HTBLA “thesis”

A (somewhat embarassing) part of writing: in Austrian HTBLAs (high schools with a vocational focus), one may opt to write a semi-scientifc thesis in order to skip parts of the Matura (A-levels).

May I present to you:

• Integration of a protection system from undesirable and dangerous content into mail servers.
  High school thesis. HTBLA Leonding, 2004. (PDF, 700 KiB)

In general, the thing does not stand the test of time. Some stray observations while re-reading it as a, you know, scientist:

• I'm surprised by the quality of the English (my second language, and I had never been to any English-speaking countries by that time). Some of it is pretty cringe-worthy though: “diploma thesis paper” is a term I made up as an amalgam of two translations I found on LEO.

• The literature research is sub-par, and it shows. This is in part because I mostly researched online, and online resources were much less developed and I did not exactly know what to search for. In terms of textbooks, I could not find anything remotely on my level and relevant to me.

  Of course, literature research is the responsibility of the author, and with more effort from my side, it would have become better. However, it does show me, as I am supervising students now, how crucial it is to point the student to the right literature and then gradually educate them to find resources themselves.

• Section 3.6.2 documents the insanity of some webmail clients in the haydays. GMX, one of the biggest email providers in Germany and Austria in 2004, defaulted to POST-ing plaintext passwords over an unsecure HTTP connection, in other words, it sent username and password completely unprotected over an open line. (We actually MITM'ed a couple of colleagues at that time.)
• The extended STMP protocol proposed in Section 5.1 has a devastating DoS attack vector baked in (can you spot it?), which is however fairly easy to fix. The basic idea of a chain of trust based lookup, however, is not all that bad, and has entered a couple of serious efforts.
• The reverse lookup authentication in Section 5.2 was a neat idea that was also independently proposed by other people, but never gained any traction.

• In the web client (Section 5.3), I reinvented AJAX using a refreshing textbox in a separate frame. I don't think I uncovered AJAX in my literature research, even though it had existed since 1999, partly because there was essentially no website using it at the time.

  As a postmortem, having an expert in these matters would have been an immense help, and I think also as HTL thesis supervisor, one should strive to connect the student to experts if one is out of their depth.

Back.