Rietta
Rietta.com Security
You are reading The Rietta Blog, a publication about the web since 2005. If you enjoy this, you may also want to subscribe to our Web Application Topics Newsletter.

Raspberry Pi Crypto Key Management Project!

Comments

A few months ago I bought a Raspberry Pi B to experiment with, but sadly my day job as a Ruby developer keep me busy enough that it just sat on the shelf unused until this last weekend. For those not yet in the know, the Raspberry Pi is an excellent little complete computer system on a small circuit board that uses very low power and looks like this:

My Raspberry Pi booting for the First Time!

Software Security Is a Moral Duty

Comments

All too often robust security is put off because the cost of prevention is felt upfront and the cost of breach is to realized at an uncertain future time and mostly by third parties. In the name of saving money, organizations continue to run out of date operating systems, reject appropriate strong encryption systems, fail to deploy sufficient network security, and refuse to employ and empower appropriate security staffs. In the end, security is seen as an expense to be minimized as part of a risk management program. But there is another way.

Learn How Upworthy Scaled a Ruby on Rails Application to Serve Massive Traffic

Comments

Luigi Montanez is the founding engineer of the viral content website http://upworthy.com and in this ATLRUG talk from July 9, 2014, he gives a fascinating insight into one approach to managing the growth of a startup’s web app in the face of very high traffic. Their backend is built upon Ruby on Rails with an effective use of the Fastly CDN to deliver very high performance at scale.

New OpenPGP Key, 0xC004BAE3 (2014)

Comments

After 11 years, I have chosen to transition my OpenPGP/GnuPG cryptographic key pair from a 1024-bit DSA to a 4096-bit RSA key. The new key is ID 0xC004BAE3. Please review the fingerprints and update your OpenPGP keychain accordingly.

The following is my digitally signed transition statement, notice that it is signed with both my new and old key pairs. My old key is un-compromised and will remain valid for a period of time.

Introduction to OpenPGP: Decrypt This Message

Comments

If you have been following the news in light of the revelations of the NSA domestic surveillance program, which is probably unconstitutional in the United States but in practice is being permitted by the courts, then you should know something about the encrypt everything movement and Google’s End-to-End project, which is to add OpenPGP to the Chrome web browser. If this is new to you, this fun challenge will help you get started with what you need to decrypt a message with GnuPG!

Introduction to OpenPGP: Decrypt this Message

What a Ruby Developer Can Do to Help Prevent a Data Breach - 2014

Comments

I was invited by Tech Talent South to give a guest lecture to their Spring 2014 class of students learning to become Ruby on Rails developers. These students are all adults looking to make a change in their career and are really bright and motivated individuals looking to better themselves with learning to code. In my view this is perfect because being a developer is the most trusted job position one can possibly hold in most organizations. We are routinely called upon to build the machine that runs the company and that other trusted employees will be dependent upon to do their job.

Tech Talent South (@techtalentsouth on Twitter) graciously gave me permission to film the class so that I can bring the video and notes to you here today.

Humana Data Breach in Atlanta for an Unencrypted USB Disk

Comments

Just this week, Security Professionals Magazine is reporting a data breach of three thousand unencrypted medical records, names, and social security numbers. For want of choosing “Encrypt this Drive”, Humana and one of it’s associates have put thousands of customers at risk of economic harm.

Avoid Thrashing to Release Your Project on Time and Budget

Comments

As my team and I work towards a major deadline this week, I am reminded at how easily last minute thrashing sneaks into a project that has many stakeholders involved. This is a challenge that a properly run Agile project should be able to minimize, but it seems to always be there.