Ansible Bustedness

January 8, 2016

Ansible continues to frustrate. It’s one of those tools that looks good at the outset but as you use it more, you begin to question its fundamentals.

Here’s a simple example of an Ansible design decision that is both deeply embedded and probably deeply wrong. (This comes courtesy of my partner Peter, who did the spelunking under Ansible’s hood.)

Ansible consumes YAML that defines a configuration. YAML values can be Jinja2 template strings, if desired. (Apparently, Ansible merely sniffs for telltale opening double braces to decide whether to send a string through Jinja.) That’s useful as far as it goes.

But after rendering these mini-templates, Ansible next calls Python’s eval(...) on the resultant string. If this happens not to blow up, Ansible tosses the python instance that results down the chain rather than the rendered string. Yet there are many configuration strings that you might want to keep as strings that nevertheless happen to eval(...) successfully. For example: JSON literals, certain RabbitMQ configuration syntax, etc.

There’s no facility to be selective here. Just another day of software.

1Password for Teams

November 3, 2015 :: external link

Congrats to AgileBits on today’s launch of 1Password for Teams.

We’ve been using beta builds at Cloak and it has measurably improved our process. From where I sit, 1Password for Teams is an easy purchase for any business that needs to manage shared passwords — these days, that’s pretty much every business.

Building a tool like 1Password for Teams isn’t easy: it requires thoughtful security design and extremely careful execution. It’s not surprising, then, that the 1Password for Teams security whitepaper is an interesting read. Even the “key security features” front matter is enough to convey the sophistication and thought behind the product.

Hacker History Bookshelf, Revisited

August 25, 2015

A tweet by @hmason convinced me to dust off my hacker history bookshelf. This is my personal take on the papers and books that anyone interested in the history of the computer industry should someday read:

  • As We May Think, Vannevar Bush’s milestone post-war article arguing for a revolution in information accessibility and management.
  • The Idea Factory, Jon Gertner’s history of influential Bell Labs.
  • The Man Behind The Microchip, a biography of Robert Noyce and Fairchild Semiconductor. We probably don’t appreciate today just how much Fairchild (and Noyce) set the tone for entrepreneurship in the Valley. Also of interest is The Chip, a further account of Noyce and of Jack Kilby, another microchip pioneer.
  • Father, Son and Co, Thomas Watson Jr.’s first-person account of the rise of IBM. Follow up with Louis Gerstner’s Who Says Elephants Can’t Dance?, which tells the tale of his time as turnaround CEO of IBM in the early 90s.
  • The Curse Of Xanadu, a look at our industry’s first true vaporware, and at the tragic genius of Ted Nelson, one of its countercultural heroes. (See also Nelson’s famous and expensive-to-acquire Computer Lib/Dream Machines, which declared that “You can and must understand computers NOW”.)
  • Soul Of A New Machine, Tracy Kidder’s Pulitzer Prize winner about a team of engineers at Data General working to breathe life into a new minicomputer.
  • Dealers Of Lightning, the story of Xerox PARC. Also worth reading is Fumbling The Future, which focuses more specifically on the Xerox Star.
  • The Supermen, the story of Seymour Cray and the early supercomputer industry.
  • Commodore: A Company on the Edge, Brian Bangall’s examination of the complex early PC market, and of one company’s epic rise and fall. A fun follow-up is The Future Was Here, a history of the Amiga.
  • Bootstrapping, (alas) the only biography I know of Douglas Engelbart. (Engelbart’s Mother of All Demos is required viewing for anyone who is interested in the books in this list.)
  • Where Wizards Stay Up Late, a fascinating history of the ARPANET.
  • Hackers, Steven Levy’s wonderful book that focuses on the key personas, regions, and eras that defined the hacker ethos. As a potential follow-up, Levy’s In The Plex carries many of the threads to modern-day Google.
  • Fire In The Valley, which tells the story of the PC revolution. Fire is also one of the few books I know of that delves into detail on Gary Kildall and CP/M.
  • From Counterculture to Cyberculture has become my favorite book about how sixties counterculture gave birth to the early computer industry. It has much to say about Stewart Brand and his Whole Earth Catalog, one of the influential countercultural artifacts of that era. For a lighter read on counterculture, I also enjoy What The Dormouse Said.
  • Console Wars, the story of Sega and Nintendo’s epic rivalry.
  • Core Memory, a beautiful photo book of vintage computers with interesting historical blurbs. It sits on the coffee table in my office.

If you have any further suggestions for this list, I’d love to hear them!

Heartbeat Alpha

August 13, 2015 :: external link

Speaking of decentralization, Aral Balkan and the fine folks at have been hard at work.

Yesterday, they shipped the first alpha release of Heartbeat, a new decentralized sharing network.

I find Heartbeat to be quite exciting, both as a tool, and as perhaps the first “modern” decentralized social network I know of. By modern, I mean that Heartbeat knowingly embraces the capabilities (and limitations) of its underlying decentralized protocols while — and this is essential — providing a genuinely great user experience.

Of course, it’s still very early days for Heartbeat and for decentralization in general. I can’t wait to see what’s next.

Modern Web Ad-Blocking

August 11, 2015

Marco Arment writes:

Web ads are dramatically different from prior ad media, though — rather than just being printed on paper or inserted into a broadcast, web ads are software. They run arbitrary code on your computer, which can (and usually does) collect and send data about you and your behavior back to the advertisers and publishers. And there’s so much consolidation amongst ad networks and analytics providers that they can easily track your behavior across multiple sites, building a creepily accurate and deep profile of your personal information and private business.

I couldn’t agree more.

Daring Fireball adds:

It’s not just about privacy. There are other costs: network bandwidth (which for many of us is metered on cellular), page load times, and increased CPU usage, are real costs — paid entirely by the visitors to websites.

That too.

One surprise: Arment and Gruber both use Ghostery. Ghostery is built by an unusual company that’s somewhat of an advertising firm itself. If a user opts-in, Ghostery collects anonymized data about what it blocks; this data is made available to academics and advertisers alike. Ghostery’s corporate aim appears to be to restore balance between advertisers and consumers. It’s an intriguing business model but not without the potential for future conflict of interest.

Beyond Ghostery, there’s a rogue’s gallery of blocking extensions to choose from:

Adblock and Adblock Plus are widely used and, confusingly, unrelated. Historically, Adblock was a respected open source project. Today, alas, it’s a dubious proprietary solution that’s best avoided. Adblock Plus, a capable open source project, apparently allows approved advertisers to buy their way onto a whitelist: a bizarre proposition for an ad blocker if ever there were.

uBlock and uBlock Origin are two forks of the same open-source project, with a nastily tangled political history. The rift occurred recently so, at least today, the services are similar. Both provide list-based blocking that draws from a wide range of publicly available blocklists. (My experience with uBlock has been extremely positive so far.)

Privacy Badger is the EFF’s new open-source content blocker. It’s still young, so it doesn’t yet support Safari, but it has an interesting premise: in order to complement pre-canned blocklists, Badger looks for recurring third-pary domain references. Such domains are summarily blocked. With extended use, Badger has the potential to identify trackers that none of the pre-baked lists contain. is a private company founded by former Google engineers that provides a smörgåsbord of security and privacy capabilities, including ad-blocking and search anonymization, through its underlying VPN network.

All told, the ad blocking market is a bit of a zoo right now. As the (unplanned) owner and developer of a VPN service myself, I’ve kept ad-blocking at arm’s length. On the one hand, blocking would be a natural and useful addition to a tool like Cloak. On the other: in a hopeful future where the web is strictly HTTPS, personal VPNs serve no security purpose. As a result, I feel that content blockers are strictly the domain of browsers and their plugins, rather than of DNS or VPN solutions. This is one reason that I’m not in love with Disconnect’s approach. (Another: I dislike their hyperbolic fear-based marketing.)

I don’t expect the market to crown any clear winners in the near-term. With the introduction of new content blocking extension points in iOS 9 and OS X El Capitan, it seems likely that we’ll soon see a new wave of tools emerge to challenge the old. Apple’s extension points permit quite complex blocking designs, while ensuring that the blocking software itself can never collect information about user behavior.