blog

Categories     Timeline     RSS

New old photos

I’ve added some rediscovered photos from 2014 and 2015:

pcb cube on light graffiti face anarchi toilet paper as seasonal product

Black Mirror Brainstorms

Yes, please.

Mail is so 90s

… that’s one of the usual answers, when you suggest using email for communication. Proposed better alternatives have been IRC, AIM, ICQ, MSN, Jabber, Skype, Mumble, StudiVZ, Facebook, Twitter, Instagram, Signal, Threema, Telegram, Slack, WhatsApp and I’m sure in 5 years this list will have grown longer. Here’s a comprehensive list of services where I have 15 years of archived conversations, full-text searchable with threads/topics: email.

Don’t get me wrong - mail sucks. But so do the alternatives. And I have heard some pretty weird notions about email lately which I want to discuss:

I don’t want to use the website of my mail provider every time just to write a message

I don’t know how this one started and spread, but I have heard it often. Mail did not start with webmail. You don’t have to use webmail. There are a plethora of mail clients and apps that will work with your mail provider.

I want to send pictures and videos

Nothing about email stops you from doing that. I have heard people say that you can’t do that on a smartphone. It’s nonsense. Get a better mail client.

I want notifications

Get a better mail client.

I only want some notifications

Get a better mail client. You can set rules to mark messages as read or ignore them.

I want group communication

That’s what mailing lists are for.

But I don’t know if the recipient has read the message

Mail has had return receipts/message disposition notifications for more than 15 years. If you want to creep on your conversation partners, you can.

But encryption…

Mail has PGP/GPG and S/MIME. They are clunky. Of the alternative services mentioned above, Jabber + Off-the-record messaging and Signal are better in this regard.

WhatsApp’s encryption protocol is cryptographically sound - they got it from Signal. So WhatsApp is secure. If the implementation is sound. If key generation was correct and your keys are actually worth a damn. If there are no backdoors in the app - WhatsApp is closed source, so who knows. If all of this can not be trivially bypassed anyway, because your Android phone probably belongs to the >50% of Android devices that don’t get security updates [1]. If you trust WA’s owner, Facebook, to not insert hidden members into group chats. If WA’s key management were not inherently untrustworthy.

Facebook has only one incentive for encryption: Listing it as a feature. And it is in the way of bigger incentives, like getting your data. If you think Facebook wants to secure your communication, you are delusional.

[1] https://media.ccc.de/v/34c3-8888-security_nightmares_0x12#t=1437

But spam

There are mail providers that actually manage to filter correctly. I’ve been told that GMail belongs to them. I have my own mail server and haven’t had a single spam mail ever. There was only one instance of overblocking. So it seems possible. Again the enemy seems to be ‘choice’.

HTTPS

All webservers/domains and subdomains on my machine serve https now. So far, this is optional for all domains except releases.fireandbrimst.one, because I think you should still be able to choose. On slow connections (think satellite connection in the middle of nowhere), https can still be a problem.

I used Oliver Kuederle’s pointers to configure nginx and obtain certs with lego. I did not like the official Let’s Encrypt certbot, too much magic and Python involved. Lego seemed like a sensible alternative.

The certificate will be renewed every month.

Parallel YouTube Download

Since youtube-dl still doesn’t incorporate parallel downloads, here is a one-liner (sort of) parallelizing playlist download with Unix tools:

youtube-dl "PLAYLIST_URL" --flat-playlist -j | awk '{print $2}' | tr -d ',"' | awk '{print "https://www.youtube.com/watch?v=" $0}' | xargs -n 1 -P 10 youtube-dl

Only works with newer versions of youtube-dl, older ones seem to shuffle the utilized JSON dump nondeterministically. xargs’ parameter P would be the knob to adjust the number of parallel processes.

< Older

Newer >