We're hiring!

We're actively seeking designers and developers for all three of our locations.

Git-SVN Gotcha with Empty Directories

This short post is intended to serve as a warning about a potential gotcha with git-svn, and how to prevent it.

An Anecdote

First, a sort of “postmortem” of my run-in with this issue:

I was working to migrate an old SVN repository full of documents to Git. We had decided that we didn’t need to maintain a complete history going forward, that we would just take what was currently there and put it in a new Git repository. We would keep the old SVN repository around for reference in case we ever did need to go back through that older history. We wanted to preserve the old history in SVN, but make a clean break from it for a fresh start with a new Git repo.

I used SVN to check out a fresh copy of the repo, removed .svn, turned the directory into a Git repo, and pushed it out to the new remote. All good there. Read more on Git-SVN Gotcha with Empty Directories…

Posted in Developer Tools | Tagged , | Leave a comment

GPG + Git: The pass Password Manager

password-manager

As much as I’d like to see a world where PKI is used to secure digital resources, the status quo is a world often secured by passwords. Passwords are hard to remember, and easy to lose. We should use complex, hard-to-guess passwords. We should use separate passwords for every site. We should keep passwords to ourselves instead of sharing accounts with other users. All of these things add up to more than most minds should be taxed with.

The good news is: password managers can help! Read more on GPG + Git: The pass Password Manager…

Posted in DevOps & System Admin. | Tagged , | Leave a comment

8 Tips for Working from a Coffee Shop

working-coffee-shop

A few weekends ago, I spent an afternoon working from a coffee shop. I usually work co-located with other Atoms in Atomic Object’s Grand Rapids office, so this was a new experience for me. I learned a few things I could have done to use my time more effectively.

This is my new coffee shop-preparedness checklist: Read more on 8 Tips for Working from a Coffee Shop…

Posted in Personal Optimization | 2 Comments

Using a Smartcard with a VirtualBox-based Vagrant Virtual Machine

Lately, I’ve been working on setting up a Personal Package Archive (PPA) to use when provisioning servers with custom packages.

In order to host packages on a Launchpad PPA, one must first upload signed source packages. Since I use a Mac and keep my PGP signing key on a Smartcard, I needed to find a way to connect my Smartcard reader to a virtual machine running Ubuntu. After a bit of research, I found an easy way to do this with Vagrant, VirtualBox, and the standard precise64 basebox.

Read more on Using a Smartcard with a VirtualBox-based Vagrant Virtual Machine…

Posted in DevOps & System Admin. | Leave a comment

Using an OpenPGP Smartcard with GnuPG

openpgp-smartcard2

This is part of a series on GNU Privacy Guard:

  1. Getting Started with GNU Privacy Guard
  2. Generating More Secure GPG Keys: Rationale
  3. Generating More Secure GPG Keys: A Step-by-Step Guide
  4. Using an OpenPGP Smartcard with GnuPG (this post)

Recap

Picking up where we left off, we’re on a relatively secure (air-gapped) system with a keyring looking something like this:

$ gpg -k
/home/amnesia/.gnupg/pubring.gpg
--------------------------------
pub   4096R/144A027B 2013-11-04 [expires: 2016-11-03]
uid                  John Doe <john .doe@example.com>
sub   3072R/E02EDE61 2013-11-04 [expires: 2014-05-03]
sub   3072R/A59563DA 2013-11-04 [expires: 2014-05-03]
sub   3072R/B2E31884 2013-11-04 [expires: 2014-05-03]
 
$ gpg -K
/home/amnesia/.gnupg/secring.gpg
--------------------------------
sec#  4096R/144A027B 2013-11-04 [expires: 2016-11-03]
uid                  John Doe </john><john .doe@example.com>
ssb   3072R/E02EDE61 2013-11-04
ssb   3072R/A59563DA 2013-11-04
ssb   3072R/B2E31884 2013-11-04
</john>

We’ve already moved the mainkey to removable media and stored it in a safe place. Now we’d like to move the subkeys onto a Smartcard for day-to-day use. Read more on Using an OpenPGP Smartcard with GnuPG…

Posted in Extracurricular Activities | Tagged , | Comments closed

DevOps Resources for Staying in the Loop

At our last DevOps West Michigan meeting, someone asked where I learn about new things happening in the world of DevOps. Here’s the list I rattled off (plus a few more things I remembered later).

DevOps Weekly Newsletter

This weekly e-mail newsletter from Gareth Rushgrove does a great job of summarizing and aggregating some of the most noteworth blogposts, events, and new tools from the past week. I’ve been able to spend a lot less time seeking out this information since I subscribed. Gareth does a great job of keeping everyone informed.

Podcasts

Between riding the bus to work, doing dishes, and picking up kids’ toys, I listen to a lot of podcasts. Here are some of my favorite DevOps-related shows:

Posted in Growing as Makers | Comments closed

Generating More Secure GPG Keys: A Step-by-Step Guide

This is part of a series on GNU Privacy Guard:

  1. Getting Started with GNU Privacy Guard
  2. Generating More Secure GPG Keys: Rationale
  3. Generating More Secure GPG Keys: A Step-by-Step Guide (this post)
  4. Using an OpenPGP Smartcard with GnuPG

gpg_subkeysIn this post, I’ll will cover the generation of a new GPG key and removal of the primary key, one of two mitigation strategies mentioned in the previous post. The next post in the series will demonstrate the second strategy: using this new key with a SmartCard.

Read more on Generating More Secure GPG Keys: A Step-by-Step Guide…

Posted in Extracurricular Activities | Tagged , | Comments closed

Generating More Secure GPG Keys: Rationale

This is part of a series on GNU Privacy Guard:

  1. Getting Started with GNU Privacy Guard
  2. Generating More Secure GPG Keys: Rationale (this post)
  3. Generating More Secure GPG Keys: A Step-by-Step Guide
  4. Using an OpenPGP Smartcard with GnuPG

In my last post on getting started with GNU Privacy Guard, I mentioned that I’d like to go into more depth about how to use GnuPG more securely. In this post, I’ll show how I recently set up my new OpenPGP key and smart card.

Risks of Naive GPG

First, let’s talk about some of the risks of using GPG in the naive way I demonstrated in my last post.

Endpoint Security

Once we start using GnuPG to encrypt and sign our data, one of the largest remaining risks is “endpoint security” — namely that our laptop might be compromised and our secret key exposed to an attacker. We generated our key on the laptop we use for a variety of purposes on a daily basis. Read more on Generating More Secure GPG Keys: Rationale…

Posted in Extracurricular Activities | Tagged , | Comments closed

Getting Started with GNU Privacy Guard

This is part of a series on GNU Privacy Guard:

  1. Getting Started with GNU Privacy Guard (this post)
  2. Generating More Secure GPG Keys: Rationale
  3. Generating More Secure GPG Keys: A Step-by-Step Guide
  4. Using an OpenPGP Smartcard with GnuPG

Like many others, I have recently taken a more active interest in information security. In particular, I have taken a fresh look at GNU Privacy Guard (GnuPG or GPG). This popular open-source encryption tool offers users the ability to encrypt and sign data and communications using public key cryptography.

I’ve used GPG in the past, but now that I’ve read up on it a little more, I’d like to share some of what I’ve learned. This post won’t get into the relative merits of RSA, DSA, or ECC keys, or extra measures you can take to keep your private key secure. I hope to cover those things in more detail later.

This post is intended to serve as a brief introduction to GPG and should also help to clear up some confusing vocabulary to make further reading more fruitful.

Read more on Getting Started with GNU Privacy Guard…

Posted in Extracurricular Activities | Tagged | Comments closed

Tools for Debugging Running Ruby Processes

Let’s assume that we have a daemon running on some kind of POSIX system written in Ruby that works great most of the time, but every few months gets “stuck” and needs to be restarted. We might tolerate this failure rate, or we might set up something like monit to automatically restart the daemon when it becomes “stuck.” But wouldn’t it be better to get to the bottom of the issue?

Next time the daemon gets stuck, what tools might we use to figure out what’s happened to it? If you’re still developing, you might have included the pry gem or you might even be using pry-rescue to catch exceptions. But on a production system, you probably won’t have such luxuries available.

Luckily, since a Ruby process is still a process, there are actually quite a few POSIX utilities at our disposal. Let’s find the PID of our our process and see what we can learn. Read more on Tools for Debugging Running Ruby Processes…

Posted in Ruby | Tagged , | Comments closed
Google Circle
Join my Circle on Google+