• Ratcheting up Double Ratchet

    When it comes to secure, user-friendly messaging apps, it doesn’t get much better than Signal. Nowadays, a whole host of messaging apps (e.g. iMessage, Facebook Messenger, WhatsApp) use end-to-end encryption as a default.

  • Skimming the process pool

    Say you have a lot of independent computing tasks to complete. You don’t have to finish one before starting the next, and you’d like to parallelize them to speed up collective execution. This means running the tasks simultaneously in separate processes. How many processes do you spin up?

  • Some updates

    Decided to write about a bunch of things in this post!

  • Passing passwords to myself

    Oh, what to do with passwords…

  • Detect and confirm desync vulnerabilities

    I recently reread this post on HTTP/S desync vulnerabilities. I like the way the author breaks down the methodology of addressing the vulnerability into multiple stages (i.e. detect, confirm, explore, exploit). It got me wondering whether I could write a barebones tool to automate at least some of these steps.

  • URLs can grow on trees

    The past few months, I’ve been working on a library that organizes URLs into a hierarchical tree structure. This is useful if you’re exploring a website and you’d like a visual summary of your navigation/request history.

  • DIY VPNs

    I recently started working on a project to set up and run my own VPN using OpenVPN and easy-rsa. Someone at work suggested I check out WireGuard, a more modern and performant VPN that’s open-source. Still under development at the time of writing, WireGuard is already supported by several major VPN providers. I decided to bootstrap my own WireGuard VPN and compare it with the OpenVPN solution.

  • SOCKS proxying

    Suppose you’re at a coffee shop with Wi-Fi and someone is watching your traffic. What do they see when you navigate to “reddit.com” in your browser?

  • Straight forward proxying

    A couple weeks ago, I gave a presentation on forward proxies at my team’s weekly meeting. I created a repo for it - if you think there’s something I should add or change, let me know in an issue! For the presentation, I read the README.md aloud, adding an extra detail here and there. Then I ran the code samples, configured my browser to use different types of forward proxies, and ran tcpdump to see where browser traffic was going.

  • SSHing over a tunnel to a reverse tunnel

    You’re running an SSH server on your rpi at home and you want to SSH into it from work. However, the rpi’s behind a NAT router so it doesn’t have a public IP address (i.e. it’s not open to the world). You could forward a port to the rpi but you’re reluctant to expose a port on your home router. You look at the SSH manpage and see that SSH has -Local and -Remote port forwarding options. Hmmm…