Gaya

Development of a new way of searching and finding files

Keyring (153)

Total hours: 264.083

Top three:

1) Threat Scoping

2) Code Migration and git commit

3) Keyring Version 0

Partial development in place.

Financial Catchup (152)

Total hours: 263.633

Top two:

1) Financial updating

Managed to pull all my finances back together and see that I’m currently in a negative pit in terms of money. I’m able to float some over from personal funds. However massive cutbacks and changes are going to need to occur within the next 6 months otherwise Sapphire Pack could be facing financial ruin.

2) Gitlab purchase

I ended up getting a premium subscription to Gitlab because I need more power when developing. Also the person that I’m speaking to Trevor is absolutely phenomenal, respectful and doesn’t make assumptions regarding pronouns. This

Email Catchup (151)

Total hours: 262.850

Top one:

1) Email cleanup

Design and Web (150)

Total hours: 262.833

Top two:

1) iPhone checking

Ensuring that the site works well on the iPhone. It’s obviously not at all close to the finished site at all. I just wanted to see that there was some semblance of it working. I wasn’t disappointed.

2) Design Reaffirmation

Protector of Data
Fierce but cute
Protective Loyal
Sassy
Cute
Fierce
B+W minimalist

Collaberation Design (149)

Total hours: 262.000

Top One:

Collaborating with a designer for the logo and main character that the application embodies.

Session and Monoapp (148)

Total hours: 261.920

Hot Potato Idea (147)

Total hours: 261.917

Top three:

1) Documentation

It’s important and not much more to share here.

2) Security Scoping

I began reading and am tentatively understanding. Still alot more security scoping also goes by Threat Scoping. One of the things that I dislike is how alot of privacy centric applications are combative or outright refuse to work with governmental authorities. There needs to be a mix and some things hardcoded so that only the operator themselves can access the data.

An idea that I’ve had that I won’t implement because it could have unforeseen legal ramifications is a way to switch an account forcefully to emergency ‘strict’ mode. Where the keys for the persons account is passed around like ‘hot’ potato so that they’re not accessible on the server and hopefully get to the client when they’re connecting.

3) Architecture

The goal of the architecture is to have a non radial design. The idea of a non radial design. So that if the several systems are compromised, damage is containerized.

It’s quite difficult and has I’m having to weigh privacy (which is paramount) to usability, maintainability and upgradability.

Task Splitting and Circular Dependency Resolution (146)

Total hours: 261.367

Top three:

1) Documenting Security Protocol

This is complicated because it depends on the level and the level also depends on other factors which I haven’t yet figured out. However I managed to sidestep most of the circular dependencies and concepts by ensuring that all accounts start at lax and can be upgraded or downgraded in the future.

2) Collapsing and pushing key management to a later task

Key management and deployment is a very complex issue which is completely separate from the current security task of designing the initial keying and deployment of the software. Unfortunately since the applications need to be in the respective stores, I can’t have each one custom keyed like Backblaze does with their applications. Therefore there’s an important linking step that I need to have succeed without being overly intrusive or annoying.

3) Adding in important and complicated tasks for later use.

There’s alot of task and work that’s codependent. The hardest part is modelling and at the same time not getting into the weeds in one part and loosing the forest for the tree.

But at the same time I can’t be at the forest level all the time. I’m really really good at forest level thinking but not really good at tree level thinking. I need to get better at tree level thinking.

Key Redesign Continues (145)

Total hours: 260.150

Top one:

1) Key derivation and security design

This is quite complicated because I’m having to address, attacks, rate limiting along with multiple concurrent attempts to upgrade, downgrade and migrate account security.

The idea is to make downgrading harder so that in the event that an account is compromised their is limited damage. However that’s quite hard to do given the fact that that once the root key and keyring are released all of those files and information is decrytable at will.

I’m still trying to figure out the security levels, tied into key generation and derivation in such a way that is multi platform and native at the same time. I’m thinking of having two applications (a utility and core application). The utility can handle the crypto stuff and use the Sodium.js library, whereas the main one is native and handles all device specific feature.

Key Redesign Begin (144)

Total hours: 258.100

Top one:

1) Key generation and migration concept replan

Key Design and Wrapping ( 143)

Total hours: 258.017

Top three:

1) Key generation

Using offline web application to generate system security systems. This is because JS is critical for the cryptographic generation.

2) Key Security and Wrapping

3) Financial update

Updated financial information and reworked outline. Going to run aground within the next year unless I get income from the project.

Email Check (142)

Total hours: 255.800

Top one:

1) Email check

Key Design Beginning Again (141)

Total hours: 255.783

Top one:

Key management design.

This is quite tricky since there’s three levels of security. Not just one. To match privacy and security requirements of different people without fundamentally altering the base product. Rather the transmission and processing of the data only.

WAPI Continued Design (140)

Total hours: 255.283

Top one:

1) WAPI API designing

Uses token mapping to an operator on the server side. This ensures that I’m not exposing or providing direct access or reference to the database rows.

WAPI Design Begining (139)

Total hours: 255.050

Top one:

1) WAPI design.

WAPI is the Web API that is used while running an interactive session stemming from within the web browser. (In a way a loopback server). This allows critical processes to run like key generation, key migrations and such.

Currently data security has been redesigned which has ripple effects thruout the entire architecture. The first and main one being that there are three seperate classes of security. The lax one is the one that I’m implementing right now, in the future I’ll implement the other two which are cautious and strict.

Design Seeking (Day 138)

Total hours: 254.383

Top one:

1) Seeking design expert

I’m designing a paper UI. I’m taking an unconventional approach in the software design that’ll pay off. However it means having to reduce some aspects as much as I can. One of those is UI.

UI per device have different ‘rules’ and therefore implementing the ‘right’ UI per device is tricky, error prone and hard to ensure rolls out correctly to all the devices. However web browsers UI’s are nice because they can look like whatever because they’re within a web browser. Therefore the actual application will be headless and all controls will occur via the web browser.