The post Portuguese Road Signs appeared first on Snipe.Net.
]]>At any rate, one of the (many, many) things that terrifies me here is driving, especially where I live in Lisbon. The streets are impossibly narrow and twisty, often dead-ending or switching from a one-way in one direction to a one-way in the other direction without much (if any) warning.
BUT, eventually I’m probably going to have to drive here, so I figured I should probably know some (ideally all, really) of the road signs. Many of them are quite similar to the ones in the U.S., but some are hilariously hard to guess, and others just make me laugh. I thought I’d share a few of my favorites from this super useful guide here.
The post Portuguese Road Signs appeared first on Snipe.Net.
]]>The post Mexican Mafia Scams: A New Twist On an Old Trick appeared first on Snipe.Net.
]]>This is a cautionary tale about a two-minute conversation I had earlier this week.
For those of you who don’t know, my husband and I moved to Portugal 5 months ago, so calls coming in on my US phone number (technically a NY area code, but we moved from SoCal) are unusual. I’d normally just ignore them but this one came in with caller ID from Mexico.
Huh.
I have some friends in Mexico. They wouldn’t normally call me, but, sure. Okay.
When I answered, a man who spoke very good English but with a clearly Mexican accent responded to me with a deep sense of urgency. (Caveat: this all happened very quickly, so I might have missed some stuff from memory. Please forgive me.)
It went something like this:
Them: “Yes, hello – ma’am. I am an EMT in Mexico. Do you have a sister?”
I do, in fact, have a sister – and she does visit Mexico quite often, since she lives in Yuma, Arizona, right across the border from Mexico.
Me: “Uhm, I do, yes.”
Them: “Okay, your sister has been in a very bad accident. She’s bleeding a lot.”
This already feels scammy, especially since they didn’t ask for me by name, but anyone who knows me knows that I protec, so…
Me: “Okay, can you tell me her name. Does she have ID on her?”
Them: “Ma’am, she has no ID. She was in a terrible accident. She was hit by a car and is covered in blood. If you don’t have a sister, I’ll just keep calling until I can find someone who knows her. She’s unresponsive and is in really bad shape.”
Me, thinking – wait, if she has no ID, where did you get this number? Keep calling? Keep calling whom exactly? Where are you getting that list of people to try to call? But still, maybe my sister had my business card on her? That would be a little weird, but maybe not that weird. Maybe.
Me: “I do have a sister.”
Them: “What is your sister’s name?”
Me: “Why do you need to know that?”
Them: “Ma’am, I need to know her name so I can calm her down. She’s very disoriented right now.”
Wait, I thought she was unresponsive. Now she’s suddenly hysterical? Still, my sister, so…
Me: “I do have a sister, but… what does this person look like?”
My sister has a pretty specific look – weird hair, a particular build, etc.
Them: “Ma’am, she’s covered in blood and we’re running out of time. She’s going into shock. I need her name, and I need to know if she’s your sister so you can come here.”
If her head was covered in blood, I could see how they couldn’t have given me a hair color. At this point I should have asked for height/approximate build, etc. I didn’t.
Also, bro, I live in Portugal. While I’d definitely be on the first plane, that’s still 20 hours away.
Me: “Sir, I’m in Portugal. I can’t get to you or her quickly.”
I still don’t believe this is legit, but again, it’s my sister, so I’m still talking to him.
Them: “Please ma’am, just give me her name so we can calm her down.”
So, again, unresponsive or hysterical? Which is it?
I finally gave him her first name – which BTW is not exactly a national secret. I speak of her often on social media, in conference talks, etc. She had a TV show, after all. And she does the same about me.
Immediately after I told him her name, his tone completely changed, and he screamed at me that he worked for the “fuckin’ mexican mafia”, that if I hang up now I’d never see her alive again, and that if I tried to text her, he’d know because he had her phone and he’d kill her immediately. Every other word at that point was peppered with expletives – which, I mean, whatever, I’m a NJ Italian. That’s not threatening language, that’s just a regular Tuesday.
While I was talking to him, I texted her quickly, asking if she was okay. I hadn’t yet remembered that she was about as far away from Mexico as someone in the U.S. can be without being in Alaska or Hawaii. I also didn’t hear my text tone in the background (and my sister annoyingly always has her sound turned up for every little notification), so at this point I’m pretty sure this is complete bullshit.
While risky, a kidnapper wouldn’t actually kill the one piece of leverage they have, and if it really were her and he saw the text message, he’d just move the goalposts, since killing her would mean he gets nothing. (Rational brain knows this, but it’s still scary af in the moment.)
Funny thing tho. Time zones are a bitch. I remembered during this very brief (2 minutes!) convo that she had just texted me 7 hours before, telling me she was in Green Bay, Wisconsin for a welding competition, and she was headed to Virginia soon after for a different welding competition. Mexico was not on the agenda. It wasn’t her, and this was very much a scam.
Yes, this is mental math I’m doing on the phone with a stranger who claims to have kidnapped my sister and is threatening to kill her. This is what working in infosec does to your brain, for better or worse. Worse yet, I actually do know people who have had family members kidnapped in Mexico.
He screamed at me one more time that he’s “with the fucking Mexican mafia”, to which I laughed at him, saying “My sister is not in Mexico. You’re not with the Mexican mafia, you piker” and hung up.
I admit my hands were a little shaky.
This all happened really, really fast, and I was caught on my back foot, for sure. And because enough things were plausible (unlikely, but plausible), even the skeptic I am had to consider it might be real. I was legitimately scared for my sister, the entire way through until I hung up. I’m also thousands of miles (and an entire continent) away.
Imagine the guilt I’d feel if it were real and I wrote it off, and my sister died on the side of the road somewhere in Mexico.
THAT is what they’re counting on.
Once she finally answered me, my sister said she was still in Green Bay, stuck at the airport for hours, her flight to Virginia delayed. The most danger she was in was being overcharged for airport bar drinks while waiting for her flight.
This is not a new scam, just a more urgent, updated version of an old one that worked often enough for it to be worth the time of the criminals behind it.
TLDR of the old version is: you get a call from a (likely spoofed, but probably sometimes not) Mexican phone number where they claim to have kidnapped a family member, and they often demand other family contacts so they can extort them as well.
Normally it’s just a run of the mill kidnapping call, where they don’t actually have your family member, but they often have someone screaming in the background “just give them what they want!!!!” amid fake sobs.
The new twist is a bit more of a social engineering aspect – which, hey, nice job guys. Way to evolve.
The soft-open – “I don’t know your sister, I’m just trying to help” – gains trust and lowers guard.
The “I don’t know, but we’re running out of time” gives them plausible deniability for not immediately knowing things you’d expect someone to know, because they’re, y’know, trying to save someone’s life. It also adds a sense of urgency which will cause the victim to potentially ask less critical questions, react impulsively, etc.
It’s a clever twist on an old trick, and I almost have to respect the evolution of the game.
It’s abhorrent and vile and if I ever, ever meet one of these pieces of unmitigated shit, expect a bail gofundme for me to happen shortly after, because I will show no mercy to these monsters. People who prey on grief are the worst of the fucking worst.
Going with the premise that she’s incapacitated also takes away the best tool they would have had – proof of life from her own voice. Deepfakes are everywhere now, but I don’t think this was targeted, so they wouldn’t have known what she sounded like. In a targeted situation, this would have been a lot harder to detect and would have been way scarier.
In the heat of the moment, this stuff is always really hard. You’re trying to stay calm, trying not to panic, maintain a healthy level of skepticism, but this is also a visceral, real emotional situation.
In this particular situation, some things I could have asked that would have defeated the “Ma’am we have no time, she’s going to die on the street narrative”:
That wouldn’t have gotten me there that much faster – it was a two minute interaction after all, but it would have made it clearer a little sooner that this guy was full of shit.
Nothing is going to be foolproof, for sure, but there are some small things you can do with the friends and family you have to at least be able to confirm whether or not the threat is real.
Set up “danger” words. My sister and I have had safeguards in place for years. We have a “danger word”, which is a normal english word that if we ever utter it to each other in private or public, we know that things are Officially Not Good. In this case, that word would have been defeated by the premise that she was disoriented, confused, unresponsive, etc because of the alleged car accident. If that were true (which it was not), it would be plausible that she wouldn’t remember or respond to that word or phrase. That wouldn’t have saved us in this case, but it’s generally a good policy and will help more often than not if you need it.
Set up fake names. Have a specific fake name that you would call yourself in a danger situation to someone who would know that 1) it’s really you and 2) you are in actual danger. My sister and I have them. If they really had her and they really didn’t know her name, we would be able to communicate that we both acknowledge the danger without making it more dangerous.
If it would be too confusing to try to remember a first name, settle on a middle name that’s definitely not correct. Middle names don’t come up much, so it would stick out if it were present where the person had none, or was just flat out wrong.
Ask what tattoos/piercings they have to identify them. This may or may not work, depending on the situation, but could potentially be a canary. If the “abductor” says “none” or “I can’t tell, there’s too much blood”, suggest a tattoo you know they don’t have that would be obvious outside of intimate areas, and try to get them to tell you. They won’t have an answer, so they’ll either lie (which outs them immediately) or they’ll keep stalling, which an EMT who is genuinely trying to find family members wouldn’t do.
Make some shit up. “Did you find her prosthetic leg? What about her glass eye? I heard those can shatter – oh my god did it shatter?? Is it in her brain??” My sister does not have a prosthetic leg or a glass eye, but back to the 50/50 chance, if you let them believe you believe them, you can sometimes catch them in their own game.
Tell your family your travel plans. This one seems obvious, but my sister travels constantly for her work and hobbies. Usually on big, international trips, she’ll email me flight details just in case, but for domestic flights, she doesn’t always tell me, especially since I’m 7 time zones away now. Thank god she did this time, or this could have gone worse.
Obviously, these types of scams are scary as hell, and they’re counting on the urgency they convey to cause you to misstep, even if you’re normally very savvy and skeptical about this type of thing. A little pre-planning can go a long way.
Stay safe out there everyone. <3
The post Mexican Mafia Scams: A New Twist On an Old Trick appeared first on Snipe.Net.
]]>The post Bye-bye Birdie appeared first on Snipe.Net.
]]>It honestly sucks. I’ve met a ton of people there that I would never have known, and people on Twitter helped get me through some of the hardest parts of my life. A second divorce, my mother dying of cancer, etc. I met my current husband there. I’ve laughed and cried with so many amazing people there, and I hate that one idiot billionaire asshole could ruin it for me and so many others.
I’ll be keeping my account there so that anybody who missed my initial goodbye tweet can still know where to find me, and also so that no fuckwads try to poach my handle, but I won’t be engaging nearly as much.
I’ve been there since 2008. I built apps for the platform, back when that was a thing you could do for free, have tweeted hundreds of thousands of tweets, generating content for the platform for fifteen years.
I don’t have a lot more to say about it that I haven’t already said, but here’s where you can find me moving forward:
See you around – just not there.
The post Bye-bye Birdie appeared first on Snipe.Net.
]]>The post Fuck Cancer appeared first on Snipe.Net.
]]>The post Fuck Cancer appeared first on Snipe.Net.
]]>The post Managing Stress, Anxiety and Depression During Covid-19 appeared first on Snipe.Net.
]]>Some of us are local, some of us are halfway across the country, and some even in other countries. All of us work from home all the time.
While you’d think we’d be just fine dealing with the self-isolation and social-distancing we’re all (hopefully) practicing during the COVID-19 pandemic, some of my team members are struggling. (Full disclosure, so am I, and so is my partner. It’s normal to struggle when thing are so scary.)
This is… different. Much harder.
It’s hardly surprising. Working remotely is one thing. Working remotely *while* taking care of your children 24/7 (versus getting a break while they’re in school/daycare), supporting your partner who might also be dealing with depression and anxiety, and then handling the sometimes overwhelming fear for their health, their loved ones, and the economic impacts that we’re just beginning to understand is a whole different animal.
Now compound that stress by requiring people to work from home who have never done it before, and don’t necessarily have the skillset to handle it well.
Here’s some good advice on managing anxiety/depression during this trying time, collected from various places and also from my own experiences.
Not everything you do has to be productive, and none of this is a silver bullet. It just needs to prevent you from being completely overwhelmed, and keeping you feeling human during a time when it’s easy to feel so far away and helpless that you can forget that you are.
As a company, we’ve already have some steps in place to make sure we’re checking in on folks’ mental health. Special Slack status icons that can be used by people struggling with anxiety/depression that allow them to convey that in a way that doesn’t require saying the words out loud (which can be hard, when you’re in the thick of it), for example. This allows us to reach out privately, and also lets us know that we need to pick up some of the workload from them to give them a break.
It’s not perfect, but hey, this stuff is hard. Harder right now. We’ve taken some extra steps that we hope will help make people feel less isolated – and we hope they’ll help you too.
Above all, be gentle to each other and lead with compassion, and remember to take care of yourself, too.
Sincerely,
Alison Gianotto
Founder & Chief Mohawk Officer
agianotto@grokability.com
The post Managing Stress, Anxiety and Depression During Covid-19 appeared first on Snipe.Net.
]]>The post So you ran composer as root… appeared first on Snipe.Net.
]]>Even though Composer itself gives you a warning about not running it as root, lots of people disregard this warning and run it as root anyway. We run into this issue a lot on my open source asset management project, Snipe-IT, so I figured I’d write up how to fix this if you inadvertently (or advertently) ran composer as root.
Many people run Composer as root because they misunderstand how Composer works. If you installed Composer globally, it wouldn’t be odd for you to have to install it as root – meaning the Composer binary itself.
But, and here’s the tricksy part, installing Composer is not the same thing as composer install
. Installing Composer means that the Composer dependency management tool is now installed on your server, while composer install
is a specific command you send to Composer to have it actually pull down those dependencies, based on the composer.lock
file that was (usually) provided by whatever software you’re trying to set up. If you install Composer globally, you can use the same Composer binary to manage dependencies for many projects – but each project will have its own composer.json and composer.lock, which Composer uses to figure out what it needs to download for you.
Let’s look at some common files and commands you might encounter when using Composer, as I think that might help clear up a few things:
composer.phar
– This is your Composer binary. You will install this only once, though it may prompt you to update it occasionally. The easiest way to use Composer is to install it globally, that way it’s available anywhere in your system via the composer
command. If it’s installed locally, you’ll have a composer.phar in your project root, and if you want to install any other PHP projects that use composer, you’ll have to download it to each project’s directory.composer.json
– This file tells Composer what libraries are required, and what version the developer of the PHP project intends for you to use, similar to the Gemfile
in Ruby or the package.json
in node.composer update
– Unless you are a developer, you should almost never run this command. This tells Composer to grab the most recent versions of libraries specified in the composer.json
file, and generate a new composer.lock
file that locks down those library versions.composer install
– As a non-developer who is just trying to install dependencies, this is the command you typically want. composer install tells Composer to use the composer.lock
file that the developer provided, and download the specific versions of each library. This is important, because sometimes older or newer versions of a library might not work with the PHP project. The developer’s composer.lock
file makes sure you’re downloading the version of each library that they have tested and confirmed works with the project. The libraries will be downloaded into a folder (usually called vendor
or vendors
) in the PHP project root.You might install the Composer binary as root (and then move it to /usr/local/bin
so it’s available globally), but you pretty much never want to run composer install
as root.
Composer tries to prevent you from running composer install
as root/admin by throwing up a big fat warning, but if you’ve already run it as root once, you may end up with some permissions errors if you try to run it as non-root, which makes some people give up and just always run it as root.
If you’re seeing permissions errors when trying to run composer install as a non-privileged user, someone somewhere probably ran it as root at some point, which means root owns some of the generated files. That’s a pain in the ass to fix, but not impossible.
Great! It’s not actually that hard to make things right if you ran Composer as root, but it can be a little tricky to find all of the weird caches and config directories it hides within your system.
When you installed Composer, it created a .composer
directory somewhere in your system, usually in your home directory. So for example, on a Mac, I’d look in /Users/snipe/.composer
. On linux, I’d look in /home/snipe/.composer
. Remember that it’s a directory that starts with a dot, which on many operating systems means it’s a hidden file.
The contents of the .composer
directory usually look something like this:
For the sake of this example, let’s say my non-privileged user is snipe
. This user is part of the apache group, so it can read, write and execute any files where the group is permitted to do so – for example, error logs, file upload directories, etc.
We want to make sure that the vendor directory within the project root is owned by snipe
, not by root
, otherwise if I try to run composer install
as snipe
, I’ll get permission errors, since root
owns those files and directories.
Then we also want to make sure that .composer
directory we mentioned is readable and writable by snipe
, since that directory gets updated with new cached vendors every time you run composer install
.
As we mentioned above, if you initially ran Composer as root, that directory might be in /home/root
. The easiest thing to do is to delete the .composer
directory altogether – a new one will be generated when you run composer install again, and this time, since you’re running it as snipe
, it will have the correct permissions.
So our fix would look something like this:
sudo chown -R snipe.apache /var/www/html/vendor sudo rm -Rf /home/root/.composer cd /var/www/html/ composer install
Once your .composer directory and your vendors are owned by the correct user, you should be able to run Composer as a non-root user. You may also need to delete or chown the files in bootstrap/cache
(if you have any there) as they will also be owned by root.
The post So you ran composer as root… appeared first on Snipe.Net.
]]>The post How iOS Helped Me Navigate My Mother to Safety During Hurricane Irma appeared first on Snipe.Net.
]]>I live in San Diego, California, clear on the other side of the country, but my family just moved my mother from New Jersey to western Florida a month or so ago. When Irma’s path became clear, her town (as well as many others) were issued mandatory evacuations.
My mother is elderly and disabled, and has never been through a Florida-style hurricane before. She also has the single worst sense of direction of any human on the planet. I’m not kidding. She left in her car one day to go to the Home Depot, 10 miles away, and ran out of gas driving for seven hours – and still never found the Home Depot. I wish I was exaggerating. (She also thought the digital display on her car came with a “wind indicator” that could help with gas mileage based on the direction the wind was hitting the car. Never once occurred to her that it was a compass.)
I had been texting her in the days leading up to the shelter, with links to websites where she could track evacuation routes, check shelter statuses and mandatory evacuations.
In addition to being terrible with directions, she is also really stubborn. Runs in the family, I guess. So she opted not to evacuate when we urged her to, or when the mandatory evacuation came through for her area, and only decided days later as the storm was about to hit that maybe she should try to find a shelter.
“Great!” we thought. She mentioned that a bunch of other people in her neighborhood that had planned on staying had changed their mind and decided to head to the closest hurricane shelter, so we told her to hitch a ride with one of them. She needed a shelter that was pet-friendly and accessible, so that narrowed her options, but there were several within 30 miles of her that could accommodate pets. She said her neighbor told her of a highschool that was pretty close, so she was going to catch a ride there with other evacuees. Perfect. Whew.
A few hours pass, and we get a text from her, from the iPad I gave her a few years ago. (I could tell it was from her iPad, since the messages were blue on my phone, and she doesn’t have an iPhone.)
“Lost. Trying to get to HS.”
WTF???
Trying to keep calm, I reply “Are you driving? Use Siri. Siri will give you directions. Pull over and put in the HS info. “
Her: “No lectures. Couldn’t find a ride! Bye”
Me: “Stay calm, pull over and let Siri give you turn by turn directions.”
I knew she had used Siri before, because she had remarked about how much she loved the iPad, and how much the “lady who says the directions out loud” was helpful. I guess she had never tried to use from anywhere but her house though, and assumed it wouldn’t work if home wasn’t her starting point.
Her: “I no. But I am not home”
I looked up the address of the highschool on the Internet and pasted it to her. I explain that if she clicks on the address in iMessages, it should launch the map app and offer her directions. She said she tried that and it didn’t work. (I honestly have no idea what she did, but the situation was urgent, so I moved on to the next idea.) I then sent her the location directly from Apple Maps. Somehow she still couldn’t get that to work. Again, no idea, so moving on.
My fiancee and I were on our way home when all of this transpired, driving through the mountains outside of San Diego where reception gets a little spotty, so we decided to pull over. I could tell that she’s getting frustrated, and the clock is running out. I know she’ll just give up and go home. Or try to, rather. More likely she’d turn around to go home and still end up lost. So we pulled off in Alpine, CA – a perfectly adorable little town that looks right out of a storybook. We found a Starbucks (yes, my storybooks have Starbucks in them – don’t judge), I took out my laptop, which was thankfully at 100% charge and I called her.
At this point, Mom doesn’t know where she is, and she’s somehow not able to get any of the Apple Maps stuff to work. She thought maybe she didn’t have the right app, and I explained that Apple Maps comes with the iPad, so she definitely has it. I can hear her frustration growing. She’s tired, she’s in pain, and she wants to stop driving – and I’m running out of options.
I broke into her iCloud account to see if location services were enabled, so I could try to navigate her through Find My iPhone. They weren’t, but I was able to walk her through turning them on through the Settings menu on her iPad very quickly. Soon enough, her beacon popped up on the website. Thank Glob. We’re in business. Turns out, after driving around for two hours, she was 12 miles away from the shelter and only 15 miles from her home.
So, I knew where she was, but I also know how terrible she is at following directions. So I open Apple Maps on my laptop, and set up a split screen with her iCloud locator beacon and the directions from where she was currently parked. Refreshing the Find My iPhone page, I could guide her over the phone, telling her what to expect (“In about a minute, you’ll pass a Publix on your left”).
Success! Ten minutes later, she arrived at the highschool. Only to find the windows dark and the gates locked. I double-checked the shelter list I had been referencing, and it was never on the list to start with, so that entire trip was a wild goose chase. I can hear mom getting pretty upset at this point and I told her to stay calm, and that we’d find another one.
I don’t know Florida geography at all, but I used Apple Maps to find a few official pet-friendly shelter options that were close, while my fiancee parallel-pathed by calling them to make sure they had a vacancy. It waspretty late in the evacuation game, after all, and the odds were good that many shelters would be full by then. Most didn’t answer the phone, but that didn’t surprise us too much.
I find a place that’s 20 minutes away, and repeat the turn-by-turn process for her, refreshing her Find My iPhone page every minute or so, and then switching back to Apple Maps. I could hear Siri faintly in the background, so I think Apple Maps worked fine for her, she just couldn’t hear Siri on her iPad, even with the sound turned all the way up, since the iPad was on her passenger seat.
She arrived at the second shelter, only to be turned away. They were full. She started to cry, and explained to the shelter volunteer that she’s disabled and hasn’t taken her heart medicine yet, and begged him to let her in. He apologized and said he couldn’t. When she wouldn’t stop begging, her referred her to someone else at the shelter who might have more information.
We were in luck. The other shelter worker knew of another shelter that still had room. (I can hear all of this conversation on the phone, and asked her to hand the guy her phone so I could take down the address.)
So, back in the car she goes. This third place was about 15 miles away. Mom was pretty upset at this point, but I promised her I’d get her and her dog there safe and sound if she could just stick with me a few more minutes. Once again, turn by turn, two-screens up showing me where she is and where she’s going, to make sure I can catch it if she makes a wrong turn.
After an hour and 45 minutes, she pulls into the third shelter. My laptop is at 3%. I hear them ask for her driver’s license number and license plate number. She’s in.
I exhale.
My shoulders are sore from holding the phone in the crook of my neck, and I’m sunburned from sitting outside for almost two hours, but she’s finally safe at a shelter.
While this saga was far longer than it should have been, and far more complex than it could have been, the reality is that without iOS, I would not have been able to guide my mother anywhere, to a shelter or back home. We had nobody local who could have helped her, and while I hope to never have to go through that stress again, I marvel at the fact that I was able to remotely guide her to three different places I had never seen, in a way that was about as stress-free for her as it could have been.
I should really build an app for this. Maybe some Twilio integration so folks can get real-time Siri directions over the phone if they don’t have an iPhone and fancy bluetooth car stereo integrations. I’m not sure yet, but it’s got me thinking about ways we could use all of the awesome technology behind this stuff and make it more useful for the elderly, hard of hearing, directionally challenged, etc – especially during high stress situations. Maybe integrate it with some positive reinforcements if the driver is going the right way. “That’s it. You’re on the right track – just 5 more minutes!”
The post How iOS Helped Me Navigate My Mother to Safety During Hurricane Irma appeared first on Snipe.Net.
]]>The post Replace Your iPhone Alerts and Ringtones with Awesomeness for Free appeared first on Snipe.Net.
]]>I wanted to do this for two reasons, the first being to break the Pavlovian stress reaction I have when my phone makes a sound (“Ugh. Someone’s calling me.” “Ugh. What NOW??”).
The second is that I actually know it’s MY phone alerting in a room full of iPhone users. (“Is that me or you?”)
The process of making your own ringtones and alerts is easy, but it’s unfortunately more labor intensive than it should be. (Thanks, Apple.) I’ve found that it’s the least painful when you grab all of the sound FX you want to convert first, and then batch process them in one sitting.
Spend some time hunting down sounds you want to turn into ringtones/alerts. Ideally you want the downloads to be in mp3 format. They can be in other audio formats, but it can mean an additional conversion step that’s a pain in the ass.
Songs or game music can be fun for ringtones, but I tend to prefer the SFX. Mario grabbing a coin SFX for a text message alert, Mario dying for a ringtone, etc. Your mileage may vary, of course, but full songs need to be trimmed to 30 seconds or less, and I’m very lazy.
Some great sources for movie/TV/video game sound FX and music:
There are tons more resources out there (and if you can’t find the one you’re looking for, reply to this post and I’ll try to help you find it).
Once you’ve downloaded the sounds/music you want, you can trim if necessary them in iTunes, Garageband, Quicktime, or any other audio editor.
You have a bunch of different options here, so choose whichever works for you.
Start iTunes and find the song you want to convert. (It must be an MP3.)
afconvert -f m4af /path/to/file.mp3 /path/to/file.m4r
Music Converter is a free MacOS app that lets you drag mp3s into the app and convert them to m4r files. There is a pro version that lets you bulk convert, but it’s not necessary if you only have a few files, or if you have a little patience
Once you’ve converted all of your files, drag the new .m4r files into iTunes, and it should show up in the ringtones section of your iTunes library. From here, you can sync it with your iPhone or iPad, and then access it in the Sounds section of your iPhone’s settings to use it for various notifications.
Note: If they don’t sync automatically, connect your phone to your computer, launch iTunes, and make sure Sync Over Wifi is enabled. If they still don’t sync, click on your device in iTunes, then click on Ringtones, and make sure “Sync ringtones” is enabled.
The post Replace Your iPhone Alerts and Ringtones with Awesomeness for Free appeared first on Snipe.Net.
]]>The post Choosing a Model for Your Open Source Business appeared first on Snipe.Net.
]]>If you run a popular open source software project (or are considering starting one), and have ever kicked around the idea of trying to turn it into a business, there are some things you should consider first.
Let’s explore some of the more common options…
You have several models to choose from, the most popular being dual licensing, software as a service, consulting, freemium, donation-based funding, and crowdfunding.
Dual-licensing allows you to offer your software under an open source license, but also a separate, proprietary license, for example Oracle’s MySQL database which is dual-licensed under a commercial proprietary license as also under the GPLv2. A common tactic here is to draw users in with your free version, and then up-sell them to enterprise features or support.
You can learn more about multi-licensing here.
Selling online subscriptions for hosted versions of your software is a sometimes complex but viable solution. WordPress, for example, gives away their source code at WordPress.Org, but users who don’t want to host their own blog can sign up for a free or paid account at WordPress.Com.
If your software is multi-tenant (meaning it shares one instance/database for multiple top-level users), this can be an easier proposition, but multi-tenancy can also bring additional technical overhead and support issues with open source products. It can also raise security concerns with enterprise customers, since shared resources can mean potential data leakage if a bug or exploit occurs in the code that controls what user data belongs to which customer account.
While I don’t want to get too in the weeds with respect to software licenses in this article, I do feel there is a key difference between the GPL and the AGPL that’s important to note for the SaaS model.
Under the GPL, someone can take your source code, make changes to it and create a SaaS business around it, and they won’t be required to disclose their code changes. Under the AGPL, someone can take your source code, make changes to it and create a SaaS business around it but they are REQUIRED to disclose their code changes.
That includes your changes to your own AGPL software. If someone pays us to build a feature for their Snipe-IT install, we have to release those changes or we’d be in violation of our own license. The way we handle this is by explaining to customers that we can build features, but any feature we build must be released to the community project, so we only build features that make sense for the project as a whole and that will benefit all users.
Providing SaaS services without releasing the open-source software itself conforms with most open-source licenses (with exception of the AGPL), but I would argue isn’t aligned with the spirit of open source software. From Wikipedia
Because of its lack of software freedoms, Richard Stallman calls SaaS “inherently bad” while acknowledging its legality. The FSF [Free Software Foundation] called the server-side use-case without release of the source-code the “ASP loophole in the GPLv2” and encourage therefore the use of the Affero General Public License which plugged this hole in 2002.
Consulting can mean building additional features, providing training, or support, building plugins or themes, etc.
Other professional services can include paid online support training courses, distribution of physical installation media or binaries, for example as RedHat and IBM do.
Freemium is a harder model to implement in open source, since the source is, well, open, but we do see this in things like WordPress. While WordPress itself uses the SaaS model, they also offer plugins like Jetpack, which is free for the basic version but users can upgrade to premium services for a subscription fee.
You can develop proprietary modules, extensions, add-ons, plugins themes, etc for your open source project (assuming it’s architected in a way where that makes sense), but it’s important to keep in mind the potential software license implications here. From Wikipedia:
Some companies sell proprietary but optional extensions, modules, plugins or add-ons to an open-source software product. This can be a “license conform” approach with many open-source licenses if done technically sufficiently carefully. For instance, mixing proprietary code and open-source licensed code in statically linked libraries[45] or compiling all source code together in a software product might violate open-source licenses, while keeping them separated by interfaces and dynamic-link libraries might often adhere to license conform.
While you can absolutely run a business based off of donations or feature/bugfix bounties, I wouldn’t recommend this for smaller projects. The lack of reliability in income makes it difficult to plan a business around. For smaller projects, it might make more sense to find a corporate sponsor to provide more consistent income.
This method can work, but it requires a lot of marketing and word-of-mouth, and the possibility definitely exists that it could flat-out fail if you’re unable to drum up enough excitement about your project.
We tend to see pre-order/crowdfunded scenarios as a one-off or two-off project-based campaign and I’m not confident in the long-term viability of this as a business model (although I’m not saying that it couldn’t. I just don’t know.)
Each of these models have pros and cons, and you’ll need to put serious thought into each of them to determine what will work for you based on the nature of your software, the strengths and weaknesses of the team or organization working on the project, and the software license(s) your software is released under.
For example, if you’re a programmer without experience in configuring, deploying, maintaining, and managing servers and SLAs, a software-as-a-service (SaaS) model might not be a good fit unless you can partner up with someone with experience there or can secure funding for managed services. It is possible to do, but you’re setting yourself up for failure (and a lot of pissed off customers).
When I decided to take the leap and turn Snipe-IT (my open source IT asset management solution) into a business, I had to spend some time thinking about how my business could (and more importantly should) work. The first question in figuring that out is…
You can’t really have a discussion about business models in open source without determining who uses your software and what pain points they might have.
In my case, our user base is largely small to medium-sized businesses. My software is web-based, which made it difficult to install for IT managers that had plenty of experience deploying desktop applications but little to no experience running web servers. This meant there was a pain-point we could solve for them as a SaaS product.
The most straightforward model is consulting. You still run your open source project the way you normally would, but you make additional money (either solo or by building a consulting company around it) doing training, building features, etc for companies that want more.
That’s a perfectly viable (and successful) model for a lot of companies, but it wasn’t what I wanted. I’ve been a consultant, and while I enjoyed the work at the time, I’m simply not interested in consulting anymore. I don’t want to do consulting myself, and I don’t want to run a consulting company.
This is your business. It’s going to take heroic effort and time to build it, grow it, and maintain it. It’s critical that you start with something you wantto be doing. Sometimes that means that the most obvious model isn’t the right model for you.
Before you jump in with both feet, there are a few more issues you need to think about.
Developing open source software is infinitely more difficult and complex than developing private, proprietary software where you control the environment, the versions that are used in production, and the upgrade process from start to finish.
To make things more complicated, once you decide to open source your product, or to turn your open source product into a business, you have to figure out how to integrate your business into your product without compromising the open source version.
For example, with Snipe-IT, there are things we could add to the source that would make it easier for us to remind users when their credit card is expiring soon, so they don’t lose access to their hosted instance – either using a drop-in service like Stunning, or by adding code that calls back to our corporate APIs to check on billing status. That would be better for our business, but would require we add a bunch of proprietary code into our open source product, so we don’t do it.
Additionally, there are technical solutions we would use that would make our product better (for example, a simple queuing system for large imports), but would make it more difficult for open source users to install. If an IT manager can’t handle setting up a web server, what are the odds they will know how to set up Redis or RabbitMQ? Each dependency adds an additional barrier to open source users. For some projects, that’s okay, but for us, knowing what our open source users’ pain points are, it’s not worth it.
And let’s face it, when you add layers of complexity, you end up with more support requests. Which leads us to the next point…
This seems obvious, but I can’t stress it enough. When your business is open source software, you still have to maintain support in the open source community. That means that you now have paying customers to support, and a free community to support.
For Snipe-IT, the fact that we release so frequently is a blessing and a curse. It’s great because it means new features and bugfixes are always shipping, but it also means that if you run your own version, you’re going to be updating a lot. Some people don’t want to deal with that hassle. Other people just don’t want to bother with running a server just for their asset management system.
We’ve managed to find the sweet spot of price and value that seems to make sense for our customers so that we’re growing every month at a pace that works for us.
We do occasionally lose paying customers to our own free product. Folks who signed up for an account and love the product but decide they want to host it in-house to save money absolutely exist, but interestingly, we have more customers who started with a local install and decided to go with us for a SaaS solution than we have customers defecting to host it themselves. And frankly, those are my favorite customers, since they’ve already tested the product, they know what it does (and doesn’t do), and now just want it implemented in a way that makes their life easier.
We do occasionally get free users who accuse of making the installation hard deliberately to drive people to the hosted version (LOLOMGWUT), which is super frustrating to hear someone say, but we try not to let it bother us too much. We bust our asses building a great open source product. Everything else is just infrastructure automation.
The other thing to consider is that this will be a real business, and not everyone is prepared or willing to handle all that entails. It’s a giant pile of paperwork and headaches – totally worth it, IMHO, but not everyone wants to deal with that. Payroll, taxes, marketing, accounting, benefits, employee agreements and employee handbooks all come with running a business.
I ended up going with a hybrid model. The majority of Snipe-IT’s revenue comes from our SaaS product, but we do also offer pro support options for folks who want to host the product themselves, usually due to security policies forbidding SaaS products handling certain types of data.
Our pro support plan is actually more expensive than our hosted option, because when we host the product ourselves, we know the environment well and can easily troubleshoot issues. When supporting an install where we sometimes literally can’t even access the front-end, support takes a lot more time.
Running your own business, especially one based on open source software, is enormously rewarding, but it’s a big step and requires a lot of commitment. Make sure you put the time in ahead of time to determine which model, if any, is right for you.
The post Choosing a Model for Your Open Source Business appeared first on Snipe.Net.
]]>The post Getting More Women to Participate In Your Local Tech Meetup appeared first on Snipe.Net.
]]>
He’s already got a solid Code of Conduct, and he cares deeply about diversity and inclusion in his company and in the meetups he organizes, but San Diego presents a few unique challenges.
First, while San Diego does have a strong tech community, San Diego is also a big county, and the tech community is spread out, with meager public transportation. So much so that many meetups have to run two versions: one for north county and one for more southern areas. Between physical distance and unholy traffic, it’s just really difficult to get people to drive over an hour each way after a full day at work.
To make it even more fun, Rust is a reasonably niche language, so the Rust meetup is smaller than many other tech meetups in San Diego. By all accounts, Rust is a great language with a welcoming community, so odds are good that our local Rust community will grow as the rest of the Rust community grows, but a quick glance at their Meetup page puts their average confirmed attendance at between 6-15 people.
To date, the San Diego Rust meetup has not had a single female attendee. Not one.
So, my first suggestion to him was to invite women to present at the meetup. Easy, right? Problem is, he doesn’t know a single female Rust user who is local and could therefore present at a meetup without a lot of additional cost.
Well, shit.
That obviously doesn’t mean there are literally no female Rust users in San Diego, it just means no one involved with the meetup knows about them.
I haven’t been actively involved in the organization of any meetups in at least a decade, but I know a lot of super-smart people on Twitter (including badass usergroup organizers and tech community builders), so I figured I’d ask around. San Diego challenges aside, there were some great suggestions that came through, so I thought I’d share them with you.
Wait wait…it really *is* a pipeline problem in this case? Whoa.
Time to build the pipeline. Presentations to/at local uni/ComColleges?
— VM (Vicky) Brasseur (@vmbrasseur) July 20, 2017
That’s… actually a great idea, and should have been obvious. Derp. I mean, of course. San Diego has plenty of community and state colleges.
Like @DAkacki said, reach out to girl tech groups. Search Meetup for the area and offer to present on Rust or another topic to their group.
— Shot Above Par (@shotabovepar) July 20, 2017
Are there groups like girl develop it or railsbridge etc. that you could reach out to? Maybe start a chapter?
— Richard Schneeman (@schneems) July 21, 2017
Have a workshop on an intro to this language at one of the other tech meetups?
— Kat Sweet (@TheSweetKat) July 20, 2017
No quick fix. Attend/support other meetups (with women) and expand your network. Organize Rust beginner meetup and advertise to women.
— Franziska Hinkelmann (@fhinkel) July 20, 2017
10 could mentor ~20 juniors, similar to @Nodeschool. Some juniors might stick around, attend regularly, become speakers or organizers.
— Franziska Hinkelmann (@fhinkel) July 20, 2017
Reaching out to leaders in the developer community space can also spark great discussions and ideas on how to broaden your reach. Talk to the folks who have already figured this stuff out.
@nellshamrell programs in “that language that rhymes with Must” and I’m sure would love to help build that community in SD
— Michael Ducy (@mfdii) July 20, 2017
Check out this video “How the Boston Python User Group grew to 1700 people and over 15% women” https://t.co/N3Z37EFYPl
— Marce Elizeche Landó (@melizeche) July 20, 2017
Remote meetups certainly have their place, although I’m not sure they are a complete substitute for the in-person stuff (which I find builds local networks, friendships, etc), but certainly augmenting some meetings as virtual could be helpful for folks with family or schedule obligations.
Do they have to be in person? Try video meet ups? That would be helpful with anyone who has familial obligations (not necessarily for women)
— Danielle Leong (@tsunamino) July 20, 2017
This suggestion also falls into the “so brilliant and obvious, I’m embarrassed I didn’t think of it”. Your meetup presenters don’t always have to be in the room. You could easily stream them into the meeting room, allow Q&A after, etc.
I saw in another comment you said few local female speakers – how about remote? There are some v great female rustaceans
— Sam Julien (@samjulien) July 20, 2017
Someone had suggested finding local women Rust developers via LinkedIn, and contacting them directly. While I could see that working, I could also see it being really creepy. Be careful and respectful. If you’re not sure if your direct message could be read as creepy, run it past a few of your female colleagues for sanity-checking.
It’s a bit stalkery but you can search GitHub for people by what language they’ve done projects in and location. Or similar on LinkedIn
— Scott Hirleman,CFA (@shirleman) July 20, 2017
I am more likely to attend events for the first time with my mentors, co-workers, or other people I know. My network is key to where I go.
— B. Postnikoff (@Straithe) July 20, 2017
Have members invite their mentees. If none of them mentor women, that is another failing that should be fixed.
— B. Postnikoff (@Straithe) July 20, 2017
A few folks suggested offering healthy food/snacks (no pizza? I’m out), not holding the event at a bar, providing child care, and making sure the venue itself is in a well-lit, non-creepy location.
Building a community takes time and work, especially when the language is young. (I remember being one of four people at the San Diego PHP User’s Group, back in 2002 or so). I don’t think there’s a one-size-fits-all approach that will work for everyone, hopefully these suggestions give you a great place to start.
You can read the entire Twitter thread here, if you’re so inclined.
The post Getting More Women to Participate In Your Local Tech Meetup appeared first on Snipe.Net.
]]>