The keys in this case are used for bluetooth comms locally between somebody's device and their bike.
These are ordinarily used by the VanMoof app to unlock the bike and control the bike's settings.
There are already some third-party apps (Moofer, Mooovy) to allow alternate access to those settings – including some hidden ones.
With a few tweaks those third-party apps should be able to support direct key upload, rather than having to log in and proxy authentication through to VanMoof's API.
This reminds me of something I find myself constantly explaining to colleagues again and again: You can scale a monolith in its entirety to handle elevated traffic in one of its "subsystems"; having code paths that aren't receiving traffic doesn't cost anything (at least in the architecture of the systems I look after).
I don't see the value in separating a monolith to allow independent scaling, unless there are wildly different performance demands across its components which makes reliably autoscaling difficult.
Yes, it does cause confusion and can cause people to create an architecture that is too fragmented, resulting in a higher than necessary overhead in support for all those tiny services. I suspect a lot of people who don't like microservices are suffering from this problem.
Some people's definitions of microservices are that they are separated business domain, with each development team focusing on their business processes. Therefore they can reflect reflect Conway's law. Those teams develop autonomous services which communicate with the services of other teams (e.g. the invoicing team build services to interact with the sales team).
In smaller companies a single team, or indeed each team in a larger company, can have multiple microservices, but there are some qualities that would be needed to truly fit the microservice definitions.
Looks like a great tool! A lot of the organisations I've worked for have their own home-built ways of doing exactly this: Internal Wikis, paper checklists, cloning JIRA issues, Confluence templates, ...
If I were in a position to bring this into my organisation I'd be concerned about its longevity, seeing as its a completely free product.
> Internal Wikis, paper checklists, cloning JIRA issues, Confluence templates
I hope in the future we can replace all of these things with Active Checklist :)
> How're the costs of this project being covered?
Right now we just want to see whether other people also receive value from using the product. Once we see that the product is producing enough value, we will add a monthly subscription for pro users.
As we're using the product ourselves, we do not plan to shut down it down anytime soon.
What a fantastic idea! I know many folks, especially in small business, who would get a massive productivity boost from something like this.
I'd recommend explaining how the service integrates with people's emails, before asking them to hand over any details. That's the only thing that would stop me from giving it a go.
Modern password management services are incredibly secure, with client-side encryption of your secrets, among other protective mechanisms (to guard against keyloggers, stolen computers, ...)
There is still a risk, because you're trusting third-party software (which in some cases is closed-source – including 1Password), but for most people that is a much lower risk profile than if they were managing passwords themselves.
I've found DropBox's zxcvbn system to be ideal. Instead of requiring passwords to fit a set of arcane rules, it requires passwords to meet a threshold of entropy.
These are ordinarily used by the VanMoof app to unlock the bike and control the bike's settings.
There are already some third-party apps (Moofer, Mooovy) to allow alternate access to those settings – including some hidden ones.
With a few tweaks those third-party apps should be able to support direct key upload, rather than having to log in and proxy authentication through to VanMoof's API.