Tuesday, December 8, 2009

Random system utilities I like to use for Windows

Here's just a few of the random utilities I like to use for maintaining and working with my computers:

  • Synergy - great for sharing keyboard/mouse and controlling one computer with another. This is great, for example, when you have 2 laptops (or desktops) and you want to be able to work both of them with a single computer.
  • JkDefrag - very simplistic but effective disk defragmenter
  • PING - Gnu drive imaging software. Seems good for creating a restoreable image of a drive, although I've had some issues restoring it to a slightly different drive configuration (for example backing up /dev/sda then restoring to another computer /dev/hda). Linux based.
  • DriveImage XML - Window (free) drive imager. Recommended by a friend.
  • Screen Hunter - a simple (free) screen capture utility. I actually prefer the older version (4.x) instead of the new 5.x version. (Wisdom Soft)
  • SysInternals - great set of windows utilities for looking at what is going on in a PC
    • Process Explorer - good replacement for task manager that displays a lot more information about the running processes. Shows I/O speed as well.
    • File Monitor - great utility for monitoring file and registry access, very useful for determining why things are failing at times.
  • NetMeter - simple bar graph of network bandwidth upload/download that you are using.
  • PuTTY - great SSH/Telnet client with good key handling capabilities. PuTTY Agent is great for caching passwords and keys for login and tunneling.
  • XMing - easy to install PC X Window server
  • TrueCrypt - encryption utility for creating encrypted drives. Can either be file-based or device-based.
  • KeyPass - great password database. Available for blackberry as well.
  • 7Zip - free and generally good ZIP utility that handles most things.
  • Trillian (Pro) - instant messaging for almost everything. AIM, Yahoo, etc. The Pro version has a Jabber client that works with Google Talk and others.
  • Windows Powershell - a much better shell program than "CMD." Allows good shell programming as well as direct interface to C# code.
  • Console (sourceforge) - a more flexible "shell" window that can start up either CMD or a Cygwin BASH shell (among others)
  • Cygwin - unix utilities for PC. Pretty versatile and makes most unix things work.
  • TortoiseSVN - a development tool, actually. Excellent Subversion client.
  • CutePDF - a free PDF print driver that allows you to print to PDF.
  • VMWare Player - allow you to play pre-constructed virtual machines on your computer
  • VMWare Converter - allow you to create a virtualized image of a running computer
  • VirtualBox - slightly less "full featured" than VMware player, but Free and has versions that run on lots of different platforms. This has been my preferred VM platform on my laptop for quite a while. 
  • GPG (Gnu Privacy Guard) - free PGP-compatible encryption and certificate routines
  • PS Pad - free text editor that is good at editing most stuff.
  • OTHER - Text Pad - another popular (free) editor that people use 
  • OTHER - jEdit - yet another popular programmers editor (haven't used it). Recommended because it can do SFTP (ssh) file save/load. (Pure Java, so it works on Unix too). DOG SLOW to start up.
  • WinDirStat - good utility for showing disk space usage in graphical and textual form. Figure out what files and directories are taking up all your space.


I'm sure there are others. I'll continue trying to edit and add them over time.

Friday, December 4, 2009

Why can't I standby with a full drive encrypted laptop?

I've got a Dell Latitude e6400. It's got one of those nifty FDE (full drive encryption) hard disks that automatically encrypts everything on it. Every time I power up, I have to enter a username/password to unlock the drive before the computer can read or write anything too it.

The problem is that it seems to have forced me to disable 'standby' mode and always use 'hibernate' mode with Windows. I'm told that this is because the BIOS is only invoked for the FDE password on powerup mode for hibernate or cold boot, not for standby. I know for a fact that my old Dell D620 laptop used a hard drive password and always asked me for it before I resumed from standby, so I'm skeptical as to why the FDE drive requires it.

We use wave.com trusted drive software embedded in the BIOS of the e6400. According to this link:

http://www.wave.com/news/press_archive/08/081110_Seagate.asp

they DO actually support secure Windows Standby mode, but who knows what that actually means or whether it relates to the platforms that we are using. It does mention some comments about 'vulnerability of FDE and exposing encryption keys.' Based on that, I suspect there are issues related to encryption keys staying in memory during standby mode that could theoretically be stolen.

My biggest complaint is always 'security for the sake of security' without really understanding what the threats and/or risks are. Basically: do you know who you are protecting against? FDE and even hard drive passwords protect against removing a drive from one computer and using another computer to read it the data. Assuming standby mode works properly, you should still be able to protect the drive in low-power mode simply by ensuring that the computer comes up locked and requiring a user password when it awakens. I admit the possibility that there are some sophisticated software attacks that can be used against the live machine (assuming it is stolen while in standby mode), but I haven't searched for any. I imagine it's a fairly sophisticated attack and will NOT include the casual thief who steals your laptop and sells the drive ebay to Joe Dumass.

Questions to answer:
  • What are the threats against FDE and standby mode?
  • What are the threats against standby mode, in general?

Replicating/importing one subversion repository to another

I recently had need of replicating one directory in a subversion repository into a different repository. I wanted to import the entire change history of a small Java application I had built into another repository to give access to others. I found a neat little utility that did it:

  • svn2svn - http://code.google.com/p/svn2svn/wiki/intro
It's a python script that checks out each element of the change history of one URL and checks it back into a second URL. It worked simply and quite well.

Other options include using SVK and "Tailor" (http://progetti.arstecnica.it/tailor/)

Thursday, December 3, 2009

Checkout SVN project with subclipse

To beging working on an Eclipse project that is stored in Subversion, do the following:

  • File > New > Project ...
  • Checkout from SVN
  • Choose "Select/Create Location"
  • Enter URL of repository/directory, "Next >"
  • Use tree display to pick project directory where ".settings" root of the source tree exists, "Next >"
  • Enter project information (Project name, workspace location, allow local obstructions)
  • "Finish" to allow it to check everything out.
That's it. Easy as pie.

Friday, November 20, 2009

Ugly comments = ugly code

I like the blog entry that Will Kruse found:

http://www.itworld.com/development/84780/if-comments-are-ugly-code-ugly

I associate it with "code hygiene." It basically explains that programming is "detail oriented" and if a programmer isn't willing to take the time to make the comments correct (everything from semantics to syntax to spelling), then chances are they aren't taking the care necessary to make the code correct, either. Lots of evidence of "TODO" items or "Does this work?" comments are an exact indication of code health.

I find this true in the code I write. And it doesn't necessarily equate to the volume of comments. When I really dedicate care to what I'm developing, the quality of the comments tend to reflect the same level of the code quality. (I also tend to be a very pedantic, verbose commenter.) On the other hand, when I slam stuff together, I (being the pedantic verbose type) tend to write long winded comments explaining logic with questions and hints at potential bugs. "Well ... I think this is going to work" and "TODO: finish this," etc.

Interesting food for thought.

Thursday, October 29, 2009

Using CollabNet desktop explorers with Team Forge

There are a couple Windows desktop plugins that I've used for working with documents, artifacts, and tasks in Team Forge.

  • SourceForge Explorer - Windows .NET application that interacts with CollabNet Source Forge online web application to work with documents, artifacts, and tasks.
  • TeamForge Explorer - same .NET application as Source Forge explore but updated for new Team Forge naming and feature set.
  • CollabNet Desktop Windows Edition - a different (also .NET) implementation that seems to share code implementation with the Eclipse edition of the same tool.
  • CollabNet Desktop Eclipse Edition - plugin for Eclipse for working with code, tasks, artifacts, and Documents.
This can be downloaded from CollabNet:

http://desktop-vs.open.collab.net/servlets/ProjectProcess?pageID=3794
(goes to here: http://www.open.collab.net/servlets/OCNDirector?id=CICDWE1.2)

The latest Desktop Windows Edition seems to be pretty damn good. Best feature: you can edit a document IN PLACE. Click to edit, opens directly into Word, then when you save, it goes directly back to CollabNet. It even asks for a version comment.

Friday, October 2, 2009

HOWTO Ubuntu network configuration in VMware

I've run a couple Ubuntu images on my machine lately and keep forgetting how/where to re-initialize the network settings. The easy answer is:

/etc/network/interfaces

Then rerun the network startup script:

/etc/init.d/networking restart

Bingo. It should reset the networking stuff.

To make this work properly in the VMware image, you need to make sure that "Devices > Network Adapter > Connect has been selected. I typically use "NAT" mode which results in outgoing connections from the VM, incoming traffic from the host OS, but the VM is not reachable by other machines on the network. "Bridged" will allow reachability from the network, but probably requires that you can get multiple DHCP addresses from the same MAC.

Monday, September 28, 2009

First adventure in dirt biking

I get to scratch another item off my personal bucket list. I've always wanted to learn to ride a dirt bike. Last weekend a friend took me dirt biking (think 'motorcycles in the woods') out in George Washington National Forest in western Virginia near Edinsburg, VA. It was a great time. The particular set of trails was called Peters Mills Run and (maybe?) Taskers Gap. More information here: http://atvconnection.com/Resources/ATV_Trail_Guide/Mid-Atlantic-ATV-Trails.cfm

We spent a bunch of time on hard pack clay trails infused with rocks (typical VA terrain). Some of the hills were pure jumbled bunches of rocks (think baseball and soccer ball sized gravel). Some was more of a "loumey" terrain with sand/dirt mix. It had rained a lot, so there were lots of puddles and a lot of general slipperyness. I found my weak points were located in sharp turns with berms that you were supposed to use as banking for turning. I could never get it right and would wash out the front wheel and take a tumble. It even resulted in one very nice over-the-bars tumble when I washed out the front, hit the berm, and went flying.

I have to say -- it was a blast. We only went about 28 miles, but it was fun and very tiring. I road raced motorcycles briefly about 10 years ago, but hadn't been on a bike since then. This was waaay different, but very enjoyable in a completely different way. I have to admit to being a bit bashed and bruised, but generally fairly well off. The friends I went with said I did quite well for the first time out. I attribute that to a combination of previous motorcycle experience, mountain biking experience, and jet ski racing experience. It still resulted in a half dozen spectacular wipeouts, albeit at slows speeds (10-15 mph). Thankfully, the body armor works fairly well. (Note to self: make sure elbox pads are tight enough to not slide up your arm when you hit the ground, leaving big road-rash skids up your forearm.)

I was riding a 4-stroke 450cc bike that worked pretty well for me. (might have been a hond CR 450?) It was nice that it was very torquey and could easily grunt it's way out of low RPM pulls. This reduced my need to shift, which was quite helpful given the fact that I hadn't ridden a bike in 10 years and the clutch/shift/brake/turn/throttle thing was much less natural than I remember it. The clutch was cable driven and VERY stiff for my weak wrist.

On the day after, my forearm is very sore and rashed from my first fall. Otherwise, I've got a small bump on the knee and my quads are getting more sore by the moment. Overall: not to bad for my first experience.

Some notes to myself for pointers:
  • Riding standing up is the way to go. It allows the bike to move around under you and react to bumps much better
  • When standing (or sitting), keep the pegs in the arch of your foot, not balls. Not sure why, but it works. Definately keeps your calves from tiring, as well.
  • Motocross boots are heavy and have NO feel to them. (Shifter or brake) You learn to get more of a feel of whether the brake is working from the way the bike reacts.
  • NEVER react by grabbing the front brake. There's not enough traction usually, so it will most likely just wash out the front wheel. Learn to use the back brake.
  • When in doubt, give the bike blips of throttle. It behaves much better when it has a little momentum.
  • Dirt bike leaning/balance is the opposite of road bike. With a dirt bike, you lean the bike over, but stay upright on top of it. Use the back wheel to brake/throttle slide and get it pointed right, then accelerate. (Road bike you slide down inside the bike, keeping it leaning up to get more ground clearance.)
  • Most of the time, you want to keep your weight forward to avoid wheelying. Expecially going up hills.
  • The suspension's ability to go over huge rocks and bumps is amazing. Use it.
  • When sitting, get forward in the V of the saddle so you are near the center of balance. Tendency is to sit back, which means "wheelie."
  • Don't even think about going out without the right gear unless you plan on doing nothing but roads. And frankly, that might not even be wise. More armor is better when you are learning. (heavy boots, knee guards, elbow guards, chest protector, gloves)
  • It is waaay more tiring than I expected. That might have been a result of the hill climbs and rock scrambles we were doing which requires quite a bit of concentration and bouncing around.
  • Camelback is good. Drink a lot.
And finally, remember: you suck. Be humble. The mountain bites back.

Friday, September 25, 2009

Subclipse handles file renaming (refactoring) of Java classes properly

I started playing with CollabNet desktop and particularly Subclipse within Eclipse. Some things I liked.

Refactoring

Subclipse DOES handle refactoring of classes. That is, if you rename a class, it will create subversion events to delete the old class and add the new class. For example, renaming A.java to B.java shows a "Add B.java with copy-from path of A.java." This means that it preserves the version history over time.

To refactor without the subclipse plugin, I had to do the following:
  • Use "Rename" to rename the class. This fixes all the code and simply renames the existing file as the new file. (OldClass --> NewClass)
  • Do a SVN "Update" to get the old file back in the directory (OldClass.java)
  • Delete that OldClass.java file and rename the NewClass.java back to OldClass.java. SVN should show you that the file has been locally modified.
  • Do a SVN Rename to rename OldClass.java back to NewClass.java.
  • SVN "Check for Modifications" (status) should show you a "delete" of OldClass.java and a "add" of NewClass.java with a copy-from path of OldClass.java
Definately a hassle. It's nice that Subclipse makes it all work properly.

I also noticed that Subclipse and Tortoise SVN seem to "play nice" with checked out versions of code. That is, you can alternate back and forth between using Subclipse and Tortoise to operate on files.

Thursday, September 24, 2009

Great stick figure explanation of AES encryption

I really enjoyed this. It gives a great "poor man's" introduction to how encryption like AES works, how it is fast, yet how it is backed up by some really mind-blowing math.

http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Tuesday, September 22, 2009

HOWTO Include Subversion version identifiers in your Java source code with Eclipse

It's often useful to include version markers in your source code files, especially when it's possible they will be distributed outside the bounds of a version control system. In my case, I'm using Subversion and Eclipse to write code.

Subversion provides keyword substitution for special keywords that are managed by Subversion during checkin an checkout. (See: http://svnbook.red-bean.com/en/1.5/svn.advanced.props.special.keywords.html). These include Date, HeadURL, Revision, Author, and Id (a combination of the others). You can embed these in your text files and SVN will automatically replace them with appropriate values each time. To enable this, you need to do the following:

svn propset svn:keywords "Id HeadURL Revision Author Date" foo.java

Then, you embed a keyword like "$Id" in your file and next time SVN updates your file, it will replace the $Id string with something like $Id: foo.java 148 2006-07-28 21:30:43Z sally $.

To make this easier, you might want to change the [auto-props] section of your config file to automatically set this property any time you create a new java file:

*.java: svn:keywords="
Id HeadURL Revision Author Date";svn:eol-style:native

Typically, this is embedded in a comment block. To make this easy, you can include it in your Eclipse file templates so things get pre-populated when you generate new files.

For general purpose insertion in all your Java source files, use Window > Preferences > Java > Code Style > Templates, then edit the "Files" entry and add the following to the template:

/*
*
* $$Id$$
*/

That will automatically insert the "$Id$" tag into any new source file you create.

Another reference:
http://wiki.collectionspace.org/display/collectionspace/Java+Source+Files+-+Beginning+Comments+Block+Template

For more advanced usage, you can embed a string in a variable that gets compiled into the object code and can be used to identify versions of binaries.

For Java, insert a piece of code that looks like this:

// version identifier automatically filled by svn:keywords "Id"
public static final String __class_id = "$Id$";

This will expand when the files are checked in to be representative of the version of code that was committed.

This can automatically be inserted in new classes with code templates, again. Window > Preferences > Java > Code Style > Templates > Code > Class body. (Make sure you use $$ for the dollar signs when you create the template.)

Pitfall: Make sure you have cleanly committed/updated files when you do this. Don't make the mistake of building your modified code that is checked out, then distributing it. Once you commit this code, the version number will bump up and potentially be different.


HOWTO specify default JVM arguments when using Java JAR manifest

A couple of times I've wanted to be able to specify a set of "default" JVM and program properties using the manifest file of a JAR file so that I could invoke it easily with "java -jar MyProgram." In my case, I wanted to set the JVM system property "https.proxyHost" so that all my web traffic would go through a local proxy.

Unfortunately, there doesn't appear to be a way to specify program arguments in a Java JAR manifest file.

To get around it, the solution is to use properties. I found a useful post here (http://www.velocityreviews.com/forums/t129370-vm-arguments-in-manifest.html) that suggests doing something like this:

static {
System.setProperty("https.proxyHost", proxyHost)
}

This solution actually worked quite well. I ended up writing a "JVMProxyHelper.setProxy(host,port)" routine that I simply invoked from the main() of the program I was running. If I get really fancy, I'll go back and make it read the property out of a file and register it that way, but this works for my quick need.

HOWTO Create Ant build.xml file from Eclipse Java project

I searched around and couldn't find an easy answer for this, but accidentally found it in Eclipse while doing something else. Basically, I created a simple Java program in Eclipse. I wanted to be able to build the program from the command line with ant, but didn't want to hand create the build.xml file when I knew that Eclipse should be able to generate a basic one for me. I kept looking in the "Project" menu and "New" menu for a way to do it.

Answer: It's in the "Export" menu. If you do Export > General > Ant build file, everything works fine.

Beware: it automatically over-writes any build.xml file that may exist with no warning. Don't make modifications unless you figure out a way to preserve them when things change.

Similar task: if you want to produce a runnable JAR file from your project, you can use Export > Java > Runnable Jar to do so. This can also create a custom Ant build file that automatically packs all the Jar stuff you need. NOTE that one of the things this does is re-pack any dependent Jar files you have into one big jar so you can run it with "java -jar."

If you have additional rules in the file that you would like to include in the generated build.xml, you can make Eclipse automatically import these files.

In the same directory, create "build-custom.xml" with the following lines:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?eclipse.ant.import?>
<project default="all" name="Create runnable JARs for everything">
<target name="all" depends="build">
... more stuff ...
</target>
</project>

Then export the build.xml file from Eclipse. It will now include a line
<import file="build-custom.xml">
near the beginning. All rules you define in your custom XML file will appear
as part of the build.xml file. You could now execute "ant all" to invoke your "all" rule from the main command line.

NOTE: I think your filename must start with the word "build....xml" in order for Eclipse to find it.

Monday, September 21, 2009

Using Alfresco 3.2 "Share" capabilities

I recently install Alfresco 3.2 Community on a VMware image on my machine to play with it. For information on how I did that, see my other post.

I had some questions about how, exactly, I might use the 'share' capabilities. These basically emulate a lot of the capabilities that Microsoft Sharepoint provides. I believe, in fact, that Alfresco actually presents a Sharepoint protocol interface that can be used by other sharepoint clients.

Questions:


Questions:

  • Q: How do I get to WebDAV path of files in Document library?
  • A: http://192.168.177.131:8080/alfresco/webdav/Sites/firstsite which is the same technique used for all other Alfresco WebDAV access.
  • Is there a way to directly edit document library files
  • Is there a way to share files between “Share” and “Alfresco” hierarchy?
  • o A: “Alfresco” main site sees the content of the “sites” hierarchy as files data, but I don't think the "Share" sites have a good view of the containing Alfresco instance
  • o Operations on the items seems to be limited. I don't seem to be able to create "rules" on documents within a "site" document library, but I'm not sure I ever was.
  • o Can Embed a “widget” or treat as a “site” ?
  • o Tried with a “web view” applet, but that requires you to login and doesn’t really connect to much.

  • - How would we create a main company site, then show highlights of other sites for projects
  • - How do we create template share sites to create new projects?
  • - Is there a quick way to “monitor” for changes in a site? (e.g. email)

  • Q: Is there a way to create an “intro page” for a site?
  • o A: yes. “Customize Dashboard” to move around widgets.

Setting up Alfresco 3.2 Community in a Linux VM

I've used Alfresco a bunch in the past at work to maintain documents. We're thinking of upgrading from the (very) old 2.2 release to the (much) newer 3.2 release. This is what I did to get started.

I set this up in a VMware image of a Ubuntu Workstation 9.04 (512 MB RAM, 25GB disk). For information on this, see my other blog post.

To get started with Alfresco, I did the following:
- Download Sun jdk 1.6 se, install, move to /usr/local/java
- Sudo apt-get install mysql-server
** Ask for a new root PW. Set one.
- Download alfresco 3.2 community from http://www.alfresco.org
- Sudo ./Alfresco-....-install
o Chose /opt/alfresco as installation location
o Asks for root pw of mysql;
o Creates ‘alfresco’ database in mysql
o Ask for where Open Office is installed. I fed it /usr/lib/openoffice after locating it on my disk.
o Start Alfresco
- . cd /opt/alfresco
- . ./alf_start.sh
- (wait)
- http://localhost:8080/alfresco

This produces and “up and running” version of alfresco. (NOTE: The NAT interface between my host OS and guest Linux OS is 192.168.177.x. Host is .1 and guest is .177, hence the interfaces below.)
- http://192.168.177.131:8080/alfresco allows access from my external machine
- Shows "guest" account view by default
- Login: admin (default PW)
- Created user for rmills
- Tested login and upload of a document.

Alternate Interface: Alfresco Share
  • http://192.168.177.131:8080/share
  • Login: rmills or admin
  • Create a site (Collaboration Site)
  • Name: FirstSite
  • URL: firstsite
  • Public


Friday, September 18, 2009

Setting up an easy VMware Linux machine

I spent a few minutes playing around with VMware to get a linux virtual machine set up on my PC. It was actually fairly easy:

  • Download and install latest VMware Player from www.vmware.com (reboot)
  • Download a Ubuntu 9.04 Desktop virtual machine from the "Appliance > Operating Systems" section of the VM Ware site
  • Unpack the VM image
  • Double click on the virtual machine and VMware player starts up.
Magic. Easy.

Now I have a VM running linux on my machine that I can play with. It seems to be auto configured with NAT networking, so I can use SMB to access shared drives on my host PC to transfer files back and forth. It can also reach the internet with a web browser, etc.

Wednesday, August 5, 2009

Basics of using GPG for signing, encrypting, exchanging, etc.

I recently had need to interchange some information that needed to be signed and encrypted. My colleague was using GPG, so I had to get it set up.

GPG is a good, free, secure package with a very basic command line interface for working with keys, encrypting, and decrypting things. It is basically an open source version of PGP (kind of a defacto standard for cryptography packages).

The basic steps for using it are shown below.

Install GPG

Install GPG by downloading (the Windows version, in my case) the command line interface. (ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe for me). I plopped mine in C:/apps/GnuPG.

Create a Key

Create a key: 'gpg --gen-key.' It asks a bunch of questions and I ended up with a "DSA and Elgamal" key of 2048 bits, non-expiring, with a UID of "Richard Mills (GPG Key) ."

Export a copy of the key that you can share: 'gpg --export -a > gpgkey.pub.export.txt'

This has an ascii format similar to

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (MingW32)

mQGiBEp5hgoRBADnOunnwGSicNhPXwZfrO+KY5KqM9eEYBzs8xsF6XnKbuHwmewb
rJuPrUkQntwYKCVYJxNiITe+U/i4ovHcdX5bMl6u57N34uUZ2EQPxuSVPodZsOEt
....
eYYKAhsMAAoJEJh6yxSN8tuIgWQAoLuI04SOOxJ6hjGFTsE5wqNBlqkJAKC4A2qC
uC2gEiXUd7Xu0Alquau49w==
=DYre
-----END PGP PUBLIC KEY BLOCK-----

Encrypt Something

To encrypt something, you need the public key of the "Recipient" who you want to be able to decrypt the file. For the simple case, you can encrypt something for yourself that you can decrypt later. It will ask a few questions along the way that you need to answer.

$ gpg --encrypt foo.txt
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID. End with an empty line: rmills

Current recipients:
2048g/83F23E72 2009-08-05 "Richard Mills (GPG Key) "

Enter the user ID. End with an empty line:

This will result in a file 'foo.txt.gpg' that is the encrypted version of your file. Note that the "Recipient" means the person to whom you want to send the file (could be yourself). You must have this person's public key in your key ring to encrypt it. The only person who will be able to decrypt it will be the person with the matching private key.

Decrypt Something

Decrypt the file (assuming you were the recipient):

$ gpg --decrypt foo.txt.gpg > foo.txt.new

You need a passphrase to unlock the secret key for
user: "Richard Mills (GPG Key) "
2048-bit ELG-E key, ID 83F23E72, created 2009-08-05 (main key ID 8DF2DB88)

gpg: encrypted with 2048-bit ELG-E key, ID 83F23E72, created 2009-08-05
"Richard Mills (GPG Key) "

NOTE that you need to type in the passphrase for the private key in order for the file to be decrypted.

Sign Something

Signing something is useful to ensure the integrity of it during transport. Signing involves applying your private key to something such that your public key can be used to verify that the data has not been modified. In many cases you may want to 'clear text sign' the piece of data such that it is still legible without having to be decrypted.

gpg -s foo.txt

This will create 'foo.txt.gpg' which is a new binary (obscured) version of your data. It will need to be decrypted with 'gpg -d' before it can be read. Alternately, you can use "cleartext" signing that encodes everything in ASCII such that it is readable without actually decrypting it.

gpg --clearsign foo.txt

This produces a file 'foo.txt.asc' which is readable and looks something like this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkp5tk4ACgkQmHrLFI3y24iu8QCePQ/ic5S71V9BkPtUB6OiT1cx
JeQAnRcvjZiaMnTEQJ8KgdZ8DKpFbzSN
=kXkG
-----END PGP SIGNATURE-----

This file can be transported through normal ASCII transport mechanisms (e.g., email). It can be verified (see below) in the same was as if it was obscurred.

Verify Signature and Retrieve Something

Verifying a signature is important to ensure that a piece of data has not been modified since it was signed. To do this, use 'gpg --verify file.signed.' GPG will use your local public key ring to verify any/all people who's keys were used to sign the piece of data. Note that in some cases, multiple people may have signed the data along it's route to you. To properly trust the data, you need to actually trust ALL the people back to the origin.

To actually GET the data that has been signed, you need to decrypt it.

$ gpg -d foo.txt.gpg > foo.verifysig.txt
gpg: Signature made 08/05/09 12:43:05 using DSA key ID 8DF2DB88
gpg: Good signature from "Richard Mills (GPG Key) "

The file "foo.verifysig.txt" will now contain the data you actually want.

Exchange Public Keys with Someone

Generally, you want to be able to pass your public key around to your colleagues such that they can use it to verify signed messages from you as well as encrypt data that can be sent to you. It is important that public keys are maintained intact such that someone cannot masquerade as someone else. More on that below.

The easiest way to exchange keys is to simply email them. Alternately, you can publish them on your web page, or really put them anywhere that people can find them. Use 'gpg --export -a' to generate a ASCII format key (as shown above), then email it to your buddy. He should do the same for you.

Once you get a key, you need to import it into your keyring.

Typing 'gpg --list-keys' will show you all the keys you have in your public key ring (including yours). Also, 'gpg --fingerprint' will show you the finger prints of those keys such that you can verify they match what you expect (e.g., if the other person sent you a finger print to verify it).

Proper Handling of Keys

Generally, you can send your public key to whomever you want (hence the name "public"), but it is critically important to protect your private key and the matching passphrase. If someone were to steal your private key and the passphrase, they would be able to decrypt anything intended for your eyes only was well as masquerade as you when signing messages.

Although you can send public keys to anyone, it is useful for them to ensure that the public key remains intact so they can verify your signature and also encrypt data to send to you. This means the onus comes on the recipient to protect any public keys that are received. This can be done by comparing fingerprints of keys with the keys themselves. Fingerprints are sufficiently small such that you can easily compare them even by reading them over the phone to each other. Once you are confident that a public key is authentic, you can sign it using gpg and assign it a particular value of trust. I'll save that discussion for another day.

Monday, July 27, 2009

Using Dell E6400 built in WebCam

Apparently, this stupid E6400 latitude laptop doesn't come with a Dell-specific camera application. It's got a built in webcam on the top, but nothing to use it.

I figured out that I could just use Start > Accessories > Scanner and Camera Wizard and it takes simple pictures. You can use the Dell Webcam Central utility at the same time to control zoom, brightness, etc. It's rudimentary, but works well enough, I suppose.

Now what?

Ok, it's almost 2010 and I finally broke down and created a blog. In general, I've never been highly attracted to blogs. I tend to be more of a wiki guy. However, recently I've been trying to find a place to write down a bunch of random things about setting up web pages, computers, and other geeky IT stuff and I'm not sure exactly where to put it or publish it so I can find it later. I thought maybe this would be a decent way of doing that, so I started a blog.

Now we'll see if I ever use it.

Rich