Three Years of Mensago

Posted on by

A former student once told me, “Life is like a roll of toilet paper: the closer you get to the end, the faster it goes.” Wisdom from the mouths of children. Technically Mensago will turn three on Tuesday, but, eh, close enough.

With nothing — yet — that a regular user can kick the tires on, it would be easy to say that I’ve accomplished nothing. This has been both a personal and technical journey, and there have been many milestones along the way. Here are some of them.

2019: Research, Studying, and Research

  • Brought together a large collection of news articles to demonstrate how bad of a mess we’re in. TL;DR: It’s really bad.
  • Designed an easy public key exchange mechanism: contact requests
  • Found and chose a binary encoding system to package up binary data: Base85
  • Spent a lot of time learning about cryptography and how to work with it safely
  • Studied DarkMail, a similar effort from the mid-2010s started by Ladar Levison
  • Began learning a new programming language: Go
  • Came up with a working name for the project, Anselus
  • Started the Mensago server, mensagod
  • Launch the project website
  • Began designing a new, safe markup language, now called SFTM

2020: Research and Development

  • Designed a mechanism to help users protect themselves from malicious attachments, now called Attachment Guard
  • Started a Python library for designing the client. Coincidentally, right around when COVID hit the U.S.
  • Finished the preliminary design for Mensago’s Identity Services component
  • Created different registration modes for the server to handle different use cases
  • Made internal design documents public for more transparency and — eventually — standardization
  • Developed and launched a new website which was better-looking and easier to maintain
  • Development milestone: the server could handle account registration. Getting this far was so much work and had a lot of moving parts.

2021: Progress and Change

  • Identity Services progress reached a point to where a demo could be built on top of it — logins, keycard lookups, and account registration
  • Moved all the fun Python encryption helper code I wrote into its own library, pyeznacl, for the benefit of
  • The project changed its name from Anselus to Mensago.
  • Added disk quotas and secure uploads and downloads to the server, and then later on, delivering messages to people on the same server.
  • Designed and implemented most of device synchronization, which was far more complicated than originally thought.
  • Researched an alternative to TLS and learned a lot about TLS in the process

2022 So Far: Finding the Best Path

  • More OgSEC research
  • Attempted to obtain funding from a National Science Foundation program, but was turned down
  • Developed a new data serialization format: JBinPack
  • Began learning the Rust programming language
  • Ported the Base85 code and encryption helper code to Rust libraries

Into April

In this list we can see so many highlights in the project’s history. To be honest, it makes the struggles of this last month much easier to put into perspective. I began learning Qt, a programmer’s toolkit that works on everything from Linux, to Windows, to automotive infotainment units. I also found out the hard way that the tools for working with the toolkit are less than great. In fact, a lot less than great. I started a new build tool, jmk, to help work around that problem, but it’s going to be little while before it’s ready for production. In the meantime, I’m still working on building the Rust library that Mensago Connect will use for the business logic. It’s not ideal, but no one ever said this would be easy. Until next time, be safe and well, my friends.