Manfred Touron

$> man fred - fred man page

Image made with Carbon

A good friend is starting his “piscine” at 42 today; it’s only his first day but he already made me the good old joke about “there is no man fred”.

If this joke doesn’t make you smile, this is probably because you don’t know what is the man command for developers and how much useful it is.

Explanation: man is the short for manual, when you type man something in a terminal, you can get some information about the command/function/thing.

More info on Wikipedia: man page, RTFM (read the fucking manual)

Unfortunately, as the fred command does not exist by default, running man fred will just raise an error:

$ man fred
No manual entry for fred

As a workaround, I created a manpage for fred four years ago. Today, I just added some install instructions and an example in the README file.

As soon as you install this manpage on your computer, you will be able to type man fred and have usefulvital! information about me :)

Good luck William for your piscine!

sshportal - An Opinionated SSH Jump-Host

There are many reasons why spaceships don’t have doors that open into the outer space. For one, when a crewmate returns to the ship after visiting a planet, we can do some bio-scanning on them in the airlock, to see if it’s safe to open the doors and let them aboard, or if there’s an alien gestating in their chest.

Maybe the dangers of alien infestation won’t be a concern for at least ten more years, but right now we already are in the digital space, which packs many threats of its own. To protect your infrastructure from an invasion, allow me to suggest a jump host1 named sshportal.

Distinguishing features

Full independence of users and hosts.

sshportal streamlines their management and makes it easy to have multiple users to multiple hosts. They are decorrelated, as only the bastion knows information about both sides – the end user doesn’t have to know the hosts, he is automatically connected to everything he should have access to. So, for example, if a new developer comes into the company or changes their key, the configuration on each of the target servers don’t have to be changed; if the developer leaves, you can remove their access in seconds.

Access to target features

Kitchen, cargo hold, gym – there are many things that an airlock isn’t. sshportal does its job only at the connection, then it “pipes” everything to the target host. So it supports various advanced features, without having any code related to them. Some tested features are: X11 forwarding, port forwarding, tunneling, ssh-agent, sftp, scp, rsync, git support.

Connecting to servers that don’t support SSH keys

…, but only have username/password, This can be especially true for some hardware like internet router or old computers. Once you configure a remote host with the username/password, sshportal will automatically enter the login information. So, other people won’t have to know the login and password – they will connect as they would to any other hosts, using their personal SSH key to connect to sshportal.

“Roles” that provide various levels of access. A user can have access only to a particular host or host group. Login, ssh access, sftp access, and many other features can be enabled or disabled for specific users.

sshportal is also portable, scalable, provides various kinds of statistics and other neat features.

The “invite” system

sshportal was made to be fluid and easy to install and manage, and adding new users is a task that it simplifies greatly. Let’s take a look at a scenario that often occurs when someone in a company wants to access the server:

This person needs to request access from an administrator, to which the administrator will ask for the “public ssh key” of the user – user provides the key, and the administrator manually adds it on the server. Even if the user provides the key along with the request, the administrator still has to ask the user to test the connection, then the user tries and confirms – or doesn’t, which leads to some more steps. This workflow becomes even more involved when you have a user asking his manager to ask the “admin team” or to “open a ticket”, as every step is asynchronous and non-monitorable.

The “invite” mechanism works the opposite way. Admin can create an “invite code” in advance, with a named account that doesn’t have any public ssh key; the first user connecting to the server with this code will automatically link its key with the account. So, after a user requests the access, the workflow goes like this:

Administrator creates the user account sshportal user create toto@company.com. sshportal returns a one-line instruction, i.e.: ssh portal.company.com -l invite:XXXXX that the administrator can give to the user. A user executes the line, and that’s it.

Also, the administrator can check if the user tried to reconnect or not.

Use cases

Used by educators to provide temporary access to students.

A group of over 6000 people is using it internally to manage access to servers/routers, saving hours on configuration management and not having to share the configuration information.

There are companies who use a jump host to monitor connections at a single point.

A hosting company is using sshportal for its “logging” feature, among the others. As every session is logged and introspectable, they have a detailed history of who performed which action. This company made its own contribution to the project, allowing the support of more than 65.000 sessions in the database.

The project has also received multiple contributions from a security researcher that made a thesis on quantum cryptography. This person uses sshportal in their security-hardened hosting company.

A step beyond

There are more things to say about sshportal, but you could visit the GitHub page to check out the demo for yourself and learn more about its features and inner workings. The project is actively supported and has new features in development, like direct access to docker container. Perhaps there is something you personally would like to add or improve? Welcome aboard!

Footnotes

Jump host1 – also known as “bastion” or “gateway” – is an intermediary host that stands between the user and target hosts. It is exposed to the internet and configured to withstand attacks, while the target host remains in the “protected” network, behind the firewall. For more details, here are the Wiki articles on Bastion host and Demilitarized Zo ne.

Why You Should Stop Saying You Have Nothing To Hide!

📷 Adapted from Nathaniel Dahan

And why it’s not OK being watched.

So you are being watched online. Why should you care? After all, you are doing nothing wrong. You have nothing to hide, right? You just go online to chat with your friends, maybe argue with strangers, and life moves on! Should it really be a concern that the government and other parties are spying on you, gathering valuable information? That there are data aggregators building a nice (or not so nice 😅) profile of you to sell to the highest bidder? What of state agencies, travel companies, telecommunication giants, marketing agencies, advertising companies and insurance providers all clamoring for the personal data used not only to sell to you but sell you as well?

Your privacy is a precious commodity. You should care about your online conversations even if they’re just about making plans with your best friend or reassuring your mom you are eating right.

1) Do you really think you have nothing to hide?

  • Would you be willing to hand over your phone and give me your PIN?
  • Would you be willing to let your postman open your mail and make a copy of it?

Do you still think you have nothing to hide? Be honest; It will be quite embarrassing even if you really ‘have nothing to hide’ - simply because it’s your right to have your own space and self-freedom.

Strangely, if I replied, “I do have things to hide”, most people would stare at me and reply “are you a terrorist?”. Does it mean only terrorists have things to hide? Of course not. Everyone needs protection and privacy, no matter what the subject is about.

Maybe it’s because we all have a different definition of our privacy? Privacy is a hard concept to define, and it can not be reduced to a simple sentence or concept. For instance, the shortest definition I found online is: “privacy is a state in which one is not observed or disturbed by other people”. But, privacy is much more complex than just not being observed. It involves the right to personal space, the control over information, identity, intimacy… and other aspects of life!

“Privacy, in other words, involves so many things that it is impossible to reduce them all to one simple idea. And we need not do so.” – Daniel J. Solove

Maybe it’s because we all have a different definition of our personal information. When someone declares he or she has nothing to hide, maybe it refers to the type of data the government typically collects? Even in this case, it’s inaccurate to declare I have nothing to hide. Why? Because no one is perfect, we are human beings, and human beings break the rules. Whether it’s hosting a poker night at home, not reporting those 20 dollars you found on the ground, or even jay-walking, we’ve all done something.

Maybe it’s hard for people to identify that they are an object of surveillance. Of course, you’re not going to receive a text message: “hello we are spying on you in order to sell your data to your insurance company”. When it comes to discrete actions: the less you see, the less you care.

Maybe you do have something to hide, but you just aren’t aware. If you live in the US, I am pretty sure that the federal government could find something you’ve done which violates a provision in the 27,000 pages of federal statutes or 10,000 administrative regulations - if they had access to every email you’ve ever written or every phone call you’ve ever made.

There are many reasons to care about your privacy in this age of online communication and data transfer. Here are some:

Privacy is a right that has been fought for. People in history fought for this, and it is important not to take privacy for granted. Even better is recognizing that there are countries under tyranny whose people have not yet attained this right to privacy. Like other rights, privacy is a right that has not always been around and therefore, like any other right it should be protected.

There is a difference between privacy and secrecy. When people say ‘they have nothing to hide’ as the reason why they don’t care about privacy, what they are really doing is confusing privacy with secrecy. You may not want someone to actively read your emails, or read your messages, or scroll through your pictures. This is not because you have something to hide but because you want the right to have your private information private. It shouldn’t be any different when you hear of the government’s mass surveillance and laws and actions to curtail internet freedom and privacy.

Your information will likely fall Into the wrong hands. While you may feel like you don’t have anything to hide from government agencies for ‘security’ purposes, you might be however alarmed to know that your information could fall into the hands of hackers, blackmailers, data aggregators and others who may be hell-bent on exploiting this data. Remember Equifax, Ashley Madison and Yahoo breaches? Being blasé about your privacy could mean courting trouble.

There is uncertainty how the information you share now will evolve in the future. Your private communication and information exposed to the world in an out-of-context manner can also be used against you. While you currently may not have a lot to risk if your data is shared, this can change in the future where your personal data can be misrepresented to the detriment of your career or social life. Politicians are constantly bombarded with their personal information exploited, speeches manipulated, and pictures were taken out of context.

2) How much is your data?

When you put tons of personal information online using Twitter, Facebook, Instagram, you have an instant benefit; it’s easy to use and free. So, it’s pretty tricky to balance with something that might be dangerous in a hard to predict future. But, those services aren’t entirely free, we’re paying with our data, after all.

Do you wonder what tech companies and telecommunication giants gain from allowing you to transfer or store unlimited data in their servers for free? Are they philanthropists? No, they are not, they are the wealthiest companies on earth. Google is not a search company; it’s a data company. The lack of privacy enriches corporations.

‘If You Have Something You Don’t Want Anyone To Know, Maybe You Shouldn’t Be Doing It’ - Eric Schmidt, Google CEO

This is because if you’re not paying for it, you become the product. Or rather, your ‘private’ information is. It is sold to interested parties such as advertising companies without your say-so. Thus gaining these companies riches and a reluctance to enforce privacy. You should, therefore, be very concerned!

3) Why is being spied on not ok?

📷 Photo by Sweet Ice Cream Photography

I still wonder why we came to this “nothing to hide / I do not care about my privacy” argument. An interesting theory called The Internet’s Original Sin argue that people want to use internet for free so corporate companies start to experiment to make money using the data they had collected on the users and realized that was quite valuable in the context of advertising. Later on, governments find out that those companies have all the data they needed and start collecting them.

“Ask yourself: at every point in history, who suffers the most from unjustified surveillance? It is not the privileged, but the vulnerable. Surveillance is not about safety, it’s about power. It’s about control.” - Ed Snowden

Authorities made this acceptable and normal to most of us. How have they done this? They used the scapegoat of stopping terrorism or other illegal stuff. But, are we all terrorists? Terrorists didn’t wait for the government to cipher their messages. So why is it so legitimate to spy on honest citizens? To my humble opinion, the goal is right, but the method is wrong - and it’s too asymmetrical.

4- Conclusion

So, why it’s so important to care about our privacy when you aren’t a nonconformist? Naturally, because it’s part of our freedom. If we start to trim our privacy little by little, it will lead undeniably to a massive loss of our freedom. Mass surveillance and the reduction of our privacy is made to have a certain degree of social control - to turn individual to perfect subject of control and control has no limit except the one we accept. Is it the type of digital environment that we want?

If you have time (1h30), I recommend that you watch this wonderful online documentary: Nothing to hide

Cheers Internet, feel free to clap & follow our stories, see you next time. 🤫

Hello Wulo!

Lancement de Wulo

🚀 Je suis fier de vous présenter Wulo, une plateforme alternative de mise en relation entre chauffeurs et passagers.

👫 Derrière Wulo, j’ai créé United Drivers, une association à but non lucratif (je vous expliquerai pourquoi ce choix du modèle associatif dans un autre article 😄). Pour m’épauler, j’ai réuni autour de moi une équipe principalement composée de développeurs issus de 42.

🚖 Wulo, c’est ma proposition pour améliorer le niveau de vie des chauffeurs, leur permettre de se faire entendre, d’avoir une meilleure rémunération et de pérenniser leur activité. J’ai décidé de réunir les taxis et VTC sur une même plateforme et de ne prendre ni commission, ni abonnement.

En plus de proposer des courses moins chères, des options sont disponibles comme la mise à disposition d’un siège bébé, le paiement via l’application ou en espèces, mais aussi des prix connus à l’avance.
tion ou en espèces**, mais aussi des prix connus à l’avance.

:+1: Plus d’articles à venir pour vous partager notre vision, nos valeurs et notre quotidien.

en savoir plus

📱 Retrouvez l’application sur l’App Store et Google Play

📰 Voir le dossier de presse 😄

Docker Machine driver for Scaleway

We just released the Docker Machine driver for Scaleway; You can now use Machine to create Docker hosts on Scaleway servers.

This tool comes as an alternative method of provisionning Docker engines on Scaleway and won’t replace the Docker Instant-App.

Using Docker-Machine, it is now very easy to create a Swarm cluster in minutes: start-swarm-cluster.sh script (output).

It is now easy to manage a Swarm cluster of hybrid servers (x86_64 + armhf).

It is also very convenient to use a Swarm cluster composed of Raspberry PI using the Hypriot OS and Scaleway servers together.