More backlog 2017

5 files changed, 225 insertions, 0 deletions

diff --git a/2017/encrypt-everything.md b/2017/encrypt-everything.md
new file mode 100644
index 0000000..f25a237
--- /dev/null
+++ b/2017/encrypt-everything.md
@@ -0,0 +1,74 @@
+# Why encrypting everything on the internet makes sense
+
+> Published on 2017-03-30
+
+## TL;DR
+
+Start using [HTTPSEverywhere][1] and support the websites that make a point of
+delivering your data in a way that protects **you**.
+
+------------------------------------------------------------------------
+
+Since [the House voted to destroy Privacy rules governing ISPs][2], I've been
+reading a lot of discussion on the subject and trying to find ways to keep me
+and mine under a nice veil of privacy. I have also [encountered commentary][3]
+about how streaming media (like Netflix) *shouldn't* be secured, because:
+
+> There are things which don't need encryption and movie streaming is one of
+> \[them\]. We don't need the extra power wasted in our world as datacenters are
+> power hungry monsters. Use encryption for what its designed for. Protecting
+> confidential data.
+>
+> In the end every Netflix user is going to pay the extra bill for this and this
+> is a waste of resources in every possible way.
+
+**It's not.** All of your activity should be encrypted in ways that cannot be
+decrypted or tracked and here's why:
+
+Radio and other broadcast media are sent into the ether and broadcasters have no
+idea exactly *who* is listening. You can build your own crystal radio kit,
+listen to a station, and the broadcaster *has no idea*.
+
+Contrast this with the Internet: every single device on the internet must
+*request* data in order to be *sent* data. Even fancy things like
+[multicasting][4] still require nodes to Join or Leave the network. Each system
+on the internet is in *constant*, **identifiable** communication with other
+computers in its network.
+
+As such, due to the way Internet Service Providers (ISPs) work, they have the
+potential to completely track and control your communications unless they're
+100% encrypted. The only way to end such invasive, dangerous, and *wrong*
+actions by ISPs and other entities is to use encryption from end-to-end.
+
+I'll leave you with a quote from [Bruce Schneier][5] (emphasis mine):
+
+> Last week, revelation of yet another NSA surveillance effort against the
+> American people has rekindled the privacy debate. Those in favor of these
+> programs have trotted out the same rhetorical question we hear every time
+> privacy advocates oppose ID checks, video cameras, massive databases, data
+> mining, and other wholesale surveillance measures: \"If you aren't doing
+> anything wrong, what do you have to hide?\"
+>
+> Some clever answers: \"If I'm not doing anything wrong, then you have no cause
+> to watch me.\" \"Because the government gets to define what's wrong, and they
+> keep changing the definition.\" \"Because you might do something wrong with my
+> information.\" My problem with quips like these \-- as right as they are \--
+> is that they accept the premise that privacy is about hiding a wrong. It's
+> not. **Privacy is an inherent human right, and a requirement for maintaining
+> the human condition with dignity and respect.**
+>
+> \[ . . . \]
+>
+> Watch someone long enough, and you'll find something to arrest \-- or just
+> blackmail \-- with. Privacy is important because without it, **surveillance
+> information will be abused:** to peep, **to sell to marketers** and to spy on
+> political enemies \-- whoever they happen to be at the time.
+>
+> Privacy protects us from abuses by those in power, even if we're doing nothing
+> wrong at the time of surveillance.
+
+[1]:https://www.eff.org/https-everywhere
+[2]:https://arstechnica.com/tech-policy/2017/03/isps-and-fcc-chair-ajit-pai-celebrate-death-of-online-privacy-rules/
+[3]:https://arstechnica.com/security/2015/04/it-wasnt-easy-but-netflix-will-soon-use-https-to-secure-video-streams/
+[4]:https://en.wikipedia.org/wiki/Multicast
+[5]:https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html
diff --git a/2017/life-in-chrome-part2.md b/2017/life-in-chrome-part2.md
new file mode 100644
index 0000000..5c304bb
--- /dev/null
+++ b/2017/life-in-chrome-part2.md
@@ -0,0 +1,41 @@
+# Life in Chrome (Part 2)
+
+>Published on 2017-04-04
+
+It has been over a month since I've switched to using Chrome for all of my work
+and I think I've found my happy place.
+
+[Cloud9][1] is a fantastic editor and, by [following C9's official
+directions][2], I've been able to set up the C9 IDE for both work and home. *No,
+I am not giving c9.io access to my work machine.* Yes, it is awesome to be able
+to call up a complete editor+terminal without a bunch of SSH keys. And the
+vim/emacs keybindings are spot-on.
+
+I still haven't resolved my [DNS concerns][3] yet, but [HTTPSEverywhere][4] and
+[uBlock Origin][5] are doing a bang-up job of keeping my connections secured and
+cutting out the ads. I think what I'll need to do for my home is set up a
+[RaspberryPI 3][6] for my home DNS instead. I've had some issues getting the
+[C2000T][7] to honor my settings and *not* add itself as the DNS resolver, but I
+have time on my side. If it comes to the worst situation, I'll buy my own
+gigabit-capable wired router.
+
+Finally, after testing [each of the streaming music services][8] out there, I
+have settled on Google Play/YouTube. They are the *only* services that managed
+to work reliably as HTTPS-only. I'm aware that Google is an Ad company by
+itself, but there's only so much I can do about protecting myself there. I'm
+already a [Project Fi][9] subscriber, [GMail][10] user, and a [Google Cloud
+Platform][11] subscriber. They already have most of my data. My opposition is
+with [CenturyLink][12] deciding that they have a right to my data.
+
+[1]:https://c9.io/
+[2]:https://github.com/c9/core/blob/master/README.md
+[3]:encrypt-everything.md
+[4]:https://www.eff.org/HTTPS-EVERYWHERE
+[5]:https://www.ublock.org/
+[6]:https://www.amazon.com/dp/B01C6EQNNK/
+[7]:http://internethelp.centurylink.com/internethelp/modem-c2000t.html
+[8]:https://twitter.com/tydavis313/status/847181947486916608
+[9]:https://fi.google.com/
+[10]:https://gmail.com/
+[11]:https://cloud.google.com/
+[12]:http://www.centurylink.com/
\ No newline at end of file
diff --git a/2017/life-in-chrome.md b/2017/life-in-chrome.md
new file mode 100644
index 0000000..d794dfe
--- /dev/null
+++ b/2017/life-in-chrome.md
@@ -0,0 +1,39 @@
+# Life in Chrome
+
+>Published on 2017-03-07
+
+My day-to-day computer activities are mostly through my work-provided laptop.
+Installing custom compilers or other untested software is expected for my role,
+and I've been granted administrative rights to my laptop, but we also have
+corporate antivirus and collective host configuration management. After a chat
+with the security team, I reminded myself that the security of our endpoints is
+more important, and deserves my attention.
+
+Being firmly in the middle between Dev and Ops, I have a VM provisioned for my
+work requirements and it does the job. I don't actually need my local host's
+terminal to get my job done.
+
+As an experiment, I created a cheap machine in [Google Cloud Platform][1] and
+set it up with my non-work environment, then wiped-and-restored my work laptop,
+only installing Chrome (and one piece of videoconference software we use) to my
+user's Applications folder.
+
+Magic! Chrome can SSH to other hosts [via an extension][2], we use Google Apps
+for Office purposes, and my VM at work took care of the rest. There's even a
+[chrome extension][3] that makes the GCP SSH window work better. Best of all,
+any "personal projects" I work on are isolated and run little-to-no risk of
+infecting my work environment and vice versa.
+
+Now if I ever need to wipe the laptop or have it replaced, I can be back up and
+running in a matter of minutes. Given our upcoming security compliance audits, I
+can work within every security change because my host does nothing but act as a
+dumb terminal.
+
+~~If it weren't for my need to have a self-contained laptop at home when the
+internet needs repair, I could~~ [I can][4] get away with working exclusively on
+a Chromebook, even when I break my router/access point.
+
+[1]:https://cloud.google.com/compute/docs/
+[2]:https://chrome.google.com/webstore/detail/secure-shell/pnhechapfaindjhompbnflcldabbghjo
+[3]:https://chrome.google.com/webstore/detail/ssh-for-google-cloud-plat/ojilllmhjhibplnppnamldakhpmdnibd
+[4]:https://www.amazon.com/dp/B011DDXGVC/
\ No newline at end of file
diff --git a/2017/ongoing-encryption-efforts.md b/2017/ongoing-encryption-efforts.md
new file mode 100644
index 0000000..79e8406
--- /dev/null
+++ b/2017/ongoing-encryption-efforts.md
@@ -0,0 +1,34 @@
+# Ongoing encryption efforts
+
+> Published on 2017-03-23
+
+I have been using a [hosts file override][1] for years to cut the ads and "crap"
+out of my internet browsing experience. I recently discovered a [better list][2]
+and have been using it for a few weeks. I'm getting far more "*you have an
+adblocker installed*" warnings from websites I frequent, so it's definitely
+working better.
+
+Now the Senate has passed [laws that permit ISPs to sell my data to
+advertisers][3] and I'm ready to call [Game Over \[warning: explicit\]][4] on my
+internet access.
+
+I'm looking at purchasing a [Samsung Chromebook Plus][5] but with the Chromebook
+comes the inability to install an [encrypting DNS proxy][6] and Google doesn't
+[seem interested][7] in supporting DnsCrypt with their public servers.
+
+What they do provide is [DNS over HTTPS][8] which can be somewhat useful if
+we're running our own DNS servers at home, but by providing an HTTPS endpoint,
+**Chrome and its extensions** could bypass local DNS and make HTTPS-based DNS
+requests on their own in order to avoid being spoofed (or to hide additional DNS
+requests).
+
+Many things to research here.
+
+[1]:http://someonewhocares.org/hosts/
+[2]:https://github.com/StevenBlack/hosts
+[3]:https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-sell-your-web-browsing-history-to-advertisers/
+[4]:https://youtu.be/dsx2vdn7gpY
+[5]:https://www.amazon.com/Samsung-Chromebook-Convertible-Laptop-XE513C24-K01US/dp/B01LZ6XKS6/
+[6]:https://dnscrypt.org/
+[7]:https://groups.google.com/forum/#!topic/public-dns-discuss/rmZTtPAV430
+[8]:https://developers.google.com/speed/public-dns/docs/dns-over-https
diff --git a/2017/upgrade-treadmill.md b/2017/upgrade-treadmill.md
new file mode 100644
index 0000000..86d078f
--- /dev/null
+++ b/2017/upgrade-treadmill.md
@@ -0,0 +1,37 @@
+# Get on the Upgrade Treadmill
+
+> Published on 2017-03-07
+
+Always upgrade your software. Upgrading now means less pain later.
+
+Recently my company upgraded from [Apache Kafka][1] v0.8 to the latest available
+version (v0.10.2). With it came wire protocol changes, two separate clients were
+consolidated into only one, Kafka now stores offsets in itself rather than
+[Apache Zookeeper][2], and a dozen other changes that also needed to be adjusted
+in our golang services.
+
+One solid outage-into-the-evening later, I've vowed two things:
+
+## Always Upgrade Your Software
+
+If you use the latest libraries, the latest software, and constantly keep your
+systems up-to-date, the incremental changes end up becoming smaller and smaller
+as new point-versions come out. This get easier as everyone learns to "ride the
+wave" and make systems smaller. Constant upgrades also suggest (though they do
+not *require*) a trend toward smaller services or [microservice
+architectures][3] in order to keep the upgrades small in scope.
+
+## Test Everything
+
+- If there isn't a test for a block of code, make one. If that code operates
+  against a remote service, build a mock with expectations (or [contracts][4])
+  defined. If that's too much, and you have sufficient resources, run a
+  stripped-down copy of the service locally. If you can't do that, at least
+  consult the documentation and generate a mock out of supposed API docs.
+- Always generate your own test data. Don't expect someone else to make the test
+  data for you.
+
+[1]:https://kafka.apache.org/
+[2]:https://zookeeper.apache.org/
+[3]:https://martinfowler.com/articles/microservices.html
+[4]:https://en.wikipedia.org/wiki/Design_by_contract