Love.Law.Robots. by Ang Hou Fu

tech

Feature image

I really like Notion

I have a confession to make. I really like Notion. Notion, at its most basic, is a note-taking application. It allows you to create pages that contain various content, like web links, markdown, checklists, embedded content and so on. I am not alone too in liking Notion — look for the #notion hashtag on Twitter, and you'd find people rabidly professing their love. They aren't celebrities trying to sell something, but normal and authentic people who love a product.

Notion – The all-in-one workspace for your notes, tasks, wikis, and databases.A new tool that blends your everyday work apps into one. It’s the all-in-one workspace for you and your team.Notion

My wife, who is a bit flabbergasted that I recommend Notion for everything , told me frankly, “Isn't this like Todoist? Or some journal app? There are dozens of such programs out there on the Internet. Free or paid.”

It's true. You can find dozens of apps that can provide you with a Kanban. It's a crowded field.

But Notion is special.

To me, it's a content management system that is very user friendly, yet very powerful at the same time. Like my wife says, the kanban, the markdown, the images, whatever, all those features aren't very interesting. However, you can dive straight into the app and create any of them in Notion. There isn't much to configure or install. You don't get to code it. To be frank, your interaction with Notion doesn't go further than typing text on a keyboard or enabling some option on a pop-up toolbar.

Is “no-code” for lawyers... or losers?

This brings me to the concept of “no-code” or “low code”. Apparently, lawyers are highly allergic to coding anything, so the idea that you don't have to do any coding is a feature. Among the front runners of this feature is Documate. It is a document assembly service built on docassemble but turns all that “programming” into buildable boxes so you don't have to do any coding. Another non-legal example is Scratch, an MIT project that teaches children how to program using blocks.

Document Automation Software – DocumateLegal document automation software to create powerful workflows that push data into your templates and forms.Documate

I haven't used Documate before, so I can't tell you whether it's good. Judging by its community though, it looks great. If you are attracted to its “no-code” premise and terrified of having to learn YAML and Jinga/Python in order to use docassemble, you should definitely give it a go.

As I can code, the idea of “no-code” turns me off though. Being able to tinker with a product is the fun part to me. Telling me I can't code means I cannot fully utilise the product. Once you become familiar with the capabilities of the product, your inability to code starts to look like the true barrier to achieving something. Suddenly, it's your fault, and that feeling really sucks.

It doesn't have to be this way. The opposite of “no-code” or “low code” isn't to code everything. To put it in another way, a product that asks you to do everything yourself is terrible. Ultimately a product has to provide features that you can use to achieve your aims. A particular set of features might be so limiting that it can do only one thing (and maybe do that one thing well). However, a different set of features could be so intriguing that you can use it for everything.

Think of “no-code” or “low code” this way:

  • You hardly ever need to code in Microsoft Word. Yet you can create any kind of document you want. No code ftw!
  • It ain't obvious, but you do some coding when you input a formula in Microsoft Excel. However, this “low code” environment allows you to perform calculations and filters and then use the output to visualize data. Excel is a prototypical database, a custom program and a report generator. Oops, sorry, Excel is a spreadsheet program.

Why I would use Excel for my Contract Management SystemHow do I get on this legal technology wave? Where do I even start? A “contract management system” or a “document management system” (“CMS”) is a good place. Business operations are not affected, but the legal department can get their hands dirty and show results for it. If you wouldLove.Law.Robots.HoufuSome good advice: consider using stuff you have already installed for innovation rather than inventing the wheel.

It's important to note that these Microsoft Office programs don't advertise themselves as “no-code”. They're still easy to use and accessible to all types of users.

Using Notion to improve my wife's website

So if you've been following so far, I think Notion is a great product that is equal parts friendly and powerful. It's also improving with a killer feature — an API. So a great product is now available to be integrated with others, making it even more powerful.

Notion APIConnect Notion pages and databases to the tools you use every day, creating powerful workflows.Notion API

My use case shows how you can use Notion to make small, impactful improvements to your projects.

Problem Statement

My wife is diligently developing her illustrator side hustle on her website, which I developed in roughly a week using NextJS. As an illustrator, a gallery is an important showcase of her work. Even though I had no qualms about doing it, being able to manage the content on the gallery herself would be a good feature. Content gets on the website quicker, and she'd get full autonomy on how to present it.

How the end product is going to look like – The Gallery page features categories where illustrations are organised. The pages for individual galleries feature a gallery of illustrations for the selected categories. Individual images feature some metadata.

My wife is not a coder, so choosing a data format for her was going to be challenging. It has to work with the website and work in her workflow too. A full-fledged content management system like WordPress would surely be overkill. However, explaining to her the intricacies of JSON, YAML or TOML would probably turn her off as well.

To turn you off, here's how the original YAML file looked like:

—- – caption: Travel sketches dateupdated: '2021-03-02' id: 3 location: travels title: Adventures and travels images: – caption: '' source: travels1.jpg thumbnailCaption: '' – caption: '' source: travels2.jpg thumbnailCaption: '' – caption: '' source: travels3.jpg thumbnailCaption: '' – caption: '' source: travels_4.jpg thumbnailCaption: '' portrait: true

I'd call this “code lite” like docassemble since she only has to edit one text file. But this will become problematic very fast:

  • What does “travels_1.jpg” mean? How do I write a caption for something which I don't even know what it is?
  • This is a text file, so the actual images are missing. It turns out that she still has to send the file to me, and then I have to rename it, and errm... a bunch of other manual steps before it gets on the website.
  • It's not difficult for an ordinary user to commit errors on YAML. For example, the indents are significant. Any typo on the source file names is sufficient to break the system as well.

Notion Everywhere!

Enter Notion. It does all of the above and it does it even better. The YAML text file is now replaced with a screen that looks like this:

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b366764b-cef6-4c06-8821-93d0a26c7c7d/Untitled.png

Each box is clickable, and it leads you to the illustration's own page.

Deceptively, it looks like a gallery, but its underlying structure is a database. So I can view all my pictures in a user-friendly gallery, which allows for searching and filtering. Furthermore, the gallery packs an interface for me to upload new illustrations. It's not obvious from the screenshot, but you can even create new categories of illustrations.

Editing the metadata of an individual illustration is also straightforward:

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d0737aaf-1ec4-4118-a480-26ee662b240b/Untitled.png

The gallery also allows my wife to attach her illustration to the individual item, so I am able to get everything I need to create the gallery from Notion.

Finally, using Notion API, the NextJS website generator grabs all the information from Notion to create the gallery you now see on the website. (NB: As of writing the Notion API does not support images, so that step is still manual at this time.)

Once you have decided on the scheme of your data, you can directly translate it into a user-friendly Notion page. My wife doesn't need to touch any code, but she still gets to plan her gallery in the way she wants. (Now she just has to scan some illustrations. 😝)

Conclusion

I hope this demonstration gets you to question what we really want from “no-code” or “low code”. It's sexy to claim that lawyers don't get to touch any code, or that they can automate their workflows by dragging and dropping some boxes. However, we can be more discerning than that. What exactly are the features of this product? What can I do with it? Does it make me pull my hair out at the limitations it imposes on me? Or does it offer to sacrifice me on the altar of my crappy computer skills? In the end, designing a good product is a lot more difficult than having an effect that doesn't need you to code. Even a product made for general use (like Word or Notion) might be more relevant than a product that is labelled “legal tech”.

And if you ask me, a good barometer of a great product is the fans who are willing to say nice things about it.

#Programming #tech #docassemble #blog #MicrosoftOffice #Notion #LegalTech

Author Portrait Love.Law.Robots. – A blog by Ang Hou Fu

Feature image

Speaking has always been a big part of being a lawyer. You use your voice to make submissions in the highest courts of the land. Even in client meetings, you are also using your voice to persuade. Hell, when I write my emails, I imagine saying what I am writing to make sure it is in my voice.

So, thinking about how a synthesized voice can be useful is going to be controversial. You might think that a computer's voice is soulless and not interesting enough to hold on its own against a lawyer. However, with advances led by smart assistants like Google Home and Siri, Text to Speech (TTS) is certainly worth exploring.

Why use robots?

Talking is really convenient, as you would open your mouth and start talking (though some babies will disagree). However, working from home shows how difficult it can be to record and transmit good quality sound. Feedback and distortions are just some problems people regularly face using basic equipment to have online meetings. It's frustrating.

If you think this is an issue that is resolved by having better equipment, it can get expensive very easily. You might notice that several people are involved in producing your favourite podcast. You are going to need all sorts of equipment, like microphones and DAC mixers. Hire Engineers? What does a mixer do, actually?

Furthermore, human performance can be subject to various imperfections. The pitch or tone is not right here. Sometimes you lose concentration or get interrupted in the middle of your speech. All this means you may have to record something several times and hopefully get the delivery you are happy with. If you aren't confident about your English or would like to say something in another language, getting a computer to voice will help overcome it.

So a synthesized voice can be cheap, fast and consistent. If the quality is good enough, you can focus on the script. For me, I am interested in improving the quality of my online training. Explaining stuff doesn't need Leonard Cohen quality delivery. It's probably far less distracting anyway.

Experiments with TTS

I will take two major Text to Speech (TTS) solutions for a spin — Google Cloud and Mozilla's TTS (open source). The Python code used to write these experiments are contained in my Github.

houfu/TTS-experimentsContribute to houfu/TTS-experiments development by creating an account on GitHub.GitHubhoufu

Google Cloud

It's quite easy to try Google Cloud's TTS. A demo allows you to set the text and then convert it with a click of a button. If you want to know how it sounds, try it!

Text-to-Speech: Lifelike Speech Synthesis | Google CloudTurn text into natural-sounding speech in 220+ voices across 40+ languages and variants with an API powered by Google’s machine learning technology.Google Cloud

To generate audio files, you're going to need a Google Cloud account and some programming knowledge. However, it's pretty straightforward, and I mostly copied from the quickstart. You can hear the first two paragraphs of this blog post here.

Here's my personal view of Google Cloud's TTS:

  • It ain't free. Pricing for premium voices is free only for the first 1 million characters. After that, it's a hefty USD16 for every 1 million characters. Do note that the first two paragraphs of the blog have 629 characters. If you are converting text, it's hard to bust that limit.
  • The voices sound nice, in my opinion. However, if you are listening to it for a long time, it might be not easy.
  • Developer experience is great, and as you can see, converting lines of text to speech is straightforward.

Mozilla's TTS

Using Mozilla's TTS, you get much closer to the machine-training aspects of the text to speech. This includes training your own model, that is, if you have roughly 24 hours of recordings of your voice to spare.

mozilla/TTS:robot: :speech_balloon: Deep learning for Text to Speech (Discussion forum: https://discourse.mozilla.org/c/tts) – mozilla/TTSGitHubmozilla

However, for this experiment, we don't need that as we will use pre-trained models. Using python's built-in subprocess module, we can run the command line command that comes with the package. This generates wave files. You can hear the first two paragraphs of this blog post here.

Here's my personal view of Mozilla's TTS:

  • It's open-source, and I am partial to open source.
  • It also teaches you to how to train a machine using your voice. So, this is a possibility.
  • It sounds terrible, but that's because the audio feels a bit more varied than Google's. So... some parts sound louder, making other parts sound softer. There is also quite a lot of noise, which may be due to the recording quality of the source data. I did normalise the loudness for this sample.
  • Leaving those two points aside, it sounds more interesting to me. The variation feels a tad more natural to me.
  • There aren't characters to choose from (male, female etc.), so this may not be practical.
  • Considering I was not doing much more than running a command line, it was OK. Notably, choosing a pre-trained model was confusing at first, and I had to experiment a lot. Also, based on what you choose, the model might take a bit of time and computing power to produce audio. It took roughly about 15 minutes, and my laptop was wheezing throughout.

Conclusion

If you thought robots would replace lawyers in court, this isn't the post to persuade you. However, thinking further, I think some usage cases are certainly worth trying, such as online training courses. In this regard, Google Cloud is production-ready so that you can get the most presentable solutions. Mozilla TTS is open source and definitely far more interesting but needs more time to develop. Do you think there are other ways to use TTS?

#tech #NaturalLanguageProcessing #OpenSource #Programming

Author Portrait Love.Law.Robots. – A blog by Ang Hou Fu

I run a docassemble server at work, ostensibly introducing co-workers to a different way of using templates to generate their agreements. It's been pretty useful, so much so that I use it myself for my work. However, due to the pandemic, it's not been easy to go and sell it. Maybe I am going to have better luck soon.

In the meantime, I decided to move the server from AWS to DigitalOcean.

Why move?

I liked the wide variety of features available on AWS, such as CodeCommit, Lambda and SES. DigitalOcean is not comparable in that regard. If I wanted to create a whole suite of services for my application, I would probably find something on AWS's glorious one-page filled with services.

However, with great functions come great complexity. I had a headache trying to exploit them. I was not going to be able to make full use of their ecosystem. (I shall never scoff at AWS certification anymore.)

On the other hand, I was more familiar with DigitalOcean and liked their straightforward pricing. So, if I wanted to move my pet project somewhere, I would have liked it to be in my backyard.

Let's get moving!

Lesson 1: Respect the shutdown

The docassemble docs expressly ask you to shut down your docassemble server gracefully. This is not the usual docker stop <container> command but with a timeout flag. It isn't fatal to forget the timeout flag in many simple use cases, so you would never actually notice it.

However, there's another way to kill your server in the cloud — flip the switch on your cloud instance on the management console. It doesn't feel like that when you click the red button, but it has the same effect. The cloud instance is sent straight to heaven, and there is nothing you can do about it.

The shutdown is important because docassemble does quite a lot of work when it shuts down. It dumps the database records in your storage. If the storage is located in the cloud (like AWS's S3 or DigitalOcean's Spaces), there is some lag when sending all the files there. If the shutdown is not respected, the server's state is not saved, and you might not be able to restore it when you start the container.

So with my AWS container gone in a cloud of dust, I found my files in my S3 storage were not updated. The last copy was over several months ago — the last time I had shut down my container normally. This meant that several months of work was gone! 😲

Lesson 2: Restore from backup

This blog could have ended on that sad note. Luckily for CloudOps newbies like me, docassemble automatically stores backups of the server state. These are stored in the backup folder of your storage and are arranged by date.

If you, like me, borked your docassemble server and set it back to August 2020, you can grab your latest backup and replace the main directory files (outside backup). The process is described in the docassemble docs here. Instead of having no users back in August 2020, I managed to retrieve all my users in the Postgres database stored in the backups. Phew!

Lesson 3: Check your config.yml file

After this exercise, I decided to go with a DigitalOcean Droplet and AWS S3. Given that I was already on S3 and the costs of S3 are actually fairly negligible, this seems like a cost-effective combo. DigitalOcean spaces cost $5 no matter how big they are, whereas my S3 usage rarely comes up to more than a dollar.

Before giving your new docassemble server a spin, do check your config.yml file. You can specify environment variables when you start a container, but once the server is running free, it uses the config.yml file found in the storage. If the configuration file was specially set for AWS, your server might not be able to run properly on DigitalOcean. This means you have to download the config.yml file on the storage (I used the web interface of S3 to do this) and edit it manually to fit your new server.

In my setup, my original configuration file was set up for an AWS environment. This meant that my EC2 instance used security policies to access the S3. At the time, it simplified the set-up of the server. However, my Droplet cannot use these features. Generate an access key and secret key, and input these details and more in your updated config.yml file. Oh, and turn off ec2.

If you are going to use Spaces, you will transfer the files in your old S3 to Spaces (I used s4cmd) and fill in the details of your S3 in the configuration file.

Conclusion

To be honest, the migration was essentially painless. The design of the docassemble server allows it to be restored from a single source of truth — the storage method you choose. Except for the problems that come from hand-editing your old config.yml (I had to type my SecretKey a few times 😢), you probably don't need to enter the docker and read initialize error logs. Given my positive experience, I will be well prepared to move back to AWS again! (Just kidding for now.)

#tech #docassemble #AWS #DigitalOcean #docker #OpenSource #tutorial #CloudComputing

Author Portrait Love.Law.Robots. – A blog by Ang Hou Fu

Feature image

COVID-19 brought home a few trends most would not bother with otherwise. Remote working instead of showing up at an office and passing four budgets in as many months — it’s time to question deeply-held assumptions.

One deeply-held assumption which we might not be able to shake off is the archaic and highly formal process of getting wills done. The Wills Act is considerably vintage, dating earlier than the mid-nineteenth century. As such, it contains interesting oddities such as “a blank space shall intervene between the concluding word of the will and the signature”. You can do this by simply pressing “Enter” after you finish writing your will.

What do these restrictions mean in today’s context?

The main obstacle placed by the Wills Act is that two witnesses are required to witness your signing. You can type and save your will on your computer as much as you like, but it cannot be valid until it is witnessed physically.

The physical requirement of witnessing also makes the validity of e-signatures dubious. The Electronic Transactions Act excludes the creation and execution of wills explicitly. Your will therefore must have a physical manifestation, and someone has to use a pen (or other inking devices) to sign it.

Why is there resistance to change?

It’s not as if no one is trying here. Most people would like to attribute this to “tradition”. However, I also believe that this is perhaps the area where witnesses to a signature does have an impact on disputes. Wills can be challenged for various arbitrary reasons; claiming that [the testator was not thinking straight is one of the easiest](GHOST_URL__/settling-scores-through-your-will-it-doesnt-end-well/). When done correctly, your witnesses can provide that evidence.

The remote nature of e-wills and e-signature provides new avenues for attacks on the validity of your will. Somebody else clicked to sign in your place. How do you know someone is under undue influence when you are looking at them through your webcam?

I am not saying that these problems are insurmountable, even today. However, a process that works wells already exists right now. People who care about their will are willing to go to a law firm and pay for it. If a better solution is out there, it has to be significantly better than the current one.

… But this area is certainly looking at it.

Having a process that works does not mean it is perfect. In fact, there has been much movement in this area:

It’s not clear whether the paid services are making money on their own. The “referral” aspect of the business seems obvious in cases like OCBC, so I suspect most services come together with some other (financial planning) product.

Of course, given the legal background, all these services can only draft a will. Execution is either a separate service (usually involving law firms) or DIY.

And there is room for improvement.

I tried the OCBC service and had the opportunity to view the results of WillMaker. From what I can tell, all these options employ an expert system to generate a will. The problem with the expert system is that the service is only as good as the questions asked.

I previously drafted wills as a charitable service. My primary audience then probably substantially overlaps with someone willing to use the OCBC service. If you would like to generate your own will and your assets are uncomplicated, the current services should fulfil your needs 60-80% of the time. The services are thus very substantial and useful. If you have a lot of odd requests and complicated assets, you must go to a law firm to sort out the ends.

The real problem is that most people who want to make a will don’t have any idea what they are doing. I don’t mean this in a legal sense like trying to dispose of your CPF by will. At this point, they are exploring their options or looking for an expert to challenge their conclusions. A will generator that merely does what the user wants may not be enough. The user wants to know whether the will they have in mind is the one they want.

A will that doesn’t inspire confidence in its user isn’t going to go very far. After going through the form filling exercise, users confront the formal requirements of will execution. They get worried about whether they are doing the right thing. Then they realise that they do need a law firm.

In the end, if you are going to go to some law firm anyway, the need to do an E-Will or e-signature vanishes.

Conclusion

This post might sound bleak for people looking for a change. However, look positively, and it is obvious that there is a need that hasn’t been fulfilled yet. Perhaps charging for an expert system is not likely to draw enough people to experiment with their options. The point is that there should be a system that is demonstratively better than what we have now. Only then will there be an impetus to remove the formalistic limitations of wills.

So who wants to do an E-Will?

#Law #tech #E-signature #ElectronicTransactionsAct #LegalTech #Singapore #Wills #WillsAct

Author Portrait Love.Law.Robots. – A blog by Ang Hou Fu

Feature image

Things you can only do during a lockdown – install a new server. As I mentioned previously, I got round to installing the latest Ubuntu LTS on my home server. Instead of using apt get for new software, I would run my server services through Docker instead. First up, I got Pi-Hole working and blocking ads. I's been sweet.

Let’s Play with: Pi-HoleI try to install Pi-Hole Server to block all ads and tracking websites at home.Love.Law.Robots.Houfu

My conviction to use containers started with docassemble. You can use docassemble to generate contracts from answering questions. It's relevant to my work and I am trying to get more of my (non-legal) colleagues to try it. Unlike other software I have tried, docassemble recommends just using docker. With one command, docker run -d jhpyle/docassemble, I would get a fully-featured server. My mind was blown.

DocassembleA free, open-source expert system for guided interviews and document assembly, based on Python, YAML, and Markdown.Docassemble

However, as I became more familiar with how to get docker to do what I want, the limitations of that simple command began to restrict me. Docassemble uses several ports. Many other applications share the same port, especially for a web server: 80 and 443. If docker and docassemble took these ports, no one else was going to get them. I wasn't sure if I wanted my home server to be just a docassemble server.

Furthermore, using secure ports (HTTPS) became a serious problem. I wanted to use my home server's docassemble installation as a development base, so it should be accessible to the outside world. For some reason, docassemble wouldn't accept my wildcard certs. If I planned to use it for anything serious, having an unsecured website was impossible.

It got so frustrating that I gave up.

Enter the Reverse-Proxy: Traefik

The short answer to my problems was to use a reverse proxy. A reverse proxy is a kind of server that gets information from another server for a client. Or in this case, a traefik server receives a request and figures out which docker container it should go to. A traefik server can also do other things, such as providing end to end security for your communications by obtaining free SSL certificates from Let's Encrypt.

TraefikTraefik Documentationlogo

I was convinced to go for this because it claimed that it would make “publishing your services a fun and easy experience”. When I read that, I let a tear go. Is it actually possible for this program to automatically detect the right configuration for your services? Even for something as big as docassemble?

I'll let you be the judge of that at the end of this article.

Step 1: Set up Traefik

Of course, you would need to have docker set up and good to go.

There are a bunch of ways to get Traefik going, but I would be using a docker-compose.yml file like in the QuickStart.

The documentation for docassemble does not mention anything about docker compose. It is a shame because I found it to be a more user-friendly tool than the docker command-line interface. So instead of writing a bash script just to shorten my long docker run command, I would write out the blueprint of my setup in the docker-compose.yml. After that, I can run docker-compose up -d and the services in the file will start altogether.

This is very important in my setup, because there are other services in my home server like plex or grocy (another lockdown project) too. For the sake of convenience, I decided to include all these like projects in the same docker-compose.yml file. This is the blueprint of my home server!

Back to Traefik, this is the section of my docker-compose.yml file setting out the reverse proxy server:

services: reverse-proxy: # The official v2 Traefik docker image image: traefik:v2.2 containername: traefik # Enables the web UI and tells Traefik to listen to docker command: —api.insecure=true —providers.docker ports: # The HTTP/HTTPS port – “80:80” – “443:443” # The Web UI (enabled by —api.insecure=true) – “8080:8080” volumes: # So that Traefik can listen to the Docker events – /var/run/docker.sock:/var/run/docker.sock – /home/houfu/traefik/:/etc/traefik/ environment: DOAUTH_TOKEN: XXX restart: unless-stopped

Just a few notes:

  • This line /home/houfu/traefik/:/etc/traefik/ under volumes allows me to have access to the configuration file used by traefik.
  • This line DO_AUTH_TOKEN: XXX under environment is to generate SSL certificates using my personal domain, which is managed by DigitalOcean.

Step 2: Prepare Traefik to generate SSL Certificates

Instead of having docassemble obtain the SSL certificates to use HTTPS, I decided to get Traefik to do it instead. Reverse proxies do this job much better, and I wouldn't need to “enter” the docassemble container to hunt down why SSL is not working.

Besides, my other services on my home server were already getting their certificates through Traefik, so getting docassemble to do the same would be straightforward right?

For this step, you would need to define a certificate resolver for Traefik to use. Please read the documentation as it is quite informative. For my set-up, I decided to use DigitalOcean as I was already using it for my DNS.

In the configuration file (traefik.toml), add a section to define the certificate resolver.

[certificatesResolvers.docassembleResolver.acme] email = “[email protected]” storage = “acme.json”

[certificatesResolvers.docassembleResolver.acme.dnsChallenge] # used during the challenge provider = “digitalocean”

The final step, especially if you have chosen DigitalOcean as a provider, is to get an API key and provide it to Traefik so that the process of getting a certificate can be automated. This was the DO_AUTH_TOKEN in the docker-compose.yml file referred to in the first step.

Step 3: Provide a blueprint for the Docassemble service

Once we have the reverse proxy set up, it’s time to get docassemble to run. This is the final form of the docker-compose.yml file for the docassemble service.

docassemble: image: “jhpyle/docassemble:latest” hostname: docassemble containername: docassemble stopgrace_period: 1m30s environment: – CONTAINERROLE=all – DBPREFIX=postgresql+psycopg2:// – DBNAME=docassemble – DBUSER=docassemble – DBPASSWORD=abc123 – DBHOST=localhost – USEHTTPS=false – DAHOSTNAME=docassemble.example.com – USELETSENCRYPT=false – S3ENABLE=true – S3ACCESSKEY=ABCDEFGH – S3SECRETACCESSKEY=1234567 – S3BUCKET=docassemble – S3ENDPOINTURL=https://xxxx.sgp1.digitaloceanspaces.com – TIMEZONE=Asia/Singapore – DAPYTHONVERSION=3 labels: – traefik.backend=docassemble – traefik.http.routers.docassemble.rule=Host(docassemble.example.com) – traefik.http.services.docassemble.loadbalancer.server.port=80 – traefik.http.routers.docassemble.tls=true – traefik.http.routers.docassemble.tls.certresolver=docassembleResolver – traefik.http.middlewares.docassemble-redirect.redirectscheme.scheme=https – traefik.http.middlewares.docassemble-redirect.redirectscheme.permanent=true – traefik.http.routers.docassemble.middlewares=docassemble-redirect

One of the most important aspects of setting up your own docassemble server is figuring out the environment variables. The docassemble documentation recommends that we use an env.list file or pass a list of configuration values to the docker run command. For our docker-compose file, we pass them as a dictionary to the environment section of the service blueprint. Feel free to add or modify these options as you need. For example, you can see that I am using DigitalOcean Spaces as my S3 compatible storage.

So where does the magic of Trafik’s automatic configuration come in? Innocuously under the label section of the blueprint. Let’s split this up for easy explanation.

labels: – traefik.backend=docassemble – traefik.http.routers.docassemble.rule=Host(docassemble.example.com) – traefik.http.services.docassemble.loadbalancer.server.port=80

In the first block of labels, we define the name and the host of the docassemble server. Traefik now knows what to call this server, and to direct queries from “docassemble.example.com” to this server. As docassemble exposes several ports, we also help prod traefik to use the correct port to access the server.

labels: – traefik.http.routers.docassemble.tls=true – traefik.http.routers.docassemble.tls.certresolver=docassembleResolver

In this block of labels, we tell Traefik to use HTTPS and to use the certificate provider we defined earlier to get these certificates.

labels: – traefik.http.middlewares.docassemble-redirect.redirectscheme.scheme=https – traefik.http.middlewares.docassemble-redirect.redirectscheme.permanent=true – traefik.http.routers.docassemble.middlewares=docassemble-redirect

Finally we tell traefik to use a middleware here — a redirect. The redirect middleware ensures that uses will use HTTPS to communicate with the server.

Note that in our environment variables for the docassemble server, we tell docassemble not to use https (“USEHTTPS=false”). This is because traefik is already taking care of it. We don’t need docassemble to bother with it.

It works!

Docassemble servers take a bit of time to set up. But once you get it up, you will see my favourite screen in the entire application.

docassemble server is working.I would like to thank my...

Notice the grey padlock in the address bar of my Firefox browser? That’s right, HTTPS baby!!

Final Thoughts

I am glad I learnt a lot about docker from docassemble, and its documentation is top-notch for what it is. However, running one is not easy. Using docker-compose helped iron out some of the pain. In any case, I am glad I got over this. It’s time to get developing! What should I work on next?

#blog #docassemble #docker #tutorial #tech #Traefik #HTTPS

Author Portrait Love.Law.Robots. – A blog by Ang Hou Fu

Feature image

Update 11 May 2020 : A few days after I wrote this post, Pi-Hole released version 5.0. Some of the new features impact the content here. Since it’s only been days, I have updated the content accordingly.

It was a long weekend, so it was time to play. Ubuntu 20.04 LTS just came out. This is important because of the “LTS” at the back of its name. I took the opportunity to upgrade “Ursula”, my home server. I have not been installing OSes like changing my clothes since High School, but I had big plans for this one.

Ad Blocking on a Network Level

Securing your internet is tough. I have “fond” memories of earlier days of the internet when browsing the internet exposed you to porn. How about flash movies that install software on your computer? It now seems quaint that people are surprised that they can be tricked over the internet with phishing and social engineering.

I value my privacy and I would like to control what goes on about me and my computers. I don’t like ads or tracking technologies. More people seem to be on my side on this one: with every browser claiming that they will block ads or trackers.

Browsers are important because they are the main window for ads or trackers. However, other activities also generate such risks, such as handphones, smart gadgets, and other internet-connected devices.

If you are accessing the internet outside of your browser, your browser won’t protect you. The more comprehensive solution is to protect on a network level.

To protect yourself on a network level, you will adjust your internet router settings and how your internet traffic is processed so that all requests are caught. A blacklist of trackers and suspicious websites is usually maintained. If a query meets the blacklist, they are not processed.

As you might expect, fidgeting with your internet router settings, finding out what your ISP’s upstream servers are, or even niggling around config files is very daunting for most users.

Enter the Pi-Hole

I first learned about Pi-Hole through the DigitalOcean Marketplace. It was great that it was designed for containers from the start, because I wanted “Ursula” to serve services using containers instead of the complexity of figuring out Ubuntu Linux’s oddities.

Home1. Install a supported operating systemYou can run Pi-hole in a container, or deploy it directly to a supported operating system via our automated installer.DPi-hole logotelekrmorPi-hole Web Page

Previously I implemented my internet blacklist using response policy zones in a bind9 server. I am not entirely sure how I did it… which would be a disaster if my server gets wiped out.

The best thing about dockers is that you would write the configuration in one file (like a docker-compose.yml for me) and it’s there. Once you have reviewed the configuration, you would just call docker-compose up and the program starts up for you.

Once you have the server running, you can ogle at its work with pi-hole’s gorgeous dashboard:

So many queries, so many blocked. ( Update 11/5/20 : Screenshot updated to show the new version 5.0 interface. So many bars now!)

I could make a few conclusions from the work of my Pi-Hole server so far:

  • Several queries were blocked from my handphone. This shows that phones are a hotbed for ad trackers. Since most of us use our phones for web browsing, advertising on the internet has not taken a hit even though more browsers feature some form of adblocking.
  • The second chart (labelled “Clients “Over time)”) roughly corresponds to the computers used during the day. During this circuit breaker period, you can see your work computers dialling “home”. At night, more home computers are sending queries.

Installation Headaches

Using Pi-Hole as a local LAN DNS server

My previous LAN DNS server was meant to serve DNS queries for my home network. My home server and Network Attached Storage device were its main customers. I also exposed some of the services (like my Plex) to the outside world. If my LAN server was not around, I will have to remember many octets (read IP addresses).

Update 11/5/2020 : In the original post, I complained about setting local LAN hostnames being hidden. Version 5.0 now allows you to set hostnames through the admin dashboard. This is one feature that I would be using! Turns out, it was quick and easy!

The dashboard used to add local DNS domains. New in version 5.0.

Installing Pi-Hole Behind a Traefik Server/Reverse Proxy

I didn’t wreck my Ubuntu 18.04 LTS server so that I could install Pi-Hole. I wanted to be able to serve several services through my Home Server without having to be limited by one set of 80 (HTTP) and 443 (HTTPS) ports. Pi-Hole uses both of those ports. I will not be able to have any more web servers.

A reverse proxy routes a request to the correct server. My forays with Nginx and the traffic server had not been successful. Traefik got me curious because it claimed it could automatically figure out configurations automatically. If I could get Traefik to work, Traefik could sort out how to have several applications on one host!

Traefik, The Cloud Native Application Proxy | Traefik LabsTraefik is the leading open-source reverse proxy and load balancer for HTTP and TCP-based applications that is easy, dynamic and full-featured.Traefik Labs: Makes Networking Boring

So getting Traefik to work was a priority, but I also really wanted to set up Pi-Hole first. Curiously, there are some resources on getting both to work together correctly. Since this was the first time I was using both Traefik and Pi-Hole, I needed to experiment badly. In the end, I went down with this configuration in my docker-compose file:

version: '3'

services: reverse-proxy: # The official v2 Traefik docker image image: traefik:v2.2 containername: traefik # Enables the web UI and tells Traefik to listen to docker command: —api.insecure=true —providers.docker ports: # The HTTP/HTTPS port – “80:80” – “443:443” # The Web UI (enabled by —api.insecure=true) – “8080:8080” volumes: # So that Traefik can listen to the Docker events – /var/run/docker.sock:/var/run/docker.sock – /home/houfu/traefik/:/etc/traefik/ environment: DOAUTH_TOKEN: [... Token provided by Digital Ocean for SSL certificate generation] restart: unless-stopped

### pi-hole

pihole: containername: pihole domainname: xxx.home hostname: pihole image: pihole/pihole:latest dns: – 127.0.0.1 – 1.1.1.1 ports: – '0.0.0.0:53:53/tcp' – '0.0.0.0:53:53/udp' #– '0.0.0.0:67:67/udp' – '0.0.0.0:8052:80/tcp' – “0.0.0.0:8443:443/tcp” volumes: – ./etc-pihole/:/etc/pihole/ – ./etc-dnsmasqd/:/etc/dnsmasq.d/ # run touch ./pihole.log first unless you like errors # – ./pihole.log:/var/log/pihole.log environment: ServerIP: 192.168.2.xxx PROXYLOCATION: pihole VIRTUALHOST: pihole.xxx VIRTUALPORT: 80 TZ: 'Asia/Singapore' WEBPASSWORD: PASSWORD DNS1: [VQ Server 1] DNS2: [VQ Server 2] restart: unless-stopped labels: # required when using —docker.exposedbydefault=false – “traefik.enable=true” # https://www.techjunktrunk.com/docker/2017/11/03/traefik-default-server-catch-all/ – “traefik.frontend.rule=HostRegexp:pihole.xxx,{catchall:.*}” – “traefik.frontend.priority=1” – “traefik.backend=pihole” – “traefik.port=80” – “traefik.port=443”

(Some private information, like the names of my private servers and the IP of my ISP’s DNS servers, have been anonymised.)

Conclusion

I could not have done this without the copious time at home created by the circuit breaker. For now, though, I hope I can run this and many experiments on this server and report it on this blog. Is there something I should try next? Let me know in the comments!

#blog #tech #docker #DigitalOcean #Updated #OpenSource

Author Portrait Love.Law.Robots. – A blog by Ang Hou Fu

Feature image

How do I get on this legal technology wave? Where do I even start? A “contract management system” or a “document management system” (“CMS”) is a good place. Business operations are not affected, but the legal department can get their hands dirty and show results for it.

If you would like a CMS, then the next question is how actually to do it? If you have the budget and the resources, getting a neat and fancy tech solution is excellent. If you're strapped for cash and need to be creative, a solution may be hiding in your computer.

For this little victory, I present to you the most powerful application in the Microsoft Office family — Microsoft Excel. It’s a spreadsheet program that does well with numbers and formulas, but since it started added fonts and cell shading (apparently it was the pioneer), some people have used for other purposes. This includes our CMS.

Microsoft Office PROTIP : Instead of using Word to lay out complicated information, try using Excel instead. A massive table with multiple rows and columns, or trying to fit too much data on one page. Put all the information in one worksheet and print it to fit the sheet on one page. Done! (You might want to question yourself why you are trying to present something so complicated though.)

Hey, wait a second! Isn’t Microsoft Excel a spreadsheet program? If we are compiling a table of information, shouldn’t we be using a database program? Like Microsoft Access? Wrong tool for the job, right?!

Excel can be used for your Contract Management System

I have got nothing against database programs. Heck, my first programming project when I was a teenager was to create a database application detailing the lives of my hamsters. Reports, Forms, queries — I am quite okay with all that. However, there are several reasons why I would still use Excel.

  • Everyone has Excel: If you already work in an environment with Microsoft Office, everyone has Excel. There is no need to install anything new. Compared to a fancy dandy web app (no guarantees about user interface either) or even Microsoft Access, more people are likely to accept using Excel compared to other applications.
  • Anyone can use Excel : Excel is a battle-hardened program that people of different skill levels have used. You will find that more people are able to access and use your CMS. This is important if you are not going to be the one inputting information into the system. You can actually tell your intern to get in there and just do it. Access (and probably other programs) do have a learning curve, and you will have to teach every new user.
  • Excel has underrated features which are very useful for a CMS : Excel is over 30 years old, but it has been improving all this time. There are two features I would highlight:
  1. Formatting as Table unlocks sorting, filtering by phrases and other dandy stuff. You can even filter and sort by colour. I use these features to filter say the contracts that are expiring in the current quarter. I also can filter information such as the place where the contract is formed or the contracting party.
  2. Pivot Tables also help to organise data in a way to gain new insights. For example, I can find out quickly which jurisdictions my counterparties are from.
  • Hyperlinks: Some organisations may store their soft copy contracts in file servers, and it becomes easy to provide access to such soft copies through hyperlinks quickly. For a listing of General Terms and Conditions which Business uses and Legal has reviewed, you can also embed an object in your Excel file together with Legal and business’s comments. This way, everyone knows which GTC we have reviewed.

You can adopt this Excel CMS Format

Here is a blank format of an Excel Contract Management System you can download. You can modify or adapt it in any way you deem fit.

CMS Format CMS Format.xlsx 15 KB download-circle

Here are a few highlights of the form:

  • The format is divided into a few sections — Meta, Counterparty, Contract Term and Subject.
  • In the Meta section, you can adapt to suit your organisation’s needs and quirks. For example, we need every contract approved by a form, and we link the form here. There is also a link to a soft copy Word-editable version of the contract if it is available.
  • In the Counterparty section, this is information relating to your contract parties (not yourself obviously). You can also have Yes-No (or unsure) columns to filter.
  • The Contract Term and Subject sections refer to important information what you would like to review quickly using the sorting and filtering functions.

Some Limitations in your Excel Contract Management System

The Excel CMS presents a rough and ready format you can use to get your contract management system tooled up quickly. The filter and sorting has immediate benefits even in contract review, since now I can have access to other similar or related contracts across the company to see what are the standards.

However, the system has many limitations:

  • The table is mighty wide and might not fit very well on one piece of paper. It makes data entry difficult, although I find that Excel’s data form does alleviate some of the problem.
  • Summarising data (for example, I want to know all the contracts with Company X, but I do not need to see who the Person in Charge was) is nearly impossible. You can hack it out by freezing or hiding cells, but this is not a long term solution.
  • Data input can be quite tedious. That’s a lot of columns which are prone to arbitrary data input or mistakes. Not to mention that it can be very time-consuming.

However, once you can demonstrate practical benefits and a workflow, stepping up to a real made for the purpose document or contract management system is easier to climb.

Would I still use Excel for Contract Management?Many people would like to use Excel to manage their contract data. After two years of operating such a system, would I still recommend it?Love.Law.Robots.HoufuHere's my follow up to this post – two years after using this system. (Free subscription required)

Conclusion

This little victory challenges the idea that you have to leap into a system someone made for that purpose to get tech on your side. Using tools that your organisation already has and paid for, this is a straightforward hack. For the win!

#tech #MicrosoftOffice #LegalTech #ContractManagementSystem #Updated

Author Portrait Love.Law.Robots. – A blog by Ang Hou Fu