Bye Evernote, Hi Joplin

Well, Evernotes past year or so was a bummer as a customer. Don’t take it from me; just have a look at the Evernote Reddit, and it echoes exactly what I saw for quite some time:

  • The new Android App was much slower than before – scans of documents suddenly were barely usable – it took around a minute to snap a picture of a document and scan it, and the app sometimes crashed in the process.
  • Mac App also got terribly slow and memory hungry; the old app was fast.
  • New Pricing model – I mean… why…

As my renewal would have come around soon, I’ve started looking into all sorts of alternatives, and the most promising one seems to be the open-source note-taking app Joplin.

As I rarely need the online Sync for note-taking exporting from Evernote and importing everything into Joplin was easy, just two or three notes that had issues, but that was an easy fix — or better said a cleanup as those notes were ancient and not needed anymore. And OMG, the web clipper of Joplin is so fast and has a few features I like a lot.

My workflow for Document scans currently runs through Dropbox, something I’ll look into when I got more time. But for now, that’s enough, and the Dropbox App gives me a nice PDF that I can Import and File where it’s needed. Also, having documents in the Note-taking app is something I stopped a while ago, so the PDFs live in a separate file structure that works for me.

The really cool thing about Joplin is that there are tons of Plugins available to tweak the app to your needs. And suppose I ever need Joplin to sync my data to secondary devices. In that case, there are several ways of getting this done, as it supports Dropbox, Nextcloud and Joplin Server – which is just another Container to run somewhere.

So far, I’m happy having liberated my notes into a System that works better and provides a lot of flexibility.

Abt. kognitive Dissonanz

In einer Woche lädt die SVP interessierte Mitglieder zu einer «Arbeitstagung» ein. Das Thema: «Luxus-Sozialisten in den Städten diktieren der Landbevölkerung das Leben». Geleitet wird die Tagung vom Zürcher Nationalrat Thomas Matter. Das Vermögen des Bankiers und Unternehmers wird auf 200 Millionen Franken geschätzt. Er lebt in Meilen an der Zürcher Goldküste. Einer Gemeinde, die über weniger Landwirtschaftsfläche verfügt als die luxussozialistische Stadt Zürich.

Quelle Zuger Zeitung / Schweiz am Wochenende – 21. August 2021

Wenigstens Spalten wir die Bevölkerung nicht mehr nach Herkunft, sondern weiten den Stadt-Land-Graben ein bisschen aus. Als sogenannter Luxus-Sozialist Städter finde ich es befremdlich, mir von Multimilionärinnen in meinen Mandelmilch-Kaffee spucken zu lassen (der war teuer!).

Alternativ sollte man sich den Twitter Thread zu den neuen “Feinden” der SVP zu Gemüte führen.

Angelesen #80

Here’s another free CA as an alternative to Let’s Encrypt! (scotthelme.co.uk)

Now, if Let’s Encrypt are having a bad day and you can’t get a certificate from them for whatever reason, you have a problem. This is why a backup CA is so important, we must have other options.

New CAs with the ACME API – I like this a lot!

macOS 11’s hidden security improvements (blog.malwarebytes.com)

Who benefits from NO_SMT and TECS? Google.

I’ve looked everywhere and no one else seems to use these mitigation APIs. The only source code match (outside of the macOS 11 and 12 SDKs, and the XNU source code itself) is Chromium. The only binary matches on my macOS 11 machine (outside of system libraries) are the Chrome and Electron frameworks, i.e. Chromium. Not even Safari seems to use them!

MacOS 11 has quite some security improvements under the hood and it seems that they are not widely adopted yet.

My Philosophy on Alerting (docs.google.com)

My Philosophy on Alerting based my observations while I was a Site Reliability Engineer at Google

I stumbled over this within the Alerting Documentation of Prometheus.

Tempo 30 in Schweden – Die Jugend fährt Zeitlupe (tagesanzeiger.ch)

In Schweden dürfen schon 15-Jährige Autofahren – aber nicht schneller als 30 Stundenkilometer. Im ganzen Land sind deshalb viele stolze Verkehrshindernisse unterwegs.

Irgendwie geil 🙂

How does Cloud SQL maintenance work? (cloud.google.com)

The good first part of how Cloud SQL Instances get maintained – Waiting for Part 2 as there might be much more to it than meets the eye in the first place.

Wie sehen die tierischen Ersatzprodukte der Zukunft aus? (urkraut.ch)

Braucht es Ersatzprodukte überhaupt?

Zuerst zum Elefanten im Raum: Ja, es braucht pflanzliche Ersatzprodukte. Unsere Ernährung basiert auf Traditionen. Mit dem Erwachsenwerden kristallisieren sich auch unsere Vorlieben heraus. Dadurch können wir nicht einfach verlangen, dass alle Menschen auf die ihnen gewohnten Produkte, wie beispielsweise Fleisch, verzichten. Das wäre ungesund.

Zusammenfassung und Empfehlungen Welle 47 (projekte.uni-erfurt.de)

Risikowahrnehmung und Schutzverhalten — Impfbereitschaft und Impfpflicht — Bereitschaft zur Impfung eigener Kinder — Vertrauen, Ablehnung von Maßnahmen und Demonstrationsbereitschaft — Delta-Variante und Vierte Welle

Bei einer Recherche bin ich über die grossartige Publikation der Uni Erfurt, RKI und vielen andern, welche eine gute Übersicht in Deutschland über das Wissen, Risikowahrnehmung, Schutzverhalten und Vertrauen in der Pandemie untersuchen.

Slack Certified Admin (slackcertified.com)

For Slack admins at organizations of all sizes, you’re in the right place to learn and prove your skills.

I am not sure what to think of it…

H/T Toby

Vor und nach der Flut 2021: Die Ahr-Rotweinstraße von Altenahr nach Dernau (youtube.com)

Embrace ephemerality with default disappearing messages (signal.org)

Until now, disappearing messages had to be enabled on a per-conversation basis, but for those who want to take ephemerality to the fullest, Signal now supports the ability to preconfigure all conversations you initiate with a default timer.

We’ve also added the ability to set custom timer durations on your conversations, so that some content can be gone in 60 seconds and others can exist for 18 minutes or 4 weeks. Install Signal, and give it a shot today!

Default on 4 Weeks it is!

Open sourcing a more precise time appliance (engineering.fb.com)

we’ve built a new dedicated piece of hardware called Time Appliance, which consists of a GNSS receiver and a miniaturized atomic clock (MAC). Users of time appliances can keep accurate time, even in the event of GNSS connectivity loss. While building our Time Appliance, we also invented a Time Card, a PCIe card that can turn any commodity server into a time appliance.

Alternatively: Build a Stratum-1 NTP Server for normal people.

Effective Alerting in Practice (newrelic.com)

No one ever said that alerting was easy. How do we ensure that alerts are delivered in a timely manner while preventing as many false positives and negatives as possible? Additionally, how do we make sure we’re detecting issues on time and not waking up our users in the middle of the night with false alarms? Alert fatigue is a real thing.

Very good documentation on effective Alerting strategies from New Relic.

Angelesen #79

One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization (arxiv.org)

This paper introduces a new approach to attack SEV-protected virtual machines (VMs) by targeting the AMD-SP. We present a voltage glitching attack that allows an attacker to execute custom payloads on the AMD-SPs of all microarchitectures that support SEV currently on the market (Zen 1, Zen 2, and Zen 3). The presented methods allow us to deploy a custom SEV firmware on the AMD-SP, which enables an adversary to decrypt a VM’s memory. Furthermore, using our approach, we can extract endorsement keys of SEV-enabled CPUs, which allows us to fake attestation reports or to pose as a valid target for VM migration without requiring physical access to the target host

Power glitch attacks against AMD’s Secure Encrypted Virtualization

Universal income for open source maintainers (futureu.europa.eu)

First reaction : Yes
Second reaction: No, UBI should be there for everyone

GPSD time will jump back 1024 weeks at after week=2180 (23-October-2021) (gitlab.com)

This code is going to trigger a 1024 week backward time jump from Saturday October 16, 2021 to Sunday March 3, 2002.

whoopsie time and date are still very complex problems – yes, looking at you year 2038 problem

usb-c cable colour codes (sa.lj.am)

USB-C was supposed to be the answer to the chaos that is charge and data cable compatibility. And to an extent it was. It unified ports and reduced the amount of cables and chargers I need to travel with. The cables themselves, however, turned out to be a mess. They come in many varieties with obtuse names, confusing markers, and unclear compatibility rules. Yet they all look exactly the same.

This is a very neat colour scheme to patch my cables with – the main issue is… how do I identify those cables?

Amazon’s older Kindles will start to lose their internet access in December (theverge.com)

My Kindle has come of age; sad to see the internet go – I think that was one of the first devices I got that just came with Cell-Based internet right from the start.

Having the very rustic browser and internet wherever you go was a great thing to have several years ago. Now with easier roaming, it’s a thing of the past.

SSD belonging to Euro-cloud Scaleway was stolen from back of a truck, then turned up on YouTube (theregister.com)

Lechelle said Scaleway worked with the YouTuber to recover the disk. The French-language video creator has written to Scaleway with assurances they have not copied the information contained on the disk. It is said some customer data was on the drive, unencrypted, including the source code and SSH keys of an Italian VPS provider.

wow what a nightmare when a disk of a cloud provider just shows up on a marketplace

Bundesgerichtshof: Cum-Ex-Geschäfte sind strafbare Steuerhinterziehung (correctiv.org)

Anders ausgedrückt: Die Geschäfte, mit denen Hunderte Beteiligte über Jahre hinweg viele Millionen Euro, wenn nicht Milliarden Euro, verdient haben, sind nach Ansicht des Karlsruher Gerichts strafbar. Diese Entscheidung hat Auswirkungen auf viele Prozesse, die derzeit bei deutschen Gerichten laufen. In den kommenden Monaten und Jahren dürfte es zu weiteren Verurteilungen kommen, bei denen die Hauptverdächtigen mit harten Haftstrafen rechnen müssen.

Das wird spannend, wenn die Cum-Ex-Geschäfte strafbare handlungen nach sich ziehen, wird es vermutlich einige Rückzahlungen geben (hoffentlich)

Special Swiss Hosting: «Man darf von digitaler Kolonialisierung sprechen» (itmagazine.ch)

Die grosse Geopolitik findet nun auch online statt, das ist so. Die Schweiz ist ihr Spielball und hat nur eine Option: Sich für eine Weltordnung einzusetzen, die auf Regeln basiert, nicht auf dem Recht des Stärkeren." @anderageru

Das Europa ziemlich viele technologische Schritte verpasst hat wird nicht nur in der IT sichtbar sondern eigentlich fast in jeder Branche wo China quasi der einzige Ansprechspartner ist (Solarpanels, Windanlagen, Lithium-Ionen-Akkus etc.)

Angelesen #78

A short one this time – The before the links rot away 😉

Urschweiz reicht nicht (republik.ch)

Wie in allen westlichen Demokratien schreitet die Polarisierung auch in der Schweiz voran und ist durch die Pandemie verstärkt worden. Die klassischen Gräben haben sich noch einmal vertieft: zwischen Stadt und Land (bezüglich Impf­bereitschaft), zwischen den Sprach­regionen (Betroffenheit, Aktionismus der Behörden), zwischen links und rechts (Unterstützungs­leistungen, Massnahmen­akzeptanz).

Die parteipolitische Fraktionierung nimmt weiter zu, demnächst wohl mit Folgen für die Zusammen­setzung der Schweizer Landes­regierung. Die politischen Felder, in denen sinnvolle Kompromiss­bildung kaum mehr möglich zu sein scheint, werden zahlreicher. Renten, Europa, Klima – und jetzt mit potenziell dramatischen Konsequenzen: das Impfen. Wenn der Föderalismus tatsächlich unsere beste Hoffnung ist, ist das nach heutigem Stand vermutlich keine gute Nachricht.

Wär ja was ganz neues wenn nicht alles auf Spaltung und Polarisierung rausläuft…

Lens 5 Features | Securely access shared K8s clusters (mirantis.com)

Accessing clusters through Spaces is simpler and faster than ever before; users no longer need to browse for or cut and paste a local kubeconfig, which is the normal way to tell Lens how to connect with a new cluster. Now, with Spaces, the effect is the same: you enjoy exactly the same customizable subset of access privileges and restrictions an administrator would normally set up for you using RBAC and roles and access control, which still govern your access. Now, users can access clusters without searching for, downloading, emailing, or otherwise fiddling with kubeconfigs (or with port forwarding, tunneling, VPNs, or any of the other complications required for secure networking).

Several toolchains start to move into the RBAC and cluster access space when it’s about Kubernetes.

Agile at 20: The Failed Rebellion (simplethread.com)

Jeffries in the article mentioned above, says, “However, the values and principles of the Manifesto for Agile Software Development still offer the best way I know to build software, and based on my long and varied experience, I’d follow those values and principles no matter what method the larger organization used.”

Is It Possible To Make IoT Devices Private? Amazon Echo Dot Does Not Wipe Personal Content After Factory Reset (cpomagazine.com)

Academic research performed on 86 used Amazon Echo Dots has found that the factory reset does not truly wipe data from the devices; it can still be recovered with relatively basic forensic techniques. Echo Dots commonly contain WiFi passwords, router MAC addresses, and Amazon logins among other pieces of sensitive information.

Ruh-roh

Building a huge storage drawer for my Van! (youtube.com)

Oh now I would like to rebuild a few things! (and I need/want more Eurocrates 😂)

Gotenberg · A Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF. (gotenberg.dev)

This looks like a nice solution to replace wkhtmltopdf and athenapdf 🎉

Maker’s Schedule, Manager’s Schedule (paulgraham.com)

I find one meeting can sometimes affect a whole day. A meeting commonly blows at least half a day, by breaking up a morning or afternoon. But in addition there’s sometimes a cascading effect. If I know the afternoon is going to be broken up, I’m slightly less likely to start something ambitious in the morning. I know this may sound oversensitive, but if you’re a maker, think of your own case. Don’t your spirits rise at the thought of having an entire day free to work, with no appointments at all? Well, that means your spirits are correspondingly depressed when you don’t. And ambitious projects are by definition close to the limits of your capacity. A small decrease in morale is enough to kill them off.

Talking to Bryan lately about balancing between meeting driven schedules and creativity centric schedules (yes I account coding, taking care of infrastructure and solving problems as creative work; or at least the solutions to it). Re-Reading Paul Grahams Makers vs Managers Schedule was somewhat eye-opening.

Mitchell’s New Role at HashiCorp (hashicorp.com)

There are also personal elements to this decision. I founded HashiCorp as an engineer passionate about infrastructure tooling. But as a founder, my role at times has had to expand well beyond and away from that. That’s the price of being a founder: you do whatever is necessary of you, even if there are parts of the role that don’t particularly motivate you. And over the course of nearly a decade building HashiCorp into a multi-billion dollar company, I’ve continuously reaffirmed that I’m still an engineer at heart and I’m ready to more officially get back to focusing on that.

Awesome to see that big teams like HashiCorp can perform such changes. And happy for Mitchell to get into his new role 🎉