Free software log (November 2017)

These are getting later and later despite the best of intentions, but I still have plans! Strategies! Intentions! Hopes! Next month's might be a bit closer to on time.

This month, I finally have some employer-sponsored free software work to report: overhauling the service account handling in Merou. Previously known as Grouper until I pointed out the Internet2 project of the same name, this is the system we use internally at Dropbox for privilege management. It's essentially an account and group management framework with a delegated privilege model for assigning, managing, and auditing privileges.

Everyone seems to have one of these, and they're generally not that reusable. This is ours, and... I'm not sure how reusable it is. But hopefully it will get better!

I did not write this, and haven't previously done much development work on it, but in November I got some dedicated time to rewrite how it represented service accounts (non-human accounts). The previous implementation was a bit of a hack, reusing the user and group concept in a weird merged hybrid to represent a managed user. The new version, which has been pushed to GitHub, elevates a service account to a separate object in the database with its own permissions, assigns ownership of service accounts to groups, and has a separate privilege delegation mechanism from groups to the service accounts they own.

We've not yet deployed the service account fixes at Dropbox due to long and boring stories about schemas and database migrations and running out of time, but hopefully will early in 2018. Merou as a project doesn't handle database migrations yet, but we're considering looking at that early next year too. It would be nice to stop scrambling to keep internal projects moving and be able to work on properly polishing things for external release.

BTW, Merou is probably not the name that will stick. I've been advocating Permeate for a while. We'll see if that sticks.

On my personal time, I didn't do much in November (but December will have a much better report). I just fixed some issues with the Usenet control message processor that I still run, all of which stemmed from the fact that the PGP used for Usenet control messages is thoroughly obsolete. I kind of want to tackle that as a personal project, but time for personal projects has been short on the ground.