JB

Jump to Post

Have you ever noticed that the secret to all the secrets is that it’s never the easy path?

Jump to Post

However, the main reason was to explain how our actions fit into a larger picture, so that they would seem less random. The point of all this was, and remains, accelerating the advent of sustainable energy, so that we can imagine far into the future and life is still good. That’s what “sustainable” means. It’s not some silly, hippy thing – it matters for everyone.

By definition, we must at some point achieve a sustainable energy economy or we will run out of fossil fuels to burn and civilization will collapse. Given that we must get off fossil fuels anyway and that virtually all scientists agree that dramatically increasing atmospheric and oceanic carbon levels is insane, the faster we achieve sustainability, the better.

Here is what we plan to do to make that day come sooner:

Tesla is the most interesting company in America today.

I’m in the process, a very long process, of switching from Vim to BBEdit as my primary editor. The reasons are long and varied, but boil down to me being tired of screwing around with Vim’s configuration. I do a lot of work in Python now, and I’m using the experience of building and maintaining cloudchain to learn how to navigate BBEdit. Hopefully, someday I’ll be as good here as I was with Vim.

Today I learned that BBEdit ships with support for ctags, best defined by the documentation:

Ctags generates an index (or tag) file of language objects found in source files that allows these items to be quickly and easily located by a text editor or other utility. A tag signifies a language object for which an index entry is available (or, alternatively, the index entry created for that object).

The tag file serves two purposes. First, BBEdit will use the tags to allow you to jump to the point in your project where the selected function was defined. Second, if you copy the tags file to a specific spot, BBEdit will use that file for code autocompletion.

• ⌘- -> Find the definition of the selected function.
• ⌘⎇[ -> Jump back to the point you were at in the previous file (if the function was defined elsewhere).

To generate the tags file, open your project directory in Terminal and run bbedit --maketags. Then copy the resulting tags file to ~/Application Support/BBEdit/Completion Sources/Python/tags. Quit and restart BBEdit and autocompletion and function definition should both work.

Link

He saw Trump as driven not by a pure love of dealmaking but by an insatiable hunger for “money, praise, and celebrity.” Often, after spending the day with Trump, and watching him pile one hugely expensive project atop the next, like a circus performer spinning plates, Schwartz would go home and tell his wife, “He’s a living black hole!”

It’s a shame that the people who need to hear this message the most are the ones least likely to be reading The New Yorker on a regular basis.

Today, the team I’m a part of at TargetSmart is releasing our first open source project, a bit of Python I like to call “cloudchain”. cloudchain is designed to make it easy to store and retrieve secrets using AWS. cloudchain relies on the AWS Identity and Access Management (IAM) Key Management Service (KMS) to securely store and manage access to encryption keys, and stores the encrypted secret in a DynamoDB table.

Part of the reason, if not the biggest reason, we are open sourcing this project is to request feedback from the community. cloudchain itself is only a few lines of glue plugging together a few AWS services, but its the idea itself that I’d like vetted. We are using this in a few projects internally, and so far it’s worked out. However, I know that there are things I haven’t thought of, and ways to improve the process, so I’m hoping others will be able to look at the project with fresh eyes and see things we haven’t.

There are three steps in the process. First, cloudchain retrieves an encryption key from KMS and uses it to encrypt the plain text secret. The boto3 library used returns a dictionary with a “Ciphertext” entry containing the encrypted key. cloudchain then base64 encodes the encrypted key into a string, and saves that string to a DynamoDB table named, by default, “safedb”.

Setup

pip install cloudchain

A new encryption key should be created in KMS. Using the console makes this easy, and sets up permissions to the key using IAM users or Roles. IAM users should be given permission individually, while instances launching in AWS should be identified by a role.

A new DynamoDB table should be created as well. Run this command using the AWS CLI tools:

aws dynamodb create-table \
--table-name safedb \
--attribute-definitions \
AttributeName=Service,AttributeType=S \
AttributeName=Username,AttributeType=S \
--key-schema \
AttributeName=Service,KeyType=HASH \
AttributeName=Username,KeyType=RANGE \
--provisioned-throughput \
ReadCapacityUnits=1,WriteCapacityUnits=1 

This will create the DynamoDB table with two attributes: Service and Username. cloudchain assumes that the combination of a service and a username will require a unique secret. The first time a secret is written to the table the third “Secret” attribute is created.

Configuration

The cloudchain cli, cchain, looks for a configuration file at ~/.cchainrc. This should be a standard Python ConfigParser compatible file with the following format:

[dynamo]
region_name = us-east-1
endpoint_url = https://dynamodb.us-east-1.amazonaws.com
tablename = safedb

[IAMKMS]
keyalias = alias/key

The “keyalias” should be the name of the KMS encryption key created during the setup, prefixed by “alias/”. The “endpoint_url” should point at the closest HTTPS endpoint, or at localhost if using a local development environment.

Import cloudchain as a Module

Both the test.py unit tests and the cchain cli import cloudchain.py. After importing, cloudchain expects four variables to be set:

• region_name
• endpoint_url
• tablename
• keyalias

Reasonable defaults are mentioned in the configuration section above, but the keyalias must be unique.

After importing, cloudchain can be called on to encrypt and decrypt secrets:

To Encrypt:

cloudchain.savecreds(args['service'], args['user'], args['save'])

To Decrypt: cloudchain.readcreds(args['service'], args['user'])

Where:

• service = The service name the username and secret are associated with
• user = The username
• save = The unencrypted secret to encrypt

Command Line Use

The command line script supports five arguments:

  -h, --help            show this help message and exit
  -u USER, --user USER  User name
  -e SERVICE, --service SERVICE
						Service or application
  -s SAVE, --save SAVE  Save password to the safe
  -r, --read            Read password from the safe

• The --save and --read arguments are mutually exclusive, and cannot be used at the same time.
• --save expects the unencrypted secret as an argument, and requires both --user and --service flags.
• --user expects the username as an argument.
• --service expects the service name as an argument.
• --read requires no arguments, and requires both --user and --service flags.

Examples

To save a secret:

./cchain -u testuser --service testservice --save testsecreet

To retrieve a secret:

./cchain -u testuser --service testservice --read

We hope this is useful, and that we can continue to make cloudchain better, easier to use, and more secure as development continues.

Jump to Post

I, of course, am stuck in the past, not willing to give up—or even share—the ownership of my words. Still clinging to a publishing model that may soon be as outdated as print. Erik’s hybrid system is probably the right way to accomodate the new realities while still maintaining control. But I’m not a fan of the new realities. I know the niche I’ve carved out is vanishingly small, but it’s all mine.

I keep this site for many of the same reasons Dr. Drang mentions. It’s all mine, a little piece of the internet that belongs only to me.

This looks fantastic.

Jump to Post

Tiff and Marco go undercover into Starbucks once more, this time to find their favorite cold drinks.

I love listening to these two, a great couple with a great idea.

My ★★★★★ action-thriller novel, CHANGER, is now available as a beautiful, 474-page paperback!

I’ve been following Matt for years, I even used some of his code in Paragraphs. I was interested, if a bit reserved, when he said he was leaving programming to be a writer, but here we have the result of his work.

I ordered an autographed copy. Least I could do for enjoying both his writing and his code for so long.

For the past two months I’ve been working, on and off, with a Rocelco Height Adjustable Standing Desk Riser, a less expensive choice for working at a standing desk than the popular VARIDESK. The Rocelco is a solid alternative for budget conscious workers, but as with most products, the drop in price comes with a set of trade-offs.

Having worked for several months with a VARIDESK, and the past two with the Rocelco, my opinion is that the VARIDESK is simply a better product, and will probably stand up better over the course of several years. The Rocelco does what it advertises, it raises the monitor and keyboard tray up to a reasonable level that feel appropriate to my height. However, the pistons it uses to raise the desk are so strong that you can’t simply pull on the top to raise it and stand away while the desk raises itself. If you do the top shoots up with enough force that when it reaches it’s full height it stops suddenly and shakes.

The first time this happened I was a bit afraid for my monitor. It even managed to shake the desk out of position slightly. If I had a cup of coffee on the desk I’m sure it would have splashed out. The pistons are strong. Once I realized this I remembered from then on to guide the desk to the standing position.

There are no alternative desk heights with the Rocelco, not without engaging the desk locks on each side of the structure. Where the VARIDESK has set points along the path of the raise, the Rocelco has one smooth transition from collapsed to fully expanded, although at any point along the way the locks could, theoretically, be engaged to lock the desk at a specific height, with the mechanics of how the desk raises it would be awkward at best. I’ve not bothered to try.

I’m a bit worried about the long-term prospects of the keyboard tray. The tray seems to be sitting an eighth of an inch lower than it was when I first unpacked the desk, and pulling up on the tray shows that it’s developed a bit of play to it. After two months of on and off use I would expect it to remain solid, I’m not sure what shape it will be in after a year or two. Also, neither the tray nor the desk seem solid enough to support me leaning on it, which, honestly, is a good thing. I shouldn’t be leaning on the desk while working anyway.

Since switching to a sanding desk last year I’ve become accustomed to long periods of standing, and walking around my office to think and work through problems. While I think the Rocelco is a fine starter desk, neither the aesthetics nor the mechanics of it make me happy enough not to start planning it’s replacement. For the next version I’m leaning heavily towards The Wirecutter’s recommendation of the Jarvis Bamboo, but I’m also considering a drafting desk like Dr. Bunsen’s.