DEV Community: Erebos Manannán

Developer hacktivism for Ukraine

Erebos Manannán — Sat, 26 Feb 2022 18:14:41 +0000

Preface

One of the issues currently in Russia is the heavy propaganda and disinformation campaigns, as well as limits on access to truthful information.

If people inside Russia were better aware of exactly what is going on in the world, the support for the war in Ukraine could start falling rapidly.

What can I do?

Software authors, OSS project contributors, website owners

If you own a website, have authored software, or regularly contribute to popular OSS projects, one of the options at your disposal is adding a message condemning the war, Russian actions, or overall sharing the global sentiment, or truthful information on what actions Russia has performed.

You could do this e.g. via geolocation if you don't want to bother all your users, but more global awareness is not a bad thing either.

If you have a website, you could also use geolocation to set up a blackout for Russian visitors, with a dedicated message condemning the war.

Programmers of any level

Know how to code? Submit a PR to an existing project and propose adding such messages into the software, explain the reasoning in your PR description, and maybe try to gather support for it via social media.

Some practical ideas can be found via the various "awesome" -lists:

https://github.com/sindresorhus/awesome

Other members of the development community

Can't code? No problem, you can still e.g. submit issues requesting such messages to be added to projects, particularly any that are largely made in, or popular inside Russia.

Some ideas can be found from:

An example of such an issue: https://github.com/notepad-plus-plus/notepad-plus-plus/issues/11302

Desired effect

Lots of software auto-updates, which gives an easy way to distribute such messages.

Imagine Russians starting up Firefox to check something on Yandex, and Firefox includes messages on the titlebar. Imagine browser extensions sharing similar messages, SponsorBlock refusing to block ads on Youtube for Russians, or LibreOffice giving an alert message every time you try to open or save a document.

Imagine Russian developers trying to develop software during their normal daily job being greeted with notifications from npm, pip, and other every day tools condemning their government's actions.

Imagine Telegram and other messaging software sending notifications condemning the war to everyone within Russia every 12 hours.

Imagine if inside Russia software or games started refusing to launch, phones or cars refusing to function normally until the war is ended.

Yes, people can disable updates, make forks, etc. but it would become increasingly difficult to avoid hearing the truth.

Please, sell me good services

Erebos Manannán — Tue, 24 Dec 2019 13:38:45 +0000

I've ended up identifying basically 2 services that I need both for personal use as well as work to be efficient and safe.

1) Cloud storage - ability to store files off my own computer and synchronize with all my computers

2) Password manager - generating and storing good passwords and giving me convenient access to them when I need it

It seems like these should be pretty widely wanted things, things that have been around for a long time, and there's a lot of competition, yet I've been unable to find any good options.

My general criteria to be able to use and trust any such tool are simple:

Safe zero knowledge encryption based cloud storage and synchronization of my data - it cannot be possible for them to leak my data accidentally or on purpose
Operating in a trustworthy jurisdiction - companies from the U.S. and Australia are at least immediately disqualified as their laws make it possible for them to be forced to change their application to either break the encryption, copy all their users' passwords, or just inject their code with trojans or whatever else at any point in time - thus making them inherently untrustworthy .. preferably my data should be stored within the EU or Switzerland
Wide platform support, as I need to be able to collaborate with people, and I myself use multiple different systems - Windows, MacOS, Linux, Android and iOS are minimally required.
Easy sharing of content when I need to do it - passwords and other secrets are regularly shared within a team, and it'd be very beneficial to be able to share links to documents or other files in my cloud storage, though that is less required and more a nice to have for me

The list isn't long, it shouldn't be unreasonable, so why so many issues? Well tools exist that fulfill these requirements, but they seem to have a number of other issues that make using them difficult or at the very least unpleasant.

Cloud storage

Additional things I'd need for cloud storage are pretty limited, really I can just think of:

Ability to configure disk space usage limits
Ability to define where the local cache is stored (no need to use relatively limited SSD space when big spinning disk RAIDs are available)
No unreasonable limits to storage - optimally I want to pay for what I use, regardless of if I use 1GB or 10TB, but to back up the video content I create, photos, and so on tends to take a lot of space

What would be nice is if it had file versioning support for backup purposes, so I don't have to worry about ransomware wiping out all the files and so on, otherwise I need yet another tool for backups which will have the same number of issues.

Immediately a large number of options are ruled out due to the basic requirements of trustworthiness. All the giants like Google, Azure, Amazon, Dropbox, and many of the somewhat smaller options like SpiderOak and Backblaze just get instantly disqualified for being U.S. based entities even if they had all the other features I need. Most aren't zero-knowledge so I can't trust them with any of my data anyway. Most of the remainder typically support just Windows and MacOS.

I've been using pCloud for some time now as a bit of a compromise solution. It's not ideal, but it fulfills my needs better than the rest. Yet, it also regularly forgets who I am, zero-knowledge encryption requires extra hoops to jump through which causes some issues, it is limited to 2TB limiting my ability to use it, and .. it's unstable and has other really annoying bugs, some just "by design". If I try to transfer my source code folders into it, it will crash. The service just dies, the systray icon goes away, and the drive stops existing. It seems like it cannot handle large numbers of files. Same happens if I then try to delete the files from it. Also I can't move files between the crypted folders and the non-crypted ones, and there's other funky things going on with the filesystem that make it difficult for me to use it in general.

Tresorit seemed to fulfill most of my needs but then I got surprised that they require my phone number on their registration form, normally not a significant concern if they have a good reason for it, but I checked what it says they wanted to use it for: "Please provide your phone number so we may better help you". Immediate red flag - what is up with this? I try to ask their support, they repeat the mantra: it's to help me set up my account tailored to my needs. Err, what does that even mean? When I mentioned to them that the only valid use I know for using my phone number is SMS based 2FA, and they didn't seem to say if it was that, so I expect they're using it for marketing - they denied this. I then found out that their privacy policy clearly states that they DO use the phone number for marketing purposes. They've kinda lost all trustworthiness at this point if they can't clearly state what they do with your data and then just flat out lie about it. Also, limited to 1TB. Still, considering the amount of issues I have with pCloud I might just buy a throwaway number (costs about 1€ at a kiosk - the reason why using phone numbers for identifying purposes is not viable) and register using it.

I've even been thinking of using tools like BoxCryptor to enhance the security of an otherwise less trustworthy system, but in the past I've had bad experiences with those tools as well, especially with synchronization with multiple machines. They also tend to ruin the shareability of content, but that's the least of my worries.

Password managers

Besides the general criteria, I require from a password manager:

Ability to integrate to my browsers for both autofill of passwords (though does not need to be "hands off"), and generating new ones easily
Good password generation algorithms
Ability to survive me using multiple browser profiles on multiple devices simultaneously and overall just accessing the passwords on multiple machines.

Sounds pretty basic, so what's the problem?

I've tried a number of password managers but just can't seem to find anything that is truly good. Most of them just fail even on the basic requirements, KeePass doesn't handle with multiple computers having the database open simultaneously all that well, F-Secure KEY does not support Linux, LastPass is owned by LogMeIn - a company from the states, and so on.

I ended up switching to Dashlane as my latest full fledged experiment, and I can't say I've been happy. The basics are in place, but the experience is pretty terrible.

I keep getting logged out of Dashlane for no reason, I tell it to remember my credentials, yet I keep getting asked to login repeatedly. It's more than a minor inconvenience when your password is properly long and you've got 2FA set up on a device with also a good password required to unlock it. The browser extensions are incredibly buggy and overall poorly designed, often it just doesn't load for a website and I need to reload it several times to get the autofill to work, and it keeps suggesting saving my phone numbers, credit cards, addreses etc. which I've told literally hundreds of times by now to "never save". When I open up e.g. PayPal and Dashlane asks me to log in and I do - well .. I get redirected from the site I wanted to be on, to their dashboard for no reason. Their support is also incapable of acknowledging their software has issues, it took me literal months to initially even get to try their software as their support was so unresponsive to my clear bug reports with data about how to reproduce them and so on.

They also insist on releasing "updates" to their software on a regular basis, but unfortunately do not understand the concept of quality assurance, automated testing, etc. and thus I end up regularly with my password generator simply not working and other such critical issues. Their support insists they need to make regular updates and these cannot be disabled because of security reasons, which makes me think that if they need to release security updates every 2 weeks or so that there's a lot more wrong with Dashlane than I've seen so far.

Where am I going to find a password manager that I can trust, which doesn't annoy me all the time? I remember I had some reasons to not use 1Password, but that was a long time ago and that's probably not valid anymore. The list of options is gladly growing, but on the other hand not all of these options are obvious the first time you launch it but only after a month or a few of active use.

If I could find a good cloud storage option, then tools that do not provide their own cloud solution, such as Buttercup, would also become more viable options for me. Until then, I can't really even consider them.

Crowdsourcing research?

I'd love to pay more to get a better service, if it was available. I'd spread the gospel if I found a good tool, and recommend them to my friends, and to the teams I work in. There's just a limit of how much personal effort I can put into finding a tool. Does anyone know of good trustworthy and stable tools that would fulfill these needs?

Is Tresorit a good choice? What about 1Password? Are there others I should consider, and if so - why?

Standard Windows development environment

Erebos Manannán — Sat, 21 Dec 2019 09:49:38 +0000

Preface

Previously I've written about how to develop "like a pro" on Windows with various tips and tricks about how to get your work optimized and solve common problems. Then I wrote Aperture Control to automate some of the common setup tasks for Windows.

Standard development environment for Windows

Now, using Aperture Control and based on the tips, I've set up a repository to configure what I could consider a fairly standard development environment for Windows.

It's trying to not be too opinionated, but provide a good base to start from, and suggest some tools and configurations not everyone might be aware of yet that can significantly benefit a lot of developers. Most of all, it's aiming to be easy to take into use and customize as you see fit.

There's all kinds of things from package managers, programmer fonts (DejaVu), CygWin, placeholders for autorun cmds, to configuring local bin folder similar to ~/.bin a lot of *nix users have set up and configuring some sensible defaults for Windows and e.g. Git.

Usage should be simple: Fork / otherwise clone the repository, tweak to your liking (e.g. based on the recipe collection), and run on the machines you want to keep synced with your settings. When you have an update to make - push it to the repo and it will be automatically updated to your other machines as a scheduled task checks for updates hourly.

Discussion topic

What do you think should and shouldn't be part of a standard development environment? What are you missing, what do you not want "poisoning" your machine?

Any good practices you've come up with your folder structures, or settings for Windows or other software that you'd like to share and see spread?

Do you have a wishlist for things that you'd like to still see while developing in Windows? Maybe someone else knows how.

My personal wish: getting my terminal to support emojis and other such things properly. I like writing scripts that output 👍 for success and 😢 for failure, yet I just end up with various rectangles and other such things on my screen when I try to use them. The beta UTF-8 support does not seem to really help, and causes some additional issues for me as well.

Introducing Aperture Control

Erebos Manannán — Tue, 12 Nov 2019 17:48:58 +0000

I previously posted about how to "develop like a pro on Windows" as it seemed to me like most people really failed to understand that a lot of great tools exist for Windows that make developers very effective also on Windows.

Since then I've bumped into concepts like Nix, a purely functional package manager and have been wondering if we could reach some similar goals with Windows.

The things I wanted to see synchronized between all my Windows machines, and automated after a new installation were at least:

Installed applications
Configuration for common things like Git
Environment variables, file associations, and the like
Windows features (e.g. Hyper-V, and Windows Subsystem for Linux)
Other Windows settings (Dark Mode, sleep and hibernation, privacy related settings, etc.)

I looked around for existing tooling and ... well it didn't look like there was much around that didn't have a number of dependencies I'd have to install first, that were free, didn't require running servers, and wouldn't relinquish control of your PC to some external system.

Introducing Aperture Control

After some thinking I realized the problem shouldn't be all that difficult to solve at least partially and get into a significantly meaningful level of support with some PowerShell scripts, Batch scripts, and Registry patches.

I'd already seen a number of installers with a quick PowerShell one-liner, so I thought that might be the way I'd want to go and gave it a go.

And so now we have Aperture Control and an accompanying "recipe collection" with some of the first attempts to solve my most common headaches.

How to use Aperture Control

First step is to fork the Aperture Control repository in GitHub and customize it according to your needs.

Let's take the example that you would like to install Chocolatey, and a number of packages with it.

Step 1: Get the recipe to install or upgrade Chocolatey and copy it in your repository as recipes/01-install-chocolatey.ps1.

Step 2: Get the recipe to install packages and copy it in your repository as recipes/02-install-packages.ps1.

Step 3: Customize according to your desires, e.g. if you wanted to install 7-Zip, ConEmu, Visual Studio Code, and Windows Subsystem for Linux you would customize the script to say something like:

# Install all the packages you want to use in other scripts

choco.exe install -y `
    7zip `
    conemu `
    vscode `
    wsl `
    # This non-empty line is important, do not move it

You can find the names of Chocolatey packages with the choco search command, or via their online package search. The collection is really quite impressive (and there's Scoop as well with a few unique additions).

Step 4: Commit and push your changes to your fork.

Step 5: Run Aperture Control in an Administrator PowerShell (replace your/repository with the correct GitHub user and repository):

# Windows by default seems to block execution of PowerShell scripts
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/your/repository/master/setup.ps1', 'setup.ps1')
.\setup.ps1 your/repository

If you really want, you can also store the repository contents on e.g. an USB stick and not share the scripts on GitHub. You only need to run the run-ac-recipes.ps1 -script as Administrator then, as setup.ps1 takes care of downloading the GitHub repository contents.

The "standard development environment"

After writing a few recipes for my own use and thinking about what kind of tips I would like to share with my friends, I thought of the concept of a "standard development environment", what I would consider things that everyone should be doing.

Similar to how in Linux world it's now common to have ~/.bin in your PATH for all those little binaries you end up with, there should be a %USERPROFILE%\bin on Windows. You will want certain tools installed, better terminal, ability to configure aliases, and so on.

So with that in mind, I built an example for Aperture control to configure what I would consider a fairly standard development environment. It's still fairly opinionated on what kind of tools and configuration people might want, but it's easy to fork and configure to your needs.

I'd love to hear feedback on what kind of parts you might want to see there, what do you think is extraneous, and how it's working for you.

What's next?

There's a lot of things that Aperture Control still cannot do by itself, but overall PowerShell is quite capable and the PowerShell Gallery has lots of extra things to provide even more capabilities for it, so there really are not a lot of limits for what you can do with this.

What should be considered is if it is easily possible to e.g. deal with backing up or syncing various application settings (IDEs, browsers, etc.), and how to better deal with keeping your own custom files in the repository (e.g. for Autorun cmd) and easily apply them.

I don't have all the ideas for what problems should be solved, or how to solve them, but I imagine there's a lot of smart people out there who can contribute. YOU can help by testing it out, spreading the word, submitting feature requests and bug reports (both for the tool and the recipes), creating new recipes, and so on.

You can tell me in the comments, what would you like to see automated in your Windows environments?

Edit: Updated the tool a bit to have all the recipes stored in one folder for better control over the execution order of recipes of all types and updated the post.

Edit: Added reference to "standard development environment"

Developing like a pro, on Windows

Erebos Manannán — Thu, 11 Jul 2019 18:45:26 +0000

So it seems to me like a lot of people don't seem to value Windows for development. There seems to be a lot of misconceptions about it's capabilities, availability of tooling, and lack of understanding of what really are the options.

This guide will hopefully help you guys see that Windows is a viable option just like anything else, and not just for C#. There's also a few more generic tips about Windows use not purely useful in development.

This guide is based around my own working habits and principles, e.g. if you are developing something that requires a database, I'm assuming you want to avoid running it locally anyway as you'll quickly end up poisoning your system with various services. Instead you should typically try running such things on virtual machines or containers in one way or another.

It is also often a good idea to run more complicated development environments in managed virtual machines or containers, to ensure that resetting the environment, or getting new team members on-boarded does not require an elaborate OS specific guide that is never exactly up-to-date.

Privacy etc. concerns with Windows 10
Security
Terminal emulators
Package managers
Virtualization
GNU toolchain, CygWin and WSL
Apple builds
Scripting, aliasing, and autorun
Paths
SSH keys + Pageant
Window management
Screenshots
Emoji & UTF-8 special characters
Fonts
Git, Diff, and other such tools
What about automatic restarts?
Permissions
Automation of much of the above
Closing thoughts

(Hey dev.to peeps, care to make it easier to do these?)

Privacy etc. concerns with Windows 10

It's fair to touch on this topic to start with.

Some people seem to still have these concerns. I can't say that running an OS from any large company is safe these days, these companies sure haven't deserved anyone's trust, but it does seem like Microsoft stepped up and alleviated them pretty well, and there are unofficial tools that help with it further.

Firstly, when setting up your Windows computer or user account, just don't use a Microsoft account but an offline account. This disables some mostly useless features, like syncing Edge settings, and you might get nagged by Microsoft Store about switching your account to use a Microsoft Account every now and then but clicking "No" isn't that much effort. Pretty sure you can also convert your account or at least create a new one if you didn't do this to start with.

Secondly, similarly when installing your computer, make sure you just answer "No" to all the tracking questions, no to ads, no to extensive metrics, etc. - this really does disable quite a lot of the things that people were concerned of.

And thirdly, install DoNotSpy10 and tweak the remaining settings you're not comfortable with. It works wonders.

After these I'd trust my Windows PC at least as much as anything by Google, Apple or e.g. Canonical (behind Ubuntu, known e.g. for making shady deals with Amazon). Some Linux, BSD, etc. distributions could be a bit more privacy-conscious, but there's a limit to how much effort I'm going to put in it, and how broken a system I'm willing to tolerate.

For the truly privacy-conscious I can highly recommend Pi-Hole, it's a bit of work to set up, and doesn't really work easily as a solution "on the go", but when configured in your network you can block a lot of tracking that you wouldn't want in your network. It's kinda annoying to see just how many tracking attempts it can block from my phone apps. Alternatively I know F-Secure FREEDOME VPN has an option for blocking online tracking as well, other VPN solutions might as well.

Security

Security really is a topic that applies to all systems equally. You can get viruses on MacOS and Linux, and do stupid things online regardless of which OS you're using.

On Windows by default you're quite secure, just don't go running every random .exe in your email attachments or that malicious websites want to download, and you're fine.

The only exception is full-disk encryption, for that I don't know of any other solution that works mostly problem-free than BitLocker and that requires Pro version of Windows. There's DiskCryptor and other such things but I've ended up having to put a lot of effort into fixing them after Windows Update breaks the boot sector.

If you still worry, use something like F-Secure SAFE or any of the of the many other security suites and get protection on a higher level. This kind of active always-on security tools are btw not really widespread on non-Windows machines, so I could easily classify them as less secure.

Don't disable User Account Control (the permission dialogs), don't automatically click Yes to the UAC dialogs, and don't enable scripted content on your Office docs from random sources and you really will be quite safe.

Oh and for an extra tip: use a password manager, regardless of what OS you're using. Lots of options out there, some with more features (e.g. cross-platform sync, or sharing with other people, etc.) than others. Pick any and use it, and you'll already be a lot better secured on the internet than most people on any OS.

Terminal emulators

So as an important first step, let's discuss terminal emulators.

Nobody wants to look at or work with the old Command Prompt window (conhost.exe, not cmd.exe like most people seem to think).

The terminal suffers from many issues, it's kinda slow, has no tabbing, copy & pasting is clunky, font support is kinda bad. But despair not! There are options.

ConEmu

Tabs, split view, background customization, themes, tons of customization options, quake style slide down -option, profiles, options for running different different shells, etc.

Yes, all these are possible with ConEmu. If all you want is a good Terminal Emulator for Windows, use this. It's easy to install, no need to look elsewhere.

There's one downside that I feel I need to mention - the default prompt it's configured for is a bit annoying. You might want to edit %PROGRAMFILES%\ConEmu\ConEmu\CmdInit.cmd (check the permissions -section below for how) or tweak the settings in-app to change this.

The new Windows Terminal

Microsoft themselves realized that their terminal is kinda bad and drives away developers. So they're actively working on a new one. It's currently in "Early Preview Build" -phase, and requires Windows 10 version 18362.0 or higher. It seems very promising, but there might be reasons why you can't use it or wouldn't want to depend on it - you can just use ConEmu then.

Various cross-platform Terminal Emulators

There's now several that I've found, you've got the Node.js based Hyper that has been around for a while, there's Bterm, and like a long list of them on https://terminalsare.sexy/#terminal-emulation-applications - pick one, pick 5, try them, see what you like.

Personally I've really only liked Alacritty out of those, the others that I tried felt slow or otherwise janky, e.g. Hyper tends to randomly throw popups at you about some package.json parsing errors or other such nonsense when you're doing exactly nothing outside of running the default install.

Package managers

There's a few of them out there now, e.g. Scoop and Chocolatey to name a few. I can't with a straight face claim they're excellent, they tend to e.g. require me to launch a separate admin shell to run their commands instead of asking for privilege escalation when I run them, but there's clearly hope in this department and currently some options exist.

I personally have used Chocolatey to install a number of things and it seems to be problem-free.

Virtualization

Like mentioned, I depend on virtualization to keep my various development environments etc. separate from my host OS, regardless of what OS is in question. It just seems wrong to poison your main OS with various project specific dependencies etc. that are likely going to start causing conflicts and other unmaintainable situations sooner or later.

As I tend to work only in a OS-agnostic way, all development I do needs to work with cross-platform tools. There's really only 2 base technologies you can do that with that I'm aware of right now:

If you know you'll always be using Docker only, then no problem, go and install Docker using their recommended methods for Windows and you're golden. It depends on Hyper-V and the installer will enable that for you if you don't have it installed yet, and that should solve all your problems. I've never been ok with Hyper-V myself so there's a high chance you'll end up with some random problems with e.g. anti-cheat systems in games and other things, but for pure development use it should be fine.

For any other cases I would highly recommend using VirtualBox, and if you also need Docker, either installing it via Minikube (managed Kubernetes environment, with easy access to Docker via minikube docker-env) or the old & vastly superior Docker Toolbox for Windows. Docker really is run by a bunch of people out of touch with reality, so they make it incredibly difficult to make it possible to run the working version of it

I'm specifically discounting VMWare as an option as it doesn't play as well with all the tools you want to use to manage your virtual machines, e.g. Vagrant, and it's not really seemed worth the cost to me for years since VirtualBox has significantly matured.

GNU toolchain, CygWin and WSL

Some of the GNU tools (and some other typical *nix tools as well) are pretty nifty, and while Windows does come with some similar command line tools and Power Shell might be able to do a bunch of similar functions in a neat way, I gotta admit that I've never been super happy with either option.

What I do is I install CygWin (I use the x86_64 version) and put it on my PATH, and use the CygWin setup tool to manage the various things I might want to install. Why use nslookup when I can just use dig, curl is easy to install as is grep, and ls beats dir as well. There are some occasional issues when a tool bundles their own cygwin1.dll or if you also end up installing MSYS2, but these tend to be rare and fairly easy to solve. I guess MSYS2 is also a viable alternative to CygWin though I have little personal experience with it, it uses pacman similar to Arch Linux for package management and that's kinda neat.

Then when I hit some of the rare cases when Windows support for some tool I really want to use kinda sucks, I tend to be able to run it quite well under Windows Subsystem for Linux (what a terrible name) aka WSL. As an example I had some issues with running Jekyll on Windows because their developers apparently don't care to make their tools cross-platform, ran it in WSL and it was fine.

With WSL there's the extra fun bit that I can run an X Server on my Windows, e.g. VcXsrv and have even GUI utilities run. There's still a lot of limitations and e.g. getting PulseAudio routed to the real Windows -side seems near impossible atm, but there's again quite a bit of promise here.

On top of that, I sometimes really rarely fire up e.g. Fedora on VirtualBox to try out some of the software that doesn't work even under WSL.

Apple builds

Need MacOS for builds of your iOS/MacOS application? Think you need to buy Apple hardware for that?

There's various build automation systems that take care of it as well as things like MacinCloud that help with that.

So this also does not stop you from using Windows, and a solution like this might steer you towards the right choice of cross-platform development 🙂

Really this kind of hostile business practices should be reason enough to boycott a company like Apple, but sometimes you have to deal with the realities that you want to also release your app for the people who do run Apple hardware.

Scripting, aliasing, and autorun

BASH scripting is kinda neat for some things, and people know how to set up their favorite aliases on it easily. However this is not the only option.

The Windows shell supports many basic operations anyway, especially if you already installed CygWin/MSYS2. I can e.g. run find . -name "*.sh" -exec git update-index --chmod=+x {} ; or cat README.md | grep https:// just fine. Env variables? Can do, just use set FOO=bar.

Batch scripting has been around for quite a while, and while it looks unfamiliar to most, it's typically capable enough to perform your most common problems.

You can write .bat or .cmd scripts, as well as just run them inline. E.g. instead of something like $(minikube docker-env) to execute the output of that command, you can run @FOR /f "tokens=*" %i IN ('minikube docker-env') DO @%i - looks quite funky for sure if you're not used to looking at it, but works just as well. There's also the option of running VBScript for some things outside the scope of the capabilities of Batch scripting, but as always, I tend to prefer the cross-platform solutions.

You CAN just run your BASH scripts on Windows, install bash via CygWin (or use WSL), and they tend to work fine if people are careful with not assuming certain things.

For anything even slightly more complicated, the options tend to be writing your scripts or tools with e.g. Python, Go, or Rust. Ruby is a widely used option as well that some use fairly successfully but it seems to me distributing tools made with Ruby is kind of a pain. If you're doing JavaScript development you can just use npm scripts or the various CLI utility libraries.

What about aliasing then? What if you want your ls to actually run ls -haF --color=always? Well, there's a solution for that.

DOSKEY ls=ls -haF --color=always

It's again, kinda odd if you've never seen it, but it works.

Want to make this permanent? There's way to do it via ConEmu and some others' tools, but for a more universal solution is where the autorun comes into play.

Create a script, e.g. in %USERPROFILE%\init.cmd and put your things in there. For compatibility and convenience prefix the thing with a line saying @echo off to disable the commands being output every time a new shell is started.

This makes the whole file look more like this:

@echo off
DOSKEY ls=ls -haF --color=always

Now you'll want to open up regedit.exe and browse to HKEY_CURRENT_USER\Software\Microsoft\Command Processor and create a new "Expandable string" value called Autorun (if one doesn't exist yet) with the data %USERPROFILE%\init.cmd (or the path to where-ever your script is).

If you trust your computer's security on random scripts you found on the internet (ever noticed how often people just curl and blindly pipe it to bash? 🤢), you could also save this as autorun.reg and double-click on it.

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"Autorun"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,69,00,6e,00,69,00,74,00,2e,00,63,00,6d,00,64,00,00,\
  00

That will give you a script that you can easily edit and get your aliases or other common commands e.g. to set up your Docker environment or whatever you want for each instance of cmd.exe you are running regardless of which terminal it is in.

Paths

Some people might not be aware of this, but you can manage the PATH in Windows as well. You can either do it via the script above (set PATH=%PATH%;<new item> - notice the ; and not : as the separator), or via the View advanced system settings option you can find in Control Panel / Start menu. In the System Properties dialog that opens up, on the Advanced tab, click on Environment Variables, find either the system-wide or user-specific Path and click Edit.... Pretty easy, right?

Put your CygWin bin directory here.

SSH keys + Pageant

SSH keys are a bit annoying on Windows in my experience, because the only decent tool for generating them seems to be PuTTygen from the PuTTY -suite, but it uses it's own format by default and you need to find the options to get proper standard OpenSSH compatible stuff out of it. It is however very much doable.

Pageant is the SSH key agent for Windows. I've yet to find another one that actually works.

Use the PuTTy installer to get PuTTygen as well as Pageant. Use PuTTygen to generate your keys, store the .ppk files somewhere on your filesystem, and if you want to keep them always loaded add Shortcuts to them to your %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup -folder and when you log in they will be loaded to Pageant.

If you do this make sure you have your disk fully encrypted and have reasonable security, you do NOT want your SSH keys to be easily stolen.

Window management

For me WinSplit Revolution has been doing what I need for organizing my windows quickly and effectively, but it's not for everyone and the official project is dead. There's a fork WinSplit Reloaded but it doesn't seem actively developed either.

There really is a lot of options out there though if you need them, just check out https://www.slant.co/topics/1249/~best-window-managers-for-windows#1 for a list of some others.

Screenshots

I used to run https://getgreenshot.org/ for screenshots, and I kinda feel like I still should .. but LWin+Shift+S is enough for me to quickly copy a part of my screen and paste it into my communication tools so I rarely need anything else. I've heard a lot of good about LightShot as well, and really there's a number of options as well, here's again one list of options: https://alternativeto.net/software/greenshot/?platform=windows

Emoji & UTF-8 special characters

Nowadays LWin+. opens an emoji picker, which is pretty nifty when you want to add stuff in your output, documents, or whatever. 👍

It's admittedly kinda clunky in some ways (I tend to hit Esc to close it), but after using it for a while it feels pretty natural.

Fonts

Like all other systems, Windows also supports fonts, incl. the very standard TrueType -fonts. These can be used to make your IDEs, as well as your terminal emulators more clear and better looking. I personally really like to use DejaVu fonts for both my terminals and IDEs, as they have a nice clean look to them where all the characters are clearly different.

Installation is as easy as downloading the .zip, opening up Fonts (in Settings or Control Panel).

It seems you can get some fonts from the Microsoft Store as well, but really the offering there is quite minimal.

Git, Diff, and other such tools

Forget that awful Git Bash for Windows that people seem to end up with. It poisons your system with some awful attempt to get BASH in just to run Git and fails at making it work really well.

For CLI use you can either use the official binary from https://git-scm.com/download/win, or again install it via CygWin. Both should work, both likely need some configuration to get your diff tools working perfectly, and maybe setting up a GIT_SSH environment variable to get it to use plink.exe (again from the PuTTY package) to use Pageant for your SSH keys (https://stackoverflow.com/a/10353937/3989287).

However, why would you use CLI when you can use a GUI tool that will give you much better understanding of the state of the repository, and the changes you're about to commit?

My personal favorite atm is GitKraken but SourceTree and many other options exist.

For diffing, I've got a soft spot for WinMerge. I've never met a diff/merge tool that does what I need from it better than it. Many options exist again.

What about automatic restarts?

Yea, Windows has a tendency now to automatically install updates and reboot when necessary. It is kind of a security feature, and typically causes little annoyance if you have your editors set up to save files automatically (though some like Sublime Text now remember the content even without saving), and don't tend to have massively important things running in terminal emulators or incognito windows or similar.

The easiest way to avoid such issues is to set up the "active hours" under Windows Update settings - it will prevent your updates from happening during working hours or similar. Similarly if you are going to an important meeting, maybe just pause updates completely - there's a new "Pause updates for 7 days" -button in the same Windows Update -settings.

To me personally that is also not enough on some of the computers I work on because I might leave e.g. this post open for a long while and I don't want to come back to it being gone.

There's a number of additional things you can do depending on your edition of Windows.

Depending on your needs and circumstances some of these are more applicable than others.

Permissions

But what about the pesky file permissions? I can't edit the files when I need to!?!?

People just fundamentally don't understand file permissions on Windows. People disable User Account Control, or just install things outside of Program Files or similar to work around the permission system they don't understand instead of learning it.

That's like recommending you to run everything as root or running chmod -R 0777 / on Linux, or disabling SELinux - insane, but you 100% know people that have done that because they just can't be bothered to learn.

If you need to run a command and you don't have permissions to do the thing - run the command prompt / other application as an administrator, it's easy. In the Start Menu you can typically right-click on any item and choose "Run as Administrator". Think of this as sudo.

Well what about when you feel like your user should have access to the files and you don't? You can edit the permissions for the specific files or folders.

Open up the File Explorer, browse to the content in question, right click on the entry and choose "Properties".

Then switch to the "Security" -tab and you can view the permissions set for it. Want to change them, e.g. to add permissions for yourself?

Click Edit..., then e.g. Add... and when it asks to "Enter the object names to select" you can just write in your username, in my case Lietu and hit OK.

With yourself selected on the screen you can then e.g. click on the Allow checkbox for Full control, and click OK on the dialogs and voilá your problem is solved.

This is more akin to sudo chown <username> file.

Automation of much of the above

I wrote a tool to automate many of these things, Aperture Control - free (BSD 3-clause) tool and collection of PowerShell scripts, Batch scripts, and Registry patches, to e.g. install various tools automatically from Chocolatey and Scoop, or configure your Windows setup as you like.

There's a collection of ready-made recipes for it available at https://github.com/Lieturd/aperture-control-recipes, which hopefully will keep growing.

Using Aperture Control I also wrote a template that I consider a good standard development environment and a great base to start using Aperture Control from. Hopefully it helps you out too. It's somewhat opinionated but I tried to leave most personalization tweaks outside of that and just add things I think are pretty universally required or make developing on Windows better.

Closing thoughts

I've been a heavy *nix user over the years, but really I find it impossible to find a *nix desktop I'm comfortable with.

Windows used to be much worse, I get it if you have had bad experiences, but since Windows 7 came out Microsoft has really significantly improved on stability and reliability. The errors that you might bump into are easier and easier to find solutions for online, and you just generally have less of them. I've found @MicrosoftHelps on Twitter to really be some of the best customer support experience I've had.

Linux has too many issues with drivers, bugs and poorly designed features, e.g. drag & drop not working or having separate clipboards for mouse selection and Ctrl+C & Ctrl+V.

MacOS is too dumbed down without even having basic ability to control the volume per application, or tweaking any settings at all really. If you don't like the way Apple likes it, too bad.

There really are no other mature enough desktop environments to have the tooling I depend on.

Windows has been a good development environment for years, and keeps getting better and better with Microsoft actively fixing issues, adding things like WSL, and really listening to feedback from developers.

And on top of all this, you can get a much more powerful working computer, with e.g. built-in 4G modems, touch screens, etc. for the fraction of the price of a Mac.

I would like to hear if you guys got any other tips, or problems with Windows development environments you might want to mention - we could maybe solve together some of these painpoints that are still remaining.

My next goal might well be to try and automate a bunch of what I wrote above - get myself a nice Windows environment set up by running one Batch script or VBScript file. If you've got any tips towards that I'm all ears 🙂

Financial support

This work has been made possible thanks to Cocreators and Lietu. You can help us continue our work by supporting us on Buy me a coffee.

Setting up a company's IT

Erebos Manannán — Fri, 02 Nov 2018 19:06:26 +0000

Preface

This is a set of tips, guidelines, etc. that you should follow to make sure your IT operations run smoothly, securely, and cost-efficiently. You should go through the list and pick the low hanging fruits first, and then see which ones you should implement later.

If you're just starting a new company, most things should be easy to set up right from the start and doing so will help you ensure that things continue to are done right in the future as well, as you need to always accommodate for those decisions.

Data storage and access

This is how you keep and access your email, company's shared documents, and handle authentication to various services.

Password storage (EXTREMELY important)

First and foremost, how you store your passwords, both for a single user and how you share e.g. login information to bought services, is a crucial first step to ensuring both smooth and secure operation.

We've all heard about how Sony and other even big companies with clearly the necessary budget to do things properly, have managed their passwords on Excel sheets that then get put on low security environments for easy access.

There is really no excuse to not invest in a password manager, that both:

Ensures the passwords you use, are unique and strong.
Allows secure sharing of your passwords, among team members.

Some excellent options for password managers are (in alphabetical order):

They all have their own pros and cons, and you need to evaluate them for your own purposes, however Buttercup is slightly more different from the others as it leaves the storage of the passwords for you to decide. With the others, you will always use their cloud storage (not certain of all of these, but typically zero knowledge encrypted) to store the database in, but with Buttercup you can use whatever you like (Google Drive, Dropbox, your company's file server, whatever).

The paid services typically are about $5-$10/mo/user, so not a drain on even a small company. However, if price is an issue then Buttercup (or KeePass, or other similar systems) are worth taking a look at.

You should ensure that all the company employees AND external parties who have access to your shared documents etc. use similar secure methods for their passwords.

Two-Factor Authentication (2FA)

Quite a few services with any security implications for you support 2FA using various different means. The easiest to set up typically is using either Google Authenticator, Authy, or similar mobile app to generate 2FA tokens, but a YubiKey can be a good investment as well and offers many surprising integrations to e.g. PAM on Linux servers and Windows Hello.

You can avoid a large number of issues by having Two-Factor Authentication set up on your:

Password managers
Collaboration and productivity tools (Google G Suite, Microsoft Office 365, ...)
Web based email
Social media accounts (both company's accounts and everyone with access to e.g. your company's Facebook page)
Cloud hosting systems (AWS, Azure, GCP)
Really anything that supports it

These should be required by company policy and software configuration where possible. Once the staff has used these for even a short while they become second nature and don't really bother people, even if they feel like a chore to begin with.

However, storing your backup tokens etc. becomes another little hurdle.

Document storage

Often you will want to write documents available for multiple people in your company and not just for yourself. Even if you're writing for yourself, you might want your documents to be stored securely and without risk of you losing them. Additionally sharing documents between your different devices might be a thing you might want to do.

The worst option you can do, typically is to juggle your documents and their hundreds of different versions over email, but this is still the de facto standard in quite a few places.

Your priorities might vary, but at least the following considerations might be important to you:

Security (no unauthorized access)
Reliability (no accidental loss of data)
Sharing (allowing access to other people)
Convenience (e.g. simultaneously editing a document, etc.)
Version control (knowing where to find the latest version, and keeping history)

There are several good options for this, and how much value you put on each of these areas will affect your decisions.

Some of the obvious easy answers are:

These tools definitely rank high on sharing, and convenience, as well as version control. Typically security is pretty high too, making it possible to e.g. require 2FA, but some people just don't like U.S. corporations controlling their data. They also don't store the files in a zero-knowledge encrypted manner, which might be something you'd like.

Other options I've seen used and have used to various degrees of success are:

These all operate on a quite different fashion, as both Google and Microsoft provide high degree of convenience, but using these tools e.g. simultaneous editing of documents is going to be very difficult, and version control might have to be done using filenames (progress report 2018-11-02.docx). However, at least some of them can provide higher degrees of security (zero-knowledge encryption), and potentially other benefits to you.

As a side note, if you ever use file/directory names for versioning, grouping or similar, use ISO-8601 (YYYY-MM-DD) to make sure they get sorted properly.

Regardless of which option you choose you still need to worry about backups - human error happens and an accidental drag & drop or fumble on the keyboard could wipe your whole storage.

Backups

What you really need backups for are at least:

2FA backup codes
Legal documents, book keeping information (invoices both in and out, etc.)
Corporate documents
Passwords (at least if you don't rely on a service with it's own cloud storage)

How to manage backups is unfortunately still not an easy subject, even in 2018. There are several complications, and security risks associated with backups as well.

Some of the problems are if you store your documents on these cloud storage systems, you need a system able to read the files from there, before it can back them up. Additionally if your backups are not stored securely, in an encrypted format with restricted access, they might become a new weak point in your security strategy.

Some systems that may help with this are (in alphabetical order):

If in a pinch, you might get reasonable backups by using something like rsync on a secured server, but hard disks fail even on backup servers, so it's yet another little thing to monitor and worry about.

Internet security

It's important for you to make sure that at least for critical things your Internet usage is securely handled.

E.g. your personal social media use, gaming, etc. should optimally not be done on machines you work on. This so you limit potential damage of ransomware, other malware from getting to your corporate banking, or people stealing your secrets.

Additionally, it's good to use tools like HTTPS Everywhere, and trustworthy VPNs to reduce the chances of your communications being intercepted while at an airport or cafe or similar. Having anti-virus software (yes, even on your Mac) is also important to reduce chances of malware breaches, and limit their potential damage.

One of the best packages I've seen so far is F-Secure TOTAL, which combines antivirus, password manager, and VPN service in one package. There are however many other excellent VPN services, as well as antivirus tools, so you should check them out and evaluate them with your own needs in mind.

Also make sure your office router is properly configured, with a unique strong password, so you don't fall victim to the simplest possible forms of attack.

It's also a good idea to make sure your work machines are properly firewalled, and that you regularly run software updates. This applies both on your work machines, as well as that little web server you bought from that nice hosting company 5 years ago. Having someone replace your homepage with a goatse is not exactly good advertisement.

Limiting access

Does your CEO (or the CTO for that matter) really need all the SSH keys to your servers? Access to all the passwords? Admin account on every service you use?

The same question applies in addition to the CEO to most other people - you should limit access to systems that are relevant to the person's work, and access levels as well.

This simply so when accidents happen, the scope is limited. It's best if you can have different admins for different systems, so a compromising a single person does not compromise all your systems.

Physical security

In addition to threats from the Internet, you're always at risk of physical attacks, and more likely, negligence - e.g. losing equipment.

Make sure your office has locks and alarm systems, as burglaries happen even in nice places and you don't want to lose that backup server in the back room.

It's a bit questionable if this belongs in this section, but encryption is important on every system. Make sure all your work machines use full disk encryption, as well as BIOS passwords or similar when possible. BitLocker is a pretty decent tool on Windows machines (though it regularly gets automatically paused with updates for some reason so be careful), and Macs have FileVault.

These rules should also apply to all phones with any work material on them (email, collaboration tools, password managers, access to company social media accounts, ...) - they should be fully encrypted, and require strong password to unlock.

Now, your CEO might feel these rules don't apply to them, but you should assure them that they are not infallible either and get them to see the light.

PCI-DSS

If you operate any kind of online store, you probably fall under PCI-DSS (Payment Card Industry Data Security Standard) regulation at least on some level. For at least the lower tiers of self-certification completing the above should ensure you're fulfilling their requirements.

For higher tiers you might have to do additional work, e.g. locking down what people can do on the work machines they use for certain actions. This is not exactly pleasant for anyone, so it might be best to limit the exposure to PCI-DSS regulation either by using 3rd party payment solutions, or by organizational structures, but this is a very lengthy topic and I'm not the best expert on these.

GDPR

The GDPR requires quite a few little things from your company, among which are most importantly that you:

Know where your data is (especially personal data) and who you share it with (e.g. Google Analytics, PayPal, your accounting company)
Use reasonable means to secure that data (encryption, limiting access, etc.)
Keep only the minimal amount of data about people for your needs
Notify your customers of breaches in a timely manner (a few days within breach)
Get consent from your customers for processing their data
Avoid collecting sensitive personal data (race, political preferences, religion, union status, health, sex life, sexual orientation, even e.g. hobbies)
Provide easy way to get a copy of their data to people who request it
Provide an easy way to have their data be deleted for people who want it

Now the above steps help you with security quite a bit, but leave most of the others still for you to figure out.

To get you on the right mood to solve this problem, you might want to check out the "GDPR nightmare letter", which is quite exaggerated but highlights many potential issues for your company: https://www.linkedin.com/pulse/nightmare-letter-subject-access-request-under-gdpr-karbaliotis/

Other resources on the matter:

Final words

There's probably still a lot missing, especially for tool and procedure recommendations, as well as some topics completely.

I'll try to update this over time as I get new ideas to add here.

What do you think about the suggestions? What did I forget to mention? Let me know in the comments.

I at least identified a need to write more on:

Internal communication tools (Slack, Discord, Microsoft Teams, and the like)
Calendar
Email

DEV Community: Erebos Manannán

Developer hacktivism for Ukraine

Preface

What can I do?

Software authors, OSS project contributors, website owners

Programmers of any level

Other members of the development community

Desired effect

Please, sell me good services

Cloud storage

Password managers

Crowdsourcing research?

Standard Windows development environment

Preface

Standard development environment for Windows

Discussion topic

Introducing Aperture Control

Introducing Aperture Control

How to use Aperture Control

The "standard development environment"

What's next?

Developing like a pro, on Windows

Table of contents

Privacy etc. concerns with Windows 10

Security

Terminal emulators

Package managers

Virtualization

GNU toolchain, CygWin and WSL

Apple builds

Scripting, aliasing, and autorun

Paths

SSH keys + Pageant

Window management

Screenshots

Emoji & UTF-8 special characters

Fonts

Git, Diff, and other such tools

What about automatic restarts?

Permissions

Automation of much of the above

Closing thoughts

Financial support

Setting up a company's IT

Preface

Data storage and access

Password storage (EXTREMELY important)

Two-Factor Authentication (2FA)

Document storage

Backups

Internet security

Limiting access

Physical security

PCI-DSS

GDPR

Final words