Friday, January 20, 2017

Joining Eyeo

A couple of months ago I left Viaboxx, more than five years after I started there.

It was a great ride. It combined the excitement and intensity of working at a startup, with the safety of working with a profitable, self-organizing company of experienced full stack developers.

During the time there I worked with everything from Raspberry Pis to huge parcel stations, from single-page-webapp AngularJS applications and Node, to state-of-the-art modern Java-cloud applications. I learned how to do infrastructure-as-code with Puppet, and immutable infrastructure with Docker. We developed our own products, did research projects and provided consulting for big enterprises - always learning, always trying out new things. Being small allowed us to optimize for learning while having an awesome culture where colleagues felt like family or great friends.

Still, a part of me missed some of the challenges I worked more with when I was consulting, or working for larger companies. Helping people to work better. Working better together. All this thinking from my agile days went a little dormant while I was at Viaboxx because there we always did things right, methodology-wise. Most of the oncoming DevOps hype seemed unnecessary, because we were already optimizing for lead-time and were pretty streamlined.

So, around last summer I decided to try something new. I've now finally joined a large but still growing company in Cologne called Eyeo, although you may know them better as the creators of Adblock Plus and the concept of Acceptable Ads. I'll be focusing more in on the infrastructure/operational side of things, at the same time I'm taking on a more managerial position - which could mean pretty much anything, but some organizational coaching is included. Perhaps I'll get back to blogging more actively about the things I'm up to. No promises though.

Monday, March 28, 2016

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities. It "was decided" that we'd be doing AES with a key-length of 256, and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!

The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story, the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.

Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and salt. It's called encryptomania. Note that in order to run it you'll need the JCE (for now, see below).

Screenshot from encryptomania, my little crypto GUI

Some thoughts on the JCE

So at one level, Spring crypto has a problem in that they force all users of the library to patch their JRE. This makes it pretty much impossible to deploy in an environment where you don't have complete control of the environment (computers w/o root or admin-access, and PaaS). So it would be cool if they would support 128 bit key-length, and I've started a patch to fix just that.

The other problem here is that Oracle doesn't just build the JCE into all the JREs. I mean, a malevolent programmer won't have any problems downloading the JCE into a country where it is not allowed, so it's more of a formal thing. And still if they would change the default here, it would take years for the change to propagate into all the data-centres around the world. I think we're better off betting on some other kind of encryption (maybe a 128 bit Twofish cipher out of Bouncy Castle) to become more trusted than the one provided by Oracle.

At the same time it is all a bit silly for your average non-critical webapp, as 128 bit AES is considered to be practically impossible to break in the foreseeable future.

Tuesday, March 15, 2016

Replacing Boxen with Vanilla Puppet (for setting up a new mac)

I recently got a new MacBook at work and decided to overhaul my personal setup routine. Last time I tried an early version of Boxen, and although I was pretty happy with it there were a few things that bothered me. It is very opinionated, and I had a hard time stopping it from overwriting my .gitconfig and things like that. It also dragged in a series of dependencies I didn't feel the need for, and made Homebrew a bit weird by installing it in the non-standard location /opt/boxen/homebrew.

Since Boxen is based on Puppet, and I've used plenty of Puppet on Linux, I wanted to simplify things a bit and see how far standard Puppet on OS X would get me.

Warning! Make sure you don't install puppet using brew! It'll install an old version which is not trivial to uninstall.

It's fairly straight forward to install Puppet on a Mac, but since there is no standard package manager, like there's yum or apt on Linux, you have to set it up with a provider, in our case: Homebrew. I installed Homebrew manually at this point, but I think you could actually have Puppet do it for you.

Next, we have to install a puppet module for Homebrew. I found found a good one here by Kevin James (I tried the gildas and halyard ones first, but kept running into problems with them).

As Puppet goes, it has to be executed as superuser:

    sudo puppet module install thekevjames-homebrew

and it depends on the Puppet standard library:

    sudo puppet module install puppetlabs-stdlib

Now we're ready to fire away and apply a puppet file defining our packages:

    sudo puppet apply puppet-mac.pp

As an example, consider my own puppet-mac.pp - note how I've got various kinds of packages:

  • normal packages, these are built from source by Homebrew
  • casks, which are Homebrew's notion of pre-built binaries
  • gems, for those weird pieces of software that are not available via Homebrew
People who enjoy Boxen will probably not see the big point of going this way, but I think it feels easier and more elegant. It also reduces the discrepancies between my Linux and Mac setup.

Thursday, November 12, 2015

Retiring from the Bonn Agile Meetup

Yesterday I organized my final meetup.

Back in February 2011, I invited to the first meetup, back then under the "XP" banner, renaming to be Bonn Agile a few months later.

So, wow, that makes it nearly 5 years, or 50 meetups after a rough count.

Most of these meetups were not organized by me though. I want to use this post for thanking the people who were around in the begining, co-organizing or just giving great feedback on how to get the meetup rolling.

I'm sure I'm forgetting some names, but +Patrick Cornelißen+Kurt Häusler,  +Frederic Hemberger, +Christoph Pater and +Jan Ehrhardt  took their share of the load back then until they moved from Bonn to other places. +Simon Tiffert and +Matthias Lübken provided valuable advice when starting up. As companies go, +tarent solutions GmbH+doo and, most of all +Data in Transit GmbH (big thanks to +Jutta Horstmann!) have been supporting the meetup since the very beginning, with +Viaboxx (my employer) hosting the annual Sommerfest/BBQ.

Also from the beginning and up unto the latest meetups were +Jan Nonnen+Christoph Baudson, with later on help from +Andreas Kluth and +Michael Kutz+Stefan Walter and +Daniel Westheide should also be mentioned.

And finally all of you who just kept showing up and contributing to all the awesome discussions.

Thank you all.

I started the meetup at a point where I was feeling pretty lonely in a professional sense, and it has been such an uplifting ride, making many new good friends on the way. It has been a really important part of my life here in Germany, and it's going to be weird not to be organizing anymore.

The meetup yesterday was an attempt of figuring out what to do with the meetup, as we all felt it has run out of steem recently. While I feel bad for jumping ship, I think it might be good to let someone else pick up the reins and transform the meetup into what it needs to be today in order to attract new people, topics and discussion. I think most agreed yesterday that changing from the "agile meetup" into something different was a good idea. Stay tuned to the mailing list to see what happens next. I know that there will be a last regular meetup on the 1st of December, and after that there will be some sort of relaunch at some point, with a new name and a new form of activities and organization.

For my own sake, I'll be diverting my "community energy" into some personal projects, perhaps more on the podcasting side, but of course there's not so much time left after taking care of the kids, house and all that. One thing we concluded yesterday is that a meetup needs young blood to keep really active, or perhaps old blood with fewer commitments than I have.

So here's to the Bonn Agile Meetup. May it rise again under a different banner and attract an ever larger and active community.

Friday, October 23, 2015

Android Voice Commands for Cyclists Listening to Podcasts or Music

Disclaimer: I do not recommend using earphones while on your bike, but there are times or roads where I think it's OK. Pull out your earphones when nearing potentially dangerous situations (like intersections). At least pause the audio.

These tips also apply to anyone unable to look at and touch their device, leaving voice commands their only option (useful for visually impaired people, people wearing thick gloves, etc).
First of all, you need an Android with a fairly new version of Google Now installed, like Lollipop.
You'll need a headset with a microphone button. I’ve got an iphone headset that works great with my old Moto G, excluding the volume control.
You need to make sure that a connected headset can bypass the device’s lock mechanism. It’s in:
        Settings -> Language & input -> Google voice typing -> Hands-free
Your audio playback software has to work with the Google Now commands. I’ve tried Google Music and BeyondPod successfully.
So, off we go! You’ll want to practice a bit before doing this on your bike: 
  1. Lock your phone and put it in your pocket with the headset connected.
  2. Hold down the mike button until you hear a bell like “ba-ding!”. 
  3. Let go of the button.
  4. Enter the voice command clearly (you don’t have to say “OK Google” first)
  5. Wait until you hear another cheery ding sound, followed by Google Now’s voice confirming your command.
If you hear “Bong bong bong bong…”, that means there’s no signal or something. Just try again later. If Google Now doesn't grok what you're trying to say, start over.
Here are the commands I’ve found useful on the bike so far:
  • Resume” - this will start audio playback in whatever state you did previously (I think). Also un-pause.
  • Pause” - self-explanatory. Note that tapping the mike button will also pause/resume, but I have found it to be a bit unreliable when resuming especially.
  • Skip to the next track” - self-explanatory, some variations in how you formulate it is OK I noticed.
  • Open beyondpod” - opens the app BeyondPod. This could be useful if I want to get out of Google Music.
  • Tell my wife on hangouts, I’m on my way home” - I always forget to tell my wife when I leave work on the bike, so this is handy. If you leave out the “on hangouts” bit, it will just send a text message. Not sure if other IMs are supported.
  • What time is it” - handy to see if I’m running late.
  • What’s the weather like tonight/tomorrow” - always good to know when cycling.
  • What’s my schedule today/tomorrow” - I haven’t tried this but could be useful.
  • Help” - this one will make Google Now explain some voice commands for you.
If you’re cycling with some speed, you’ll need to cup the mike with your hand to avoid overloading your command with noise from the wind. For the same reason, I try not doing phone-calls while on the bike.
Any useful commands that I’ve missed? 
There are various lists of possible voice commands online, but unfortunately most of them are just useful when you’re looking at the phone in your hand. More can be found here: