fortune 957

<+notabene>
yvg: dis un truc joyeux pour voir une fois ? :)
<+yvg>
notabene: j'aime pas les chats
<+yvg>
ha jme suis trompé
<+yvg>
j'aime les renards
<+yvg>
:D
<+koalie>
notabene, :)
<+notabene>
:)
<+koalie>
dans l'ordre t'as droopy, calimero, et apres t'as yvg
<+yvg>
haha
<+yvg>
koalie: t'as oublié le schtroumpf grincheux
<+koalie>
ou l'inverse
<+yvg>
et mat
<+yvg>
non mais quand je suis content je ne me plain pas
<+yvg>
:]
 
Mode change +o mat on ##openweb by ChanServ

fortune 956

<karlcow>
sur ce je vais me faire plaisir -> direction sdb

Your data is too important to be self hosted

The grid

Popular amongst the late 90’s geeks as broadband and unlimited RTC plans reached the home, self hosting has fallen into disuse as companies started to provide better, managed services, all for free. It was nearly impossible for open source projects like Imp or Squirrelmail to compete against Gmail, and the billion fueled services had an enterprise class credibility some bearded guys in their garage could not afford.

Things have changed after Snowden’s leaks started to raise privacy concerns and companies ending in the deadpool with all their data made people realize they had no other protection than good will when the service is free. A massive « get your data back » campaign started, helped by the fact that setting up a Web server has never been easier. By an incredibly ironic step back in the past of shared time computing, running your own server on the Internet is just 1 click and a few cents an hour away.

10 years ago, my CTO told me something that almost ruined my career.

System administrator is the dumbest job on earth. All you need to get things working is read the manual and Google for tutorials to cut / paste.

He forgot to add « until real people start using your platform ».

Indeed it’s very easy. Create an Amazon Web Services Account, download a the latest version of Zimbra, CozyCloud or Owncloud, or use ready to use Docker images and you’re ready to start host your data. Until something gets wrong.

Sooner tonight, David Meyer brought the topic back on Twitter.

I want to set up a personal server (mail, calendar, storage, personal webpage) in the cloud. Recommendations for a host?

That’s a good question, because there’s no easy answer.

If you value your data and want to host them in your own cloud, pick up a managed service or hire a professional system administrator to install and run it. Otherwise, leave them to Google, they have people who know what they’re doing.

The past 10 years, we’ve been moving most of our digital selves from Desktop software to browser or apps based portals to online services. We started to vote online, pay our taxes online, or do our supermarket online. Our lives are now so unmaterial that losing your data or have them compromised has became more annoying than losing your passport during a trip in North Korea.

If you (or anyone reading this) want to host their cloud without hiring a professional sysadmin or going into a managed service, here are the 3 main issues you’ll have to address.

Backups

If there’s one thing no one tell you about when you start self hosting your data, it’s backups.

I’ve lost all my data only once.

The first time was the 28 June 2001. It was around 7:00 AM. I had spent the night coding on a project and Slackware 8.0 was just released. I did not want to wait to upgrade, and when I started the install, I told the installer to delete /home instead of /. Back then, hard drives were still expensive and I had no backups of my data.

Backups are not about leaving Time Machine transfer your data to your home Time Capsule while you’re away. It’s about saving the right stuff, encrypt them before you send them to a 3rd party service, ensure it doesn’t fail silently and it restores well.

If you want to sleep quietly, you should test your backups at least once a month to ensure they restore. If you don’t, it’s like you’re not doing backups at all.

Security

The Internet is not a nice place to hang out. Thousand people are looking for weak machines they can compromise either to steal and sell the data when it’s worth it (ask French Domino’s Pizza what they think about it), or use them to mine Bitcoins or join a botnet to run denial of services.

I’ve been compromised at least 3 times. I say « at least » because you’re never sure when it happens unless it gets so obvious you can’t ignore it and get your machine shutdown by your hosting company. The first time was in February 2002. Back then, I was hosting a bunch of machines in my 14 square meters room in Paris. I was sleeping and got awaken by the noise of my mail server hard drive scratching as if someone was running a find /, which is probably the case. I jumped out of my bed and pulled the plug before I went back to bed.

Security is not just subscribing to your operating system and software mailing list, looking for advisories to update things. It starts when you start reading the famous tutorials and change a few things to ensure services run with different, unprivileged users instead of root, bind servers on a UNIX socket instead of 0.0.0.0, or run in containers / different virtual machines / jails, you name it.

It’s also checking your logs daily, looking for some unusual activity, and learn to recognize when your system is under attack or compromised. It’s setting up your mail server well enough so recipients won’t consider you as spam. Or simply setup a good backup policy.

It’s finally knowing about the legal stuff around self hosting and being compromised. You probably don’t want the police to ring your bell at 6 AM because the cloud you’re hosting your family pictures on has been compromised and used for a large operation against some US bank, or to host kiddie porn.

Availability

When you’re relying on an application provider, starting with Gmail for example, you’re confident they have enough servers, data centers and network providers to ensure redundancy so your data are still available when there’s a flood in Virginia. If they’re really good, they’ll also replicate your data in various places so they won’t lose it if the data center burns, which may happen someday.

Without going that far, there’s alway a risk when start self hosting your data that it becomes temporarily or permanently unavailable.

Imagine that worst case, not so uncommon scenario. You need to upgrade some service on your self hosted cloud. You follow the documentation, but things don’t go well and the service becomes unavailable. Indeed, you’re hosting some business critical things, like your professional address book or all your documents, and you won’t be able to reach them for maybe 1 hour, 1 day, you don’t really know how much time it will last. You won’t be able to get your email either, and you didn’t setup a MX backup so you’re completely unreachable for an undefined amount of time.

Scary isn’t it?

This is the real topic when people start to talk about self hosting. Once you’ve got your data back and the excitement is over, there’s a non negligible amount of daily – often boring – work you’ll have to do instead of watching the latest Lolcats video on Youtube.

Cours IUT : Responsive et Documentation

Un exemple de manque de pragmatisme : j’ai déjà vu sur un projet, les intégrateurs faire toute l’intégration d’un site avec flexbox, puis passer des jours à tout refaire dans une autre feuille de style pour IE, alors qu’il était établi dès le départ que IE8 était dans la cible. Ils avaient envie d’utiliser flexbox, ce qui est compréhensible, mais dans ce contexte c’était une perte de temps pour tout le monde. La bonne technique aurait du être de faire une version correcte sur IE8, avec les techniques utilisables (ça ne manque pas), et d’ajouter ensuite les beaux dégradés, ombres, etc… que permet CSS3.

Attitude et éthique du développeur.

La dernière session des cours que je donne à l’IUT a permis d’attaquer un projet qui servira de fil rouge. La plupart se sont mis en groupe de 2 ou 3 et j’ai 2 personnes qui ont préférées faire cavalier seul, l’une pour tout comprendre et l’autre pour garder son indépendance. La rétrospective nous a permis de discuter des améliorations possibles :

  • aborder tout ce qui est relatif à l’approche mobile et responsive ;
  • avoir la possibilité d’afficher des choses sur le vidéoprojecteur (2 fails consécutifs là-dessus avec un adaptateur oublié la première fois et un vidéoprojecteur incompatible la seconde…) ;
  • faire un goûter.

Le prochain cours va donc mettre l’accent sur l’adaptation aux différentes résolutions à l’aide des media-queries en présentant les différents outils comme responsive.is ou des approches comme la responsive typography. Il existe même des moyens de visualiser les principes de base ou de réfléchir en terme de responsive philosophy. Une première étape sera de pouvoir modifier leur menu géré avec Flexbox en changeant la flex-direction de row à column par exemple. Je ne compte pas aller jusqu’à la gestion des différentes résolutions d’images, il y a déjà bien assez à faire en parlant de contenu.

J’ai préparé des cookies pour la pause du goûter, l’occasion de parler de préservation de la vie privée ? :-)

La seconde partie va encore une fois être l’occasion de les mettre en situation en faisant tourner les sources des différents projets entre les groupes et en leur demandant une amélioration mineure. L’occasion de voir à quel point il est difficile de reprendre un projet et l’intérêt d’une documentation haut niveau en plus du styleguide qu’ils ont commencé à faire lors du dernier cours.

Si j’ai un peu de temps on abordera aussi les notions de performances web car j’ai pu remarquer à quel point les élèves sont enclins à rajouter des polices ou des images assez lourdes. C’est l’intérêt d’avoir demandé à récupérer tous les projets par email en imposant d’avoir moins d’1Mo par site. J’ai ainsi pu leur faire un retour personnalisé sur les choses à améliorer, on verra ce qu’ils en ont fait.

Company culture is what happens when the boss is not around

Startup culture done wrong

I’ve had many discussions defining a company culture but we never agreed about it. There are as many cultures as companies, and it’s easy to focus on specific ones when trying to define a general model.

Yesterday, Siqi Chen proposed an interesting definition of a company culture:

Company culture is what happens when the boss is not around.

I love it because it confirms a few things I believe in.

Company culture is a top down thing

The company’s culture is created and driven by the company founders and embraced by its employees, not the other way around. So it’s a common mistake to think you can build a great culture by hiring great people.

Great people don’t drive the company’s culture, they nourish it. A common mistake is believing you can weight on the company culture against its founders nature. I’ve met many people who left the company sad and bitter after trying too much.

Hiring great people is difficult, but it’s not the hardest part. The hardest part is providing them with a great culture and challenges that make them stay. For that reason, the turnover rate and talking with former employees is the best way to know about a company culture.

Company culture is about doing

If there’s one post you should read about the Ubergate, it’s Fred Wilson’s Values and Culture. Fred connects Uber perfect execution with the win at all costs company’s culture. The last paragraph asking if Uber would be the success story it is without its ruthless culture is something to watch on every company.

Pointing out the dark side of Uber is interesting because it’s far from the usual marketing thing in which every company tries to look cool and have an awesome culture.

Still, culture all about both sides of doing, what, like trying to piss off taxis companies, and the how. And you can see that both are inspired by the company’s management, hence a top down culture from spirit to execution.

Company culture is learned, not innate

Finally, company culture is a learned thing, not an innate one.

When Ruby on Rails was the big stuff, I’ve heard too many people bragging about how they had the 37Signals culture, even though they never worked for the company.

They did not know what they were talking about.

You can’t have a company culture if you’ve not worked for that company, if you did not nourish yourself from the team, if you haven’t delivered something with them. It’s impossible. Only the daily life of a company can make you both embrace its culture and as a reward add your personal touch on it. You certainly share some core values, but the culture is something else. It’s something you need to join the company to discover, understand and embrace.

When I was a kid, dad used to say my sisters and I were good exports. It was a way to say we were behaving well when invited at a friend’s place and they always have compliments about us when the boss was not around.

How my free software zealotry ruined a friend’s chances to get out of poverty

Workplace

Paris, July 2002.

I’m a 23 years old computer engineering student. I’m a member of APRIL, a Free Software advocacy association, I fight against software patents, troll people using Microsoft Windows, and I play Go. A lot.

We play in a small bar in the center of Paris. There are students, teachers, a wanna be actor (who’ll later get a major role in the most popular French series ever), and there’s that guy, let’s call him Pierre.

Pierre plays go too. He arrives at the bar around 4PM, stays until it closes, and he accepts to play with the beginner I am. He crushes me without remorse but I learn a lot from him.

Pierre is about to turn 50. He spends his days at the bar because he doesn’t have a job. Pierre is not a go player, he’s a developper. He’s probably not a great one, and in a post September 11 youth glorifying world, there’s no work for him. I don’t know much about him, except what he told me one day when he was drunk enough to speak. Pierre has lost everything he owned, lives in a small room in a far suburb thanks to government subsidiaries. He’s so broke he can’t buy a computer, which means he can’t even work from home.

My 14 meters square flat is full of computers. I’m running various free operating systems. There are some Linux distros, and 3 flavors of BSD, much more than I actually need.

I offer Pierre to give him one of them with my old, spare 14 inches cathodic screen so he can start coding again, maybe create some utilities he can start selling.

I remember his look of disbelief. He had been out of the system for so long he didn’t have a hope of coming back. He asks me if I can install a Windows and Visual Basic environment on the computer so he can start working. He doesn’t even know where to find them and doesn’t have an Internet connection at home.

Indeed I can. My school gives me free student Microsoft licenses and I have an unlimited access to their product. But I refuse.

I refuse and as he doesn’t seem to understand why, I’m getting mad at him. There’s no way I can install non free software on one of my computers. There’s no way I provide someone with proprietary software, even if he asks me to. I refuse for his own sake. He’ll write C, or Perl or Python or whatever runs on Linux and runs with free software.

His look and words become more and more confused as the argument runs. And I don’t understand, I don’t want to understand he can’t do anything else.

I sip my tea, pay for his drink and leave the bar. He comes back on the topic once or twice but I start avoiding him. He still doesn’t have a job, leaves in a 6 square meters bedroom but at least he didn’t fall in the pit of proprietary software.

Talk me about an asshole.

It’s still time to make a donation to that open source project you love

Raise awareness

Last night, I made a 50 dollars donation to the FreeBSD foundation, which supports the open source operating system I run on my server.

If you’re like me, you’re using lots of open source projects. Maybe you’e even contributing to some of them. All of them need support. None of them deserve help more than another. Picking up one out of the crowd is not easy as it seem.

I started using FreeBSD in 2001 or 2002 for the ports. A few months before, I had a terrible experience with OpenSSL Debian binary package. I wanted to avoid another dependencies hell and building from the sources seemed to be the best option

For a few years, I loved FreeBSD stability and its keep it simple stupid approach. I ran it on my laptop and on my server until I had to switch to something else. I replaced my Vaio with a Mac and some software I was relying on were broken on FreeBSD. I didn’t have neither the skills nor the time nor the money to fix them.

After going back and forth, I’ve deployed it again on my dedicated server and I plan to install it wherever it’s relevant. It has changed a lot since 4.4, and I trust the new pkg enough not to rely on the port anymore, but it’s also the same old friend I used to know. An old friend who did not replace my /etc/motd/ with an ugly if every root gave 2$, we would be able to build more build servers for our packages ASCII art.

Today, I’ve heard people saying giving 50$ to the FreeBSD foundation is useless after WhatsApp founder Jan Koum made a one million dollar donation.

Last week, I donated one million dollars to the FreeBSD Foundation, which supports the open source operating system that has helped millions of programmers pursue their passions and bring their ideas to life.

I’m actually one of those people. I started using FreeBSD in the late 90s, when I didn’t have much money and was living in government housing. In a way, FreeBSD helped lift me out of poverty – one of the main reasons I got a job at Yahoo! is because they were using FreeBSD, and it was my operating system of choice. Years later, when Brian and I set out to build WhatsApp, we used FreeBSD to keep our servers running. We still do.

I’m afraid it’s not Miss Fishborne.

A one million dollar donation is a big, exceptional thing for an open source project, but every donation counts, even a five dollar one. The amount of money raised is important, it’s essential to the project life, but the number of people supporting it is even important. Donating shows an open source project health and usefulness, raises awareness amongst the supporter’s relatives, and it helps the project staff when they feel tired and worthless.

I know it’s almost Xmas time and you’re already spending your savings buying your significant other that shiny iPhone 6, but remember it’s not too late.

So pick up your favorite open source project, and donate.

Debug a running Python process without printf

Debugging Python with GDB

Last week, in the wonderful what did I learn today series, I’ve added Python debugging with GDB to my problem solving arsenal thank to Greg being back from a well deserved vacation.

Gdb is definitely not the tool I would have used to debug an interpreted language like Python, but it has a few great bindings that makes it perfect to follow the Python source inside a running process.

To do this, you need a root access to the machine you’ll use as gdb uses ptrace(2) to attach the process. If you can’t have root access, ask for temporary access using sudo(8).

The first thing to do is to ensure you have both Gdb and Python debugging symbols installed.

$ sudo apt-get install gdb python-dbg

Now, run the Python process you want to play with. To make it more simple, I’ve written a very simple one here that feels 3 local variables with some user input.

input_var = raw_input("Enter something: ")
print ("you entered " + input_var)
input_var2 = raw_input("Enter something else: ")
print ("you entered " + input_var2) 
input_var3 = raw_input("Final question: ")
print ("you entered " + input_var3)

Add the following to your homedir .gdbinit file:

$ echo 'add-auto-load-safe-path /usr/lib/debug/usr/bin/python2.7-gdb.py' >> ~/.gdbinit

Now, run the small Python script:

$ python test.py
Enter something: 

You’re ready to debug.

sudo gdb python -p PID
Attaching to program: /usr/bin/python, process 28943
Reading symbols from /lib/x86_64-linux-gnu/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Loaded symbols for /lib/x86_64-linux-gnu/libpthread.so.0
Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libc.so.6
Reading symbols from /lib/x86_64-linux-gnu/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libdl.so.2
Reading symbols from /lib/x86_64-linux-gnu/libutil.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libutil.so.1
Reading symbols from /lib/x86_64-linux-gnu/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libz.so.1
Reading symbols from /lib/x86_64-linux-gnu/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libm.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
0x00007f60a6c35350 in read () from /lib/x86_64-linux-gnu/libc.so.6

Use the py-list command to display the current running code:

(gdb) py-list
  >1    input_var = input("Enter something: ")
   2    print ("you entered " + input_var)
   3    input_var2 = input("Enter something else: ")
   4    print ("you entered " + input_var2)
   5    input_var3 = input("Final question: ")
   6    print ("you entered " + input_var3)

The &gt; shows the current line you’re running. Go back to your script and type something, enter, then switch back to gdb.

(gdb) n
Single stepping until exit from function read,
which has no line number information.
0x00007f7fb40c2120 in _IO_file_underflow () from /lib/x86_64-linux-gnu/libc.so.6

n tells gdb to run the code step by step. Let’s check where we are using py-list.

(gdb) py-list
   1    input_var = raw_input("Enter something: ")
   2    print ("you entered " + input_var)
  >3    input_var2 = raw_input("Enter something else: ")
   4    print ("you entered " + input_var2)
   5    input_var3 = raw_input("Final question: ")
   6    print ("you entered " + input_var3)

Since you’ve assigned a value to the global variable input_var, it would be interesting to check its value.

(gdb) py-print input_var
global 'input_var' = 'coucou'

That’s all for today. There’s probably more to do with GDB but so far it’s been pretty useful to me to understand lots of problems running strace did not enlighten.

The day I browsed the Web like normal people do

Time Square

Today, I had a traumatic experience.

I had to browse the Web like normal people.

I had to check something on my wife’s laptop who’s using neither Adblock nor Ghostery or Flashblock. After years protecting myself from adding advertisement networks as 127.0.0.1 in my /etc/hosts file to using browsers extensions, I was facing an Ad powered Web.

It was an incredibly oppressing experience.

The ever popping ads, from banners to pop-ups to pop-under made focusing on the actual content difficult. I was feeling like I was trying to read War and Piece in the middle of Time Square, something no one still having a sanity point would do.

It ruined the whole experience compared to an ad free browsing. If you’ve ever been to Paris and have gave Pigalle a try after 8 PM, you’ve certainly seen those guys trying to make you enter in a hostess bars. I was feeling the same with all the flashing ads, knowing that, if I clicked on the wrong place, I would be taken to a place very different from what I was expecting.

I wonder how much time and energy is wasted trying to focus on a Web page without being distracted by advertisement. Do they get used to it, or do they cut / past what they need to read in a Word document? I’ve seen people doing this in the past when browsing ping on white with animated gifs sites, so why not as a way to avoid advertisement?

The scariest part was tracking.

If you ever want to know what your significant other is giving your for Xmas, browse some e-commerce sites, and let the targeted advertisements tell you what she’s been browsing lately. It sounds funny when you read stories of people complaining about porn ads popping everywhere and other people telling them it’s based on their previous browsing. It’s not funny at all, and I wonder how people experimenting this don’t freak out.

I feel the advertisement powered Web is a broken model for many reasons. I’ve talked about it with Web sites editors in the past, and they were all arguing there was no other choice but advertisement for them to survive.

It’s not the only business model, it’s the easiest one, in theory. Problem is, unless you’re big enough, you can’t deal with brands who advertise on your site but with third party companies. I just can’t imagine having clients who’re not my clients so I can’t control the price of what I sell.

There’s also a question of education. The « we give you free contents but spam you with advertisement » Web has been around for so long it’s hard to have people pay for quality content. Unfortunately, I don’t imagine anyone willing to pay for their daily dose of lolcats.

Cours IUT : Flexbox et Styleguide

Afin de faire émerger les pratiques personnelles des élèves, renforcer leurs connaissances, il me semble important d’instaurer l’horizontalité dans les rapports humains, au sein de la classe. J’espère pouvoir devenir alors un accompagnateur, un facilitateur, encadrant le processus de maîtrise des concepts de littérature et de grammaire. Le but est de fluidifier la communication, d’augmenter les feedbacks, de rendre les réussites plus accessibles.

D’une sélection artificielle à une sélection naturelle dans un écosystème complexe

Suite de mes aventures dans l’enseignement, après les bases, on passe à du plus consistant. On commence par repartir de zéro sur un sujet qui leur tient à cœur et en plus petit groupes comme proposé en rétro. La première contrainte et d’établir un styleguide en parallèle du développement du site, c’est quelque chose que j’utilise depuis 7 ans et qui dispose maintenant de nombreuses ressources. J’aime cette approche pour plusieurs raisons :

  • réflexion sur la sémantique lorsqu’on se rend compte du nombre d’id/class à ajouter au styleguide pour avoir quelque chose de potable ;
  • documentation dynamique pour les divers contributeurs et pour soi-même, on a vite fait de dupliquer un style par méconnaissance du projet ;
  • facilité d’expérimentation lors de refontes en applicant directement la nouvelle feuille de style au styleguide.

Il s’avère que c’est aussi extrêmement utile en terme de retour pour corriger un bug récalcitrant de façon visuelle.

Le second concept que je souhaite aborder est Flexbox, c’est encore relativement récent mais Vincent me rappelait à juste titre que l’« on enseigne pour aujourd’hui et pour demain » (pour hier, il reste les polyfills) et Flexbox est aussi un moyen de ne pas les dégoûter tout de suite des CSS :-). C’était bien sûr une occasion pour moi de me mettre à niveau dans ce domaine et d’expérimenter, participer à une formation reste la meilleure façon d’apprendre.

Quelques ressources sur le sujet :

Si j’ai le temps, je terminerai sur l’approche mobile et les media-queries pour tirer pleinement partie de Flexbox. Je me rends compte à quel point les minutes sont comptées lorsqu’on est limité à 24 heures de cours sur un sujet aussi vaste…