June 2013 – Stuff Yaron Finds Interesting

Digging around the interoperable and peer to peer social landscape

I generally believe that open systems tend to win. They enable creativity and growth in ways that closed ecosystems can’t match. One area clearly rip for opening up is the social space. There is a ton of activity there and I have tried here to capture some of the protocols and open source projects that seem interesting/relevant.

[10/17/2013 - Added Refuge.io]

Open source projects to secure Internet traffic

In the beginning of the net the focus was mostly on getting packets safely from point A to point B. Anyone who knows the history of the early Internet knows how insanely hard that actually was (as a hint think: network of networks, oy). Later some thought was given to privacy and technologies like SSH and SSL show up. Now we are at the point where we need to think hard about traffic analysis. In this article I try to catalog what I think (based on little evidence) are the main types of open source projects trying to create traffic analysis resistant transports on the Internet.

Vanguard claims it’s not screwing its customers but have you read their online fraud policy?

Vanguard has sent out an ’Updated Bank Authorization Agreement’ that I thought made any form of telephone or Internet fraud the responsibility of the user. According to the Vanguard account representative I talked to however Vanguard's online fraud policy takes precedence. As I discuss below this is some comfort, but not as much as one might imagine. Vanguard’s online fraud policy is more of a wish list than a reality of how most users live.

Buying a new plastic free variable temperature Tea Kettle and the cost of corruption

Because FDA seems to work for industry and not the citizens of the United States I can’t trust that cordless variable temperature tea kettles for sale in the U.S. are actually safe. Is having BPA or other kinds of plastics in contact with boiling water o.k.? A functioning FDA would long ago have investigated and come to authoritative conclusions. So I’m stuck spending a ton of time and effort trying to find a kettle which seems as harmless to my family’s health as possible. When I first wrote this article in December of last year my choice of kettle was the Pino Digital Kettle Pro. Unfortunately all of four months later (but out of its 90 day warranty) it’s stopped working. I list below all the candidates, the final winner was nothing. I literally can’t find a variable temperature plastic free kettle that meets our needs.

Why I ran a-waze

Waze is a navigation app that you can install on your phone. It shares out your phone’s location and speed in order to create a real time speed map based on data from all the users around you. For that purpose Waze works really well. It was able, for example to route me around a traffic snarl in my local neighborhood in a really creative way. It’s really an awesome app for doing things like daily commutes if there are issues with variable traffic patterns. Given how well it works it was with regret that I uninstalled it.

Identifying basic security threats for Paeony

As part of evaluating potential technologies to use for Paeony I need a list of threats I can evaluate those technologies against. This document tries to capture the most basic possible scenario (two users sending messages to each other) and the attendant threats. I can then use this list in creating threat models for potential technologies to determine which are the best to choose.

Welcome to Paeony

I have registered the domain paeony.org and pointed it at an empty github site as a tiny baby step in investigating a question of interest to me - what would it take to make it falling off a log easy to create an open ecosystem web of interconnected, monitizable, services that run on user’s devices?

What about open licenses for specifications?

So you are starting on your new project and you decide (gasp) to write actual specifications for the network and API interfaces. Being a good ’open’ type you want to have a solid open license for the specifications. Below I look through what I think are the key terms the license needs and conclude that the Apache 2.0 License seems to have all bases covered.