What could possibly go wrong with a president Trump?

    Over the last few weeks, I had random conversations with people where the US presidential elections came up. On more than one occasion, someone brought up the typical “Well, Trump is a crazy person, but the American president doesn’t have that much power anyway, so what should go wrong. And by the way, Hillary is a Hawk and that might be really bad, too” line.

    By the way, this is a European perspective, but I assume it is something Americans have heard in conversations as well.

    Here’s a few reasons why I think this line of thinking is extremely lazy and dangerous:

    Finding a CPU Sinkhole in My App Using Chrome Tracing

    On thursday night, I planned to work a little on this big ember app I’m working on for a client. For some reason, even though my app was the only tab opened, Chrome had a pretty high CPU usage. Now, I know Chrome is generally good at that, but I was intrigued. My app can use quite a bit of your CPU at times, but just sitting there, idling around, this should not happen. Opening the Chrome task manager, I determined that indeed, it was my app that was causing the load.

    Jekyll within Rails, on Heroku

    There are several HOWTO’s on the web, there’s even a gem, but all of them are slightly outdated or not fitting for my use case, so here’s how I’ve integrated Jekyll into our Rails on Heroku setup for a small project.

    The goal was to use Jekyll for both the marketing homepage of the product and as a blogging engine. I also wanted Heroku to do the jekyll build process on publish and thus not having to check in the artifacts aka generated websites. There are some pitfalls that I came across, so that’s another reason for documenting it here.

    How I almost got run over by a car in 2003

    Today, I came across a great article by Bodo, a friend from Berlin that can be best summed up with a tweet from him:

    I couldn’t agree more - I myself had to learn this the hard way, though. I shared a bit of my own experience on twitter today, but I felt like this could use some more words.

    When the impostor syndrome ruins your decision making

    One day, I’m going to do a writeup of the technical restructuring I just did on probably one of my most important projects right now. Today is not that day, because I want to talk about the reasoning and the history of that rewrite instead, on a meta level.

    I’m currently building an open source library published to npm to parse and render a file format we’ve designed for Open Color Tools. We’ve built a first prototype using a YAML parser and doing some preprocessing, but the format quickly evolved into something that was essentially incompatible with YAML, so we needed a new solution.

    The Binary Toolbox (for JavaScript)

    The first time I tried my luck in parsing binary files within the browser must have been the Cloudtracker2 project, my (slightly out of date) try to make a good Protracker player/Editor for the web (It sort of lives on in the Halfplayer project if you’re interested). Parsing binary files in the browser is actually no longer a problem, but I thought it might be a fun exercise to write down some notes on what I’ve come across in one of my current projects, which involves intensive binary data munging on a much bigger scale than what I have tried so far.

    So, here’s the toolboxes contents:

    Additionally, we’re going to talk about file drag and drop, creating object URLs and other things.

    The Rails Architecture Fallacy

    Someone has been wrong on the internet. I hate it when that happens. And so I started to write a comment and then I thought to my self, hey, this is great blog post material, why should I waste it on someone who is wrong on the internet. So here we go. It reads like a comment on someone who was wrong on the internet at times, because that’s exactly what it is :)

    Today, I’ve stumbled across a blog post, via RubyFlow, which is boldly named Ruby on Pains by Facundo Spagnuolo. It is a melange of falsly applied pure OOD wisdom and (I can only assume) juvenile arrogance (Do I sould like an old fart already? I’m in my forties now, I have to sound like an old fart now), that made me a little angry and made me want to reply. Not sure this is a winning move, but I think my reply does contain some parts that bear repeating, so here we go.

    The other side of static vs. dynamic typing systems

    I’m currently working on a small web application that has to do a fair amount of munging binary data in the front end (meaning: JavaScript). One of the things it needs to do is inspect data packets, unpack them (from a simple 7/8 bit encoding scheme invented in the 80’s) and checksum them. The checksumming is done with a standard CRC32 algorithm. It took me a few hours to find a JavaScript library that uses the same polynomial as the counterpart of the app uses (which, luckily, is a widely used one, for example zlib uses it) and was usable within my Ember/Rails setup.

    I tested around a bit and had a setup that worked, until I started testing with bigger packets and suddenly, the checksums wouldn’t match anymore. As it turns out the fact that the library worked in the first place was by chance: It returns a signed 32 bit integer and my test setup in the beginning simply produced a checksum that didn’t have the sign bit set. In parallel, I verified the results with two tools: The Ruby zlib bindings (part of the stdlib) and the crc32 command line tool that comes with OS X. Both return unsigned integers.

    My 2015 in Review

    I’ve recently taken a look at my blog archive and it seems I never actually did a year-in-review blog post which was kinda surprising to me. 2015 was a year that turned out completely different from what I thought it would, so I thought, this year, it might we worthwhile to reflect on that a little. Also, I’m now slowly becoming somewhat of a senior (with my 40th birthday approaching way faster than I appreciate) and with seniority comes the privilege of sharing your thoughts whether others want to hear it or not. Haha.

    Anyway. Let’s start with a simple subject

    Having fun with pixels and lua

    The following text is somewhat like the long version of a lightning talk I gave at the most excellent Eurucamp. As I used a lot of animated GIFs in Keynote, it’s kinda hard for me to publish a working version of this presentation in any form. So this article must do.

    In her keynote at Eurucamp, Joanne talked about awe and how to combine coding with our passions.

    For me, one of the ways to get that extra kick is dabble in game programming. I’m bad at it, though. The reason is, I guess that I always lose myself in complexity and then all the fun and awe is lost. This is partly because I tend to over-complect both my thinking and my creations, but also partly because most tools do not keep you from doing that.

    A few weeks ago, around the time the amazing SoCoded happened, I stumbled over a thing called Pico-8. It is a so-called fantasy console, a sort of virtual machine or emulator of an imaginary console from the 80’s, designed and built by Joseph “zep” White from lexaloffle games.

    Pico-8 is wonderfully quirky, but it also has some very interesting technical limits, artificially but deliberately chosen by its creator.

    The Birth of a Radical

    Most people who would consider themselves “radical” in a specific sense usually didn’t become “radicals” overnight. It’s a slow process that can take years. And one day you find yourself wondering “how did this happen?”

    I’ve been wondering about this for quite some time now. Somehow, between 2010, when I started cycling to work every day, and today, I’ve become a radical. Not in the sense you might imagine if you’re a die-hard motorist, though: I drive conciously, often very asserting, and certainly a bit cheekily, but I try very hard to do this within the boundaries of our “road code” which has the very poetic name “StVO” or “Straßenverkehrsordnung”. The problems actually start right here: In contrast to the many many motorists I run into conflict with every day, I know the relevant parts of the road code very well. It’s a very common phenomenon as a cyclist in Hamburg to be yelled at for basically doing exactly what the law wants you to do. Or to be yelled at for telling a motorist that she or he just violated the road code in a very dangerous and reckless manner.

    Service-Wüste Kabel Deutschland

    18:50 - Ich komme nach Hause. Das Internet hat offensichtlich gerade noch ausgereicht um meine Hues anzuknippsen, kaum sitze ich am Rechner, ist das Internet weg. Die Outbound-Connection-Lampe am Kabeldeutschland-Router blinkt.

    18:55 - Nach durchbooten des O2-Routers (Ja, ich habe zwei Internet-Anschlüsse, und ich weiss auch warum) habe ich zumindest wieder 8 MBit von 116 bezahlten MBit zur Verfügung (16 über O2, 100 über Kabeldeutschland).

    18:57 - Ich fange an, mich durch die Hilfe-Seiten von Kabeldeutschland zu klicken. Seit der Vodafone-Übernahme ist da viel kaputt gegangen, aber siehe da: Ich habe den richtigen Knopf gefunden:

    Super cheap VPS providers

    I am usually not a cheapskate. I love to pay decently for a service or a thing worth paying for. With servers, things are a little different. First of all, the price span between super cheap and super expensive is usually really huge, while it’s often times totally unclear what the difference in service might be. Services like Digital Ocean are able to charge a healthy surplus by providing a superior “experience”, while their machines are, for the most part, beefy, but not exactly outstandingly so. I am writing this being a (happy) Digital Ocean customer, by the way.

    So, a few weeks back, I was doing some research (Read: I googled a lot) on VPS hosters with a little twist: I tried to find European or even German services, with the clear goal of finding the cheapest ones. This didn’t become some sort of shootout, because that would have meant that I needed to deploy compareable things to to it, so don’t expect something like that here. I’m going to name a few names, but not to especially endorse them but to make my report a little more concrete.

    Via google, I stumbled upon some sort of comparing site, webhostlist.de (unfortunately in German only). They listed a lot of machines way below the 5 EUR mark, which actually caught me by surprise. I remember I rented my first, very small VPS back in 2009 or so and it was a tiny, tiny machine for nearly 10 EUR a month. So this made me curious. I further trimmed down the list to services with more or equal to 1 GB of memory, because I think this is currently a pretty good limit for hosting small things.

    I instantly bought three services, all of them high on the webhostlist.de list and as soon as the accounts rolled in, I started to deploy things to it. So far, my list looks like this:

    • An iRedMail Mailserver, which is my testbed for self hosting email again (most likely worth an own article)
    • A server that runs graphite, as a central hub for metrics coming in from other servers
    • An application server for an upcoming little thing

    Decentralize ALL THE THINGS!

    This text is a modified version of my manuscript for my talk “Decentralize ALL THE THINGS” I gave at Eurucamp 2014. I sometimes write manuscripts for mostly non technical talks. In this case, it made a lot of sense, because it was also a good way to reason about the talk with my great Mentor, Frank Webber. After Eurucamp I thought this was a good way to kick off my long overdue article series about Decentralization.

    There’s also the accompanying slide deck you could take a look at.

    So, how was your year?

    Of course I didn’t mean personally. Professionally, if you’re not totally ignoring the rest of the world, 2013 and 2014 seem to be quite shitty years for working in IT. After all the Snowden Revelations, the shitty, inappropriate government reactions and then all the security holes in critical pieces of infrastructure (most of you will at least remember Heartbleed, of course) and the countless account breaches (Remember the Adobe breach?), I definitely considered leaving our field completely, with a strong urge to do something simple as gardening (And thus completely ignoring the devastating problems gardening is currently facing, with a fast and steady decline of bee populations, the general issues of pollution and the strong bias of regulators for multinational corporations).

    So, this is why I’ve turned a rather large part of my attention to this idea called decentralization. Because I believe that we need to change our thinking on what we’re doing here. All of us. First of all me. So this is a work in progress. I’m new to this, so please, if you’ve been preaching decentralization since, like, ever, bear with me for a a few paragraphs. I’m hopeful that I can actually shed light on this from some interesting, non common angles.

    Redesign, Schmedesign

    After reading @adactio’s great post on indie web building blocks, I wanted to do something. I started by adding a few rel=”me”’s to the page and then I stumbled over some weird styling issues (a time tag that I declared as display:block globally for some reason) and one thing lead to another and suddenly I found myself in this weird downward spiral of yak shaving (or sharpening the yak shaving scissors. Well, actually I had to wetten the sharpening stone first but there was a hole in the bucket. Long story.)

    Visiting Belgrade

    I don’t remember the exact date and I can’t find the needed data quickly (even Wikipedia fails me), but somewhere around the 24th of March of 1999, I was standing in the lecture hall at my university and opened up our bi-annual students assembly (I was part of the students council at the time) with a few, probably very incoherent words about what just started to happen in the Kosovo region. For the first time since the end of the second world war, german military forces were allowed to shoot enemy combatants on foreign ground. The german air forces were part of what was called OAF (Operation Allied Forces), an operation against what at that time was called Federal Republic Of Yugoslavia, which consisted of Serbia and Montenegro.

    I’m not interested in discussing the details of this conflict and to be honest, I had to read up on it on Wikipedia because I seem to have forgotten most of the details. But I do remember that for me as a german citizen, it felt like the end of an era: Post-WWII Germany crossed a line I personally hoped would never again be crossed. Under a left/green government no less.

    Going Full Encryption

    One of the main outcomes of the whole NSA thing for me is that we actually need to step up our game. And with we, I, above all, mean me. And what exactly means stepping up our game?

    If you haven’t, read Private By Default by one of our wise men, Tim Bray. It makes a few good points, why it makes sense to even encrypt traffic that seems harmless.

    So, setting this up on my personal web server (which is actually a cheap root server that by now mostly hosts static web pages) was relatively easy. There are some weird pitfalls though.

    A public service announcement

    I have three computers I use on and off. On all of them, I have a relatively long blog post draft lying around I haven’t gotten around to finish and publish.

    That’s not a good sign.

    Over the course of the last weeks and festivities, I gave that some thought. And I believe I have found an answer, although I am not very happy with it.

    2013 was the year when, at least for me, the last pieces of that already pretty much ruined facade that covered our society and political order (our so-called democracy) finally crumbled to dust.

    It’s actually less the revelations by Snowden (and, me visiting the Chaos Communication Congress for the first time, had my fair share of new revelations and other depressing news there) than the way our society, the politicians, the press, but also the general public reacting to them that finally cemented my belief that we’re indeed now in a post-democratic state (As in state machine, not as in state prison). It’s not that I think that all is lost, but I think that the way out of this crisis will either be extremely long and painful, or extremly violent.

    Thing is: I have no idea what to do now. I have a few vague ideas on how we could fix society on a grand scale, but none of them is especially applicable in the current situation. I am just a software developer. A quite thoughtful software developer with strong political opinions, but one who now needs to take a step back and listen, read and make up his worried and confused mind on what would be a meaningful contribution to the future of our society.

    And in the meantime, I will try to just be a software developer, at least here, in this blog. As much as I feel the pressure to comment on the current turmoil, I found out over the last months that I simply can’t, at least not in a coherent, useful way. I’m afraid “F**K ALL OF THIS S**T” is hardly a useful contribution to the discussion, as much as it properly reflects my current feelings.

    I hope that re-enables me to write on this blog. It will be, for the time being, more technical, more shallow, perhaps, but hopefully it will be revived in 2014 this way.

    Here’s to hoping that from here on, things can only get better (My pessimistic winter soul disagrees, but eff it).

    The Problem with end-to-end encryption

    A friend of mine, Hendrik Mans, wrote a pretty good article (in german) about the whole PRISM etc. dilemma. His gist: We should stop to act in this case as if we are actually able to tell whats going on there. For the most part, we simply don’t know. Because we’re are not tech savvy enough to understand the technologies involved (which may or may not be true for you) but also because, for the most part, this stuff is still happening largely in secret and although Edward Snowden gave us some ideas of what’s happening, we still don’t know much about how that’s happening.

    He also rants about the “solutionists” crying “you only need to use end-to-end encryption” and that’s a point I actually want to elaborate on a bit.

    First of all, what do we mean with end-to-end encryption (e2ee) . For the sake of the argument, let’s assume it means something like PGP (or GPG for that matter) and everyone uses securely stored keys, the encryption is asymmetric and the keysize is big enough (which are a lot of assumtions already if you think about it) and so we can be relatively sure that this encryption is safe. Please note that I am not going to explain all of this to you. Fortunately, there are a lot of places on the web where you can get good information on this.

    This is a great tool if your name is Alice and you want to send Bob a message which should stay secret between you two.

    That is to say, if the secrecy of the message is what you actually care about.