I realized that I am old enough now that the first answer to "name a toy adults use in the bedroom" that comes to mind is: Kindle

A thing that I am annoyed that people are getting wrong is security by obscurity.

You have heard of it and being told it is bad. It is so bad that it alone is a counter argument. Let me set you straight:

>>>Security by obscurity is the best security you will ever have<<<

There is an asterisk: It is probably not right for your business. But that is for the end.

Security by obscurity means to hide something away. Most security is based on hiding. You hide your private key or your password or whatever other secret there is. If you had a 2048 long sequence of port knocking, that would be fine, too.. Or it would be fine if it wasn't observable. You could write this down in your documentation and it wouldn't be security by obscurity. It would just be security. Weird, but fine.

The real meat of obscurity is: No one knows that there is someone. The server you port knock looks like a harmless server, but suddenly has an open port to a bad application for an IP, but only if that IP went to 25 other ports first.

In the animal kingdom, there are different survival strategies. One of them is being an apex predator or at least so big and lumbering that no predator wants a piece of you. That's our security. It is upstream security. It is the state.

But what is the rest of the animal kingdom going to do? Well, run away. That works. Not being caught. And those not fast enough? Hide! Just be invisible to the predators. They cannot triple check every leaf and expect to be done with the tree before starving. That's security by obscurity. Or hide in the group. Zebras. Easy to see, hard to track in the group. Look like everyone else.

There is a reason why drug smugglers don't have vaults in the carry-on. Arrive at the customs and just refuse to open the vault. If the vault is good enough. Nope, they lack the upstream security by the state. The state is there enemy, so they need obscurity rather than cryptographic safety.

And so, for a private person, having a port knocking solution or disguising a service as another service is a great idea.

Every cryptography course happily admits that the moment they can catch you physically, cryptography is useless. They also teach you about steganography. But they omit to tell you that obscurity is the second best solution to having a stronger army when you cannot rely on your state as upstream security.

Why did I say, not a good idea for companies?
1. It is self-defeating, since you have to tell it to all employees using it. A shared secret is no secret. And therefore it cannot be documented.
2. It makes working with different servers so much harder if there is a special procedure for all of them to access them. Even if it were documented. (See 1.)
3. You're a company, you are advertising your services. How to hide that you run them?

Do you see how those are not security relevant questions? Those are implementation relevant questions.

Here is an example:
Should you have your admins log into servers as normal users before elevating to root or is that just obscurity? Well, not for security purposes. Because that foothold is so bad, if compromised, it makes little difference. It is for logging purposes, so we have a better server log who logged in. Not only always root. But if our log could differentiate by the used private key, there is no issue with that.

If it is your private stuff, be creative. Hide it. Important skill. And it is not either, or. Encrypt it your backup, then hide it. Port knock, then required an elliptic curve private key to authenticate.

It is a lot of fun, if nothing else. Don't do it with your company. Downsides are too big. Cheaper to hire lawyers if needed.

I am waiting for shoulder buttons for my xbox controller to be delivered from China. Need to wait another week, approximately.

I really need to repair my 3d printer. But even if I did, where to put it. My wife wouldn't be amused if the baby breathes its vapors... Well, need to find a bigger place, I guess.

So, I need to buy a house, so that I can repair my 3d printer, so I can avoid a 2 weeks wait on a replacement part from China.

Hey everyone, I want to showcase today a master class in divisiveness.

The topic, the white house has just reacted to the "Elon is not elected" allegations. Explaining in a "civics lesson," that only the president is elected, the rest of his staff appointed. A good point, on the surface.

But also, a master class of divisiveness. From both sides.

May I introduce our characters: We have Smart Left (SL), Dumb Left (DL), Smart Right (SR), and Dumb Right (DR).

And me, Tray, your omniscient (read, unreliable) narrator.

Scene 1, act 1 - The left side:
SL enters stage, below him a crowd of DL.
SL: "Elon is not elected!"
Tray: "SL was not malicious, he did mean it. He knew how government works. It is but an ironic jab, pointing out his believe Elon having more influence over Trump than vice versa. Looking down at the DLs, they did not understand it."
DLs take up the chant: "Elon is not elected."

Act 1 Scene 2 - The right side.
DRs irritated about the accusation.
SR: "It is called an appointment."
Tray: "SR is aware what SL meant, however an explanation is warranted for DL. Yet, is it already misleading not to point out that SL knew? The original accusation remained unanswered. That doesn't mean it is correct, nor incorrect. It only means that it is most advantageous to not draw attention to it."
DRs chant: "Lefties need civic lesson."

Act 1 Scene 3 - The left side.
DLs: Outraged about being lectured at.
SL: "Of course we know about appointments, that is just a straw man attack."
Tray. "SL is aware that many of their own do need a civics lesson."
DLs chant: "Straw man Trump, straw man Trump."

Act 1 Scene 4 - The right side:
SR: "The accusation of straw manning is insulting. They make claims and do not stand to them."
Tray: "Also here a malicious act. They could explain their original target audience. But they do not want to give an inch, not admitting a point the other side made.
DRs chant: "Straw manning left. Straw manning left."

And that's the drama in 4 scenes. We are at scene 2 right now. But that's just a single act. The original accusation was not debated. Neither by L nor by R. The accusation was always dominated by the chants of those who carry the the prefix "D" in the name. "S" doesn't speak to "S." "S" only speaks to "D." Has to be, they have to react to the loudest.

It is in the nature of democracy. If all of our voices are worth the same, then bigger clusters of voices are more important. We should not assume that truthfulness and scientific rigor will prevail. After all, in human's evolutionary history, science and engineering was hampered by people and only developed to this degree because the environment positively selected for it. After all, being correct is a survival advantage. Democracy does not select for being correct, but for creating the biggest unity.

My university sent me a signed paper. The signature was the ugliest, handwritten, version of a name. It was like a child signing their name for the very first time.

I am so happy, I am not alone with that problem. Thank you, university administrator, for sharing my plight.

Installing applications on Linux became more like Windows. It's not something new, something that went on for years. But I just realized right now, when I tried to go to the minicube website.

I go to the website, because I want to see which install methods they actively support and keep up to date.

Is it Snap? Flatpak? Do they have a private repository for deb? Maybe some rpm? An AppImage? Maybe they keep their nix version up-to-date.

I have gone with the integrated searches of all of those and have gotten Software that barely works, just to find out, it is horiffically outdated. And I just realized, going to the website and checking how they offer the newest software is now normal for me.

Soon, they will only offer AppImages and integrate updaters into their softwares. And we will have gone full Windows. Funnily in a time in which Windows Store and 3rd party tools like chocolatey finally become really viable.

I hate quotes.

Just handed out a quote. Had to look through the project, guesstimate everything. Hard to do anyway accurately. Write bunch of stuff up. Easily took me in the end around 4 hours.

4 hours just to have someone tell me, I am too expensive. I mean, at this part it is a gamble. The other side accepts my quote or denies it. But, if they deny it, I worked for free. And that's bugs me.

But hey, next company, guess what, the hourly rate, there is the quote for the last company hidden inside and for all other companies who rejected my offer divided by all the companies who hired me. You're not only paying my fee, but for all quotes that got denied. Surprise!

Anyway, it is sent off. Now, the waiting begins. Time to find some work to fill the waiting.

How the fuck is that a thing.

I understand when you're application requires a lock file. But put it in temp. I get it, you want it user specific. You can put it still in temp. Just add the user to the lockfile's name.

Don't put it in the config. Yea, had to reboot without letting my applications close properly. After a reboot, a lockfile should be automatically removed.

Here's an idea, if you're really that terrified of leaking the information, that the application is in use, to other users of the computer, which could probably just look at the processes to figure that one out, check the lock file's last modified timestamp and compare it with the uptime.

Because, it is just annoying when I reboot the computer and I cannot start the application because the fucking lockfile is still there.

Looking at you, datagrip. I really need to find a good open source alternative for my databases.

I hate the idea of dog whistles.

For those who do not know what I am talking about: A dog whistle, next to being a physical object you blow in that makes a sound dogs can hear, but is too high in frequency for most humans to hear, can also refer to a hidden sign for a group or ideology that is supposed to be only known by its members.

Here, in Germany, we usually use it for Nazi groups. Hey, 88 is a dog whistle for Nazis, because, the 8th letter in the alphabet is the 'H', and 'HH' stands for Heil Hitler. Alright, got it.

But how the fuck am I supposed to know it? I am not a member of those groups. Well, other people, who look at them tell closely, told me. In a way, you want me to keep up with them, so I can know the newest dog whistles to avoid them?

Another famous one is the attempt to claim the okay sign is a symbol for white power. But here I stand and say, no. I was making this sign all along. I did not signal white power. I was signalling that everything is okay.

And isn't that racist in the first place. Black people cannot swim stereotype. And then they choose the white power signal from diver's sign language? Because they knew, no black person was a diver? Don't mind me, I am just taking the piss.

Then there was Elon Musk. I don't like Elon, I think he's an idiot. I also think that he made it possible for lots of tax money to flow into SpaceX and pay really smart people to work on rockets, which I like. Somehow, in a modern world, we have to do that instead of just funding NASA. Anyway, he is accused of doing a Nazi salute.

But if that was a Nazi salute, that was the sloppiest Nazi salute ever. It was akin to a dog whistle to a Nazi salute. Every proper Nazi should tell him how embarrassing his salute was. But instead, the Overton window on a Nazi salute widens.

We should make fun of him not being capable of doing it right. He would then obviously publicly state he is no Nazi. And some Nazis will believe them.

Ever wondered why in war some national leaders will tout obvious lies? That's because, often due to an information bubble, sometimes because of confirmation bias, many will believe them. If they said the truth, every single one listening would know the truth. If they lied, there is a substantial part of the population ill-informed or invested enough who wants to believe them. And if that's a preferable state, a leader will lie.

Why do we assume that dog whistles are just something we don't understand, but somehow, without writing publicly available guides or news broadcast spelling it out, the subgroup that uses that dog whistle, perfectly understands its meaning.

Recently AfD, German right wing party, had a party conference, and the number and position of the flags on stage was somehow aligned with the number of... what was it... SS branches or something in the third reich? Come one, you're reaching now. You tell me that right wingers are so well informed history buffs that they would ace any history exam about it and equate every subliminal message?

I probably had a dozen dog whistles in this text that I don't know of. Do you know how those groups actually learn about their own dog whistles? Standard media tells them that is their groups dog whistle and they copy it. Copy cat. Funny side note, that's how satanism actually started. Copy cats from stories from the church. They tried to scare people about those evildoers. At least that's one popular hypothesis. Aleister Crowley, not Church of Satan satanism.

Anyway, I hate dog whistles. We commit them constantly, we cannot avoid it and it incriminates everyone. It keeps broadening the definition of every forbidden/frowned upon action. It's shit. If you argue dog whistle, I think you're a moron.

I don't know why you guys would voluntarily choose this piss yellow as the banner of your rants.

But no longer will it hurt my eyes. Thanks tampermonkey.

It's okay around a profile pictures, but having it stretched through the whole screen is just painful.

We're fucked.

I was having a debate on Reddit. A topic I brought up here already. Genetics and the mommies in my local baby group.

I was downvoted to hell for my conclusion those mommies cheated. Don't get me wrong, my conclusion was, they most likely cheated. I use high school genetics as heuristics, saying that its outcomes aligns with the question often enough to be a good decision maker.

A strategy manifested. Some people wrote long scientific correct arguments, just to block me the moment they sent it. For me it looks just like they deleted themselves and their account. I can still read it when logged out.

I just created a new account to reply to them. Went without a hitch, except that when I checked back in incognito, my replies weren't there. I assume they don't allow accounts that are too new. Reading from incognito, it was like they had the last word and I couldn't answer. The problem, they actually admitted to my points and built a straw men to the other points and I cannot point that out anymore.

I also thought, I should find a few people to hang out online with. So I started to play an MMO. After all, I am a daddy now, not so much time to find people. Only have nights. Besides the discords always being empty, all guilds I joined had the same thing in their rule set: "Do not discuss religion or politics."

Let me explain you something about democracy. It lives on debates. If you think you do not want to speak about your political opinions, then you're anti-democratic. Why are we allowed to vote? So, that everyone with a political opinion will find a decider. If we do not discuss, we are just at the mercy of advertisement. Most of us do not look deeply into topics, but some do. We trust them, because we know them. We have those smart people around it. Democracy is based upon "My neighbor has said and I trust him." That's how it works.

Forbidding political discourse, hiding downvoted opinions and using tricks, so the other party cannot reply in time or only with troubles is the death of democracy. That's how it ended. Because we're too butt hurt to even talk to each other, have the conversations. And I am sick of it.

And no, you cannot say, this is just a friendly group about knitting. The price of democracy is that all groups are political forums. And jobs. Everything. We do expect you to be adult enough to work with someone who has a different opinion from you. Who might even dislike you. Otherwise, the outcome is that all spaces where you would meet people that have different opinions are non-political and all political spaces are echo chambers in which you meet those people who are at best the staunchest warriors of a side instead of the normal person.

I bet two people of two different ideologies, who aren't deeply ingrained in it, have more in common than a person deeply ingrained and one that is not from the same ideology. But you wouldn't know that in today's echo chambers.

Just finished setting up immich on my server. Using the prepared docker compose file. But I renamed the docker image of the database. It was called postgres. I renamed it to immich_postgres. After all, I want to know that this container belongs to immich.

Half an hour troubleshooting later, I figured out why I get a login failed error message. Login did not fail, connection did. Why? Because, they rely on the postgres name as an alias. They could have put an explicit alias for dns, they could have used the configuration name, after all they used it in the depends_on section. But they decided to refer to it via the automatically assigned name. Really? Container name? That one thing in the configuration that is supposed to be unique?

Did you really think that was the only postgres database on the server? Maybe I should centralize it into a single database, but I like when my applications can run without outside dependencies. Proper documentation would have been nice. I am sure they mention it somewhere.

Got a child. Little under a year old.
We go to a little baby group nearby. We visit it from time to time. Just like 6 different babies there.

One baby has brown eyes. Mommy and daddy have blue eyes. Oh...

Next baby is blonde. Mommy is blonde. Daddy is blonde. Someone commented, that blonde was very likely with mommy and daddy. She said, no, her mother-in-law is black haired. She proves it by saying, her oldest son has black hair.... Oh....

Out of 6 parents pairs, we had 2 cheating. 1/3. And for the other 4, well, we only ever met the mother and they have not told us anything about their husbands.

This leads me to only one conclusion: People are terrible in high school level genetics. I know, it is not 100% correct, there are special cases and exceptions. But it it 99% correct.

To quote Rex Harrison: "This is what the British population calls an elementary education."

I am still salty that git master was renamed to main... I mean, the rename is stupid, but when you remain it, why not bough? Bough was the obvious and perfect choice...

Procastinator's tricks to be productive: Schedule messages

I hate to write people. They could answer. My whole plan might be thrown off. But when is the best time to answer them? The day after tomorrow? Too late. Tomorrow. Around 10? Thank you to all messengers that allow me to schedule a message. Instead of procrastinating, I answer, I schedule, and if I am in a bad mood, I later come back and abort and rewrite the message nicer.

Went perfectly swimmingly with my happy new year messages. Everyone got them at 00:00. Yes my friend, you're obviously the most important thing in my life, first thing I did was writing you!

All the crypto bots and hire a hacker adverts make no sense. After all, they still need to either go through the API or make a selenium script. Will still take them 1 to 2 hours at least to build it. For what?

To advertise to a dying platform that has a dwindling community, which is on top of it well-versed in programming and technically affine, so that the probability of profiting of it is tiny...

My conjecture: A devrant member is pulling a long running prank.

I bet it's someone like theRealJase. Or someone like that.

Anyone already had a more unrealistic deadline than the writer for the question of week wk386?

Just a quick follow up. I told you guys after rebooting my server by accident, I'll color in the terminals for my ssh connections.

Normal terminal in white. With the code to do it. Just a shell script with the name ssh earlier in the path than the actual ssh. That was the only solution that didn't fuck my auto-completion. compdef was somehow useless. But it is simple.

For some reason I had to hardcode the return color to white. Alacritty was not happy with just a no-color code. But whatever. Super useful. I won't accidentally restart non-host computers now.

Planning on extending this to have different colors according to the host. Like my homelab could be green. Live servers would be red. Dev servers blue. But that's for the future.

Just wanted to share my little improvement that will make my computing saver.

I just rebooted my server by accident because I wanted to play Space Engineers.

Long story short, dual booting. Needed to boot into windows. Typed reboot into my terminal. My terminal was not local. When am I finally getting around to set up my terminal color as red when it is connected to another host?

But two things are good here. This was my own server.. Well, bunch of stuff is running on it, including for my bachelor's thesis. But if that was a server of my company, that would have been worse.

Second thing, my systems are fault tolerant. I reboot once per week at the latest and for systems with fail overs once per day. I know they are coming back up. I don't worry. My Gitlab will be back in 5 minutes at the latest. I am going to reboot and play Space Engineers now.

Reboot your servers guys. Only way to make sure they'll survive reboots!

I did it, I found the fountain of youth. It is the cat fountain in my living room. Tragically, it was discovered by my daughter.

When she grabbed onto it, I tried to pry her off. But I was too late, she was nothing but a baby when I succeeded.

My wife likes to claim she was a baby before grabbing onto it, but what the fuck does she know.

If finally happened. My cats broke me down.

After years of spotty internet, in which I couldn't resolve websites, to which the solution always was to reach down and push the RJ45 jack with the broken off clip that connects my router to my pihole back in, because my cats pulled it out once again.

They made me do. They finally made me do it. After all those years. Today, my cat pulled it out like ten times in a row... So I finally did it. I walked over in the other room, grabbed a new cable and plugged that one it.

Try that again, cat. I dare you. Try it again!

I just realized that I subconsciously believe more lines of code means slower code.

It's not intellectual. I understand that little lines of code often are just calling other code. That this is not how Big O works or does not replace benchmarking and that some data structure requires a lot of code for immense speed up. E.g: B-Trees with sizes at page size for big amounts of data read from a secondary storage location.

But still, when I see a function with just 3 to 5 lines, my inner monkey believes it must be fast.

Know your biases, I guess.

Fucking hell, writing browser addons is annoying.

I just wanted some small addon for myself. But first did it in tampermonkey. It was supposed to take a screenshot of the website and upload it together with the link of the website to my server. First used html2canvas. Terrible performance. But addons can take direct screenshots.

Reason, when I listen to something or watch something while holding my little daughter, I cannot copy links over. But I can quickly slap a key combination and save for later what I just saw.

Anyway. Addons are terrible. The error messages makes no sense. Missing permission active_tab... Fucking hell, it was missing host permissions. Permissions has to be one of. Documentation sucks on MDN.

And then, you can not even install unsigned addons. I do not want to share my addon with mozilla. You have to install Firefox Dev or ESR for it. Switched to Firefox Dev.

But I feel sorry for everyone having to write browser addons professionally.

Dual Boot Linux & Windows.

I hardly ever see anyone do it right. And there is just two tricks that make a completely new experience out of it. I am not sharing it with you to be nice, I am sharing because I am curious if you're already doing it.

1. Install on a second hard drive, not a different partition. Learn which button to hold on the boot screen to select the boot drive. You can still chain-load via Grub, but the major advantage, updates of neither OS will fuck up your boot loader. You can update it abso-fucking-lutely risk free. Second advantage, advice 2. becomes trivially easy.

2. Set up a virtual machine. Select as its hard drive the raw disk volume where you have installed your Windows. You can do this with VirtualBox, but QEMU with virtual machine manager make is far easier to set this up in. You can now start Windows under Linux as a virtual machine. You can always start a small application, but the big deal is installing. Start a Steam download, have it installed and ready without switching over. Running windows updates. And when you then have time to play the game, just reboot and you have it already installed.

I feel like many are not aware that you can start a virtual machine of a real hard drive. It's one of those things that improve usability of it enormously. It's something where many will just not think about it because they keep dual booting and virtual machines in two different categories in their brains, but immediately will think it is obvious as soon as they hear about it.

So, who already did this? Raise your hands!

My DNS provider does not have an API. They do have one... That is wrong... But on the description page, they say we have to open a ticket to be given access. No requirements. Nothing...

And then I am told "they do no longer offer dns for private hosting". I don't even host with them, I only have a domain with them.

But the magical word is no longer. That means they did offer it. In the description of the API it still says "and for everyone who feels comfortable interacting with a REST API." Oh, and they asked anyone who works on it to be so nice and share any SDK's they might have coded up. Would have shared my SDK. Would have... If no Rust SDK was available yet.

So, what the fuck...
The problem with that is that I need a wildcard certificate for my homelab with DNS validation. So, I need to dynamically set a txt record. Now I wonder... Was this done on purpose? They are selling wild card certificates. Letsencrypt are giving them out for free. I bet they deactivated it, so they can sell more...

Anyway. Solution time.
Short term: I make my own API with black jack and hookers... And selenium.
Long term: I need to fucking move my domains to a different provider.

But what the fuck... What the fuck?

Shower thought of the week...

Cell phones raised strongly the relative probability of being bitten by a toilet snake...

I just got the dna test.
I am the father. My daughter is now 3 weeks old.

No surprise there. I expected to be the father. I had no reason to distrust my wife. But, after all, I know my IT security.

The relationship I had with my daughter was transitive. I trusted my wife and my wife had my daughter, ergo I had a connection with my daughter. Or in clearer terms: from a => b and b => c follows a => c.

The problem I was thinking about: What if I will stop trusting my wife in the future. At some point in the future... Something might happen. And I would stand there and wonder how long it went on. Maybe a month? Or before my daughter's birth? Maybe more than 9 month before my daughter. Would I be able to hide it from my daughter or would she notice...

If anything ever happens now, I know it has nothing to do with my daughter...

That's the same reason why we use end2end encryption. Sure, we have to trust that the application provided is not manipulated. But we only have to trust today. If it lands on their severs, we have to trust until the end of eternity.

I don't need any trust right now. And I am fucking happy about it.