Manfred Touron

Windows 10 Setup 🖥

Image made with Paint.exe

Introduction

I recently ordered a Microsoft Surface Book 2 with Windows 10. The last time I used a Windows for something else than playing games was in 2006.

About the “why”, here are some reasons:

  • to give a new trial, especially after seeing Microsoft becoming more and more “cool” company, in the Open-Source and Linux world,
  • to get out of my routine/comfort zone,
  • to be able to see how my different projects are running and are easily usable by a developer under Windows,
  • to put the same shoes that people I will try to help with my apps and projects,
  • for the challenge of having a very secure Windows configuration,
  • to have arguments if I need again to say that I don’t fit with Windows :)

I wrote this blog post while installing to try to be exhaustive. I hope this article can be useful for someone else trying to switch from Mac OS X to Windows, or for people interested in running Windows from a Security/Developer/Musician guy’s point-of-view.

(At least, it will be helpful for me for the next time I need to install a Windows machine.)

Windows Install

  • Disable anti-privacy options
  • Disable Cortona
  • Enable FaceID
  • Use a strong password for the pin, not a short number
  • Device encryption is now the default, well done Microsoft :+1:
  • When the install is done, reboot, log in, and let Windows download and install all the updates (multiple reboots)

Apps & Settings

Not yet installed/tried

  • Affinity Designer or equivalent
  • Something that synchronizes screenshots in a Cloud Folder
  • Cinema 4D
  • Traktor
  • Lantern
  • Luxafor
  • OpenVPN / Shimo alternative
  • A good weather app, with rain notifications
  • FullContact
  • Airplay client
  • Steam
  • Mailplane
  • Notes.app
  • Encfs
  • Brain FM
  • Reason
  • Pixelmator
  • Inet
  • Kaleidoscope
  • Webex

Problems & Missing stuffs

  • Keyboard binding is hardcore
  • The default Trackpad is bad
  • Using an Apple Trackpad in Bluetooth is worst
    • even with custom driver
  • The Update system is annoying
  • The Driver system is complicated
  • I miss Quick Look
  • I miss Alfred.app
  • I miss the tree view mode of the Finder
  • I miss iTerm (I tried multiple alternatives, the best fit for now is the terminal built-in Visual Studio Code)
  • I miss Mailplane.app
  • I miss iMessages and other synchronicity applications with my iPhone
  • I miss the Screenshots keyboard shortcuts
  • I miss Notes.app

Good surprises

  • WSL is wonderful
    • but slow, with strange linking between the Windows filesystem and Linux
  • Paint 3D is fun (and sometimes useful)
  • Microsoft SongSmith is brilliant

Further Readings

How I Audit Startups 🚀👀

Introduction

In ages past (from 2007 to 2011), I performed startups security audits (penetration testing, offensive / defensive security, etc). Since 2015, I perform more general audits and audited more than 30 startups. A big part of my experience is due to do previous audits :) The more auditing I do, the better I’m at it; I hope to continue doing audits regularly and improve further. In this article, I will share this personal experience.

My domains of expertise are:

  • Scaling teams from less than 10 people to more than 100
  • Scaling apps and hostings
  • Improving the developers’ efficiency with processes and tools
  • Avoiding common and less common mistakes
  • Identifying weaknesses and set up plans to keep them under control
  • Identifying recruitment needs
  • Helping to set up tech/human strategies
  • Giving a list of pieces of advice and coach the founders
  • Helping set up better communication between tech/non-tech, especially when the founders are non-tech
  • Identifying the current employees’ strengths/weaknesses and help them take a fitting role

I’m focused on looking for red/orange/green flags about:

  • Maturity and scalability of the organization
  • The intrinsic value of the technology
  • Pieces of advice & recommendations about actions to take quickly

Who asks me for audits

  • Venture capital financing companies that request “due diligence” before a money raise:
    • When the investment is huge, over 10 million
    • When VCs have specific uncertainties (though it’s rare)
    • When the topic is ultra-competitive
    • When the technical challenges are important
    • When they want me to coach the founders
  • Startups that have one or more topics to address
  • Previously audited startups that want a follow-up check or have changed enough to have a new range of topics. The most common case is a startup I audited when there were less than 10 people and that grew to have over 50 people; now they’ve got new problems to address.

My services aren’t listed on any website, I only audit startups based on my reputation from previously audited ones (“word of mouth”).

The process

Before starting the audit, I ask the founders to prepare some documents. They will be the base for discussion during the audit, but they are also documents that should always be maintained up to date, as they can easily become the best documentation for new hires, to present their company to new VCs and so on.

Points that should be in the documents:

  • Platform description (list of functionalities, list of apps, list of services, list of websites, list of processes)
  • Development history (the beginning, big refactors, big changes, big milestones)
  • Development of current tasks + future roadmap
  • Organization history (at least in the tech team): (hires, fires, leaves, current hierarchy)
  • Organization future plan (recruitments, role changes, hierarchy changes)
  • External dependencies: SaaS, tools, vendors, etc
  • Some metrics (users, activities, load, database sizes etc)

The most common format of auditing is 1 day in the office. I start the audit with the founders, speak about history, strategy, roadmap, identified strengths, weaknesses, areas of uncertainties. I conduct interviews and do the digging on specific identified topics. In the process, I enumerate some general/standard points, and, finally, debrief the founders.

Another format is ½ day by phone/video with the founders and at least 1 tech lead. We focus on fewer topics; this can work when the VCs have already identified the potential dangers.

Sometimes, depending on the context and constraints, I utilize other formats: 2 days in the office, 3 days in the office, ½ day in the office + ½ day by phone.

The deliverables

During the whole audit, I provide advice to the founders.

After the audit, I send a report to both the founders and the VCs, debrief the VCs, and do some follow-up if needed. This report can also be useful for a new VC round later (and I can debrief it by phone to the new VCs if needed). The report contains:

  • A list of red flags to prioritize in the roadmap or be the reasons for a small pivot
  • Orange flags that should be prioritized or kept under the radar
  • Green flags that should stay competitive advantages
  • Pieces of advice & suggestions

I plan to write more on this topic, to share some trends and findings I discovered.

`assh` - Advanced SSH Config 🤓

assh, formerly known as “Advanced SSH config”, is a smart tool that was designed to wrap tightly around your SSH and enhance it, like a superhero suit that has various gadgets installed. It adds regex, aliases, gateways, dynamic hostnames, graphviz, notifications, json output and yaml configuration.

Some of its configuration features are:

  • regex support
  • aliases -> gate.domain.tld
  • includes: split configuration in multiple files
  • gateways -> transparent ssh connection chaining
  • inheritance: make hosts inherits from host hosts or templates
  • variable expansion: resolve variables from the environment
  • desktop notifications: based on events
  • Graphviz representation of the hosts

assh manages your ~/.ssh/config file, taking care of keeping its backup.

lib-ssh wraps assh as a ProxyCommand, which means that it works seamlessly with ssh, scp, rsync, git, and Desktop applications depending on lib-ssh or ssh (i.e., Tower, Atom.io, SSH Tunnel Manager).

A few usage examples:

  • assh config build: Rewrites and replaces the existing ~/.ssh/config file.
  • assh config graphviz: Generate a graphviz graph of the hosts
  • assh sockets list: List active control sockets.
  • assh sockets master: Create a master control sockets.
  • assh ping: Send packets to the SSH server and display stats.

Those are some of the highlights of assh. Visit its GitHub page to find out more about its configuration, usage and integration.

Dockerself - runtime self-dockerizer

Presentation

dockerself is a program that creates a new Docker container, injects itself, and finally runs itself from within Docker.

For the record, I was working on pathwar (a security learning platform) and was trying to design the less-constraining way of creating new levels.

My current best idea is to inject a custom entrypoint when the platform starts a new container, instead of requiring the level developers to adapt their Dockerfile.

Additionally, to the simplicity that is added for a level developer, this pattern also has the advantage of always putting the latest version of the entrypoint, even if the image was not updated for a very long time.

Additional resources

How-to (successfully) make your iPhone boring 📱

Last year, I decided to reduce my time on my iPhone and chose the “Make it Boring” method. My friends are often asking me for some details, so here is a kind of how-to (successfully) make your iPhone boring.

To make it more supportable and avoid switching back quickly, I preferred to use the compound effect and iterate progressively.

My phone before: a lot of badges, notifications, different colors, screens, disorder

What worked for me

Step 1: Uninstall Social Network Apps (Quick win)

Step-by-step instructions:

  • Uninstall Facebook
  • Uninstall Twitter
  • Uninstall Instagram
  • Uninstall LinkedIn
  • Uninstall insert-social-thing-name-here

Bonus: It’s also a good moment to do some cleanup and remove every useless app.

This easy step removes the most addictive apps and makes your phone very boring ultra-easily.

FYI, it’s not because you don’t have the app that you won’t be able to check-out something on those networks :)

I completely forgot it, but each of those apps has a nice mobile website which is very similar to the app, without the icon on your phone screen, without the icon on your “share using …” widget, and without notifications.

Step 2: Uninstall every Game (Quick win)

Games were for me the easy excuse to use my iPhone while waiting or while commuting; while waiting for my doctor, or during the boring meetings.

Removing all games forces you to use your phone for useful things in these moments (answer emails, read articles, etc.), or just not to use your phone and try to profit from the real world.

Step 3: Reduce Notifications (Quick-win)

This is the easiest and most useful change I’ve made; I can’t imagine returning to a mobile phone with notifications for everything happening in my numeric world (chats, emails, spams, games, ads, discounts, etc.).

How I made it:

  1. Disable all notifications; I’m now muting notifications for about 90% of my apps, so it was easier for me just to start disabling all apps first. (System Settings > Notifications > click on each app > uncheck “Allow Notifications”)
  2. Re-enable some app notifications; This is where I failed most, but it’s easy to iterate and progressively find your ideal configuration. Today, the only apps that can send me push notifications are: Transportation apps (Google Maps, Air France, Taxi, Citymapper, etc.), Mail.app filtered to VIP only, and Pushover which is an app that I can manually configure using Zapier to deliver me exceptional push notifications (raining day, take umbrella; my website is down, etc.)
  3. Disable notification badges; no more “Please, open me, I’ve got things for you.”
  4. Bonus: Notification Center: you can let some apps display notifications only in “*Notification Center*”; those apps won’t make the phone vibrate, won’t have a badge, but will be easily available from the “*Notification Center*” without opening the app. I choose to do it with my most used non-vital but important apps (Slack, Monitoring app, Gmail); it’s a difficult tradeoff to configure, you need to choose wisely the apps that will allow you to avoid checking notification center manually every 5 minutes while having useful information. If unsure, just don’t use the notification center for boring notifications and disable communication apps completely).

Step 4: Removed Shiny Background Image (Easy)

Easy, just remove the background to make your iPhone less friendly (people say that it’s also good for your battery).

I let a minimalist background image on the lock-screen, mostly to have a discussion topic with peers in real-life.

Step 5: Reorganized my app screens

  1. Leave the first screen empty, so when you unlock your phone, you won’t see shiny apps
  2. Keep a minimal amount of apps outside of folders to avoid seeing shiny icons; I kept some productivity apps (Notes, Airtable, Gmail, etc.), some utilities (Maps, Citymapper, etc.), and some “smart entertainment” apps (Spotify, Petit Bambou, Medium, etc.); Sort those apps alphabetically.
  3. Move the rest of your apps, the ones that you rarely use into folders on the last screen; I’m now opening those apps only using Spotlight and never go back to my last screen.

screen 1: nothing – screen 2&3: productivity apps sorted alphabetically – screen 4: everything else in folders

Step 6: Switch to Black & White (Hard)

This step is hard, but it’s one with the better “Make Your iPhone Ultra Boring” result :)

welcome back in the 50'

Step 7: Enable “Do not disturb most of the time” (Bonus)

It’s not so useful as most of the notifications are already disabled, but it allows you to keep the missing ones only available through “Notification Center”, so you can check them when you’re ready to check them in the morning.

Sometimes, I disable it manually if I’m waiting for food delivery or something like that.

What didn’t work for me

  • I tried, but I failed to completely disable chat notifications (Slack, Whatsapp, etc.); I was losing too much time opening the apps when someone told me to check something, so I decided to re-enable the notifications for those apps but limit them to the “Notification Center”; I don’t receive any alert but can easily see what happens when I voluntarily want to check them and have only one button to go to the interesting conversation.
  • Removing all games; I keep some kid games for my first daughter, it’s particularly useful to keep her calm during a long boring period (Transports, Doctor’s waiting room, etc.), and usefully for me, those games addictiveness are not working on me :)

Some ideas for the next steps

I’ve considerably less feeling in the following ideas, that’s why I keep them at the end, I will probably try them

  • Move every app in a single folder, making it impossible to open apps without using Spotlight to search an app by name
  • Remove most of the installed apps
  • Remove chat apps
  • Switch to a long, complex and mandatory password
  • Switch to airplane mode most of the time
  • Use an old-style phone first and keep a smartphone or tablet in my bag for urgencies, taking photos, listening to music, reading books or articles, sending emails, etc.

Conclusion

My iPhone now has way more battery longevity!

I still have some bad feeling when using my phone for a long time, but a lot less as I now consider that it’s now a tool helping me to do useful things.

I’m less behind my phone, more behind my computer, and more in the real world too.

When I go to a meeting without my computer, I won’t receive notifications and stay focused.

Further reading

For more details, I suggest you to read those excellent articles that inspired me, they are more detailed, and also contain useful feedbacks in the comments: