuing normalization and ubiquity of censorship… Continue reading Internet Censorship 2016

First-party Google Analytics

Third party analytics services are suffering from the growing prevalence of ad blocking, tracking protection, and the trend of minimizing connections and requests. However, from a site owner perspective, receiving usage information remains important for measuring site growth. My expectation is that we are already on the curve where ads and tracking software will be… Continue reading First-party Google Analytics

Thoughts on China’s Updated Cyber-security Regulations

On Monday, China ratified an updated cybersecurity legislation that will enter effect next June. The policy regulates a number of aspects of the Chinese Internet: What data companies need to keep on domestic servers, the interaction between companies and the government, and the interaction between companies and Chinese users. Notably, when considering the impact on… Continue reading Thoughts on China’s Updated Cyber-security Regulations

Watch your PAC

In the last week at Blackhat / Defcon two groups looked deeply at one of the lesser known implementations of network policy called Proxy Autoconfig. (In particular, badWPAD by Maxim and Crippling HTTPS with unholy PAC by Safebreach.) Proxy AutoConfig (PAC) is a mechanism used by many organizations to configure an advanced policy for connecting… Continue reading Watch your PAC

Stunning

I’ve started to dive once again into the mess of connection establishment. Network address translation (NAT) is a reality today for most Internet users, and poses a significant hurdle in creating the user-user (or peer-peer) connections. NAT is the process used by your router to provide multiple internal (192.168.x.x) addresses that are all only visible… Continue reading Stunning

Another year, another dive into what’s changed in running a web server. This VM is now basically up-to-date, and supports most of the shiny new web transport improvements, like HTTP/2 and OCSP stapling. Hopefully nothing broke too badly in the process.