Angelesen #52 – GDPR, remote work and wireguard

After a slightly longer weekend (bank holidays are a fabulous thing) – Back in action! This week is fueled by a few GDPR/DSGVO articles.

fridge 0.1 (

How about a fridge powered entirely by solar panels without the powerwall? Zero battery use, and yet it still preserves your food.

That’s much cooler, because batteries, even hyped ones like the powerwall, are expensive and innefficient and have limited cycles. Solar panels are cheap and efficient now. With enough solar panels that the fridge has power to cool down most days (even cloudy days), and a smart enough control system, the fridge itself becomes the battery — a cold battery.

Interesting experiment with Solarpower and a Fridge!

The Amish understand a life-changing truth about technology the rest of us don’t (

The reason the Amish rejected television is because it is a one-way conduit to bring another society into their living rooms. And they want to maintain the society as they have created it. And the automobile as well. As soon as you have a car, your ability to leave your local community becomes significantly easier.

Good (Anti)Technology Longread

DSGVO – häufig gestellte Fragen, häufig verbreitete Mythen › Jan Philipp Albrecht (

GDPR #0: DSGVO-Panik

A 2-Year Stanford Study Shows the Astonishing Productivity Boost of Working From Home (

I feel I’m consistently at the most productive I’ve ever been in my entire life. My morning commute is a seven-second walk to my study and I actually start working far earlier than I did in the corporate world.

While I make it a point to not work any later than I did at a corporate office, I’m working more deeply with far fewer breaks in concentration. I quite often “get on a roll” that lasts four-plus hours at a time. I can’t remember the last such streak working in an office.

Surprised, much?

Kubernetes Gardener (

Many Open Source tools exist which help in creating and updating single Kubernetes clusters. However, the more clusters you need the harder it becomes to operate, monitor, manage and keep all of them alive and up-to-date. And that is exactly what project Gardener focuses on.

Looks interesting

Intel Shows Xeon Scalable Gold 6138P with Integrated FPGA, Shipping to Vendors (

A CPU partnered with an FPGA. Hello Future!

We Made a Tool So You Can Hear Both Yanny and Laurel (

We built a tool to gradually accentuate different frequencies in the original audio clip. Which word or name do you hear, and how far do you have to move the slider to hear the other? (The slider’s center point represents the original recording.)

I’m still left confused hearing two things at the same time…

John Byrd’s answer to What is the most sophisticated piece of software/code ever written? (

You would never expect that all those problems were caused by a computer worm, the most devious and intelligent computer worm in history, written by some incredibly secret team with unlimited money and unlimited resources, designed with exactly one purpose in mind: to sneak past every known digital defense, and to destroy your country’s nuclear bomb program, all without getting caught.

A good writeup on Stuxnet :)

WordPress 4.9.6 Privacy and Maintenance Release (

GDPR #1 – WordPress comes with new features!

  • Data Export
  • Data Erasure

Introducing Git protocol version 2 (

We recently rolled out support for protocol version 2 at Google and have seen a performance improvement of 3x for no-op fetches of a single branch on repositories containing 500k references. Protocol v2 has also enabled a reduction of 8x of the overhead bytes (non-packfile) sent from servers. A majority of this improvement is due to filtering references advertised by the server to the refs the client has expressed interest in.

New stuff comes to git!

There Will Be WireGuard (


[NEW] WireGuard for macOS
You can install wg-quick, wg, and wireguard-go using Homebrew. Then you should
be able to run wg-quick up whatever and familiar commands as you’re used to.
If you’re setting up a network manually, you can run wireguard-go utun3 in
place of the usual Linux command ip link add utun3 dev wireguard. Install
with the Homebrew command:
$ brew install wireguard-tools

Completely Silent Computer (

I’ve been trying to make my computers quieter for nearly three decades. Custom liquid cooling loops, magnetically-stabilised fluid-dynamic bearings, acoustic dampeners, silicone shock absorbers, you name it. Well, last week I finally managed to build a completely silent computer

Nice! Back when i had those towered confusers at home i tried (and often failed) to make them dead silent. But atleast they were silent enough to sleep next to them (25-30 dBA)

🎥 Iron Man Becoming Real (

Intersting talk on a Jetengine driven suit :D

A Dark Time for Data: WHOIS Blackout Period Likely Starting in May (

ICANN plans to settle on a final model by the GDPR enforcement date of May 25, at which point it will likely place all of the currently available WHOIS data behind a wall where it will no longer be accessible by the public. This “WHOIS blackout” period will last at least six months until ICANN likely implements its accreditation mechanism to allow third parties to access this “walled” data.

GDBR #2 – Whois!

The headers we don’t want (

At the same time, there are lots of headers that are hugely popular but aren’t new and aren’t actually all that useful

Good Article on the importance and un-importance of some headers that are blasted trough the net.

Mein erster DSGVO Rant – Zu viele Mythen und gefährliches Halbwissen zum neuen europäischen Datenschutzrecht (

GDPR #3 – Take whatever

Charlotte Roche: Verlasst die Städte! (

Im Wald triffst du keine anderen Menschen, die dir voll auf den Sack gehen, und bist nicht gezwungen, Plakate zu lesen, Werbung in deinen Kopf zu lassen und anschließend bei Amazon einzukaufen. Die Natur will dir nichts verkaufen. Du sollst nur sein, im Hier und Jetzt. Glücklich.

Anti-Tech Beitrag #2 ;)

Angelesen #51 – Serverless, Rowhammer and Disabled USB Ports

Wow what a week! After leaving Switzerland on Tuesday I made it to Verona  Italy by train where I had the chance to attend JSDay and speak at PHPDay. I am astonished how much work the organisation Team behind those Conferences puts in – They not only run JS- and PHPDay they even branched out into Devops, Containers, React and much more. Way to go! It was a smooth experience and I had tons of fun and learned a lot during the conference.


AWS won serverless – now all your software are kinda belong to them (

Leading Edge Forum’s Simon Wardley, never one to mince words, helps to parse what a 70 per cent (or 44 per cent) lead means: “Let me translate that for you. Amazon is currently positioned to own 70 per cent of the future of ALL software.” Developers, for their part, happily focus on writing business logic while AWS (or Microsoft/Google) handle all the server infrastructure. As Matt Wood, AWS general manager of Deep Learning and AI, told me: “With S3, DynamoDB, and Lambda, you can build apps without thinking about the underlying infrastructure.”

Just let that sink in for a minute, shall we? I’m very happy that there are alternatives to the walled gardens that seem to be oh-so-confortable.

Walmart has patented autonomous robot bees (

Walmart has just filed a patent for autonomous, robot bees. Yes, that Walmart — and no, you didn’t slip into another, stranger dimension. The mega-corporation’s patent specifically covers “pollination drones.” These tiny robots could act just like bees, pollinating crops autonomously.

Black mirror is it you?

Google YOLO (

Buttons are everywhere. Elevator buttons, machinery buttons, and even “Nuclear Button” that sits on the President’s office desk. But are you always sure the button you push really performs what you want it to do?

Fun with Buttons!

iOS 11.4 to Disable USB Port After 7 Days: What It Means for Mobile Forensics (

Apparently, iOS stores information about the date and time the device was last unlocked or had a data connection to a USB port. After the seven days elapse, the Lightning port will be disabled. Once this happens, you will no longer be able to pair the device to a computer or USB accessory, or use an existing lockdown record, without unlocking the device with a passcode. The only thing you’ll be able to do is charging.

A good move! Wondering when Google draws level disabling the USB ports after a while.

Russlands Staatsfeind Nummer eins (

Das russische Internet steht kopf, seitdem Moskau versucht, den Kurznachrichtendienst Telegram zu blockieren. Wer ist Telegram-Gründer Pawel Durow, der als «russischer Zuckerberg» gilt?

Good Longread on Telegram and how their Founder operates.

Conference Buddy (

The idea was born for a simple reason: While I love going to meetups, barcamps and conferences, I don’t like going on my own when I don’t know anyone. Even the thought is intimidating. And I can’t be the only one, right?

A thing we talked about at PHPDays Verona during the past week. Great initiative!

Now Is The Perfect Time For An RSS Renaissance (

So the very idea of RSS – obtaining content from a website without having to visit the site itself – is due for a comeback. No ads. No suspicious javascript. Just the signal without the noise. It’s not perfect privacy, but it’s one step back and two steps forward in the right direction.

Still on RSS. Never went away from it… even if it feels a bit oldscool. Own your content.

Victory! Fourth Circuit rules that border officials can’t subject electronic devices to suspicionless forensic searches (

Now, in U.S. v. Kolsuz, the first appellate ruling since Riley, the Fourth Circuit appeals court has held that it is unconstitutional for US border officials to subject visitors devices to forensic searches without individualized suspicion of criminal wrongdoing.


Passive Wi-Fi: Bringing Low Power to Wi-Fi Transmissions (

We build prototype hardware and implement all four 802.11b bit rates on an FPGA platform. Our experimental evaluation shows that passive Wi-Fi transmissions can be decoded on off-the-shelf smartphones and Wi-Fi chipsets over distances of 30–100 feet in various line-of-sight and through-the-wall scenarios. Finally, we design a passive Wi-Fi IC that shows that 1 and 11 Mbps transmissions consume 14.5 and 59.2 µW respectively. This translates to 10000x lower power than existing Wi-Fi chipsets and 1000x lower power than Bluetooth LTE and ZigBee.

Impressive presentation!

120+ WordPress-Plugins im DSGVO-Check (mit Lösungen, Alternativen und Plugin-Tipps!) (

Because GDPR/DSGVO && WordPress

Everything old is new again: Microservices (

Well, it depends. If you got your start programming in the 90s, you’d say I just defined a Service-Oriented Architecture (SOA). But, if you’re younger and cut your developer teeth on the cloud, you’d say: “Oh, you’re talking about microservices.”

Serverless, Microservices – Isn’t that all just SOA?

Translations of My hovercraft is full of eels in many languages (

Mis Luftchüssiboot isch volle Aal

The most useful phrase in many languages ;)

This is what it’s like using only open-source software on Android (

Four years ago, Ars Technica wrote a detailed analysis of using Android without all the proprietary Google software. It wasn’t a great experience, as you can probably guess. But plenty can change in four years, so is the situation any better in 2018? That’s what I wanted to find out.

If you want to go Google-Free that’s a good article here!

New Rowhammer Attack Can Hijack Computers Remotely Over the Network (

Since triggering a bit flip requires hundreds of thousands of memory accesses to specific DRAM locations within tens of milliseconds, a successful Throwhammer attack would require a very high-speed network of at least 10Gbps.
In their experimental setup, researchers achieved bit flips on a targeted server after accessing its memory 560,000 times in 64 milliseconds by sending packets over LAN to its RDMA-enabled network card.

Nerdy, i know but Rowhammer attacks are intersting!

Remediating Fukushima—“When everything goes to hell, you go back to basics” (

To further limit groundwater flow into reactors buildings, TEPCO actually froze the ground around them, creating a kind of frozen wall down to a depth of about 30 meters. Approximately 1,500 meters long, the wall is kept frozen by pipes filled with an aqueous solution of calcium chloride cooled to -30ºC. Freezing commenced in March 2016 and is now “99 percent complete,” according to Kohta.

Just one piece in the puzzle of cleaning up the Aftermath of Fukushima – And yes it’s already 7 years since the accident happened.

Angelesen #50 – Kubernetes and Space!

Sonntagabend, knapp vor acht Uhr: Hier kommen die Links der Woche: Mal schauen, ob ich die wöchentliche Veröffentlichung hinkriege, ich streiche derzeit einfach die Artikel raus, welche mir nach ein paar Tagen missfallen, und versuche so um die 10-15 interessantesten Artikel der Woche drin zu behalten.

Ansonsten gibt es gute Links und Artikel zu allem, was mit Kubernetes zusammenhängt, drüben bei Cloud-Native.

Go Ahead, Millennials, Destroy Us (

One of my students once asked me, when I was teaching the writing of political op-ed essays, why adults should listen to anything young people had to say about the world. My answer: because they’re afraid of you. They don’t understand you. And they know you’re going to replace them.

That op-ed hits close to home

TunSafe: Experimental WireGuard VPN Client for OSX (

This is the web page for the experimental early release of the TunSafe WireGuard Client for OSX. Warning: This is pre-release software. Use at your own risk.

Wireguard for OSX! By far the most advanced VPN Client so far.

European clocks lose six minutes after dispute saps power from electricity grid (

The continental network had lost 113GWh of energy since mid-January because Kosovo had been using more electricity than it generates. Serbia, which is responsible for balancing Kosovo’s grid, had failed to do so, ENTSO-E said.

113GWh wer zum Teufel braucht so viel Strom!
Ok Witz bei seite, spannend zu sehen wie lange es dauert, bis man rausfindet wo der fehlende Strom herkommt (oder eben nicht). Bleibt nur zu hoffen, dass keine “wichtige” Infrastruktur auch zu billig Produziert wird und auf einen Quarz verzichtet.

How we discovered a database leak in one of the biggest Swiss hosting provider (

During the development of our new security SaaS, allowing anyone to check the security level of its own servers, we ran tests on one of our own websites. Since the website is hosted by one of the biggest hosting provider in Switzerland, we didn’t expect to find any critical vulnerabilities. It turned out we were wrong.

Very sad to see such neglects at big swiss hosters. But it also shows how important good security processes are.

World-first firing of air-breathing electric thruster (

In a world-first, an ESA-led team has built and fired an electric thruster to ingest scarce air molecules from the top of the atmosphere for propellant, opening the way to satellites flying in very low orbits for years on end.

Scheduling in Kubernetes (

This process informs about the trade-offs engineers made in the implementations. Knowing a tool’s strengths and weaknesses helps better design systems on top of it; it exposes potential failure modes and helps debug critical errors when they occur. It also reveals brilliant ideas, tricks, patterns and conventions used in production systems.

Interesting walk trough on the k8s scheduling implementation

Volk beerdigt No Billag (

Über Ganz schlechte Verlierer und Noch schlechtere Verlierer

kube-ops-view: Kubernetes Operational View – read-only system dashboard for multiple K8s clusters (

Goal: provide a common operational picture for multiple Kubernetes clusters.

Render nodes and indicate their overall status (“Ready”)
Show node capacity and resource usage (CPU, memory)

The one tool I’m fanboying now for more than a week. Simply gives me a high-level overview when things hit the fan and the K8s cluster gets out of hand. The only thing that bugs me at the moment is that it’s not really built for nodes that feature a lot of containers ;)

This Glorious Madman Stuffed A Tesla Drivetrain Into A 1981 Honda Accord (

While the Teslonda’s main parts came from the Model S, other parts were often bought based on what fit in a given space and still work with the car. They didn’t plan this build so much as put things together and see what fits. Belosic’s final build sheet has a hilarious variety of donor vehicles as a result.

Tesla Drivetrain in a Honda Accord… well why not?

February 28th DDoS Incident Report (

Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.

Great Post-Mortem on the 1.35Tbps DDoS which hit Github

Taking a sabbatical changed my life. Here’s why you should do it too (

The problem is that most people do not realize that taking a break is an option and most people do not ask for such things since they assume that the company will not support it. Moreover, in our competitive work environment, we fear we would be ‘left behind’ in the invisible race we are all running in the name of ambition.

An interesting take on sabbaticals

Angelesen #49 – OSx > Ubuntu, ICOs in Switzerland, Waveforms

This week was busy, next week will be busy. Let’s keep this brief and head over to the links:

Google removes ‘View Image’ button from image search (

Say goodbye to the “View Image” link in Google Images. Google announced a few changes to its image search today, one of which being the removal of its option to check out an image without visiting the site that hosts it. It might be a bummer for some, but since it was a stipulation of Google’s settlement with Getty Images, it was only a matter of time before it happened. In a tweet, Google said today that the changes “are designed to strike a balance between serving user needs and publisher concerns, both stakeholders we value.”


From OSX to Ubuntu | Code | Nicolas Perriault (

A year earlier I decided to switch from OSX to Ubuntu, so now is a good time to make a little retrospective. TL;DR: Linux now offers a pleasant desktop user experience and there’s no way back for me.

As i’m doing some development for features on pygmy that need to be tested on Ubuntu I decided to switch partially to that system for development. Used that article to get me around the hardest starter issues but I reckon that would be a seperate blogpost for here

FINMA – FINMA publishes ICO guidelines (

FINMA has seen a sharp increase in the number of initial coin offerings (ICOs) planned or executed in Switzerland and a corresponding increase in the number of enquiries about the applicability of regulation

Fertig wilder Westen in der Schweiz

Capturing Starman from 1 million miles away (

After a quick nap, I go back to all my shots but find nothing, still puzzled about the whole thing. Then it hit me!! When I created the ephemeris from the JPL’s website, I did not enter my coordinates!! I went with the default, whatever that might be! Since the Roadster is still fairly close to us, parallax is significant, meaning, different locations on Earth will see Starman at slightly different coordinates. I quickly recalculate, get the new coordinates, go to my images and thanks to the wide field captured by my telescopes… boom!! There it was!! Impossible to miss!! It had been right there all along, I just never noticed!

I like the work that went into finding Starman with a huge telescope :)

Let’s Learn About Waveforms (

A very good primer about Waveforms

EHANG 184 AAV Manned Flight Tests (

Flying Robots!

NGINX – HTTP/2: server push. (

Resources to be pushed are configured with the “http2_push” directive.

HTTP/2 server push lands in Nginx

OpenSSH/Cookbook/Multiplexing – Wikibooks, open books for an open world (

And of course all that can be put into ssh_config(5) as shown in the previous section. Starting with 6.7, the combination of %r@%h:%p and variations on it can be replaced with %C which by itself generates a SHA1 hash from the concatenation of %l%h%p%r.

Learning of the Week: SSH Multiplexing issues fixed by not using hots and the remote usernames. Just using %C is enough with newer OpenSSH versions.

VLC 3.0 now supports Chromecast and the world is a better place (

  • 8K support (hardware decoding is on by default)
  • HDR and 10 bit video
  • HMDI Audio passthrough
  • Network browsing for NAS systems
  • 360 video and 3D audio
  • Modifying subtitle size live
  • Drag and drop support
  • HD DVD support

Yeah : VLC 3.0 is out!

Angelesen #48 – Space, Post-Mortems and Loadtesting

Earlier this week I geeked out for the SpaceX landing. For starters, I planned the Dinner to be ready at T-5mins and then SpaceX pushed back the launch which meant my pizza finished nominal but the real launch got delayed. Well, that happens. If you missed the Falcon Heavy launch head over to youtube rewatch it..

But on with the links.

Exploiting modern microarchitectures (

Recently disclosed vulnerabilities against modern high performance computer microarchitectures known as ‘Meltdown’ and ‘Spectre’ are among an emerging wave of hardware-focused attacks. These include cache side-channel exploits against underlying shared resources, which arise as a result of common industry-wide performance optimizations.

More broadly, attacks against hardware are entering a new phase of sophistication that will see more in the months ahead. This talk will describe several of these attacks, how they can be mitigated, and generally what we can do as an industry to bring performance without trading security.

I saw this talk live at FOSDEM18.
If you are into microarchitectures and want to know the details of Spectre and Meltdown, look no further: 45 Minutes – an in depth look at Spectre and Meltdown – Brace yourself it’s a lot of information!

KPTI/KAISER Meltdown Initial Performance Regressions (

Applications that have high syscall rates include proxies, databases, and others that do lots of tiny I/O. Also microbenchmarks, which often stress-test the system, will suffer the largest losses. Many services at Netflix are below 10k syscalls/sec per CPU, so this type of overhead is expected to be negligible for us (<0.5%).

An close look on the performance implications around the Meltdown mitigations.

Epic Games’ Fortnite (

Fortnite hit a new peak of 3.4 million concurrent players last Sunday… and that didn’t come without issues! This blog post aims to share technical details about the challenges of rapidly scaling a game and its online services far beyond our wildest growth expectations.

I like to read post-mortems. It gives good advice on how I can improve when writing a post-mortem together with our team.

Online Security Guide for Journalists (

Part of our mission at ProtonMail has always been to give journalists, dissidents, and others the tools and knowledge they need to do their jobs safely. Journalists are one of the largest groups in our user community, and over the years, we have given dozens of talks and workshops on email security in order to help journalists stay safe.

Good Advice on online security for journalists (but it’s applicable for many people dealing with sensitive information)

Questions after talks at conferences (

At my own conferences, Write the Docs, we have established the norm of not having full audience questions. After each talk we ask the speaker to come to the front of the stage, and then have a conversation with members of the audience with questions.

A few hints on handling Questions at conferences differently.

Year in Pixels (

This tool was made to keep track of your mood during the entire year, using pixels. You can load this page every day and select how you’re feeling. The tool will keep track of your mood and give you a visual for how you’ve felt during the year.

One thing that struck me when I put the daily pictures i take during a year on one page. A year which seems like soo much time looks short when you boil it down to 365 moments.

IPFS is the Distributed Web (

A peer-to-peer hypermedia protocol to make the web faster, safer, and more open.

wg/wrk: Modern HTTP benchmarking tool (

wrk is a modern HTTP benchmarking tool capable of generating significant load when run on a single multi-core CPU. It combines a multithreaded design with scalable event notification systems such as epoll and kqueue.

Interesting tool as load generator for loadtests

10 open-source Kubernetes tools for highly effective SRE and Ops Teams (

If you run kubernetes you should give yourself a few minutes going trough those tools and check if some of them could help you in your daily work :)
I started looking at kube-ops-view which is already quite interesting.

A Love Letter to Plain Text (

General Nerdery with plain text blogging systems :)

Basecamp doesn’t employ anyone in San Francisco, but now we pay everyone as though all did (

We don’t actually have anyone who lives in San Francisco, but now everyone is being paid as though they did. Whatever an employee pockets in the difference in cost of living between where they are and the sky-high prices in San Francisco is theirs to keep.

Interesting take on salaries at Basecamp