docker hosting linux network rails Security Technology Uncategorized

Self-hosting with Kamal: Watch your ports when shipping.

I’ve been playing around with Kamal from Basecamp (previously called MRSK) for deploying simple apps on a single server.

There’s a lot to like about Kamal’s ergonomics and principles. But there were a few things that I struggled with or that confused me.

It mostly boils down to Kamal offering some kind of a layer of abstraction over docker, SSH and some linux commands. But perhaps more importantly, DHH, the creator of Kamal quite explicitly says that:

“[It] is designed for multi-server operation”.


Why is this distinction important?

Because it implicitly avoids some of the nice (and more secure) features of docker on a single host, primarily: internal network connections and name resolution.

[It] is designed for multi-server operation, so the internal network idea breaks down pretty quick with that. You’d have to unstrip all of that when you go to scale it. So I think we’re better off keeping the network host transparent.


This is a completely fair design choice, and simplifies a lot of complexity for Kamal. However, when you’re running your new startup or a hobby project, you want to keep things simple and run it all on one host.

But you don’t want to compromise on security and unintentionally expose your Database or Redis to the outside world, right?

Technology UX

Reversible irreversible deletion

An interesting — yet not too uncommon — UI/UX problem is to allow users to delete stuff, but prevent them from accidentally deleting things. There are several typical approaches:

Just let users delete

Ouch. Obviously this is the problem we’re trying to solve here. NOT a solution.

support Technology

jumping through hoops

One recent pet peeve of mine has been how companies make you jump through hoops just to report an issue to support.

Trello is a recent one. I used to be able to just email … Not anymore…

You’ve emailed, which is no longer available for support.

That’s great!

And the best part? when I actually try to use their support system, it breaks! usually because of some invasive tracking that I block, I know it’s “my fault”, but still makes me mad.

privacy Security Technology

Does iOS 14 protect your privacy?

A few months ago I wrote a post: Does Apple care about your privacy?

In the post, I looked at Apple’s IDFA – ID For Advertising, and how it’s abused by companies like Facebook and many more to track you. I believed then, and still believe now, that what Apple is doing is not ethical and also not legal under the European GDPR.

Since then, Apple actually announced that iOS 14 would change the way IDFA was accessible to all apps by default and that it would start “Asking Permission to Track”. This is a welcome change. Sadly, despite iOS 14 rolling out already, and despite Apple’s claims on this page, this change is still not in place.

Luckily, however, I was able to collaborate on this issue with NOYB (None Of Your Business: a privacy organization; please consider donating if you care about your privacy). NOYB brought forward an official complaint against Apple. The complaint was not a GDPR complaint, but rather highlighting an ePrivacy violation. This is another legal framework which explicitly forbids the kind of stuff Apple is doing.


How we switched to 4-day weeks

We recently made a landmark decision at my company. Starting from Friday, 1st January, 2021, all Fridays are now part of the weekend. We’ll be working Mon-Thu all year round.

This is still considered an “experiment”, because we don’t know if it’s something we can commit to long-term. But honestly, I can’t imagine going back.

Oh, and we didn’t cut salaries. In fact we plan a nice bump for next year.

Security Technology

Protecting TimeMachine backups from itself

Going down the time machine rabbit hole…

I love the fact that MacOS comes with TimeMachine built-in, and I also really appreciate its simplicity. It makes backups easy and accessible even for non-technical people. It gets messy though if you also want to have real offsite backups however.

TimeMachine works great with a USB external HD, but things get tricky over the network.

I own a small Synology NAS, and I managed to mount a TimeMachine volume and get it to backup to that volume. The problem started when the volume size started to grow. I could set a quota on the volume, but for some strange reason, when the quota is reached, TimeMachine just started failing without a clear reason. There’s no way to tell TimeMachine to only keep X versions, or keep disk storage below a certain threshold. It’s supposed to prune backups automatically, but seems to fail with my network volume.

privacy Technology

Sonos is spying on me… (and you)

I recently decided to get a wireless speaker for our Kitchen. Sonos seems like an obvious choice these days. The sound quality and aesthetics were very appealing. So I ordered a Sonos One SL speaker.

In terms of sound quality and looks, I was very pleased. I’m not an audiophile but the sound quality seemed superb and the speaker just looks fantastic. A very clean and unassuming look.

what’s hiding underneath ?

As I later discovered, a dirty beast hides under the cool exterior.

hosting privacy Security Technology

Why is Backblaze tracking me?

This is a follow-up to my previous post: is onto something with its tracking-pixel blocker. I mentioned contacting Backblaze about their email tracking there.

I didn’t think too much of it at the time, and honestly (or naively?) was expecting some kind of a “Oh, yes, you’re right, there’s no need to track those emails”… But it didn’t unfold in quite the same way.


This is my own interpretation, obviously. Backblaze seems to think that tracking emails is totally fine, even under the GDPR. They’re not going to stop doing it until further notice.

hosting Security Technology

Disposable emails: I gave Fastmail a second chance

About 4 years ago I wrote a rather lengthy rant about Fastmail, and why it didn’t fit my needs: Why I’m not using Fastmail. A few weeks ago, I gave it another chance, and this time the experience was way better.

marketing privacy Technology Uncategorized

Who’s sharing my data? … and who the hell is Dave M. Rogenmoser?

I’m no longer active on Facebook, but at the moment, oddly, it’s my main goto option to find out at least some of the companies that share my data.

Facebook lets you see who shared your data with them. There are two interesting pages, buried and well-hidden, worth checking: Off Facebook activity and Businesses who uploaded and used a list.

Want to see which companies are sharing your data? continue reading.