What a week

08.07.2022 23:43
3 minutes read
Auf Deutsch lesen

This week was really exhausting, I tell you!

Monday and Tuesday in London. Directly 23,500 steps put down on Monday, when I went with the colleague through the city.
I was a little afraid that I wouldn’t get there at all, since the news was full of airport reports that didn’t encourage me much. You should be at the airport two to two and a half hours before departure so that you get your flight in time. Well, I was through security after 9 (nine!) minutes and then got to spend a nice 3 hours at the airport. Yeah!

On the train ride from Gatwick Airport to the City of London, I noticed that the railroads there do a few things more right than we do in Germany:

  • if you’re not on the train, the staff doesn’t care at all - the train leaves because the next regional train is coming in about 15 minutes anyway.
  • the line has 4 tracks - the two outer tracks for the slower trains, which stop everywhere; the two middle tracks for the faster trains
  • on the trains, the cameras are used to generate a level indicator for every single coach

One negative point: Corona does not exist there. We got off the train in London with our masks on and a group of young men laughed at us with finger pointing.
Otherwise, the city is and remains actually quite cool, despite Brexit. You can feel the history of this remarkable city every time. I really love it!

Our appointment on Tuesday took place at a London WeWork, which is directly across the street from the London Tower. What an incredibly awesome location this is!

All in all a great trip, the city as full as ever and I have to say that I think it’s totally great that the metropolis has a congestion charge that actually does something. I have seen during the day virtually 99% only company vehicles and public transport. Only a few four-wheeled vehicles were private. German cities could learn a thing or two from this.

The rest of the week was dominated by the fact that we helped a state parliament in Germany livestream their plenary sessions. That was a lot of politics all at once. It really makes your head explode, I tell you! After that, it was also directly necessary to sleep for 11 hours at a stretch.

Oh yeah, in case you’re wondering, did I at least catch it in London? The test says no. Nice!

TikTok moderation is said to discriminate

20.03.2022 21:23
One minute read
Auf Deutsch lesen

Do you already have some followers on TikTok? Maybe you’re even a minor celebrity? Well, then you’re probably not overweight, poor, or unattractive - however you want to define it all.

On The Intercept, internal guidelines for TikTok moderators have been published, which arguably prove that the Chinese platform deliberately favors pretty, rich, slim - in other words, what is somehow described as attractive in various minds - and ranks them higher in order to attract and keep more people on the platform.

Well, this reflects exactly what everyone already perceives on Instagram.

Stop using NodeJS and NPM!

20.03.2022 12:57
4 minutes read
Auf Deutsch lesen

It’s just not funny anymore!

Last week the package Node-IPC got a dependency that simply deletes files from the hard disk after detecting a Russian IP of the user and creates a file on the desktop to demonstrate against the war.

The developer probably got a few pizzas and a visit from the local police after “some” complaints, including from NGOs. Of course he didn’t remove the dependencies in a commit, but just did a force push on the master to an old git state. So that in 2 years nobody will know what kind of shit he built.
But the hard part is: version 11 is still in the NPM repo. He probably can’t get it out of there. So you have a malware in NPM, but no code for it anymore. Yeah!

But wait, that’s not it yet!

Now a Github user named qpwo comes around the corner and just builds a different malware for Node which publishes all SSH keys of the user. Why? To show what a crap NPM is and how “great” it is that the function to report malware simply remains ineffective. It is there, but nothing happens for days. Probably too many tickets came in and it was easier for Github or Microsoft, the owners of NPM, to close their eyes instead of taking stronger action against malware.

But I have to use NodeJS!
Well, I sure hope there’s no one standing next to you forcing you to do that. But if the child has fallen into the well, please run NodeJS only and exclusively in a secure environment like something container-like. But of course you shouldn’t have any secrets in there, because the next malware will come around the corner and push not only SSH private keys, but also all ENV variables somewhere - out of your control.

It bothers me a bit that we have now reached dependency hells. It’s not just NPM, but every modern language that needs dependencies of dependencies of dependencies and then downloads half the internet before the first use. Just the other day a colleague installed two linters for a pure HTML/CSS project: ESLint and Stylelint (+ Stylelint Config Standard). These things have 462 dependencies installed. 462! It’s so broken!

In reality check, yes, there is no way for normal developers to trust anyone anymore. What company, other than the really big one, takes the time to actually review or at least skim the dependencies?
And everyone who has repositories with node packages on Github knows how often a pull request from dependabot comes in, pointing out how many security holes you have lying around.

The ecosystem is so broken, but I’m not surprised anymore that Fefe just laughs his ass off over the argument: “Software bug, can’t do anything!”

Update: The readme of the intentional malware package additionally advises against using Docker, as there are too many break-out vulnerabilities for someone who really wants to harm you to succeed.

2nd update: Markus asked on Twitter, what you can do now. Good question! As written, theoretically you would have to start reviewing all dependencies now. Or build them yourself, with the appropriate consequences - i.e. no maintenance, security holes, etc. Can’t you? Well, that’s stupid now.
In the end, the answer is the same as with your hosting providers: Trust. So not necessarily blind trust. As a developer, you can lose that very quickly. And if a package has countless dependencies, first assume that the developers of the library or framework had no idea what they were doing. In the end, this article only serves to raise awareness for the problems that you yourself had not thought of before.

3rd update: Originally I wrote that the malware reporting feature on NPM has been removed, however Github/npm simply does not respond for several days when reporting malware via the feature.

How time flies!

20.03.2022 01:59
One minute read
Auf Deutsch lesen

Has it really been almost 4 months since the last blog post? And every time I take myself again to blog more.

And now I try it again, because there are a lot of things floating around in my head. But that follows in the next few days ๐Ÿ˜‰

Bye bye Alexa, hello Google Assistant

29.05.2019 20:42
5 minutes read
Auf Deutsch lesen

Due to the lack of alternatives you’re currently faced with 3 big questions:

  1. do I want a virtual assistant? And if the answer is "yes":
  2. do I prefer Amazon’s Alexa?
  3. do I prefer Google Assistant?

For many people in Germany, the answer to the first question is: "For God’s sake, no! A spy like that won’t come into my house!" You may stop reading now, this article is not for you.

In my household, the answer to the other two questions was: "Phew, let’s try both systems and see what becomes a standard. After almost 2 years with Alexa on Amazon’s Echo devices and more than 2 years with the Google Assistant on Google Homes, both systems distributed throughout the house โ€“ each room equipped with both systems โ€“ I draw my personal conclusion that the Google Assistant is worlds better than the Alexa.

Advantages and disadvantages of Alexa

Getting started with Amazon’s devices is very easy. The biggest online shop is nearly giving the devices to customers for free โ€“ I started with the big tube, then I went on with the small Echo, later I got the first Echo Show and then the second generation Show.

Once you have equipped the rest of the family with an Echo Show, you can finally use the video telephony in your living room, which has been propagated for decades but has never really been implemented. It’s easy to use, but you’re limited to mobile phones as alternative devices if you don’t own an Echo Show.

For the Amazon devices you get a lot of so-called skills, i.e. possibilities of interaction, which then triggers "something", e.g. switching the lights on and off. I used these skills not only for simple light things, but also for home automation.

Amazon initially gave away a lot of Echo devices at skill programming workshops to get developers to flood the skill store. It was also very easy to create a skill - briefly set the sentence that the user has to say, set the target script where the statement should be triggered on the Internet, and the skill is ready.

What bothers me personally are the fixed sentences. Apart from the fact that you can’t think as stupid as the end user anyway, translated skills from non-German companies are rather ugly and the whole thing is very halting. This makes the use of Alexa’s simply too uncomfortable for normal consumers.

The name and trigger words of Alexa are also extremely counterproductive. If you watch movies about "Alexander the Great", it is advisable to switch off the microphone first. The alternatives like "Echo" and "Computer" aren’t really better either.

If I would like to know anything from Alexa, Bing is used as a search engine in the background, which leads to the fact that the answer is complete crap very often.

Advantages and disadvantages of Google Assistant

Google doesn’t really make it difficult to get started with your own assistant. Many shops throw the Google home mini devices literally after you. Also here I started with the first tubes, which were only half as high as the Echos, but nevertheless offered very good sound.

Shortly afterwards, small versions of the Google Home devices came out, just like from Amazon, but thanks to the fabric cover and the round edges, the first version was prettier than the Echos.

The development of “Actions”, the skills for the Google Assistant, is a bit more complicated. As a developer you can use helpers like Dialogflow (formerly known as api.ai) to use machine learning for what users try to say and how to tune it. Of course Dialogflow can also be used for Alexa Skills, but you still have to export what they have learned and re-import it for the Skills.

If a developer wants to control devices, these device groups have to be provided by Google โ€“ this made it impossible to support my external blinds for a long time, but Google has also improved this for a few months now. Unfortunately, eQ-3 with Homematic IP is not able or willing to offer support here. The company simply does not want to realize that this leads me to the consideration of exchanging this system as well.

And despite missing support on the part of some German companies the Google Assistant works nevertheless really substantially better and more intuitively in the operation, than Alexa. The products of Google are really clearly more valuable, than Amazon’s devices.

What Google can do really well in contrast to Alexa, however, is the assignment of the currently speaking person to Google accounts and also the use of several languages at the same time. Some actions are curtained in English, but not in German. The fundamental conversion to English in a German-speaking household would then be rather annoying.

The important difference

In my opinion, the biggest difference between the two systems is simply that you notice what they were created for. The Google Assistant was created to help people understand and use voice control in everyday life, that you can also learn and control with your speech. At Amazon they wanted to put a device on the market that could be used for shopping via speech and that could even do other things. Maybe.

The natural speech input and output, the more pleasant output voices, as well as better answers to everyday questions, make the Google Assistant with the Google devices the better assistant for me and my home.

Disadvantage: I must equip the rest of the family with another videotelephony system now ๐Ÿ˜‰

As always, this is my personal opinion. If you have another opinion or experience, I would love to read it on your blog.

Youtube Music in everyday life

11.01.2019 19:26
3 minutes read
Auf Deutsch lesen

Several weeks ago I synchronized my favorite playlist to the phone, so I was forced to test the offline functionality on the plane.

Music is playing - what could go wrong?

Said and done: headphones on, music on. So far so good. YT Music only plays the music of Youtube videos that were recognized as music. So if you have also favored a lecture, it is not to be heard.

Videos are not music

Basically you can’t do anything wrong with a music player - but as a user you notice that it’s Youtube. You can listen to songs which are available on Google Play Music in YT music as you do on Spotify & Co.

However, if you have started to add videos to the playlist, the audio stream contains all the stuff that can be heard in the video, eg. an intro like in many music videos or even an outro, as in this video. That’s really annoying when it comes to listening pleasure. Now you could start to maintain separate playlists, but for me playlists are like tagging - if I have a song from the 90s, I don’t want to put it into both playlists “90s Audio” and “90s Video”.

And then of course there’s the already missing feature to upload your own music. I have so much music from the 90s and early 2000s that YT and Play Music don’t provide. Same with the other streaming services. Sometimes you can’t even buy them digitally. And that’s annoying. I even thought about switching to Amazon Music Unlimited a few months ago, but then they switched off the music upload feature.

Crashes

I recently heard that Youtube Music crashed all the time for some people. Well, for me a crash is associated with the message “Unfortunately Youtube Music has stopped”. I didn’t get this.

However, all this still doesn’t work out so well. Whenever I pressed Pause, the software quits itself after a few minutes. Maybe it drew too much energy and was killed by the system or it quits itself, because it is unused since period X. But that’s annoying.

Also, the sound likes to jerk sometimes, which I couldn’t see with Play Music in this form.

Conclusion

So as soon as Google turns Play Music off, it could be a very exciting thing for me as long as they haven’t moved all the existing features. For me, local players/playlists/MP3 files are out of the question. I want to stream it and I don’t want to run a file management system and even not my own streaming server.

My first YouTube Video

25.03.2018 11:33
One minute read
Auf Deutsch lesen

Woohoo! I just uploaded my first YouTube video. Of course I uploaded videos before, but never published them, because they were party videos with SingStar or made some tests for apps I developed that uploaded videos to YT.

But in the last days I were part of the Online Marketing Rockstars 2018 event and I put a small camera to my office’s point of view and created a small timelapse video at the entrance of the first fair exhibition hall, where all the visitors entered the fairground.

Slim Down Anniversary

17.03.2018 22:07
2 minutes read
Auf Deutsch lesen

Just reached my 2 years! Two years of my slim down challenge. See here a pre-post comparison:

It was and still is a lot of work to keep this status. It’s real fun, not to be a seat heater for the couch, but to keep moving regularly. Some people would say “too regularly”.

At the beginning I was concentrating on walk as many kilometers as possible per day to force my body to burn calories. In the last months I changed my training to gain more mass again, this time not by increasing fat but growing muscles and I think that’s the better way of life ๐Ÿ˜Ž With this new training I reduced my amount of cardio training, to keep the muscles. Otherwise my body would reduce these fresh grown muscles during the training, because it’s much easier for him than burning fat.

Originally I started all that crap (okay, losing weight is not crap), to reduce the chance of a new spinal disk herniation and my conclusion: I didn’t get a new one, yet. On the other hand I was able to let my lateral muscles grow. Even more than the typical body building newcomers, my trainer said.

Whatever, I’m feeling good, I lost weight (before: 113kg (249 lbs), after: 74kg (163 lbs)). At the moment I’m back to 86kg (ca. 190 lbs) because of the body building thing and I’m very happy to have all the experience now. By now I threw away my old clothes and it’s so cool to be able to buy clothes in “normal” clothing stores.

Thank you to anyone who helped and supported me. And of course a thank you to all the people, who didn’t believe in me, because I was able to prove you wrong. ๐Ÿ––

Oh holy christmas pounds

28.12.2017 22:31
One minute read
Auf Deutsch lesen

You know that: It’s christmas time with the family and you have food. Much food. More or less tasty. And more or less healthy. More less. And in the end you do everything to avoid food dumping, because thousands of people are dying hungry every day.

Of course, this could never happen to US. After all most of us have built up huge fat reserves, that we can skip 10 christmas parties without starving. But even when we humans know, that we did something wrong, we don’t always fix those failures.

But not me! Since yesterday the christmas time is over and I’m back at the gym again. Daily. Like I did it before December with it’s christmas markets ๐Ÿ˜‰

Never forget: Trim down the pounds! No excuses! And may the gains be with you.

Blogging via Chatbot

27.12.2017 01:00
3 minutes read
Auf Deutsch lesen

In the last months weblogs feel more and more orphaned and even this blog got fewer articles than I wanted to publish. I think on social networks like Twitter and Facebook it’s too easy to publish images and your current thoughts or to share links.

So why shouldn’t I do that with my blog with the positive side effect that all my data belongs to me? But to quickly publish anything you need an interface, especially when you want to publish from your phone. You can install a mobile theme for your Wordpress blog, but firstly I hate the mobile view of WP, secondly I don’t use Wordpress, and thirdly “fast” is not the best description for the UI.

I came up with the idea, that chat bots are one of the most hyped topics in Asia and a few weeks ago I had a discussion with a team mate, where my viewpoint was “chat bots are overrated and I don’t understand why the hype is so huge” – but come on, I want to be convinced. ๐Ÿ˜‰

One of the main benefits of chat bots is, that nearly every smartphone user has installed a messenger app, e.g. Facebook Messenger or WhatsApp. But since WhatsApp doesn’t offer an official API for small developers like me, I even don’t like that messenger. So I decided to write a bot for Telegram and was really surprised, how easy it is.

Another benefit is the speed of the messenger apps and you don’t need animated user interfaces to write a blog post, really! The messengers are quite ahead of mobile views in a browser. Since you’re able to upload photos you shot a second ago and add your story, it’s quite easy to publish your stuff and share it to the typical social networks and search engines.

For me as web developer chat bots have another benefit: I don’t need to test the interfaces in every f*cking browser ๐Ÿ˜‰ They just work and further development of features are really easy and fast to implement.

Well, we’ll see, whether I will blog more than in the past or not. This article is the first test run for my bot and I’ll look around what I implement next. For this English version of the article I implemented the multi-lingual feature ๐Ÿ˜ƒ

Maybe I will find other services I can connect to with crazy features like a spell checker (I think I have some typos in this article again ๐Ÿ˜‰) or maybe a service that finds images for articles. The possibilities are huge.