The flood came close

The last big flood around here was in 2005. Back then I lived in Schwyz and worked in Unterägeri. I could not go to work for three days because all the roads were closed due to floods and mud slides. During this event, the apartment complex that we have been living in for the last ten and a half years was still in construction. While it was not finished, the basement and parking was completely flooded.

So when nearby “Lake Lucerne” reached the critical height of the most severe warning level again this week, our neighbors along with us worried that this could happen again. The management of the building did nothing to prevent it, while nearby buildings were much better prepared. My mother told me, that the car insurance might refuse to pay if it was predictable. So I placed my car outside for a few days. Paying for redundant parking was still less of a hassle than all the trouble that could have resulted otherwise.

Next to the house we currently live, flows a small stream that ends up in the lake. In the past week as the level of the lake rose, so did this little stream. Essentially, the lake extended back into the streams and rivers feeding it. Multiple times a day we checked the height of the water. By my guess, after another 15 centimeters more, the road would have been flooded as have many others in the village. If this happened, the water would float directly into our parking and basement.

We started fetching the most valuable stuff from the basement. But soon we decided to fetch most of the stuff. Since we are going to move house in three weeks, we just packaged up or disposed as much as we could.

My wive and hence also the kids were worried that the water could also reach our apartment. But that would have required the level of the lake to rise another 30 cm. This didn’t really worry me, as it would have extended the surface area of the lake tremendously, which would be massive amounts of additional water.

My wive now also appreciates the hillside location of our future home even more. Not much can happen up there in regards of natural dangers.

After a couple of days, the water started to recede, and the weather turned better. As I write this, the water level is already more than 10 cm lower than at its highest. To my knowledge there were no big damages around here. So our thoughts are with the People of the regions in Germany that were really badly affected by the floods.

No internet at the Dolder Grand

Today was our wedding anniversary. We usually celebrate this with a meal in a nice restaurant. Last year we went to the Swiss Chalet in Merlischachen. It was very nice and delicious. The reason we went there was that they accept payments in Bitcoin. So I decided to make this a tradition. Thing is, The Swiss Chalet was already so nice, it would be hard to top. I know most restaurants in our vincinity that accept BTC. But only last week, I was reminded that this is the case for the Dolder in Zürich. It is one of the fanciest places in Switzerland, and I was a bit worried that it would be super expensive. But if I can pay with BTC, I’m usually willing to spend a bit more. Their booking website had temporary technical difficulties, but we went anyway.
The place really looks super nice. The meal was delicious and the service was very good, even the prices were reasonable. On top of that, I could also charge the car. When I told the waiter that I’d like to pay with bitcoin, he had to get the device from another of the restaurants. In the meantime, I tried to get Internet on my notebook. Since there is still no usable Bitcoin wallet for Mobian nor for UBPorts, I mostly use my mobile computer for paying. The waiter advised me to use the open WiFi, and opt for “Tagesgast” (visitor) in the captive portal. Unfortunately, this portal had a bad day. I was unable to create an account. Neither with eMail nor with OAuth. All I got were error messages like “Beim Erstellen des Gastbenutzerkontos ist ein Problem aufgetreten. Wenden Sie sich an Ihren Netzwerkadministrator (Database query error (1b77a6f1))“. The waiter tried to help, and even wanted to use his account. But all he could tell was, that usually it would work. And no I couldn’t create a hotspot on my phone, as I have no mobile data plan. Well, I’m not your average consumer 😉
It happened to me before, that I went to a restaurant, because they advertised to accept BTC, and it didn’t work. Usually, the software was not properly set up. But that I was not even able to get internet was the first time. And this time was especially disappointing, because of the bigger than usuall bill, and the longer trip to get there.

a decade of accepting Bitcoin for paragliding

Today marks the 10th anniversary of an important blog post. It was the announcement that I started accepting Bitcoin for paragliding tandem flights. I had interest in the nascent internet currency for a couple of months prior to that. And I felt that what was missing were places where people could spend their coins.

Only very few people came to me and wanted to pay a flight with BTC. But since I went full in on BTC for my paragliding hobby, I convinced a couple of customers to send me BTC instead of a bank transfer. For some of them it was the first time. It’s cool in this regard, that you can buy BTC on every train ticket machine. Unfortunately nobody paid with Lightning so far, despite announcing a special in 2019.

Many things have happened in the last decade. In the meantime lots of people call it digital gold, and being mainly for investing. While for me it is still primarily the best, most reliable, censorship resistant, easy to use form of money. I never really liked credit cards, but seeing how much more secure and reliable BTC is for payments, I cancelled my last credit card seven years ago, and I never looked back.

Through Bitcoin I learned so much about the nature of money, and the shortcomings of our current financial system. And a year ago I started as Blockchain Engineer at SEBA Bank, turning my longtime hobby into my job.

Every time I buy something, I check out where I can pay with Bitcoin. While still not as abundant as I would like, the number of places that accept BTC have grown tremendously over the years. Some of these purchases, I would not have been able to afford, without the value of BTC raising in an unprecedented manner. But I still value the freedom and self-determination that BTC gives more than the wealth.

  • Gold is the money of kings
  • Silver is the money of gentlemen
  • Barter is the money of peasants
  • Dept is the money of slaves
  • Bitcoin is the money of sovereign people

My wive has a car now

We are going to move soon. Since our new home is not as close to the supermarket, train station and school, my wive also needs a car. She wanted a very small and cheap one, but with at least four seats. For the whole family it was quite clear that it can’t be one that emits toxic gasses. As chance would have it, my brother knew that a ten year old iMiEV which he usually performed service and repairs, was for sale. The charging connections are quite different from the ones on the Tesla.

The Mitsubishi has a Type 1 connector for AC and Chademo for DC. In order to be able to charge it with our existing Tesla Wallcharger, I ordered an adapter cable. Unfortunately it turned out that it would work with most other charging stations, just not with the one we have. I successfuly tested the adapter cable on the public charging station of the nearby Aldi store. So for charging at home during the remaining month at our current place, we will have to improvise. At the new place I plan to install a separate plug.

For DC, the car has a Chademo connector. I still have the Chademo adapter that I used for the Tesla a couple of years ago. But since CCS was established as the standard in Europe, most new DC chargers don’t even have Chademo any more. Luckily there are still a number of triple chargers around. I wanted to test DC charging, before she is in urgent need some day. But to my knowledge for most fast chargers around here, you can only pay with one of those horribly insecure RFID cards, NFC credit cards or apps that are not available for any of my phones. I really don’t mind paying for electricity, but only with a sane payment method. I am really looking forward to charging stations where you can pay with Bitcoin (Lightning), regular debit cards or good old cash, like you can at every gas station. So we had to find a station where you can charge for free. After some reflection, we drove to the Lidl store in Flüelen. The CSS plug was occupied, and so it didn’t have enough power to also service the Chademo plug. We still plugged in, and the station would usually switch automatically, when the other plug was disconnected. But when we came back from shopping, it didn’t charge. I think this was due to some wrong manipulation either by the driver leaving, or by the new one charging his hybrid with AC. So I manually started the session, and we waited a bit longer. Anyway, DC fast charging worked, which was the important successful outcome. Fun-fact: Since the battery of this car is so small, it fast charges slower than the Tesla does on AC.

So now I hope my wive will have many pleasant trips with her first car.

My most special RunAndFly

After I wrote the article for the SwissGlider magazine about my RunAndFly adventures, I thought that I should have written also about the most special of them. It happened last autumn, but I will write about it now anyway half a year later.
It was a Saturday in September. The alarm clock rang as usual at 6AM. I got up, drank a bit and got dressed. Soon after, I started to run. Since I didn’t have to go to work, I decided to go to the Euw which is higher and farther than the takeoff I usually run to, halfway up the Urmiberg. To get to the Euw, I usually run through the forest up to the the cablecar that goes from Morschach to Stoos. While running up in the Ingenbohl forest, it was still dark but the air looked clean and calm. After the cablecar, the track becomes steeper, and running half an hour uphill also left its toll. That’s why I usually hike this part. While hiking up to the Euw, I observed that a layer of fog was starting to build up. By the time I reached the intended takeoff, the fog layer was quite compact and covered all of Brunnen and Schwyz. Only above Ibach there was a hole big enough to fly through. When I was done with preparing the glider, also this hole was closed. I waited a couple of minutes hoping the fog would lift again.
After a while I figured instead of waiting, I could climb through the rocks all the way to the Fronalpstock. But there was one limitation. Because it was my birthday, my wive prepared my favorite meal: filet in a dough. Hence I wanted to be absolutely certain to be home for lunch. I wanted to climb this route for a long time, and so did my 12 year old son. It was actually good that I did it the first time without him. Now that I know it, I wouldn’t go with him yet. By the time I reached the summit, the sun had risen, but the fog still covered everything from Rickenbach to Brunnen.
Only the Moutathal valley was fog free. So I could fly down to the Euw, as Morschach was also in the fog, and run down the hill back home from there. Or I could fly to Muotathal, and run home from there. This might be farther, but more or less flat. I opted for the latter, as I thought I would be home sooner with running on the flat. The flight was quite nice, actually my longest to date with the single skin glider.
After I packed the glider, I started running. But after only two km, still far from home, I was exhausted. My body didn’t recover during the flight from climbing 1’500 meters with little to drink and nothing to eat. I only carry essential stuff for the RunAndFly in my backpack. That doesn’t include money nor a face mask. Thus I could not take the bus. So I tried to hitch hike. But who would give a ride to a guy in clothes that were soaked with sweat a short while ago during a pandemic? A couple of cars left me standing. But after a while on older guy picked me up. He told me he would never in his live fly with a paraglider. And it turned out, he went to school together with my father. Those coincidences are sometimes funny. He drove me to Ibach. And from there I went back home on my own, half running half walking.
When I analyzed the GPS track afterwards I saw that I only needed little more than two hours from Brunnen to the Fronalpstock, not counting the stationary time for preparing, waiting and packing on the Euw.

Why was second factor authentication watered down?

As far as I can remember, two factor authentication was used since the first time I used online banking with BBS like text interface over a 14.4bps modem. Back in the day the second factor was a printed list with numbered codes.
The idea of using different factors is to prevent hackers form accessing your bank account in case they can sniff your password with a trojan keylogger on your system. The factors are generally divided into things you know, things you have and things you are. Hence the categorization of the factors is based on the user interaction. In general it is assumed that everything typed or stored on a multi purpose computing system can be extracted by an attacker. This is why I propose a different categorization farther down. My categorization is based on the threat it protects against.

Things you know (memorized):

  • username
  • password

The fist category is pretty much self explanatory. It is the typical password. Before we had hundreds of accounts, we were able to memorize our passwords. Single factor authentication with only a password is not only problematic because attackers can eavesdrop what we type, but also because computers are increasingly fast at trying different combinations.

Things you are (biometrics):

  • fingerprint
  • face
  • iris
  • veins

In theory biometrics would be the perfect method for authentication. Unfortunately the technical implementations have many weak points. There are countless stories of fooling fingerprint readers with sticky tape or jelly sweets. But even when you couldn’t fool the device itself, as long as the sensors are run on top of a general purpose computing device, the data can be stolen and manipulated. Once the biometric data are stolen, you can’t change a fingerprint or an iris as easily as you can change a password.

Things you have (possess):

  • printed list with codes
  • dedicated device for displaying codes
  • phone for receiving text messages
  • phone for running an app to display codes
  • YubiKey
  • SmartCard (e.g. OpenPGP)
  • FIDO U2FA devices

This one is only simple at first sight. Lets dissect them a bit closer. For a printed list with codes it is not enough to install a trojan on your system. It generally requires physical access to make a copy of it, but you are not alerted when somebody with physical access makes a copy. As soon as you scan it and save a copy on your computer to make login more convenient for you, it also becomes more convenient for an attacker to steal your credentials. There are even banks who send a pdf with the 2FA codes electronically. As a general rule of thumb: once a secret is stored on a connected general purpose computer, its security is weakened considerably. Thus it is not only important how secret information is stored, but equally important how it was generated and how it was transported. Even moving the sheet of paper into the view of a webcam can compromise the codes.

It may not be equally easy to compromise text messages with every cell operator, but it happened too may times and made this method become almost abandoned. As described above, information stored on connected general purpose computing devices can be extracted. This is an important fact to consider when using authentication apps such as Authy or Google authenticator. These apps are based on TOTP, but the important difference to TOTP hardware devices is how the secret is stored and protected.
That leaves us with dedicated hardware devices. These come in many forms. Some banks have used little TOTP devices for decades. There are devices that operate in conjunction with your plastic debit card and some that scan mosaic codes. What they all have in common is that they display a code that you enter on the logon screen.
And then there is FIDO U2FA. It is a standard that was established in 2014, but didn’t gain the traction yet that it deserves. The FIDO devices store a seed in protected memory, and generate a sub key for every site you want to visit securely, some even display the site you are about to login. This in fact also protects against phishing attempts. Meanwhile most Bitcoin hardware wallets can act as FIDO U2FA devices. But the most widely known and used dedicated 2FA device is surely the YubiKey which comes in a great form factor.

I propose a new categorization of factors:

  • things that a trojan can steal from your computer or smartphone
  • things that a thieve can copy when breaking into your apartment
  • things that can’t be copied and that you would notice immediately when stolen from your keyring

With this categorization, you realize that most snake oil app based 2FA belong into the first category along with good old passwords and password managers. Banking trojans that consist of a part for the computer and a part for the smartphone were around even before those 2FA apps became popular. And this is how you differentiate measures that improve security from security theatre. Security theatre is a term for measures that harass the users to give them a sense of security without really improving security. It only deters the opportunistic casual thieve, but does nothing against the well organized crime gangs. Its essentially all the pain without any gain. That is what 2FA smartphone apps are!

But I don’t want to carry around a device

Security is often a tradeoff with convenience. For me it was always clear that I want to protect every account that I can with the security offered by a dedicated device. But apparently there are enough people who don’t care about security, or simply don’t understand the tradeoffs. When I discovered that the Tesla account was only secured by a password, I was so shocked that I disabled remote access in the car. That was almost three years ago. In the forum discussions there were people arguing against carrying around a security device weighting a few grams. And indeed when Tesla introduced 2FA last week, they use solely TOTP. Whenever I have to use TOTP, I use it with my Yubikey. But still that procedure has one important weakness. When setting it up, the secret is displayed and/or entered on a general purpose computing device that must be connected to the internet. When this device is compromised, the whole 2FA is moot. Hence I will leave my car disconnected for the time being.
Since I have learnt about secure 2FA devices, I want to have all my accounts secured. Hence I switched my main bank account to a bank that supports hardware based 2FA a couple of years ago. Now at my new employer which also happens to be a bank, we use 2FA to logon to most systems. The default is a proprietary app that is only available for iOS and Android. My phones runs PureOS and UBPorts for security reasons. From the internal network, we can use TOTP and even FIDO U2FA. But when logging in from home, only the less secure method with the proprietary app is allowed. I will never understand the reason behind that. I could still work from home. I could access the git repos, but I was not able to login to Jira nor Webex. Only after my boss intervined, I was added to a group with the special permission to use more secure 2FA.
Since I work for a bank now, I have an account with my employer, that has very favorable conditions. But again the 2FA is only possible with a proprietary app that is only available for iOS and Android. This is a real pity. I would love to make more use of that account. But even if that snake oil app was available for any of my phones, I would not deposit a lot, as long as the weak 2FA was in place. Since I work there, I have a more direct line of communication with the client managers. And for increased security, I had online access turned off for my account.

Why I am sending back my Librem5

After paying 0.163 BTC for a pre-order, I patiently waited two and a half years for the Librem 5 to finally arrive. Now after half a year with the phone, I finally lost patience. For some more context, please read my former blog posts The Librem 5 phone is still at an early stage and One month with the Librem5.

A computer that looks like a phone

When the phone arrived it could do computer things, but no basic phone tasks. The browser worked very well from the start. So it was more like a small tablet. Phone calls didn’t work at all for the first month. And text messages started working after about a week, but only with weird workarounds.

An expensive hand warmer

When the phone arrived, there was no power management implemented, meaning it constantly ran at full speed. No wonder was the device always warm and the battery was flat after an hour on average. It didn’t make a difference whether I used it or not. After about one or two weeks of having the device I charged it over the night while it was switched on. When I grabbed it in the morning, it was so hot that I could not hold it in my hands. The plastic part between the cellular and the wifi cards started melting together with the back cover.

Hot freezes

One common occurrence was from early on that it it would no longer react to any inputs after a while, but still burn the battery down at the same speed. It also at the same moment stopped responding from SSH connections, so it was not just the display.
The first freeze happened five minutes after I switched the phone on for the first time. When the issue started, I had a freeze about every second day, then every day, then twice a day. For a while it never ran for more than 15 minutes without freezing. Since about the time I had the phone for a month, it rarely runs for more than five minutes before freezing.
The freezing is the issue that rendered the phone completely useless for me. It triggered me to move the SIM card back to my five years old UBPorts phone. For the next few months I switched the phone on about once a week to install the latest software upgrades. Every time I hoped the freezing issue would be solved. From the responses on the forum, it appeared like my device was the only one experiencing these difficulties, but still it appeared like they were working on resolving the issue through software updates.

Bricked for the first time

Instead of fixing the freezing, an upgrade around Easter made the phone not boot any more. It started to boot, but was stuck at the terminal that is usually only visible for a second. Apparently it was a known issue, but the remedy that was provided, didn’t work on my phone. So I was advised to re-flash it. But the flashing procedure also didn’t work. After a while and some experimentation, I found out that, out of a computer and two notebooks, only my XPS13 was able to flash the phone. I am still puzzled why it didn’t work with the Librem13 especially. But to my disappointment, the freezing issue persisted.

Dead battery

I kept installing the upgrades on a weekly basis. In between I usually removed the battery. When I tested the voltage, it was always between 3.6 and 4 Volts. Then one day I left it plugged in with the original charger for about a week or two. Since then It wouldn’t boot any more. Not only did it stop booting in the middle of the process like before. This time there was no sign of life whatsoever. When I tested the battery, now it read 0 Volts no matter how many times I tried to charge it. I tried with the original charger as well as with others. I read somewhere that the L5 has an issue with the charging, in that it starts discharging after the battery is full. After that it apparently doesn’t start charging again until it is re-plugged. But I didn’t expect this to result in a battery that appears to be totally dead. Even if I wanted to charge it with an universal LiPo charger, I wouldn’t even know which way to connect it. The phone doesn’t run with a dead battery, and it also doesn’t boot without a battery.

Sending it back

The only thing left for me left to do is sending it back. I didn’t sign up for a museum piece. I just want a phone that works. It is up to Purism now if they can repair my phone, send me one from the current batch, or one from the mass production batch later on. After being through all this, I would prefer to wait for the batch that is hopefully more reliable. But I will take whatever Purism sends me.

Friends asking

I am often asked about this open source phone that I told everyone when waiting for it. I would love to tell them how great it was, and convince them to order theirs as well. I still think it is very important to have a phone that you can trust. But unfortunately I have to tell them what a disaster it was so far. I tell them that it appears that I got an exceptionally bad sample, and that most others are probably fine, or at least usable. But I can see from their reactions, that my experience is enough of a deterrent for them not to consider buying one.

Update September 2020

Soon after sending back the phone, I received a replacement unit. Unfortunately it came with a US modem. So I waited for another month for the correct modem. It arrived yesterday, and it was easy to replace. Now I finally have a working phone. I switched the SIM to the Librem5 and use it as my main phone now. Some things have improved a lot since last year. Especially the power consumption. Others not so much, such as bluetooth in the car. Anyway, I plan to write another post after gaining some more experience with it.

A decade of blogging

Yesterday it was exactly ten years ago, when I published the first post on my personal blog. Before that, I kind of blogged on the old, old version of ParaEasy about flying adventures. For our adventure in South America, we wrote our diary on a manually edited html page.
On my personal blog, I still write about paragliding, but also about Bitcoin, Tesla, electronics projects, software development, work and holidays. Whatever I deem interesting enough to write about and preserve for a couple of years. Over these years, I published 193 posts, and left 6 drafts unfinished. My first post a decade ago was about a handheld spectrum analyzer for the 2.4 GHz ISM band. That device is still running every day on my desk at work. The display lost a line or two at the bottom, but that doesn’t hurt the functionality much. And only recently I used part of the code again for another project.
The post that is probably read the most, judging by the number of comments, is about resetting my favorite Logitech keyboard. It helped countless people who had the same problem with their keyboards.
I don’t track visitors on principle. So I don’t know how many people visit the page and what articles they read. One time a company approached me with an offer to put advertisements on my blog. But it was very vague, and since I assumed that they would want to track my visitors, I didn’t answer. The blog is not for making money, and I don’t think my posts are interesting enough for lots of people that it would be worth wile for advertising anyway.
The page ran on WordPress from the start and it still is. For the first couple of years it was hosted on an Alix and for the last couple of years it has been on a NUC. There was also another computer in between that I can’t quite remember the specs. They all ran Debian or Ubuntu and served the pages with Apache.
For the last four years I have mirrored the new posts also on my blog on ZeroNet.

Our temporary tree house

I have been fascinated with tree houses for as long as I can remember. I don’t know if everybody is fascinated as much, and I don’t remember how it started. It might have been Peter Pan or the Evok bear folks in the Star Wars movie. In my teenage years, I built a simple tree house together with my brothers. I grew up in a single family house surrounded by meadows, and the forest started about one hundred meters from our house. So we had good pre-conditions for such an endeavor. Our kids share the same fascination. They looked through our book with the most beautiful tree houses many times and dreamed with us. My absolute favorite is the Heidi tree house chalet. Many times our kids told us that they wanted to build a tree house. Not just the perfect thing some time in a possible future. But a real one now. I always told them that it is not as simple as they might think. And that we can’t build a semi permanent structure in the public forest. So they started asking my uncle who owns a strip of forest. But that is also not so practicable to drive with the car for 20 minutes every time they want to build up.
I read about Tentsile tree tents a couple of years ago. They are awesome and cool, but a bit expensive for a tent, or a hammock. I was on the lookout for a while to rent one, or to catch a cheap one in a sale. They change prices from time to time, but they are still not cheap. But this spring I decided to buy one if the price would go down enough. For one, it is still a lot cheaper than a semi decent tree house. And if I wait for too long, the kids might not be as excited any more. Since it is listed on Galaxus, I could pay for it with Bitcoin. Due to the Corona situation, it took almost a month for it to arrive. When the post man brought the packet. The kids came running totally excited. They knew exactly what was in that cardboard box.
Of course I would also like to create a multi level stack. But I told the boys, I won’t buy more of the stuff. If it is important enough for them, they can wish the extension for Christmas or birthdays.
Today was finally the day we put it up for the first time. The nights are still too cold, so we will sleep in our fabric tree house another time. To spend more time in the forest, we brought some expedition meals that we boiled with the gas stove. The nap after lunch we spent in the tree tent hammock. It is really comfortable as long as the weight is distributed evenly. But if everybody sits in the same corner of the tent, it tilts quite a bit. The three person tent is big enough to host two adults and our two kids. The underfloor storage departments are very practical. Now we all look forward for the nights to become warm enough to sleep outside. The kids an me could probably do it already, but my wive is very temperature sensitive.
And for those who wonder about the corona lock down restrictions, the place where we suspended the tent is less than a kilometer from our home. And every time we cross somebody on the trail, we go to the side to maintain the two meters distance.


Working from home during the Corona shutdown

Like many people these days I currently work from home. Due to the corona pandemic, everything that is not essential is closed in Switzerland. Since I work in software development, it is possible to work at home. Most if not all people in my team do so. What is great about the new situation is that I can now eat lunch with my family. We also try to go for a short walk to the lake or the forest after lunch. But there are a couple of factors that make working at home challenging:

  • The factor that I anticipated to be the worst, is distraction. Normally when I try to work on something at home that needs concentration, it takes on average five minutes before somebody comes and wants something from me. And then again after another five minutes, and again and again. This is why I can usually only work at home, when everybody else is asleep. All the more astonished am I, that they leave me do my work now that it’s for my employer and not a hobby project of mine. A very important contribution is from my noise cancelling headphones. Without them this would not be possible.
  • The office at home is the size of a broom closet. It is 1.4 by 2.2 meters with no window or direct daylight. Thus it is important to go out to the patio from time to time to get some fresh air and some rays of sun light.
  • I have a very comfortable chair in my home office, and a nice solid table. But I grew so used to the table I have at work that I can raise to a standing position whenever I want. Even if I wanted to buy such a table, I couldn’t fit it in my small office at home. So I have to take care to move my body enough, not to develop back pain. Especially now that I can’t go swimming in the communal pool. I just hope the lock-down won’t get so bad that I can’t go running any more.
  • My screens are roughly 20 years old, and the low resolution makes it a bit challenging to work effectively. I wanted to order a new screen for years, but always postponed the purchase. Now that I knew that I would work from home, I figured it is the time to go ahead. Even though I ordered it very soon, delivery took more than a week, as the online shops and delivery companies are totally overwhelmed at the moment. The new screen is a blast. It is even bigger than I imagined.
  • And then, there is the elephant in the room. Let me begin by a quote I recently read on the website of the Session messenger: “Friends don’t let friends use compromised messengers”. This statement really resonated with me. On the opposite end of the spectrum, there is a communication software that is closed source, has a proprietary protocol, centralized infrastructure, no end-to-end encryption, constant access to the internet, the microphone, the webcam, the keyboard and the screen. On top of that it also has the capability to take over control of the computer. Back Orifice pales in comparison with these capabilities. That it is tedious to use and only fully works about half of the time is only the lesser evil. It was developed by a company with a long track record of deception and abuses. This software is called Microsoft Teams, and it was recently declared as the primary means of communication in our company. In the past, I flat out refused to use it. But in the current environment of emergency, I felt that I could not complicate things. Apparently, there was not much opposition against inviting the panopticon into our homes. When a co-worker told me that it could be used from within the browser, I was slightly relieved. As long as it is contained in the browser sandbox, the amount of harm it can do is somewhat limited. With the browser you have some control over what access you grant it. Unfortunately in the browser only the chat feature worked, but no audio or video calls. So my team lead asked me to install the desktop client. Installing malware directly on the machine was a no-go for me. So I installed it quarantined inside an empty virtual machine. This now works for audio conferences. But I feel uneasy, uncomfortable even stressed, whenever it is running. My stress level when Teams is running is comparable with sitting on a dentist chair. That is not healthy over time. Thus I often block access to the microphone and the network to the VM, but that brings only light improvement. So, when somebody writes on slack, I enable Teams, but I can’t have it running with full access all the time, I just can’t. I am reachable through slack, email, phone, text messages, tox, matrix, session, even telegram and soon Juggernaut. They all have an open source client that I can trust. I just need a quick note, to start Teams on request. Isn’t it ironic that with the struggle to care about physical hygiene, nobody seems to think about digital hygiene.

I often think about why I care more about digital security and privacy than average people. So many people carelessly ignore the security of their devices, it is completely reckless. How people voluntarily put something like an Amazon Alexa in their home is beyond me. I don’t think I have more to hide than other people. For a long time I have cared about FLOSS . It is not only that I dislike artificial barriers, vendor-lock-ins and planned obsolescence. It is also the trust gained through being able to inspect the software. But the biggest impact came, when I started to be involved with Bitcoin. This is when I really learned about the value of information, and how to protect it. There were times when I had more wealth sitting on my computer than on my bank account. Who wouldn’t think about how to protect it from the grabs of thieves. With Bitcoin, you are responsible for the private keys. When you fail to protect them, your wealth is gone. There is no bank you can beg to reverse the transaction. But on the plus side, If you protect your data well, nobody can steal it from you. If your bank goes bust, your Bitcoins are still save. Many people don’t want that responsibility, and prefer somebody else to handle it for them. I can see the same behavior with cloud computing. Bitcoin people are very passionate about OpSec. I am talking about the original cypherpunk people here, not the “get rich quick” crowd that showed up later on. There is a mantra in the Bitcoin world: “don’t trust, verify”. Everything that can’t be verified, such as closed source software has to be considered compromised.

Ok, enough of going on a tangent. This post is about working from home. My wive calculated the first day, that I should now be able to finish at least an hour earlier, because there is no more commute. Sounds reasonable, right? My usual day now looks like this: I get up at the same time as usual and take a shower. I dress the same way and groom the beard the same way as I would, if I went outside. Instead of having breakfast alone and driving to work, I start working. When everybody is ready, we have breakfast together. After that I work again until lunch is ready. When I have to go to the toilet, I also grab a fresh tea and go outside for a minute to get some fresh air and some sun. The lunch break is longer than at the office. The kids eat very slowly, and we have a rule at home that we all wait at the table for everybody to finish. Then we usually go for a walk to the forest and/or the lake. We are very fortunate that both are only about two hundred meters away. Because the lunch break is longer, I often work as long in the afternoon, as I usually am in the office. Sometimes I even work till the time I would otherwise arrive at home.

We also currently spend the weekends mostly at home. So I took the chance, to tidy up and clean my small office at home.

Interesting reading about privacy in the current state of emergency:

Last but not least, some conspiracy theory:

Bill Gates, The Caricature of a Villain