A software engineer in Munich, Germany.
The RSS's url is : https://victor.kropp.name/blog/index.xml
Please copy to your reader or subscribe it with :
2024-07-26 01:30:09
Chile is so long, it’s curved.
In this article full of various maps, the unique position of Chile, which leads to its unique shape, is explained. I love maps.
I remember the original Optimus keyboard, which featured a display under each key. Of course, I never had one, as I was a student in those days, and it was ridiculously expensive. Cool how it was reborn in a gadget owned by millions now.
How many times do you have to riffle a deck of cards before it is completely shuffled?
When you have buy-in, people will actively work toward the goal instead of just agreeing to it. Getting buy-in is hard.
The higher you climb the career ladder, the more it is about soft skills rather than hard skills.
Read this if you’re writing shell scripts as part of your automations.
I haven’t highlighted Spotify here yet, but it is an app I can’t image my life without.
I’m listening to music all day long on, when I work or work out, during commutes,
when I’m relaxing at home or getting asleep.
With all music streaming services having more or less the same catalog, Spotify is a clear winner for me in terms of their suggestions. My Monday starts with Discover weekly and 99% of my current rotation I discovered thanks to Spotify.
Paperless-ngx is a document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
I’m working on organizing my document storage, and so far I’ve been delighted with Paperless. More on it later, after I fully convert my document archive.
Angzarr (⍼) is the name of a ghost character-like Unicode symbol of unknown origin.
This is post 15 of #100DaysToOffload
2024-07-22 23:19:16
This weekend I tried stand-up paddling for the first time. We had a great time both Saturday and Sunday at Lake Starnberg with our kids and friends.
It was hot and sunny, and it is a day you want to spend near or in the water.
Our family SUP board
Our board has buoyancy to carry an adult and two kids, and that’s what we did. Kids enjoyed it a lot, they liked gliding in calm shallow waters near the shore and watching around.
It was a perfect weekend until the board exploded (the seam was a bit loose) in the middle of the second day. Luckily for us, we were ashore at that moment, but the board now needs repair or replacement. Hopefully, I’ll be able to sort it out before the next weekend. As it is forecasted to be as hot as this one.
This is post 14 of #100DaysToOffload
2024-07-18 01:54:28
We redesigned Toolbox App last year, and its new look has recently been released. This is probably the last unreleased feature of the app that I’ve touched before leaving the team in April.
So, I decided now is a good time to share a timelapse of the Toolbox App interface as it evolved over the years.
Toolbox App from 1.0 to 2.0
I wish the team all the best, and exciting new development ahead!
This is post 13 of #100DaysToOffload
2024-07-05 23:39:26
In the first part I’ve shown the simple way
to manage DNS with dnscontrol.
However, I started the migration not only to consolidate all domain configs in one place,
but also to apply best practices in their management.
DNS was developed quite long ago. It was designed to be distributed, but without security in mind. It just wasn’t an issue back then.
The same with HTTP.
Only in recent years, websites have become HTTPS by default.
HTTPS requires a valid certificate issued by some trusted Certificate Authority.
To prevent unauthorized CA from issuing certificate for a domain,
one may use a CAA DNS record specifying allowed authorities.
However, unless the DNS records themselves are verified,
it doesn’t prevent malicious actors from forging them, including the CAA record.
Here comes DNSSEC.
The main idea behind it is to sign DNS records, so that any client may verify that they are not changed as a part of MITM attack.
Not every DNS provider supports DNSSEC, unfortunately. That was one of the reasons for me to change the DNS provider in the first place.
I chose deSEC – a free DNS provider built with security in mind to promote DNSSEC.
Since it is fully supported by dnscontrol migration there was a breeze.
deSEC is hosted in Germany and supported by non-commercial organization. If you decide to use their services, please consider donating. These donations are tax-deductible in Germany.
Signing keys publication needed to be done manually, but that was not a big issue for me.
However, I wish dnscontrol would be able to handle it.
To verify the security of your zone, you may use DNSSEC Analyzer. Here, for example, is a report for kropp.name.
And with that, I consider my DNS setup complete and future-proof.
This is post 12 of #100DaysToOffload
2024-07-02 01:39:26
I own a number of domains for my personal website, hobby projects, and, of course, those awesome side project ideas, which were never implemented. These domains are registered by two different registrars, hosted on multiple providers, and provide different services (e.g., mail, VPN, etc.) Managing and updating them manually every time is tedious and error-prone.
So I finally decided to automate it.
I considered several options, including terraform,
but ended up with a much simpler dedicated solution: dnscontrol.
It features a simple DSL for DNS zones descriptions
and provides integrations with many popular DNS registrars and hosting providers.
DNSControl is also very user-friendly and extremely easy to start with. All you need is to set up credentials (API tokens) for all third-parties and invoke
dnscontrol get-zones --format=js --out=draft.js your-provider
dnscontrol infers your current setup by accessing provider’s API.
Here’s a sample of draft configuration for this domain (some entries omitted for brevity):
D("kropp.name", REG_CHANGEME,
DnsProvider(DSP_DO),
DefaultTTL(3600),
//NAMESERVER("ns1.digitalocean.com."),
//NAMESERVER("ns2.digitalocean.com."),
//NAMESERVER("ns3.digitalocean.com."),
A("@", "165.227.134.122", TTL(1800)),
MX("@", 10, "aspmx1.migadu.com."),
MX("@", 20, "aspmx2.migadu.com."),
CNAME("victor", "kropp.name.", TTL(1800)),
CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL),
AAAA("@", "2a03:b0c0:3:d0::cd:1"),
END);
This is an (almost) usable configuration, I only needed to provide a registrar in the first line. And after that refactor the configuration to extract common parts, which are shared between domains.
For example, I use Migadu for all my mail. Email setup requires setting around 10 DNS entries nowadays, and it appeared that none of my domains had all of them. Now, I’m using a common function, which configures e-mail for the domain with all best practices applied:
var MAIL_TTL = TTL(14400);
var VERIFICATION_TTL = TTL(43200);
var MIGADU_MAIL = function(domain) {
return [
MX("@", 10, "aspmx1.migadu.com.", MAIL_TTL),
MX("@", 20, "aspmx2.migadu.com.", MAIL_TTL),
CNAME("key1._domainkey", "key1." + domain + "._domainkey.migadu.com.", VERIFICATION_TTL),
CNAME("key2._domainkey", "key2." + domain + "._domainkey.migadu.com.", VERIFICATION_TTL),
CNAME("key3._domainkey", "key3." + domain + "._domainkey.migadu.com.", VERIFICATION_TTL),
TXT("@", "v=spf1 include:spf.migadu.com -all"),
TXT("_dmarc", "v=DMARC1; p=quarantine;"),
CNAME("autoconfig", "autoconfig.migadu.com."),
SRV("_autodiscover._tcp", 0, 1, 443, "autodiscover.migadu.com."),
SRV("_submissions._tcp", 0, 1, 465, "smtp.migadu.com."),
SRV("_imaps._tcp", 0, 1, 993, "imap.migadu.com."),
SRV("_pop3s._tcp", 0, 1, 995, "pop.migadu.com."),
]
}
And now setting up a new domain is a breeze!
After you’ve finished, move draft.js to dnscontrol.js and run
dnscontrol preview
This command verifies the configuration and lists all potential changes. After you verify they are intended, run
dnscontrol push
to apply them.
That’s it.
DNSControl uses creds.json file with the following content to access providers on your behalf.
{
"digitalocean": {
"TYPE": "DIGITALOCEAN",
"token": "$DO_TOKEN"
}
}
Although you can put all tokens right there, you cannot place the file under version control then.
Instead, I use environment variables for sensitive tokens.
This allows me to track this file.
This is important because provider ids are used in dnsconfig.js, and it also provides changes history.
Now all my domains are under dnscontrol and their configuration is tracked with git.
If the need arises to move them to another DNS provider, it would be a piece of cake.
This is post 11 of #100DaysToOffload
2024-06-28 01:36:09
It’s been a busy month, and I mostly read books, but still have some articles to recommend.
My high school teachers and university professors always taught me not to remember theorem proofs by heart, but instead remember the process, thought flow. Actors seemingly use the same trick.
A showcase how important is domain ownership. As soon as you published something on the web, or shared your email, you need to maintain the domain for life.
Even before finishing reading this article, I found out that Lego just released a very similar official set. This MOC is clearly superior.
This visualization is maybe ten years old already, but it is still mesmerizing. I want to find a reliable data source and re-create it for Munich S-Bahn trains.
A sarcastic rant from the author of htmx himself.
It was a month of travels for me, and I’ve used a boatload of different traveling apps to buy tickets, book hotels, check flight statuses, find the best public transport and running routes in at least 3 different cities, or just look at the map trying to figure out where am I today.
I can’t highlight any single one of them, as my use cases are temporary by their very nature. And as soon as leave the city, I delete their transit app. ¯\_(ツ)_/¯
My webserver of choice for hobby projects and this very page. Works out of the box with minimal configuration and automatic SSL via Let’s Encrypt.
The wind phone (風の電話, kaze no denwa) is an unconnected telephone booth in Ōtsuchi, Iwate Prefecture, Japan, where visitors can hold one-way conversations with deceased loved ones.
This is post 10 of #100DaysToOffload
2024-06-26 01:47:18
I recently upgraded my good old Bose QuietComfort 35 headphones, which flawlessly served me for more than eight years. I looked for options, even asked colleagues on Slack, and received tons of suggestions, but ultimately decided for Bose again.
I didn’t want in-ear headphones because I never can make them work for me. I tried AirPods Pro, for example, but immediately returned them, as I wasn’t able to plug them in securely. Even though I liked their noise cancellation, awareness features and, of course, interoperability, the proper fit is essential.
I’ve already battle-tested my new Ultra headphones on trains and planes, and can now share my initial impressions.
Me wearing brand new Bose QuietComfort Ultra headphones
The main weakness of QuietComfort 35 headphones was the quality of ear cups and headband. I replaced them many times over the years. I have no idea how well would Ultra survive the extensive use, I just hope it would be better than its predecessor.
Overall, I’m delighted to have these headphones. They maybe are a bit overpriced, but I got a great deal which cut down the price almost to 60% of the original. And since I see it as an investment for the next 8–10 years, I’m pretty satisfied.
This is post 9 of #100DaysToOffload
2024-06-11 21:08:09
The annual Apple’s WWDC Keynote took place yesterday, and here are all the things that caught my attention.
iPhone mirroring. Image: Apple
The upcoming macOS release will bring iPhone Mirroring. I’ll see if I need it during a regular workday, as I don’t need any additional interruption, and all required apps are already on my Mac. However, it may become a lifesaver for those who accidentally break the phone screen, rendering it useless. Now, they will be able to access the phone and extract all needed information more easily.
I’ve been using Rectangle, and since I only need a few basic window tiling/movement actions, I probably would be able to drop it in favor of a built-in functionality.
A calculator, finally! Not so much excited about math notes. They seem to be targeted to students, while I can’t remember when I needed such a thing last time.
Script writing can be a cool way to create very own xkcd-like comics. And it is a legit application of ML.
Home screen in dark mode. Image: Apple
These are long awaited features, which have been available on Android for ages. And, finally, I will be able to remove the Flashlight icon from the Lock screen, which I have accidentally launched so many times.
Nothing really exciting for me, except maybe redesigned Fitness+ app, but I had no complaints about it.
The most exciting update for me personally, however, it will force me to replace my first-gen Watch SE, as it is no longer compatible.
Training load in Fitness app on iPhone and Apple Watch. Image: Apple
I’m looking forward to seeing how Training load and Vitals trends will work. Apple’s health and fitness apps know a lot about me (much more than any other), so I hope these new metrics will be trustful and actually useful.
Activity rings settings in Fitness app on iPhone and Apple Watch. Image: Apple
My longstanding complaint about Activity Rings implementation is that it is absolutely impossible to have a rest day. If you’re into this game and want to keep your streak going, you should train even when it actually a wrong thing to do. Proper rest is a key to fitness level progress.
Hiking routes in Apple Maps. Image: Apple
I could have put Hiking routes to a good use, but it seems to be limited to US National Park, at least for now.
New Passwords app on iPad. Image: Apple
A dedicated Passwords app may be a huge deal for many, but I’m going to stay with 1Password for the foreseeable future. I just don’t want to put all eggs in a single basket.
There are many quality-of-life improvements in the Notes app, which I highly appreciate: like highlights, collapsible headings.
I can hardly imagine myself using Genmoji, but I’m looking forward to using Writing tools.
Similarly, I haven’t used Siri much, as I simply could achieve everything I needed much faster without it. With this update, and an ability to write to Siri, instead of issuing voice commands, I may start using it.
These updates bring lots of useful features across the whole ecosystem, and I can’t wait to start using them.
This is post 8 of #100DaysToOffload
2024-05-31 16:40:19
Spring is coming to an end, and hot sunny summer awaits. Time to unclutter the wardrobe, cabinets, and storage rooms. This year during a traditional spring cleaning I got rid (by either selling, giving away, or disposing) of:
And also a whole lot of kids stuff, including
I replaced only a bare needed minimum of this stuff. I’m by no means a minimalist, but very much enjoy reducing the amount of useless stuff in my life.
This is post 7 of #100DaysToOffload
2024-05-30 16:46:09
In which yours truly continues to collect interesting articles all around the world wide web.
curl maintainer Daniel Stenberg shares his open-source project guiding principles.
I truly believe these can and should be applied not only to curl, but to almost any open-source project.
Except maybe being independent, which is not always feasible.
Why the UX design is not about the looks.
Mastodon DDOSes popular open-source community news site.
I don’t understand music notation, but like how this article goes through the process step-by-step. And the end result looks very pleasant.
I like these ideas, and would appreciate if emails would be more widely used in modern web, except as the unique identifier for user logins.
Apple unveiled new generation iPad Pro and iPad Air earlier this month with even more performant and capable hardware. But it doesn’t make the difference, unless there are some fundamental changes in the iPadOS.
An interesting way to prepare status updates.
I’ve got a chance to attend KotlinConf last week and, of course, used the official app a lot.
And, it is built with Compose Multiplatform, which I’m currently working on at JetBrains.
Love the idea of minimizing the base layer of a world map to be easily embeddable everywhere.
Here is how platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. I call this enshittification.
This is post 6 of #100DaysToOffload