Keybase.io: PGP For Beginners, With Invites

PGP for Beginners: A Simple Web Interface to PGP

Keybase.io is quite simple, basically a web interface and command line client that makes PGP more user-friendly. At the same time, it makes it easy to get someones public key, and know it’s the correct key.

Keybase.io allows you to encrypt, decrypt, sign, and verify messages to other keybase.io users. The Keybase.io homepage has an excellent description on the inner workings and how to make use of the command line client.

keybase-tyler

You can find me on Keybase.io at https://keybase.io/tlongren/.

I like how the purpose of the Keybase.io website, as opposed to the command line client, is described:

Keybase.io is also a Keybase client, however certain crypto actions (signing and decrypting) are limited to users who store client-encrypted copies of their private keys on the server, an optional feature we didn’t mention above.

On the website, all crypto is performed in JavaScript, in your browser. Some people have strong feelings about this, for good reason.

Keybase.io has it’s issues, though. Liz Denys makes very good points in her Refusing To Verify Myself post.

And back in March 2014, Evan Johnson discovered very serious vulnerability in Keybase.io. You can read more about it, along with examples and why it was so major, in his blog post.

There’s still serious debate that’s somewhat related to Evan’s discovery. An issue on GitHub is still open while the Keybase.io folks consider their options and best course of action.

Everything has it’s flaws, though. So for me, Keybase.io is an easy way for me to communicate securely with those I need to do so with. I’ll likely continue using it, but need more people I communicate with frequently to be members.

Invites

I do have invites for Keybase.io. I’ll only send them to people I know. If you’re a regular here, a client of mine, or old online friend, you qualify. Real world friends and family obviously qualify.

Just ask in the comments below.

3+

SSH Private Key Authentication Tip

So easy to miss, but so important for SSH Private Key Authentication

I don’t allow password logins on any of my servers. Can only login via SSH key based authentication. No root login is allowed, and I specify every user that’s allowed to login via SSH, ie: me.

If you’re a regular here, you know I love DigitalOcean. They have a very nice tutorial on setting up SSH private key login, even walking you through creating SSH keys if you don’t already have one, and even adding that key to your DigitalOcean account.

None of that will be of interest to you if you already know how to generate SSH keys.

I’ll SSH into my new Droplet, only to be rejected. I immediately know why, because it’s happened so many times. It’s due to incorrect permissions on your Droplet, VPS, server, whatever.

For SSH private key authentication to work, the ~/.ssh/authorized_keys file and the ~/.ssh folder need specific permissions: 

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

Run that, and then try logging in via SSH to your Droplet from your local machine. Should go this time.

If you still can’t login to your remote system, something else is likely wrong. If that’s the case, you’ll want to start at the top of the DigitalOcean post about setting up SSH private key authentication and just follow the steps.

After you’ve followed those steps, change permissions on the ~/.ssh/authorized_keys file again and on the ~/.ssh folder again. Like so from your terminal: 

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

I’m curious…

Do you allow password logins over SSH?

View Results

Loading ... Loading ...

If you do allow password logins, I’d love to hear what scenario causes you to need to allow password logins. Let me know in the comments if you don’t mind.

0

Use Composer in Your WordPress Plugin or Theme

Simple Tutorial Showing How To Use Composer in Your WordPress Plugin or Theme

I love Composer. It just makes including libraries or scripts in your app incredibly easy. So easy that it’s stupid not to use it (in many, if not most cases).

The number of libraries/scripts available on Packagist is astounding, all of which can be included in your plugin with Composer. Packagist is the main Composer repository. It basically aggregates all types of PHP packages that can be installed via Composer.

I’d never used Composer with a proprietary WordPress plugin before. The plugin is for a client so it’ll never be available to the public.

Here’s the steps I took to make this WordPress plugin compatible with Composer so that I can easily bring in third-party libraries.

We’ll be using mailgun-php throughout this example, as the plugin that inspired this post uses Mailgun to send all sorts of emails.

1. First, install composer on your server.

I install Composer globally, like so: 

curl -sS https://getcomposer.org/installer | php<br>sudo mv composer.phar /usr/local/bin/composer

2. Add Mailgun as a dependency.

cd /path/to/plugin/
composer require mailgun/mailgun-php:~1.7.2

3. Check your composer.json file.

We’re including Mailgun and guzzle from Packagist. Your composer.json file should look similar to the example below.

4. Tell composer to install Mailgun.

tyler@yourmachine:~/path/to/plugin$ composer install

5. Autoload Our Mailgun Classes in Our Plugin.

The following should go in your plugin-name.php file, before any other PHP code. 

<?php
require 'vendor/autoload.php';
use MailgunMailgun;

You can now use Mailgun in your WordPress plugin or theme, some basic examples of using Mailgun can be found on GitHub and in their official documentation.

2+

Fix StanleyWP WordPress Theme Portfolio Grid

Fix display of portfolio grid rows

Back in September of 2014 I wrote about using the StanleyWP WordPress theme for a portfolio site. After I added some projects, I noticed the grid on the Portfolio page template wasn’t displaying rows correctly. I even noted it in my original post, towards the end.

I’ve had a few people contact me about how to fix the StanleyWP portfolio grid issue, and earlier today Arun left a comment asking how to fix the grid issue.

You need to be using a child theme for this, it’s just good practice. If you don’t know how to create a child theme, read my post on creating a child theme. It’s really easy to do, but may require you to reset your menu or some widgets after changing to the child theme.

Anyway, Arun confirmed that this gist fixed the problem for him.

Just save that code as template-portfolio.php and put it in your child theme directory. Your portfolio should now show three projects per row. No CSS or anything else needs to be modified, just that one page template.

Let me know if you have any issues or questions.

2+

More Inbox by Gmail Invites

I have 10 more to give away

Just like with the last Inbox by Gmail invites post, I’ve got 10 invites for Inbox by Gmail. If you want one, just leave a comment below.

As usual, first come, first serve.

March 5, 2015 Update

I have 10 more to give away. Leave a comment (put your gmail address in the email field so only I can see it).

0