All posts in “Developer”

Terminal makes it easy for companies to open international offices

Born out of a frustration with recruiting within the peninsula-trapped City of San Francisco, Terminal is a platform allowing companies to tap into talent abroad. Starting with campuses in Kitchener-Waterloo, Montreal and Vancouver, the startup aims to plant physical flags in as many of the world’s global talent centers as possible.

Terminal is being run by 8VC‘s Joe Lonsdale, Atomic‘s Jack Abraham and Dylan Serota, formerly of Eventbrite. The vision is a turnkey solution for international expansion that manages challenges ranging from identifying and recruiting talent to supplying office space, managing paperwork and distributing payroll.

By design, Terminal limits both the companies that can benefit from the platform and the engineers that can work at its offices. In limiting participation, Terminal maximizes its brand-value, increasing its odds of bringing in the best companies and the best engineers.

With the backdrop of an asphyxiating U.S. immigration policy, Terminal is looking to perform talent arbitrage. Engineers in Canada for example don’t demand the six plus figure salaries of their Bay Area counterparts. And towns like Waterloo and Montreal possess strong universities and healthy talent pools full of engineers that want the experience of a Silicon Valley startup without needing to pack up and move to the Bay Area.

Many companies have taken to opening offices in Canada to assist with securing top international talent. Uber and Facebook, among others, have recently opened up new offices in Canada targeting scarce AI and machine learning talent. Terminal is poaching these same recruiters from major tech companies to help startups.

Even with all the resources in the world, international expansion can put stress on the culture of small companies. It’s important to grow with intention and not create a team so distributed that it can’t be managed.

“In its very early days, a company should be in one spot, then go to two spots and scale that up for a while,” Lonsdale asserted. “I don’t think a startup should have three offices with a small number of employees in each.”

The Terminal co-founders are actively considering new cities to open offices. All of this gets to be capital intensive and while Abraham wouldn’t specify funding, he noted that the group has plenty of money at its disposal.

“We’re not planning on exiting,” Lonsdale added. “There is going to be a need for this in the long term future so we’re building this as a resource. Depending on what investors the company takes on, we can let them have liquidity as normal.”

Terminal’s 15 full-time employees have successfully recruited 100 engineers so far at three times the speed of a traditional recruiting firm. Terminal charges per-head for its recruiting efforts, collecting a percentage of employee salaries. Though this is an industry standard business model, Terminal collects a higher percentage because of its service approach that includes the physical offices and back-office support.

Some of the early customers of Terminal have come from the 8VC and Atomic portfolio. Other investors from Sequoia, Lightspeed and NEA have worked with Terminal to recruit for portfolio companies interested in gaining an international presence. Eventually these VCs could help to sift through the backlog of startups that want to take advantage of Terminal.

User outcry prompts OnePlus to step down its excessive data collection

Earlier this week, it was revealed that independent phone maker OnePlus was collecting all manner of information from phones running its OxygenOS — without telling users, of course. Caught red-handed, the company is backing off from the opt-out data collection program, giving users a choice up front instead of buried in the options.

The offending telemetry was discovered earlier this week, when software engineer Christopher Moore happened to snoop on his phone’s traffic for a hacking challenge. He noticed that the device was phoning home to OnePlus when it crashed — which is expected and benign — but also every time the phone was woken up or put to sleep — which is odd and intrusive.

Looking closer, he found that the device was also repeatedly sending its IMEI, phone number, serial number, wi-fi network and MAC address, and numerous other metrics. Having the option to send this information with, say, a bug report would be understandable, but it was sending this information every time an app was launched.

OnePlus said at the time that the data was to “fine tune our software according to user behavior” and “provide better after-sales support.” It could be partially turned off in advanced settings, or totally removed with a command line tool.

Of all phone manufacturers, of course, OnePlus probably has the users most likely to go snooping around for this kind of stuff, so it’s strange that such plainly intrusive metrics would be employed. Users were clearly bothered, so yesterday OnePlus provided a more substantial response on its support forums.

After the standard “We take our users – and their data privacy – very seriously” boilerplate and assuring people that this was all a big misunderstanding, OnePlus co-founder Carl Pei explained the practical steps the company was taking:

By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program. The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.

He also notes that the company never sent this information to any third parties, which is good. But opting out of the “user experience program” doesn’t appear to stop telemetry data from being sent — it just means “your usage analytics will not be tied to your device information.” Users may prefer to know that their data is not being collected at all, but for now that option appears to be limited to the same command-line tools as it was before.

GitLab raises $20M Series C round led by GV

GitLab, a collaboration and DevOps platform for developers that’s currently in use by more than 100,000 organizations, today announced that it has raised a $20 million Series C round led by GV (the fund you may still remember under its former name of Google Ventures). This brings GitLab’s total funding to date to just over $45.5 million.

In addition to the new funding, the company also today said that WordPress founder Matt Mullenweg is joining the company’s board.

As its name implies, GitLab started out as a git-based open source tool for self-hosting code repositories. Since its launch in 2014, the company has branched out, though, and added a number of more DevOps-centric services to its lineup. This includes a number of workflow tools, but also features that easily enable code review/test/release automation and even application monitoring.

It’s maybe no surprise then that the company now sees it as its mission to “develop a seamless, integrated product for modern software developers and become the application for software development in Kubernetes” (yes — even GitLab now wants to get deeper into the Kubernetes game).

“The Fortune 500 is racing to build world-class software development organizations that mirror the speed, productivity, and quality of the largest tech companies. As these organizations strive to produce high-quality code at scale, they will need best-in-class tools and platforms. GitLab’s platform accelerates the development process with an emphasis on collaboration and automation,” said Dave Munichiello, GV General Partner, in a canned statement today. “GitLab’s hybrid, multi-cloud solution is loved by developers, and is seeing tremendous traction in the field.”

Current GitLab users include the likes of Ticketmaster, ING, NASDAQ, Sony, VMWare and Intel.

As for the funding itself, GitLab says that it plans to use it to add “new functionality for packaging, releasing, configuring and monitoring software.”

The company does face competition from the likes of GitHub and Atlassian’s BitBucket, though GitLab argues that its tools currently represent two-thirds of the self-hosted git market.

Featured Image: Smith Collection/Gado/Getty Images

Signal update keeps your address book secret, keeps it safe

No one would use a secure messaging service like Signal if you couldn’t find out who else was on it — but how can you trust Signal and others not to snoop when you submit your contacts for it to check against its list of users? You shouldn’t have to — it should be impossible. That’s the intention of an update to the app that makes contact discovery even more private.

It’s not that Signal or someone else was collecting this info to begin with — it’s encrypted the whole way, so really it’s already pretty safe. But say Signal were to be hacked or secretly taken over by the NSA. If this evil-twin Signal looked really closely, it could probably figure out who certain users were searching for monitoring for known hashes. That info could be used to de-anonymize users.

Moxie Marlinspike (Open Whisper Systems) at TechCrunch Disrupt SF 2017

Signal’s Moxie Marlinspike, who hinted at this upcoming feature at Disrupt last week, writes up the team’s approach to making sure that even that far-flung possibility is impossible.

The technical details I’ll leave to him to explain for obvious reasons, but the gist is this. Conceivably, Signal’s servers could be surreptitiously logging every tiny action being taken, from which user info is being accessed to the exact location in memory where a response is written.

Think of it like this: even if what someone is reading or writing is hidden from you, if you watch closely you can tell where the pencil is and what movements it’s making. If you know the list is alphabetical, and that the first name is X letters long, that narrows it down considerably.

This kind of ultra-low-level attack, on the level of RAM monitoring and so on, has to be considered or you risk underestimating your adversary.

Fortunately, fast becoming a standard in chips is a “secure enclave” that can perform certain operations or store certain data that’s inaccessible to the rest of the OS. Apple has one for Touch ID and Face ID, for instance, so the rest of the OS never sees your biometric information — and therefore can’t give it up to hackers or three-letter agencies.

By using this enclave and carefully manicuring its technique in querying the main database, Marlinspike and the team made it possible for users to check their address book against the main Signal list without anyone but the users themselves seeing the list or results. The enclave also checks to make sure Signal’s servers are running the code they’re supposed to be.

There are still a few opportunities for this hypothetical evil Signal to snoop, but they’re decidedly limited — much more so than before. That reduces the amount of trust you have to place in them — though you still need to trust the secure enclave, the encryption method, and so on. But the fewer links in the trust chain, the better.

This feature hasn’t rolled out to everyone yet; it’s still a “beta technology preview,” but is planned to roll out after testing in the next couple months.

Featured Image: Jaap Arriens/NurPhoto/Getty Images

Keybase launches fully encrypted Slack-like communications tool — and it’s free

Keybase added to its encrypted tool kit today when it launched Keybase Teams, an open source, Slack-like communications tool with end-to-end encryption. Desktop and mobile versions are available for download now.

It may seem like competing with Slack, the enormously popular enterprise communications tool would be a fool’s errand for Keybase. But by making it fully encrypted, open source and free, even for teams as large as 500 people, it could be attractive to cost- and security-conscious teams who are at all worried about anyone snooping on their communications.

It works just like any other communications tool of this ilk. You create a Keybase Team and begin generating chats and channels. You can also share encrypted files with the team. The interface should have a familiar look and feel.

Photo: Keybase

The team admin gives the team a name and can add members, which works on a signature chain. Only admins have full privileges on the chain and the ability to add or remove members. It’s worth noting that team name can only exist once in Keybase Teams, so there can never be two teams with the same name. The team admins can also create sub-teams off the main teams.

But the true differentiator here is the end-to-end encryption, which Keybase says should give you full peace of mind that no servers can be hacked or communications sniffed out, leaving communications completely private and protected. Keybase has taken many precautions to ensure the privacy of these communications to the extent possible. “At no point does Keybase have any private keys for any file or chat data. Your device keys never leave your device,” Keybase made clear in the blog post announcing the tool.

What’s more, the company says that the product is free, but even if they start charging at some point in the future for enterprise customers, they say that they will never charge anyone who has created teams prior to that time. “Put most simply, we eventually want to find a way for actual enterprises to pay, while keeping personal and community use free. And any use now is grandfathered in,” the company stated in the blog post.

Keybase says the product is evolving quickly and there should be regular updates in the coming weeks that will add to and improve the overall experience.

The Teams product joins the end-to-end encrypted File Sharing tool introduced in February and the encryption key tool to introduced a couple of years ago. The company also hinted that a Git for Teams product, which would provide a fully private developer repository, is coming very soon

Keybase was launched by the founders of OK Cupid in 2014. The company has raised $10.8 million.

Featured Image: kemalbas/Getty Images