A software engineer in Munich, Germany.
The RSS's url is : https://victor.kropp.name/blog/index.xml
2024-09-14 02:28:18
In January, I got a chance to try golf for the first time. We were in Cyprus, so the grass was perfect even in mid-winter. The weather wasn’t, as it was pouring for a good portion of the masterclass.
We were trained by a professional British golfer who has long retired. He was very passionate about the game and eagerly explained to us everything we wanted to know.
Thanks to that opportunity, I came to understand that I don’t like golf. I’ve spent some good time with friends, but the learning curve to master the game is quite steep. It will bring me little joy to play it knowing I can’t control the ball.
However, there was the other thing I also learned that day: the whole golf course terminology (par, handicap, etc.), which I can now put in good use to map some nearby golf courses on OpenStreetMap. For example, this one in Puchheim, which I occasionally run or ride nearby.
This is post 17 of #100DaysToOffload
2024-09-11 15:08:44
I had some very intense working weeks, followed by a well-earned vacation in August, so I skipped blogging during this period. And now I’m making up for it.
We do it dozens of times a day, every day, but why do we call it logging in?
An absurdly simple algorithm to draw rounded rectangles and how they become an indispensable part of every user interface.
I don’t plan to buy an electric bike anytime soon, but I wish more people could enjoy cycling, and e-bikes really help with that.
The method described in the article is quite expensive, requires specialized hardware and physical access to the token, but nonetheless it is a serious security issue.
I need to start a regular Map of the Month section in this digest.
I’ve been reading, writing, editing and commenting on tons of Google Docs lately, so let’s name it my App of the Month. And it really deserves it.
Useless, but fun.
Interesting how this effect can be observed in many different languages and cultures.
This is post 16 of #100DaysToOffload
2024-07-26 01:30:09
Chile is so long, it’s curved.
In this article full of various maps, the unique position of Chile, which leads to its unique shape, is explained. I love maps.
I remember the original Optimus keyboard, which featured a display under each key. Of course, I never had one, as I was a student in those days, and it was ridiculously expensive. Cool how it was reborn in a gadget owned by millions now.
How many times do you have to riffle a deck of cards before it is completely shuffled?
When you have buy-in, people will actively work toward the goal instead of just agreeing to it. Getting buy-in is hard.
The higher you climb the career ladder, the more it is about soft skills rather than hard skills.
Read this if you’re writing shell scripts as part of your automations.
I haven’t highlighted Spotify here yet, but it is an app I can’t image my life without. I’m listening to music all day long on, when I work or work out, during commutes, when I’m relaxing at home or getting asleep.
With all music streaming services having more or less the same catalog, Spotify is a clear winner for me in terms of their suggestions. My Monday starts with Discover weekly and 99% of my current rotation I discovered thanks to Spotify.
Paperless-ngx is a document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
I’m working on organizing my document storage, and so far I’ve been delighted with Paperless. More on it later, after I fully convert my document archive.
Angzarr (⍼) is the name of a ghost character-like Unicode symbol of unknown origin.
This is post 15 of #100DaysToOffload
2024-07-22 23:19:16
This weekend I tried stand-up paddling for the first time. We had a great time both Saturday and Sunday at Lake Starnberg with our kids and friends.
It was hot and sunny, and it is a day you want to spend near or in the water.
Our board has buoyancy to carry an adult and two kids, and that’s what we did. Kids enjoyed it a lot, they liked gliding in calm shallow waters near the shore and watching around.
It was a perfect weekend until the board exploded (the seam was a bit loose) in the middle of the second day. Luckily for us, we were ashore at that moment, but the board now needs repair or replacement. Hopefully, I’ll be able to sort it out before the next weekend. As it is forecasted to be as hot as this one.
This is post 14 of #100DaysToOffload
2024-07-18 01:54:28
We redesigned Toolbox App last year, and its new look has recently been released. This is probably the last unreleased feature of the app that I’ve touched before leaving the team in April.
So, I decided now is a good time to share a timelapse of the Toolbox App interface as it evolved over the years.
I wish the team all the best, and exciting new development ahead!
This is post 13 of #100DaysToOffload
2024-07-05 23:39:26
In the first part I’ve shown the simple way
to manage DNS with dnscontrol
.
However, I started the migration not only to consolidate all domain configs in one place,
but also to apply best practices in their management.
DNS was developed quite long ago. It was designed to be distributed, but without security in mind. It just wasn’t an issue back then.
The same with HTTP.
Only in recent years, websites have become HTTPS by default.
HTTPS requires a valid certificate issued by some trusted Certificate Authority.
To prevent unauthorized CA from issuing certificate for a domain,
one may use a CAA
DNS record specifying allowed authorities.
However, unless the DNS records themselves are verified,
it doesn’t prevent malicious actors from forging them, including the CAA
record.
Here comes DNSSEC.
The main idea behind it is to sign DNS records, so that any client may verify that they are not changed as a part of MITM attack.
Not every DNS provider supports DNSSEC, unfortunately. That was one of the reasons for me to change the DNS provider in the first place.
I chose deSEC – a free DNS provider built with security in mind to promote DNSSEC.
Since it is fully supported by dnscontrol
migration there was a breeze.
deSEC is hosted in Germany and supported by non-commercial organization. If you decide to use their services, please consider donating. These donations are tax-deductible in Germany.
Signing keys publication needed to be done manually, but that was not a big issue for me.
However, I wish dnscontrol
would be able to handle it.
To verify the security of your zone, you may use DNSSEC Analyzer. Here, for example, is a report for kropp.name.
And with that, I consider my DNS setup complete and future-proof.
This is post 12 of #100DaysToOffload
2024-07-02 01:39:26
I own a number of domains for my personal website, hobby projects, and, of course, those awesome side project ideas, which were never implemented. These domains are registered by two different registrars, hosted on multiple providers, and provide different services (e.g., mail, VPN, etc.) Managing and updating them manually every time is tedious and error-prone.
So I finally decided to automate it.
I considered several options, including terraform
,
but ended up with a much simpler dedicated solution: dnscontrol
.
It features a simple DSL for DNS zones descriptions
and provides integrations with many popular DNS registrars and hosting providers.
DNSControl is also very user-friendly and extremely easy to start with. All you need is to set up credentials (API tokens) for all third-parties and invoke
dnscontrol get-zones --format=js --out=draft.js your-provider
dnscontrol
infers your current setup by accessing provider’s API.
Here’s a sample of draft configuration for this domain (some entries omitted for brevity):
D("kropp.name", REG_CHANGEME,
DnsProvider(DSP_DO),
DefaultTTL(3600),
//NAMESERVER("ns1.digitalocean.com."),
//NAMESERVER("ns2.digitalocean.com."),
//NAMESERVER("ns3.digitalocean.com."),
A("@", "165.227.134.122", TTL(1800)),
MX("@", 10, "aspmx1.migadu.com."),
MX("@", 20, "aspmx2.migadu.com."),
CNAME("victor", "kropp.name.", TTL(1800)),
CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL),
AAAA("@", "2a03:b0c0:3:d0::cd:1"),
END);
This is an (almost) usable configuration, I only needed to provide a registrar in the first line. And after that refactor the configuration to extract common parts, which are shared between domains.
For example, I use Migadu for all my mail. Email setup requires setting around 10 DNS entries nowadays, and it appeared that none of my domains had all of them. Now, I’m using a common function, which configures e-mail for the domain with all best practices applied:
var MAIL_TTL = TTL(14400);
var VERIFICATION_TTL = TTL(43200);
var MIGADU_MAIL = function(domain) {
return [
MX("@", 10, "aspmx1.migadu.com.", MAIL_TTL),
MX("@", 20, "aspmx2.migadu.com.", MAIL_TTL),
CNAME("key1._domainkey", "key1." + domain + "._domainkey.migadu.com.", VERIFICATION_TTL),
CNAME("key2._domainkey", "key2." + domain + "._domainkey.migadu.com.", VERIFICATION_TTL),
CNAME("key3._domainkey", "key3." + domain + "._domainkey.migadu.com.", VERIFICATION_TTL),
TXT("@", "v=spf1 include:spf.migadu.com -all"),
TXT("_dmarc", "v=DMARC1; p=quarantine;"),
CNAME("autoconfig", "autoconfig.migadu.com."),
SRV("_autodiscover._tcp", 0, 1, 443, "autodiscover.migadu.com."),
SRV("_submissions._tcp", 0, 1, 465, "smtp.migadu.com."),
SRV("_imaps._tcp", 0, 1, 993, "imap.migadu.com."),
SRV("_pop3s._tcp", 0, 1, 995, "pop.migadu.com."),
]
}
And now setting up a new domain is a breeze!
After you’ve finished, move draft.js
to dnscontrol.js
and run
dnscontrol preview
This command verifies the configuration and lists all potential changes. After you verify they are intended, run
dnscontrol push
to apply them.
That’s it.
DNSControl uses creds.json
file with the following content to access providers on your behalf.
{
"digitalocean": {
"TYPE": "DIGITALOCEAN",
"token": "$DO_TOKEN"
}
}
Although you can put all tokens right there, you cannot place the file under version control then.
Instead, I use environment variables for sensitive tokens.
This allows me to track this file.
This is important because provider ids are used in dnsconfig.js
, and it also provides changes history.
Now all my domains are under dnscontrol
and their configuration is tracked with git
.
If the need arises to move them to another DNS provider, it would be a piece of cake.
This is post 11 of #100DaysToOffload
2024-06-28 01:36:09
It’s been a busy month, and I mostly read books, but still have some articles to recommend.
My high school teachers and university professors always taught me not to remember theorem proofs by heart, but instead remember the process, thought flow. Actors seemingly use the same trick.
A showcase how important is domain ownership. As soon as you published something on the web, or shared your email, you need to maintain the domain for life.
Even before finishing reading this article, I found out that Lego just released a very similar official set. This MOC is clearly superior.
This visualization is maybe ten years old already, but it is still mesmerizing. I want to find a reliable data source and re-create it for Munich S-Bahn trains.
A sarcastic rant from the author of htmx
himself.
It was a month of travels for me, and I’ve used a boatload of different traveling apps to buy tickets, book hotels, check flight statuses, find the best public transport and running routes in at least 3 different cities, or just look at the map trying to figure out where am I today.
I can’t highlight any single one of them, as my use cases are temporary by their very nature. And as soon as leave the city, I delete their transit app. ¯\_(ツ)_/¯
My webserver of choice for hobby projects and this very page. Works out of the box with minimal configuration and automatic SSL via Let’s Encrypt.
The wind phone (風の電話, kaze no denwa) is an unconnected telephone booth in Ōtsuchi, Iwate Prefecture, Japan, where visitors can hold one-way conversations with deceased loved ones.
This is post 10 of #100DaysToOffload
2024-06-26 01:47:18
I recently upgraded my good old Bose QuietComfort 35 headphones, which flawlessly served me for more than eight years. I looked for options, even asked colleagues on Slack, and received tons of suggestions, but ultimately decided for Bose again.
I didn’t want in-ear headphones because I never can make them work for me. I tried AirPods Pro, for example, but immediately returned them, as I wasn’t able to plug them in securely. Even though I liked their noise cancellation, awareness features and, of course, interoperability, the proper fit is essential.
I’ve already battle-tested my new Ultra headphones on trains and planes, and can now share my initial impressions.
The main weakness of QuietComfort 35 headphones was the quality of ear cups and headband. I replaced them many times over the years. I have no idea how well would Ultra survive the extensive use, I just hope it would be better than its predecessor.
Overall, I’m delighted to have these headphones. They maybe are a bit overpriced, but I got a great deal which cut down the price almost to 60% of the original. And since I see it as an investment for the next 8–10 years, I’m pretty satisfied.
This is post 9 of #100DaysToOffload
2024-06-11 21:08:09
The annual Apple’s WWDC Keynote took place yesterday, and here are all the things that caught my attention.
The upcoming macOS release will bring iPhone Mirroring. I’ll see if I need it during a regular workday, as I don’t need any additional interruption, and all required apps are already on my Mac. However, it may become a lifesaver for those who accidentally break the phone screen, rendering it useless. Now, they will be able to access the phone and extract all needed information more easily.
I’ve been using Rectangle, and since I only need a few basic window tiling/movement actions, I probably would be able to drop it in favor of a built-in functionality.
A calculator, finally! Not so much excited about math notes. They seem to be targeted to students, while I can’t remember when I needed such a thing last time.
Script writing can be a cool way to create very own xkcd-like comics. And it is a legit application of ML.
These are long awaited features, which have been available on Android for ages. And, finally, I will be able to remove the Flashlight icon from the Lock screen, which I have accidentally launched so many times.
Nothing really exciting for me, except maybe redesigned Fitness+ app, but I had no complaints about it.
The most exciting update for me personally, however, it will force me to replace my first-gen Watch SE, as it is no longer compatible.
I’m looking forward to seeing how Training load and Vitals trends will work. Apple’s health and fitness apps know a lot about me (much more than any other), so I hope these new metrics will be trustful and actually useful.
My longstanding complaint about Activity Rings implementation is that it is absolutely impossible to have a rest day. If you’re into this game and want to keep your streak going, you should train even when it actually a wrong thing to do. Proper rest is a key to fitness level progress.
I could have put Hiking routes to a good use, but it seems to be limited to US National Park, at least for now.
A dedicated Passwords app may be a huge deal for many, but I’m going to stay with 1Password for the foreseeable future. I just don’t want to put all eggs in a single basket.
There are many quality-of-life improvements in the Notes app, which I highly appreciate: like highlights, collapsible headings.
I can hardly imagine myself using Genmoji, but I’m looking forward to using Writing tools.
Similarly, I haven’t used Siri much, as I simply could achieve everything I needed much faster without it. With this update, and an ability to write to Siri, instead of issuing voice commands, I may start using it.
These updates bring lots of useful features across the whole ecosystem, and I can’t wait to start using them.
This is post 8 of #100DaysToOffload