diff options
Diffstat (limited to 'content/2023')
| -rw-r--r-- | content/2023/charybdis.md | 91 | ||||
| -rw-r--r-- | content/2023/human-web.md | 73 | ||||
| -rw-r--r-- | content/2023/mastodon-activity-pub.md | 111 | ||||
| -rw-r--r-- | content/2023/passkeys.md | 103 | ||||
| -rw-r--r-- | content/2023/reddit-and-the-centralized-web.md | 60 | ||||
| -rw-r--r-- | content/2023/rocking-portale-music-like-its-2005.md | 74 | ||||
| -rw-r--r-- | content/2023/youve-got-mail.md | 49 |
7 files changed, 0 insertions, 561 deletions
diff --git a/content/2023/charybdis.md b/content/2023/charybdis.md deleted file mode 100644 index 6f16b458..00000000 --- a/content/2023/charybdis.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: "Charybdis" -category: "hardware" -abstract: My new keyboard -date: 2023-08-23T19:49:34+02:00 -year: 2023 -draft: false -tags: -- keyboard -- QMK -- charybdis ---- -I am not a keyboard fanatic or even an enjoyer. I'm a simple user with a particular set of requirements. Unfortunately, those requirements put me in the group of most demanding and worse-served customers. Most of the mechanical keyboard community focuses on color, sound, and materials. I don't care much about those. For most of my life, I used membrane keyboards and liked it. This changed a year ago when I got myself my first mechanical keyboard. However, after a year of using Keychron K12, I felt ready to upgrade my keeb game. - -### Keychron - -Keychron K12 is a completely OK keyboard. It has a decent layout and build quality (despite the height), but the firmware is terrible: it's closed source and allows for zero customization. I never wanted to have dedicated cursor buttons, as I use them very rarely. But when I do, I certainly don't want them in a random spot! It's either NPFB or HJKL. The only way to achieve that was via a 3rd party program installed on the computer, as the firmware doesn't support custom key configurations. This worked, but it's not sustainable. - -I use a company-provided Macbook, which I am forced to use during company time. Installing such a low-level keylogger and remapper (let's not fool ourselves, as this is what all those tools are) is not something I should need to do. There was also a problem of keeping all customizations in sync between machines, so yeah. Not a fan. - -But the biggest problem was the form factor. Keychron was my first mechanical keyboard, but before that, I used an ergonomic, split Logitech K860. It was a great keyboard, but far too large for my needs. It took over most of my desk, and a third of that was keys I didn't even need. However, for the entire year since abandoning the split layout, I dreaded the squareness of Keychron. I thought that having the same form on a laptop and desktop would be beneficial. I was wrong. - -Also, I got to the understanding that switches are the least important part of a mechanical keyboard. I tried red, blue and brown. I see little difference between red and browns, and blues are annoyingly loud[^click]. But that's a small difference, and the biggest gain of a mechanical keyboard is the key travel. I want my keys to travel, and even the cheapest mechanical one offers that. That removes one problem. - -[^click]: yes, the click is satisfying. But when actually typing, I don't notice it enough to pretend that the sound is acceptable in any place. - -### Charybdis - -Back when I got the Keychron, I was also thinking of getting a [Charybdis](https://bastardkb.com/product/charybdis-prebuilt-preorder-2/). Initially, the price won me over but with the experience of that year, I finally threw cash at [Bastard Keyboard](https://bastardkb.com/) and got myself an [open source](https://github.com/Bastardkb/Charybdis), ergonomic, split, column-staggered beast with an integrated trackball. It looks dangerous, so of course the box had to be double-checked. - -{{<img-center "charybdis-repacked.jpg" "It's a bomb!">}} - -My first impressions were clear: how the hell do I type now? I still don't know, but first I needed to remove the tents. They are a way to force the keyboard at a comfortable angle. They were gone after 5 minutes because: - -1) They don't fit on my shelve-desk. They are simply too tall, -2) They add a gigantic learning curve. It seems comfy on paper, but when you are learning a completely new keyboard form, it just adds a HUGE level of complication. - -{{<img-center "charybdis-tent.JPG" "Aformentioned tent in all of it's glory">}} - -I will reattach those at some point in the future, but for now, orienting my hands horizontally was the only thing maintaining my sanity. With this, I was ready to relearn how to type. - -{{<img-center "charybdis-top.jpg" "The keyboard in all of it's glory">}} - -### Keys - -A lot of fingers do a different job on a staggered layout. Luckily, somehow I use the correct hand for all keys[^hand], but even with that, I constantly need to think about what I am doing. I've never been a touch-typist[^touch], but I type fluently on a normal keyboard with four fingers on each hand. My pinky was never able to reach anything. On Charybdis they finally got a job - I can press keys other than enter, ctrl, and tab with them - so stagger works. Having the keys not shifted horizontally, but rather vertically (just like my fingers), is great when I get in the flow of typing. It's not that I'm hoping to be faster than on a normal keyboard, but the movement on Charybdis is just so natural and effortless that I completely buy the notion that stagger is the way to go. - -My biggest gripe here is the distance between keys. My hands are of a normal size[^linus], but I need to move my fingers much further than I am used to. I think someone with huge hands would have a better time here. I, on the other hand, need to readjust my entire arm all the time. I think that having all 5 working fingers is worth it. The pros overweight this nitpick. - -[^hand]: Just think of reaching for a key that is on the opposite part of the keyboard. You stretch the finger and there is nothing. Just this void and growing frustration. -[^touch]: More like a touch-typo-ist -[^linus]: Or at least I hope so - -I also fell in love with the thumb clusters. Normally, thumbs only operate the spacebar. It was said that those are the strongest fingers and I have to wholeheartedly agree. I reach all keys on the clusters without any problems and, even though it's still not a second nature, I find it to be a great way to operate. - -### QMK - -QMK is the stuff that dreams are made from - an open-source firmware allowing you to do virtually anything with the keyboard. Mr. Bastard sent the package without any manual of what does what, but all I needed to do was to go to [Via](https://useviaapp) where, from a web browser, I was able to read and modify keys, layers, RGB[^rgb]. As scary as it is to allow a browser to modify hardware's firmware, it's also magically simple. I still haven't gotten into QMK and at some point, I'll outgrow Via. But for the time being, I hope no one will hack it and install a real keylogger as it's the tool that allowed me to start learning this keyboard. - -So, after a few minutes, I've already made a few adjustments due to... well, Emacs. And after that I constantly changed something, checked if it would break my hand, and changed something again. Like a mini-game! - -[^rgb]: I set mine to warm yellow, so don't judge me. No unicorn vomit in sight, despite the photos. I'm not 12 anymore. - -### Trackball - -I like the keyboard. Like, but not love as I am still learning the ropes. But trackball became the love of my life[^son]. - -The way it works is that trackball always moves the mouse pointer. Pressing and holding "Z" on the keyboard enables the mouse layer where left/right/middle clicks are present on the thumb clusters. Normally the pointer moves fast, but upon enabling the mouse layer, the movement goes into so-called "snipe mode" allowing for a much more precise movement[^cursor-speed]. I was afraid that I would touch the trackball by accident and move the pointer like many touchpads have a tendency to. But in real-life use, this is a non-issue as it's not the movement that is the problem but random clicking - and since the buttons are hidden on a dedicated layer, so no random clicks happen. - -I have now tried and used a mouse, trackpoint, trackball, and touchpad, so I can pretend to be an expert on pointing thingies. Until recently I would die defending the mouse's honor, but with trackball, I have instantly become as fast and accurate as with the mouse with the added benefit of having the ball ready without moving the hand. Best of both worlds! As of writing this text, my mouse left my desk a week ago and I have yet to miss it. - -The only downside is the finish on the ball housing. The entire keyboard is 3d printed with no sharp corners - with the only exception in the sharp and jagged corner on the 90 degrees of the housing of the ball[^photo]. Guess the stress of the material here was too great for the finish to remain perfect. Luckily, unless I explicitly try, there is no moment I am touching this place. When typing my hand hovers over the entire ball and when doing mousy thingies, my fingers lay on the ball. - -[^photo]: I tried to get this on a photo, but no luck there. My X100S's macro is not macroing enough. - -## Conclusion - -Yes, it is as expensive as a computer. -Yes, it has a huge learning curve. -Yes, I have cursed more than I will admit it. -Yes, it is not perfect. - -But yes, everyone will ask what the hell is it. - -I love it. - -And I finally have a place for a notepad. A lot of ergo-folks put their dedicated trackball in between the two halves of the keyboard, but I have mine attached so the spot is free for any use. For me, it was a humble notepad. - -[^son]: Sorry son, you are now number two from now on. -[^cursor-speed]: Of course both speeds are easily adjustable on the fly using the keyboard alone. - diff --git a/content/2023/human-web.md b/content/2023/human-web.md deleted file mode 100644 index f41896ad..00000000 --- a/content/2023/human-web.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: "Human Web" -category: "internet" -abstract: Can we save the Web? -date: 2023-05-15T17:12:09+02:00 -year: 2023 -draft: false -tags: -- Internet -- Blogs -- Youtube -- Reddit -- AI -- LLM ---- -### Introduction - -I joined the Web close to 30 years ago. It was a vastly different place than it is now. It was full of small websites - some were personal, and some were around the subject. The first portals emerged, but none tried to be an answer to all, as it was not possible. Gaming communities gathered around Red Alert or Tomb Raider sites. We discussed on Bulletin Boards, IRC, Email, and early Instant Messengers[^newsgroups]. - -[^newsgroups]: If we traveled even further in time, we would use BBSes and Usenet. But, sadly, it was before my time. - -Even back then, the discovery was difficult. So multiple web catalogs and webrings emerged. The net was wide enough to get lost for days but still small enough for people to see the possibility of making sense of it. - -The Internet was a cyberspace of people gathering around their interests. - -Soon after, Web 2.0 exploded, and everyone could put whatever they wanted for everyone to see. The niche of niches blogs were the thing. You could find a webpage about anything you imagined. - -This is where I started publishing. First, a site about Dragon Ball - then expanding to general anime. I met people online who shared my interest[^otaku], and we talked and collaborated. It was amateurish - poorly coded HTML with much too big images presenting texts without any real grammar[^gram]. -[^gram]: Not much has changed, as we see here. -[^otaku]: Let's say it was challenging to find like-minded people in 90s Poland when even having a computer was rare. - -It was beautiful. You knew that behind any word, any fanart was someone's passion. - -Fast forward a few years, and the scenery changed. People no longer create their sites. Mass adoption added a necessity to allow literally anyone to have a dedicated space. Again, at first, it was amateurish, but soon after, business people discovered that it might be an excellent way to make money.[^dot-com] -[^dot-com]: Remember dot.com bubble? - -But, at the same time, something different started happening. More and more machines began using the Internet. Quickly, API because of the de-facto standard of communication. Machines talked with devices. We shared the same Web. Humans created, while other humans and machines consumed. - -### Fast forward - -And this progressed at a rapid pace. More and more sites are auto-generated. This news article with a much too wordy introduction? It was no longer an intern at a publishing company but a primitive text generator. This comparator of prices? Also not a human-led directory but a machine-generated database. - -What made the Web such a beautiful place were the people. Some were annoying and bullish, and some were childish. But everyone tried to express themselves. I had phases where I took each internet persona - sometimes happy and friendly, sometimes simply a troll. I'm sure everyone who was an active participant of the Web for a longer period can recollect things they wrote that make them proud but also of which they are ashamed of. - -And now we are in 2023. LLMs are capable of autogenerating texts on any subject within seconds. The texts may be based on factually inaccurate data and be completely void of any human thought, but they look to become the Internet of tomorrow. - -The Web was the greatest achievement of humanity. - -The same Web is being replaced by soulless corporations. - -I don't want to have anything to do with this Web. - -Gmail will soon allow you to auto-generate email, not for someone to read it, but for the same algorithm to create a summary. So why the hell are we still bothering with email, then? - -All major text editing services are racing towards the most human-sounding generation of said texts. So why the hell are we still bothering with writing them? You won't generate anything new or exciting. - -AI-powered graphic editors allow anyone to fake reality easily. Some will use them for social media, but those are not your memories. Why the hell would anyone want to remember something that didn't happen? The sky wasn't blue on that day. - -### Human Web - -I see a need for a "Human Web". The mainstream Internet is filled with all that junk, and it will get even worse. But the soul of the Internet still exists. People still create to convey themselves. Search engines of the past will not help us, as they are a playground for SEO. - -We still have (for better and worse) social media, but it's also plagued with VC-backed companies. - -We have blogs, but most of them try to sell you something or recruit you. They don't express anything, as representing a real thought may negatively impact stock price. - -There is Youtube, but its creators are constantly fighting with The Recommendation Algorithm, which, on a whim, may make or break any channel. - -What we need is a new way to promote human creation. The biggest problem I see is discovery. We have IndieWeb[^indie-web], but it's not widely known as it requires at least fundamental technical knowledge. And even if you follow all the guidelines and ideas, your website may not be known to anyone. People's internet usage is focused around a few big platforms. Google became useless for searching for information, and it will now become actively hostile by providing yet-another LLM for generative responses. -[^indie-web]: [IndieWeb](https://indieweb.org/) - -We need to act quickly. Corporations are already cranked up to 11, some people are on board, some even happily claping. We will lose the Web soon if we don't find a good way to combat them. - diff --git a/content/2023/mastodon-activity-pub.md b/content/2023/mastodon-activity-pub.md deleted file mode 100644 index 16d96fe9..00000000 --- a/content/2023/mastodon-activity-pub.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: "Mastodon and ActivityPub" -category: -abstract: Digging into Mastodon and Activity Pub -date: 2023-06-09T21:16:39+02:00 -year: -draft: false -tags: -- Mastodon -- ActivityPub -- W3C -- Social-Media ---- -After lengthy deliberations, I joined Mastodon. This website still has an auto-posting account on Twitter[^twitter], but I don't read anything there. Mastodon, on the other hand, is an open-source set of communities without Elon. May be interesting -[^twitter]: [Michal Sapka's blog on Twitter](https://twitter.com/d_s_blog) - -I was not sure which instance I wanted to join, but in the end, the list was limited to: -https://bsd.network/ -https://emacs.ch - -The question was, am I more of an Emacs type of person or more of a BSD one? Well, I spend hours in Emacs daily, and I tinkered with it much more, so without further delay, you can find me under - -https://emacs.ch/@ms - -However, I am still against social media, as it warps the mind and steals time. I don't want Mastodon to take too much of my time and mind, so I have decided: -- I will not use Mastodon on mobile -- On the desktop, I will use it via an Emacs package[^emacs] -- I will regularly evaluate if I get anything valuable from this service. -[^emacs]: [mastodon.el code repository](https://codeberg.org/martianh/mastodon.el) - -For now, you can find me there, and I will respond to messages. We will see what the future brings. - -This is also an excellent opportunity to learn about the underlying technology. - -### What is a Mastodon? - -Mastodon is a decentralized social media platform. Instead of a central server (think twitter.com), anyone can spin up their Mastodon instance. You can easily create one for bread bakers, Emacs users, or your neighborhood. - -What is cool and what makes Mastodon interesting is the fact that a user exists on a given instance (like me on emacs.ch), but he can follow and communicate with any other user having an account on any other server (like Ruben on bsd.network[^ruben]) -[^ruben]: https://bsd.network/@rubenerd - -This intercommunication is called **federation**. In fact, Mastodon can communicate not only with other instances of Mastodon but any other service implementing ActivityPub standard[^activity-pub]. Such services are sometimes referred to as *fediverse*[^fediverse]/ -[^activity-pub]: [W3C ActivityPub Standard text](https://www.w3.org/TR/activitypub/) - -[^fediverse]: There's even a [website](https://fediverse.party/) listing services on the Fediverse. - -Yeah, open standards! - -Though it's worth mentioning that in its current form, Fediverse is dominated by Mastodon. - -### Activity Pub - -ActivityPub is a protocol for decentralized social networks based on ActivityStreams vocabulary and syntax[^activity-streams] supported by W3C organization. -[^activity-streams]: [W3C Activity Streams 2.0 standard text](https://www.w3.org/TR/activitystreams-core/). - -The standard defines two layers: -1. A server-to-server protocol. This is what makes the federation work, as it allows instances to exchange data. -2. A client-to-server protocol. This, on the other hand, allows a client application, be it web, mobile, or Emacs, to communicate with the server so a user can actually use the service. - -An implementation may support one or both of those layers so that we may create a complete set of a server with a UI, but it's also completely valid to have an entirely automated instance without any human interaction. - -I won't dissect the entire standard; I only want to grasp the general mechanics. - -#### Actors - -In ActivityPub, a "user" is represented as an Actor on a given server. The same person may have identical accounts on multiple servers, but each of those accounts is a separate Actor[^impersonation] -[^impersonation]: I have yet to learn about any mechanism preventing abuse here. Anyone can create an account with the same username on a server I don't use and pose as me. Some Web of Trust here would be very beneficial. - -Servers in ActivityPub communicate via simple REST requests. - -Each Actor has unique endpoints representing: -- an inbox -- an outbox - -#### Delivery - -When a User wants to send a message to the world: - -{{<svg-full-width "activitypub-w.svg" "Public message sendout">}} - -1. User A's client sends a POST message to their own outbox. The message has left the client and is ready to be delivered to a different server. -2. Any server can call the outbox with a GET request. This is how public messages are delivered between servers. -3. Users on that server can then read the message in their own inbox. - -When User A wants to send a message to User B: - -{{<svg-full-width "activitypub-pm.svg" "Private message exchange">}} - -1. User A's client sends a POST message to their own outbox. The message has left the client and is ready to be delivered to a different server. -2. User A's server sends a POST message to the inbox of User B. The message is delivered to the Actor. -3. User B can then call GET on their inbox to read it. The message is delivered to a Client. - -Those requests are authenticated as a given Actor so that we can read only messages addressed to this user. The messages are addressed via "collections" - an Outbox is a collection, an Inbox is a collection, or a follower list is a collection. - -The server knows who a given Actor is following, so only messages accessible by any user on this server will be fetched. - -There is also a special "Public" collection, void of permissions. Any user on any server can fetch any message sent to "fPublic" without any authentication. This is how federated messages in Mastodon are propagated - someone follows a user on a different instance, so the person's server knows about the outbox collection and can fetch messages. Since it's aimed at the public, it will be available to each user on this server. - -We now know how private and public messages are propagated. - -### Activities - -Outbox and inbox don't contain the messages, but rather *Activities*. An activity is a request to Create a message, Edit it, Delete it, and so on. This mechanism allows users to edit their messages; in time, all servers should display the latest version. - -### Impressions - -ActivityPub is interesting as it allows for a decentralized social network closer to how Email works than something like Twitter. However, with this comes two downsides: -- Chattiness between servers. So many requests! -- Disregard for space. Servers contain copies of messages. With thousands of users, this may become a problem. - -There's much more to unpack here, but this is something for people developing software using ActivityPub. I am not yet one of those brave folks. diff --git a/content/2023/passkeys.md b/content/2023/passkeys.md deleted file mode 100644 index 3820166a..00000000 --- a/content/2023/passkeys.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: "Understanding Passkeys" -category: "engineering" -abstract: I tried to understand Passkeys before they replace passwords -date: 2023-05-17T12:04:23+02:00 -year: -draft: false -tags: -- Passkeys -- Security -- Passwords -- BitWarden -- Password-store -- WebAuthn ---- -With all the buzz about Passkeys recently, I found myself pushed toward something I know nothing about. Is it some magical thingy that will secure my accounts on the Web? Unfortunately, marketing buzz and lack of factual information made it even harder to know anything. - -I hope this guide will help someone to make heads and tails from all this madness. - -### FIDO - -First, let's introduce the main hero: Fast Identity Online (FIDO)[^fido-webpage] introduces itself via: -[^fido-webpage]: [FIDO website](https://fidoalliance.org/) - -> The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world's over-reliance on passwords. The FIDO Alliance promotes the development of, use of, and compliance with standards for authentication and device attestation. - -Amongst the members of the alliance, we can find each of the FANG companies, many banks, password-manger companies, and a few different government organizations. The list consists of different bodies that should be interested in internet security. - -However, I failed to find any NGOs on the list. - -### WebAuthn - -Web Authentication (aka WebAuthn)[^webauthn-rfc] is a standard for passwordless authentication using asymmetric cryptography. The standard proposes replacing standard password-based authentication with exchanging public cryptographic keys. The user maintains ownership of the private key he generates on the Client Device (phone, hardware keys, etc.). The service provider (known here as Relying Party) receives a public key during registration. When the user wants to authenticate, the server sends a challenge to the Client Device. - -[^webauthn-rfc]: [Web Authentication: An API for accessing Public Key Credentials Level 2 RFC](https://www.w3.org/TR/webauthn-2) - -It's the same mechanism we've used for years with SSH keys. The server doesn't need to bother with keeping and securing secrets (like passwords), as the public key is both the public part (think of username) and the secret part. - -### Passkey -The term Passkey was first introduced by Apple just a few years ago[^apple-introduction]. The idea was to reuse WebAuthn and replace the Client Device with an Apple Device. The secret key is stored in iCloud and available on all other devices signed in the same Apple ID. But it was a relatively silent feature until recently when Google added it natively to Chrome and Android[^google-doc]. -[^apple-introduction]: [WWDC 2021 talk](https://developer.apple.com/videos/play/wwdc2021/10106/) -[^google-doc]: [Google developer introduction](https://developers.google.com/identity/passkeys?hl=pl) - -So, Passkeys are an implementation of WebAuthn. - -### End-user experience - -Finding user-experience videos was the easiest part here. Everyone seems so proud of how seamlessly it works in their ecosystem: -- [Apple](https://support.apple.com/guide/iphone/sign-in-with-passkeys-iphf538ea8d0/ios) -- [Google](https://support.google.com/accounts/answer/13548313?hl=en) - -You can also see a live demo [on the Web](https://www.passkeys.io/). - -### Technical exploration - -Let's go to the details since we've got the basics out of the way. In this chapter, I'll use the term WebAuthn instead of Passkey since it's the technology underneath. One thing to keep in mind: I'll use "client device" and "authenticator" interchangeably. The RFC allows for dedicated devices (connected via USB or Bluetooth) and for software to be used as authenticators. - -The following descriptions will also be very high level. I don't aim them at developers of WebAuthn solutions, as they should go straight to the RFC. - -#### Registration - -Registration under WebAuthn consists of generating a unique key pair and sending the public one to the server. - -{{<svg-full-width "webauthn-register.svg" "WebAuthn registration high level overwiew">}} - -Some additional notes here: -- The Client Device should sign the sent public key with its own Attestation Certificate[^att-cert]. The certificate is used to attest to the manufacturer and its capabilities. The device can also self-attest using the private key. -- The RFC allows for generating keys using the most popular algorithms. -- The unique key pair is not shared between services. The device can generate many certificates for each service, so you can still have multiple accounts for shitposting on Twitter. -[^att-cert]: An X.509 Certificate. - -As we see, the private key stays with the user, and it's his job to backup and sync it. The service with which the user creates an account knows only about the public key - and that one can be shared unencrypted anywhere. To the best of my knowledge[^not-sec], it's still impossible to generate the private key with the public one alone. -[^not-sec]: but I am not a security expert. It may also be that such methods exist but are not known to the public. Governments hate encryption in citizens hands. - -The RFC defines the entire registration ceremony but doesn't limit how it should be presented to the user. One important thing to remember is that the exchange happens with the browser/OS as a middleman. The UI is not to the webmaster's[^webmaster] liking - the site just requests the exchange from the browser and then receives the public key. Think of getting access to the user's location - it's an API, but the consent happens in the browser. - -[^webmaster]: Or application designer. I'll use only Web as an example in the future to simplify it, but the same applies to any other application using WebAuthn. - -#### Authentication - -{{<svg-full-width "webauthn-auth.svg" "WebAuthn authentication high level overwiew">}} - -First, the server generates a challenge - most likely a big random number. The client device then signs it with the private key. Then the server validates the signature - as it is possible only with the public key. - -### The cost of Passkeys - -WebAuthn is a questionable standard. It removes almost all risks from the service provider and puts all responsibility on the user. Since the keys are just strings, nothing stops us from keeping them anywhere. We already do this - maintaining our SSH or GPG keys is something we do every day. However, this does not apply to the mass public. I can't imagine a grandma being tasked with ensuring she will never lose this file. This is where companies came in. - -As mentioned above, Apple and Google are trying to become the guardians of private keys. At first, though, it sounds great - if it's in Google Account or Apple iCloud, it will be stored and synced automatically. But after some thinking, it's not a good idea for the majority of people. - -First of all, it's not safe. Reddit is flooded with worried users after iCloud lost their files or photos. Google is known to block accounts out of the blue. Losing access to an image of a dog may be sad, but it's not the end of the world. But what will happen when your internet identity becomes locked instantly? You break your phone and suddenly discover all those keys are gone. You just need to forget your iCloud password, and if the backup email is secured with a passkey, you are out of luck[^apple-recovery]. No food delivery, no bank - not even Twitter to cry about it. -[^apple-recovery]: [Apple assumes](https://support.apple.com/en-us/HT201487) that you need an Apple device for a quick and painless Apple password reset. Good luck if you don't have one next to you. - -And what if you want to use different ecosystems at the same time? iPhone with Safari and Chrome on the desktop? That's what the majority of people are doing. Technically nothing is stopping all providers from creating some data exchange protocol. However, the data should be end-to-end encrypted, so any automatic job between the servers is out of the question. Moreover, the thought of your confidential data flowing randomly on the internet should worry you. - -And what if you want to use an alternative Operating System? You would be at the mercy of your browser. But let's say you are a total neckbeard and don't use any of those major browsers - then you have no chance to log in to a passkey-authenticated service. - -Those risks may be removed in the future as all significant password managers are either working on or already supporting passkeys. - -### Personally... - -I am waiting for an open solution that will give me the authority to manage and sync passkeys. BitWarden may be one, but I'd much prefer password store to support it.[^gnu-pass] -[^gnu-pass]: I am slowly migrating from BitWarden to [Password store](https://www.passwordstore.org/) diff --git a/content/2023/reddit-and-the-centralized-web.md b/content/2023/reddit-and-the-centralized-web.md deleted file mode 100644 index 946ca7d6..00000000 --- a/content/2023/reddit-and-the-centralized-web.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Reddit and the centralized Web -category: "internet" -abstract: Reddit is a problem by itself -date: 2023-06-14T11:54:34+02:00 -year: 2023 -draft: false -tags: -- web -- Reddit -- Discord -- Twitter -- Wikipedia ---- - - -As you may have noticed, a significant part of Reddit has been blocked[^blocked] since yesterday and will be blocked in the near future [^cont]. This should have been an insignificant event. Sites going down is a daily thing, but what we see is a real threat to the entire Web. -[^blocked]: [Reddit Blackout 2023 - Save 3rd Party Apps](https://old.reddit.com/r/ModCoord/comments/1476fkn/reddit_blackout_2023_save_3rd_party_apps/). -[^cont]: [Indefinite Blackout: Next Steps, Polling Your Community, and Where We Go From Here ](https://old.reddit.com/r/ModCoord/comments/148ks6u/indefinite_blackout_next_steps_polling_your/). - -## Closed ecosystem problem - -This much ado about nothing is a direct result of changing the pricing of API for 3rd party clients, most notably for Apollo[^apollo]. This will force users (sometimes called "Redditors") to use either the Web interface or the official mobile clients. We saw the same situation with Twitter just a few months ago[^tweetbot]. -[^apollo]: [Apollo will close down on June 30th](https://www.reddit.com/r/apolloapp/comments/144f6xm/apollo_will_close_down_on_june_30th_reddits/). -[^tweetbot]: [In Memory Of Tweetbot](https://tapbots.com/tweetbot/). - -This is not something anyone should be surprised by. We've known for quite some time that free services are not free, as you pay with information about yourself, which is then used to show targeted ads. 3rd party apps make it much more challenging to create a complete picture of a visitor, as a lot of data points become inaccessible to the service provider. - -We have no alternative clients for Facebook, Snapchat, Instagram, or TikTok. And we are ok with that, as we see them as closed services. Reddit was different because it was always open to the world. You could view it without authenticating if you ignore constant popups. It was also searchable from outside of Reddit. - -However, I've seen quite a significant number of people proposing to move to Discord. - -Discord is a closed ecosystem of private communities dressed as real-time chat. Proposing Discord as a response to the closing of Reddit's ecosystem makes little sense, as Discord is what Reedit will become. But what if communities make this move? - -## Centralized web problem - -The unexpected victim of the blackouts is search engines. Never before have I noticed how often the best result is a Reddit post. Yes, we joked that you should add "reddit" to any query to find something useful on the Web of 2023, but now this has become apparent. - -Search for emacs problems, Reddit is the best source. - -Search for FreeBSD problems, Reddit is the best source. - -Search for knitting problems, Reddit is the best source. - -Somehow, silently Reddit has eaten the Web. What will happen when Reddit shuts down? It will, eventually. It's a company, and those are not everlasting. And with that, we will lose a significant part of the knowledge on the Internet. - -What will happen when Wikipedia shuts down? - -What will happen when Youtube shuts down? - -When a blog or a forum shuts down, we lose its content, but not much is actually lost. For sure, someone has written the same or asked the same question. It may have been the best article about a given subject, but it's not the only one. With the ubiquitous nature of Reddit or Wikipedia, people don't duplicate the knowledge. Instead, just point to Reddit. Do we have an alternative to the bigger subreddits? How often a response is just a link to a Reddit thread? - -And what if the answer lives in a closed Discord server? Discordization of the Web is what we see now. All this knowledge is not publicly available. - -What we see now is just a taste of the Web corporations want. And this will lead to the next burning of the Library of Alexandria. - -PhpBB[^phpbb] is still the easiest way to create a smaller to create a small community. Do you need really millions of members[^stats]? -[^phpbb]: [phpBB](https://www.phpbb.com/). -[^stats]: Currently[^cont]: /r/aww has 34.1m members, r/music has 32.3m users, /r/videos has 26.6m and /r/futurology has 18.7m. - diff --git a/content/2023/rocking-portale-music-like-its-2005.md b/content/2023/rocking-portale-music-like-its-2005.md deleted file mode 100644 index 8722475d..00000000 --- a/content/2023/rocking-portale-music-like-its-2005.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: "Rocking Portale Music Like Its 2005" -category: -abstract: I have upgraded my setup to cheap mp3 player and wired headphones -date: 2023-03-27T22:09:47+02:00 -year: 2023 -draft: false -tags: -- portable-music -- Koss -- Sansa -- Rockboxed -- Bluetooth -- Wires ---- -Recently, I have significantly upgraded my portable music experience. - -### Headphones - -Despite multiple attempts, I am unable to use any IEMs I've tried. They simply fall out my ears. I tried low-end IEMs, and I've tried mid-range IEMs. I've tried all the ear tips I could find. I tried to learn how to insert them properly (rotate the ear counter-clockwise, breath-in, insert the monitor clockwise while chanting and sacrificing a cow). But still - every few minutes, I need to readjust them, or they are out of my ears. Over-ear for me! My new mobile headphones are Koss KPH30iH. - -{{<img-center "koss-1.JPG" "front view of the Koss">}} - -{{<img-center "koss-2.JPG" "top view of the Koss">}} - -I grew to hate Bluetooth. Even if we ignore the audio quality (and I do as I fail all audio-quality tests I take), removing wires comes with a few huge covenants. - -I've used AirPods ever since they came out. From one point of view, their connection quality is excellent. If they connect, mostly everything tends to be ok. But they are [Apple](/tags/apple/)-only, even if you can connect them to a different device. Once you want an audio source from another company, the magical auto-switching is lost. The way they are designed, all modern BT improvements are ignored in favor of apple-centric shenanigans. But let's assume the best-case scenario. How do you switch devices? Not via a handy button but from the phone UI. How do you change the source device on a wired gear? You just switch the plug to another player. And voila - we had an excellent standard just a few years ago. And it worked much more straightforwardly than modern, wireless ones. When was the last time you wondered why the hell your wireless headphones don't connect? Are you even able to debug that? In wired headphones, they either work, or there is a hardware fault. - -And since those are just wires, you can easily get them repaired. Yes, repaired. Headphones tend to last for years if they are taken care of. You may break any random part, but in most cases, it's easy to get it fixed. So how do you repair an Airpod? Easy, you buy a new one! And they will break, as batteries don't last forever. This is the common problem of all modern gear - producers make them as hard to repair as possible. If you go to a random junkyard and find a working set of headphones from 20-30 years ago. - -And even if they break, portable wired gear tends to be much easier on the wallet. My KPH30iK cost 30 USD, about the price of cheap, no-brand wireless IEMs. Try to get similarly priced over-ear headphones with BT. Mine don't have active noise cancellation (or any noise cancellation, to be precise), but that's a plus for me. ANC gives me nausea, unfortunately. If this feature was more important, I'd choose something that still supports wired communication. - -But ANC comes with the most socially annoying feature I've witnessed - the so-called "transparency" mode. I am old enough to take off my gloves when shaking hands and take off my sunglasses when I talk with someone. I consider it nothing more than a common courtesy. So why wouldn't I take my headphone off? And yet it seems that producers race who can make it more obnoxious - you press, cover, and push. You do Everything but what you should, which is to take the goddamn things off/out of your ears. - -Enough about old-man-yelling-at-air; how do they sound? Really great! Not audiophile-level quality, but still great. They are roomy and have decent bass that's not overpowering everything, like [Bose](https://untruesounds.com/no-highs-no-lows-must-be-bose/) tend to. And they are comfy. Not having to adjust them is one thing, but I often choose them for listening to music at home. They are much more laid back than [Sennheiser 6XX](https://drop.com/buy/massdrop-sennheiser-hd6xx), and they don't sound much smaller. - -### DAP - -I want to use something other than my phone as a portable music player. My iPhone 13 Mini has attritus battery life, and the lack of physical play control buttons makes it a chore to control. Also, the lack of a jack is a nuisance. DAC on iPhones was always ok at best, but using an external one just to play music is too much for me. I know. I've tried. - -So I bought a dedicated device. My requirements were simple: - -- Physical buttons to control. The lack of touch screen is a plus -- Ability to play OPUS, as mp3s are a thing of the past. -- Not powered by Android. I want something simple. -- Jack. This is non-negotiable -- Support for MicroSD -- Not sounding terrible -- Small form factor -- A small price -- A sane connector (USB-C?) - -As it turned out, that's one hell of a list. Older players have the correct form factor but lack modern codec support. Modern ones usually use Android, and I won't have that. The goal is to have a dedicated device and not pay for a general-use computer. And if I went premium, what would be the limit? I am not in a place of [having more money than brains](https://www.astellnkern.com/product/product_detail.jsp?productNo=138), but maybe someday. - -{{<img-pull-right "rockbox.png">}} -Luckily, the Open Source community has me covered! [Rockbox](https://www.rockbox.org/) is an alternative operating system for a wide range of older devices. So I could buy a gray-beard device with the hardware I want and flash it with Rockbox to have all the software features I crave. - -And so I got myself a Sansa Clip+. - -{{<img-center "sansa.JPG" "Look at how small it is compared to Airpods Pro 1G case">}} - -It checks all the boxes now: -- It's small. I have it clipped to my jacket for easy access. As the name implies, it has a clip, so attaching it is not a problem. -- It rocks a great SD port. Take that, Tim Apple! I have become a firm believer that every portable device should support it, and any excuse for not having one is customer-hostile. I can [rsync(1)](https://rubenerd.com/rsync-on-freebsd-with-a-modern-walkman/) all the data I want and have my entire music collection on me at all times. Just freeing myself from paid streaming services is a gain in itself. -- It has physical buttons for control. The device is soo small that they are not the best, and the layout sucks - someone was riding the iPod mania of the day. But they work without a flow, and I can pause playback without looking at the device. -- It's a single-use case device. RockBox allows for running Doom, but still, this device is to run music. Everything else becomes a chore. -- It has a jack. The audio output is far from audiophile level, and I couldn't power my [6XX](https://drop.com/buy/massdrop-sennheiser-hd6xx), but this was never the point. The audio quality is good enough. -- It was cheap. Mine cost just shy of 40 USD. The battery is terrible, and I need to replace it - I am the type of person wholdero could burn a house just by looking at soldering iron, so it will come with a cost. But except that the device is pristine. Guess plastic housing has its merits. -- It supports whatever file I throw at it. Thanks to Rockbox, I can use my mp3s, Opuses, or Flacs without a problem. -- It also hosts the worst kind of USB. I don't even know which version it is, but one that's long forgotten. - -Recapitulating, I now have a mobile audio setup that ticks all my boxes, allows me to listen to music I own, and costs less than a pair of AirPods. - diff --git a/content/2023/youve-got-mail.md b/content/2023/youve-got-mail.md deleted file mode 100644 index 9a3be331..00000000 --- a/content/2023/youve-got-mail.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: "You've Got Mail" -category: internet -abstract: On the joys of email -date: 2023-04-09T16:02:44+02:00 -year: 2023 -draft: false -tags: -- email -- netiquette -- internet -- plain-text ---- -I'm not much into instant messaging. I'd say that Messenger or Discord was forced upon me rather than chosen. Having said that, it's great for chatting without any structure or overarching goal. It often becomes just link sharing with some comments, but still - for this use case, it's great. Like talking in a bar over a beer. - -But nothing beats good old emails for longer, more demanding conversations. Recently I've [mentioned](/2023/receiving-email/) that this blog became a source for a few interesting discussions. And they are still alive. - -{{<img-center "youve-got-mail-1.jpg" "You've got no mail" "https://www.kissthemgoodbye.net/movie/displayimage.php?album=1107&pid=2696083">}} - -Note that I've been raised in the IRC days, so Usenet and BBSes are things I've missed. Most of the things I'll mention will be evident for graybeards. Also, note that this applies to interpersonal communication. Business email has different rooting, and spam you may send is an entirely different problem. - -Having said that, I've learned a few things. - -Not having a comment system is a feature. One-on-one conversations are much more intimate and thoughtful exchanges of thoughts. Having to provide one's email address is much easier, as it's never revealed to the public or some shady company (Disqus?) - -Long-form still rocks. A lot of modern approaches to email I've seen try to mimic IM applications and pretend that email is a fast-paced reply shootout, preferably one line. Email is a direct descendent to (surprise!) physical mail, and the lineage is strong. Snail mail used to occupy multiple sheets of paper, which is where it shines. You can get wordy to get to your point, and it's great. - -Slow-paced conversations are the way to construct thoughts. With IM, you get read markers unless you disable them. And with that checkmark comes a silent expectation of a swift reply. And with that comes the worst thing coming from Japan - emoji. Yes, you can use them in email, but a single smiley face is not a reply to an email. You are not expected to reply now, today, or even soon. Like in the days of the postman, you can take your time and think about what you want to write. A single, well-structured, and thorough thought message is much better than 10 brainless reactions. But please, reply with "I'll reply when I have some time" if the wait will be longer. Don't keep someone waiting! - -Plain text is still the king. Attaching a 10 MB gif would be annoying when you are discussing. Making text red and huge would be painful. You can (and should) use text decoration (asterixes, underscores, capitalization of words) as this is a mean to pass the message. But an image macro? Nope. - -With plain text, you get a few basic rules which make email conversations much easier: -- Use bottom-posting. Email clients often put you over the original message; ignore it and take over control. -- Quotations work. Modern collaboration tools, like Confluence, often allow for replying to part of the document. This comes from email. You can create a few new lines in the quotation of the original message and reply directly there. It makes reading much more straightforward. This is the biggest improvement email has over snail mail. -- You can (and should) redact the quoted text. The sender knows what he wrote, the quotation is just to organize the conversation. Feel free to remove parts of the messages you are not replying to. Without it, the message body will become unmanageable after a few emails. -- Use smileys, not emojis. This is highly personal, but graphical faces (or vegetables) hijack my eyes when reading text. Smiley will convey your emotion or add some emotional context while still being part of the message. Emojis will be the thing the reader will notice. - -I love plain text so much that I have completely disabled HTML when reading/composing emails to all my clients. You can read more about it in [use plain text webpage](https://useplaintext.email/). Rember that plain text comes with the inability to track. It's great for all parties involved! - -Last but not least, get a desktop client if you want to invest in email. Once you get addicted (like me), you'll quickly start joining newsgroups. When multiple people start replying to a thread, having a real tree view is a lifesaver. All web clients I know either flatten the conversation based on the time of the message or will get lost entirely in the timeline. But in reality, each message in the thread is a reply to a given email. Being able to see it as a tree makes reading actually enjoyable. - -{{<img-center "youve-got-mail-2.jpg" "This is you,on email" "https://www.kissthemgoodbye.net/movie/displayimage.php?album=1107&pid=2696083">}} - -A final note: email is as private as you make it. It's just text, so what you put there is up to you. Metadata (headers) are for all to see, but you can encrypt the body using [GPG](https://gnupg.org/). This way, no one except the receiver can read it and use it against you. Using a real email rather than a web client makes it a breeze. Remember that any service is free if the provider can create a profile of you tailored for advertisers and governments. - -I've rediscovered the joy of email and want more. If you find any of this interesting, [drop me a message](/about/#contact). - -Ps. The title and all images in this post come from a cute [movie](https://en.wikipedia.org/wiki/You%27ve_Got_Mail) starring Meg Ryan and Tom Hanks made back in the heyday of romantic comedies. - |