The purpose of this post isn’t to bemoan the expanding surveillance state, warn of impending civil liberty revocation, or even to make you feel paranoid. I only want to talk sensibly about a few tools that we should all be comfortable using and know when we should use them.
There may come a time in your life wherein you will need a private, encrypted channel to communicate with someone, whether it’s your loved ones, your employer, a reporter, your lawyer, whatever. At some point, you may urgently need to do so. Even more importantly, there may come a time when someone needs to contact you privately.
When said time arrives, it may be difficult to establish that channel in a timely manner. You don’t want to be groping in the dark for a way to send that damning report of an impending disaster at a nuclear plant to a watchdog group, or flipping a coin over whether to trust the authenticity of the key signing those rebel dispatches, or hell, sending some racy, career destroying photos by email in the clear.
If the top man at the CIA having his private communications breached isn’t enough motivation to take good look at your own privacy, then nothing I can say is. So, put away your tinfoil hats and lets go!
Off-the-Record Instant Messaging
OTR is probably the easiest one and there is absolutely no reason you shouldn’t be able to do this one now–right now. As soon as you finish this section, go do it.
It’s as easy as installing Adium (or Pidgin if you’re not on a Mac), signing into your preferred messaging service (Google chat, AIM, etc…), going to the Advanced preference pane, Encryption, and then generate a private key. Have your partner do the same.
Initiate an encrypted OTR chat with them, accept and verify their key (provided that you’re sure it’s them). And next time you need to converse privately, “Initiate Encrypted OTR chat.” Messages will be passed as encrypted blobs in the clear. If you want to see one, sign in with another client while in an OTR session and look at the messages coming from your partner.
GPG Encrypted Email
Your email is not private. At all. There’s not even a paper envelope surrounding it to shield it from prying eyes, making “mail” a misnomer. For now on, think of it as an epostcard. Anyone who happened to handle your message in between you and your intended recipient has potentially read it.
GPG is an open source implementation of the OpenPGP standard, and many mail clients provide built-in support or add-ons for it.
On OS X, you can install it with Homebrew (brew install gpg). Every flavor of Linux I’ve ever used provides GPG. It should be available via your package manager. Windows users should look into Gpg4win.
To create your key, run gpg --gen-key. You will be guided through a series of questions. In order for someone to send you an encrypted message, they need your public key. To get that, run gpg --armor --output pubkey.txt --export 'Your
Name'.
Publish this thing as broadly as possible so that anyone who ends up needing it doesn’t have to go hunting for it. For instance, I keep my key in a public gist. You can also publish it to a central keyserver: gpg
--send-keys 'Your Name' --keyserver hkp://subkeys.pgp.net.
GPG can be used to accomplish a lot more than just email encryption, though. You can use it to encrypt any data, and since it can be used like any other UNIX utility, you can incorporate it into larger, more complex workflows with a little shell fu. Check out this more detailed guide by Paul Heinlein.
Private Browsing
I don’t recommend that you–nor do I myself–use Tor or a VPN on a constant basis, but these should be two tools that you have at your disposal and are comfortable using. Depending on your circumstances, you should evaluate which is the best solution for you.
If you are abroad in a country where it’s safe to assume you are snooped on, it’s sensible to be running a VPN back home. You can even run one on a Raspberry Pi. In addition to a secure tunnel back to your home internet connection, a VPN gives you the added benefit of having LAN access to your devices at home.
Paid VPN services can be very useful, but should not be considered a way to perpetrate crimes without a paper trail. Providers are typically businesses who will comply with investigators to the full extent of the law. However, if you choose a VPN provider from a jurisdiction where your activities are not illegal, they should have no reason to reveal your identity. Jurisdiction arbitrage is part of the game here.
Tor is an anonymity tool. Not only does it let you browse the internet as a nameless, shady drifter, but it gives you access to a darknet–a shadowy place not accessible from the normal internet. You’re on your own here; explore at your own peril. The downside to Tor is that it’s very slow.
Donate to the EFF
These tools are all bandaids for a bigger problem we have: the corrosion of civil liberties. They are priceless, but we need to put up more than a technical defense. Skip a few lattes and make a generous donation to an organization that’s fighting for your rights.
I read a total of 14 books last year. I had set my goal for 15, but finished the year two-thirds of the way into three different books. I tend to read plurally.
I thought I’d give a quick run down of the ones that I liked best, in no particular order. I don’t mean to provide a synopsis; you can read those all you like on Amazon or Goodreads. Instead, I just want to share a bit about why I liked them.
A pretty short read–around 80 pages–but despite its brevity, Tesla reveals some incredible details about the nature of his genius.
When I get an idea I start at once building it up in my imagination. I change the construction, make improvements and operate the device in my mind. It is absolutely immaterial to me whether I run my turbine in thought or test it in my shop.
I thoroughly enjoyed the anecdotes of his development as an engineer as well as his focus on introspection and personal fulfillment and think it’s a valuable read for anyone, technical or not.
This one is a journey across philosophies, including those of Socrates, Epicurus, Seneca, Montaigne, Schopenhauer, and Nietzsche. It covers many topics ranging from sexual inadequacy to social conformity.
I consider this not be a philosophy book, but more of a guidebook for the more dense primary sources it describes. That said, it’s a very enjoyable read and Alain de Botton has a way with stitching the ideas of disparate philosophers together such that the entire volume feels like a contiguous whole, and not a disjoint anthology.
It piqued my interest in both Nietzsche and Montaigne so that I bought a book by each.
Montaigne proves to have been incredibly forward thinking for his time. Once well into the book, I actually had to check Wikipedia for the time period because judging by the content you’d think the book was written during the late 18th century at the earliest. Sure enough, he lived from 1533 to 1592.
However, he also held some ridiculous beliefs, I would think even for his time period. Especially in the chapter ‘On the Power of the Imagination.’ Some range from innocent mind-over-matter incidents such as a man being cured of impotence just be believing in a potion that Montaigne had concocted for him, but in one case he describes a man so flatulent that he literally farts himself to death.
Much of his thought is admittedly just his digest of the classics. He builds heavily on the stoic philosophy of Seneca:
We should have wives, children, property, and, above all, good health… if we can: but we should not become so attached to them that our happiness depends on them.
After reading this book, my lasting impression of Montaigne is that he was an incredibly honest man. Honest with himself, and diligently practiced introspection as a means to correct his thought.
Nietzsche is one of those philosophers whom I always assumed I would like. I was interested in his ideas of the Übermensch and eternal recurrence, his atheism, and the general hubbub and debate about whether he actually inspired Nazi ideals.
After reading Zarathustra I was honestly a little disappointed. Not a whole lot of it made sense to me, and I’m not sure how much to chalk up to translation, my own ignorance or whether he was just writing madness. I came away still wondering what he was on about. As a side note I read this before I read Consolations, which did help provide some context and encourage me to take another stab at Nietzsche.
I found Why I am so Wise to be much more enjoyable. As arrogant as the title is, I understand him to be quite optimistic. He details some of what he believes attributes to his success as a writer, for instance, only attacking causes against which he’d find no allies and he has no personal difference.
Other than that, he describes his ideal climate (dry air), eating habits, abstinence from alcohol, friendship with Richard Wagner, and many other things.
Also to my relief, he repeatedly denounces German nationalism and expresses vitriol toward all things German:
I am a pure-blooded Polish nobleman, in whom there is no drop of bad blood, least of all German.
It’s hard for me to believe he would have been enthusiastic about Nazis adopting some of his ideas.
This one follows the story of one family across three generations as they cross the threshold into the technological singularity.
This is nerd porn at its finest. All sorts of things are explored: augmented reality, uploading, artificial intelligence, solar sails and interstellar travel.
Want to become the HTTP wizard around the office? This book is invaluable if you spend a lot of time designing APIs.
My advice is to skip all the code examples (reimplementing a Flickr API in Rails). I found them to be very dry and outdated. Maybe it’s just me, but I hate reading page after page of mediocre Ruby code without syntax highlighting. Another part you might just skim is the one detailing various XML microformats. Unless you actually need to use one, there’s probably little value in understanding it in detail.
The rest of it was definitely rewarding. I no longer have to skip a beat wondering which response code is right in a given situation or which method a resource should should expose.
This one wasn’t exactly a thriller, but it did give me a lot of knowledge for planning my financial future. Knowing how to tax-shelter your nest egg, or whether you should put your money in a managed fund or a passive index fund is definitely boring material, but I feel a tiny bit more informed about the decisions I make now.
tl;dr, no-load index funds are the way to go, put your high-yield investments in your tax-sheltered account (e.g., Roth IRA), asset allocation is everything and rebalance your portfolio at regular intervals to maintain your desired allocation.
This last one is a little obscure. Von Mises is the name behind the Ludwig von Mises Institute, a popular, libertarian, Austrian economics think tank. The printing I have includes a bunch of other essays, and it eventually becomes very repetitive.
However, it’s a very beneficial read, whether you consider yourself to be libertarian or more social-minded (if only to know how to better refute libertarian arguments).
Von Mises’ ironic title makes a little jab at the idea that social planning can lead to more freedom. His basic premise is not that he rejects economic planning as a thing, but whose planning.
When I need to give my brain a rest, I like to play Minecraft on an interesting server known as Civcraft. The unique thing about this server is that it is an experiment in anarchy of sorts. There are no rules except not to exploit software glitches that could give you an unfair advantage. Robbery, murder, griefing and trolling of all sorts are completely legal within the rules of the server. As a result, there have evolved complex and organic societies complete with competing cities, marketplaces and even ad hoc police forces and bounty hunters.
The server facilitates this with a few custom plugins like PhysicalShop for buying and selling via item chests and PrisonPearl, which serves as the server supermax by letting you banish someone to The End and keep them as a prisoner in an Ender Pearl.
As an amateur compared to the major players, I actually enjoy watching the societal developments more than playing the game itself. One thing that is interesting to me is the trading. Unless you play constantly and understand what items people want and what kind of supply they are in, pricing can be confusing. Especially since it’s a barter system with no centralized currency. It can also be difficult to find what you’re looking for.
I needed little pet project to keep my skills sharp and decided to build a market place app for the game: Civtrade. At first it was just a place to list and search for shops, but I soon decided a bounty system would be useful.
Just listing shops didn’t really need any sort of user accounts. It was all anonymous. Putting a bounty on someone was different. Users would need to be able to verify that the person posting the bounty was legit, otherwise someone could post as a prominent player, promising a huge reward for the bounty of their enemy.
Mojang doesn’t provide OAuth or any other means to link your users’ accounts with their in-game identities. This is a shame, and it’s probably holding up a few good ideas. Of course, it could be by design.
In any case, I needed to verify that the users of Civtrade are who they say they are. One way to do that is to reverse engineer the Minecraft client and mimic it. It turns out, that’s pretty easy. There’s a few URLs the client uses to POST your login, password and client version number. A successful response includes a timestamp, username, and a session id.
For my purposes, I just needed to ensure that they can get a successful response and that the username matches the one they’re signing up with.
class MinecraftAccountVerifier
require 'net/http'
require 'uri'
AUTH_URI = URI.parse('https://login.minecraft.net/').freeze
CLIENT_VERSION = 13
attr_reader :error
# Public: verify an account as a true Minecraft account this user has access to.
#
# login - the username or email used to log into the Minecraft client
# username - both the username for this service and their in-game identity
# password - password used to log into the Minecraft client
def initialize(login, username, password)
@login = login
@username = username
@password = password
end
def authentic?
response = login.body
if response =~ username_regex
true
else
@error = login.body.chomp
false
end
end
private
def username_regex
Regexp.new(@username, 'i')
end
def request_parameters
{
'user' => @login,
'password' => @password,
'version' => CLIENT_VERSION
}
end
def login
request = Net::HTTP::Post.new(AUTH_URI.request_uri)
request.set_form_data(request_parameters)
http = Net::HTTP.new(AUTH_URI.host, AUTH_URI.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.request(request)
end
end
This has the obvious downside that you’re asking your users for their credentials to a third party. They should never have to just trust you. I posted what I had on reddit and after about an hour with some interest but no signups I disabled it completely for the time being, let people sign up without verifying and planned to add a less invasive verification step as soon as I could think of one.
Then I started thinking. At the very core of it, I just needed someone to prove to me that they are in control of a Minecraft user whose name matches their username on Civtrade. Maybe change their Minecraft account email to a generated throwaway briefly? No, that’s just as bad or worse than getting their password. How about in-game verification? That would take way too much effort to meet and verify people individually. And then it hit me: Minecraft lets you customize your character by uploading a skin. A skin is just a tiny, 66×34px png image. I can have my users temporarily upload a unique verification skin to their profile. Then I just have to diff the image against the original.
class MinecraftAccountVerifier
require 'net/http'
require 'uri'
SKINS_S3_BUCKET = 's3.amazonaws.com'.freeze
attr_reader :error
# Public: verify an account as a true Minecraft account this user has access to.
#
# username - both the username for this service and their in-game identity
def initialize(username)
@username = username
end
def authentic?
if user_skin
return true if skin_difference == 0.0
@error = "Skin does not match verification skin. Please wait a minute or try uploading the skin again. (#{skin_difference}% different)"
false
else
@error = 'Your skin was not found. Please note that your username is case sensitive'
false
end
end
private
def skin_difference
diffs = []
user_skin.height.times do |y|
user_skin.row(y).each_with_index do |pixel, x|
diffs << [x, y] unless pixel == verification_skin[x, y]
end
end
diffs.length.to_f / verification_skin.pixels.length * 100
end
def user_skin
@user_skin ||=
Net::HTTP.start(SKINS_S3_BUCKET) do |http|
response = http.get("/MinecraftSkins/#{@username}.png")
if response.code == '200'
datastream = ChunkyPNG::Datastream.from_blob(response.body)
ChunkyPNG::Image.from_datastream(datastream)
end
end
end
def verification_skin
@verification_skin ||=
ChunkyPNG::Image.from_file(Rails.root.join('public/verification_skin.png'))
end
end
Luckily, there’s nothing fancy about getting a player’s skin: they’re just stored in an S3 bucket with a filename matching their username. All I have to do is download and load it into ChunkyPNG to compare it with the original. This isn’t incredibly fast, and I’ve considered other ways of doing it, namely, MD5 hexdigest comparison. However, that would have zero-tolerance of any difference, and I wasn’t sure if I could guarantee that the images would be absolutely unchanged upon uploading them to Mojang. It’s probably worth a try though. The image diff just gives me the benefit of being able to set my own tolerance.
So there you have it. With that little service class, I can verify that my users are who they say they are and give them a little “verified” badge next to their name.
I gave a talk to the Atlanta Ruby Users Group on using the HTTP OPTIONS method as outlined in my previous post. The slides aren’t super great without me talking to explain them, but they may be of some use.
The OPTIONS method is a somewhat obscure part of the HTTP standard that could be used today with a strong impact on the interconnectedness of the interwebs while requiring minimal effort. It’s role is well defined in RFC2616, yet no web services that I can find are taking advantage of it.
What is the HTTP OPTIONS method?
To quote the spec:
This method allows the client to determine the options and/or requirements associated with a resource, or the capabilities of a server, without implying a resource action or initiating a resource retrieval.
Minimally, the response should be a 200 OK and have an Allow header with a list of HTTP methods that may be used on this resource. As an authorized user on an API, if you were to request OPTIONS /users/me, you should receive something like…
200 OK
Allow: HEAD,GET,PUT,DELETE,OPTIONS
(Almost) no one uses it
I’ve tested quite a few sites and APIs and so far, the only resources I’ve found that respond properly are default Apache pages. Specifically, directory indices. If you try it on apache.org/dist/httpd, for example, you’ll get a response like this:
...
Server: Apache/2.4.1 (Unix) OpenSSL/1.0.0g
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Type: httpd/unix-directory
...
GitHub responds with a 500, Reddit with 501 Not Implemented, Google maps with 405 Method Not Allowed. You get the idea. I’ve tried many others, and the results are usually similar. Sometimes it yields something identical to a GET response. None of these are right.
GitHub (to pick on someone specific. Not because I don’t love you!) could be using this to tell me what I am allowed to do with each resource exposed by their endpoints. And before you tell me “meh, it’s just a list of HTTP verbs you can use on a resource. Who cares?” let me throw some more of the RFC your way.
The response body and API documentation
The response body, if any, SHOULD also include information about the communication options. The format for such a body is not defined by this specification, but might be defined by future extensions to HTTP.
It could be an HTML page with documentation, but that’s sort of unpractical because users don’t click the “get options” button in their browsers before visiting a page. Machines may though.
APIs should be taking advantage of this. There are many benefits to be gained from producing machine readable docs at every endpoint. It would be a boon for automatic client generation for web services. Communication between web services could be much more resilient if they had a codified way to check their abilities against each other.
At the very least, services should be responding with a 200 and the Allow header. That’s just correct web server behavior. But there’s really no excuse for JSON APIs not to be returning a documentation object. To use GitHub as example again, on the issues endpoint, a request like OPTIONS /repos/:user/:repo/issues should respond with a body like…
{
"POST": {
"description": "Create an issue",
"parameters": {
"title": {
"type": "string"
"description": "Issue title.",
"required": true
},
"body": {
"type": "string",
"description": "Issue body.",
},
"assignee": {
"type": "string",
"description" "Login for the user that this issue should be assigned to."
},
"milestone": {
"type": "number",
"description": "Milestone to associate this issue with."
},
"labels": {
"type": "array/string"
"description": "Labels to associate with this issue."
}
},
"example": {
"title": "Found a bug",
"body": "I'm having a problem with this.",
"assignee": "octocat",
"milestone": 1,
"labels": [
"Label1",
"Label2"
]
}
}
}
Of course, it’d show more than just the paramters for the POST method. I’d like to see a standardized format for documentation like this, but developing that is not the point of this post.
I’m currently working on a small, one page Sinatra, MongoDB, Backbone.js app. Every endpoint will respond to the OPTIONS method. As I go, I’m extracting it into a gem to make self-explaining Sinatra APIs easy. I’d like to participate in disucssion about this being added to Rails routing. At least responding with a proper Allow header would be a start. I’m also interested in exploring the automatically generated client idea via Backbone apps.
In the mean time, I just want to get the discussion started because I think there’s a lot of potential here and I’m surprised that no one has tapped into it yet. As RESTful Web Services puts it, “OPTIONS is a promising idea that nobody uses.”
I’ve been using CanCan for managing role-based authorization in Rstrnt, my restaurant management solution. CanCan is a very simple and easy-to-use authorization library that works out-of-the-box with Devise (and any other authentication system that provides a current_user method). However I had a use case that doesn’t seem to be documented on the project’s wiki.
The Special Case
I wanted to authorize a user on a collection of records, for example on the index action of a controller. The typical way to do this is to define your abilities using hash conditions and then query for the records that a user may access using accessible_by(current_ability). This felt icky to me, though. I didn’t want CanCan so deeply ingrained into my app. I have my own logic for which records to request, and while at some point I may decide to let all the logic reside within my Ability model, right now I don’t want to.
So, in this example, I’m working with a Restaurant, current_membership (my own permission-role system. For the purposes of this example, consider it equivalent to current_user) and many instances of TimeOffRequest. I want managers and admins to have access to all the restaurant’s time off requests, but other users should only have access to their own. The following logic is actually enough to ensure that they’re only ever requesting within those parameters, but I still want to authorize! them to be sure. Projects tend to become increasingly complex and I want to make sure that at no point in the future I do something that accidentally gives access to someone undeserving. Having all that bottleneck through the Ability model helps me sleep at night.
# time_off_requests_controller.rb
if current_membership.has_any_role?(:admin, :manager)
@time_off_requests = @restaurant.time_off_requests
else
@time_off_requests = current_membership.time_off_requests
end
Authorize! those records!
Usually you do something like authorize! :read, @time_off_request to make sure a user can indeed read the time off request in question. However, with an array of time off requests, it gets tricky. Your first instinct, like mine, may be to just call authorize! :read,
@time_off_requests. This won’t work, though. Your Ability model depends upon the type of object you pass it. In this case, you would be passing it an Array and not a TimeOffRequest. You could, I suppose, define an ability for Array and then do some funky work inside there to figure out what kind of array it is, and go from there… But that would be a horrible solution.
Enter the splat: *
What you need, is a way to evaluate an entire collection of TimeOffRequests, but you must pass the first argument as an instance thereof and not an array. That’s where the handy ol’ splat comes in. In the example below, the asterisk in *time_off_requests means that the block will accept N number of arguments and will squish them back into an array, letting me use an iterative method on it, in this case all?.
# Ability.rb
can :manage, TimeOffRequest do |*time_off_requests|
membership.has_any_role?(:admin, :manager) ||
time_off_requests.all? { |tor| membership.id == tor.employee_id }
end
Back in the controller…
Now I just need to call authorize! properly. The splat operator also lets you pass the contents of an array as arguments. If you’re from the PHP world you may recognize the similarity of call_user_func_array.
foo = [:a, :b, :c]
bar(*foo)
# is the same as
bar(:a, :b, :c)
There is one bit of inelegance that I don’t like here. As I said earlier, CanCan needs the argument following the access method to be an instance of the class you are authorizing. An empty array splat means no arguments. So if @time_off_requests is empty, which is completely possible, CanCan will raise an exception for too few arguments. I got around this by using ternary operator to always pass at least a new instance.
The Code
# time_off_requests_controller.rb
def index
if current_membership.has_any_role?(:admin, :manager)
@time_off_requests = @restaurant.time_off_requests
else
@time_off_requests = current_membership.time_off_requests
end
authorize! :read, *(@time_off_requests.any? ? @time_off_requests : current_membership.time_off_requests.new)
respond_to do |format|
format.html
end
end
# Ability.rb
can :manage, TimeOffRequest do |*time_off_requests|
membership.has_any_role?(:admin, :manager) ||
time_off_requests.all? { |tor| membership.id == tor.employee_id }
end
jQuery Meow mimics Growl notications. It supports all jQuery events and you can bind it to various sources for message input making it ideal for form validation, Rails flash notices, or a replacement for the alert() box.
It's under active development right now and is lacking a bunch of features that are soon to come, including sounds, callbacks and lot more.
If you've got something to add, please fork the project on GitHub!
See a demo
I've gotten Jekyll working on my shared Dreamhosting account, and not just pushing the compiled pages to my webroot: compiling my Sass stylesheets and then compiling the static HTML pages with Jekyll and even using Pygments to generate syntax-aware HTML--all server-side.
Read more
Enjoy this Fibonacci function until I get my site finished
def fib(num):
if (num <= 2):
return 1
else:
return fib(num - 1) + fib(num - 2)
print fib(10)