• Personal Information
• Interest in IT
• Ideal Job
• Personal Profile
• Project Idea
• References

Personal Information

Interest in IT

IT is what runs our modern world. Like a lot of my generation, it's less that an interest ever really started and more that IT has always been a part of my life. For anything you want to get done, chances are there is a technology that helps. That assistance drives a lot of us to more and more arcane areas of technical knowledge. John Carmack and Linus Torvalds are two heroes of mine. Both of them ignited a passion for programming and Unix in me. I am a RedHat Certified Engineer and have quite a bit of Linux experience. It would be hard to have that without Linus creating Linux. I have some programming experience but not in lower level areas I'm very interested in. I would really like to improve my C programming and learn Rust.

I chose RMIT because they have the best technology reputation in Australia. To be honest we don't have a huge selection of online programming related degrees in Australia. The use of Java everywhere at RMIT is less and less attractive as Oracle does everything it can to destroy the language. All of that being said RMIT has fantastic instructors which are a lot more important than the choice of language.

I want to learn multiple programming areas in depth. Partly through the degree assessments but also through the degree pushing me to focus on and make time for programming in my life. I need better skills in web development because it's impossible to function as a modern programmer without them but I would also like to focus on some much lower level programming units if I get the chance.

Ideal Job

DevOps Engineer - Linux/RH/Open-Source

Personal Profile

The results mean very little to me. This is pseudoscience. If I'm going to learn artistic colour theory it's going to be visually. If I'm going to learn poetry it's going to be through text. We're the most mentally adaptable animal on the planet, the idea of limiting ourselves based on tests that not only have no scientific basis but have been repeatedly discredited is awful. In my case, I have been marked above as both an extreme introvert and an extreme extrovert while answering these tests honestly. If I were to base my decisions on the outcome of these tests I would act less according to the need of the situation and more according to my own limiting beliefs about myself and all my outcomes would be worse.

These results won't influence my behaviour in a team. I'm very happy leading or following in a group as long as things are getting done. I would be very unhappy if members of my group were to constantly try to assume positions based on limiting beliefs about their personalities. If you're working under someone you follow, if you're managing people you lead, if you're coming together as a group collective you all pitch in and try to find consensus. In an effort not to be completely negative I will state that test results showing me to be introverted are likely true. This introversion means I need to put in more effort to change that about myself to have a more productive life.

A team is the sum of all people. Regardless of our personalities, we're looking for smart, motivated people willing to work towards a common goal. I am not going to limit my interactions with my team or the project by believing "Oh I learn best through touch" (this is my result answering honestly on the learning style test, insane) or "I'm an analytical thinker, therefore, I shouldn't do art". I want what everyone wants when forming a team, teammates who are motivated, intelligent and who are not prone to unconstructive conflict.

Project Idea

Overview

My project idea is about decrypting data in the browser while keeping it encrypted on public hosting. Using modern Javascript crypto APIs we can stream encrypted data from a public cloud and decrypt it in modern browsers. This allows users to have some assurance on the confidentiality and integrity of the data they receive even when it comes from an untrusted public cloud. It allows site owners to use fast, large, but insecure file hosts such as google drive for their larger media while placing limits on the extreme power for monitoring and snooping those platforms have.

Motivation

For many parts of the world, the idea of self-hosted websites is simply an impossibility. Lack of infrastructure and poor upload bandwidth ensure that if a user wants to provide files to others they must first upload it to an intermediary cloud-based storage solution or file host. The primary business of these cloud hosts is often collating user's data and using it for marketing. With the advent of modern browser-based encryption, we can store encrypted files on those public hosts so that only the content producer and the content receiver ever have access to the unencrypted content, all within the existing environment of the browser. If our host tries to inject forged content the client can reject it, if our host tries to spy on our content they can't decipher it.

Description

There are 4 core entities for this project: Webmaster, Trusted Host, Untrusted Host, and Client. In short, the webmaster encrypts and uploads content that is large and unfeasible to host on a trusted platform to an untrusted file host. The webmaster controls a small, traditionally hosted site on a trusted host such as their home connection that provides the very base HTML and core Javascript. Clients connect to that trusted host which provides instructions in the form of Javascript to fetch, decrypt, verify and display larger content from the Untrusted Host(s).

The Webmaster ultimately has control over the site. Any new content, such as media (images/audio/video) that is too large to be hosted on a trusted host will be encrypted with the webmaster's private key and uploaded to an untrusted file host such as google drive. This asymmetric cryptography is important as it requires only the webmaster's public key to be distributed to users and prevents someone who gets access to the public key from creating fake but authentic seeming files that could then be put on the public file host.

The Trusted Host is a secure low bandwidth web host that serves the initial web page and bootstraps the client, telling it what data to request and giving it a means to verify that data. By providing both SHA-256 hashes and the Webmaster's public key the client can use Javascript to stream, decrypt, and verify larger media indicated by the trusted host before displaying it to the user. The hash is important as the public key alone would allow encrypted files on the untrusted host to be replaced with incorrect files that have been validly encrypted by the webmaster but are not the correct file for that URL. The web pages provided by this host are regular HTML/Javascript/CSS assets but the Javascript relies heavily on both the HTTP streaming and decryption APIs.

The Untrusted Host(s) acts as a dumb HTTP store for encrypted files. While you can not usually host web sites on these cloud providers you usually can provide open HTTP access to a file to anyone with a link. By storing our larger content encrypted on these untrusted hosts we can both prevent these hosts from spying on the contents of what is transferred and prevent them from altering or backdooring the files.

The Client refers to both the actual human user of our site and the software they use to access the site, the browser. The Client connects to our Trusted Host receiving an HTML page, a public key with which to decrypt content and instructions on how and what content to then grab from the Untrusted Host(s) along with hashes of said content. After streaming the data for a large encrypted file to our client using Javascript we decrypt using the SubtleCrypto API, verify the file's hash, and display our unfeasibly large to self-host media content in all its glory to the user. Knowing that said content is as the webmaster intended it and that we are somewhat shielded from the surveillance state.

Skills Required

The skills required to achieve this are some basic systems administration to set up a trusted host along with the hardware at a trusted location. Web development skills are required along with some less common Javascript skills to stream, decrypt and transform files into functioning HTML elements such as images, video, and audio. Some minor cryptography skills are required in the implementation of encryption/decryption and the choice of algorithms. Overall the project is very feasible as none of these skills are particularly exotic and the breadth of the project is not large. A single developer could achieve it in a reasonable amount of time. It should be noted though that the project as described is extremely limited in ways we will talk about in the outcome. Making the project less limited could quickly skyrocket the requirements for both skills and effort involved.

Outcome

I believe that this kind of end-to-end encryption by default is the future of the web. It combats the passive surveillance state that we currently live in. That being said the project as I've described is extremely limited and doesn't have much applicability beyond sharing small files with a limited circle of friends. A small application like a music player is feasible but for larger files like video the lack of ability to stream and display files before they are complete kills it. We've solved part of the problem of secure file storage on Untrusted Host(s) but completely solving it would require a more complex client implementation. Its primary use as it stands would be limited to niche sites with a small base of trusted users.

References

This site uses CSS styling provided by Bootstrap 4.3.1

• Bootstrap. (2019). Bootstrap Core Team.