Rietta.com Security
You are reading The Rietta Blog, a publication about the web since 2005. If you enjoy this, you may also want to subscribe to our Web Application Topics Newsletter.

New OpenPGP Key, 0xC004BAE3 (2014)


After 11 years, I have chosen to transition my OpenPGP/GnuPG cryptographic key pair from a 1024-bit DSA to a 4096-bit RSA key. The new key is ID 0xC004BAE3. Please review the fingerprints and update your OpenPGP keychain accordingly.

The following is my digitally signed transition statement, notice that it is signed with both my new and old key pairs. My old key is un-compromised and will remain valid for a period of time.

Introduction to OpenPGP: Decrypt This Message


If you have been following the news in light of the revelations of the NSA domestic surveillance program, which is probably unconstitutional in the United States but in practice is being permitted by the courts, then you should know something about the encrypt everything movement and Google’s End-to-End project, which is to add OpenPGP to the Chrome web browser. If this is new to you, this fun challenge will help you get started with what you need to decrypt a message with GnuPG!

Introduction to OpenPGP: Decrypt this Message

What a Ruby Developer Can Do to Help Prevent a Data Breach - 2014


I was invited by Tech Talent South to give a guest lecture to their Spring 2014 class of students learning to become Ruby on Rails developers. These students are all adults looking to make a change in their career and are really bright and motivated individuals looking to better themselves with learning to code. In my view this is perfect because being a developer is the most trusted job position one can possibly hold in most organizations. We are routinely called upon to build the machine that runs the company and that other trusted employees will be dependent upon to do their job.

Tech Talent South (@techtalentsouth on Twitter) graciously gave me permission to film the class so that I can bring the video and notes to you here today.

Humana Data Breach in Atlanta for an Unencrypted USB Disk


Just this week, Security Professionals Magazine is reporting a data breach of three thousand unencrypted medical records, names, and social security numbers. For want of choosing “Encrypt this Drive”, Humana and one of it’s associates have put thousands of customers at risk of economic harm.

Avoid Thrashing to Release Your Project on Time and Budget


As my team and I work towards a major deadline this week, I am reminded at how easily last minute thrashing sneaks into a project that has many stakeholders involved. This is a challenge that a properly run Agile project should be able to minimize, but it seems to always be there.

Defense in Depth


I had no fewer than three separate conversations yesterday about the importance of Defense in Depth in the context of building out a comprehensive plan to secure a web application and its environment. In light of that, I wanted to share with you the basic concept and point out some places to read about this big idea in security.

A combination door lock is one possible countermeasure in a layered security approach Photo: A combination door lock is one possible countermeasure in a layered security approach, but there is so much more to defense in depth.

Joe Moore Has Pair Programmed for 27,000 Hours


In Outliers, Malcolm Gladwell posited that 10,000 hours of practice are what it takes to achieve mastery in a field.

Well, Joe Moore (@joem on Twitter), the owner of remotepairprogramming.com, has blown past that mark on the subject of pair programming practices and the impact those practices have on real software projects.

He has pair programmed for 27,000 hours and the audience at RailsConf 2014 asked him anything!

My New Tenkeyless Code Keyboard!


My new Code Keyboard Tenkeyless (87-key without a Number Pad) arrived this week from WASD Keyboards!

It should make a good keyboard for professional programmer who is typing 40 or more hours per week, 50 weeks per year. The Cherry Green keys have a 80 gram actuation force, that makes for clean, crisp keystrokes at full typing pace. The heavier resistance helps avoid bottoming out the keys, which is one source of typing injury.

My New Code Keyboard from WASD Keyboards with a Banana for Scale Photo: My New Code Keyboard from WASD Keyboards with a Banana for Scale.

Yes, I use the pencil drawer in my old-school teacher’s desk as a keyboard tray with the help of some older thick computer books.