I’ve been thinking about the proper role of an IT department in a tech company lately… Is it a trusted partner, helping unlock productivity of highly talented people? Or is it to keep mischevious employees on a short leash.

The answer says a lot about the whole company.

It comes down to this question: Do you trust your team? If you assume that everyone is genuinely striving to use their best judgment to advance your company’s business, then the IT team is a key contributor to the shared outcome. They are the subject matter experts who’s advice is valued and sought out by all employees. They keep up to date with the best tools & practices, and are eager to adopt new technologies when they become available. Obviously, real threats, internal and external, do exist. So, IT must also have the capability to ensure that people can be held accountable for the judgments they make. In short, the working model is “trust but verify”.

This is the kind of environment I want to work in.

However, if you view your employees as soulless minions who can’t be trusted to flip a light switch correctly, then the IT must adopt the centralized controlling role of an ever-present big brother. Every user’s action must be scrutinized. No new application can be permitted without multiple levels of approval. If a new tool becomes available, agreements must be signed, audits must be completed, and at all costs PROCESS MUST BE FOLLOWED.

Of course audits & process have direct and indirect costs. Why is Enterprise software obscenely expensive? Here’s a hint: enterprise software companies are good at two things: Process and sales. Absent: Actually producing well designed software.

But, the indirect costs of the centralized approach can be even more severe. Technology companies rely on smart, creative people applying their creativity to the main challenges the business faces. High performing teams use the best available tools, changing rapidly as better tools become available. But, if the menu of choices is limited to those selected by an overworked IT team with limited motivation to stay on top of the best available tools, otherwise productive teams are crippled before they even begin work.

The working model here is “trust no one.” But, the logic here is circular. Otherwise productive energy is spent figuring out how to get normal work done. Sometimes that effort goes in to understanding & compiling with over-burdensome process. But sometimes the process is so burdensome that it must be worked around. Of course that’s “outside of policy” and further justification that users can’t be trusted!

This environment is toxic, and not somewhere I would want to work.

So, think carefully: Which kind of IT department should your company have?

Is any one using PGP on iOS? The options seem extremely limited.

Despite the fact that PGP has been around for decades, PGP support on iOS is quite limited. It is readily available on traditional computers (see Prism Break for an exhaustive list), but what about iOS?

Most PC applications seem to simply provide a frontend for GPG via a mechanism like GPGME. This approach avoids the pitfalls of rolling your own crypto, but it means that GPG must be available. However, the design of iOS precludes launching another user process from within an app. And, since GPG is licensed under the GPL, which may conflict with Apple’s terms of service, there is little incentive to put a lot of effort into this

The result of these two problems means that there is not yet a good option for developers who want to support secure email.

Even with these problems there are a couple apps available, though it isn’t apparent what crypto libraries they are using.

iOS Apps:

• iPGMail might be a good option. The app store screen shots only show the key management features, but reviews are good.
• oPenGP seems to be based on copying/pasting for encryption/decryption. Single review mentions crashing.

Related libraries:

• GPGME is an interface to the GPG binary. It might be possible to port GPG/GPGME to the iPhone, but the design of this library is based upon starting GPG as it’s own process, which is forbidden by iOS. GPGME is licensed under the LGPL, but GPG is GPL’d, possibly making it unsuitable for App Store distribution.
• UNNetPGP is based on NetPGP, the NetBSD PGP library. The BSD license is a better option for many apps, but NetPGP has not seen any active development since 2010. UUNetPGP still has some rough edges to be flushed out, but looks very promising if the underlying library is maintained.
• libgcrypt is an actively maintained, LGPL, general purpose crypto library. However, it is only a crypto library. It doesn’t handle keyring management and requires much more knowledge of crytpo on the part of the developer.

Hacker News discussion

PGP Key fingerprint:

1

C7C3 0951 F2A5 6B85 3CD7  8801 4EFD 0909 7DBC C339

Download key

Long overdue

Posting a public encryption key has been on my mental TODO list for some time. Recent revelations about routine NSA surveillance has caused widespread outcry, yet how many people actually use strong encryption for personal communication on a daily basis? Tools like GPG can be difficult to use, so they get little acceptance. Additionally, managing crypto keys across multiple devices (computer, phone, tablet, etc.) increases ease of use hurdles and increases security challenges.

It seems there aren’t yet any good solutions to these problems. But in the mean time, I’m planning to sign all messages I send from my home computer. And I’m making it possible for others to send me encrypted messages. I hope others will do the same.

Software

• Prism Break – An exhaustive list of open software & services for the threatened or paranoid.
• GPG – The standard in public-key encryption. For those that enjoy the command line.
• GPGMail – GPG plugin for Apple Mail. The easiest to use I’ve seen so far.

Further reading

• We should all have something to hide – Moxie Marlinspike
• Schneier on Security – Bruce Schneier
• The NSA files – The Guardian

Yes, that’s a bold claim. But I stand by it. I’ll skip straight to the important part:

IPython Notebook makes it dead simple to explore your code/data. Just look at my simple signal processing example.

Intrigued? If you’ve already installed IPython (and numpy/scipy and matplotlib), you’ve already got it! Just start notebook:

$ ipython notebook --pylab inline

The notebook console will open in a browser window. (Ok, you might need a couple more dependencies, but how hard is that??)

Then all you have to do is download the notebook and drag it to the console browser window! How awesome is that?!

And, if that isn’t enough, a lot of work has been put into it’s multi-processing abilities. It is well worth the time to watch the introductory video.