Will Scott

Tag: web

  • IETF and the HRPC working group

    The Internet Engineering Task Force, the multi-stakeholder organization which shepherds the standards process for many of the technologies used on-line, is continuing to evolve that process. Protocol standards are already expected to include discussions on their security and privacy implications, in order to force an explicit conversation on those issues and hopefully encourage the development of secure systems. Beyond these, a new working group, the Human Rights Protocol Considerations group, was chartered last week. The group exists as part of the process of having another conversation around new protocols as they exist: what are the implications for freedom of expression and freedom of assembly that are wrapped up in our protocol design.

    It seems like a question worth considering, especially as the IETF’s major contribution will be increasingly international. Many protocols emerging today are build by individual companies and are proprietary. We can hope however that it is at the boundaries of these walled ecosystems we create that standard protocols will need to be agreed upon. These boundaries will parallel our cultural discontinuities, and represent important places to have these conversations.

    The group is drafting a methodology document as part of the background for proposing the update to the standards process. It’s an interesting way of thinking about protocols – how do they control or support individual expression? – that I hadn’t thought of before in those terms.

  • Lets Encrypt

    I’ve begun to transition this site to use Lets Encrypt! for signing of SSL. Because the site has specified an HPKP previously, a transition period is needed where clients can see the old certification signing the intention to transition to the new certification.

    That process has started, and the full transition will happen in a couple months. The good news is that the letsencrypt setup process was otherwise painless.

  • What’s Up with Open HTTP Proxies

    I’ll be giving a talk next week at CCCamp on the Open Proxy ecosystem, following up on some work I did last year looking at the operators, users, and traffic.

  • Cascadia Fest

    The video of my talk last month on scanning the Internet using Node.js has been published by Cascadia Fest.

  • CascadiaFest

    cascadiafest

    I’m quite excited to be talking at CascadiaFest this summer about the work I’ve been doing on scanning the Internet.

    My talk proposal is archived here. The cool end-results are still getting ready for publication, but one of the code modules I’m pretty excited about that happened in the process is ip2country.

  • HPKP

    I’ve updated this domain to include the new HPKP mechanism and a stronger intermediate cert. HPKP supplements the previous HSTS mechanism to define a specific signing key that must be present on subsequent HTTPS interactions with the server, helping to mitigate one class of man in the middle attacks.

  • 31C3

    31C3

    I gave a talk last week at CCC in Hamburg on the state of consumer technology in Pyongyang. It’s available for streaming online.

    Images shown in the talk are available.

  • IP to Country

    I started ip2country over the last few days, as a self contained npm module for determining the country of an IP address.

  • Webrtc-Adapter

    WebRTC continues to develop towards an evolving standard, requiring some additional leg work to use it in projects. In yet another attempt at bridging that gap, I’ve been working on maintaining an adapter lessening some of the deviation from standard in current browsers.

    https://www.npmjs.org/package/webrtc-adapter

    It currently fixes

    • Response of format of getStats in Chrome
    • Translation to ‘url’ from the standard ‘urls’ when configuration is passed to Firefox
    • Emission of the ‘negotiationneeded’ event when a data channel is created in Firefox

    The main hope is that this will be easier to include in projects than previous attempts.

  • Open Proxies

    I spent a bit of time last month looking at Open Proxies. They’re are one of the dark corners of the internet that have been around forever but which we still don’t really understand.
    It was really cool to get a view into the largely international nature of the servers, get a sense of where they are running, and start to see the SEO fraud and surveillance entities which are co-opting the mechanism.

    OpenProxies
    More data and the paper submission