DEV Community: nickmaris

Scammer at dev.to?

nickmaris — Sat, 06 Nov 2021 23:29:22 +0000

Update: My bad! I was displaying my email at my dev.to profile... Still it's good to know a scammer who is around, this happened just a few minutes ago...

I have a unique email through burnermail for most services I use, including dev.to.

Recently I got an email with body "hola" and an empty subject from a scammer and to my surprise it was towards my dev.to email address? How did they find it? I haven't used it anywhere else and I haven't published it anywhere.

Any ideas? Has this happened to you too?

Are you blocking any trackers manually?

nickmaris — Sat, 03 Jul 2021 21:11:57 +0000

Do you check whether you access domains you don't want and then block them?

For example, the android app of n26 has quite a lot of trackers like:

Button (and Branch that is now part of Button)
Adjust
Mixpanel

Similarly, ynab has:

I didn't expect a bank app and especially a personal finance app to track me so much.

They are now in my nextdns denylist along with the nogoogle privacy filter of nextdns until I get rid of these apps.

DEV loses selected theme on android

nickmaris — Wed, 17 Feb 2021 17:32:32 +0000

Sometimes the android client of DEV switches to the default theme when I open it, has this happened to you? When editing a post and publishing, it should the right theme for a moment and then again goes to the default theme. It seams that something is triggering a fallback to the defaults.

I use the night theme, you?

80% less distractions with 20% more privacy

nickmaris — Tue, 02 Feb 2021 20:04:22 +0000

Less notifications and less targeted ads over blocking apps/sites reduces my internet addiction and this post is about how I did that. I was addicted to distractions limiting my attention and memory span:

recommendations by chrome to news sites, tech blogs and youtube
push notifications of my gmail

I don't know if I have Attention Deficit Hyperactivity Disorder but I do know that blogging is helping me and I make friends this way too!

Things started when I watched Social Dilemma and wrote my post Privacy is not about addiction. I have realized that the root cause of my stress is internet addiction, not any lack of privacy. By taking the following measures to protect my privacy, I have managed also to reduce my internet addiction too. Now it is less trivial for any kind of recommendation system to grab my attention as:

the content it recommends me is less relevant to me
it is harder to push me to do something as there are less temptations, less Like buttons, less ads and less push notifications

If I want something, I consciously do something about it or plan for it without wasting my time so even play-time like watching a movie is a conscious act. Sounds liberating, isn't it?

Search engine

Ecosia is using Bing search engine but with an interesting privacy page and when I cannot find what I need (like a technical term), I just put 'g' as the first word in my search and it switches to google search.

📱 Email client

Spark knows for which emails received it is worth creating push notifications and which are just a matter of putting a number next to its icon at the wallpaper in my phone screen. It can block images so that you can block pixels too.

📱 Youtube client

Newpipe on fdroid is a youtube client without ads and without tracking. On desktop, to avoid tracking and ads on youtube, I search for a specific video on google, copy address, paste it and go to youtubepp and download it.

📱 Less apps

Log in intentionally to your social media accounts from your desktop/laptop instead of checking such apps contantly in your mobile. Delete the apps and if you cannot do so, disable them. For example, do you really need google phoyos? Delete it. Do you really need facebook and the "Google" app? Disable them.

Create an email account for newsletters you care but do not add it in your mobile. Instead, plan a timing in a day/week/month to check that from your desktop/laptop.

Replace your mobile homescreen with just a few key apps or notes or photos or contacts of your loved ones. Make it less tempting to distract yourself.

Less notifications

Less push notifications means less distractions. Turn off notifications from all apps apart from what you really need to be notified and not just check it on demand. About any device remember, we are the masters, they are the slaves, not the opposite. Ok, you needs notifications for calls and sms but are all of your communication apps so important? Bank apps, password manager, firewall, antivirus, yes but are you calendar reminders properly configured?

Internet browser

Changing browser can be a small or a big effort depending on how deep you want to go. The 4 extensions below are for firefox browser in a desktop. And if you really need chrome, keep the first 3 and use vivaldi browser or just use vivaldi without any extension in a desktop and in your mobile. In any case, I don't like syncing my browser with gmail and letting my gmail know everything I do online. Now instead of relying on syncing browsers with an account at firefox/vivaldi, I just have 1password (as a password manager and as an authenticator and if you don't mind filling your credentials with a keyboard shortcut use bitwarden which is cheaper) and keep a few notes of my setup. Afterall, when I tried syncing, I found the UX a bit messy and sometimes buggy too. So the browser extensions is more a matter of diminishing returns than a core change.

Privacy Badge: Blocks cookies with domains cookies collecting unique identifiers after it was sent a Do Not Track message. Focus only on google, facebook and amazon and check whotracks.me.

Ghostery: Blocks cookies with unique identifiers and keeps data sent in headers and the URL path that cannot be unique

Trace is spoofing browser fingerprinting. Check here the section "fingerprinting resistance".

Multi-account containers: Prevents one tab from reading your activity on another tab. To get an idea, check the BrowserLeaks tool from Pixel Privacy and their guide about Browser Fingerprinting. For example, you need facebook to interract with specific individuals or groups? Fine but open it in an empty container and then logout. Same for twitter and linkedin.

As regards the tracking cookies, they are usually used for advertising purposes, retargeting in particular. Retargeting is a tactic that often relies on tracking cookies to show ads to people who have previously visited a specific site or shown interest in a particular product. Tracking cookies can record all kinds of information: browsing history, search queries, purchases, device information, location, when and where you saw previous advertisements, how many times you’ve seen an ad, and what links you click on. So for sites that you always want to be logged in and you can properly manage their cookies, use their apps or find alternative services.

Diminishing returns

Now the 80% of the effort for more privacy would go I guess to things like the following but it won't make any big different in e.g. the relevance of the ads I get:

Email service provider. As a rule of thumb, use an email account that people know and another one that services know. The first one is hard to change but for new services you can start using a new one and gradually move away from what you have. Zoho mail has a nice privacy page and its online versions of word, spreadsheet, powerpoint, calendar and google drive alternatives are pretty interesting and free.
Delete social media accounts you don't need and ask friends not to tag you on social media you keep.
Switch from google maps to Osmand
Entering paranoid mode about IP... hide your IP with a VPN that is also sold by mozilla and its privacy policy is the most transparent I have ever seen or a new VPN that also protects you from your ISP spying on the domains you visit
Use Tor on top of VPN to hide from your ISP the fact that you use Tor and route all of your traffic through Tor. I wouldn't recommend the most popular tor-over-vpn services like nordvpn because that would defeat the purpose as for the most popular services it would be tempting to sell your data. At this point you would watch videos on which of the endless settings of your phone to disable like turning off the Samsung Customization Service from all apps.
Entering paranoid mode about GPS... Forget uber, buy a GPS navigator, use mainly your desktop/laptop and buy a lightphone
Entering paranoid mode about GSM... VoIP through your laptop instead of your phone to avoid IMSI geofencing
When travelling, get an international SIM card as stated here like this
The sky is the limit.

Personally I started following the first 3 but I didn't bother with the rest as I would need first to radically change my habits and I don't want that now. For example I managed to delete my facebook but my colleagues are on whatsapp so I still use whatsapp. Technology alone is not enough, you need discipline but the few changes above gave me less temptations for distractions.

Dev workflow from android

nickmaris — Mon, 11 Jan 2021 03:24:56 +0000

Yes, it's a hack and yes the speed is much worse than using a laptop but for a few weeks now I have decided to sleep 17:00-1:00 and take care of my newborn baby 1:00-9:00, so that my wife can sleep. If I sleep let's say for 1 hour when my baby manages after Colic pain to sleep for a bit, then it would be hard for me to wake up, so here is how I avoid falling asleep.

I wanted something more than vim as the touch keyboard in my mobile phone doesn't really help and something faster than dcoder.

Terminal

Install the open source android app termux.

Open termux, run mkdir $HOME/projects to run commands there and run pkg install git nodejs

Code editor

Install the open source android app acode.

Open termux and run termux-setup-storage. You will then be prompted to "Allow Termux access photos, media and files on your device". The contents of the created $HOME/storage folder are kind of symlinks to different storage folders with the most important here being the root of the shared storage between all apps ~/storage/shared. In my case I have folder ~/storage/shared/Git to edit files.

Edit javascript and run it

As the storage folders emulate fat32 you need to copy your modified files to a folder under $HOME/projects that supports symlinks, so create the following run.sh and chmod +x run.sh

#!/bin/bash

# changeme
projectName=reduce

destDirectory=$HOME/projects/
originDirectory=$HOME/storage/shared/Git/$projectName
cp $originDirectory $destDirectory -Ru
cd $destDirectory/$projectName

# changeme
npm install
npm start

Adjust the script to your needs and whenever you are ready to test your site, run the script.

Markdown editor

Install the open source android app markor and note that /storage/emulated/0 points to $HOME/storage/shared of termux and /Internal storage/ of acode. Its syntax highlighting and preview are amazing.

What about gitlab?

I love gitlab but don't try firefox from android, cloudflare keeps reloading when loading login page. And in chrome, don't expect copy-paste to work from a mobile phone.

Enjoy

Have fun!

Tips to parents: Colic is common, just set your mobile phone to flight mode and in a few weeks time it will be gone. Trust me, it's my second one :)

Reconfigure from gitlab.com

nickmaris — Sat, 12 Dec 2020 09:00:44 +0000

Gitlab has many features worth exploring by configuring mainly the gitlab.rb file of gitlab and the config.toml file of gitlab-runner. Reconfiguring my gitlab instance and runner from gitlab.com helped me:

for each set of configuration parameters I consider using, now I can review and document my intention behind them and any manual steps needed, so opening an MR helped
keep track of what didn't work, how it failed and why in order to avoid repeat it, so closed unmerged MRs and their build job logs helped too!

Setup gitlab

One local ubuntu 18.04 VM named gitlab.prv with an omnibus installation of gitlab. Omnibus is the recommended installation method too.
Domain (a dynamic one set up in my router), router forwarding ports 80 and 443 to the same ports of gitlab.prv and have let's encrypt of gitlab installer generate SSL to work from browser but also when registering a runner. Otherwise, installing gitlab would be more complicated.

Configure gitlab

It is more safe to create a shell runner than to expose the ssh port of your gitlab and use the default shared runners of gitlab.com.

At gitlab.prv assuming your user is XXX, run the following. The first command prevents this issue on debian based OS and needs sudo -E to pass the env var to systemd later on.

export GITLAB_RUNNER_DISABLE_SKEL=true
wget https://s3.amazonaws.com/gitlab-runner-downloads/master/binaries/gitlab-runner-linux-amd64
chmod +x gitlab-runner-linux-amd64
mv gitlab-runner-linux-amd64 gr
./gr run

Then in another terminal run ./gr register set as coordinator https://gitlab.com, for the token check runners section at /-/settings/ci_cd page of your project at gitlab.com that holds the gitlab.rb file in the playbook.yml and the following .gitlab-ci.yml and as executor set shell.

reconfigure:
  script:
  - sudo cp gitlab.rb /etc/gitlab/gitlab.rb
  - sudo gitlab-ctl reconfigure

Then kill gr and run it as a service:

sudo -E ./gr install --user XXX --syslog --config /home/XXX/.gitlab-runner/config.toml
sudo -E ./gr start

Setup runner

The rest of this post is overengineering but it was fun :)

Reconfiguring an executor sometimes requires restarting the runner so the runner that runs the provisioner is a docker executor running ansible in a separate local VM:

One local ubuntu 18.04 VM named runner.prv with amd64 binary of gitlab-runner. You don't want your gitlab to be slow or go down in case your runner experience performance issues, so having it on a separate VM is recommended by gitlab too.
One local ubuntu 18.04 VM named ansible.lan with docker and ssh access to the runner VM to run ansible. That could be gitlab.prv by the way as it won't be heavily used.

A few oneoff configurations worth mentioning:

At runner.prv sudo EDITOR=vi visudo and add NOPASSWD: ALL
At runner.prv mkdir ~/.ssh
Login with ssh from ansible.lan to runner.prv once to add it to known_hosts
At ansible.lan install docker through snap so that it is set up with overlay2 and start on boot.

In case you wonder why I use ansible only for the runner, running reconfigure (which triggers chef) as an ansible task was not fun as it broke the build logs in gitlab.com.

Configure runner

Install the gitlab runner at ansible.lan as before but register it with type docker. Then, assuming your user is XXX, at ~/.gitlab-runner/config.toml set volumes in docker section as ["/home/XXX/.ansible/roles:/root/.ansible/roles", "/home/XXX/.ssh:/root/.ssh:ro"].

To tail logs of the systemd service: journalctl -u gitlab-runner -f

To run the runner locally assuming the repository is cloned at ~/runner even with changes that are not committed: ./../gr exec docker srv-and-runner --docker-image "spy86/ansible" --docker-volumes "${PWD}:/work:ro" --docker-volumes "/home/XXX/.ansible/roles:/root/.ansible/roles" --docker-volumes "/home/XXX/.ssh:/root/.ssh:ro"

To run it at ansible.lan: ansible-playbook playbook.yml

Files

.gitlab-ci.yml

variables:
  PYTHONUNBUFFERED: "1"
  CI_DEBUG_TRACE: "true"
  ANSIBLE_CONFIG: "ansible.cfg"

srv-and-runner:
  script:
  - ansible-playbook playbook.yml

playbook.yml. Note that once you register your runner to your gitlab instance, you have to copy your config.toml manually here

--------
- hosts: runner.prv
  name: runner
  become: yes

  tasks:
  - name: Setup
    blockinfile:
      path: /etc/gitlab-runner/config.toml
      block: |
        concurrent = 1
        check_interval = 0
        [session_server]
          session_timeout = 1900

  - name: Restart
    shell: "gitlab-runner restart"

ansible.cfg

[defaults]
inventory=inventory.ini
no_target_syslog = True
host_key_checking = False
retry_files_enabled = False
PY_COLORS = 1
ANSIBLE_FORCE_COLOR = 1

inventory.ini

[all]
runner.prv

[all:vars]
ansible_python_interpreter="/usr/bin/python3"
ansible_ssh_user="XXX"

Your turn

Now you can try that by making 2 private projects in gitlab.com, one to configure your gitlab instance and another one to configure your runner. The first one can refer to files like prometheus rules so it can configure more things if necessary.

Did you find a typo? Submit an MR and gitlab will update this post.

Privacy is about taking informed decisions

nickmaris — Tue, 08 Dec 2020 09:00:55 +0000

About my privacy, I feel I need to be proactive and ask:

What can go wrong? Are you trading convenience that you don't really need for a privacy level that you need? Or you have enough information to move forward? If you are doing an intervention to protect your privacy, what does it protect you from? Did other such interventions fail or led to inconvenience?
What's the likelihood?
How bad would that be?

By the time you decide to install a product or signup on a service, it's too late to read the privacy policy and search for reviews.

Privacy is not about security

Last but not least, another myth is that privacy and security are the same thing. In order to protect your privacy, first you need to protect your security. In my case a password manager like 1password helped me:

generate (14 or more number, characters and symbols), store, sync between devices and share secrets like passwords with my family
find which of my services (especially email providers and cloud providers) support 2 factor authentication and add it instead of authy or sms for faster copy paste
put tags on thing like local services so that I focus on the rest by searching for tag:

Spark - A service that explains its privacy policy

nickmaris — Mon, 07 Dec 2020 09:00:52 +0000

Privacy policies are asking you to take an informed decision, so choose services that explain their privacy policy.

As stated here, the GDPR specifically prohibits the use of long, convoluted terms and condition statements, particularly statements that contain legalese. Any request for consent, declaration of terms, or statement of privacy must be presented clearly and concisely, and without any ambiguity of meaning.

The classical CIA information security protection goals, i.e. confidentiality (C), integrity (I) and availability (A), have been extended here for privacy protection through 3 concepts and under each one I am putting related questions of the checklist of the amazing site Terms of Service Didn't read.

Unlinkability

As separating data and processes:

How long do they keep your private data and what do they use it for?
What happens to your data when they get acquired or when they shut down the service?
Can you export your data (where applicable)?

Transparency

As adequate level of clarity in the relevant data processing:

Does the service use first-party and/or third-party cookies?
Can they change the terms at any time?
How do they work with third parties (contractors they use)?
How do they work with government requests?
How do they handle decisions about suspension of your account when they feel you breached the terms?
Do they (try to) prohibit you from going to court against them?

One check I would add is: Do they share their business model, how they make money?

For me, the most complicated issue to tackle is the following but at least GDPR covers the most obvious cases:

Right related to automated decision making including profiling

Changing habits like blocking trackers contributes not only to avoiding a dystopian future of big data affecting my ability to get a job, a social Security scheme, or a loan but reduces also my chances of internet addiction.

After all, I don't want trillion dollar companies to make money from my behavior.

Intervenability

As the possibility for parties to be involved in the relevant process:

Do they claim copyright (or what sort of license) over your content (where applicable)?
Do you have a right to leave the service?

Case study

Spark is an example of a service that has also an explanation of its privacy policy, so let's read how it looked on the 4th of December 2020:

Buiness model

First of all it makes clear which is the business model:

Spark’s business model is simple: It’s free for individual users, yet it makes money by offering Premium plans for teams and organizations.

Purpose

They talk about purpose limitation

We don’t use your data for any other purposes. [...] We won’t ask for more data than is needed to provide you with the service.

And they summarize the purpose by saying:

Some of the purposes for processing the data provided by you include:

Providing you with the services
Fraud prevention
Improving our services
Notifying you of any changes in our services

Honesty and transparency

For example, they say "Your email is safe and we do not use it for profiling or targeting."

Data retention

They clarify that "We always delete your data once it’s no longer necessary" and the retention period is specified at the section "HOW LONG PERSONAL DATA IS STORED FOR" of the policy.

Security

Interestingly for a privacy policy, they have a section called "SECURITY MEASURES USED BY US".

Note the Security is not Privacy, it is a precondition for Privacy otherwise what the data you provide to the service are also exposed to unethical hackers.

Clear instructions on how to get access to your data or request its deletion

"You can either exercise your rights by deleting your account and all information associated with it from your device or by emailing us at dpo@readdle.com." and "Spark is GDPR and CCPA compliant, and you have the right to get access to your data or require its deletion. We are committed to dealing with all privаcy requests promptly and transparently."

Location

The service is located in Germany, a country that cares about Privacy.

Review

So overall, the service gives a good impression as most services have eitheir no information, or have information that you need to pay a lawyer to understand it.

I haven't used this service but as you can see in my previous post, we need to read the privacy policy of services and not accept them blindly and our attention span is already limited so invest in services that help you on that by structuring or explaining their privacy policy.

Privacy is not about Misinformation

nickmaris — Sat, 05 Dec 2020 09:00:45 +0000

Misinformation is an issue and parents and consultants of governmental policy makers need to take action but it is not privacy, so what is it?

Some forms of misinformation are:

Polarizing audiences
impersonating people (or groups of people) online
using emotional language when facts are expected
spreading conspiracy theories
discrediting opponents and deflecting criticism
internet trolling

We analyzed polarization in the previous article extensively as it imposes the worst and most direct danger to democracy among other forms of misinformation. As for the rest, some potentials dangers are:

health issues when following bad practices
economic fraud

What you can do

Read only information that helps you take action, action on anything that you really care and ignore everything irrelevant. This will help you avoid sharing misinformation which means that we need to be mindful of the things we do "for fun". For example, some memes we share might be part of a campaign for opinion making.

First Draft suggests us to:

expose people to examples of misinformation, or misinformation techniques, to help them recognize and reject them in the future.
nudge people to think about accuracy before sharing. For example, saying that you heard it from a friend or from a facebook group is not enough
be aware of the potential for manipulation and evaluate multiple resources before you accept something as true. Try to find official sources before you believe something.

What is your role

Recommendation engines now weight news with sophisticated algorithms that detect fake news based on e.g. the content of the news or the way they get propagated. However, that cannot completely replace the human eye. If you cannot judge, at least don't press any share/like button.

Anonymity

As stated here under the condition of privacy, we have knowledge of a person’s identity, but not of an associated personal fact; whereas under the condition of anonymity, we have knowledge of a personal fact, but not of the associated person’s identity.

Use anonymity for things like ethical journalism, not to spread misinformation.

Privacy is not about Polarization

nickmaris — Fri, 04 Dec 2020 09:00:53 +0000

Polarization in social media is an issue and parents and consultants of governmental policy makers need to take action but it is not privacy, so what is it?

The more attention we pay in distractions, the easier we make it to end up in a fight if we don't have the discipline to stop engaging into that yet. What is different in internet than say TV and newspaper is that internet knows you, personally. Facebook Site Integrity fake engagement team has described governments in Azerbaijan, Honduras, India, Ukraine and Bolivia using Facebook against their own citizens, employing large numbers of fake accounts to promote their own interests like elections and attack critics by buying inauthentic likes, comments, and shares. When an issue escalated, the company said that it was less pressing than the many other issues the civic integrity team was policing at the time, in other countries all over the world.

What to do

To avoid polarization, here are a few steps that require discipline based on humanetech:

‍Unfollow outrage-chasing individuals/groups
Remove sharply polarized media outlets from your news feed → Humanetech mentions MSNBC & FOXNews
‍Check news sites whose perspectives you disagree with: AllSides gives readers a cross-partisan view of world events covered by the media, and sustains itself on a consciously created hybrid revenue model to avoid bias and clickbait incentives. On twitter and reddit, follow people you disagree with.
Social media profits off hate and anger because it generates more engagement. Let’s fight back with compassion. ‍Pause. Don’t be so quick to unfollow or publicly argue with someone who posts something you disagree with.‍
Be compassionate: Try a private message to ask why they feel that way, with genuine curiosity and a desire to understand.
Essentially, you vote with your clicks. If you click on clickbait, you’re creating a financial incentive that perpetuates this existing system. Before you share, fact check. Consider the source. Do that extra Google"

Privacy is not about Addiction

nickmaris — Thu, 03 Dec 2020 16:27:29 +0000

One of the reasons I am blogging about privacy at dev.to, is to see how developers can help policymakers of laws like GDPR:

For example, we need more of Privacy-preserving computations like Homomorphic encryption and Secure multi-party computation but also Privacy preferences and sticky policies
We can easily understand our visitors's behavior without relying on google analytics which then track users across sites more easily.
For tech savvy users, split our database from a remoteStorage hosted and owned by the user
And many more Privacy Enhancing Technologies...

But let's start with the myths.

Internet addiction is an issue and parents and consultants of governmental policy makers need to take action but it is not privacy, so what is it?

A kid that empowers all websites to track its behaviour so that they can attract more of its attention, will receive things like more personalized ads and more personalized content. So far, so good but the content might be practically irrelevant as regards the happiness of the kid or even harmful to the point that the kid might end up with depression e.g. because of not enough "likes" in social media. Social Dilemma says "when we are uncomfortable or lonely or uncertain or afraid, we have a digital pacifier for ourselves".

Steps that require discipline

For an adult to take control and avoid addiction here are a few steps that require discipline based on humanetech:

Go offline

Don't expect technology to solve non-technical problems. As stated here, people need to find things to do with their lives that don’t involve media use, in the following 3 areas:

The physical world - move your body and see things
Interpersonal relationships - and social engagement (in person)
Retreat and reflection - sleep and dream more

The solution is having other things to do so you no longer care about media.

Set boundaries

Clear at least your morning & evenings → Set clear bounded blocks of time without technology like half an hour before bedtime, all devices out.
Device-free group activities at home like dinners. Create a shared charging station at home
Buy a separate alarm clock → Wake up without getting sucked into your phone first thing in the morning.

Reduce notifications

Find mobile apps that are not a big deal to delete to reduce push notifications and use your browser instead when necessary. And yes the desktop browser for those that are not mobile friendly.
Remove email notifications that are not a big deal and again use your browser when You decide to do so.
Create an email account for newsletters you care but do not add it in your mobile. You can also forward to this account emails that might be more of a spam than a request to take action.

Cleanup your mobile homescreen

Replace your mobile homescreen with just a few key apps or notes or photo or contacts of your loved ones. Make it less tempting to distract yourself.

For the less disciplined

If you can't stop reading "feeds" (any platform that grabs your attention by recommending you things to consume for "free"), at least limit the time you spend on:

Facebook Netflix Google Microsoft:

Facebook feed, Snapchat, Instagram
Netflix
Google search, Youtube
Xbox, Linkedin

But also:

Twitter
TikTok
Pinterest
Reddit
add more here...

For parents to assist their kids

As stated in Social Dilemma:

"No social media until high school. Personally, I think the age should be 16"
And discuss and work out the daily hours spent on a device with your kid.

What else?

Did any of this help you? Have you found something else that worked for you?

Post dev.to articles from gitlab

nickmaris — Mon, 09 Nov 2020 09:01:00 +0000

Whether you review your draft dev.to articles alone or with friends, markdown and gitlab make it very easy to talk about changes, so here is a way to write dev.to articles on gitlab and schedule their publishing.

// Detect dark theme var iframe = document.getElementById('tweet-1326907703634096129-67'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=1326907703634096129&theme=dark" }

// Detect dark theme var iframe = document.getElementById('tweet-1327198242346573826-363'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=1327198242346573826&theme=dark" }

Instructions

fork this gitlab repository
at dev.to generate token
at gitlab set masked CI env vars DEV_TO_API_KEY, DEV_TO_NAME
at gitlab set personal access token with write repository permissions
at gitlab set CI env vars masked GITLAB_TOKEN
at gitlab set a scheduled pipeline on a daily basis

How it works

Gitlab CI processes entries in state.yml of master branch daily like the following:

- filename: update.md
  date: 2020-11-08
  slug: generated-post-19p6

If today is 2020-11-08 then it updates the article with title mentioned in update.md.

And if the article does not exist, it creates it and updates state.yml with its slug so that it can update it in the future if instructed by state.yml.

Internally, the whole logic of the ruby script is about putting the markdown on the body_markdown param of the dev.to API.

If GET articles/#{username}/#{slug} returns HTTP 200, then PUT articles/#{id} otherwise POST articles.

The editing pipeline as a...pipeline

Each time you want to write a new article, open a Merge Request, create an entry at state.yml and a file.

Then the most important step is to discuss it with others and review it in an MR like this

Making the editing pipeline explicit in gitlab also opens the road to storing metrics (like number of comments) on state.yml and to further automation like daily checking for broken links, correcting spelling and grammar mistakes, cross-posting, etc.

When ready, merge the MR. The next day in the scheduled timing it will appear at dev.to.

Format

Custom variables can be set for each post, located between the triple-dashed lines in your editor. Make sure published is true and that there is a unique title:

title: the title of your article
published: boolean that determines whether or not your article is published
description: description area in Twitter cards and open graph cards
tags: max of four tags, needs to be comma-separated
canonical_url: link for the canonical version of the content
cover_image: cover image for post, accepts a URL. The best size is 1000 x 420.
series: post series name.

Next step

To edit this post, the ruby script or its tests, feel free to open an issue.