G

Gaya

Development of a new way of searching and finding files

Day 8 Protocol Error Code Continuation

What I did: HTTP and SSL2 protocol use along with a few confusing and similar ones. This is why I flesh them out like this!!!
Total Time: 45.483

Day 7 Protocol Error Code Fleshout

What I did: HTTP and SSL2 codes and use cases. researching 2 providers who can do consoluting for TLS along with asking a key exhausting question finally doing a bit of encryption theory to ensure understanding.

Total time: 45.183

Day 6 Security and SSL2 Protocol examination

What I did: Authentication
Total time: 44.083
Comments:
Discovered XChaChaPoly1305 may be the break we need provides authentication of data and easily swappable encryption protocols as XChaCha is discovered to be weak. Along with developing a security watchlist on both Google SSL and Standard Notes to ensure that Gaya's security pratices stay quite modern, until we're big enough to afford our own security team.

Day 5 SSL2 Basic Finished and Researching Authentication and Cipher

What I did: Authentication
Total time: 43.683
Comments:
Discovered annoying bug in protocol where the SSL2 session is tied directly to the authentication of the user by relying on derived secrets. If have time (have approximately 240 minutes before needing to move on [discovered flex in my roadmap by dropping signing and verification from the first spec). So if I can answer an array of questions, I can then revisit the SSL2 protocol and redesign so that SSL2 is seperate from authentication.

Day 4 Authentication Planning over SSL2

What I did: Authentication
Total time: 42.667
Comments:
Grappling with questions like 'authenticate then encrypt or encrypt then authenticate?'
Finding way to minimize the protocol and move session management to a higher level. This level should only be concerned about creating encrypted layer and ensuring the person is authenticated. Session management and tracking should be done at a higher level.

Managed to simplify the FSM even more by moving session management to a higher level.

Furthermore I fleshed out SSL2 (Sapphirian Secure Layer) which now includes a fixed size of 1MB+1KB+Some fixed size header. This ensures full E2E with the server by distrusting the SSL layer.

I also reorganized the authentication step and had the SSL2 kick in before any credentials were sent over (this improved security in 3 ways:

1) All sensitive information is now always sent over SSL2
2) The server is directly verified and spoofing or fake server is caught before login information exchanged. This is because the server's public key will be baked into the client's before distribution ensuring that the client can only be connected to the legitimate server.
3) Prevents replay attacks. Since all information is protected by SSL2, it's now extremely difficult to replay and succeed since:
1) The session header has to match
2) The session header have the same encryption key the last time that session header was used.
3) The session may have the login tied to a ephemeral private/public key for the login session.

Day 3 The Great (and almost final plan)

Goal: Finalize features and targets for version 0.0.1

Status: SUCCEEDED

Total hours:

38.750

Day 2

Goal: Install Project Dependencies with Cordova and get a hello world.

Status: SUCCEEDED | FAILED

Task:

- Install WSL2 [Success]
- Install Cordova [Success], Typescript [Success], Vue3 [Success], OnsenUI [Failed],
- Get Hello World working on Mac[Failed]

Realization:

I was planning too far into the future and adding needless complexity. In the future I can split the repo's up into mutiple files and pull the 'core' into all the systems. I was substituting theoretical ability to add multiple platforms to compensate for my fear that the project won't be good and the only way to 'redeem' it would be to show how many platforms it running on. Now that I can say it outloud I realize that's not true. A shitty project is gonna be shitty no matter how many platforms its on.

Total hours:

38.033

Stream log:

Why differentiate between update and full-upgrade? The first installs but doesn't remove packages. The second does what you'd consider for an update (remove and install packages).

Fuck NPM honestly. It works and then it doesn't. Why is it so hard to setup a fucking cordova project?

Okay reinstalling WSL distro.
Great now have to update the windows WSL via an MSI.

ARRGGGGGGG Now Ubuntu can't fucking get the remote repo even with the firewall off :eyeroll:

Okay seems that it's an issue on their end. That's not good. I've tested on two seperate sites. Running a DNS test to see if it's a global or localized DNS failure.

Oak so it's working except for me.... That's sucks. I'll clear the DNS cache and see if that helps.

Now I tried executing sudo apt-get remove --purge resolvconf && sudo apt-get install --reinstall resolvconf to see if it was a configuration issue except I shouldn't have because we can't install for shit. :facepalm:

Okay examined tinyfirewall configuration, so turns out that updating to WSL2 caused a firewall rule to kick in that I have to manually enable. Ping now actually showing IP but actual pinging hangs...

Even with firewall off pinging is failing in Windows 10 and Ubuntu2004 WSL 2.

Still bizzare. Can't ping at all. Can do on another device.
Correction can't. Something is going wrong...

Tracing route fails after second, third and fourth route :confounded: However on another device it takes 19 hops and then stops at sea30s08-in-f14.1e100.net

Switched to different DNS provider (OpenDNS) and flushed caches still problem :scratchinghead:

Can ping local router and router can ping google.com but somehow my devices can't directly ping.

Okay now can.Reinstalling sudo apt-get install --reinstall resolvconf

Finally installing NPM and getting the goal for today started.

Okay only took an hour to have Ubuntu2004 behave. :breaths:

Need Node14 so I'll uninstall other NPM and install curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -

Good new Node 14.17.6 and npm 6.14.15

YAY I got vue working close to the 85 minute mark!

Universalify not working and halting Electron build.

Okay installed manually.

Cordova run electron --nobuild not doing anything :confused:

Switched to using a head mode since WSL doesn't easily have aGUI mode.

Switching to computer that has it non virtualized OS

Discovered issue with building Electron with Catalina. Investigating difference between .dmg and .pkg.

Okay Cordova is confusing and I'm realizing that the fact their is two levels of abstraction makes me uncomfortable. I think I'm planning too far ahead. I can create for the desktop then if the desktop is successful split off and create mobile.

Day 1

  • 15 Looking at low poly planets and contemplating designs
  • 45 Beginning to design API for signup/login, along with database and beginning to design threat model
  • 60 Setting up NodeJS14, addressing windows issues, beginning to migrate from WSL1 to WSL2