Backup OpenPGP keys on paper

image

Recently I remember I was keeping a backup of my OpenPGP keys on an external hard drive that any day now could just cease to work. After my first attempts with PGP/GPG where I lost my private keys and could no longer revoke them, I wasn’t planning on loosing another one again.

After reading what others did to store their private PGP keys, I figured that the best way to store them was on paper. That’s where paperkey comes along. Paperkey is an OpenPGP key archiver by David Shaw, one of the main GPG developers.

What does paperkey do?

Due to metadata and redundancy, OpenPGP secret keys are significantly larger than just the “secret bits”. In fact, the secret key contains a complete copy of the public key. Since the public key generally doesn’t need to be escrowed (most people have many copies of it on various keyservers, web pages, etc), only extracting the secret parts can be a real advantage.

Paperkey extracts just those secret bytes and prints them. To reconstruct, you re-enter those bytes (whether by hand, OCR, QR code, or the like) and paperkey can use them to transform your existing public key into a secret key.

So to try it out, I installed it via homebrew.

brew install paperkey

Take the secret key in secret-key.gpg and generate a text file my-key-text-file.txt that contains the secret data:

paperkey --secret-key secret-key.gpg --output my-key-text-file.txt

I then printed the resulting text file and stored it somewhere safe.

To reconstruct secret-key.gpg, take the secret key data in my-key-text-file.txt and combine it with public-key.gpg:

paperkey --pubring public-key.gpg --secrets my-key-text-file.txt --output secret-key.gpg

I also stored a digital copy of my secret key on a new USB flash drive.

Bonus: You could also print a QR code of the paperkey output.

brew install qrencode
paperkey --secret-key secret-key.gpg --output-type raw | qrencode -o qr-paperkey.png

By the way, I’m in no way an #expert in PGP/GPG or security in general.

How do you backup your PGP keys?

My talk on JSON Web Tokens at DjangoCon US 2014

I had a great time at DjangoCon US 2014. Lots of first times.

  1. First time at DjangoCon
  2. First time speaking at DjangoCon
  3. First time speaking in front of “large” crowd.
  4. First time visiting the west coast
  5. First time visiting Portland

Special thanks to Blimp for enabling me to do this. Thanks to the DSF’s grant which made the trip financially possible. Thanks Froi and Sasha for coming along, all the support, and making the trip way more fun.

Last but not least thanks to my beautiful fiancée, Ana, for always supporting me and still loving me even though I missed her birthday for the first time because of this trip.

Here’s the video

You can find the slides on Speaker Deck.

We also got a few attendees to help us write down some notes during the event. Check them out.

There also a couple photos I took of the whole trip on Facebook.

Django REST framework Sprint at DjangoCon US 2014

image

This’ll be my first time attending and speaking at DjangoCon US. I’ll be talking about JSON Web Tokens, Django, and Django REST Framework.

I’ve been talking about working on a Sprint for Django REST Framework with Tom Christie on Twitter. Tom pointed out a list of decent candidates to work on if we get some people together. We’ll have a tagged list of obvious bug candidates before the sprint. He’s also planning on helping us out remotely those days.

It seems like a great idea to celebrate the successful Django REST framework 3 campaign on Kickstarter and with the timing of DjangoCon, “kickstart” the development of upcoming versions.

So, I’m recruiting anyone who’d be interested and available in working together. Everyone’s welcome to join in – if you use Django REST framework and would like to become more familiar with its internals while working together with other developers with various levels of expertise. Sprints will be held Friday and Saturday Sep 5-6.

If you’re interested please send me an email so we can start getting organized. If you know someone who might be interested please share this with them.

Update

Issues have been tagged and include a brief description of how to progress the ticket for the sprint.

Getting started with Go

image

I’ve been using Python for a quite a few years as my main go-to language for building web apps, RESTful API’s, utilities, and much more. It’s the driving power for most of our backends at our startup: Blimp, Blimp Boards, and FilePreviews. I have very few bad things I could argue about Python, but I won’t.

I’ve recently felt the need to dig into newer programming languages and technologies. One of the languages I’ve been wanting to try out for a while now is Go. So I did, and here’s why and a couple of resources that helped me out. The first thing I did was read up about Go for a few days.

The Go programming language is an open source project to make programmers more productive.

Go is expressive, concise, clean, and efficient. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel type system enables flexible and modular program construction. Go compiles quickly to machine code yet has the convenience of garbage collection and the power of run-time reflection. It’s a fast, statically typed, compiled language that feels like a dynamically typed, interpreted language.

This perfectly describes Go.

  • It’s pretty easy to understand for new developers, fast and with a good toolset for debugging and performance tuning.
  • Statically typed and compiled you end up with fewer bugs
  • Easy to profile for speed and memory leaks
  • Built-in code formatting
  • Small memory footprint
  • Simple language design
  • Natively multithreaded
  • Built for and actively developed by Google
  • And more…

A Tour of Go

A great resource to get started with Go is A Tour of GoThe interactive tour is divided into three sections: basic concepts, methods and interfaces, and concurrency, that can be compiled and ran right from the browser.

Go by Example

Go by Example is a hands-on introduction to Go using annotated example programs by Mark McGranaghan.

Go Tool

Go is a tool for managing Go source code. Available go commands are:

  • build – compiles packages and dependencies
  • clean – removes object files
  • env – prints Go environment information
  • fix – runs go tool fix on packages
  • fmt – runs gofmt on package sources
  • get – downloads and installs packages and dependencies
  • install – compiles and installs packages and dependencies
  • list – lists packages
  • run – compiles and runs Go program
  • test – tests packages
  • tool – runs specified go tool
  • version – prints Go version
  • vet – runs go tool vet on packages

Godoc

Godoc extracts and generates documentation for Go programs, it parses Go source code and produces documentation as HTML or plain text. After generating your docs you can use GoDoc to host it. You can read more in the Godoc: documenting Go code blog post.

Package Management

With the go get command you can install remote packages directly from version control. One of the things you’ll notice when starting out with Go is that there isn’t a builtin package manager tool like we’d see with package managers like BundlerPip and NPM. There are third party tools for for managing Go packages and their dependencies. The Go project recommends vendoring, taking the 3rd party source code that is referenced in your project and making a copy of that code inside a new folder within the project.

Check out godep, a well-maintained tool for managing vendored dependencies. Some additional resources:

GoUsers

There quite a couple of startups and organizations using Go that blog about or open source packages and tools. A couple of my favorites are:

Useful resources

Discovering projects and packages

Package discovery has been a pain for me. Since there’s no main index, packages can be hosted many different places. You’ll quickly notice that you won’t really need that many external packages, but when you do you’ll be searching around.

  • Awesome GoA curated list of awesome Go frameworks, libraries and software
  • Projects – A list of Go projects
  • Go Search – A search engine specifically designed for Go
  • Go Walker – Displays API documentation for Go projects
  • Sourcegraph – Shows you real examples of how functions and classes are used by other open-source projects.

I’m still learning the best way I know. I’ve already started a new project that I’ll be launching in a few weeks, developed a few packages in the way that I’ll be open sourcing soon.

What resources have you found useful while working with Go? Please share them in the comments below.

Update

Mentioned resources by others.

Getting started with Ember.js

image

I played around with Ember.js on and off last year and after building some quick demos I decided to invest some real time in building real web apps with it. I have been keeping track of some useful tips and resources for people starting out with Ember.js.

Ember.js Guides

The official Ember.js Guides and Tutorials walks you through the very basic concepts for someone starting out, and slowly getting into more “advanced” concepts and features. Those guides are truly written in a simple to understand tone only using technical jargon where necessary. I definitely suggest going over these guides before starting out with Ember. I’ve kept them handy since they are also useful for future reference.

The guides also have a very useful section, Cookbook. It provides answers and solutions to common Ember questions and problems.

Ember.js API

The Ember.js API is usually my second go-to website. It’s very useful to learn about the different available classes that make up Ember. It contains usage examples for methods, properties, and events. They also link directly to where they are defined, if you are into checking out the source code.

Ember CLI

Ember CLI is an Ember.js command line utility. It provides an ideal project structure based on Ember App Kit. For building anything more than a simple demo using Ember CLI makes a lot of sense and makes building with Ember way easier.

Useful content

Learning by doing

I’ve always found that the best way to get started with new technology is to pick a project and just work on it.

Learning from others

Learning from other people’s work is also very helpful. There are many people that are really active on the Ember.js community either because they are part of the core team or just love the framework and contribute back to other open source projects. When in doubt check out some of these influential organization’s/individual’s open source projects.

Getting Help

The Ember community uses StackOverflow to track questions. So its a good rule of thumb to search on SO before asking around. You can also join the Ember.js Discussion Forum which is usually a good place to discuss features and best practices.

The IRC channel #emberjs on Freenode is usually very active and is a good place to find people that might help you out. Apart from being polite, it’s usually a good idea to have code that you can show, so others can reproduce your problem. Don’t copy code on IRC, instead use something like JS Bin.

Let me know if you have any other useful tips, resources, etc…