fortune 959

 
2014-12-19T08:57:59Z <notabene> cyberbaloo: git dans des mains expertes c'est très puissant
 
2014-12-19T08:58:03Z <karlcow> hmm
 
2014-12-19T08:58:08Z <notabene> (un peu comme de l'huile de massage, finalement)

My father was an entrepreneur

Father and son

My father started his company at 46. He had just been evicted from the affiliate of a major company he started 8 years before. His cofounder plotted for 3 years to take over it with the amused blessing of the top management, and as he succeeded, starting something new seemed the only way out.

I’ll remember how scared he was when he told me about it all my life. It was Friday. I was shaving with that red Wilkinson razor I had back then, about to leave for a weekend in a monastery I used to spend time then. He knocked at the door and told me one thing:

Please, pray for me. I’m starting my own company.

Because he was incredibly upright and professional, many of his clients followed him. And because of this integrity, they stayed after he died of cancer 3 years later, allowing my mother to sell the company so she could live and raise my sisters without worrying about money. If someone tells you “nothing personal, it’s business”, they’re lying. Business is incredibly personal.

Everything was not easy. When I decided to study computer science in that private school, he could not afford paying the 9000€ yearly fees. I had to work to pay them, as a teacher and a freelance journalist.

Everything was not easy, but after starting and bringing so many things to success, I’m sure that’s what he had been waiting for all his life.

Since I was born, I remember him building a school from French kids in Saudi Arabia (and creating a computer room filled with Apple II and not that crappy French TO7), starting a successful theatre company, an association to help unemployed executives to find a new job, a car rally, a book about the history of our family house over the centuries, he became the mayor of the village we had our country house at and built a leisure complex… Every time something was becoming too big, he simply stepped away and started something else. He was a starter and a builder, not a politician and a manager.

He started and was involved in so many things my mom once threatened to leave him and go back to France, so they started something together. At, 40 they went back to school during 2 years and studied to be horticulturists so they could take care of the garden.

When he told me he was about to start his own company, I didn’t understood what it meant. It’s only 15 years and 3 startups later that I realised my father was a true entrepreneur.

Opportunities

Opportunities

I am leaving Botify and joining Synthesio as an infrastructure manager. 14 months after leaving blueKiwi, this was an unexpected move, but there are opportunities one would be stupid to miss. Joining Synthesio is obviously one of them.

Synthesio, in case you’re not familiar with it, is a French e-reputation monitoring company established in Paris, London, New-York and Singapore. The company has an impressive growth and they’re offering me hard to refuse technical and human challenges.

Knowing which opportunities to take and which you must refuse is no easy thing. In the past, I’ve accepted some of them by default because I had a family to feed, and we’ve spent a few years in a constant emergency. Most of the time, it was hasty decisions that turned into mistakes, which is the reason why I’m writing about opportunities today.

In June, I had an opportunity to join a startup I’m a fan of as a CTO. The CEO is an impressive guy, there was already a MVP, a comfortable seed round, I had enough shares to start dreaming of retiring at 45. Indeed, it meant giving up on a comfortable salary for a while and being back in startup mode, but I believed in the project so much I was ready to do it.

It was a lifetime opportunity, but I refused.

I refused for many reasons, the main one being my wife who was fed up to see me working 24/7. At Botify, I was able to balance my work and life for the first time since 2003 and she liked it. The kids liked it too, and I liked the fact they liked it and the quality time we were able to take together.

After spending 3 weeks without sleeping, discussing with some friends and trying to clear the mess my mind had became, I sent the CEO and the investors an email telling them I would not join the company. That day, I cried for the first time since my daughter was born. I was sure my wife would not leave me if I gave it a go, but it was decision too heavy for the family and I could not take it alone. I spent one more month not sleeping, thinking about what I had just refused, one of them being giving up on having my own company.

It took me 3 months to admit it, but I know it was the right decision from the very beginning.

6 years ago, I woke up with a terrible hangover: the little baby I was feeding during the night a few months later was reading, writing and playing tennis. The few months turned into years, and I missed most of them. Since then, I’ve spent many times trying to convince myself I didn’t have the choice. I’m still not sure.

A few days after I refused, Alexandre Heimburger caught me on IRC and suggested I could join him at Synthesio. Alexandre has been my manager for 6 years, and when I left blueKiwi, we agreed we would work together again if we had the opportunity. But I was not ready. I had just refused an incredible opportunity, things were moving the interested at Botify, and I was not sure I wanted to move anymore. Summer was coming, I was about to leave for a 3 weeks vacation, and we agreed to get in touch after we’re both back and on track.

Mid August, I met Alexandre in my favorite ramen place. Noisy and busy Kintaro’s definitely not the best place to talk business, but it was a good one to take news from an old friend (or being asked to be another old friend’s best man, or to learn another friend is pregnant). What he was offering was challenging and exciting enough to winkle any regret outside of me. 10 days later, I had met Thibault Hanin and Christophe and knew Synthesio was the place I was going to work next.

3 days later, before I even had my contract, I resigned from Botify.

It may seem paradoxical but Synthesio is not a company I would have imagined I would work. It’s far from being a startup anymore. With about 100 employees, it’s 3 times bigger than the biggest company I’ve ever been employed by. And I always imagined I would leave Botify to create my own business.

It may seem even more paradoxical, but accepting to join Synthesio was as hard as refusing the CTO opportunity. Botify is the most mind blowing technical team I’ve ever worked with. I’ve learnt a tremendous amount of things with them, and I know they had at least as much to teach me. And to make things harder, I hired as a replacement the exact kind of guy I’d love to work with.

Also I still had things to do.

Leaving blueKiwi was a dead obvious decision to me. I had spent too much time there, and I had been sitting in my comfort zone watching tennis all day for months. At Botify, I still had lots of things to build, and leaving before I had finished them was bothering me.

Ironically, the best help I’ve ever had in making decisions comes from my former colleague and friend Greg. As I was running around in circles not knowing if I had to accept that CTO opportunity, he told me to read Heath Brothers Decisive: How to Make Better Choices in Life and Work. I’ve read more self improvement books that I can count but Decisive was a great help to me.

Decisive did not came with ready made solutions, but gave me the methodology I needed to take the necessary distance and clean up my mind. I had always been good at taking immediate decisions you need to take in case of emergency, Decisive gave me the framework I needed to make decisions that involve my family and I for the next years to come.

Oh, there’s a lot of opportunities
If you know when to take them, you know?
There’s a lot of opportunities
If there aren’t, you can make them
Make or break them

Pet Shop Boys – Opportunities

Lean et favelas

Autre exemple : observez Lean startup, une approche extrêmement puissante pour construire rapidement un produit/service en itérant directement avec ses utilisateurs. Si vous deviez construire un quartier en mode Lean, vous commenceriez par construire rapidement des logements répondant aux besoins minimum exprimés par les utilisateurs : un sol, des murs, un toit et une porte pour assurer le clos et le couvert du logement. La condition minimum de l’habitat est respectée. Par contre si vous produisez ça à l’échelle du quartier vous avez construit une favela.

En voulant répondre rapidement au besoin minimum de l’utilisateur vous avez livré un produit qui générera rapidement des problèmes de salubrité, de promiscuité, et de violence. Finalement vous avez bien suivi la méthode mais la qualité de vie (ou l’expérience utilisateur) n’est pas satisfaisante.

Dans cet exemple la production s’est attachée à répondre aux besoins conscients de l’utilisateur. Les besoins futurs, non-conscients et non-exprimés, comme une bonne qualité de vie, la sécurité ou la salubrité, n’ont pas été pris en considération. Ils conditionnent pourtant largement la qualité de l’expérience utilisateur.

En Lean comme ailleurs l’expert est aussi là pour, si j’ose dire, préserver l’utilisateur de lui-même. Si l’utilisateur est conscient de ses besoins présents, est-il conscient des conséquences futures de ces choix ? On peut en douter…

Non, la conception centrée utilisateur doit être encadrée par des ressources responsables de la vision du projet. Il faut des visionnaires, il faut des innovateurs, des planificateurs. Il faut des garants de la qualité du produit/service pas seulement pour l’usage présent, mais aussi pour les usages futurs.

Cette empathie dont on pâtit

Il y a 2 choses qui me gênent dans cet extrait :

  • la première de penser que la démarche Lean aboutira à la construction d’une favela ;
  • la seconde d’avoir l’arrogance de croire que l’expert est un visionnaire qui connait mieux le problème que ceux qui le vivent.

Si je reprends l’exemple de l’habitat, la première itération débouchera en effet peut-être sur une cabane. Puis la seconde, une fois que des personnes y auront vécu, débouchera sur un groupe de cabanes avec une pièce commune et des sanitaires externes. Puis la troisième pourrait être à l’origine d’un renforcement des murs existants et la construction d’une école. Enfin lors de la quatrième on démolirait la pièce commune pour faire une salle des fêtes en béton. Ou tout autre chose en fonction des besoins des personnes qui sont concernées au quotidien. Lean n’est pas fait pour développer un prototype et passer à l’échelle à partir de celui-ci mais bien pour itérer sur ce prototype de manière à ce qu’il acquiert le maximum de valeur avant de passer à l’échelle. Si personne ne souhaite vivre dans une favela, un projet Lean ne devrait jamais aboutir à une favela (au passage comparer une n-ième fois le développement logiciel à du BTP est délirant).

Passons à l’encadrement des utilisateurs trop stupides pour pouvoir avoir une vision de leur produit. Dans un système complexe, l’expert et l’utilisateur sont sur un pied d’égalité vis-à-vis de la prédiction qu’ils peuvent faire sur un produit innovant : c’est entre la voyance et le bullshit. Personne ne peut anticiper dans un tel système. La chance de notre domaine c’est la flexibilité que l’on a pour pouvoir s’adapter au changement. L’agilité propose des outils pour que les compétences de l’expert (estimation relative de la complexité et qualité interne) et l’utilisateur (priorité et budget) puissent travailler ensemble afin de maximiser la valeur de chaque itération. Inutile d’anticiper (faussement) sur les usages futurs si l’on est suffisamment réactif dans les développements présents. L’enjeu est de rester suffisamment réactif tout au long du processus, à la fois techniquement mais aussi en terme de retours utilisateurs.

Je fais rarement de la pub par ici mais la formation qu’expérimente Stéphane dans le domaine est vraiment éclairante.

Will crowdfund for equity

Business Angel

Is crowdfunding a good alternative to traditional seed round?

Sharing my office with Ulule kids for 14 months gave me a good overview of the crowdfunding topics, but I couldn’t get any solid answer about equity based crowdfunding even though the topic came in the conversation every once in a while.

In the traditional reward based crowdfunding, you back a project for a certain amount against a pre defined reward. If the crowdfunding campaign is successful, you get what you’ve been backing for. In many cases, reward based crowdfunding can be seen as a pre order campaign to finance the initial productions cost and ensure the new product meets its market.

Equity based crowdfunding is slightly different because instead of getting a product, you get shares in the company you invest in.

Let’s say you want to raise money but can’t or don’t want to go through the usual venture capital circuit. You decide to open 10% of your capital for 500.000€ at a 5.000.000€ euros valuation. You begin a crowdfunding operation, then, when it’s over and successful, you update your statuses to onboard your new shareholders. The most famous equity based crowdfunding is certainly Buffer’s that raised 3,500,000€ at a 60,000,000€ valuation.

Yesterday at LeWeb, I had the opportunity to meet both SoftTech VC’s Jeff Clavier who’s been investing in early stage startups and people from SmartAngels, a French crowd based investment fund. It was an interesting opportunity to learn more about both topic simultaneously.

Don’t look for SmartAngels English Web site, they don’t have one and there’s a legal reason for this. An English Web site may be considered a financial solicitation outside of France by the Autorité des marchés financiers (French SEC) which they don’t have an agreement for.

SmartAngels

I wanted to know a bit more about SmartAngels process and key figures to understand how they differ from traditional seed round.

SmartAngels was created in 2012 and has funded 15 companies so far for about 7,000,000€. They’re growing rapidly with 50 applicants and 4 to 5 companies accepted each month. The average round is around 400,000€ with a 8,000 to 10,000€ ticket from both traditional seed funds and individuals.

The companies topics is extremely wide contrary to funds like SoftTech that de facto exclude some of them like photo sharing or anonymous messaging. What they focus on is very early stage disruptive companies and more established small businesses with an important traction. So far, SmartAngels has funded companies in green tech, electric cars, drones and health. Even though they mostly target B2C because it’s usually easier to get for individuals, they have good returns on B2B as well as it’s considered more serious.

A typical SmartAngel round starts with a 2 weeks study of the company and market to ensure it can fit the kind of things they want to invest to. Then, they have a 6 weeks pre collect they used to show the company to their partners, raise interest amongst the community of investors and discuss the operational parts and expected valuation. Once everything’s setup, they start the collect itself for another 6 weeks. This makes the total process last about 14 weeks.

These figures are hard to compare with SoftTech’s as the fund is already 10 years old with a yearly funnel of 750 companies applying and 15 funded only for an initial round of $850,000. There’s still one I’m interested in, which is the time it takes to get an answer. SmartAngels claim one of their key value is speed, but 14 weeks is long compared to the 2 to 4 weeks it takes to SoftTech to say yes (and even less to say no according to Jeff Clavier).

After talking with SmartAngels people, I was really sold to the concept if equity based crowdfunding, but a good night made me wake up upset about 2 important things.

The first one is the very low submitted / success rate considering they get 50 applications, accept 4 to 5 companies accepted each month and only 15 funded since 2012. I probably lack some figures, but it makes a success rate inferior than SoftTech’s 2%.

The other one if about crowd funded seed. Crowd funded and traditional seed look pretty much the same except for one thing. A VC friend of mine once told me you’re marrying your investors so you need to chose them carefully. With crowd funded seed, you don’t chose who you’re gonna marry, and from an enterprise point of view I wouldn’t feel secure. I don’t know how diluted SmartAngels funded companies are, but having too much unknown investors doesn’t seems a good idea at all.

fortune 958

<+karlcow>
> Codeurs de pacotille s'abstenir, ici on envoie du lourd de chez lourd! #Recrutement #Développeur #IT #C++ #Java #Javascript #.NET #Android #iOS #PHP
<+koalie>
c'est sur quelle plate-forme qu'on code en pacotille ?

How can I help you?

Business cards

LeWeb is well known for being the biggest networking oriented tech conference in the world. I’ve been attending the event since 2007, and for the first time I did not bring any business cards.

On purpose.

Every year, I used to meet 100 to 150 people in 3 days and exchange that much business cards. This year, I won’t.

On purpose.

I still have my personal business cards. They’re lying on my desk next to the laptop I’m writing this article on. A thin layer of dust lightens the black back of the first one, showing I didn’t use them for a while.

I still have my personal business cards, but I have nothing to buy, and even more important, nothing to sell anymore.

Over the years, most of the feedback I had from people I gave my business cards to was impersonal, automated, commercial emails. SPAM, you name it. The interactions we started, they turned into nothing but an attempt to sell me something I didn’t need. It’s my fault, it was probably me. Or business as usual.

This year, I’ve decided to change the game and play with my own rules.

If we meet and I can help you in any useful way, I’ll be more than happy to do it. Subscribing to your list is not a useful way to help you, asking me for a blog post for the sake of having some press is not either.

Last year, I was wandering in LeWeb startup lounge, and the CEO of a company engaged in the competition came to me attracted by my “official blogger” badge. He introduced himself and started to pitch me as if his life depended upon it. His pitch wasn’t really good, his product was not either, but I listened until the end. Then, when the silent came back, I asked:

Cool. How can I help you?

He didn’t answer. He had no idea.

This story, I’ve been thinking about it for one year. I wish he had an answer instead of simply trying to sell me his pitch, and I wish I was able to help him in some way if he needed it.

Cours IUT : Évaluation et Bilan

Supprimer les notes, c’est assurément une façon de se recentrer sur l’apprentissage ; c’est arrêter de chiffrer quelque chose qui n’est pas chiffrable. Mais, arrêter la note ne veut pas dire arrêter d’évaluer, car, bien évidemment, l’étudiant a besoin de repères, de savoir où il en est. Quand il n’y arrive pas, il le sait : il n’a pas besoin de recevoir une mauvaise note. Il faut trouver comment stimuler son envie de continuer à apprendre, alors que la mauvaise note, en général, lui donne envie de ne plus essayer. La note, pour les bons élèves, sert de carotte : elle est intéressante en terme d’émulation. Mais il faut trouver une autre façon de stimuler l’apprentissage : en disant à la personne que ce qu’elle fait est bien, qu’elle peut être fière d’elle. Si l’enthousiasme est réveillé, elle aura envie de continuer à apprendre.

Isabelle Peloux : Passer de la note à l’évaluation

Je suis contre le système de notation actuel. Mais il faut pourtant que j’attribue une note à chaque élève. Alors je vais essayer de transformer cela en auto-évaluation. À partir d’un exercice imposé sur une heure, seuls (mais connectés) face à la page blanche, essayer de produire quelque chose à partir des concepts que j’ai essayé de leur transmettre. Au final l’évaluation sera davantage intéressante pour moi. Qu’ont-ils retenu de ces 24 heures passées ensemble ? Un peu, beaucoup, rien du tout ?

Le débriefing/correction sera l’occasion de faire un bilan de ce que l’on a abordé ensemble. D’analyser ce qu’il manque à ce cours pour être plus pertinent et plus engageant. De vérifier qu’il a répondu à leurs craintes initiales. Mon bilan personnel est assez mitigé :

  • la responsable de la promotion est très réactive et compréhensive mais le service technique de la fac est clairement en position de « difficultateur » ;
  • j’ai pris du plaisir à transmettre des concepts aux élèves mais cela manque cruellement de recul sur la profession ;
  • les étudiants sont demandeurs mais il faut que ça reste dans le cadre de leurs heures de cours ;
  • le fil rouge du cours (projet personnel) est motivant mais manque de finitions faute de temps.

Malgré ces retenues, le bilan est globalement positif et j’espère pouvoir participer par la suite plus en amont pour orienter le programme afin qu’il réponde un peu mieux aux enjeux et pratiques du métier.

C’est en observant nos deux apprentis tantôt réussir, tantôt échouer, que je fus soudain prise d’empathie. J’ai repensé à mes propres débuts.

J’ai alors eu envie de les aider. Au quotidien, j’essaie de les aider du mieux que je peux, bien que cette aide ne soit pas toujours facile à caser dans un rythme de production soutenu.

C’est pourquoi je publie ici les 24 conseils que j’aurais voulu qu’on me donne aussi quand j’ai débuté, afin que cela puisse servir à d’autres débutants… quitte à prendre moi-même un petit coup de vieux !

24 conseils que j’aurais voulu que l’on me donne quand j’ai débuté

Quelques conseils que j’aimerais leur donner pour la suite :

  • Ce que vous avez appris aujourd’hui sera faux demain. Vous devez continuer à expérimenter par vous-même et pratiquer une veille au quotidien ;
  • Validez vos acquis par la transmission. Je n’ai jamais autant appris qu’en essayant de partager le peu que je savais déjà sur le sujet ;
  • Publiez votre travail. Même si ça vous semble parfois dérisoire, racontez le processus qui vous a permis d’arriver à ce résultat ;
  • Rencontrez vos pairs. Rencontrez vos interlocuteurs. Rencontrez vos utilisateurs.

The tech conference survival guide

I'm not the Ninja you're looking for

With LeWeb starting tomorrow morning I couldn’t find a best timing to translate and update 13 trucs indispensables pour survivre en conférence technologique I’ve been maintaining in French since 2012.

The original post started with a list of epic fail situation I’ve faced while running tech conferences in Europe. I’ve added some tricks coming from my observation or some hot topics that have shaken conferences all over the world.

1. Act like 3G doesn’t exist

Even though you’re going in the ultimate first world place, act like 3G has not been invented yet. In other words, don’t rely on Internet and your mobile phone.

The first time I went to Vienna was a catastrophe. I recently changed my carrier plan, and to get a European 3G access, I needed an Internet access. The company I was working at recently got acquired by a huge corporation, and they did not activate my 3G plan outside of France. Fortunately, there’s a Starbucks at 20 metres from the monorail station so I was able to get my things together, but that’s not enough when you need to be mobile.

Since then, I’ve been writing everything down on a sheet of paper I keep in my passport: the hotel’s address, a map to go from my hotel to the conference venue and the name and address of my business contact in the country. The latter was pretty useful to answer the toll questions when I first went to Tel Aviv.

If you’re going to Paris, the city is well covered by the 3G and even the 4G, but not everywhere. There’s a strong lobbying against GSM relays and some streets like the ones around Baubourg are no GSM land.

2. Act like WIFI doesn’t exist

Even in 2014, WIFI is often the tech conferences weakest point. Things are getting better, but having enough coverage for everyone is still a technical bargain for the network teams. If you’re expecting 1000 visitors, consider you’ll have to provide an Internet access for about 3000 devices, laptops, tablets and smartphones. As a consequence, the 3G will also be saturated.

There’s worst: the 3G can be jammed by the event organisation. It happened to me at Eurovision Song Contest 2011. I was supposed to live tweet the even from the TV speaker cabin which was at the 6th floor without elevator of a 50,000 people capacity stadium. I had to go 50 metres from the stadium every time I wanted to post something because 3G was jammed inside. Talk me about a marathon and live coverage.

The best thing is to forget about Internet for the day unless you’re part of the event official bloggers team. Fetch your email at your hotel in the morning, upload your pics on Flickr before bed time. And enjoy the talks and people at the conference, that’s what you’re there for.

3. Make your appointments a few days ahead

Tech conferences are the best place to meet industry specialist you’d never meet otherwise. These people are usually busy and you’re certainly not the only ones who want to get in touch, so first arrived, first served. Make your appointments a few days before the event.

For every people you contact, send an introduction email telling who you are and why you want to meet them. Once the appointment is settled, write down a few things you want to ask or say so you won’t lose each other time.

4. Take a Kensington with 2 keys

Kensington are heavy, take useful place in your backpack and they’re probably the latest thing you want to carry when wandering around the world. They’re also very useful to leave your MacBook Pro at your front row table the time for you to go to the lavatories and back.

Kensington are provided with 2 keys, so take them both, one in your pocket and one in your backpack, no surprise that way.

5. Bring your anti-inflammatories

I spent the whole FOSDEM 2006 with a toothache so big the only thing I could do to calm the pain was slamming my head against the wall. Try it, you’ll see how good it is when you stop. Unfortunately, Belgium is a place where the only thing I could by freely was Paracetamol.

For that reason, I always take my pain medicine (Ibuprofen or stronger things) in my luggage, without the box or anything. Before flying, check twice if the substance is not strictly forbidden by the law.

6. Always carry 20€ of local money in your pocket

Being aggressed is not fun. Being aggressed and stolen your wallet with your passport, your plane tickets and your credit cards is enough to waste any trip.

Always carry 20€ of local money in your pocket. In most cases, it will be enough and you won’t have to get (and give) your wallet. I’ve also taken the habit to hold my passport and plane tickets in a pocket and my wallet in the other. I also leave my credit card at my hotel. These can save your life.

7. Make business cards with your picture on them

Make your business cards ahead of time so you won’t panic a few days before boarding because you still don’t have them. They’re a critical part of networking events.

Store your business card in a riding case. In some countries like Japan, exchanging business cards is a strong symbol. Giving a torn business card you kept in your jeans back pocket is considered an insult.

If you really want people to remind you, order business cards with your photo on them. People usually get dozens of them, and having your face printed on your business cards is a good way for them to remind who they met.

8. Take a spare laptop battery

It’s becoming hard to switch laptop batteries, but you can still carry a spare USB one. Most conference centre won’t provide you with a plug, and the organisers don’t always think about them either.

In most conferences, you’ll spend hours sitting in a room without accessing a plug. If you’re live blogging the event, you’ll also need some network access, to dump and process your photos… Without a spare battery you’re doomed.

There’s another reason why you should take a spare battery. If you can’t find a plug, your USB port will allow you to charge your smartphone, which can be life saving.

9. Take a strip

If there’s one thing worse than a tech conference without network, it’s a tech conference without a plug to charge your laptop.

The first time I went to the OSDEM (the FOSDEM ancestor), I found myself in a hacking room without a spare plug for my old Vaio. Since then, I never go to a tech conference without a 4 plugs universal strip. It’s huge, it’s heavier than the above mentioned Kensington, but it’s life saving and helps to make friends.

10. Buy a local SIM card

In most countries you can buy a very cheap SIM card with a data plan without giving your ID or needing to live in the country. This is very convenient to avoid being overcharged for international roaming. Don’t forget to give your friends your new cellphone number and change your voicemail message. Ensure your cellphone is unlocked before boarding and your local plan includes tethering.

Extra trick: if you have an iPhone, don’t forget to carry a paper clip so you can change your SIM card when you need it.

11. Take an extra pair of jeans

Even when you go to a single day even, carry spare jeans with you. A few years ago, I had to travel with a friend for a 1 day meeting. During the trip he got a bottle of red whine spilled on him. The rest is history.

Don’t count on buying an extra pair in case of emergency. You never know when those things happen and if you’ll find an open store when they do.

12. Carry a small bottle of water and an energy bar

Unless you’re lucky, most conferences are far from the centre of the city.

You’re never sure you’ll find drinking water and proper food at the venue. There may have a problem with the food supplier, you can get stuck in an elevator, or the vending machine can be broken.

Always carry a small bottle of water (I have a Starbucks thermos of Earl Grey) and something to eat. Avoid chocolate as it can melt during the day. It should be enough until you get back to your hotel.

13. Don’t carry confidential or copyrighted pirated material

Before boarding, delete that BlueRay RIP of Frozen you planned to watch in flight and your confidential company material even if your hard drive is encrypted. Upload your important data somewhere you can access online using strong cryptography starting with copies of your passport and plane tickets.

Don’t rely on encryption locally. Someone who has something to hide always looks suspect even though it’s perfectly legal stuff.

14. If you meet a woman at a tech conference

If you meet a woman at a tech conference, consider she’s a normal human being and act accordingly.

That’s all for today. I’ll probably update this post from time to time. Since then, let’s meet tomorrow at LeWeb if you want.

The good, the bad and the ugly of virtual hosting with Nginx

Nginx Virtual hosting

Nginx is by far my favourite Web server. After years going through various Apache flavors, Sun ONE, Microsoft IIS or Lighttpd twisted Perl like configuration, Nginx simplicity was a relief.

Last week, a friend of mine asked me for some help to setup a Web server for a school project. They’re teaching pupils HTML and CSS and she wanted each of them to have their own space to test what they’ve done. There was one problem: she doesn’t know anything about system administration. So I had to setup something where she would not touch the configuration or restart Nginx.

The idea was simple: I wanted to add as many sites as I wanted without adding a configuration file or restarting Nginx.

Challenge accepted.

Things going on, I was thinking further and further, testing more and more things to know where I could go.

  1. Dynamic vhosts for static sites
  2. Dynamic vhosts for Ruby on Rails apps with Passenger
  3. Dynamic vhosts with multiple backends
  4. Dynamic vhosts with SSL support
  5. Dynamic vhosts with their own error pages (and fallback)
  6. Dynamic vhosts with separated logging
  7. Dynamic vhosts with basic auth

I setup different configurations and found out some things were possible and some other were not because of how Nginx handles some .

1. The good: dynamic vhosts for static sites

The following configuration file is a very basic setup for static Web sites. There’s no backend here, no SSL, nothing fancy, the only goal was to check the setup works (and it does).

server {
    listen 80;
    server_name _;
    
    set $site_root /data/www/$host;
    
    location / {
        root $site_root;
    }
    
    error_log  /var/log/nginx/error.log  info;
    access_log  /var/log/nginx/access.log;
}
server_name _
The `_` server_name is a _catch all_, which means it will process every query. If you want to process subdomains of your domain name, you can use `*.platyp.us` instead of `_`
$site_root
The location where sites are hosted. Using the `$host` variable allows to set that configuration directive dynamically. So `foo.bar` is hosted in `/data/www/foo.bar/`.

Note that $site_root is a user defined variables we use to avoid repeating ourselves. $host is a Nginx variable.

2. The bad: dynamic vhosts for Ruby on Rails apps with Passenger

If you want to host Ruby on Rails Web sites, Phusion Passenger mod_rails is a nice and convenient solution. I’ve been using it since the very beggining to host Publify blogs and never had anything to say about it.

I’ve reused the static site configuration, adding the minimal Passenger setup for clarity.

server {
    listen 80;
    server_name _;
    
    set $site_root /data/www/$host/public;
    set $log_root $site_root/log;
    
    location / {
        root $site_root;
        passenger_enabled on;
    }
    
    error_log  $log_root/error.log  info;
    access_log  $log_root/access.log  main;
}

2 lines differ from the first example

$site_root _
Ruby on Rails `root` lies in the application `public` directory so this is where Nginx root goes.
passenger_enabled on;
Enables `mod_rails` for the current location

Bad news, it didn’t work.

Despite being called mod_rails, Passenger does not work like its PHP counterpart. It needs to know which sites it manages at startup time to launch a Ruby worker for each of them.

3. The ugly: dynamic vhosts with multiple backends

So far, we’ve been playing with site hosted locally. This time, we’ll configure Nginx as a reverse proxy to access various application servers relying on Lua module and Redis as a backend. I’ve found the Lua configuration on Dan Sosedoff blog

So you’ll need:

  • Lua.
  • Nginx compiled with Lua support.
  • A Redis server running somewhere. If you only have one machine running your frontend server, localhost is definitely the place to be.
server {
    listen 80;
    server_name _;
    
    set $site_root /data/www/$host;
    set $log_root $site_root/logs;
    
    location / {
    
        root $site_root;
        
        if (! -d $site_root) {
            set $backend "";
            rewrite_by_lua '
                -- load global route cache into current request scope
                -- by default vars are not shared between requests
                local routes = _G.routes

                if routes == nil then
                    routes = {}
                    ngx.log(ngx.ALERT, "Route cache is empty.")
                end

                local route = routes[ngx.var.http_host]
                if route == nil then
                    local redis = require "redis"
                    local client = redis.connect("localhost", 6379)
                    route = client:get(ngx.var.host)
                end

                -- fallback to redis for lookups
                if route ~= nil then
                    ngx.var.upstream = route
                    routes[ngx.var.http_host] = route
                    _G.routes = routes
                else
                    ngx.exit(ngx.HTTP_NOT_FOUND)
                end
            ';

            proxy_buffering off;
            proxy_redirect off;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://$backend;
            
            set $log_root "/var/log/nginx";
        }
    }
    
    error_log  $log_root/error.log  info;
    access_log  $log_root/access.log  main;
}

This one is more complicated because of the Lua part.

if (! -d $site_root)
If the site is not a static one (or a Passenger powered Ruby on Rails site), there’s no reason the directory exists, so we know we’ll have to proxy.
set $backend “”
Sets an empty var for the backend. This var is later set by the Lua script using the cache fetched from Redis. If no backend is available, then we return a 404.
proxy_pass http://$backend
Pass the query to the needed proxy.
set $log_root “/var/log/nginx”
This is a fallback to store the logs into `/var/log/nginx` if `/data/www/$host` does not exist.

Now let’s test:

$ ./redis-cli
redis> set foo.platyp.us 192.168.0.1
OK
redis> set bar.platyp.us 192.168.0.2
OK
$ curl foo.platyp.us
    Hits 192.168.0.1
$ curl bar.platyp.us
    Hits 192.168.0.1
$ curl perry.platyp.us
    Error 404

I’m not a great fan of this solution so I call it ugly.

First, it breaks my catch all philosophy as you need to map every site with a Redis record. It means no more handy wildcard.

Second, I’m not fan of the if (! -d $site_root) which makes use of Nginx rewrite module. Nginx uses stat(2) which checks the nature of the file against the Posix macro S_ISDIR so we’re adding additional system calls for every http request. It’s not a big deal, but it’s better to know how it works.

The good news is you can handle non existing sites on Nginx level as you only use proxy_pass if and only if:

  1. There’s no static Web site with that name.
  2. There’s a backend to handle it.

Nginx documentation states that if is evil and I should use try_files instead. Unfortunately, try_files won’t work the way I want.

My first tests relied on a DNS based configuration. Every Web site had a $host.internal URI pointing to the right backend. I didn’t like it for at least 3 reasons:

  1. DNS adds lots of complexity as you need to create a new A (or AAAA) record for every Web site you host to know where it should forward the requests, and you don’t always control it. Most IT will refuse to dynamically add DNS entries every time you add a new site. Adding lines in /etc/hosts is not a solution either.

  2. DNS adds network latency. The Nginx LUA module allows to caches the results so you don’t have to query Redis every time you need to map a Web site with its backend.

4. The bad: dynamic vhosts with SSL support

Thanks to TLS SNI ((RFC 6066)[https://tools.ietf.org/html/rfc6066]), you can now manage multiple certificates on the same IP address. SNI does not work with old browsers, but it’s a great alternative the IPv4 shortage if you don’t care about the minority still using Internet Explorer 6.

In a dynamic SSL or not scope, the most obvious configuration was:

server {
    listen 80;
    server_name _;
    
    set $site_root /data/www/$host;
    set $ssl_root $site_root/ssl;
    
    if (-f $ssl_root/$host.pem) {
        return 301 https://$host$request_uri;
    }

    location / {
        root $site_root;
    }

    error_log  /var/log/nginx/error.log  info;
    access_log  /var/log/nginx/access.log;
}

server {
    listen 443;
    server_name _;
    
    set $site_root /data/www/$host;
    set $ssl_root $site_root/ssl;
    
    ssl  on;
    ssl_certificate  $ssl_root/$host.pem;
    ssl_certificate_key  $ssl_root/$host.key;
    
    location / {
        root $site_root;
    }
    
    error_log  /var/log/nginx/error.log  info;
    access_log  /var/log/nginx/access.log;
}

The SSL configuration is the minimal one. If you’re looking for a more complete one, I’ve written A Bulletproof Nginx SSL Configuration you can use.

Unfortunately, dynamic vhosts with SSL won’t work. Trying to start Nginx with this configuration fails with:

nginx: [emerg] BIO_new_file("$ssl_root/$host.pem;") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('$ssl_root/$host.pem;','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

There are 2 reasons for this:

  1. Nginx needs to load the whole SSL server configuration at start time, so it throws an error when the certificate or key does not exist.
  2. The Nginx SSL configuration parser does not expand user defined variables so it needs a relative or absolute path.

5. The good: dynamic vhosts with their own error pages (and fallback)

Nginx default configuration provides a handy way to manage custom error pages in http, server, location and if in location contexts. The following example is designed for a custom 404 page but it can be easily extended to any 40x or 50x pages.

server {
    listen 80;
    server_name _;
    
    set $site_root /data/www/$host;
    
    location / {
        root $site_root;
    }
    
    error_page 404 =404 /404.html;

    location /404.html {
        root $site_root/error_files;
        internal;
        
        error_page 404 =404 @fallback_404;
    }
    
    location @fallback_404 {
        root /var/www/;
        try_files /404.html =404;
        internal;
    }
    
    error_log  /var/log/nginx/error.log  info;
    access_log  /var/log/nginx/access.log;
}
error_page 404 =404 /404.html;
Tells Nginx to use `/404.html` in case of `HTTP_NOT_FOUND` with a 404 return code.
location /404.html
What happens when hitting /404.html. This is where the fun beggins.
root $site_root/error_files;
Changes the location `root` to match the Web site `error_pages` directory.
internal;
Means it’s an internal redirection so the redirect is invisible client side.
error_page 404 =404 @fallback_404;
In the `/404.html` location, the error page is in the named location `@fallback_404` and returns a 404 http code.
location @fallback_404
This is the named location used to configure the fallback 404 page. In this location, the `root` is changed to `/var/www/` so it will read files from that path instead of `$site_root`
try_files /404.html =404;
Returns `/var/www/404.html` if it exists with a 404 http code.

The most obscure part is internal. According to Nginx documentation :

Specifies that a given location can only be used for internal requests. For external requests, the client error 404 (Not Found) is returned. Internal requests are the following:

  • requests redirected by the error_page, index, random_index, and try_files directives;
  • requests redirected by the “X-Accel-Redirect” response header field from an upstream server;
  • subrequests formed by the “include virtual” command of the ngx_http_ssi_module module and by the ngx_http_addition_module module directives;
  • requests changed by the rewrite directive.

And also:

There is a limit of 10 internal redirects per request to prevent request processing cycles that can occur in incorrect configurations. If this limit is reached, the error 500 (Internal Server Error) is returned. In such cases, the “rewrite or internal redirection cycle” message can be seen in the error log.

6. The bad: dynamic vhosts with separated logging

Last thing I’ve tried to do was to dynamically separate the logs by server. I thought it would be interesting to let the users access their logs for debugging or processing purpose.

Let’s improve the first configuration.

server {
    listen 80;
    server_name _;
    
    set $site_root /data/www/$host;
    set $logging_root $site_root/logs;
    
    location / {
        root $site_root;
    }
    
    error_log  $logging_root/error.log  info;
    access_log $logging_root/access.log;
}

If this is your only server, Nginx won’t start. It won’t start because it needs to open the log files at startup, and the access_log and error_log options don’t expand variables. There’s a solution though, which is delegating the log processing to rsyslog or syslog-ng but that’s beyond what I wanted to talk about here.

7. The bad: dynamic vhosts with basic auth

server {
    listen 80;
    server_name _;
    
    set $site_root /data/www/$host;
    
    location / {
        root $site_root;
        
        if (-f $site_root/.htpasswd) {
            auth_basic "Restricted";
            auth_basic_user_file $site_root/.htpasswd;
        }
    }
    
    error_log  /var/log/nginx/error.log  info;
    access_log  /var/log/nginx/access.log;
}

Forget about it, it won’t work.

$ nginx -t
nginx: [emerg] "auth_basic" directive is not allowed here in /usr/local/etc/nginx/nginx.conf:124
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

The reason why it fails is because if is not part of the general configuration module as one should believe. if is part of the rewrite module and auth_basic is another module. That’s one of the reason why the Nginx community thinks if is evil.

I guess I’m done, or almost.

If I’ve been missing something or there’s way to do one of the things I’ve failed at with my “never configure, never restart” philosophy, please drop me an email frederic@t37.net, I’ll be happy to update the article.

There’s one more thing I’ve been playing with part of the week-end, and I hope it will stay buried from the man knowledge until the end of time. Any real work implementation of what I’ve been testing would certainly result in opening a door to our world for the Great Old Ones. I’ve started to implement Apache .htaccess to Nginx using Lua.