Rietta.com Security
You are reading The Rietta Blog, a publication about the web since 2005. If you enjoy this, you may also want to subscribe via RSS.

Government vs Security - Schneier Explains


We’ve been hearing a lot recently about law enforcement officials upset over the so-called “going dark” problem, with Apple and Google implementing stronger encryption solutions for their mobile platforms. These government organizations are arguing that by making encryption easy to use and unbreakable, Apple and Google will help criminals escape from justice by impeding investigative work.

“You can’t build a backdoor that only the good guys can walk through.”

As security-focused developers, we discuss these issues quite often at Rietta. Sometimes it is difficult to articulate our opinions on the subject, but luckily Bruce Schneier’s post on the subject does a superb job of laying out the major considerations along with supporting evidence, which is well worth a read.

“… let’s wait for some actual evidence of harm before we acquiesce to police demands for reduced security.”

The essential takeaway is that providing a way for the government to legitimately access the data means there is also a way for the various bad guys of the world to access it as well. At the end of the day, the goal is to protect people from harm. Unbreakable encryption can certainly help with that, but sometimes-breakable encryption usually can’t.

Raspberry Pi Crypto Key Management Project!


A few months ago I bought a Raspberry Pi B to experiment with, but sadly my day job as a Ruby developer keep me busy enough that it just sat on the shelf unused until this last weekend. For those not yet in the know, the Raspberry Pi is an excellent little complete computer system on a small circuit board that uses very low power and looks like this:

My Raspberry Pi booting for the First Time!

Software Security Is a Moral Duty


All too often robust security is put off because the cost of prevention is felt upfront and the cost of breach is to realized at an uncertain future time and mostly by third parties. In the name of saving money, organizations continue to run out of date operating systems, reject appropriate strong encryption systems, fail to deploy sufficient network security, and refuse to employ and empower appropriate security staffs. In the end, security is seen as an expense to be minimized as part of a risk management program. But there is another way.

Learn How Upworthy Scaled a Ruby on Rails Application to Serve Massive Traffic


Luigi Montanez is the founding engineer of the viral content website http://upworthy.com and in this ATLRUG talk from July 9, 2014, he gives a fascinating insight into one approach to managing the growth of a startup’s web app in the face of very high traffic. Their backend is built upon Ruby on Rails with an effective use of the Fastly CDN to deliver very high performance at scale.

New OpenPGP Key, 0xC004BAE3 (2014)


After 11 years, I have chosen to transition my OpenPGP/GnuPG cryptographic key pair from a 1024-bit DSA to a 4096-bit RSA key. The new key is ID 0xC004BAE3. Please review the fingerprints and update your OpenPGP keychain accordingly.

The following is my digitally signed transition statement, notice that it is signed with both my new and old key pairs. My old key is un-compromised and will remain valid for a period of time.

Introduction to OpenPGP: Decrypt This Message


If you have been following the news in light of the revelations of the NSA domestic surveillance program, which is probably unconstitutional in the United States but in practice is being permitted by the courts, then you should know something about the encrypt everything movement and Google’s End-to-End project, which is to add OpenPGP to the Chrome web browser. If this is new to you, this fun challenge will help you get started with what you need to decrypt a message with GnuPG!

Introduction to OpenPGP: Decrypt this Message

What a Ruby Developer Can Do to Help Prevent a Data Breach - 2014


I was invited by Tech Talent South to give a guest lecture to their Spring 2014 class of students learning to become Ruby on Rails developers. These students are all adults looking to make a change in their career and are really bright and motivated individuals looking to better themselves with learning to code. In my view this is perfect because being a developer is the most trusted job position one can possibly hold in most organizations. We are routinely called upon to build the machine that runs the company and that other trusted employees will be dependent upon to do their job.

Tech Talent South (@techtalentsouth on Twitter) graciously gave me permission to film the class so that I can bring the video and notes to you here today.

Humana Data Breach in Atlanta for an Unencrypted USB Disk


Just this week, Security Professionals Magazine is reporting a data breach of three thousand unencrypted medical records, names, and social security numbers. For want of choosing “Encrypt this Drive”, Humana and one of it’s associates have put thousands of customers at risk of economic harm.