Pond - expectations vs reality

Expectations Flirting with cryptographers Plotting to take over the world Reading unreleased scientific papers Reality Talking to a guy about Latex formatting for my FOCI submission Eh, close enough. ;-) It's just funny to me that this is what finally caused me to set up Pond on this machine.…

Cupcake Early February Update

January was less productive than I'd hoped due to extended illness, but there were several key wins, including: Amazing hackathon experience with OpenITP, with excellent feedback on both usability and features Better-integrated with Chrome API Was granted a Tor Project LDAP account, which will allow me to push changes to their gitweb Lots of discussions with at-risk activists whose networks use flash proxy Discussions with Cupcake users (the other side of the at-risk activist flash proxy equation) Removed the iframe from Chrome extension, opting instead to bundle flashproxy.js within. This obviates certain possible issues with network interference and sudden failures in coffee shops. After user feedback and developer feedback, new design wireframing has begun, to better incorporate suggested features…

New Year's Resolution

I don't really believe in the efficacy of New Year's Resolutions (and the research community seems inclined to agree), but it's hard not to get swept up in these things. In late 2012, I came up with some interesting resolutions that worked out really well. The best one was to complete an open-source project every month. While I didn't quite succeed in completing 13 projects, the ones I did put out were rather fun and make me really happy when I look back on them. ^_^ So, without further ado, here are some resolutions for 2014 Focus on the positive Lots of great stuff happens, but it's easy to dwell on things that suck. The key for this year is going…

Spoiled Onions and Bad Exits

To be fair, literally no one who works on Tor or Tor-related projects is surprised. This is addressed at nearly every talk, nearly every workshop, and people are pretty open about it as a feature of the landscape. That most of these are low-speed exits is pretty telling. Most bad exits are designed to inject/replace ads, which is pretty stupid. If you catch someone doing this, share their ad code so they can be reported to ad networks and lose the money they were trying to make. However, the balance of probability has it that any given user is likely to be fine. Enforce https and don't accept random certificate errors. If you're getting a certificate error, click New…