A (somewhat embarassing) part of writing: in Austrian H.T.B.L.A.s (high
schools with a vocational focus), one may opt to write a semi-scientifc thesis in order to
skip parts of the Matura (A-levels).
May I present you to my thesis:
- Integration of a protection system from undesirable and dangerous
content into mail servers. High school thesis. H.T.B.L.A. Leonding, 2004.
(PDF, 700 KiB)
In general, the thing does not stand the test of time. Some stray observations while
re-reading it as a, you know, scientist:
- I'm surprised by the quality of the English (my second language, and I had never been
to any English-speaking countries by that time). Some of it is pretty
cringe-worthy though: “diploma thesis paper” is a term I made up as amalgam of
two translations I found on LEO.
- The literature research is sub-par, and it shows. This is in part because I mostly
researched online, and online resources were much less developed and I did not exactly
know what to search for. In terms of textbooks, I could not find anything remotely on
my level and relevant to me. This shows how crucial it is as a supervisor to point the
student to the right literature and then gradually educate them to find resources
themselves. A big chunk is of course lazyness on my part *cough*.
- Section 3.6.2 documents the insanity of some webmail clients in the haydays.
GMX, one of the biggest email providers in
Germany and Austria in 2004, defaulted to POST-ing plaintext passwords
over an unsecure HTTP connection. (We actually MITM'ed a couple of colleagues at that
- The extended STMP protocol proposed in Section 5.1 has a devastating DoS attack vector
baked in (can you spot it?), which is however fairly easy to fix. The basic idea of
a chain of trust based lookup, however, is not all that bad, and has entered a couple
of serious efforts.
- The reverse lookup authentication in Section 5.2 was a neat idea that was also
independently proposed by other people, but never gained any traction.
- In the web client (Section 5.3), I reinvented AJAX using a refreshing textbox in a
separate frame. I did not uncover AJAX in my literature research, even though it had
existed since 1999, partly because there was essentially no website using it at the
time. As a postmortem, having an expert in these matters would have been an immense
help, and I think also as HTL thesis supervisors, one should strive to connect the
student to experts if one is out of their depth.