Categories
Personal Random Bits

My picks on open-source licenses

Sooner or later everybody that works with computers will have to deal with software licenses. Newcomers usually assume that software is either open-source (aka free stuff) or proprietary, but this is a very simplistic view of the world and wrong most of the time.

This topic can quickly become complex and small details really matter. You might find yourself using a piece of software in a way that the license does not allow.

There are many types of open-source licenses with different sets of conditions, while you can use some for basically whatever you want, others might impose some limits and/or duties. If you aren’t familiar with the most common options take look at choosealicense.com.

This is also a topic that was recently the source of a certain level of drama in the industry, when companies that usually released their software and source code with a very permissive license opted to change it, in order to protect their work from certain behaviors they viewed as abusive.

In this post I share my current approach regarding the licenses of the computer programs I end up releasing as FOSS (Free and Open Source Software).

Let’s start with libraries, that is, packages of code containing instructions to solve specific problems, aimed to be used by other software developers in their own apps and programs. On this case, my choice is MIT, a very permissive license which allows it to be used for any purpose without creating any other implications for the end result (app/product/service). In my view this is exactly the aim an open source library should have.

The next category is “apps and tools”, these are regular computer programs aimed to be installed by the end user in his computer. For this scenario, my choice is GPLv3. So I’m providing a tool with the source code for free, that the user can use and modify as he sees fit. The only thing I ask for is: if you modify it in any way, to make it better or address a different scenario, please share your changes using the same license.

Finally, the last category is “network applications”, which are computer programs that can be used through the network without having to install them on the local machine. Here I think AGPLv3 is a good compromise, it basically says if the end user modifies the software and let his users access it over the network (so he doesn’t distribute copies of it), he is free to do so, as long as he shares is changes using the same license.

And this is it. I think this is a good enough approach for now (even though I’m certain it isn’t a perfect fit for every scenario). What do you think?

Categories
Random Bits Technology and Internet

Giving a new life to old phones

Nowadays, in some “developed” countries, it is very common for people to have a bunch of old phones stored somewhere in a drawer. Ten years have passed since smartphones became ubiquitous and those devices tend to become unusable very quickly, at least for their primary purpose. Either a small component breaks, the vendor stops providing updates, newer apps don’t support those older versions, etc.

The thing is, these phones are still powerful computers. It would be great if we could give them another life once they are no longer fit for regular day to day use or the owner just wants to try a shiny new device.

I never had many smartphones, mines tend to last many years, but I still have one or two lying around. Recently I started thinking of new uses for them, make them work instead of just gathering dust. A quick search on the internet tells me that many people already had the same idea (I’m quite late to the party) and have been working on cool things to do with these devices.

However, most of these articles just throw the idea at you, without telling you how to do it. Others assume that your device is relatively recent.

Of course the difficulty increases with the age of the phone, in my case the software that I will be able to run on a 10 year old Samsung Galaxy S will not be as easy to find as the software that I can run on another device with just one or two years.

Bellow is a list posts I found online with cool things you can do with your old phones. What sets this list apart from other results is that all the items aren’t just ideas, they contain step by step instructions of how to achieve the end result.

You don’t have to follow the provided instructions rigorously and you should introduce some variations that are more appropriate to your use case.

Have fun and reuse your old devices.

Categories
Random Bits Technology and Internet

Dynamic DNS using Cloudflare Workers

In this post I’ll try to describe a simple solution, that I came up with, to solve the issue of dynamically updating DNS records when the IP addresses of your machines/instances changes frequently.

While Dynamic DNS isn’t a new thing and many services/tools around the internet already provide solutions to this problem (for more than 2 decades), I had a few requirements that ruled out most of them:

  • I didn’t want to sign up to a new account in one of these external services.
  • I would prefer to use a domain name under my control.
  • I don’t trust the machine/instance that executes the update agent, so according to the principle of the least privilege, the client should only able to update one DNS record.

The first and second points rule out the usual DDNS service providers and the third point forbids me from using the Cloudflare API as is (like it is done in other blog posts), since the permissions we are allowed to setup for a new API token aren’t granular enough to only allow access to a single DNS record, at best I would’ve to give access to all records under that domain.

My solution to the problem at hand was to put a worker is front of the API, basically delegating half of the work to this “serverless function”. The flow is the following;

  • agent gets IP address and timestamp
  • agent signs the data using a previously known key
  • agent contacts the worker
  • worker verifies signature, IP address and timestamp
  • worker fetches DNS record info of a predefined subdomain
  • If the IP address is the same, nothing needs to be done
  • If the IP address is different, worker updates DNS record
  • worker notifies the agent of the outcome

Nothing too fancy or clever, right? But is works like a charm.

I’ve published my implementation on GitHub with a FOSS license, so anyone can modify and reuse. It doesn’t require any extra dependencies, it consists of only two files and you just need to drop them at the right locations and you’re ready to go. The repository can be found here and the README.md contains the detailed steps to deploy it.

There are other small features that could be implemented, such as using the same worker with several agents that need to update different records, so only one of these “serverless functions” would be required. But these improvements will have wait for another time, for now I just needed something that worked well for this particular case and that could be easily deployed in a short time.

Categories
Random Bits

kinspect – quickly look into PGP public key details

Sometimes I just need to look into the details of a PGP key that is provided in its “armored” form by some website (not everyone is publishing their keys to the keyservers).

Normally I would have to import that key to my keyring or save it into a file and use gnupg to visualize it (as it is described in this Stack Overflow answers).

To avoid this hassle I just created a simple page with a text area where you can paste the public key and it will display some basic information about it. Perhaps an extension would be a better approach, but for now this works for me.

You can use it on: https://kinspect.ovalerio.net

In case you would like to contribute in order to improve it or extend the information displayed about the keys, the source code is available on Github using a Free Software license: https://github.com/dethos/kinspect

Categories
Random Bits

Staying on an AirBnB? Look for the cameras

When going on a trip it is now common practice to consider staying on an rented apartment or house instead of an hotel or hostel, mostly thanks to AirBnB which made it really easy and convenient for both side of the deal. Most of the time the price is super competitive and I would say a great fit for many situations.

However as it happens with almost anything, it has its own set of problems and challenges. One example of these new challenges are the reports (and confirmations) that some, lets call them malicious hosts, have been putting in place cameras to monitor the guests during their stay.

With a small search on the internet you can find

Someone equipped with the right knowledge and a computer can try to check if a camera is connected to the WiFi network, like this person did:

Toot describing that a camera that was hidden inside a box

If this is your case, the following post provides a few guidelines to look for the cameras:

Finally, try to figure out the public IP address of the network you are on ( https://dshield.org/api/myip ) and either run a port scan from the outside to see if you find any odd open ports, or look it up in Shodan to see if Shodan found cameras on this IP in the past (but you likely will have a dynamic IP address).

InfoSec Handlers Diary Blog

This page even provides a script that you can execute to automatically do most steps explained on the above article.

However, sometimes you don’t bring your computer with you, which means you would have to rely on your smartphone to do this search. I’m still trying to find a good, trustworthy and intuitive app to recommend, since using nmap on Android will not help the less tech-savvy people.

Meanwhile, I hope the above links provide you with some ideas and useful tools to look for hidden cameras while you stay on a rented place.

Categories
Random Bits Startups

Some content about remote work

If you already have read some of my earlier posts, you will know that I currently work remotely and am part of a team that is spread across a few countries.

For this reason I try to read a lot about the subject, in order to try to continuously the way we work.  On this post I just want to share 2 links (one video and an article) that I think can be very helpful for remote teams, even though they address subjects that are common to everyone.

So here they are:

Documenting Decisions in a Remote Team

This is very important specifically the parts of making sure everyone is in the loop, explicitly communicating the ownership of the decision and keeping a record that can be consulted in the future.

Read on Medium

Building Operating Cadence With Remote Teams

This is a more general presentation where it is explained how things work at Zapier (100% remote team). One good idea from the video that caught my attention is the small “survey” before the meetings, to define the plan and allowing people to get more context before the meeting starts.

Watch the video on Business of Software

Categories
Personal Random Bits

Observations on remote work

A few days ago I noticed that I’ve been working fully remote for more than 2 years. To be sincere this now feels natural to me and not awkward at all, as some might think at the beginning or when they are introduced to the concept.

Over this period, even though it was not my first experience (since I already did it for a couple of months before), it is expected that one might start noticing what works and what doesn’t, how to deal with the shortcomings of the situation and how make the most of its advantages.

In this post I want to explore what I found out in my personal experience. There are already lots of articles and blog posts, detailing strategies/tips on how to improve your (or your team’s) productivity while working remotely and describing  the daily life of many remote workers. Instead of enumerating everything that already has been written, I will focus on some aspects which proved to have a huge impact.

All or almost nothing

This is a crucial one, with the exception of some edge cases, the most common scenario is that you need to interact and work with other people. So remote work will only be effective and achieve its true potential if everyone accepts that not every element of the team is present in the same building.

The processes and all the communication channels should be available for every member of the team the same way. This means that it should resemble the scenario where all members work remotely. We know people talk in person, however work related discussions, memos, presentations and any other kind of activity should be available to all.

This way we don’t create a culture were the team is divided between first and second class citizens. The only way to maximize the output of the team, is to make sure everyone can contribute with 100% of their skills. For that to happen, adequate processes and an according mindset is required.

Tools matter

To build over the previous topic, one important issue is inadequate tooling. We need to remove friction and make sure working on a team that is spread through multiple locations requires no more effort and doesn’t cause more stress than it would normally do in any other situation.

Good tools are essential to make it happen. As an example, a common scenario is a bad video conference tool that is a true pain to work with, making people lose time at the beginning of the conference call because the connection can’t be established or nobody is able to hear the people on the other end. Merge that together with the image/sound constantly freezing and the frustration levels go through the roof.

So good tools should make communication, data sharing and collaboration fluid and effortless, helping and not getting in the way. They should adapt to this environment (remote) and privilege this new way of working, over the “standard”/local one (this sometimes requires some adjustments).

Make the progress visible

One of the issues people often complain about remote work, is the attitude of other colleagues/managers who aren’t familiarized with this way of doing things, struggling with the notion of not seeing you there at your desk. In many places what counts is the time spend on your chair and not the work you deliver.

On the other side, remote workers also struggle to be kept in the loop, there are many conversations that are never written or recorded, so they aren’t able to be part of.

It is very important to fix this disconnection, and based on the first point (“All or almost nothing”) the complete solution requires an effort of both parties. They should make sure that the progress being done is visible to everyone, keeping all team in the loop and able to participate. It can be a log, some status updates, sending some previews or even asking for feedback regularly, as long as it is visible and easily accessible. People will be able to discuss the most recent progress and everyone will know what is going on. It might look like some extra overhead, but it makes all the difference.

Final notes

As we can see working remotely requires a joint effort of everybody involved and is not immune to certain kinds of problems / challenges (you can read more on this blog post), but if handled correctly it can provide serious improvements and alternatives to a given organization (of course there are jobs that can’t be done remotely, but you get the point). At least at this point, I think the benefits generally outweigh the drawbacks.

Categories
Random Bits

Slack is not a good fit for community chat

There, I said it … and a lot of other people said it before me (here, here, here, here, … and the list goes on and on).

Before I proceed with my argument, I would like to say that, slack is great product (even if the client consumes lots of memory) and works very well for closed teams and groups of people, since that was the original purpose. I use it every day at work and it does the job.

However I keep seeing it being used as the chat tool for many open on-line communities and it is not fit for that purpose. Many times these communities have to resort to a bunch of hack in order to make sure it meets the minimum needs for an open chat application.

The main issues I see are:

  • It doesn’t let me participate without a previous individual invitation (hack or manual labor are often used)
  • It doesn’t let me search the conversations (for previously discussed solutions) without registering first on the community.
  • For small and occasional intervention, I need to create an account.
  • Search and history limitations of the free account (this can be a problem for bigger communities)

Of course that for some cases it could be good enough, but as a trend the final outcome is not great.

There are many alternatives and I will not address how an old protocol such as IRC is still a good choice for this use case, since there are lots of complaints about how it is difficult, not pretty enough or not full of little perks (such as previews, reaction, emojis, etc).

So which software/app do I think that could be used instead of slack? Let me go one by one:

GitterContrary to slack, Gitter was built with this purpose in mind overcoming the history and search limitations of slack, channels are open to read, easy for external people to join in (no hacks) and is open source, letting you continue using the same software even if the hosted service closes down.

Matrix protocolMatrix is an open chat protocol, that works in a federative way (similar to email), it has many client applications (web, desktop and mobile) and several implementations of the server side software. You can run your server instance or host your channels on an existing one, you can setup bridges to have users using IRC, Slack, Gitter and others, to interact on the same room, and it doesn’t suffer from any of the described issues of Slack.

Discord: Discord very similar to Slack, but many of the problems, like the limits and not requiring hacks to access the chat, are solved. Even though it is not as open as Matrix or IRC, you can generate a link, where everyone will be able to join (even without creating a new account), they will be able to search the entire history and can use the browser, making it a better fit to the use case of an open-community.

There are plenty of other choices for community chat, this is just a subset, feel free to pick them but please avoid using Slack, it is not made for that purpose.

Categories
Random Bits Technology and Internet

Managing Secrets With Vault

I’ve been looking into this area, of how to handle and manage a large quantity of secrets and users, for quite a while (old post), because when an organization or infrastructure grow, the number of “secrets” required for authentication and authorization increase as well. Is at this stage that bad practices (that are no more than shortcuts) as reusing credentials, storing them in less appropriate ways or no longer invalidating those who are no longer in required, start becoming problematic.

Yesterday at “Madeira Tech Meetup” I gave a brief introduction to this issue and explored ways to overcome it, which included a quick and basic explanation of Vault and demo about a common use case.

You can find the slides of the presentation here and if you have any suggestion or something you would like to discuss about it, feel free to comment or reach through any of the contact mediums I provided.

Categories
Random Bits Startups

Managing a 100% remote company

This video about Gitlab was posted recently and is a very interesting case-study on how a company can normally function while having all of its employees working remotely.