Using the keyboard has always been my main interface to computers. When I first started using our 286 back in the early 1990s, which I shared with my older brother, the computer booted into a command prompt and that was it. We had a fairly solid German style keyboard with clearly audible click sounds. So naturally my first attempts at typing were based on a QWERTZ keyboard layout, which was perfectly suitable for me, until I dove into programming a few years later.
The thing with programming languages is that most of them require special characters to be used fairly often, e.g. curly braces {} and brackets [] in C, backslash \, at-sign @, pipe | and others. These characters are accessible via the Alt-Gr or Right-Alt key on German keyboards in combination with the upper right digit row - 7, 8, 9, 0 - which in my opinion is not the most comfortable finger position for the right hand. The programming languages I chose at the time were based on the English language anyway - e.g. Pascal with 'begin', 'end', 'procedure' etc. - so I switched to US keyboard layout, at least for programming tasks. Most special characters are easily accessible using either one of the Shift keys plus a number key or one of the non-alphanumeric keys. I remember that by switching the layout alone, programming instantly became more fun due to less strain on the right hand.
After years of using both German and US layouts I was quite comfortable typing without looking at the keys and at least for command line input and programming tasks my typing speed slightly exceeded the average. But since I never formally learned ten finger touch typing it was more of a 7 to 8 finger usage. There was definitely room for improvement.
In April 2004 mostly out of curiosity and to refresh my mind I decided to try the US Dvorak keyboard layout as seen above. There are numerous alternative layouts like the rather popular Neo2, but the Dvorak layout dates back to 1936 and has since been implemented in a vast number of old and new computer systems. That means even when I encounter some strange old Spark station clone or whatever ancient computer system is still functional, there is likely a Dvorak layout option available. The Dvorak layout was invented to be more ergonomic than QWERTY when entering English words and therefore decrease stress on fingers and increase typing speed. These claims are somewhat controversial and were never scientifically proven. But personally I found it tremendously easier to relearn an entire keyboard layout rather than trying to fix my QWERTY habits. This argument is not for everyone, but since I am mostly using my own computer and I do not have to share my keyboard with anyone, the step to change the layout entirely fit perfectly to my needs. Also, the fact that I was already familiar with the US layout helped a lot, because all keys on US Dvorak layout are just rearranged from US layout. That means all the special characters behind the number keys remain exactly the same and all special character keys still have the same Shift/non-Shift assignment despite being located somewhere else on the keyboard.
The other thing that is generally somewhere else on Mac keyboards vs PC keyboards is the entry of German umlauts and French accents unless you are using the respective local keyboard layout. Mac has the umlaut character - Alt-u - followed by the vowel and accents are entered in a similar fashion. On PCs there are numerous methods to access language specific characters, but let's just say, it's complicated. I usually stick to using the Mac for writing non-English texts. If I have to enter German text on rare occasions on Windows, I tend to switch the layout using Alt-Shift for umlauts and then switch back to Dvorak. Eventually I would probably use US Dvorak International layout, which gives access to umlauts via Alt-Gr.
In order to initially learn finger placement and start typing at reasonable speeds, I used a tool called DvorakNG. I suppose there are equivalent online tools nowadays. While learning, some keys turned out to be too far away for my hands while resting and I would rather have my hands rest comfortably than constantly move up and down the rows. So my ten finger system is slightly more personalised when it comes to upper left and upper right keys, that are ordinarily entered using the little finger, but I am using the ring finger instead. As far as I can tell, this slight change has had no impact on my typing speed.
The change from QWERTY to Dvorak took me about two or three weeks in order to regain my former typing speed back in 2004. But was it worth it? Definitely. Apart from typing a lot more accurately, typing Dvorak helped me a lot to not think about typing itself but rather thinking about the content, the problem at hand or entire sentences that magically flow into the keyboard. Would I recommend that journey to anyone? Probably not. The switch helped me personally to be more efficient. But you can be equally efficient without switching. My original reason for switching was that I am generally curious about many things and by learning a new skill I can refresh my brain in a potentially very useful and practical way, which turned out to be correct even now, 18 years later.
]]>Among other interesting things, the Berlin Underground has vending machines for sweets at some stations. One summer morning a few years ago, I went on a trip, deeply focused on my mobile browser, when I got a message on my phone: "Please rate this vending machine here...". How? What? Why? There was no machine nearby, or was there? And how did it know to send that text to me? It turned out to be a (now obsolete) feature called "Google Nearby". A Bluetooth Low Energy (BLE) beacon in the vicinity can announce an ID, that can automatically be resolved to a message and URL via Google. Well, naturally I wanted one of these beacons to play around and announce my own twisted message to fellow travellers. So I went online and found the Eddystone Bluetooth Low Energy beacon fairly cheap on Aliexpress. Aliexpress is a huge Amazon-like competitor in non-western world countries, that delivers world wide. I bought the Eddystone and waited, waited some more and finally the package arrived a few weeks later. The Eddystone came with no manual or description whatsoever and the internet was not very helpful when it came to this particular device. So I contacted the seller and complained (quite rudely in retrospect) that the item did not work as expected. The answer included a binary-only APK file for Android, that may or may not be able to program the Eddystone. I never came around to executing this untrusted code. But I bought another few BLE beacons from somewhere else, that actually worked pretty well out of the box. During the following two or three years I kept broadcasting funny messages via BLE wherever I went and every once in a while someone actually clicked on my link. That was that. End of story.
Half a year after the eddy stone experiment, I ordered another item. I know, that was risky, but a couple of weeks later exactly no parcel arrived, so the seller reimbursed me without problems. Seeing that my experience this far was unsatisfying, I left it at that.
It was three years later, when I was looking to find noise cancelling headphones for a lot less than 300 Euros. The best of the best at the time were Sony XM3 (~ 300 EUR), Some Bose Headphones (~ 350 EUR) and Sennheiser PCXsomething (~ 200 EUR). The rest was not worth mentioning - at least that is what the Internet suggested. That's when I rediscovered Aliexpress and other Chinese online shops, and there are a few - Gearbest, Banggood and Aliexpress seemed enough to explore for now. Gearbest, as the name suggests, actually has the best gear, but most of the time not the best prices, so I kept it for comparison, not for ordering anything. Banggood seems to have really low prices, but not as much selection as Ali, so I kept Banggood for comparison only as well.
After finding a couple of headphone brands nobody ever heard of, I looked at reviews and an entirely new world of youtube product review videos opened up to me. I had no idea that that is a thing now. Unboxing videos, yes (even though I never got their appeal), but review videos. You should check it out right now. There are people buying amazon returns in huge quantities while having fun. There are high end audiophile people reviewing very bad headphones. But underneath it all, it is somehow possible to form an opinion about these formerly unknown brands. So I went ahead, bought a pair and don't regret it. They are superb and last forever with one charge - for ~80 EUR and uncountable hours of "youtube research". Thank you internet. (BTW. I got the Edifier W828NB.)
Most other orders I have made since then came through without anything remarkable to say about them, but there are some exceptions:
Lessons learned? Let's see.
At last, a few numbers:
All in all it has been a fun trip to explore the foreign B2C market. If you ever need something that may or may not work properly, that is of unspecified quality and arrives some time within the next couple of weeks, there you go. For personal use this may be ok. For my professional use cases, I'd prefer next-day delivery, quality control, hassle free returns and proper invoices instead.
]]>Problem PGP key servers serve as directories for PGP keys. Unfortunately it is hard to remove keys once they are uploaded. And anyone can upload any key, even their own fake version of keys associated with arbitrary email addresses. Wikipedia puts it this way: "This leads to an accumulation of old fossil public keys that never go away, a form of "keyserver plaque"." So, there is no way for the legitimate user of an email address to revoke or remove keys not actually generated by that user. There is no server side email validation. There is no enforced expiration on keys. And there is no usable web of trust. The original idea was that keys signed by other keys will eventually lead to a trust chain, but that turned out to be a privacy nightmare.
The real problem Suppose someone uploaded a fake key with your company's contact email address 'contact@your-company.foo'. Unfortunately some potential customers don't check the validity of such a key. As long as the key server finds a matching key, that key is just used to encrypt emails to your company. And of course in the eyes of a customer it is supposedly your fault that such a key exists in the first place and was not revoked properly. Having a business relationship start with a technical problem is not a good start. You have to reply asking for another copy of the email encrypted with a proper key. The customer has to delete the invalid key and import the new key, which can be time consuming for non-technically versed people. Finally the initial email is sent again with the 'friendly' reminder that some key server is 'still' serving an old key. So, in my opinion the problem is a social problem, but I try to find technical solutions anyway.
Not working solutions
Working technical solutions (practical and impractical)
Conclusion In my opinion the legacy PGP key server infrastructure does more harm than good by not providing email verification or any kind of removal option. The optimal scenario would be for a first time contact to retrieve the PGP key in person from a trusted source. The next best thing is implemented with Web-Key-Directory (WKD). Why anyone is still 'trusting' (to some degree) arbitrary keys from public key servers is a conundrum to me. But people doing that are exactly the customers in need for professional IT consulting, so it is counterproductive to put the blame on them.
]]>Das ist eine These, die ich so oder so ähnlich von agilen Entwicklern und Teamleitern hörte, also von den untersten Ebenen der Hierarchie großer Unternehmen. Und ja, ich halte Kundenzufriedenheit auch für ein erstrebenswertes Ziel.
Konkurrierend dazu steht erstmal der wirtschaftliche Aspekt, sowie Innovation. Bei einer Entwicklungsstrategie, die primär auf Kundenwünsche eingeht, ist die Innovation vom Kunden getrieben. Konkrete Vorschläge zur Nachbesserung und Implementierungsdetails hängen von der Kreativität des Kunden ab. Diese Strategie passt zur Eingangsthese.
Das andere Extrem wäre die komplette Freiheit, die Software nach eigenen Vorstellungen zu entwickeln. Sehr konkrete Kundenwünsche werden zwar berücksichtigt, aber stehen nicht im Fokus der Entwicklung. Das Ergebnis enthält erfrischend neue Elemente, die dem Stand der Technik entsprechen. Auch hier kann der Kunde zufrieden sein, obwohl seine Wünsche sehr kreativ interpretiert wurden.
Betriebswirtschaftlich gesehen soll der Kunde gut bezahlen und langfristig Kunde bleiben. Von Monopolstellungen abgesehen kann das Ziel durch beide Innovationsstrategien erreicht werden, wahrscheinlich auch nur durch beide Strategien in sinnvoller Mischung. Kundenzufriedenheit führt zu langfristiger Bindung. Gute und innovative Produkte führen zu Weiterempfehlungen. Alle sind glücklich.
Fazit: Als Berater sehe ich die Entwicklungsabteilungen vieler Firmen. Nur wenige davon, die eine gewisse Größe erreicht haben - so um die 100 Entwickler - erhalten sich eine Firmenkultur der erfrischenden Kreativität und wagen es Neues und Unerprobtes auszuprobieren. "Mut zu eigenen Ideen" möchte ich der Eingangsthese entgegenstellen. Teamleiter, Produktmanager, Projektleiter und Geschäftsführung sollten sich der beiden extremen Innovationsstrategien bewusst sein und den richtigen Mittelweg finden.
]]>Zum Anschluss eigener VoIP-Telefone gibt es nun mehrere Möglichkeiten:
VoIP-Telefon anstatt der Telefonie-Funktion des Routers - siehe hier: Die Registrierung geht direkt über tel.t-online.de mit dem Email-Benutzernamen und Passwort.
Smartphone: Die HomeTalk App der Telekom erlaubt einen gleichzeitigen Betrieb von Telefonie über Router und über die App. Off-Topic: Über die Qualität der App sage ich nur die Schlagworte Absturzgefahr und Klingelton aus den 90ern.
Die HomeTalk-App bietet eine SIP-Logging-Funktion, über die Zugangsdaten für die Konfiguration eines eigenen VoIP-Telefons abgelesen werden können, nämlich: Registrierung an tel.t-online.de mit User +49xxxx (eigene Telefonnummer mit +49) und Auth-Username anonymous@t-online.de. Das Passwort kann leer bleiben oder zufällig gewählt werden, z.B. ein Leerzeichen. Der STUN-Server stun.t-online.de ist optional.
Option 3 funktioniert potentiell auch über ein VPN. Warum Option 3 schlecht dokumentiert ist, bleibt ein Rätsel. Vielleicht sollen so die eigenen VoIP-Telefone verkauft werden.
Nachtrag, 26. April 2015: Die angepriesene "HD-Sprachqualität" verwendet den Codec G.722. Es lohnt sich also das VoIP-Telefon so einzustellen, dass bevorzugt G.722 verwendet wird, danach PCMA aka. aLaw aka. G.711a. Das häufig voreingestellte µLaw ist eher in den USA, Japan und anderen Ländern der Standard.
]]>2 Jahre sind einfach zu lang.
Man muss vor Vertragsabschluss wissen, wie oft und wie lange man wohin telefoniert, um den besten Tarif zu treffen.
Datenvolumen gilt nur pro Tag oder Monat. Wenn man an einem Tag versehentlich 5 GB aufbraucht, ist die Bandbreite für den Rest des Monats unbenutzbar. Dabei wurde im Rest des Jahres praktisch kein Volumen gebraucht. Wenn ich das nur vorher gewusst hätte.
Auslandsroaming ist absurd teuer. Auch für eingehende Gespräche. SMS und Daten genauso.
5 Megabyte (in Worten: fünf) sind einfach nicht mehr Zeitgemäß für Datenvolumen (im Ausland) im Jahr 2014. Auch nicht 25 oder 50.
Überhaupt ist mir unklar, warum es eine Begrenzung für Datenvolumen und/oder Bandbreite geben muss. Die Technik steht da rum. Selbst wenn ich für deren Nutzung zahlen wollte, gäbe es keinen passenden "Tarif" für mich.
Warum Dienste für die Ausnahme aus dem Datenvolumen zahlen dürfen halte ich für eine Verzerrung der Realität. "Das Internet"™ ist damit effektiv "Das freie (inklusive) Internet" bestehend aus wenigen Webseiten/Diensten von Großkonzernen und "Das freie Internet", zu dem wir alle Zugang haben, aber dafür bitteschön extra zahlen sollen. WTF!? Frau Merkel.
VoIP-Dienste und eine zufällige weitere Auswahl von Diensten oder Daten ist nicht erlaubt und wird per QoS gedrosselt. Mein VPN zählt anscheinend auch dazu - zumindest manchmal.
Eine technische Störungsmeldung scheint unmöglich zu sein.
Fazit: Bei einem Betrag zwischen 50 und 100 EUR pro Monat erwarte ich einfach mehr, als mir geboten wird. (Anbieterunabhängig)
]]>I wrote this little script, and then I found a neat little debian package Cruft that performs exactly that task (written in shell, but ok).
]]>But sometimes, the ini file describes very similar sections, such as:
In order to eliminate this redundancy, qmon's ini-file parser defines macros inspired by C++ style #defines:
This kind of macro preprocessor is used in the qmon monitoring system to simplify the task of configuring the same check over and over again for each host to be monitored.
]]>Check out tmpmail on github.
Interesting observation: A few hours after starting the server, the first scanners started spamming or rather probing. The first few emails received contained a correct 'Received' header that would ordinarily have been inserted by the receiving end. Two months later four distinct To/From combinations send probes on a regular basis from different IPs. I guess this is botnet related. Never mind.
The actual purpose of this exercise was to be able to receive emails from software during a security audit, e.g. password recovery, registration confirmation, newsletters, status emails. For short-term analysis I prefer the python-script mailsink, but tmpmail is best suitable for long-term tests and provides permanent storage.
]]>What I can live without: - host groups - notification groups - complicated and extensive configuration - logging - remote check execution - a daemon
Even though there are many (many many many) monitoring solutions available, most are packed with features not needed here and rather difficult to deactivate. So I decided to write a simple and slim alternative: QMON.
]]>