Encfs

Security is a thing at my new job. We follow PCI security standards. We take great care never to have our customers sensitive information on unsecured machines. We make efforts to stay aware of the security risks in our environments.

With that in mind, i decide that storing all my work related files on my laptops in clear text was suboptimal. I have thought this same thing at pretty much every job, but i have never done anything about it before.

After a bit of research i settled on EncFS as the best mechanism to encrypt my work related data. It is an encrypted file system. Unlike most of the other encrypted file systems for Linux, EncFS does not require reserving large amounts of disk space up front. EncFS effectively lets you make a directory on an existing file system in which all the files will be encrypted. It is very easy to setup and use.

In addition to normal sorts of files, all my test and development databases need to be encrypted, also. These databases don’t contain any customer data they do contain some information that my employer would prefer not be public knowledge. When the database server starts it cannot access the database files until i provide the encryption password. Fortunately, PostgreSQL is totally bad ass. It will happily start up even if it is unable to access some of the configured table spaces.1 As soon as the encrypted file system is mounted, the databases that reside in the encrypted directory instantly become available. The encryption layer does not even effect performance noticeably.2

One thing i did think is a little weak is that encrypted file systems don’t get unmounted when the computer is put to sleep. No worries. A tiny script in /etc/pm/sleep.d to unmount the file system is all it takes to rectify that situation.

Now if someone steals my laptop the only thing they will be able to access are my family photos. That is a pretty nice feeling. Even better, it turned out to be very easy.


  1. To allow the postgres user to access the encrypted file system you do need to mount it with the --public option.

  2. This is light duty, single user, performance we are talking about. I wouldn’t suggest this setup for a heavy load production environment, but in development it no sweat.

First day at ID Watchdog

Today is my first on the job at ID Watchdog.

After the normal pleasantries of getting a desk, etc, i had the pleasure of over hearing a conversation of some ops people in the kitchen. Apparently, a not so nice person provided the police with the identity of one of our clients rather than his own. A fact which the ID Watchdog system detected. Now the ops team is working with law enforcement and the Judaical system to cleared up the confusion. A standard part of the service we provide, apparently.

I am psyched to be working at a place that helps people in such concrete ways.

Will code for food

I am on the job market again.

If you needs some help exposing your applications functionality via REST web APIs, we should talk. If you need some assistance developing, deploying and managing a Ruby application, I have the skills you need. If you need someone that can learn your code base and your business processes, I can do that. If you need someone to drive improvements to you software development process, I won’t disappoint you.

My resume has more details on my skills and accomplishments. Feel free to pass it around to anyone you think might be interested.

Will code for …

I am no longer with Gnip. Which means that am available for other opportunities.

I know a fair bit about REST, HTTP, web services, extensible system design and scalable architecture. I like agile (small a) processes, Behavior (or test) driven development and dynamic languages. I am also pretty good at designing data interchange formats in JSON and XML. I dislike poorly factored, inelegant code. I do have a tendency to over-engineer things, but I am working on that.

If the above sounds interesting we should talk. My resume is here.

My (Soon to Be) New Gig

I recently started feeling a bit like Joey deVilla did before he changed jobs. I was way too comfortable and needed some real challenges to drive my career and personal development forward. That combined with my long standing1 envy of those lucky people involved in startups lead me to explore the startup scene in Boulder2. Now that exploration has paid off.

I have accepted a position on the technical staff of Gnip. I will be joining Eric Marcoullier and Jud Valeski in their efforts to create a compelling bit of web infrastructure. (I will be more forth coming in near future, I promise.) I can’t wait to tackle the challenges this opportunity is going to present.


  1. And I do mean long standing. Pretty much since my first programming gig at an established firm, in the midst of the dot com bubble, 10 years ago.

  2. There are more startups than you can shake a stick at in Boulder these days. In the Denver metro area this is where the action is.