Communications Security

This is a copy of a handout I wrote for a talk on PGP to a group of activists at a dinner on January 29th, 2015. The intent was to provide a supplement to the practical, but narrow, walkthrough I’d given for those who wanted to dig deeper into data security in general.

Basic Security Principles

  1. Your security chain is only as strong as its weakest link. Make sure you understand the strengths and weaknesses of each link in your security chain. Take care to maintain the integrity of every link in your security chain. Using encryption will not help you if you composed your message on a compromised machine.

Message Boxes in OpenERP/Odoo

Being able to show a user a message is a pretty basic, important piece of functionality. It took me a while to figure out how to trigger a user-visible message from the server in OpenERP, but I eventually managed it. Given the answers on Stack Overflow, I figured I should share this valuable finding with the rest of the world.

To set the stage, I was writing code to cancel postage on packages at the click of a button in the package tree view. Sometimes the postage cannot be cancelled for one reason or another and the shipping server returns a message explaining why. In that case I wanted to display whatever message the shipping server was returning to the end user.

A Just Cryptocurrency

An Ideological Basis

I like Bitcoin a lot, but I kinda see it as the latest development in our ongoing conversation about what currency should be rather than as the final word in it. One of the problems I see with Bitcoin, aside from the mining centralization problem, is the wealth centralization problem. In particular, capitalism tends toward the accumulation of most of the world’s wealth in the hands of a few.

Monetization v.s. Decentralization

Written in response to /u/robboywonder’s comment on /r/bitcoin expressing a wish for peer-to-peer social media. Reproduced here because it very nicely expresses my feelings on this subject at the moment. Please express your agreement or disagreement in the comments! I’d love to have a real debate over these notions bouncing around in my head.

There have been a lot of attempts at federated social media solutions. I think that approach is played out. As soon as I finish the paid work I’m currently doing, maybe even before then, I plan on beginning work on a true peer-to-peer social network. I’ve been reading and researching the subject for a few months now and feel I’ve just about got a good enough grip on things to take a decent swing at it.

The technology, as it turns out, isn’t all that complicated. Monetizing these endeavors is really the hard part.

TDD in C

I do frontend AngularJS work for a client in Portland. One of the things I really like about their setup is its test-friendliness. They use Grunt to watch the client-side files and run tests and re-compile everything automatically when a change is detected. Everything gets wiped from the “build” directory when the process starts, and a failing test or JSLint warning blocks the whole process. This renders the developer’s copy of the web app inaccessible until the issue is addressed. I’ve found I enjoy this particular workflow as I’m immediately made aware of when I write something that breaks the tests. It keeps me from building on top of broken foundations.

This weekend I decided I wanted to sharpen my C skills by writing a simple CLI utility to convert strings of hexadecimal to memorable phrases and back again. Since my intended use case was encoding and recovering 256-bit private keys, I wanted to take extra care to ensure correctness of output. So I set out with the intention of writing both unit and user acceptance tests using a TDD flow similar to the one I use in my AngularJS work.

OpenERP/Odoo Review

Background

This post is meant to be a helpful reference for developers who are either just beginning OpenERP development or who are considering beginning OpenERP development. It’s also a fairly thorough catalog of my gripes with it. Hopefully this will help save someone somewhere some pain. I start with a summarized list of its pros and cons, followed by a more thorough explanation of each of the cons, and finish up with a list of tips that I personally would have found useful back when I was getting started.

AngularJS at Devsigner 2014

For those of you near Portland interested in seeing me speak in person, I’ll be giving my “HTML Reloaded” presentation at Devsigner this weekend.  Devsigner conference is for “the coders who paint and the designers who send pull requests.” It’s a rather timely endeavor, in my opinion, as I’ve recently noticed increasing crossover between the graphic design and developer worlds. The advent of CSS compilers like Sass and Less, and of frontend frameworks like AngularJS, seem to be both a result and a cause of this. I’m looking forward to seeing what other people have to say about this emerging cross-disciplinary field.

Display an image from stdout [ubuntu]

To send bitcoin from my mobile phone to a plaintext address on my laptop, I like to use QR codes. At first I used websites like qrstuff.com to generate the QR codes, but leaving the command line just to generate and display an image felt like too much of a hassle to me. Then I started using the feh and qrencode utilities in Ubuntu’s package repositories, but that involved creating an image file on my hard drive and then deleting it afterward, which felt messy. So I found a quick and easy way to generate and display a QR code from the command line without creating an intermediate file.