Manfred Touron

Dockerself - runtime self-dockerizer

Presentation

dockerself is a program that creates a new Docker container, injects itself, and finally runs itself from within Docker.

For the record, I was working on pathwar (a security learning platform) and was trying to design the less-constraining way of creating new levels.

My current best idea is to inject a custom entrypoint when the platform starts a new container, instead of requiring the level developers to adapt their Dockerfile.

Additionally, to the simplicity that is added for a level developer, this pattern also has the advantage of always putting the latest version of the entrypoint, even if the image was not updated for a very long time.

Additional resources

How-to (successfully) make your iPhone boring 📱

Last year, I decided to reduce my time on my iPhone and chose the “Make it Boring” method. My friends are often asking me for some details, so here is a kind of how-to (successfully) make your iPhone boring.

To make it more supportable and avoid switching back quickly, I preferred to use the compound effect and iterate progressively.

My phone before: a lot of badges, notifications, different colors, screens, disorder

What worked for me

Step 1: Uninstall Social Network Apps (Quick win)

Step-by-step instructions:

  • Uninstall Facebook
  • Uninstall Twitter
  • Uninstall Instagram
  • Uninstall LinkedIn
  • Uninstall insert-social-thing-name-here

Bonus: It’s also a good moment to do some cleanup and remove every useless app.

This easy step removes the most addictive apps and makes your phone very boring ultra-easily.

FYI, it’s not because you don’t have the app that you won’t be able to check-out something on those networks :)

I completely forgot it, but each of those apps has a nice mobile website which is very similar to the app, without the icon on your phone screen, without the icon on your “share using …” widget, and without notifications.

Step 2: Uninstall every Game (Quick win)

Games were for me the easy excuse to use my iPhone while waiting or while commuting; while waiting for my doctor, or during the boring meetings.

Removing all games forces you to use your phone for useful things in these moments (answer emails, read articles, etc.), or just not to use your phone and try to profit from the real world.

Step 3: Reduce Notifications (Quick-win)

This is the easiest and most useful change I’ve made; I can’t imagine returning to a mobile phone with notifications for everything happening in my numeric world (chats, emails, spams, games, ads, discounts, etc.).

How I made it:

  1. Disable all notifications; I’m now muting notifications for about 90% of my apps, so it was easier for me just to start disabling all apps first. (System Settings > Notifications > click on each app > uncheck “Allow Notifications”)
  2. Re-enable some app notifications; This is where I failed most, but it’s easy to iterate and progressively find your ideal configuration. Today, the only apps that can send me push notifications are: Transportation apps (Google Maps, Air France, Taxi, Citymapper, etc.), Mail.app filtered to VIP only, and Pushover which is an app that I can manually configure using Zapier to deliver me exceptional push notifications (raining day, take umbrella; my website is down, etc.)
  3. Disable notification badges; no more “Please, open me, I’ve got things for you.”
  4. Bonus: Notification Center: you can let some apps display notifications only in “*Notification Center*”; those apps won’t make the phone vibrate, won’t have a badge, but will be easily available from the “*Notification Center*” without opening the app. I choose to do it with my most used non-vital but important apps (Slack, Monitoring app, Gmail); it’s a difficult tradeoff to configure, you need to choose wisely the apps that will allow you to avoid checking notification center manually every 5 minutes while having useful information. If unsure, just don’t use the notification center for boring notifications and disable communication apps completely).

Step 4: Removed Shiny Background Image (Easy)

Easy, just remove the background to make your iPhone less friendly (people say that it’s also good for your battery).

I let a minimalist background image on the lock-screen, mostly to have a discussion topic with peers in real-life.

Step 5: Reorganized my app screens

  1. Leave the first screen empty, so when you unlock your phone, you won’t see shiny apps
  2. Keep a minimal amount of apps outside of folders to avoid seeing shiny icons; I kept some productivity apps (Notes, Airtable, Gmail, etc.), some utilities (Maps, Citymapper, etc.), and some “smart entertainment” apps (Spotify, Petit Bambou, Medium, etc.); Sort those apps alphabetically.
  3. Move the rest of your apps, the ones that you rarely use into folders on the last screen; I’m now opening those apps only using Spotlight and never go back to my last screen.

screen 1: nothing – screen 2&3: productivity apps sorted alphabetically – screen 4: everything else in folders

Step 6: Switch to Black & White (Hard)

This step is hard, but it’s one with the better “Make Your iPhone Ultra Boring” result :)

welcome back in the 50'

Step 7: Enable “Do not disturb most of the time” (Bonus)

It’s not so useful as most of the notifications are already disabled, but it allows you to keep the missing ones only available through “Notification Center”, so you can check them when you’re ready to check them in the morning.

Sometimes, I disable it manually if I’m waiting for food delivery or something like that.

What didn’t work for me

  • I tried, but I failed to completely disable chat notifications (Slack, Whatsapp, etc.); I was losing too much time opening the apps when someone told me to check something, so I decided to re-enable the notifications for those apps but limit them to the “Notification Center”; I don’t receive any alert but can easily see what happens when I voluntarily want to check them and have only one button to go to the interesting conversation.
  • Removing all games; I keep some kid games for my first daughter, it’s particularly useful to keep her calm during a long boring period (Transports, Doctor’s waiting room, etc.), and usefully for me, those games addictiveness are not working on me :)

Some ideas for the next steps

I’ve considerably less feeling in the following ideas, that’s why I keep them at the end, I will probably try them

  • Move every app in a single folder, making it impossible to open apps without using Spotlight to search an app by name
  • Remove most of the installed apps
  • Remove chat apps
  • Switch to a long, complex and mandatory password
  • Switch to airplane mode most of the time
  • Use an old-style phone first and keep a smartphone or tablet in my bag for urgencies, taking photos, listening to music, reading books or articles, sending emails, etc.

Conclusion

My iPhone now has way more battery longevity!

I still have some bad feeling when using my phone for a long time, but a lot less as I now consider that it’s now a tool helping me to do useful things.

I’m less behind my phone, more behind my computer, and more in the real world too.

When I go to a meeting without my computer, I won’t receive notifications and stay focused.

Further reading

For more details, I suggest you to read those excellent articles that inspired me, they are more detailed, and also contain useful feedbacks in the comments:

$> man fred - fred man page

Image made with Carbon

A good friend is starting his “piscine” at 42 today; it’s only his first day but he already made me the good old joke about “there is no man fred”.

If this joke doesn’t make you smile, this is probably because you don’t know what is the man command for developers and how much useful it is.

Explanation: man is the short for manual, when you type man something in a terminal, you can get some information about the command/function/thing.

More info on Wikipedia: man page, RTFM (read the fucking manual)

Unfortunately, as the fred command does not exist by default, running man fred will just raise an error:

$ man fred
No manual entry for fred

As a workaround, I created a manpage for fred four years ago. Today, I just added some install instructions and an example in the README file.

As soon as you install this manpage on your computer, you will be able to type man fred and have usefulvital! information about me :)

Good luck William for your piscine!

sshportal - An Opinionated SSH Jump-Host

There are many reasons why spaceships don’t have doors that open into the outer space. For one, when a crewmate returns to the ship after visiting a planet, we can do some bio-scanning on them in the airlock, to see if it’s safe to open the doors and let them aboard, or if there’s an alien gestating in their chest.

Maybe the dangers of alien infestation won’t be a concern for at least ten more years, but right now we already are in the digital space, which packs many threats of its own. To protect your infrastructure from an invasion, allow me to suggest a jump host1 named sshportal.

Distinguishing features

Full independence of users and hosts.

sshportal streamlines their management and makes it easy to have multiple users to multiple hosts. They are decorrelated, as only the bastion knows information about both sides – the end user doesn’t have to know the hosts, he is automatically connected to everything he should have access to. So, for example, if a new developer comes into the company or changes their key, the configuration on each of the target servers don’t have to be changed; if the developer leaves, you can remove their access in seconds.

Access to target features

Kitchen, cargo hold, gym – there are many things that an airlock isn’t. sshportal does its job only at the connection, then it “pipes” everything to the target host. So it supports various advanced features, without having any code related to them. Some tested features are: X11 forwarding, port forwarding, tunneling, ssh-agent, sftp, scp, rsync, git support.

Connecting to servers that don’t support SSH keys

…, but only have username/password, This can be especially true for some hardware like internet router or old computers. Once you configure a remote host with the username/password, sshportal will automatically enter the login information. So, other people won’t have to know the login and password – they will connect as they would to any other hosts, using their personal SSH key to connect to sshportal.

“Roles” that provide various levels of access. A user can have access only to a particular host or host group. Login, ssh access, sftp access, and many other features can be enabled or disabled for specific users.

sshportal is also portable, scalable, provides various kinds of statistics and other neat features.

The “invite” system

sshportal was made to be fluid and easy to install and manage, and adding new users is a task that it simplifies greatly. Let’s take a look at a scenario that often occurs when someone in a company wants to access the server:

This person needs to request access from an administrator, to which the administrator will ask for the “public ssh key” of the user – user provides the key, and the administrator manually adds it on the server. Even if the user provides the key along with the request, the administrator still has to ask the user to test the connection, then the user tries and confirms – or doesn’t, which leads to some more steps. This workflow becomes even more involved when you have a user asking his manager to ask the “admin team” or to “open a ticket”, as every step is asynchronous and non-monitorable.

The “invite” mechanism works the opposite way. Admin can create an “invite code” in advance, with a named account that doesn’t have any public ssh key; the first user connecting to the server with this code will automatically link its key with the account. So, after a user requests the access, the workflow goes like this:

Administrator creates the user account sshportal user create toto@company.com. sshportal returns a one-line instruction, i.e.: ssh portal.company.com -l invite:XXXXX that the administrator can give to the user. A user executes the line, and that’s it.

Also, the administrator can check if the user tried to reconnect or not.

Use cases

Used by educators to provide temporary access to students.

A group of over 6000 people is using it internally to manage access to servers/routers, saving hours on configuration management and not having to share the configuration information.

There are companies who use a jump host to monitor connections at a single point.

A hosting company is using sshportal for its “logging” feature, among the others. As every session is logged and introspectable, they have a detailed history of who performed which action. This company made its own contribution to the project, allowing the support of more than 65.000 sessions in the database.

The project has also received multiple contributions from a security researcher that made a thesis on quantum cryptography. This person uses sshportal in their security-hardened hosting company.

A step beyond

There are more things to say about sshportal, but you could visit the GitHub page to check out the demo for yourself and learn more about its features and inner workings. The project is actively supported and has new features in development, like direct access to docker container. Perhaps there is something you personally would like to add or improve? Welcome aboard!

Footnotes

Jump host1 – also known as “bastion” or “gateway” – is an intermediary host that stands between the user and target hosts. It is exposed to the internet and configured to withstand attacks, while the target host remains in the “protected” network, behind the firewall. For more details, here are the Wiki articles on Bastion host and Demilitarized Zo ne.

Why You Should Stop Saying You Have Nothing To Hide!

📷 Adapted from Nathaniel Dahan

And why it’s not OK being watched.

So you are being watched online. Why should you care? After all, you are doing nothing wrong. You have nothing to hide, right? You just go online to chat with your friends, maybe argue with strangers, and life moves on! Should it really be a concern that the government and other parties are spying on you, gathering valuable information? That there are data aggregators building a nice (or not so nice 😅) profile of you to sell to the highest bidder? What of state agencies, travel companies, telecommunication giants, marketing agencies, advertising companies and insurance providers all clamoring for the personal data used not only to sell to you but sell you as well?

Your privacy is a precious commodity. You should care about your online conversations even if they’re just about making plans with your best friend or reassuring your mom you are eating right.

1) Do you really think you have nothing to hide?

  • Would you be willing to hand over your phone and give me your PIN?
  • Would you be willing to let your postman open your mail and make a copy of it?

Do you still think you have nothing to hide? Be honest; It will be quite embarrassing even if you really ‘have nothing to hide’ - simply because it’s your right to have your own space and self-freedom.

Strangely, if I replied, “I do have things to hide”, most people would stare at me and reply “are you a terrorist?”. Does it mean only terrorists have things to hide? Of course not. Everyone needs protection and privacy, no matter what the subject is about.

Maybe it’s because we all have a different definition of our privacy? Privacy is a hard concept to define, and it can not be reduced to a simple sentence or concept. For instance, the shortest definition I found online is: “privacy is a state in which one is not observed or disturbed by other people”. But, privacy is much more complex than just not being observed. It involves the right to personal space, the control over information, identity, intimacy… and other aspects of life!

“Privacy, in other words, involves so many things that it is impossible to reduce them all to one simple idea. And we need not do so.” – Daniel J. Solove

Maybe it’s because we all have a different definition of our personal information. When someone declares he or she has nothing to hide, maybe it refers to the type of data the government typically collects? Even in this case, it’s inaccurate to declare I have nothing to hide. Why? Because no one is perfect, we are human beings, and human beings break the rules. Whether it’s hosting a poker night at home, not reporting those 20 dollars you found on the ground, or even jay-walking, we’ve all done something.

Maybe it’s hard for people to identify that they are an object of surveillance. Of course, you’re not going to receive a text message: “hello we are spying on you in order to sell your data to your insurance company”. When it comes to discrete actions: the less you see, the less you care.

Maybe you do have something to hide, but you just aren’t aware. If you live in the US, I am pretty sure that the federal government could find something you’ve done which violates a provision in the 27,000 pages of federal statutes or 10,000 administrative regulations - if they had access to every email you’ve ever written or every phone call you’ve ever made.

There are many reasons to care about your privacy in this age of online communication and data transfer. Here are some:

Privacy is a right that has been fought for. People in history fought for this, and it is important not to take privacy for granted. Even better is recognizing that there are countries under tyranny whose people have not yet attained this right to privacy. Like other rights, privacy is a right that has not always been around and therefore, like any other right it should be protected.

There is a difference between privacy and secrecy. When people say ‘they have nothing to hide’ as the reason why they don’t care about privacy, what they are really doing is confusing privacy with secrecy. You may not want someone to actively read your emails, or read your messages, or scroll through your pictures. This is not because you have something to hide but because you want the right to have your private information private. It shouldn’t be any different when you hear of the government’s mass surveillance and laws and actions to curtail internet freedom and privacy.

Your information will likely fall Into the wrong hands. While you may feel like you don’t have anything to hide from government agencies for ‘security’ purposes, you might be however alarmed to know that your information could fall into the hands of hackers, blackmailers, data aggregators and others who may be hell-bent on exploiting this data. Remember Equifax, Ashley Madison and Yahoo breaches? Being blasé about your privacy could mean courting trouble.

There is uncertainty how the information you share now will evolve in the future. Your private communication and information exposed to the world in an out-of-context manner can also be used against you. While you currently may not have a lot to risk if your data is shared, this can change in the future where your personal data can be misrepresented to the detriment of your career or social life. Politicians are constantly bombarded with their personal information exploited, speeches manipulated, and pictures were taken out of context.

2) How much is your data?

When you put tons of personal information online using Twitter, Facebook, Instagram, you have an instant benefit; it’s easy to use and free. So, it’s pretty tricky to balance with something that might be dangerous in a hard to predict future. But, those services aren’t entirely free, we’re paying with our data, after all.

Do you wonder what tech companies and telecommunication giants gain from allowing you to transfer or store unlimited data in their servers for free? Are they philanthropists? No, they are not, they are the wealthiest companies on earth. Google is not a search company; it’s a data company. The lack of privacy enriches corporations.

‘If You Have Something You Don’t Want Anyone To Know, Maybe You Shouldn’t Be Doing It’ - Eric Schmidt, Google CEO

This is because if you’re not paying for it, you become the product. Or rather, your ‘private’ information is. It is sold to interested parties such as advertising companies without your say-so. Thus gaining these companies riches and a reluctance to enforce privacy. You should, therefore, be very concerned!

3) Why is being spied on not ok?

📷 Photo by Sweet Ice Cream Photography

I still wonder why we came to this “nothing to hide / I do not care about my privacy” argument. An interesting theory called The Internet’s Original Sin argue that people want to use internet for free so corporate companies start to experiment to make money using the data they had collected on the users and realized that was quite valuable in the context of advertising. Later on, governments find out that those companies have all the data they needed and start collecting them.

“Ask yourself: at every point in history, who suffers the most from unjustified surveillance? It is not the privileged, but the vulnerable. Surveillance is not about safety, it’s about power. It’s about control.” - Ed Snowden

Authorities made this acceptable and normal to most of us. How have they done this? They used the scapegoat of stopping terrorism or other illegal stuff. But, are we all terrorists? Terrorists didn’t wait for the government to cipher their messages. So why is it so legitimate to spy on honest citizens? To my humble opinion, the goal is right, but the method is wrong - and it’s too asymmetrical.

4- Conclusion

So, why it’s so important to care about our privacy when you aren’t a nonconformist? Naturally, because it’s part of our freedom. If we start to trim our privacy little by little, it will lead undeniably to a massive loss of our freedom. Mass surveillance and the reduction of our privacy is made to have a certain degree of social control - to turn individual to perfect subject of control and control has no limit except the one we accept. Is it the type of digital environment that we want?

If you have time (1h30), I recommend that you watch this wonderful online documentary: Nothing to hide

Cheers Internet, feel free to clap & follow our stories, see you next time. 🤫