category_name=blog%2Fsecurity

MacBook Pro Development Environment

October 1, 2010 | 6 Comments

This article covers the steps I went through to setup my MacBook Pro for Google App Engine (GAE) development. I am using the Python runtime in GAE so the focus here is on a Python development environment.

Python

Setting Python 2.5 as Default

My MacBook Pro is running Snow Leopard. I am planning to host my projects on Google App Engine and it requires Python 2.5. Snow Leopard ships with Python 2.6 as the default. You can switch to Python 2.5 using a few simple commands, as follows:

$ defaults write com.apple.versioner.python Version 2.5
$ sudo defaults write /Library/Preferences/com.apple.versioner.python Version 2.5

After issuing these commands you should logout and login, launch a Terminal window and issue the command

$ python --version

It should report Python 2.5.4 as the result. If it still says Python 2.6.1 then your change did not take effect. To troubleshoot the problem start with man python. It includes information on how to switch the default version of Python on your system.

Additional Python Modules

Google App Engine expects that the ssl module is installed. This is so it can verify the identity of the GAE servers when trying to deploy your projects. Install it like this:

$ curl http://pypi.python.org/packages/source/s/ssl/ssl-1.15.tar.gz --output ssl-1.15.tar.gz
$ tar xvf ssl-1.15.tar.gz
$ cd ssl-1.15
$ sudo python setup.py install

If you want to use the GAE image manipulation classes while running on the local development server you will need to install PIL using the following command.

$ sudo easy_install pil

The following will be necessary for building some other python libraries later in the process.

$ sudo easy_install docutils

The following modules are necessary if you choose to install IPython (see next section). If you are planning on skipping the IPython installation these can be skipped as well.

$ sudo easy_install readline
$ sudo easy_install nose
$ sudo easy_install pexpect

IPython

The IPython interactive interpreter is a good addition to your Python development environment. It does not come pre-installed on Snow Leopard. You can download the latest stable version using this command:

$ curl http://ipython.scipy.org/dist/0.10/ipython-0.10.tar.gz --output ipython-0.10.tar.gz
$ tar -xzf ipython-0.10.tar.gz
$ cd ipython
$ sudo python setup.py install

Google App Engine SDK

The Google App Engine SDK for Python is available at http://code.google.com/appengine/downloads.html. As of this writing you can use the following command to grab the latest version:

$ curl http://googleappengine.googlecode.com/files/GoogleAppEngineLauncher-1.3.7.dmg --output GoogleAppEngineLauncher-1.3.7.dmg

Once you download the dmg file open it in Finder and run the installer. It will place all of the necessary files on your machine. Once complete locate the GoogleAppEngineLauncher.app icon in Finder and double-click on it. This application provides a nice UI for managing your GAE projects.

Source Code Management Tools

Git

I am planning on managing the source code for my projects with git and will store my master repositories on http://github.com. Apple does not include a copy of git on the machine by default. An installer is available at http://help.github.com/mac-git-installation/. While you are at it also create an account on github if you don’t already have one. It is useful for social coding in the wider open-source community.

Mercurial

Some of the Django open source software I plan on using is maintained using a distributed source control management tool called Mercurial. An installer for this is available at http://mercurial.selenic.com. Download and install the software.

$ curl http://mercurial.selenic.com/release/mercurial-1.6.3.tar.gz --output mercurial-1.6.3.tar.gz
$ tar xvf mercurial-1.6.3.tar.gz
$ cd mercurial-1.6.3
$ make PREFIX=/System/Library/Frameworks/Python.framework/Versions/2.5 all
$ sudo make PREFIX=/System/Library/Frameworks/Python.framework/Versions/2.5 install
$ hg version

Django-nonrel

I plan on implementing my web applications on top of the Django framework. Some modifications are required in order for this framework to run properly on GAE since Google uses Big Table for data storage instead of a relational database. Everything necessary to get Django working in GAE is included as part of the Django-nonrel project. Specific instructions for GAE are available at http://www.allbuttonspressed.com/projects/djangoappengine.

Use the commands listed below to install copies of all the necessary components onto your machine. Everything will be stored in a folder called DjangoStuff under your home directory.

$ mkdir $HOME/DjangoStuff
$ cd $HOME/DjangoStuff
$ hg clone https://bitbucket.org/wkornewald/django-nonrel
$ hg clone https://bitbucket.org/wkornewald/djangoappengine
$ hg clone https://bitbucket.org/wkornewald/djangotoolbox
$ hg clone https://bitbucket.org/wkornewald/django-dbindexer
$ hg clone https://bitbucket.org/wkornewald/django-testapp

Now, pick another folder where you want to setup a practice application. I am calling mine cs-practice since this is also the name of my Google App Engine application.

Use the following commands to configure the practice application for Django-nonrel development.

$ mkdir $HOME/cs-practice
$ cd $HOME/cs-practice
$ ln -s $HOME/DjangoStuff/django-nonrel/django django
$ ln -s $HOME/DjangoStuff/djangoappengine djangoappengine
$ ln -s $HOME/DjangoStuff/djangotoolbox/djangotoolbox djangotoolbox
$ ln -s $HOME/DjangoStuff/django-dbindexer/dbindexer dbindexer
$ cp -r $HOME/DjangoStuff/django-testapp/* .

Once you have the practice folder setup you need to edit the app.yaml file and change the application name to reflect the Google App Engine application name you selected when registering on http://appengine.google.com.

Computer Repair vs Auto Repair — Why they are very different.

March 13, 2008 | Comments Off

Computer repair agreements may not always guarantee that you get the old parts back. They also may not guarantee that the replacement parts are new.

When I go to the auto repair shop the paperwork you are asked to sign before the work is started always has a box on it that you can check if you would like to have all of the replaced parts returned to you. And, you always get new parts put on your car unless you make specific arrangements to okay the use of a remanufactured part.

For a car there really isn’t a security risk associated with not getting the original parts back or using remanufactured parts in a repair. With a computer the story is very different. It is commonplace for people to store sensitive information on their personal computer systems. If the hard-drive fails and the computer needs to be taken into the shop for repairs it should not be acceptable for the company doing the repairs to keep your original hard-drive. After all, it contains all sorts of sensitive information that you did not have an opportunity to erase prior to the repair.

Right about now you might be thinking
Hey, it doesn’t matter to me. The drive is dead. No one can read it, right?
Well, you would be wrong. Companies that repair these drives do exist, and remanufactured drives are used for repairs of other customer computers.

Just imagine your surprise when the computer you just got repaired now has your neighbor’s hard-drive in it, and the shop didn’t even bother to erase their information before installing it in your machine. Now you have all of their data! Ouch!

Also, the repaired drive in your computer may actually be older than the drive you originally had. It may not be new at all. Given that these drives do have a manufacture rated MTBF (mean-time between failures) that seems to be very accurate, you may be in for another repair within a few weeks or months.

All in all, this practice seems unacceptable on many levels. My suggestion is that whenever your hard-drive fails you should destroy it yourself and should replace it with another one from a reputable supplier. And, you should always make sure the drive is new, not remanufactured!

Protect Sensitive Data on your MacBook Pro

March 13, 2008 | Comments Off

One thing I am always nervous about is storing sensitive data on my MacBook Pro. Over the past few years it seems like there are stories popping up in the news about some organization loosing sensitive customer data when a laptop is misplaced. As someone who makes a conscious effort to have only one computer, I am concerned about storing my banking and tax information on a portable computer.

After searching for quite some time I finally settled on a solution that has been working very well for me. My criteria were as follows:

  • Data must be encrypted.
  • Storage device must be removable.
  • Data access should only be permitted once a suitable password has been entered.
  • Password must be required to access data after MacBook Pro comes out of sleep mode.
  • To meet my goals I am using a piece of software called Knox in conjunction with an ExpressCard/34 solid-state disk. I am currently using a Lexar ExpressCard/34 SSD with an 8GB capacity since that is what the local computer store had available at the time, about six months ago. Today it is possible to get a 32GB card from TRANSCEND, so the capacity is ever increasing! logotag.gif

    The card I store my sensitive data on is the Lexar 8GB ExpressCard SSD. It fits in the ExpressCard/34 slot on the left side of my MacBook Pro and is makes for a very convenient place to store all of my Quicken and TurboTax data files. Using Knox I setup the entire Lexar card as an encrypted filesystem.

www.idevelopsoftware.com is Stephen Fry proof thanks to caching by WP Super Cache