Categories
privacy Security Technology

Does Apple care about your privacy?

I’ve been an Apple user since 2005 or so. Well, unless you consider my Apple IIc, in which case I guess I was a customer since 1987. I managed to negotiate with my parents to bundle two birthdays (my 12th and my Bar Mitzvah, that’s a big one) to get one of those. It was a turning point in my life… But I digress.

By Bilby – Own work, CC BY 3.0, Link

I really admire Apple’s push for security without compromising convenience, with Touch ID and Face ID making things safer. Apple’s touting their efforts to reduce web tracking, and Tim Cook publicly stated that “We at Apple believe that privacy is a fundamental human right”.

But when it comes to their own backyard, does Apple even meet the requirements of the GDPR? (The European privacy directive). I don’t think so.

Categories
coffee marketing Technology

The cup-of-coffee pricing fallacy

If you’re lurking on HackerNews, or are interesting in entrepreneurship, you might occasionally bump into something like this

Starbucks coffee is $2.45 + taxes. $100/mo is less than a cup of coffee a day.

And it’s very tempting — and somehow logical — to consider how much money we might spend without thinking too much about, and conclude that we should be willing to do the same with online services.

This coffee costs just like a cup of a coffee

And for some services, we might actually think in similar terms. Hey, my Netflix is only 4 cups of coffee per month. Amazon Prime maybe 2…

But why aren’t we spending it just as easily on other online services, software licenses and apps?

Categories
Technology

Remember me

No, it’s not about the song …

Remember me (From Coco, Disney/Pixar)

It’s about those tickboxes we’re all so familiar with, and yet, are we?

Remember me. Keep me Signed-in. Keep me logged in.

Some people always tick them. Some people never tick them.

Most people haven’t got a clue what they do.

Categories
docker hosting Security Technology

envwarden and kubernetes secrets

envwarden is a simple open-source script that lets you manage your server secrets with Bitwarden.

Read more about envwarden here

Here’s a simple way to update your Kubernetes secrets directly from envwraden, so they are always in-sync.

Categories
docker hosting Technology

hosting-compose (or) the sad buyout of Webfaction

docker-compose is one of those essential tools that make working with docker so much better. I do use docker directly occasionally, but anything non-trivial, I’d reach out docker-compose immediately. It allows you to “glue” things together and describe the stack in such a neat way.

I currently handle my dev environments with docker-compose, and even some live and staging deployments (like thumbor). I also manage remote database backups with it (using restic, postgresql, stunnel, redis and rdb-tools). In the latter example, it saves me from installing different versions of the database clients and connectors. I am able to instantly upgrade them, and then connect to the remote databases and back them up or restore. It makes the backup system itself immutable and disposable.

Recently however, I started using docker-compose for something that I haven’t considered before: a replacement for shared hosting.

a snippet of my hosting-compose docker-compose.yml

Why?

Categories
home vintage

too many toys?

My wife and I are wannabe-minimalists. We try to reduce how much we consume, make our home a bit more organized and get rid of excess. We also like vintage items, so it’s always hard. Next to my desk, I have an old calculator from the 60s or 70s (I guess) that I picked up at a flea-market a few years ago. It’s just cool, but serves no purpose. Maybe I should get rid of it, but it’s still there. Next to my own Nokia 8210 from 1998 or so… I somehow got attached to this phone.

My calculator and Nokia 8210

Categories
Security

Security through obscurity with Bitwarden

I never thought I’ll write something negative about Bitwarden. I love it. It’s an incredible password manager, and I even created envwarden: a small open-source wrapper to handle server secrets with Bitwarden.

But I recently bumped into a small issue that looks like Security through obscurity to me. And I thought it was odd for a security-focused product.

The issue was that I couldn’t export the items in my company’s vault. Even though I had access to the cards [1].

I contacted Bitwarden about it, and they said that:

An Organization user cannot export the Organization’s Vault without being an Admin or Owner.

After trying to understand why, since I did have access to cards in my organization, so why couldn’t I export them? I was told:

We do not allow people to export the Organization Vault unless they are an Admin simply because this has been requested by demand from our customers. Being able to dump all passwords in one quick action is different than having to access every one individually to copy them out.

I explained that this seems like Security through obscurity, since I had vault access, and also it’s trivial to dump all passwords using the Bitwarden CLI anyway.

Categories
marketing optimization Technology

SEO optimization for suckers

There’s a famous Jewish, Yiddish phrase:

Man plans and God laughs.

I think the same applies to SEO and Google nowadays.

Man SEOs and Google laughs.

I was always a bit suspicious of SEO, and let’s face it, the sea of snake-oil SEO salesmen doesn’t help to establish credibility here, does it?

But I think that I’m becoming even more cynical of it every day.

The problem with getting good advice for SEO is that there’s no money in telling you “Don’t do anything”, “It’s a waste of time”, or “Focus on valuable content for your audience”. But there’s tons of money in doing a site audit, in telling you about best strategies to extract link juice, or why alt tags for images are important.

But it works

Categories
work

Planning for the unplanned

There’s an expression in Hebrew: “Baltam”. It’s a shorthand form for something unplanned, or more precisely, it strongly implies: [something that is] impossible to plan. I think it has its roots in the military. In the battle field, you always have to account for some surprises. You cannot possibly have everything planned. Israelis are also (in)famous for improvising. Not so famous for planning ahead.

As an (ex?) Israeli, I recently felt awkward, essentially being accused of being overly bureaucratic. And by a German colleague, of all people. Can you imagine it?? :)

Some things take you by surprise

Ok, and just to clarify one thing, this post isn’t about cultural stereotypes, but rather trying to figure out a practical approach to a real problem that my team is facing with new ideas and features:

How do you deal with new tasks or ideas, especially small ones?

Categories
rails Security Technology

simple and secure cron using AWS Lambda

Many apps require some tasks to execute on schedule: cleaning up inactive user accounts, generating daily, weekly or monthly reports, sending out reminders via email, etc.

cron is a simple and trusted scheduler for unix, and used on pretty much any unix-based system I come across.

So cron seems like a natural candidate for triggering those job executions. But it’s not always the best solution.

In our case, we’ve used the whenever gem for rails successfully for a long while. The gem acts as a cron DSL and lets you inject and manage cron entries from your rails app.

The problem starts however when you start growing, and your app spans more than one server. Or even if you only use one server, but want to be able to fail-over, or switch from one server to another.

Why? suddenly you have more than one cron launcher, and jobs that should execute once end up executing once on each server. This can cause some weird and unexpected lockouts, duplication and other issues.

So what’s the alternative?