Bertrand Florat Tech articles Others articles Projects Cours CV Contact

Hi ! This is my personal page and blog. You will find here some articles or projects I'm involved in and few thoughts (mainly about IT).

I design, code and integrate large IT projects. I like to work in agile environments to bring as much value as possible to my customers, while dealing with budgets and timelines. My main current positions are Software and infrastructure architect on the first side of the coin, DevOps engineer on the other.

Last technical articles :

Nov 5, 2020 - Why did I rewrite my blog using Eleventy ?

Reasons to change

This personal home page and blog was previously self-hosted using a great Open Source Wiki engine: Dokuwiki. It worked great for long years but few months ago, I felt than it was time to change lanes and embrace the JAM Stack (JavaScript / API & Markdown).

Issues with traditional wikis

  • Security: many spam in comments, possible PHP vulnerabilities
  • Regular upgrades to be performed against the engine
  • Many plugins required to make something useful. Old ones, conflicting ones...
  • Not so easy to customize the rendered pages
  • Slower than a static website
  • Much larger electricity consumption to serve pages
  • Requires PHP modules to be installed and tunned along with the HTTP server
  • Most wiki engines require a database (even if it is not the case of Dokuwiki)
  • Not so easy reversibility. One way way is to use Pandoc to translate wiki syntax to markdown.

Opportunities with the JAM Stack

  • Ability to write articles using a more widespread markdown languages than one of the numerous Wiki syntaxes around
  • None vulnerability possible (except from the Web server itself) as the produced website is only static HTML
  • Using Git (advanced version control) and associated ecosystem (Merge Requests...)
  • Possibility to use CI/CD tools to deploy new pages
  • Can be deployed on CDN (even if I continue to self-host it)
  • Possibility to use great IDE to write articles (like VSCode and all its extensions)
  • Faster preview of rendered page : I can now see in my browser the result in less than a single second
  • Containers-friendly (using a nginx docker image typically)
  • It's the new trend ! (OK, it's a kind of RDD but it may be useful in current professional context)

The not-so-good using the JAM Stack

  • You have to rely on external services to perform some basic features like adding comments (already disabled in my case, too many spam messages) or full-text searches

Eleventy

Well, I finally decided to switch to the JAM Stack. But it is very crowded. I already use Antora at work to generate great technical documentation using Asciidoc but it was not suitable for a blog. I also used Jekill for a long time with Github pages (see Jajuk website) but I find it complicated, aging and too restrictive.

After a quick look at the most popular platform (Hugo), I gave up. Basically, I felt than I had to learn a full world before being able to make a website and I haven't this time.

Then, I heart about a new simple platform: Eleventy. I loved the Unix-like idea behind it: a very low level tool leveraging on existing templating engines like Liquid or Nunjucks and allowing to mix HTML and markdown contents. It also leverages a convention over configuration principle enabling results in no time.

Last but not least: it is very fast (near as fast as Hugo). It is a JavaScript tool great for most frontend developers who can use npm, sass... Look at this page if you want to see sample code using Eleventy.

I finally rewrote my website in raw CSS, HTML, Markdown and Liquid templates thanks to Eleventy. It only toke me a single day to grasp basic Eleventy concepts and port the existing website. I finally got a full control over my pages.

Note that another common strategy is to use an existing theme (like a Bootstrap-based theme) and to make the HTML generic using templating templates. I gave up this method because I wanted something simple, very light and something I fully control and understand...

May 6, 2020 - Comment faire de bons ADR (décisions d'architecture) ?

Registre des décisions d'architecture

Un registre de décisions d'architecture sert à consigner les décisions importantes d'architecture (les ADR, Architecture Decision Record).

Le but est de permettre la connaissance et la compréhension des choix a posteriori et de partager les décisions. Le dossier d'architecture quant à lui ne reprend pas ces choix mais ne fait apparaître que la décision finale.

Il n'y a qu'un seul registre d'ADR par projet.

Format d'un ADR

Chaque ADR est constitué d'un fichier unique au format asciidoc avec ce nom : [séquence XYZ démarrant à 001]-[decision].adoc.

Format de la décision : en minuscule sans espaces avec des tirets comme séparateur. Exemple : 007-API-devant-bases-existantes-perennes.adoc.

Chaque ADR contient idéalement le contenu suivant (adaptable en fonction des besoins) :

1) Historique

  • Donner le statut et l'historique des changements d'états
  • Les statuts possibles sont : TODO (à rédiger), WIP (Work In Progress), PROPOSE,REJETE, VALIDE, DEPRECIE, REMPLACE.
  • Si le statut est VALIDE, détailler la date et les décideurs qui ont validé.
  • Si le statut est REMPLACE, donner la référence de l'ADR à prendre en compte.
  • Ne jamais supprimer un ADR (le mettre en statut DEPRECIE) et ne pas réutiliser l'ID d'un autre ADR du même module.
  • Mentionner l'éventuel ADR qui le remplace. Exemple: Remplacé par l'ADR 002-...

2) Contexte

Présente les choix possibles, les problématiques, les forces en jeu (techniques, organisationnelles, réglementaires, financières, humaines ...). Donner les forces, faiblesses, opportunités et risques de chaque solution (voir méthode SWOT).

Note:

  • Si un point est rédhibitoire, l'indiquer.
  • Numéroter les solution pour y référer sans ambiguïté
  • Pour les cas les plus simples, deux paragraphes avantages/inconvénients pour chaque solution peuvent suffire.
  • Dans certains cas, l'ADR ne peut contenir qu'une seule solution, le but étant de documenter les raisons de cette architecture.

3) Décision

Donner la décision retenue (être affirmatif et rappeler le numéro de solution retenue). Exemple: Nous effectuerons les signatures de PDF au fil de l'eau (solution 1).

4) Conséquences

Donner les éventuelles conséquences de la décision en terme de mise en œuvre. Ne pas reprendre les forces, faiblesses des solutions mais plutôt les conséquences pratiques de la décision. Donner les actions permettant de réduire les éventuels risques induis par la solution.

Exemples :

* Il conviendra de prévoir des logs spécifiques pour le traitement

* Le risque d'indisponibilité sera couvert par des astreintes renforcées

Format du registre

Idéalement, un registre d'ADR propose un rendu visuel de tous les ADR avec leur statut et leur historique respectifs de façon à disposer d'une vue globale sur la situation de chaque décision. Statuts et historiques ne doivent en aucun cas être dupliqués car implique une double maintenance qui a très peu de chance d'être faite correctement. Dans la plupart des cas, mieux vaut ne faire figurer ces informations que dans chaque ADR même si cela implique de les ouvrir un pas un. Une alternative est de classer les ADR dans des sous-répertoires par statut mais cela rend le parcours des ADR plus difficiles.

Si vous utilisez Asciidoc (ce que je recommande vivement), une astuce existe : l'inclusion de tags. L'idée est de laisser le statut et l'historique mais chaque ADR mais de les inclure dans un tableau pour former le registre. Exemple :

Dans 001-dedoublonnage-requetes.adoc :

## Statut
// tag::statut[]
`VALIDE`
// end::statut[]

## Historique
// tag::historique[]
Validé le 26 nov 2019 avec xyz
// end::historique[]

et dans le registre (README.adoc) :

.Table Liste et statuts des ADR RECE
[cols="2,1a,4a"]
|===
|ADR |Statut |Historique

|link:001-dedoublonnage-requetes.adoc[001-dedoublonnage-requetes]
|include::001-dedoublonnage-requetes.adoc[tags=statut]
|include::001-dedoublonnage-requetes.adoc[tags=historique]

|link:002-appels-synchrones.adoc[002-appels-synchrones]
|include::002-appels-synchrones.adoc[tags=statut]
|include::002-appels-synchrones.adoc[tags=historique]
...
|===

Exemple complet d'ADR

    ## Historique
    Statut: `VALIDE`

    * Validé par xyz le 28 janvier
    * Proposé par z le 02/01/2020

    ## Contexte

    <Présentation générale de la problématique>

    # Solution 1: <description solution>
    ## Forces
    - Limite l'utilisation du réseau

    ## Faiblesses
    - Moins robustesse

    ## Opportunités

    ## Risques
    - [rédhibitoire] Nécessite que la signature se fasse en synchrone ou en fil l'eau

    # Solution 2: <description solution>
    ## Forces
    ## Faiblesses
    ## Opportunités
    ## Risques

    ## Décisions
    La solution 2 est retenue

    ## Conséquences
    - Vérifier la configuration des JVM pour utiliser un générateur d'aléas

Conseils d'utilisation

  • Ne pas hésiter à ajouter des images/schémas... Penser à Mermaid et Plantuml.
  • Ne pas horodater les modifications de l'ADR lui-même, c'est le rôle de l'outil de gestion de version (GIT). Utiliser des messages de commit explicites.
  • Un bon ADR doit être :
    • court ;
    • clair ;
    • pertinent (explique bien le contexte, les choix possibles et la décision retenue) ;
    • accessible de tous (Wiki, Github..., pas de documents bureautique) ;
    • tracé (changelog, commits Git, ...) ;
    • transparent : s'il manque des éléments de décision, les mentionner.

Autres resources

Liens : liste des templates d'ADR courants

Sep 1, 2019 - V3 modèle de dossier d'architecture

Voir https://github.com/bflorat/modele-da

Le modèle a été augmenté, simplifié et corrigé. Surtout, il prend la voie d'une documentation vivante en étant repris en asciidoc (il sera donc maintenant possible de proposer des merge requests par exemple). Les diagrammes sont toujours en Plantuml mais la plupart ont été repris en diagrammes C4.

Retours et PR appréciés

May 31, 2018 - Summary of Cal Newport's "Deep Work" book

I just finished "Deep work", an interesting book. I only regret it doesn't contain any reference concerning the pomodoro technique.

Here's my few raw notes :

Deep work : “professional activities performed in a state of distraction-free concentration that push cognitive capabilities to their limit”. For high skills, difficult to replicate.
Shallow work : “non cognitive demanding, logistic-style tasks, often performed while distracted.” Low value, easily replicable 
Deep work hypothesis : the ability to perform a deep work is rare and valuable. Those who are capable will thrive. 
The core abilities : 
- quickly master hard things
- produce elite level with speed
Both depends on deep work

Myelin : by triggering always the same paths, better signal -> more focus = more intelligence
High quality work = time x intensity of focus 

Metric black hole : we don't actually measure value of tasks we perform
Principe of least resistance : given that we don't actually measure value of our work, we do first what is easier : shallow work.
Busyness as a proxy for productivity : in knowledge works, difficult to estimate our own value : a lot of shallow work makes false feeling of produced value 
Cult of the Internet : everything from the Internet (like facebook) is considered a piori as good in IT :  hugh error.
Neuroscience : what you are is the sum of what you focus on. Happier when we focus on flow activities. We need goals, challenges, feedback.
We all have a limited amount of will-power so we need to save it for deep work.

Profiles of deep workers:
- bimodal : monastic-like activities for few days, shallow work during the rest of the time
- rhythmic philosophy : moment reserved every day, use a chain method like a cross on the calendar : we want to avoid any hole in the chain.
- journalist philosophy : switches between shallow work and deep work all the day long (hard) 

Ideas to help deep work:
- grand gesture : leave habits, work in an hotel for ie
- help serendipity by meeting people from others disciplines
- stop to work the evening to let the unconscious mind to solve problems for you (less work = more CPU to solve problems in your mind background)
- also rest because we all have a limited amount of available attention
- perform of shutdown ritual every end of day (like saying 'work performed') -> brain conditioned to stop running thoughts. Otherwise, Zeigarnik effect (we remember better interrupted tasks because we want to solve it)
- search boredom to help the brain to rewire
- schedule the day by blocks, change blocks during the day if required 

Deep work meditation to solve complex problems:
- Store variables of current state of the problem
- ask question to force the brain to go to the next problem and no looping
- fight distracted thoughts

Memorization technique (see the book for more details) : imagine large objects in 5 rooms of our house, map the objects with a set of celebrities and imagine scenes. Each person maps a value (like a number of a card value) 

Avoid any-benefits tools like facebook, concentrate on craftsman approach : only consider tools that help significantly to reach the lead goals 
To determinate if a tool that help : 
- list the key activities you need to realize to reach the lead goals 
- for each activities, ask yourself if the tool helps or not

4DX (Four disciplines of eXecution) :
- focus on widely import goals (measurable few goals)
- focus on lead goals, not long term goals
- use scoreboards
- perform periodic summaries 

Law of the vital fews (Pareto principle) : 80% of a given effect is done by 20% of the possible causes
During leisure, avoid using Internet, do high-level activities like reading literature
Evaluate shallow work performed by week and confront it to your boss and ask him to validate.
To determine if a work is shallow : how many months would it take to teach an hypothetical post graduate to make it ?
Say "no" by default, provide vague explanation to avoid questions.
Process centric e-mails to close the loop and free the mind : state clearly the next steps on every subject (every action)
Avoid replying to e-mails on subject without interest, coming with too much work to reply etc..

May 31, 2018 - Benefits of Hardware-based Full Disk Encryption and sedutil

We need to protect our personal or professional data, especially when located on laptops that can easily be stolen. Even if it is not yet fully widespread, many companies or personal users encrypt their disks to prevent such issues.

They are three major technologies to encrypt the data (most of the time, the same symmetric cipher is used:AES 128 or 256 bits) :

  • Files-level encryption tools (7zip, GnuPG, openSSL...) where we encrypt one or more files (but not a full file system)
  • Software FDE = Full Disk Encryption (dm-crypt, encfs, TrueCrypt under Linux ; BitLocker, SafeGuard under MS Windows among many others) where a full file system is encrypted. Most of these softwares map a real encrypted file system to a in-memory clear filesystem. For instance, you open an encrypted /dev/sda2 filesystem with dm-crypt/Luks this way :
    sudo cryptsetup luksOpen /dev/sda2 aClearFileSystemName  
    <enter password>
    mount /dev/mapper/aClearFileSystemName /mnt/myMountPoint
  • Hardware-based Full Disk Encryption (also named SED = Self-Encrypting Disk) where hard disk encrypt themselves in their own build-in disk controller. We'll focus here on this technology.

To make it work, you need :

  • a SED-capable hard disk or SSD (I for one own a Samsung 840 PRO and a 850 EVO that support it, most professional disks do).
  • a compatible BIOS that support SED. You can then set a disk-level user password in the BIOS (and optionally an administrator password to unlock the user password). When the computer boots, the BIOS asks interactively for a disk password [1]. Note that many BIOS (especially on desktops or on non-professional laptops) doesn't support this feature because the constructor has not enable it (maybe to avoid customer complaints about password loss ?).

Once the correct BIOS disk password entered, the disk becomes totally 'open' (we say 'unlocked'), exactly like it has never been encrypted. None software is involved afterward. It is important to understand than a SED always encrypts the data. There is no way to disable this behavior (however, it doesn't cause any significant effect on the IO performance however because the IO volume is unchanged and because the disk controller comes with a build-in AES chipset). The real encryption key (MEK = Media Encryption Key) is located inside the disk itself (but cannot be accessed). The user password (named KEK = Key Encryption Key) is used to encrypt / decrypt the MEK. Keeping the disk password unset is like keeping a safe open : the data is still encrypted but decrypted when accessing the disk exactly as if none security system ever existed. When you set the user password, you close the safe door using your key. Note that there is no (known) way to recover a disk if you loose your password : you not only loose your data but you also loose your disk : it becomes a piece of junk from where none data can be read or written to.

I used dm-crypt (the default FDE software under Linux) for my own laptop until soon as I bought a SED-enabled Samsung SSD but I never managed to use them on my own computer because my AMI BIOS doesn't support this feature. The only option then was to use a software file system encryption. This works but comes with several complications or drawbacks :

  • you need a /boot partition in clear to bootstrap the process. An attacker can easily alter this partition and add keyloggers for instance ;
  • you have to change some kernel options and make sure to set the right modules loading order at startup or resume (ans keep them when updating the kernel) ;
  • the TRIM SSD feature [2] is now supported by dm-crypt but it comes with security concerns ;
  • you need dm-crypt commands on liveCD distros when performing system backups.

The only benefit of using software FDE I can think of is the possibility to check the cipher code source (when using an open source solution like dm-crypt of course). This is not the case of hardware encryption even if none severe issue has been reported so far AFAIK.

SED hardware-based disks are much simpler to use in comparison :

  • you only have to set a BIOS password and it's done !
  • you save a significant amount of CPU usage ;
  • it is possible to destroy definitively a drive by changing its password once for all when decommissioning a laptop for instance (but it is also a drawback when the password is lost unintentionally).

But :

  • once unlocked, the disk remains in this state while the computer is powered (this include while suspended on RAM). Login window doesn't change anything : an attacker can read the drive by plugging directly to the SATA port (DMA attack) and even worse ; [a warm reboot (a restart) keeps the drive open !]{.ul} It means that one can access the unlocked disk simply by inserting a Live CD/USB and rebooting the computer. The Live CD/USB is booted and all the drive data is available when mounted ! ; This is why, when using SED, [you should always hibernate]{.ul} (suspend-on disk) instead of suspending on RAM : when hibernating, the drive actually loses power and is locked again. Of course, you'll get the same effect when turning off your computer.
  • you need a SED-capable BIOS. Note that you can also use the hdparm command to unlock a SED drive but it requires to boot a Live CD/USB. Then launch something like the command bellow and then restart your computer. However, it is not actually practicable ;
    sudo hdparm --user-master u --security-set-pass 'pass' /dev/sdb
  • if you loose the disk password, the disk is simply dead (but is may be a benefit as stated before) ;
  • you may depend of a special BIOS manufacturer because it trims or hash the disk password (KEK). Another BIOS may use another algorithm. It means that moving a drive from a computer to another may lead to be unable to unlock the drive, even with the same password.
  • because the operating system and its settings is not yet booted, only the QUERTY keyboard layout is available, you have to keep this in mind when choosing and typing it ;
  • you have to trust the hardware security chipsets.

The OPAL specification published by the Trusted Computing Group (AMD, IBM, Intel, HP...) fixes some of these issues :

  • you can always save the disk when loosing the disk password (of course, data is still lost, fortunately) thanks the PSID Revert function (the PSID is a number printed on the disk proving than you can physically access the drive) ;
  • the KEK hashing and triming is now standard : the same drive could be moved from a computer to another :
  • you can use SED even without BIOS support because OPAL comes with a mechanism called 'shadow MBR'. Basically, you flash a mini-OS (the PBA = Pre-Boot Authorization) up to 128MB to a dedicated area of the disk. This OS is provided to the BIOS when booting. A password window is then displayed. If the password is correct, the real MBR of the drive (the Master Boot Record = boot code) is then decrypted and executed. No more need for BIOS SED support and even better : a new open source OPAL implementation (sedutil) is available and its code source can be reviewed much more easilly than the BIOS binary firmware.

The new sedutil project comes with :

  • some PBA images ready to flash to the drive
  • the sedutil-cli command to administer the OPAL disk (setting up a drive in OPAL configuration, changing the password, PSID revert...) . Note that these commands requires to set libata.allow_tpm=1 to the kernel flags if run from an installed Linux. You can also, like me, use sedutil-cli from a rescue image booted from USB. See the list of commands. See also how to Setup a drive.

This worked perfectly for me and I now use my Samsung 850 EVO drive in SED OPAL mode. Note that sedutil doesn't support suspend on RAM (when resuming, the drive is as if it was dead, you'll get IO errors all over the place). Always use hibernation instead (as I already stated, it's the only safe way to use SED drives anyway).

[1] Note that it has nothing to do with the main BIOS user password that "protect" your machine (then your disk data is still in clear and can be read simply by moving it to another computer or by removing the BIOS battery)

[2] TRIM is used for SSD to free ASAP unused blocks and increase the disk lifespan.

Full tech articles list here