PGP For Mortal Developers

Why do I need it?

PGP has two main purposes — signing and encryption. When you sign a document (letter or file), you let the recipient know who is the origin and be sure the document wasn’t altered on its way.

Encryption doesn’t let anyone except the recipient to see the contents of the document.

We, programmers, can use this feature in many practical cases. Here is just a couple of them:

• Store a secret file with passwords and configuration details that’s intended for your development team only in the open (version control repository)
• Exchange sensitive messages with clients (invoices, server account passwords, confidential information)

How does it work?

Everyone has two keys — public and secret. Public keys you give away to people you want to be able to send you encrypted documents. In return, if they want you to send them encrypted documents, they give their public keys to you. This is important concept to understand — you can encrypt documents with public keys of recipients. In other words, you can send documents only to the people in your “PGP address book”.

Secret keys are kept in secret (read-only media stashed somewhere secretly comes to mind). You use them to open encrypted documents that are addressed to you by others. Under no condition do you hand it over to anyone.

Usually, to share public keys, (a) you send them directly via e-mail, (b) publish on your web site, or (c) publish them on key servers (for example, pgp.mit.edu). Think of the key server as a directory of keys. You can find people you know there if they use PGP. Some well-known key servers synchronize their records, some not.

Once you have your own key, you may want to start exchanging it for keys of the members of your team, family, friends and clients. When you get a key from the person you trust, you can sign it thus building the trusted web of keys. It starts to really work when some friend of a friend sends you his key, and you see that Gus trusts him while you trust Gus, so that’s probably OK to trust and sign. Note, that it’s not about the trust between people, as you might think, it’s the trust in that the key you’ve been given does really belong to that person (not forged).

When you have a directory of keys, you can now start signing documents (again, letters, files) and sending them over to your contacts. They will be able to open them.

How to configure?

First, you need a key if you don’t have one:

… is what you do. Answer the questions and wait while the key-pair is generated. The common choice is 1024-bit “DSA and ElGamal”, but you may choose more bits. The encryption will be slower, but you won’t notice it on modern hardware unless you are encrypting wikipedia. DSA lets you sign your documents, and ElGammal give the encryption. Usually people don’t use expiration at all if it’s not a mission critical temporary key. Don’t forget the passphrase. It’s important to protect your keys.

Manuals recommend creating a revocation key to be able to revoke your keys in case of theft or bad pass phrase memory:

Now you can see your key in the list:

To export the key in binary form and give it to someone use:

To get the same key in plain text, add the ‘–armor’ key:

(you can omit ‘-o …’ to get it all in stdout)

When someone sends you a key, you can import it with:

If you trust the key, sign it:

When you are ready to send your key, find the server (i.e. pgp.mit.edu) and submit your key either through the web interface or using the gpg command again:

How to sign?

Now that you have your key, keys of your recipients and documents to protect, here’s what you do.

To sign a document there are two ways — clear text and binary with optional compression.

When you have a plain text document that you want to sign leaving it legible, you choose clear text signing. It will add the plain text block with your signature to the bottom of your document. If anyone touches the document, the signature won’t match the content and it won’t be your authentic copy any more.

When you have a binary document or want to compress along with signing and additionally protect from change:

To verify the signature of the document that’s sent to you:

To get the original (doc.txt):

How to encrypt and decrypt?

When you need to encrypt a document, you choose the recipients first and then use their public keys from your “keychain” (gpg -k) to create the encrypted version.

NOTE: You won’t be able to open the file if you don’t include yourself into the recipients list.

To decrypt the file:

What else?

Once you are familiar with these simple tools, you may want to start exchanging protected e-mails with your co-workers, clients and friends. Many e-mail client support PGP these days.

Today, as we store our mail on the servers of giant Internet companies, it’s a norm to feel uncomfortable knowing that anyone can read your correspondence. Let’s make it a little bit harder.

That’s all folks. If you notice any inaccuracies, or have any suggestions, please let me know. I’m not an expert in this area at any stretch of imagination. This is just a quick summary for those who want to start quickly. You can find more info on official web site: http://www.gnupg.org.

Rails: Creating associated objects in AR

Assuming that you have an object Account like below

and you want to create an Office record when you create an account, you could do it in the after_create filter and it would be my way of doing that also. But the funny thing is that if you name the filter create_office, you don’t need to define the method itself. It will create the Office and link it to your Account model automagically. So here’s how the final class definition looks like:

Amazing!

Design thoughts: Blank slates

Here’s an interesting article by 37Signals on blank slates. For those, who doesn’t know, blank slates are the pages you see in web applications when there’s nothing to display yet — no blog posts or projects or anything else to list on the page. This is an important concept as you don’t want the user to stare at the empty screen. These pages are used to provide guidance and give advice on how to proceed.

It was a great reminder to me, as a web developer. Moreover the speculations behind all this were also very insightful; especially the part when you have to give an impression that it’s all very simple. One thing I didn’t like about the final design though, is the unfinished look of the page — a gray background with some text, an icon and a button. I understand that simplicity is a key, but in this case it looks over-simplistic to the point when it verges on ugliness unprettiness.

In any case, it’s a very good read and highly recommended. Enjoy!

Coding news

Finally, I had some quality time with my laptop and got up to speed with recent developments in the Ruby / Rails world.

Many of you know how to use and do use several Ruby versions on the same machine, but for those who doesn’t, there are a couple of nice solutions. The first one is ruby_switcher and here’s a good post on how to install and use it. It’s really nice, easy to install and simple in use. The second (that I discovered) is RVM. It does all the same, but in a more organized and generalized way. The biggest advantage over the Ruby Switcher is that you can have multiple unconnected named Gem sets in every Ruby version. Say, you have several applications that you work on and to keep it all organized and to avoid Gem version collisions, you can use a named space for each of these projects. Very nice idea.

Last week I had an interview with one local agile team (you know I’m a freelancing type, but sometimes I feel we miss all the fun confining ourselves to home offices). The interview went well, in case you wonder, yet the office is inconveniently remote, so I back-pedaled a bit. During the meeting we accidentally taught one another a couple of tricks. I shared a thing or two about RSpec, and got some insights on HAML / SASS in return. It appears, there’s a project {less} which does what SASS does, but in a slightly different, more elegant fashion. It bases on top of the regular CSS and adds some cool new features, like variables, mix-ins, nested rules and operations. If you plan to use it, the first step would be the easiest. You grab your existing CSS files and start adding new features. It has a compiler to turn your files into legit CSS, and a plug-in that takes all the load for those who use Rails.

Yesterday I played with Rails 3 pre-release, but stumbled upon block after block. Partially, that’s because I used the all new Ruby 1.9.1, and partially because many plug-ins (especially for user authentication) still don’t work in Rails 3. Finally, I couldn’t make a single test run in Rails 3 + Ruby 1.9.1 combo due to TMail incompatibility with Ruby 1.9.1. Today I’m planning to try Ruby 1.8.7 and see how well that works. Rails 3 has so many great features and enhancements that it would be a shame to give up on them so quickly.

Until next time.

Rails: Finally dealing with timestamps correctly

Can’t help to share my joy. If you did this (see below) prior to current Rails Edge version when your time zone in environment.rb is set to anything but “UTF-8″, you did it wrong.

Why? Because the Time.now will be taken in your server local time zone (set in environment.rb) and compared against the UTC saved in the database. To do it right, you needed this:

The same was applicable to finders and other stuff taking dates as arguments. Not very nice. I personally wrote patches to fix this in my projects.

Finally, in the latest Rails Edge it was fixed! No more kludge. Taken from the official post:

What time is it!?

Geoff Buesing provided a useful fix for Time, specifically when used in conjunction with ActiveRecord. Now you can save and search ActiveRecord objects using whichever local time zone you like, regardless of what your default time zone is configured for and everything now will just work. You no longer need to be concerned about converting your user’s local time into your default application time or vice versa.

OCUnit: Two things they never say

What if you followed all official (first, second, third) and unofficial tutorials to the letter, but still can’t make your tests run? Well, it’s what it was for me today. Here are two things I couldn’t find anywhere and had to figure myself:

• If you see only one Unit Test Bundle build error, and it’s says “Failed tests for architecture ‘i386′ (GC OFF)” (slight variations depending on your platform and the state of the GC flag), you don’t have any tests in the bundle. Yes, go check that counter in the Compile Sources task of your test target.
• If you added the application as the dependency to the test bundle, wrote the test that uses one of the classes and see the link error like below, you didn’t add any source files being tested to your test bundle for compilation. I know it’s insane to add them one by one, but it’s how they designed it. To make it a bit easier, right-click on the “Groups & Files” header, choose “Target Membership”, make sure your tests bundle is you current target and start checking missing sources.
  
  ".objc_class_name_XYZ", references from:
  literal-pointer@__OBJC@__cls_refs@XYZ in XYZTests.o
  sumbol(s) not found
  collect2: Ld returned 1 exit status

iPhone: Black navigation bar in “More…” view

On iPhone, there’s the tab bar control that we, developers, can use to switch between several pages. It appears as a black stripe with icons at the bottom of the screen. Probably, the most famous is the tab bar of the Clock application:

It can show up to 5 icons and if there’s not enough space left, the last one is replaced with the “More …” item. When clicked, it shows the nice view with the list of all available options that didn’t fit into the tab bar. UITabBarController delegates the job to the UINavigationController. Now why I tell all this?

By default, the UINavigationController uses that standard blue top bar, but what if I want it to be Black as in the rest of my app?

First, let’s change the style of the “More …” page top bar. It’s all pretty straight forward as you can see. Just get the navigation controller and set the style of its bar:

Finally, let’s change the style of the bar on the “More …” / Edit page (that says “Configure” by the way). It appears that you can’t drill down into the object model like above, but have to catch the moment when the editor is about to come out and do the magic. For this to happen, you needthe tab bar delegate (UITabBarControllerDelegate protocol) and use the tabBarController:willBeginCustomizingViewControllers: callback to nail it:

and later:

In the above 3-liner, you can see that we do the trick to actually find the navigation bar. It works nicely on iPhone 3.0, but may change in the future, so be careful.

Don’t forget that you can always subclass UITabBarController and hide all this customization logic inside to stay on the clean design side. In my work, I do that and used the tabBarController here to clearly state what model we operate on.

That’s all, folks. Hope it helped someone to save a couple of hours.

Split and Default… with Bash and TextMate

There’s a couple of Bash patterns I often use in my scripting that I would love to share. Both of them are immediately useful in your TextMate practice through commands, and that’s what makes the study really fun.

Default Values

Assuming that you want a user to give you the path as the first argument and fall back to something if he didn’t, normally you may have done this:

And here’s how you do it geeky Bash-style:

Shorter and delivers the message way more transparently, doesn’t it? That minus sign before the $DEFAULT_PATH is critical, so don’t miss it. Which leads us to the next tip.

String Splitting

If you need only some part of the string, you can easily cut it out knowing the start/end indexes or just one of them.

What about TextMate?

Now that you possess the secret knowledge, you can use it in your TextMate commands. One example scenario mentioned all around is replicating the common pattern where the command operates either on the selection or the current word. Here’s how it would look:

Note the order of the parameters, TM_CURRENT_WORD is the default, not the other way around. If there’s nothing selected, it will come in handy. Now, if you read my previous posts on Ruby / Shell code execution, this should ring a bell. Here’s how the selection-or-line logic would look:

Amazingly simple and ultimately useful!

Ruby: Simple scripts with CGI

I’m a big fan of Ruby, and still every time I need some simple server-side functionality — you know those go there, take that sort of tasks — I have to revert to good old PHP. It’s obvious that building a full-blown Rails app is an overkill.

This morning I need another tiny little script to parse the HTML page and get some info back in JSON. And all this for a static web-site, so that it can’t be hosted locally. So what do I do? Getting back to roots…

Many web servers let you run CGI scripts, which is nothing else but an ordinary script that is executed by an interpreter of your choice and the results are thrown back as the response. Of course, it’s a bit more complicated that that, but the gist is accurate, and what’s more important is it’s hilariously easy to write.

If you happen to have a site with CGI enabled, you can try it right away. If not, well, check the hosting docs, or your web server configuration to see if there’s anything you can do. Most often, you will find the cgi-bin directory where all magic happens sitting next to public_html or www in your web site location root. Don’t forget that everything you put into cgi-bin has to be executable by the web server. It means that either you need to give it the correct ownership and the owner execution permissions or simply let everyone run it (which is dangerous sometimes, but good enough for a couple of tests).

So, here’s what you can try throwing into /cgi-bin/ruby.cgi:

Now when you run it by entering http://your_site/cgi-bin/ruby.cgi in the address line, you will get the nice and shiny “Test Complete” string.

Note that content type declaration and the empty line after it. Two things are important about these:

• Both lines are mandatory
• You can set any content type you like, not just output things in plain text. It can be JSON, XML, HTML or GIF, PNG, PDF — anything you can think of.

Now why don’t you throw a couple of gems into the mix and build something cool, fast and breathing!

TextMate: More on Ruby code execution

In one of my previous posts I mentioned how nice it is to execute Ruby code and get the results in comments. This is quite useful when you build documentation or quickly test some ideas.

There’s one other method of doing this which is based on the Textmate’s ability to execute the code line at cursor or the selected piece of text. It’s as easy as it sounds.

• First, enter the piece of Ruby code to execute, having in mind that the result of the last line will be output below:
  
  a = 2
  b = 3
  a * b

• Now select all three lines and press ⌃⇧E (Execute line as Ruby). The result will appear on the next line

One neat trick is that you can use printf(…) function to format your output and, in this case, the result of the last line won’t be displayed, but the printed output will.

I find it useful when there’s something to try right inside the document or there’s some formula to solve. It lets me stay where I am and not to open a separate document just for the Ruby snippet.

As a little bonus, I just want to mention that you can run unix commands in the same fashion and get the output right in your document. For example:

• Enter the following line and leave the cursor at the end of it:
  
  ps -aux | grep nginx

• Press ⌃R (Text / Execute Line Inserting Result) to execute it. The result will be placed below.

The list of all nginx processes will be dumped. Sweet, ha.