% Boston Clojure: Talk + Review of "clojars.org"
% Michael Stone
% January 10, 2013

## Overview

On January 10, I presented a modestly revised version of my "Systems Thinking +
Web Security" talk to the attendees of the Boston Clojure Meetup on an approach
to web security based on system safety. Based on the
[presentation](./presentation.svg), some [rough notes](./notes.txt), and a
somewhat more polished accompanying [handout](./handout.pdf), the attendees and
I examined some of the hierarchical control structure for one of the main
clojure code distribution sites, [clojars.org](http://clojars.org).

Here's what we came up with...

## System Diagram

![](http://mstone.info/posts/stws-clojure-jan-2013/presentation.svg#12)

## Use cases

  * Get dependent library
  * Upload lib
  * Browse repo
  * Delete a jar
  * Advertise a dependent library
  * Join the site
  * Link to source (GPL)

## Accidents

  * Get the wrong lib
  * Dep resolution fails
  * Site down
  * Redirect to evil.com
  * Evil upload
  * Upload an old version by accident
  * Leak download history?
  * Fail to record download history?
  * Subpoenaed?
  * Replacement of signature files.

## Goals

  * Availability of jars & indexes & login
  * Authentication of publishers
  * End-to-end authentication of jars from publishers to receivers
  * Authorization to publish a jar with coordinates FOO
  * Permit retractions / undo mistakes

## Powers

  * Spam jars
  * Read ssh keys
  * Mirror site
  * Spoof DNS
  * DOS DNS
  * Write malicious lein plugins
  * Contribute source to a library
  * Issue an SSL cert for clojars.org
  * Typo squat jars
  * Cosmic rays
  * Corrupt a disk
  * Corrupt bits on the wire
  * Cause typos while uploading
  * Manipulate power

## Control system

  * SSH
  * SSL
  * GPG
  * Friend
  * DNSSEC?
  * OCSP?
  * The Cert
  * Local mirror?