Categories
docker hosting linux network rails Security Technology Uncategorized

Self-hosting with Kamal: Watch your ports when shipping.

I’ve been playing around with Kamal from Basecamp (previously called MRSK) for deploying simple apps on a single server.

There’s a lot to like about Kamal’s ergonomics and principles. But there were a few things that I struggled with or that confused me.

It mostly boils down to Kamal offering some kind of a layer of abstraction over docker, SSH and some linux commands. But perhaps more importantly, DHH, the creator of Kamal quite explicitly says that:

“[It] is designed for multi-server operation”.

DHH

Why is this distinction important?

Because it implicitly avoids some of the nice (and more secure) features of docker on a single host, primarily: internal network connections and name resolution.

[It] is designed for multi-server operation, so the internal network idea breaks down pretty quick with that. You’d have to unstrip all of that when you go to scale it. So I think we’re better off keeping the network host transparent.

DHH

This is a completely fair design choice, and simplifies a lot of complexity for Kamal. However, when you’re running your new startup or a hobby project, you want to keep things simple and run it all on one host.

But you don’t want to compromise on security and unintentionally expose your Database or Redis to the outside world, right?

Categories
Technology UX

Reversible irreversible deletion

An interesting — yet not too uncommon — UI/UX problem is to allow users to delete stuff, but prevent them from accidentally deleting things. There are several typical approaches:

Just let users delete

Ouch. Obviously this is the problem we’re trying to solve here. NOT a solution.

Categories
support Technology

jumping through hoops

One recent pet peeve of mine has been how companies make you jump through hoops just to report an issue to support.

Trello is a recent one. I used to be able to just email support@trello.com … Not anymore…

You’ve emailed support@trello.com, which is no longer available for support.

That’s great!

And the best part? when I actually try to use their support system, it breaks! usually because of some invasive tracking that I block, I know it’s “my fault”, but still makes me mad.

Categories
privacy Security Technology

Does iOS 14 protect your privacy?

A few months ago I wrote a post: Does Apple care about your privacy?

In the post, I looked at Apple’s IDFA – ID For Advertising, and how it’s abused by companies like Facebook and many more to track you. I believed then, and still believe now, that what Apple is doing is not ethical and also not legal under the European GDPR.

Since then, Apple actually announced that iOS 14 would change the way IDFA was accessible to all apps by default and that it would start “Asking Permission to Track”. This is a welcome change. Sadly, despite iOS 14 rolling out already, and despite Apple’s claims on this page, this change is still not in place.

Luckily, however, I was able to collaborate on this issue with NOYB (None Of Your Business: a privacy organization; please consider donating if you care about your privacy). NOYB brought forward an official complaint against Apple. The complaint was not a GDPR complaint, but rather highlighting an ePrivacy violation. This is another legal framework which explicitly forbids the kind of stuff Apple is doing.

Categories
Security Technology

Protecting TimeMachine backups from itself

Going down the time machine rabbit hole…

I love the fact that MacOS comes with TimeMachine built-in, and I also really appreciate its simplicity. It makes backups easy and accessible even for non-technical people. It gets messy though if you also want to have real offsite backups however.

TimeMachine works great with a USB external HD, but things get tricky over the network.

I own a small Synology NAS, and I managed to mount a TimeMachine volume and get it to backup to that volume. The problem started when the volume size started to grow. I could set a quota on the volume, but for some strange reason, when the quota is reached, TimeMachine just started failing without a clear reason. There’s no way to tell TimeMachine to only keep X versions, or keep disk storage below a certain threshold. It’s supposed to prune backups automatically, but seems to fail with my network volume.

Categories
privacy Technology

Sonos is spying on me… (and you)

I recently decided to get a wireless speaker for our Kitchen. Sonos seems like an obvious choice these days. The sound quality and aesthetics were very appealing. So I ordered a Sonos One SL speaker.

In terms of sound quality and looks, I was very pleased. I’m not an audiophile but the sound quality seemed superb and the speaker just looks fantastic. A very clean and unassuming look.

what’s hiding underneath ?

As I later discovered, a dirty beast hides under the cool exterior.

Categories
hosting privacy Security Technology

Why is Backblaze tracking me?

This is a follow-up to my previous post: hey.com is onto something with its tracking-pixel blocker. I mentioned contacting Backblaze about their email tracking there.

I didn’t think too much of it at the time, and honestly (or naively?) was expecting some kind of a “Oh, yes, you’re right, there’s no need to track those emails”… But it didn’t unfold in quite the same way.

TL;DR

This is my own interpretation, obviously. Backblaze seems to think that tracking emails is totally fine, even under the GDPR. They’re not going to stop doing it until further notice.

Categories
hosting Security Technology

Disposable emails: I gave Fastmail a second chance

About 4 years ago I wrote a rather lengthy rant about Fastmail, and why it didn’t fit my needs: Why I’m not using Fastmail. A few weeks ago, I gave it another chance, and this time the experience was way better.

Categories
marketing privacy Technology Uncategorized

Who’s sharing my data? … and who the hell is Dave M. Rogenmoser?

I’m no longer active on Facebook, but at the moment, oddly, it’s my main goto option to find out at least some of the companies that share my data.

Facebook lets you see who shared your data with them. There are two interesting pages, buried and well-hidden, worth checking: Off Facebook activity and Businesses who uploaded and used a list.

Want to see which companies are sharing your data? continue reading.

Categories
marketing privacy Technology

Bunq freeloading: joint accounts now cost at least 59.9% more, your privacy doesn’t matter either

My wife and I joined Bunq a couple of months ago. Bunq is a fairly new European bank, based in the Netherlands. It’s one of the new breed of mobile-first banks that offer a more modern experience. It has a neat mobile app with some clever features like dynamic sub-accounts, spend tracking, better credit card control and more.

Their slogan is “bank of the free”. Whilst other banks might not charge you to open an account or use it, Bunq actually does charge for its account. However, the “free” part, as far as I understood it, is that by paying bunq, they can provide a service to you, rather than find ways to monetize you (e.g. by advertising, selling your data).

As you can see from the marketing spiel, they value transparency and don’t do any dirty business.

Until they do…