Wednesday, September 13, 2017

Russia becomes an internet outcast for some reason

It's starting to happen more and more often to me. I'm trying to use some service and all of a sudden I see an error page, sometimes a custom one but more often generated by cloudflare or a similar service, with error message effectively saying that IP addresses from Russia are banned on the service. And what is even more interesting, most of this services don't have any particular policy reasons not to allow Russian users, it's not not like they are publishing prescribed materials or doing anything interesting whatsoever. A payment processor, a popular online course provider, some random forums and information sites, one site with educational videos that I like (that one is especially funny because I'm banned from the subscription page and so can't pay them but their cdn does't care and I can actually download any video I want).

But why does it happen? Is there some recommendation in some popular security guideline "block Russia, Cambodia, and Afghanistan because all users from there are ruthless hackers"? Or maybe Roskomnadzor (Russian telecom regulator / royal censorship service) spams hosting providers with "abuse" reports? (Actually happened to a friend of mine, although he was doing something interesting on his sites, truth being told. He had to remove a few pages for ISP to unblock his account.) Maybe some Russian hackers do, in fact, tend to abuse legitimate services and, say, test stolen CC numbers incurring huge chargeback costs? (That would explain services having to do with payments.)

Whatever the reasons are I haven't been able to get any answers from any of the services. Guess they are not big on customer service if they ignore requests to the tune of "I want to pay you guys, with money, not stolen or anything, please take them" (that popular courses provider I mentioned tends to answer with something like "thanks for contacting us, anybody can use our site as long as they have internet connection, have a good day").

In some cases it's pretty easy to work around that, we all know how proxies and vpn work, we watch tv (which is kinda weird, if we take the hackers assumption, if I were a ruthless Russian hacker, the first thing I'd spend my cryptocurrency on would be some anonymous vpn service... although even then I wouldn't steal innocent people's credit cards and use them to incur costs on other innocent businesses so maybe I just can't understand those kiddies). But sometimes you can't or at least not easily. With that god-forsaken courses site I'd have to use a proctoring service that requires good bandwidth for screen-sharing and webcam and although it's not exactly impossible, I'd have to use some service that provides that bandwidth and stable connection raising costs significantly (maybe I should try setting up my own private proxy somewhere).

And also there were some rumors that the government plans to ban all proxies and vpns on the internet. Granted, I don't know the exact plan, if they can do that effectively and what would people do when they need vpn for work, and I don't want to put all the blame on the government in this case (although it tends to be involved somehow whenever you encounter any major inconvenience in your life), but it might be a point where it's easier to physically move elsewhere than deal with the whole situation. Too bad places that are easier to move to often have internet problems of their own (encountered it more than once during my travels), it takes a developed economy with high human rights index to have a stable, affordable, and relatively unrestricted internet access. No idea why, just happens to be so.

Update (2017-09-22): Apparently, according to at least one of the services, they often ban whole countries in case of DDoS attacks. When they have no customers and not much prospects for some country yet a torrent of requests coming, I guess, it's understandable. Yet it's very hard to make them revert it even if you do want to become a customer (I even suggested to unblock my ip only, provided I get a static ip address from my isp, and no reply yet).

Tuesday, August 22, 2017

Terrible experience with bluetooth headsets and what to do about it

If you own a Bluetooth A2DP headset and any kind of personal computer, good chance is you tried connecting them together. Isn't it nice to watch movies and listen to music free from cluttering wires? Well, good chance is you hated that experience and if that was the reason for buying the headset, you might've even considered throwing it away (or using it only with your phone).

Why do they suck so much? Everything points to the fact that it's not a hardware problem. The same headset most likely will work flawlessly paired with an android device or even the same computer under a different operating system (windows users report huge difference between, like, 8.0 and 8.1, and not in favor of the latter, surprisingly, I think only mac users report good stuff about their macbooks and beats although I didn't try it myself so they might all be faking it :) ). And most likely it's not even the drivers or other low-level stuff, android and desktop linux has mostly the same driver stack in the kernel. My prime suspects are bluez (userland part of the bluetooth stack on most modern linux installations) and pulseaudio (audio manager thingy). ALSA (low-level sound thing) could also be at fault but I don't think it is. Those two are not, let's be frank here, examples of excellent software development although not open source at its worst either, to be honest, they mostly get the job done even if you might have a few troubles connecting devices and, say, ensuring your wireless input devices work before you log in to the system (for example, I own a bluetooth-capable mouse and I use included dongle instead, forever sacrificing a USB port for the sake of trouble-less experience), or you might do some tweaks and tricks to get rid of sound defects (haven't heard that one for a while, I suspect pulseaudio had so trouble performing when CPUs were largely single-core and constantly overloaded). And the combination of those two is a pure nightmare, whenever I try to pair a headset I expect to be fumbling and clicking various controls for at least a few seconds and even connecting an already paired device is almost never flawless (having to connect and disconnect things several times before they finally work is not new). Then, when all is done and seems to work, you a video and you suddenly want to kill someone. It lags so much it's almost never synced and even if you try to play with A/V synchronization and add some video delay it's next to impossible to done right because delay is variable. Something is not right with this world.

Compare this with android. You take the headset, you turn pairing mode on, open bluetooth settings, find the device you want and tap "pair". That's all, it works. If your phone and headset and both NFC-capable it be even easier: hold on close to the other, hear the bell sound, tap "allow" and you're all set. And it never suddenly disconnects, never lags or anything. From now on you most usually can just turn the headset on and don it whenever you feel like it and it will connect and start working almost immediately! Magic!

Now to the sad part. How to make the first more like the second? The short answer is I don't know but something should be done. There are some hardware hacks, like usb/bluetooth sound dongles which can do basically the same thing that dongle does for a mouse or keyboard: take up another port forever in exchange for more or less lack of bugs. Then android is mostly open-source and we just might be able to learn what they do differently and port that somehow to desktop linux. Or just work on fixing and optimizing bluez/pulseaudio (just clearly identifying the exact reason for these shortcomings would be a great start). Burning it all with fire is another possible solutions but I don't thing either of projects mentioned is deserving it, they just have a few bugs or possible deep design issues but otherwise they mostly get the job done and writing anything from scratch is likely to be more bothersome and introduce more new bugs.

If anybody has any context like code or developer discussion threads or bug reports I would really like to hear about it in comments. And I will update this post when/if I find any solution worth pursuing.

Thursday, June 29, 2017

Using virtualenv for more than Python projects

Sorry, it's not a complete instruction, just a thought. It occurred to me (some time ago) that Python's virtualenv is, essentially, a simplified version of system "prefix", it has bin, lib, include, and can have more stuff when needed. If you're willing to experiment (you'll probably have to set a few additional environment variables and/or build flags but that's no big deal), you can install various other tools there up until you have a complete system with its own compiler and complete set of libraries although it's much simpler to keep using system compiler and libraries only complimenting them when needed.

Granted, prefixes are nothing new, people were using /opt (and their home directory) this way since the beginning of time. But with little help of virtualenv-wrapper or pyenv you can easily switch between them and isolate environments better. Binaries and stuff installed in virtualenv would override system defaults but only when venv is activated. Sounds like a good thing to me.

What use-cases are there? I'll start with ones that originally occurred to me. First is installing libs and tools in user directory in a controllable way. Sometimes you need to install stuff (especially pythonic stuff) for very basic things. Neovim, for one, needs several Python packages to function normally. The official recommendation is to install them with sudo pip install but I can hardly recommend it, installing anything system-wide with third-party package managers is generally a bad idea. Even though pip installs its packages in a separate site-packages directory, you'll still have a hard time maintaining it, it's hard to list all packages that are installed that way, it's hard to upgrade everything (pip-tools can help but still), it's hard to uninstall stuff without traces. So why not install it all into a neovim-specific virtualenv? Maybe even compile neovim itself there so that you don't have to rely on other repositories (their official PPA is mostly ok, but it's harder in other distributions). Same with any other tools, especially Python-related ones. You can keep requirements files in your dotfiles and put some shims into your ~/bin so you don't have to activate/deactivate all the time (rcm hooks can be used to run the actual install commands, I love rcm, by the way).

Second possible use-case is system libraries. Many Python packages require system libraries (and headers!) to build. lxml, psycopg2, pillow, the list goes on. If you don't have required headers yet, hopefully you'll get some informative error message on install. Or you'll see information in project's README. After a while, you just remember to always install libxml2-dev, libjpeg-dev, python-all-dev, etc. on any new server. But why not just install them into virtualenv? Admittedly, it would require a bit longer time for compilation but you'll at least be sure that you use the same versions of libraries across your systems (ok, this one is less important now that everyone and their father uses docker or some similar tools, and even use of virtualenv is possibly diminished with the rise of containers, although there's no particular reason why you can't containerize virtualenvs... but I digress).

Somewhat related to both, I had an idea to experiment with implementing a window manager and other GUI tools using pygtk (or is it pygobject now? I haven't been following) but installing it into virtualenv is a serious problem. Even if you can do most of the stuff using system's site-packages, things like testing against multiple versions of libraries and python would be a compete mess. Containers would probably help if I get serious about it, but some lighter isolation sounds much better.

It's all might be not very perfect for distributing stuff to users, of course, but when you're developing something or when you can't rely on distribution' repositories for any reason it sounds like a better idea than most others. In particular I hate it when people I don't know and have no reasons to trust say me "run this long and obscure script as root so it installs our stuff deep in your system in a way that makes it hard to remove", user-directory installs which you can easily list/review/update/purge are way safer. So, something to replace those notorious curl -s | sudo bash is yet another use-case. Most new systems now come with python3 and virtualenv anyway. It might even grow up to become another linuxbrew some day (great part is it can deliver binary packages as well so it won't necessarily require much compilation; and probably we'd want to use a separate package index for non-python-related ports) or even replace system package manager at least for some stuff (which would probably require environment multiplexing, meta-packages, and probably better dependencies control), but that's getting ahead of time.

(On a separate note, it would be great to use github as a replacement for pypi. Some trusted build service could be used to build binary packages (and generate a signature containing both git commit hash and binary tarball hash) so pip could verify that package wasn't tampered with and a particular revision of source code was used. Trust doesn't necessarily require hosting actual files yourself. I always thought that hosting a whole linux distribution entirely on github is an interesting idea. Although I'll probably never time time or community. But that's largely unrelated.)

In any case, virtualenv is great and we should do more of it. I think critics who think it's too hacky and complicated and unnecessary just don't understand it.

Friday, April 28, 2017

Ok, it seems I want X1 Yoga after all. But I'll probably wait for Gen 3

Generation 2 of Lenovo ThinkPad X1 Yoga was announced at this year's CES with both small and big improvements. They finally added Thunderbolt 3 ports with USB-PD charging support, which makes it slightly better deal than Yoga 910 (which is still visually more pleasing to me but no thunderbolt = muh). Anyway, the best part is it's virtually the only laptop with OLED display and I love OLED. I almost immediately decided that I'm gonna buy it eventually (not right now unless something happens, my Yoga 900 is not yet outdated, probably next year or whenever they make Gen 3) provided there are no deal breakers. Then I saw its keyboard:

Apart from weird Home/End position (why not make it Fn-PgUp/Fn-PgDn like everyone does? F1-F12 keys are pretty small as a result. But maybe they could be used for some hotkeys with a little xmodmap magic?..) the obvious elephant in the room is swapped Fn-Ctrl keys: seriously, who does that? I even wrote it off as a dealbreaking thing and forgot about lenovo until I did more googling.

Then I came to my attention that it's configurable and those keys can be swapped in BIOS. Ctrl will still remain smaller for no reason but I could live with that. Still, I'd like to see it swapped by default in Gen 3 so that Ctrl is bigger (option to swap them could remain but Ctrl in the corner by default, please). That, moving Home/End to PgUp/PgDn (then you could move Print Screen to the top and put menu or second Win key or even both in its place, because modifier keys are important) and a few other small things would totally change my opinion from "possibly" to "must have":

  • Add more USB 3.1/Thunderbolt 3 ports. Yes, it already has five USB ports total but I'd prefer three or even four Type-C ones and two Type-A, future is very close and I'd prefer to invest in future-proof hardware. Charging ports on both sides would be a huge bonus as would be supporting more than one external display. Removing legacy HDMI is optional, but I'd totally prefer more USB instead of keeping it.
  • Keep audio jack (I'm not sure if it's present in Gen 2, photo evidence is inconclusive). But it's important for a laptop, keep it. Just one with headphones+mic combined is enough, don't worry.
  • Consider Yoga 900-like "wristwatch" hinge this time, just because it looks cool :)
  • Iris GPU option. I know, it depends on which processors are trendy at the time of release but it's kinda important. Also, if there were such an option, I'd also sacrifice a couple hours of battery life for four cores.
  • Extra M.2 port for a second SSD. I haven't looked at X1 Yoga inside yet but if you could spare the space for this, it would be superb. I always prefer to have level 1 raid when I can, 'cause drive fail from time to time. Quality of included SSDs is not that important, on the other hand, I could upgrade it/them myself.
  • Good Linux support. Ideally, slightly cheaper "developer edition" with certified preinstalled Ubuntu. Dell already does it, everyone should do the same. Definitely no lock-in situation we had with Yoga 900-ISK2 and a few other models.
  • 4K OLED panel. Yoga 910 already has 2160p 14" IPS panel and Yoga 900 had 1800p 13" one, I understand there might be issues with supplier (Samsung, right?) but I'm pretty sure it's not impossible by 2018. I really really don't want to have less pixels for more money after I already modified everything I could to work well on 4k.
  • At least casual splash protection, spills is the #1 laptop killer. I understand that full IP68 protection could be out of practicality for now, because of fans and everything. Unless, of course, you manage to make a good fanless system with top of the line mobile processor. I'd totally pay extra for that. But at least a little sticky tape under the keyboard, it's really that simple.
  • Never ever put the camera at the bottom. Top bezel is totally ok and even helpful, really (tent mode, on the other hand, usually means more or less stable environment, external keyboard, usb hub, possibly another display, I could totally add external camera to that if I don't like how built-in one works in tent mode).
  • I repeat: fix the keyboard.
    • Swap Ctrl and Fn.
    • Combine PgUp/PgDn with Home/End.
    • Move Print Screen to the top.
    • Return Menu and/or second Win key
  • And keep all the nice stuff it already has: touchscreen with a pen, LTE modem, etc.
Now, I'm not that big a fanboy of Lenovo. They do nice stuff and I buy it but if Dell would make an OLED version of XPS 13 2-in-1 I'd probably get that instead (not necessarily 2-in-1, I don't care much about that stuff although it is nice to have options). But either way, the wishlist above mostly applies to everyone who wishes to sell stuff to most of us technomads.

And, as I mentioned elsewhere, it's not impossible that I can stop buying mobile hardware altogether at some point. Intel NUC or something similar could probably suit me better when I stop traveling as much and get a normal-ish 9-to-5 office job. Which is my intention at the moment, if other pieces fall in their places (yeah, that big relocation project of mine looks like it might finally work out real soon, although it's not quite completed yet). Of course I will still have some laptop but when it's not used as intensely it doesn't depreciate as quickly and doesn't have to be cutting edge.

Wednesday, April 19, 2017

ORICO — small things that stand out

More than once I've written about stuff made by Big Brand manufacturers so I decided to balance things out by writing about a mostly-unknown but good things. In short, if you need something small like HDD enclosure or some cable or USB hub or a dongle of some kind, check if ORICO makes it and chances are you won't be disappointed. It's usually slightly more expensive than low-end stuff from aliexpress but, in my opinion, it's usually worth it.

Disclaimer. This post is a shameless promotion of their brand although, unfortunately, nobody paid me for it or even sent me any free stuff. Guys from ORICO and not, if you read this, I'll gladly review whatever free goodies you send me :) I only do honest reviews so better make sure to send the good stuff.

At this point I own a USB hub, three different 2.5" HDD enclosures, and a precision screwdriver set from them. And probably something else I don't remember. Here are the pics:

USB hub in its natural habitat, surrounded by cables.

It's powered with external adapter and supports Battery Charge protocol. Not powerful enough for most phones, no Quick Charge or anything like, but enough for charging smaller devices. Speed is ok although I feel plugging fast external HDDs directly into laptop is somewhat better. Full USB 3.0 support, no Type-C ports but it's older than the new standard anyway. The only serious disadvantage, in my opinion is that it only has four ports, it has one unused side so it easily could've been six (and possibly one or two on top for flash drives and like, although I like to put wireless charger stand on top of it so I probably wouldn't use them). The thing is I have a TRNG, mouse RF dongle, and RJ-45 dongle permanently plugged into it, it leaves only one empty port for anything else (which is usually enough but I don't like it). I'll probably upgrade it one day to something with both Type-C and Type-A ports and RJ-45 built-in. Maybe even a full-scale docking station, with video and audio... There are all kinds of these things on the manufacturer's site but I haven't compared them properly because I don't really need anything right now anyway.

Two kinds of 2.5" HDD enclosures
The transparent one is for slim 7mm drives while black one is for "full-sized" 9.5mm. Both have good speed and Type-C connectors. Unclear how much of USB 3.1 it actually supports, I have no laptops with full 3.1 support yet. But hopefully it's future-proof enough. The third enclosure (not pictured) I have is not Type-C (it uses one of the microUSB 3.0 variants) but works ok nevertheless.

Precision screwdriver in a nice case

it's quite compact
I like that heads are screwed in instead of magnets and the case is quite failsafe, it's really hard to break it since it's soft and even losing something is complicated. Handle allows for good grip although doesn't have anything for helping with tighter screws (no hexagonal segment, no ribs, nothing) but it's rarely required for electronics anyway. I hope steel is good, so far neither T6 nor T5 head is broken (which were problematic with most of screwdrivers I had previously, I even managed to strip some of bottom case screws in my Yoga 900 because of a bad T5 driver) but we'll see.

These are just some examples, they really have lots of stuff. Anything from data cables and power banks to surge protectors to NAS. Check out their site and aliexpress store and compare their stuff to competitors if you need something. Although it's probable that not everything is sunshine and rainbows I'm yet to be disappointed. Let me know in comments about your experience if you have any of their other devices.

Wednesday, February 22, 2017

UK plug and wall socket is probably the best there is

While we are on the topic of sockets and chargers. UK three-prong plug (type G) allows you to put heavier things into the socket and they will sit there securely. Also it's rated 250V/13A allowing more powerful appliances and probably safer than any other plug type (not mentioned there that almost every socket has an off switch, as an additional safety feature, apart from all the shutters, insulation, and built-in fuses).

(Photo from Wikimedia Commons)

If the world ever comes to a standard AC plug type, I hope it will be either that or at least something as robust and safe. And, let's face it, the only two alternatives (EU and US plugs) are not that universal, there are dozens of variations (where to put the ground prong, how to ensure polarity, even how big the prongs themselves must be) that makes either harder to adopt as a single universal standard.

Universal USB-C laptop chargers can't become industry standard fast enough

Adapter I had for charging my laptop broke yesterday. Now I need to give you a bit of a background to explain what kind of adapter that was. So, Lenovo produces lots of different laptops. And, just like all other manufacturers, they have lots of different charger connectors. With Yoga series, it was always some weird variation of USB, not a (more typical until recently) round connector. In particular, for Yoga 3 and 4 it looks like this:

(Photo from Aliexpress)

It's unclear why apart from making people buy their stupid chargers. You hardly can use the port for anything else when not charging (it's not even 3.0). And I mean stupid, just look at this:

(Photo from Aliexpress)

How can even call it a "travel" adapter is beyond understanding. If you actually travel, you have either to buy a new one for every socket type, or use a socket adapter which (considering most wall sockets are located in walls) will make this massive charger fall out every few minutes. Even without an adapter, it doesn't sit in a wall socket very well (UK plug is somewhat better in this regard).

Also cable is too short for almost anything.

There are two alternatives to this madness. First (more readily available) is a third-party adapter with swappable plugs. It looks like this:

(Photo from eBay)
Although you can get a set of plugs a travel more easily, it's still has the plug in it. You will still have trouble with plugging this thing at least to some wall sockets (unless it's UK plug, I currently suspect that's the best plug type ever).

Cable is also too short and, unlike the Lenovo's original charger, cable can't be replaced.

The second option that I find much neater:

(Photo from eBay)

It's a charger for some other Lenovo laptop (same 20V/65W) plus an adapter to convert round connector to weird USB. Some of you probably figured out why this is better despite more moving parts: it uses standard IEC C5 ("Mickey Mouse" cable). You know why it's a good thing. No? Really? I don't believe you but let me explain anyway. You can switch between different plug types by simply changing the cable (costs a couple bucks and available almost anywhere you go, so if you, say, find yourself in Malaysia unprepared, you just go to the first electronics store and buy a cheap cable, easy). Then it provides additional length, up to 2.5 meters from the socket or even more (AC cable can easily be longer than 2 meters, if you can find it, while DC cable can't be longer then a meter-something before it starts losing power). The charger is for something pretty old, easy to find and cheap if it breaks (unlike original adapter for Yoga). And, last but not least, adapter itself doesn't have to hang on the wall socket. It's almost perfect.

There are several downsides though. It's pretty rare, like just a couple of listings on ebay and aliexpress (not many people have this particular Yoga laptop and even fewer care about the charger). Adapter itself costs about $10 and pretty impossible to find offline.

So, I'm in Singapore, this flimsy little converter broke, and the only quick option was to buy a new charger (swappable plug, like above, but only UK plug included). It works ok, should be enough until I order a new converter cable (or three, just in case) although additional plugs would've been useful considering I'm going to Vietnam next. Cost me S$65 which is a bit more than I would like to pay (I could buy it cheaper online with a complete set of plugs), but I was kinda in a hurry.

So, I was saying. I can't wait for really universal laptop chargers (like we almost have with phones: most of the phones use either microUSB or USB Type-C, maybe a few years in the future even Apple will come to their senses, they already use USB-C for the laptops). There is a USB Power Delivery standard, there are several voltage/current options in it that should fit most laptops, and some manufacturers already use it. Even Lenovo, if I remember correctly, started doing so with some of their new hi-end ThinkPads. Maybe (and that's still a big maybe) if I decide to buy the next Yoga next year or so this non-standard charging connector nonsense will be over already. Or I might go with Dell or something instead. With USB-PD, I'm pretty sure I will be able to find a charger that is designed for travelling (a small black box with IEC C6 inlet on one side, USB-C outlet on the other, both cables easily replaceable), soon if not right now. There might even be some nice additions like more than one outlet so you can charge something else or power a USB hub or something that cannot be powered directly from laptop. The future is almost here... I hope.

Update(2017-04-13): Actually, it's already becoming better. For example, this is made by HP:
(Photo from
It's standard USB-PD so it's totally compatible with other devices (that can take 45W in different voltages, doesn't support 20V though). USB cable is not detachable but that can be tolerated. IEC C6 ("Mickey Mouse") inlet is absolutely lovely.

Another example, independent manufacturer:
(Photo from Innergie)
This one supports 20V (in addition to other three possible voltages: 5V, 12V, and 15V). But it uses ungrounded IEC C8 inlet which is passable but has obvious disadvantages (apart from it being ungrounded I'd have to buy a new collection of cables for my travel needs :) on the other hand, ungrounded AC plugs are usually a bit more compact and universal, if you don't worry about fusing you can use europlug in UK sockets with just a little help to open the holes).

In other news, both new Lenovo Yoga 910 and 2nd generation of Thinkpad X1 Yoga have USB-C ports for charging. I'm couldn't determine from Lenovo's site which voltage/wattage they require but it's hopefully one of the standard PD profiles. That new Dell XPS 13 has them is not even news. So whatever I choose next, I'll probably won't depend on awful chargers that come in the box. Although if I had to buy a new laptop right now I don't know what I'd do, all they have some serious disadvantages (I'm not going to write a full review soon, so just a short preview: Yoga 910 doesn't have a single thunderbolt port nor IRIS graphic nor thunderbolt nor even full USB 3.1 but bigger almost-14" display in a still-small chassis probably beats everyone, except X1 Yoga has an OLED option which makes it about the only OLED laptop on the market, it's 14" albeit chassis is slightly bigger, but resolution is only QHD, 1440p, not even close to 4k, it also has all the nice stuff like built-in LTE, two thunderbolt ports, and native RJ-45 and HDMI for better connectivity; then XPS is kinda ok except it's not convertible but apart from that it almost wins in comparison with 910 except the smaller display; I'd probably take X1 Yoga if it had 4k OLED panel, guys from Lenovo reading this: consider it for 3rd gen or maybe as an option for 2nd and you got yourself a new fanboy). The worst part is many people alarmingly stop buying laptops altogether, they are ok with tablets and keyboard for their office work and entertainment needs. Hence many manufacturers stopping paying attention to that market so competition becomes weaker. Even I considered supplementing with a tablet for reading and stuff until I can get an OLED laptop, though it would be an android tablet in my case so I don't have to worry about linux drivers and everything, but it's not like anything can replace a laptop for work for me right now (there are nice mini-PC boxes that can compete with ultraportable laptops but they are desk-bound and I wouldn't be able to code while lying on a couch, in my underwear... or even without, because I'm that nerd :) ). But more about that whenever I have time and enough info for a full review (manufacturers are welcome to send me devices for review, as usual, if anybody reads this ever :) ).

Update(2017-04-13): OH WAIT-- I just noticed one reason why I'll probably never ever buy myself an X1 Yoga, OLED or no OLED.
(Photo from
No, seriously. Who said those "designers" that it's an acceptable placement for an Fn key? I can tolerate senseless PgUp/Home keys placement, I rarely use them anyway, trackpoint I'd just disable never to worry about, but doesn't everyone do C-c and C-x? They are more sensible with Yoga 9xx keyboards, why is this shit here? Unless they change this or I start using Caps as Control (I currently prefer my Escape there but who knows) I'll never ever ever buy this. And given that there are no other OLED laptops to speak of and other bad press Lenovo receives (remember the innovative hinge preventing you from using linux? how about superfish?), it's possible that something other than Yoga 9xx will be my favorite next year.

Although I'm so sick of recent mind-bogglingly stupid "innovations" that it's possible that I switch to some weird DYI stuff, start wearing a tinfoil hat, and be done with all that mobile hardware world. Ok, not likely, admittedly, but if I start being a 9-to-5 office worker my preferences might change rather significantly.

Thursday, January 5, 2017

Public key transition statement

Hash: SHA512

So, I've generated a new GPG keypair. It has a set of subkeys (one per usage),
which, theoretically, should make it all more convenient and secure. Also it
uses currently-recommended algorithms (4096-bit key RSA and SHA512) and was
generated using my new hardware entropy source which was the main reason for
this change. The old key will be expired in a couple months unless I revoke it
as superseded first. There is no reason to believe it was compromised or

New key's fingerprint is

F819 3F12 6021 6B7D D53B  959F E273 25A3 92D7 0FFB

for copying and pasting: 0xF8193F1260216B7DD53B959FE27325A392D70FFB ),
long key id is 0xE27325A392D70FFB.

Please import my new public key from the keyserver you prefer or using PKA dns
records. You can use this command on most platforms:

    gpg --search-keys 0xE27325A392D70FFB

(Unfortunately, GnuPG or/and keyservers don't really support search by
fingerprint or showing it in the import dialog so make sure to --list-keys
later to verify it).

I'd appreciate if you signed this new key for the web of trust (revokable with
check level 2 sounds appropriate since you didn't verify my government-issued
photo ID prior to signing :) unless you happen to know me personally and can,
for example, call me and verify my voice while I'm reading the fingerprint).

Obviously, verifying signature on this message, old key's signature on the new
one, and checking PKA dns record is highly recommended before performing any
further steps. Feel free to contact me if you have any doubts.

What this all means to you personally? Probably nothing if you have never sent
me any encrypted messages or received signed ones. Otherwise you probably
already know what to do with this information.


Thursday, November 17, 2016

Versioning static files with S3 buckets

Although there's a trend of making single-page applications with frontend static files managed separately from backend api, the need of managing static files haven't gone away just yet. And everyone who does web is aware of common issues with it. Probably the most common one is browser cache. Files get cached in user's browser and are used even after you changed and deployed them. Cache-controlling headers can help somewhat but not much. That's my cache-boosting techniques are usually a must.

There are many ways to do cache boosting. Usually, it involves adding some version info into all static urls (e.g. /style.css becomes /style-13.29.css or /13.29/style.css), hence it's often called "versioning". If you use some Django app to manage your static files (compress, combine, minify, etc.) it often can provide you with some solution. Use it, it's probably reliable and easy. This proposal, however, is cool if you happen to use Amazon's S3 for your static hosting (directly, not behind cloudfront). Yeah, I'm mostly referring to Django in this post because that's what I use, but general principles apply anywhere.

What exactly I'm proposing? Url has two elements: domain and path, since you can create unlimited number of S3 buckets for free, you can create a bucket for every deployment with version in its name. So your static url will look like

I won't include particular examples in this post but basic workflow is like this: always populate AWS_STATIC_STORAGE_BUCKET_NAME setting from environment or some similar source, create a bucket when a deployment starts, make sure new version (it could be git hash or anything, just like with any other tools) is available as environment variable and previous one is somehow available too, run collectstatic (it will be using new bucket but currently-running application will still use the old one), reload application when it's done, destroy the old bucket once every host is reloaded (if running on more than one server). Multi-server environments will probably need some way of communicating for destroying old buckets effectively, but it's beyond this short post. Other than that, all you need is some way of shuffling two environment variables (or something), a couple settings, and two very short custom management commands (for creating and destroying buckets), and IAM role for the instance it's running on with appropriate policy.

Is this much better than using a directory in a single S3 bucket? No, not much. Url could be somewhat shorter (bucket names must be unique and by adding version to them it could be easier not to clash with other users), garbage collection is easier (you just remove the whole bucket, no need to do any file operations), but that's about it. IAM policy will be a bit more complicated, you'll need a little bit of additional code, no way to use the same bucket for static and media files (which might be a bad idea anyway but still). Overall, I do not recommend this way for anyone who doesn't understand everything in my post, use it on your own risk, but I personally find this idea pretty neat.

Friday, September 30, 2016

HTTPS issues with blogger :(

As I wrote in my last post, I'm moving this blog to a new domain. I also decided to put it behind cloudflare to enforce HTTPS and other cool stuff (IPv6, HTTP/2, ChaCha20/Poly1305, etc.) Apparently, google doesn't like that. Now, instead of a nice 301 redirect I get this

Which will totally wreck my search results. I guess I'll have to turn off cloudflare until search engines reindex everything and only then turn it back on.

Thursday, September 29, 2016

New domain for this blog:

Some of my 3.5 loyal readers might see themselves to this new domain sometime next week when they care to come here.

What is this? Have I gone all corporate and will start to earn money on this somehow? I wish, bro. No, I just saw this domain in the expiring list yesterday and thought that it could fit my blog nicely and I never liked 3rd-level domains. The only reason I ever had a blog not on a custom domain is that I wasn't sure whether I'd be able to write more than a couple posts. It appears I was, after all, even though this is neither the most actively updated nor the most popular blog, so it's time to personalize it and make it possible to become google-independent one day if I ever want to.

As with everything else, custom domain is the way to be independent from any particular provider. It's true for blogs, it's true for email (I'm one of those who do have custom-domain emails yet are too lazy to migrate from gmail completely).

I'm not likely to move out of blogger any time soon either unless I manage to generate a good pelican template (writing stuff in markdown, using vim, and keeping all the content in a git repository is just more geeky) so search engines and other 3 of my loyal readers will have a few years to adjust. At least, if google does something bad or I desperately need some feature, I won't be locked in. Having options is always a good thing.

There might be some issues with dns, redirects, https, links in the days to come but it should all be sorted out by the end of this week. With any luck, I'll have blanket https with good ciphersuites and maybe even http/2. But we'll see, I guess.

Wednesday, September 21, 2016

Lenovo Yoga 900-ISK2: shame on you, Lenovo, never again

I have posted a review of Lenovo Yoga 900-ISK awhile back in which I concluded that it's probably the ultimate choice if you need a high-end machine for running Linux. Now that it got renewed to 900-ISK2 it's no longer the case and probably nobody should buy Lenovo products if running Linux is your intention.

900-ISK2 looks really sweet on the hardware side, even faster SSD, and slightly better CPU with IRIS video card (which is probably just enough for decoding 4k HEVC video) while everything else is the same old good. Yet, a slight change in its firmware hiding the AHCI option makes it virtually unusable, locked out without possibility to change the preinstalled OS.

A thread on Lenovo forums (19 pages at the time of this writing) included both a Lenovo person promising to escalate this issue with the developers and quote from some other unknown person telling that it's been done this way per agreement with Microsoft. Someone also mentioned that it's possible to modify the bios with a programmer with only moderate soldering. After that moderators started to moderate the thread and it's now unclear whether anything will be done in any reasonable amount of time. So far the only constructive thing said was that usually bios updates in the past required from several weeks to several months.

I suppose I could wait a couple months living out of an external HDD (with usb 3.0 it's not even that slow) if I knew that it's only temporary but I'd rather try to get a refund while it's still possible.

I hope firmware will be fixed. I also hope my wife will be able to return the device for refund tomorrow. But now it's absolutely unclear what should people use instead. New zenbook with power button instead of delete? XPS with its web camera looking up your nose (besides not having enough RAM)? Noisy and overheating spectre? Overpriced and outdated macbook? Everything would be so much simpler if Lenovo just fixed this thing and not locked users out in future.

Update (Sep. 22, 2016): We managed to return the device for full refund, guys at the store didn't even give us any hard time though it required two visits to get it done. Dell XPS 13 is a likely candidate for the next purchase, it has very similar hardware specs, although the RAM thingy (8 GIB is good but not quite enough) is a possible deal breaker there.

Update (Sep. 22, 2016): Additionally, Lenovo issued a press release yesterday, stating, in effect (after you cut through the PR bullshit), that it all was intentional and they won't fix it. They are going full superfish on their customers, it seems. And the forums thread just reached 24 pages.

Update (Sep. 26, 2016): Someone started a petition to demand the update from lenovo, forums admin started deleting every post linking to it. Thread reached 30 pages.

Tuesday, September 20, 2016

Samsung flagships comparison: S6 Edge

Today a delivery person came to collect my recalled Note7. I was given a temporary replacement S6 Edge for non-determined period of time, estimated about two weeks. And it sucks for two reasons: replacement is less than ideal and it's too long a wait. So, here's my short comparison of S6 Edge with everything else while I'm biding my time.

First of all, I don't like Edge's curved screen, I would've been better off with a non-edge version. Yes, I also tolerate Note7's one (I wouldn't uses as strong a word as "like" here) and it's nothing weird. Note7 feels very natural in hand with its symmetrical body, narrow bezel, and very smooth round edges (less so when using a cover but still), while Edge is way more angular and even somehow bulkier (though Note is both heavier and bigger).

Wider curves make Edge UI more useful than on Note, where it requires a very precise gesture to activate, but I'm not that big a fan of those panels and stuff anyway. I almost got used to the curves and I don't accidentally touch them while simply holding the device anymore but I still find them useless and not necessary. Flat is better for me.

I wouldn't mention all the things that got changed in 7th generation and if you are looking for advise whether to upgrade from S6 Edge to S7 Edge or something like that I'm simply not the person to ask. I never had a S7 Edge so I wouldn't know most of things and comparing it with non-edge is probably unfair. As a rule of thumb, almost everything that was true for non-edge S6, is true for Edge: short battery life, overheating, etc. Lack of newer features made my "samsung cloud" backups temporarily inaccessible, synced data (messages, in particular) cannot not be restored for unknown reasons, so I lost lots of data because I didn't have time to transfer it using smart switch, nothing critical, just annoying. I only hope cloud backups won't get destroyed or become outdated and I can restore them when I get a new Note.

Tuesday, September 13, 2016

Samsung flagships comparison: Note7 vs. S7

As I was saying, for half a year I was a proud S7 user and everything was well except somewhat smallish display. My wife started playing Pokemon GO seriously and S6's short battery life was quite frustrating for her. Meanwhile, Note7 was announced and I had to think hard whether I want one.

Good part was that hardware is just as good as in S7 (slightly better but who cares about one more gig of RAM and stuff like that) but with bigger screen and even bigger battery. Lack of a non-curved option sounded like a deal breaker to me though, I'd never buy an S7 Edge. Yet, after carefully watching all the video reviews I decided to try it. Curves are more sloped, with larger flat surface (mainly to make S Pen usable, I guess) and symmetrical design looked cool. Fortunately, my situation is not as it used to be a couple years ago and I don't have to limit myself with only one toy per year (although this year I did indulge myself quite a bit) and S7 didn't go to waste — I gave it to my wife and she doesn't criticize me for my spending habits anymore.

So I preordered it and after a very quick delivery I was a proud owner of officially the most expensive phone on the market (yes, it's official now: 32GB iPhone Plus is cheaper, even 256GB one is still cheaper than Note7 plus a good 256GB SDXC card). Turns out, I was right. Curve is much more tolerable than with Edge and it all feels very good in hand. Free Gear Fit 2 I found almost completely unusable but that's a minor issue, after all, it's free.

I won't even try to compare it to Note5, simply because I never had one. But I readily believe that Note7 is way cooler and more better.

How different is it from S7? Note very different yet slightly better in almost everything. Slightly bigger, somewhat heavier, slightly more RAM, slightly more curved display, IRIS scanner in addition to fingerprints, optimized UI, slightly more bullet-proof glass, has a stylus on top of that all.

Size feels just right to me. As I mentioned earlier, I have big palms and that half-inch is the difference between missing buttons and typing almost without errors. Yet not a 7" monster you have to buy cargo pants for. Might be not everyone's impression, but feels good to me which is what important.

Weight is not an issue, you can still hold it one hand and scroll and even type. Not for as long but for long enough.

RAM size is something to brag about but in comparison with S7 I don't feel any difference. The same goes for everything else (although CPU is just exactly the same one used in S7 so there should be no difference).

Curved display, as I said, is not as bad as I feared. Edge UI is only barely usable with such a slope but still there (I think you could actually use Edge UI without the curves, it's an artificial limit, but I don't like it too much anyway). Night clock is, again, less usable that with Edge and it also disables always-on display feature, I'm not sure if I like either anyway.

IRIS scanner might feel superfluous for someone as there is a fingerprint scanner already, which is arguably even faster and easier to use. Key difference is that it's harder to use it without you knowing (like when you're asleep). I use it mainly for Secure Folder though, which is, by the way, the single greatest feature ever.

Basically, it allows you two have two copies of every app you want, one of which is completely sandboxed and can be locked away. For example, you can have two facebook accounts or two google accounts which you can use at the same time (without logging out) and although service providers will probably notice that they share IP and device no data will be directly shared. Or you can have a secure browser for your porn, with bookmarks and history invisible to people just looking over your phone. Unlike the previously used "private mode" which allowed you to move your naked pictures to private gallery (ricking them being synced by google), now you can take then with secure camera to begin with with geo tags are automatically disabled. By the way, you can totally allow different permissions for secure and non-secure apps and, for example, hide your location from secure messenger while share your location with non-secure one (yes, of course, same IP, same device, facebook can still easily profile you). I don't know the exact details, like how data is encrypted, how hard is to hack it if phone is powered up and unlocked, but at least it should keep your stuff safe from the unsophisticated onlookers.

Other major UI changes include new settings menu (close to the stock android), built-in blue light filter, slightly different quick settings icons and notification grouped by app. Nothing is a big deal, but together a steady improvement.

It's the first device featuring Gorilla Glass 5 (I'm not sure if Apple will use it this year, no news mentioned it). According to a review I saw it's better protected from falls and punches but you should still use at least some protective case. I'll probably go with a silicone bottom (more friction = more convenient to hold) and maybe a tempered glass protector on the top. I despise flip cases, frankly (although I'll get myself one if only for travelling — it's safer because you often have to put phone into backpack with who knows what). I still don't believe it won't scratch but I'll have to try different protectors and see if I can tolerate them (I put on some film while I waiting for glass protectors and it feels horrible) otherwise I'll have to put up with those microscratches again. I hope someone will figure out sapphire displays or something real soon.

It felt like styluses were going to die when capacitive screens came to masses. Mostly because styluses intended for such screens were ugly and unneeded (short, thick, with a big soft tip to emulate your finger). S Pen is different, it's narrow and precise, with some hundreds of pressure levels, you can screenwrite and probably even draw a little bit (not that I remember how to do either). Samsung always adds some special cool features that don't necessarily require a stylus but here you can't use them without it (and it's probably better that way in this case). Screen magnifier, handwriting notes (including ones on always-on display), editing screenshots with cropping and writing on (very useful for my work), making GIFs (from videos or games), translating whatever you see (with some optical recognition even).

Of course, as everyone knows by now, Note7 devices are being recalled over a battery issue, but that's, again, is bad for marketing and not that bad for most users. Just be careful with charging for a couple weeks before you can replace it if you already have one. I personally charge it in several takes (about 30% a time) and unplug as soon as it becomes more than lukewarm, just to be safe. If you do not have one yet, be extra careful buying after-market devices or from unauthorized resellers (but you can probably find a good deal on refurbished in a few months, they have 2.5 million device to refurbish). Maybe Samsung will come up with some way to check whether a particular device is safe by serial number or something?

And I'm also curious about how many things they will allow me to keep when replacing. Of what came in the box, I mean (gifts are definitely mine to keep): will they take away used headphones with my earwax on them or, say, charger? Those headphones are the best oem buds I ever encountered and they cost about a $20 separately so I definitely intend to try and keep an extra pair (no, cheaper ones from aliexpress do not sound as good, I tried, some say they also break easier). And a good type C cable that can handle fast charge and is 1.2m long is just hard to come by on short notice and I'm known to break them. Most probably they will not allow me to keep the S Pen. It's not more than a $50 anyway, I can live with that if I manage to lose it — which is unlikely as I rarely use it at all. Stylus for Note5 goes for about $10 on aliexpress now, maybe this will become cheaper as well, in a year or two when I might need it if ever. But, anyway, we'll see.

Update(Oct. 4, 2016): Just got a call that I'll be receiving a new Note7 later this week. I'm so happy to finally get rid of this crappy temp S6 edge. For the record, I kept charger, headphones, and all the adapters (s-pen I did return, maybe I should've kept it as well) and nobody asked any questions whatsoever about that.

Update(Oct. 12, 2016): News say something about another Note7 recall. More than that, they seem to be discontinuing the line completely. Epic. Now I don't know what I'm going to use, definitely not some apple® ishit™. Maybe I should get myself something temporary until S8 or Note8 gets released next year, for some reason I still like Samsung's hardware. Or maybe I should check out what Google does with their Nexus/Pixel thingy, I heard some good feedback but I'm not sure I could live without a hi-res amoled display.