Will Scott

Tag: programming

  • SP3

    I started running a public sp3 server today. It’s a small side-project I’ve hacked together over the last couple weeks to make it easier for people to play with packet spoofing. The server works similarly to a public proxy, but with the trade-off that while it won’t send high-volumes of traffic, it will allow you to send arbitrary IPv4 packets from any source you want.

    There are a few fun applications that need this capability that I’ve been thinking of: helping with NAT holepunching of TCP connections; characterizing firewall routing policies; and for cover traffic in circumvention protocols. I think there are others as well, so I wanted to start running a server to see what people come up with.

    The code is on github.

  • What’s Up with Open HTTP Proxies

    I’ll be giving a talk next week at CCCamp on the Open Proxy ecosystem, following up on some work I did last year looking at the operators, users, and traffic.

  • CascadiaFest

    cascadiafest

    I’m quite excited to be talking at CascadiaFest this summer about the work I’ve been doing on scanning the Internet.

    My talk proposal is archived here. The cool end-results are still getting ready for publication, but one of the code modules I’m pretty excited about that happened in the process is ip2country.

  • HPKP

    I’ve updated this domain to include the new HPKP mechanism and a stronger intermediate cert. HPKP supplements the previous HSTS mechanism to define a specific signing key that must be present on subsequent HTTPS interactions with the server, helping to mitigate one class of man in the middle attacks.

  • LinuxFest NW

    LinuxFest NW

    lfnw

    I’ll be talking about what a civic hacking organization looks like at Linux Fest NorthWest in April.

    Code for Seattle is a brigade of civic-minded hackers. We’ll talk about how we’ve organized hackathons, a weekly meetup, and successfully navigated the government bureaucracy as a small group of volunteers.

  • Server

    Server

    server

    Finally got a new server up and running. It’s interesting to go through the setup process every once in a while to see what parts of it are still hardware. I also got to explore some new corners of the process, like dealing with the remote admin interface, and structuring DNS and NICs across multiple public interfaces.

  • IP to Country

    I started ip2country over the last few days, as a self contained npm module for determining the country of an IP address.

  • Webrtc-Adapter

    WebRTC continues to develop towards an evolving standard, requiring some additional leg work to use it in projects. In yet another attempt at bridging that gap, I’ve been working on maintaining an adapter lessening some of the deviation from standard in current browsers.

    https://www.npmjs.org/package/webrtc-adapter

    It currently fixes

    • Response of format of getStats in Chrome
    • Translation to ‘url’ from the standard ‘urls’ when configuration is passed to Firefox
    • Emission of the ‘negotiationneeded’ event when a data channel is created in Firefox

    The main hope is that this will be easier to include in projects than previous attempts.

  • Public & Private

    I have ended up spending more time than I was expecting over that last few months struggling to figure out where I stand on how much of ones life should be public versus private. I’ve found myself being more private over the last year, somewhat to my dismay, and yet have felt increasingly uncomfortable being more open or publicizing fully what I’m working on. I think more than ever before I foresee my decisions forcing me down a more polarized path than I’ve previously realized.

    And yet, the topic that I’ve been privately working on is exactly this issue – building systems for public communication. The core of the issue boils down to the fear that public association with anonymity and privacy issues will lead to increased surveillance and travel restrictions. At the same time, a more fatalistic voice says that I am already easily linked with privacy issues through my digital footprint, and as such I am failing to promote my work without protecting myself from retribution. As such, I am a knowing participant in the “chilling effects” of surveillance, taking fears of travel restrictions and life disruptions as motivations against talking more about privacy and censorship.

    This unsettling association around the effects of working on privacy is seemingly pervasive. One indicator is how quickly we attempt to distance ourselves from the vocabulary. Research doesn’t attempt to circumvent censorship, but rather uses “adversary-resilient” protocols to handle “network interference.” I feel like I have unconsciously compensated by working on Code for Seattle, a great, uncontroversial, project supporting civic tech and my local community. Academic papers measuring the behavior of the Internet have been published anonymously presumably due to similar discomfort to what I feel.

    My path so far has led me to a ridge that is now falling off precipitously on both sides. To one side is public advocacy of circumvention systems. Down that side are the realizations of the fears above, difficulty traveling, difficulty presenting myself as unbiased, and general polarization. This seems hugely unfortunate: I bear no particular ill will towards the countries I’ve been to, and would love to continue having the ability to travel and define who I am. To the other side is the lure of anonymity, starting over and creating a second identity for sensitive work distanced from ‘me’. Unfortunately, while the lure seems appealing, I believe it is also unachievable. I have seen only a single instance of a ‘successful’ anonymous online persona: that of satoshi, the bitcoin creator.

    And so what is left is to continue balancing on that ridge while embracing a diversity of projects so that I can’t be easily labeled. I’m still heading the same direction I set in college and have used to navigate through graduate school: My goal is to make the Internet better.

  • Continuing Security

    I took the next step on recommended security practices by upgrading to https-only, and enabling spdy on the server. Still don’t have optimal cipher strengths, which will require some additional algorithm preference tweaking.