Security Saturday!
I have been working hard behind the scenes. Thinking much too. Tinymail was a nice name but .com (and now .net too) were taken. So, enter "TinySigma", which is half a joke as Sigma is used as the sum symbol in math.
TinySigma doesn't add up to much, you could say XD
The plan is not to provide encrypted mail (although I might work on figuring out how to save mail in encrypted format, mail was never made for that so it is not the best).
Instead I will focus on being a small provider for people needing an email address that is not in the hands of (or running on the infrastructure of) big tech. This is to minimize the risk of being shunned or cancelled by said big tech, or to be caught in the collateral.
Basically it is one of the ways to combat chain compromise, which we discussed in the previous security Saturday. There is much to discuss and much to find out, so I will keep this security Saturday short.
Let us simply have a look at a few security considerations:
1. Encrypted mail
Much debate always surrounds this. I do not believe encrypting mail is a good goal to have. E-mail bleeds meta-data (when, where, how, etc...) and continues to do so as long as you use it as mail. E-mail is a nifty way to transfer public messages, but that is about it. If you want encrypted communication, use Signal, Telegram, Ricochet or any other secure messaging system.
But it might be good to have encrypted mail at rest, so that I can prove to people that whatever happens, I will not be reading their e-mail. Or at the very least, that I have the option to prevent law enforcement from doing so.
But since any encryption of email is going to be tacked on in a very bad way, it would be one of the last features to be added.
2. Seperation of concerns
I have an empty server which is very small, and a beefier server that already has e-mail working. The temptation is to use the beefier server and simply add the TinySigma domain to it, but on the other hand this might run into issues when signing mails or managing traffic.
However, the smaller server might not have enough horsepower to serve mail in a comfortable way. Which means that possibly we need to use both servers in tandem, with the smaller server only providing a web-interface for the mail, while the beefy server provides the actual mail logistics.
All these considerations play a part then in security. Do the two servers communicate over VPN? Do they just use standard mail protocols without VPN?
Having it easy is often a trap in Security, so probably I will have to sit down and work this through. At the end of all the musings I will then have an idea.
3. Making security easy.
In order for TinySigma being a viable (backup) email service, it does not need to be the most secure (read: encrypted) but it does need to be reliable and relatively safe from cancellation. It also needs to be VERY easy to use. If the ease-of-use is simple enough and the maintenance is so too, the project will "naturally" grow to be something good and permanent.
Anyways, let me know what you think!
I will be working on TinySigma after I finish writing my book, so by the end of march we should have progress. Or maybe earlier if I find myself sleepless for some reason :P
with that, I hope you all are as excited as I am, and also that y'all stay safe out there!
There is so much more to this one chapter, but it is so good already!
I had to cut it short because guests arrived, but this should get you started on your own study :)
@calvinrempel Thank you once again for the Theology Tuesday you did, I refer back to it in this one :)
@JamesDerian Congratulations with your Marriage :)
Next time there might (almost certainly) not be a Theology Tuesday, so the official next one will be February 22nd! I have a marriage to attend. As the groom. Our home is still half a project.
Fun times!
Alc and I talk about my book that is now officially finished. This is part 1 of 2. Parts have not been neatly cut. Part two will air 5 minutes after part 1 for coninuity!
Hope you enjoy :)
This is the third corner to have persistent discussions and talks in. I love tech, but especially once it transcends hardware a little. I have two degrees; a bachelor's in Software Engineering and a master's in Information Security Technology. My graduation thesis focused on assembly-level optimizations (that is, one level above the hardware level) and my free subjects were in formal verification. This is why I love programming in the security corner, or maybe it is the other way around.
I started going down the Security path because I early on saw that the world around us would become a dangerous cesspool of badly-implemented and hostile tech. Now I am one of the people that understands the field around that mess :)
So in here you can discuss secure phones, weird programming languages, sad truths about internet-connected fridges. Also about malware, adblockers, and so on and so fort!
A lot of tech talk I do over at the @Lunduke community, where a lot of nerds hang out and it is ...
Much like the reading corner, let's have a music corner! A few rules for this one, since some music can be provocative. I don't mind much but let's keep youtube links with risque thumbnails out of here.
Other music I might also mind. "Do you find that offensive?" might someone ask. Yes, there is some music I choose not to listen on principle, and I walk a thin line there sometimes. But do not worry, I have a wide taste otherwise so feel free to share almost anything :)
Either way, here is the music corner!
Many times when we talk about security, we mean to say "Digital security". In essence we mean to say that our hardware and software that we use stays safe no matter what we do. And even though the ISO27001 standard (and by extension, for example, the NEN7510 standard) make it abundantly clear that security is a people-domain problem, we usually take that as a process-like truth. Meaning, we think that being secure is a matter of regulating people.
The truth is very different. For example, while writing this I am pretty shot. I slept five hours and I an under influence of a bunch of painkillers and some alcohol. Before you ask what I was thinking, let me mention that I have a genetic defect in my spine that I am dealing with right now by taking measured doses of all three (and yes, to get the Bible into this conversation, there is even a biblical ground for the inebriation with alcohol - see proverbs and the letters to Timothy - , although I did not use red wine. But hey, I am still on top of ...
