strugee.net

This is week 5 of being at the Recurse Center.

Day 15

Arrived ~10:20, departed ~16:30, arrived ~20:00, departed ~23:30, total time at RC 9h40m.

Somehow managed to get up early and arrive at my checkin early, despite being dead-tired (I couldn't get to sleep so I was running on ~5 hours of sleep). Spent most of today working on my HTTPS presentation, but took 30 minutes to an hour or so off to make a couple small improvements to my website - mostly just trimming the projects page and adding information to the contact page about how to communicate securely with me. Left for a while to have dinner with a friend and returned via the subway[1] to work on my HTTPS presentation some more.

(Note 1/31: I felt quite productive today, but in hindsight really didn't get a whole lot done since I was just so tired.)

[1]: which truthfully made me feel unreasonably accomplished since my phone died right as I looked up directions, but I got on the right subway and figured out I could transfer and take a closer line halfway through and eventually made it back anyway

Day 16

Arrived ~10:20, departed ~23:10, total time at RC 12h50m.

Spent - no joke - basically all of today working on my HTTPS presentation, which in addition to actually writing the content entailed reminding myself of how things like e.g. TLS False Start actually work. Reminding and/or properly learning (for False Start in particular I had a vague idea of how it worked before, but didn't really understand it).

Took about an hour off in the evening to help repaint a large stretch of wall in the space as part of the cleaning party. Then went back to HTTPS. Highly productive day.

Day 17

Arrived ~11:30, departed ~17:40, total time at RC 6h10m.

Caught up with some GitHub stuff in the morning before teaching HTTPS. We went for an hour and a half and still skipped the entire section on TLS performance because HTTPS is complicated and hacky and also really terrible. (As Claire put it, "I'm now terrified of browsing the web." Me too, Claire. Me too.) I think it went really well, even though it was a little overwhelming for everyone at times.

Spent a bit of time watching YouTube videos on how Diffie-Hellmann works and how Elliptic-Curve Diffie-Hellman (ECDHE) works - we'd touched on both of these during the presentation and I needed to put them in Zulip. The one on plain Diffie-Hellmann was just a refresher, but the one on ECDHE was something I'd previously tried to watch several times and had always been too confused. But, this time I got it! Whooo! So that felt awesome.

Left early to go home and sqeeze in some laundry before closing out the evening by going to an RC-organized talk on Crystal.

Day 18

Arrived ~10:30, departed ~14:30, total time at RC 4h0m.

Did just a smidge of work on pump.io before going to Abstract Salad Factory, then heading home to catch my flight to Brussels.

Friday

Not at RC. Total time at RC 0h0m.

In Brussels for FOSDEM.

Executive summary

This week had its ups and downs. I was really productive on the HTTPS stuff, but other than that I didn't reeeally get a lot done.

Total time at RC 32 hours 40 minutes; cumulative time 230 hours 45 minutes.

This is week 4 of being at the Recurse Center.

Day 11

Arrived ~10:50, departed ~23:20, total time at RC 12h30m.

Arrived 20 minutes late for my checkin, but checked in with Stanley and Heather anyway. Started an experiment where I turned on HTTPS Everywhere's "block all unencrypted requests" option, which has been, uh, interesting so far. Spent most of the day working on blog-related things - finishing up and publishing RC week 3 (which I just straight up forgot to publish on Saturday) along with Surveillance priorities which I finished exactly two minutes before[1] the start of this week's Iron Blogger challenge meeting. Other than that, poked a little at implementing OCSP stapling support in ejabberd, which is something I want to do for a number of reasons:

1. It'll give me a chance to look at some Erlang, which will be a really interesting experience
2. It'll give me a chance to try doing something with the OpenSSL API, which is a complete horror show but nonetheless something I would like (some) experience in
3. I run ejabberd in production and, you know, really want stapling support

Ended the night by going to Fat Cat.

[1]: I actually already had a longer post mostly written, but I realized as I was going to finish it that the experiment that I was proposing had a) been done before and b) mostly failed. So I ended up writing "Surveillance priorities" from scratch in a hurry instead.

Day 12

Arrived ~10:50, departed ~17:50, total time at RC 7h0m.

Arrived late again, despite leaving a good 15 to 20 minutes earlier. Freaking subway. ANYWAY. Checked in on Zulip instead of in person. The day was semi-productive - I worked a little on my operational security presentation for tomorrow, but a lot of my time was spent talking with Rose, discussing the programming language I'm planning to work on/invent. Left early to do laundry at home and then closed out the evening by finishing my presentation as well as finding and reporting a (common and uninteresting) security vulnerability in a web application[2] - unnamed for obvious reasons.

As a side note, as Stanley put it, I'm RC famous! Kind of, I guess. \o/

[2]: I actually thought I found the same problem in another project, except it turned out that I totally missed something and so instead of being cool I ended up embarrassing myself on GitHub instead. Sadface :(

Day 13

Arrived ~10:35, departed ~00:10, total time at RC 13h35m.

Arrived in the middle of my checkin. Spent the morning taking care of some general maintenance tasks, including getting ready to present on operational security, which I did in the afternoon. Spent most of the rest of the day thinking about the design of my programming language and putting it together into a blog post. In the evening, started trying to fix a bug in Sandstorm which was breaking my production install. Also, had my Princeton interview via Skype, which I think went extremely well. Yay! My interviewer was awesome and we had a really interesting conversation.

As a side note, I got to wear my new libuv shirt today, and it is seriously the coolest shirt I've ever seen.

Day 14

Arrived ~10:35, departed ~1:40, total time at RC 15h5m.

Arrived in the middle of my checkin again (still better than earlier in the week, though). It wasn't anything groundbreaking, but it did give me the opportunity to get more hands-on Mercurial experience (and learn a lot about Mercurial's different branching styles). Working in an unfamiliar codebase was also a good experience, as was dealing with Sandstorm's custom UDP protocol. It wasn't really what I meant to do with the day, but also not a total wash.

Attended Thursday presentations followed by Game Night in the evening which was very fun - I played some poker, then lost at chess a bunch of times to Hussein (even when we played Blitz Chess, which he said he was bad at). Then we switched to Go for a while. Finished out the evening by just hanging out with Fenimore, Hussein, and James, which was a lot of fun.

Friday

Arrived ~15:10, departed ~23:50, total time at RC 8h40m. As always, Friday doesn't count as a day because RC is technically not in session.

Slept in pretty late today. Attended the monthly pump.io meeting immediately upon arrival (sadly Evan wasn't there). Spent the rest of the day responding to PRs - which took a lot of time but didn't actually result in a lot of code - then authoring a Huginn PR to [add titles][] to all pages.

Executive summary

In a shocking turn of events, this week was relatively productive, but could've been better. I challenged myself a little bit, but I think I can and should do more.

Checkins really helped. Even when I missed the checkin it provided motivation to get up and get moving. 10:30 may be a little too early for me though, so I'm not sure if I'll continue doing it next week.

Total time at RC 56 hours 50 minutes; cumulative time 198 hours 5 minutes.

So my latest project at the Recurse Center is a new programming language, as yet unnamed. Basically this was inspired by my security design presentation in which I laid out a couple ways you can improve programs' security designs, like process separation. And it occurred to me: why is this so difficult? Something should be doing this for me. Enter... whatever the hell I end up calling my language.

One of the most important building blocks of the language is something that I'm currently calling a "Handler". A Handler is basically a segregated piece of application code that handles some task or problem domain. For example, a Handler for outgoing DNS requests (syntax subject to change, obviously):

Handler DNS {
    function getAddressFromHostname(hostname) {
        // Very much pseudocode - all function calls here are example OS calls

        sendDnsQuery(hostname);
        while (!haveDnsResult()) {
            sleep(1);
        }
        
        return getDnsResult();
    }
}

This Handler has one simple method, getAddressFromHostname(). It sends a DNS query, blocks until it has a result, and then returns the result.

What's cool about this Handler is that it will be run in its own process - in other words, each Handler is automatically transformed into a privilege-separated process. However, getAddressFromHostname() can still be called from other, high-level Handlers! The language will do all the data marshalling for you, so from a language perspective it looks like a regular function call even though in practice it's going cross-process.

Now, let's improve our Handler a little bit. It's pretty unfortunate that we can only make one DNS request at a time (since it's blocking), so let's use an event loop.

Handler DNS is eventLoop {
    function getAddressFromHostname(hostname) {
        // Still pseudocode

        return sendDnsQuery(hostname, function(address) {
            return address;
        });
    }
}

We specified that the DNS Handler is an event loop, so the language automatically set up a Node-style event loop - we never actually called anything to enter an event loop, it just sort of happened as a construct of the language. Note also the nice async-aware return syntax - the result of sendDnsQuery() is returned to getAddressFromHostname()'s caller, and the result of sendDnsQuery() is specified by the return value of the anonymous function callback.

We can improve correctness even more by specifying that the Handler is not allowed to make syncronous I/O calls at all:

Handler DNS is eventLoop, async {
    // ...
}

Handlers let you pick and choose different elements and design choices for different parts of your application. For example, if you had a Handler responsible for processing data, it might make sense to restrict it to being entirely functional:

Handler incomingData is functional {
    // ...
}

In such a Handler, any functions with side effects wouldn't be callable, enforced at compile-time (possibly parse-time, depending on whether I can make it compiled or not given the type system). Perhaps you want to spawn a new sandbox process for each piece of incoming data (OpenSSH does this, for example, when first receiving authentication data from untrusted users):

// The `ephemeral` keyword will probably be something better, but for now...
Handler incomingData is functional, ephemeral {
    // ...
}

If your application requires root - for example, if you were writing an NTP daemon that needed to call setTimeOfDay() - that's also specified at the Handler level:

Handler incomingData is root {
    // ...
}

This should give you some idea of why Handlers are really interesting, even beyond the process separation concept that underlies them. (It's also worth noting that while I've focused mostly on daemons, this can also be used to securely implement e.g. file.) I'm really excited to get these ideas out there so I'll stop for now, but pretty soon I'll write another blog post talking about the type system.

For several years now I've been really interested in technology policy - things like security, privacy and censorship, and especially how those things relate to both mass surveillance and freedom-respecting software. That's why I follow organizations like Fight for the Future and the EFF, and why I e.g. participated in the movement to stop SOPA and PIPA, the internet censorship bills.

But a week or so ago I had a realization: I'm not interested in surveillance law anymore.

It's clear to me that Congress is completely busted. The 113th Congress came very, very close to being the least productive Congress in modern history. Our current Congress isn't particularly good either, although they are (as far as I know) not as bad as the 113th - but they're still not good enough that I'm confident in their ability to actually, you know, pass laws. Even if we could get Congress to pass laws at all, it's unclear whether we could actually get them to pass laws curtailing mass surveillance. Over and over again we see Congress trying to pass misguided laws that weaken encryption, damage the DNS, and do all sorts of other seriously nasty (and hacky!) things - it just doesn't seem very reasonable to me to assume that they'd change their minds and decide to do (what we think is) the right thing[1].

This is why I'm not interested in surveillance law anymore. I find it to be a waste of time. Instead, I've shifted my focus towards systems that are fundamentally designed to resist surveillance and censorship. That's why I advocate for Signal and why I work on pump.io: because these are both systems designed from the ground up to, among other things, essentially be unaffected by surveillance law. Who cares if Congress passes a law that says they can surveil pump.io users? Congress saying a bunch of words doesn't change the fact that technically speaking, that's quite hard to do. Certainly it's more difficult than surveilling e.g. Facebook.

As Moxie Marlinspike puts it in this talk on PKI's flaws and an alternative system called Convergence:

And, you know, with this legislation that's been coming up recently like COICA and PROTECT IP and this kind of thing, you know - to me the real lesson here isn't whether this passes or not because there's been, you know, some kind of heroic efforts to prevent this legislation from going through. But I think, you know, the thing to take away from this is that they're trying. To pass regulation that messes with this stuff. And maybe one day they'll succeed.

Trying to make Congress do the right thing is, I feel, akin to an endless arms race: they don't seem to be getting the message and it's doubtful that they'll stop in the near- or medium-term future.

A much better solution is this: implement secure-by-default, freedom-respecting, encrypted and/or federated systems, and be done. Forever.

[1]: honestly, I think a big problem with this is that a lot of Congress is old white guys. Emphasis on old. The problem of people in the legal sphere not understanding technology, especially technology relating to security, privacy and encryption, has cropped up before. Consider, for example, the judge who ruled that a Tor user had "no reasonable expectation of privacy" because he literally could not wrap his head around how Tor worked and what the FBI did.

This is week 3 of being at the Recurse Center.

Monday

Arrived ~12:50, departed ~00:10, total time at RC 11h20m. Not Day 8 because Martin Luther King Day was today, so RC was not technically in session.

Lazy day today. Participated in an interesting discussion in the Conversations MUC about Easy XMPP which led to me spending a couple hours working on this onboarding webpage project (live version here). Spent about 5 minutes deploying OCSP Must Staple to nodecompat.com and isthefieldcontrolsystemdown.com and then about 30 discussing exactly what OCSP Must Staple is with Jesse. Also, submitted a talk on Stratic to LinuxFest Northwest.

Truthfully I spent a fair amount of my time in #pump.io on Freenode and in particular, got confirmation that Evan will be able to attend this month's pump.io meeting, which is fantastic. Closed out the evening by finishing my last college app and then spending several hours (i.e. waaay longer than I meant to) looking into parts for building an xkcd-style robot for the space.

Day 8

Arrived ~13:10, departed ~23:00, total time at RC 9h50m.

Truthfully, not really sure where today's time went. The biggest real thing I did was fixing a pretty serious regression in pump.io (introduced during the Express 3.x migration) that caused realtime functionality not to work. Plus I wrote the above text (under "Monday") because I didn't have time the previous night. *sigh*

However, I did spend a lot of the evening starting and then finishing my presentation on webapp security for tomorrow. So that's something.

Day 9

Arrived ~13:40, departed ~21:30, total time at RC 7h50m.

Arrived only just in time for my presentation on webapp security due to a series of unfortunate (mostly subway-related) mishaps. It went really, really well - although we did run for 30 minutes longer than I'd planned, which I was surprised at since last week we only ran a couple minutes over but I had twice as many slides. Covered (mostly SQL) injections, cross-site scripting, password handling, and Cross Site Request Forgery. After that, had an extensive discussion with Deniz and Heather about security and related subjects (email, selfhosting, the law, and how I think about security systems, mostly) before heading out to Walgreen's to buy some Airbourne, since I think I may be on the verge of getting a bit sick. :(

(Heather and Deniz also suggested I use the word "obviously" less, although it seems like other than that people really like my teaching style. So that feels good.)

The rest of the day was pretty boring: did a patch release for pump.io so that the regression fix that landed yesterday would go out to users. Took care of some system administration maintenance, then did some pump.io issue triaging and some minor fixups in the GitHub repository (notably improvements to the wiki homepage and fixing the Releases page, which was kinda borked).

Finally, since I've been doing a bad (read: terrible) job trying Mercurial so far, I've decided to force myself to use it:

$ cd Development
$ rm -rf icalc
$ # Muck around for a bit because I thought the following would work out-of-the-box, but it didn't
$ hg clone git+ssh://github.com:strugee/icalc.git

I'll end up using it tomorrow since I'm committing to work on icalc for the entire day. I've been really bad about working on it.

Day 10

Arrived ~13:10, departed ~17:45, total time at RC 4h35m.

Arrived riiiight as Abstract Salad Factory was starting. Had a delicious salad and came up with an excellent idea for an RC activity[1] before attending Beginner's Club, which was on testing (and also conveniently in the same room). Spent a little time taking care of business (emails, etc.) before digging into Mercurial by looking at the "Migration from Git" wiki page and just reading links. Feel like I'm on a good track there.

Attended Thursday presentations; came up with a really awesome web standards idea during that that I was extremely excited to propose to the standards community. Looked it up while the jobs fair was getting started - turns out it's already a thing. So that was disappointing. Left for home pretty soon after that.

[1]: one weekend where we take over the main space and marathon through all three extended director's cut Lord of the Rings movies

Friday

Arrived ~1:00, departed ~00:50, total time at RC 11h50m. As always, Friday doesn't count as a day because RC is technically not in session.

Spent a lot of time today pairing with Heather on improving the Abstract Salad Factory webapp before devolving into silly shell-related projects like installing thefuck and perusing underhanded, which we actually learned a lot from (because we kept looking up the options and commands the aliases used). Also found out that the version of [sl][] packaged in Debian is weirdly old. Like 10 years old.

In the evening, went to Bottle Share Friday which really ended up being "have lots of food and play a game of Codenames but mostly just talk" Friday. Very fun.

Wrapped up the evening with a little bit of Just Dance followed by some pump.io work and more pairing on the Abstract Salad Factory app, which ended with me and Heather wondering if the version deployed to Heroku didn't actually match the version on GitHub.

Also, signed up for checkins for next week as an accountability tool.

Executive summary

Week started out similar to the past week or two - I wasn't terribly good about sticking to RC stuff. However, I brought it back in the end! So I think I'm back on track.

Total time at RC 45 hours 25 minutes; cumulative time 141 hours 15 minutes.