# Uptime

This blog runs on a very affordable vServer hosted by netcup. For such low-end servers, no uptime guarantees are given by any hoster. Nevertheless, I always get mails whenever the server is down either for maintenance or because its temporarily out of order, and my feeling is that this happens only rarely. But just out of curiosity, I'd like to know what the actual uptime is.

A two page article in c't 26/2021 introduced me to uptime-kuma, which seemed to fit nicely what I was looking for. The only part I didn't like was the statement “Der einfachste und schnellste Weg Uptime-Kuma zu installieren, führt über Docker und Docker-Compose” followed by an installation procedure that I would call anything else then simple and fast. Fortunately, this statement applies only to the distributions favored by the c't. On Arch, the following two commands install and start uptime-kuma as a service:

yay -S uptime-kuma
systemctl enable --now uptime-kuma.service

After configuring the services to monitor and a day of collecting data, their uptime status is displayed on https://localhost/3001 as shown below for the web and IRC servers on pdes-net.org:

# 20th anniversary

I've missed it by a few days, but nevertheless: the first version of Archlinux (Homer) was published 20 years ago. The German computer magazine iX published a well-deserved tribute.

It took some time for me to discover this unique Linux distribution, but when I did in 2009 (a shocking 13 years ago), I was sold. Since more than 8 years, Arch runs all my desktops and notebooks, and only servers are still powered by Debian.

To the next 20 years! And in any case: happy anniversary, happy anniversary, happy anniversary, HAPPY anniversary!

# Too many meetings

The number of meetings I'm requested to attend has increased by roughly a factor of five over the last two decades. Instead of five meetings per week I'm currently having five per day on average. It thus doesn't come as a surprise that I depend on an electronic calendar to organize and get reminded of all these appointments.

On my desktops, I'm using the integrated calendar of evolution since seven years. Over the time, this implementation of a PIM for the Gnome desktop has proven itself to be reliable and stable, in contrast to Kontact, its KDE counterpart I've tried to use before.

In any case, having a calendar on my desktops is not sufficient anymore, as future appointments are typically arranged after Zoom meetings that I usually attend with my notebook. And even that is not enough: I may want to check my appointments on a whim in the middle of the night, where only my smartphone is immediately accessible. In either case, I do not need a full-blown PIM, but just a calendar client synchronizing with both owncloud/nextcloud and zimbra.

On Linux/GTK, I thought that gnome-calendar would be the natural candidate with this functionality. To my surprise it's straightforward to add an owncloud/nextcloud account with the associated calendar, but zimbra is not part of the online account collection of Gnome, nor is a generic CalDAV server. I found that almost impossible to believe, but it's in fact a longstanding bug (eight years!) that has still to be acknowledged and addressed by the developers. Fortunately, there's a simple workaround: after installing evolution and adding the zimbra CalDAV server there, it also shows up in gnome-calendar. Apart from this issue, gnome-calendar delivers exactly what I wanted.

This entire affair is a whole lot easier on Android. Davx5 available on F-Droid provides a convenient backend for any number of CalDAV servers, and any calendar app will serve as frontend. It works just as well as gnome-calendar on my notebook, but without any unexpected obstacles during the configuration of the calendars.

I'm now reminded of outstanding appointments wherever I walk and talk. That's progess! Or is it?

# Upgrading virtualenvs in fish

Python major version upgrades such as the one from 3.9 to 3.10 a few weeks ago require rebuilding any virtual environments created earlier. The generic one-liner I gave in an earlier post works in all shells, but as an avid user of the fish shell, I'm of course employing virtualfish for managing my virtual environments. And upgrading them in fish is even easier than with the one-liner above:

vf upgrade --rebuild

Prior to that, one also needs to rebuild the virtualfish for the python version upgrade:

yay --rebuild -S virtualfish

Afterwards, one can see to the update of the content of the virtualenv as documented in my earlier post. Compared to the entire recreation of the virtualenv, this whole procedure is as painless as fast – which makes the whole concept of virtualenvs an eminently practical one.

# Android file transfer

My home and office computers are synchronized via the ownCloud server located at my workplace. This synchronization takes place via an TLS encrypted connection with an A+ Qualys rating. In addition, I encrypt files containing sensitive information prior to their transfer on an individual basis. Since all systems accessing this cloud folder are driven by an operating system (OS) that I trust and largely control (Archlinux), I feel very comfortable regarding the security and privacy of my data. To keep this warm and cozy feeling, I wouldn't give devices with an OS beyond my control (such as Windows, MacOS, Android, iOS) access to this folder.

Now, I fully appreciate that even a hardened desktop Linux would have difficulties to compete with the level of security offered by an up-to-date Android – with “security” being defined here in the conventional context with respect to a potential third-party adversary. But concerning the privacy of my data, and thus mine, the threat of an overly nosy first party is much more palpable. Actually, I shouldn't call it a threat. It's in fact a promise.

How, then, am I supposed to transfer or even better synchronize data from and with the newest member of my gadget zoo? Since I've acquired this gadget as a two-factor authentication for my banks, I cannot simply root it and install LineageOS without any Google services. Therefore, I won't trust the device beyond its specialized purpose and I won't give it access to my cloud folder.

But that's actually not a big deal in this case. Because of its specific function as a two-factor authenticator for my banks and several other services, the phone will remain stationary. Hence, I need to synchronize within my LAN, but not outside of it. When looking for apps that would be suitable for this task, I was initially attracted by those appealing to the nerd in me, such as, for example, croc installed (pkg install croc) and running within termux, or juiceSSH. In the end, these apps turned out to be fun for a limited time, but too tedious for everyday use. I'm very fond of controlling computers with a keyboard, but for using termux efficiently, you'd need the eyes of an eagle, the fingers of an elf and the dexterity of a spider monkey.

For ordinary human beings, syncthing is the tool of choice. It's available on f-droid, easy to set up on all participating systems, and works reliably without manual intervention. In my case, I've simply created a folder (~/androidshare) on my desktop that automatically receives all files from my phone that may be worth to keep, including the backups of the andOTP and keepassDX databases and all photographs of my cats. 😍

# Maxi

I've retired my veteran netbook Mini after 10 years of service and 7 generations of Debian in 2018. The SSD was becoming corrupted, and in view of its low performance and advanced age, I decided that it wouldn't be worth the time and money needed to replace it.

In the meantime, I've been using the Fujitsu Lifebook I acquired in 2011. As a matter of fact, I gradually used this low-end notebook in favor of my desktop until I was basically working exclusively with it. From March 2020, I've used it day in, day out. During this time, it became painfully obvious that the lifebook's performance is no longer adequate for my needs. About a year ago, I've thus started to look for a successor, but considering my recent change in preference, I was looking for a notebook with higher performance and display resolution, as well as a backlit keyboard.

There were several contenders, all armed with processors of the Cezanne series of AMD. But my favorite was the Ideapad 5 Pro 16 because of its comparatively large screen real estate with a WQHD resolution and 16:10 form factor. When it was offered for €899 by Lenovo in a bargain sale, I didn't hesitate to accept the offer.

The Ideapad 5 Pro 16 comes with a gun-metal grey (“storm grey”) metal case with an excellent finish. Despite its slightly larger display diagonal, it is significantly smaller, lighter, and, particularly, thinner than my Lifebook. At the same time, it leaves it light years behind in terms of performance:

Fujitsu Lifebook AH530

Lenovo IdeaPad 5 Pro 16ACH6

Processor

Intel P6200

AMD Ryzen 7 5800H

Lithography (nm)

32

7

Frequency (GHz)

2.13

3.2–4.4

L2/L3 cache (MB)

0.5/3

4/16

2/2

8/16

Weight (kg)

2.5

1.9

Display (inch)

15.6 (1366×768)

16 (2560×1600)

RAM (GB)

4 (DDR3-1066)

16 (DDR4-3200)

Mass storage (GB)

500 (SATA HDD)

1000 (PCIe SSD)

TDP (W)

35

45

Battery life (h)

3

8

iperf (Mbit/s)

40

360

Cinebench R23

336/641

1445/12969

hdparm -t (MB/s)

70

2300

Price (€)

299

899

For comparison, my 9 years old desktop achieves 820/3650 points in the Cinebench R23 single/multi benchmark, and Dell's 17″ high-end notebook XPS 17 in a comparable configuration (processor graphics, 16 GB RAM, 1 TB SSD, 2.2 kg) with an Intel® Core™ i5-11400H for €2098.99 (1920×1200 non-glare) or €2398.99 (3840×2400 glare) scores 1467/9017 points according to c't 21/2021.

There wasn't any question about the Linux distribution I would install on the Ideapad (Arch, of course), but I debated with myself whether I should install a desktop or stay with Openbox as on all my other systems. In view of the medium-high display resolution of 189 ppi, I finally settled for Budgie, a Gnome-based desktop known for its gracious handling of high-dpi displays. And so far I like what I see: the desktop has an unobtrusive, rational, and no-nonsense quality about it.

The Ideapad is officially specified to have an Intel AX200 wifi chip, which works perfectly under Linux. But I had been warned by posts in the interwebs that it may instead be delivered with a Realtek RTL8852AE chipset, which is not yet supported. And that's what happened of course also in my case. I thus installed over a LAN connection (using an USB/ethernet adapter) and installed the driver for the 8852 provided on the AUR right after. The driver works fine except when the notebook goes into hibernation, after which there's no wifi device any more – it simply vanishes. I haven't found a solution for this inconvenience, but hope that the official support of the rtw89 driver by the mainline kernel will solve this issue, and will hopefully materialize with Linux 5.15. Alternatively, I could replace the wifi module as others have done.

Other than that, everything works as intended, and lightning fast.😂 Oh, I've replaced pulseaudio by pipewire-pulse to use my bluetooth headset, which would otherwise be without microphone. And I've installed rofi, which I still prefer as a program launcher over anything a desktop can offer...

# Resistance is futile

In my childhood, I lived in conditions that would be considered poverty today, but were not uncommon at the time. For example, our apartment featured neither a toilet nor a bathroom or shower. The toilet was located half a floor down in the stairway, and we shared it with our neighbors. To take a bath instead of a quick wash, we had to visit the public bath. The stove was still coal-powered, and we relied on it for cooking and getting hot water for preparing coffee and tea as well as for washing dishes. In the winter, this stove was also used for heating, but the heat didn't spread far, and we had to put on several layers of clothing in the other rooms. As we had no place for a washing machine, the clothes had to be carried to the next laundromat once per week.

But we felt very comfortable, even privileged, since we enjoyed a number of household appliances that were not entirely obvious at this time. For example, we had a telephone, a huge table-top radio, and even a black-and-white cathode ray television set (which, I remember, was smaller than the radio) with three programs that signed-off at midnight. Plenty of entertainment for my parents, but I had lots of toys in addition, of course. And since my parents tried very hard to make me happy, I got the greatest gifts a boy could wish for at that time: a Märklin model railway and a Carrera slot-car race track.

Much to their disappointment, these electric gadgets held no fascination for me. I actually spent most of my spare time outside, playing soccer and swimming, and indoors I much preferred classic board games such as Mills and Checkers, and later Chess, which became kind of an obsession and occupied most of my time and attention in solitary concentration. To get me back to a social life, my parents very cleverly introduced me to classic card games, which I then started to study with three equally nerdy friends of mine. We played Rummy, Canasta, Whist and Bridge, but also the German classics Skat, Schafkopf, and Doppelkopf.

I've recently googled for these three friends, and found to my great delight that they have all made their way. A surgeon, an attorney, an engineer – and I became a physicist instead of an electrician, as my parents had planned. And I hope that for them the ability to play a variety of board and card games has been proven to be as useful as it has been for me. For example, when I arrived in Japan some 15 years later for my postdoctoral studies, I went to an English pub I knew from a conference after realizing how fundamentaly lonely I was. The time was early, long before it actually opened, but there was a girl behind the counter, waiting for the first guests, playing Backgammon with herself. It was my knowledge of Backgammon acquired 15 years ago that enabled me to play with her, earning me an invitation for a party where I would meet Susie from Kenya. But that's another story.😙

Nowadays, I keep an average household with regard to technology. It features all of the typical electrical appliances of western civilization, sprinkled with plenty of electronic gadgets, such as desktops, notebooks, tablets, e-book readers, and even a mobile phone, but it's not “smart”. In fact, so far I even didn't bother myself with a smartphone, as I didn't see any compelling reason for using a technology without having the slightest need for it. Worse, it seems that all gadgets with the attribute "smart" are essentially designed to collect as much data as possible about their unsuspecting, dumb users and send that data to various third parties who subsequently profit from it. And last but not least, I feel thoroughly repelled by the pathetic addiction of users to their smartphone, made evident by the innumerable smombies and nomophobes whose catatonic behavior I have to endure every day.

The first of these circumstances has changed very recently. In complying to the revised payment services directive of the EU, one of my banks has decided to terminate mTANs as a method of payment authorization. As alternative, they very prominently advertise an app-based authorization, although a photoTAN generator is in principle also available – but of course not compatible with any other bank. Should I pile up photoTAN generators on my desk or go for the smartphone? I pondered this question for a short time, but it was finally decided by unexpected circumstances turning up in an entirely different context: traveling in the age of the pandemic. My wife has important family business in Japan, and for her entry and the subsequent 14 days of quarantine, she will need no fewer than three apps on a smartphone, which can be either her own one, or has to be rented at the airport.

In view of this development, an attitude of denial would be donquixotesque. I decided that we would instead try to embrace the situation, and make the best out of the gadgets we are forced to acquire by circumstances. That shouldn't be too difficult, since I already knew from my experience with our Nexie that an Android device with small form factor can be great fun. However, there was no need to spend the obscene amounts of money the smartphone industry has somehow managed to establish, with price tags for the flagship phones having tripled over the last decade. Chapeau to the industry for the masterful creation of a new consumers desire leading to excessive debts particularly for the young generation. I'm quite immune to this attempt of seduction, and we consequently decided to look into the low- rather than the high-end.

Since I would be using my phone for security-critical tasks, the main criterion was the guaranteed availability of updates, which is the domain of the Google Pixel phones, a few of the top models from other manufacturers, and of phones running Android One, of which only the Nokias are left. After looking through the specifications, I settled on a Nokia 3.4, which seemed more than sufficient for the simple tasks I would need it for. For my wife, who will certainly enjoy playing an occasional game on her phone, I looked for a higher-class SoC than on the Nokia, and finally opted for the Motorola Moto G30. Both smartphones together came for less than €300, the maximum amount I had been willing to spend.

And you know what: I wouldn't have half of the fun with this little gadget if it hadn't been so affordable. I was a bit disappointed that the Android 11 upgrade didn't come earlier, but eventually it came, and the phone is currently running Android 11 with the latest patches (August 5). That's good enough for me to use it for the purpose I bought it for, i.e., as an authentication factor for my banks. But I also set it up as a general two-factor authentication device by installing and configuring andOTP for some of my most important accounts, such as the control panel of the server running this blog. Being thus an integral part of my security measures, it will securely stay at home, where it has already plenty of alternative uses. Here's one of them: I always wanted to have an HP 48, but never got it. Now I have one!

# Debian 11

Bullseye is stable, Bookworm is the new testing.

sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list

# I can haz IP?

I have the strange habit to look up my external IP and to display it in the conky instance on my desktop (see here for an example). So far, I've got this IP directly from my Fritz!Box 7170, but the command I've used doesn't work with the new box (a 7590). I thus had to find a new way to get my IP.

There are plenty of websites returning the IP upon a simple connection by curl:

curl icanhazip.com
curl ifconfig.me
curl ipecho.net/plain
curl ifconfig.co
curl ipinfo.io/ip
curl -s checkip.dyndns.org | sed -r 's#(.*: )([0-9.]*)(<.*)#\2#'

There's also at least one DNS server offering this service:

dig +short myip.opendns.com @resolver1.opendns.com

But I would very much prefer a local solution as before. And it turns out that this solution exists: The package miniupnpc “enables applications to access the services provided by an UPnP ‘Internet Gateway Device’ present on the network. In UPnP terminology, MiniUPnPc is a UPnP Control Point.”

This package contains a command that retrieves the external IP from current Fritz!Boxes:

cobra at blackvelvet in ~
↪ external-ip
85.212.90.227

Bingo!

# New Neuland

The new router is a Fritz!Box 7590, and since its producer AVM is also located in Berlin, my internet connection is now a purely regional one. 😉 The 7590 does not support IEEE 802.11ax or Wi-Fi 6, which doesn't really matter for me since I don't have a single device that would support this standard. However, compared to the Fritz!Box 7170 I had before, the increase in wireless speed is impressive, much larger than I had expected. On my ten years old Fujitsu Lifebook, I never saw anything better than 10 Mbit/s with the 7170, but I'm getting a very stable 40 Mbit/s with the 7590. Makes a huge difference when using Mathematica via ssh -Y -C to my desktop: while the interface reacted sluggishly before, it's now downright snappy.