#weeklyreview 47/2024

Of course the week started with swimming (for this series of weekly reviews I’ll take the Sunday as start of the new week). Not all the way across the lake as it’s getting a little chilly in the water now and we didn’t had that much time.

Coding

while writing on last weeks review it nagged me that the WordPress blog posts don’t have image descriptions. I know it’s just me being lazy to put them in in the first place. But I’m meanwhile spoiled by IceCubes app which can autogenerate image descriptions.

So I started chatting with ChatGPT about writing a little helper program in Rust which would get an image description from the OpenAPI API and then upload the picture to my WordPress and put the description as well. It slowly took shape but didn’t quite get there apart from it getting late in my day …

A cartoon polar bear sits at a desk using a laptop, with a chalkboard in the background featuring a mix of symbols, drawings, and indecipherable text.
generated illustration with DiffusionBee

I was about to give up and sent a toot before closing my laptop. But then someone replied that they had more success with Claude.ai instead of ChatGPT for Rust programs.

↬mas.to/@ingenieur/113506074188779262

And indeed. The code seemed much better and I got a first working version that night. You can find the code and some pre-compiled binaries on my Forgejo instance.

To process multiple files I used a simple shell loop:

No thinking where to take this next. I’d like to update the image descriptions of the existing images in WordPress. Could do this from remote as well. But an actual WordPress plugin probably makes more sense here.

Other idea is to use a local LLM to generate the image description so you don’t need to upload the images to OpenAI.

This is really a rabbit hole. But programming is much more satisfying the herding cats as a project/program manager ….

And because self-hosting is fun … I also set up an instance of Asciinema. The “shell cast” above is an example of this.

Walking

Since the office gym is still closed I’m missing out on a lot of exercise 🙁

Started walking to the office more often. It’s a 4.5km walk in one direction. So adding up close to 10km of walking per day. Not too shabby. Now that the weather is turning colder and more rainy it’s even more fun 😉

Updated my nails again as the color faded and crackled.

A hand with bright red and rainbow-painted nails rests on a wooden table near a full beer bottle and a glass of beer, both placed on branded coasters. Another person's hand is visible in the background.

First snow

This week we finally had some snow. It didn’t stick in Berlin, but the on the countryside one actually had a thing white blanket over everything. Even when we arrived there on Friday evening there was still some snow on the sides and roofs. The low sun made for some incredible sundowns in the late afternoon.

A vibrant sunset illuminates the sky with shades of orange and pink above a dense cluster of trees with varying foliage colors, including dark greens and yellows. Some bare branches are visible, indicating a transition into autumn. The overall scene evokes a calm, serene atmosphere.

On Saturday we had our annual “Vereinsfeier” at the house of some friends. Always lovely to see the people from the village and have them bring all sorts of food and chat away into the night.

A pink deer head sculpture with lit candles on its antlers is placed on a wooden table beside a bowl filled with cables and papers.

#weeklyreview 46/2024

it’s getting cold outside

Swimming on Sunday was again a little colder than the weekend before. The whole week had rather low temperatures even during the day. So this Sunday the lake water had around 8º C while the air was around 0º C.

Still managed to cross the lake without dying 😉

Procrastination finished

I finally finished my blog post about setting up SSH access with FIDO keys. That was in the drafts folder for a couple of months now. I’m using my two Token2 hardware tokens wherever possible now. Also for SSH connections. Tiny bit annoying to enter the PIN all the time, but better getting used to this additional layer of security.

Cleaning the cemetery in the village

On Saturday the people of the village joined forces to clean the cemetery of the fallen leaves and other stuff. We were also again cutting down some trees that have grown too much. Always a fun event working with these people. It’s a lovey mixture of old residents who spent almost their entire live in this tiny village and then “immigrants” of various age and place that either moved their or have a weekend home in the village. Everyone gets along really well and helps the community. Of course it’s celebrated with some beverages (mostly beer ) in the end.

The kids had fun jumping and diving into the large piles of leaves. The adults had fun using their machinery to cut and shred the trees :D.

In the afternoon some friends and I did an additional brief swimming session in the lake. The water hasn’t cooled much since last week. Was good enough for a short dip.

Calm lake with clear, shallow water in the foreground, surrounded by tall reeds on both sides. The distant shoreline features a forest of leafless trees under a cloudy sky.

PopChor is rocking on heavens door

Saturday evening we were attending a concert of the PopChor Templin. That was really nice. If it hadn’t started an hour later than originally scheduled, we would probably have stayed even longer for the two bands after the PopChor. Some impressions from their previous concerts this year can be found on YouTube.

SSH with FIDO2 keys on hardware tokens

I recently bought a pair of Token2 FIDO2 hardware security keys. Those are USB/NFC devices to store cryptographic keys on and use them for authentication purposes on various services.

Beside the main purpose of serving as my Passkey supply I’ve set them up to be used for SSH authentication as well.

This is straightforward meanwhile if you meet the prerequisites of using a recent version of SSH (OpenSSH >= 8.3)

Technicalities

SSH authentication by means of cryptographic keys usually works with an asymmetric pair of keys as you might know from tools like PGP. You put your public key part on the server you want to log in to. When opening an SSH session to the server, you provide your private key to sign the authentication challenge given by the server. The server verifies it’s really you by checking the signature of the challenge with your public that you placed on the server earlier.

For the FIDO2 keys, this is slightly different. The private key on your machine is not actually stored on the FIDO2 key. Instead when you create an SSH key to be used with the FIDO2 key you create a reference (key handle) to the FIDO2 hardware key that acts as your private key part.

Generating the SSH Keypair

To make use of your FIDO2 key for SSH you have to generate a new SSH key pair which is associated to your FIDO2 hardware key.

ssh-keygen -t ed25519-sk -O resident -O verify-required -C “Comment”

the option -t ed25519-sk will tell SSH to generate a key using the Elliptic Curve cryptography algorithm. More specifically the ED25519 curve. The suffix “-sk” indicates that this will be a key handle associated with the FIDO authenticator.

the option -O resident tells SSH to store the key handle on the FIDO key itself, the option -O verify-required will require you to press the FIDO key when requested to confirm your physical presence. And finally -C "Comment" should be obviously the comment of the keypair.

putting your new SSH public key on the destination server

As with normal SSH key pairs you just add the contents of your public key to the ~/.ssh/authorized_keys file on the destination server. You can you the ssh-copy-id command for this:

Now you should be able to

login to the remote machine using your passkey

Plug in your FIDO key token and start the ssh connection. You’ll be asked for the PIN of the hardware token to unlock the keystone before the key can be used. If your PIN is correct the token will start blinking and request you to touch it to prove your physical presence.

Using your key on a new machine

Now they you have set up your machine to make use of the FIDO2 key, you might want to use your key on another computer. Since it’s stored on your hardware token, you can use it from any machine without copying your private key onto multiple machines.

All you need to do is to create the respective key handle file and import the public key for your private key on the hardware token. This can be achieved with the ssh-keygen -K command.

This will put two files in the local directory. The file id_ed25519_sk_rk is the password protected key handle file referencing your private key on the FIDO hardware token. The file id_ed25519_sk_rk.pub is the respective SSH PublicKey which you can share with your remote machines.

Your private key is still safely located on the hardware token. The mere key handle file alone can’t be used to establish an SSH connection to remove machines. It requires the hardware token as well.

Manage your Token2 PIN

To manage the PIN of your Token2 keys you can either use a Chrome-based browser or use the fido2-manage tool provided by Token2.

#weeklyreview 45/24

Frost

Finally Winter seems to be closing in. On Sunday the temperature fell below the freezing point (of water) and we had -4º C in the countryside. But we were rewarded with beautiful sunshine and colourful autumn foliage.

Temperature in the lake also dropped a bit over last weekend. I tried out my new digital surface thermometer. That showed 11.4º C. Another thermometer that measured at a depth of about 10cm into the water showed 9º C.

Crossed the lake nevertheless. Still now issue with that.

Back in Berlin I met with my friend Sam for beers. Hadn’t had beers for several weeks … so it was about time. Fun conversations 😉

Winter tires

This year I made the appointment to change the winter tires back in September already. Before the first snow 😀 Free choice of schedule … But they actually advised to not have the tires changed if it’s still above 7º C average. Thats why I only now got the appointment.

Driving through the city is insane. It was always crazy, but it seems in the last quarter the city has added construction sites to EVERY road. In our area one of the main 6 lanes roads is now reduced to two lanes and also all the side roads are blocked. Apparently this will take at least 2 years to finish. But of course you never see anyone actually working…

proper coffee

On Tuesday I decided to take my coffee gear to the office to enjoy a proper coffee without spending 4 EUR on it outside.

A bunch of coffee gear lined up on a wooden tabletop. Left to right: metal jug with coffee, a cup of ready cappuccino, a Subminimal milk frother, AeroPress chamber and grid lid, AeroPress piston and Coretto permanent steel filter for the AeroPress, Hario Travel Grinder and finally Hario Mill stick.

This nicely fits into an old camera bag

I might do this more often now (or eventually get a copy of the gear for the office…)

Shortly before I was supposed to get my yearly flu vaccination by the company doctor a fire alarm had us exit the building. Quite a spectacle with police, emergency cars, fire engines and even a helicopter. But fortunately it turned out to be a false alarm and we were allowed back in after about 15 min.

a helicopter, slightly blurry, in front of a blueish sky.

Hacker meeting

This time at the Prater Garten Restaurant. Decent “Wiener Schnitzel” and again an inspiring bunch of old nerds having fun.

↬wandzeitung.xyz/@moellus/113431974931326324

CryptPad Installation

I finally took the time to look into installing CryptPad. That’s a secure online editor for documents where multiple people can work on the same document, chat and comment while collaborating. Focus is on security here as all connections and storage of the documents is encrypted.

They meanwhile provide a working docker-compose.yaml and I only had to add the labels for my Traefik reverse proxy.

There some initial challenges in getting the container properly connected to Traefik. One has to get the config.js of CryptPad right.

I’ll share my docker-compose.yaml and my config.js here, so you can take these as inspiration. I basically only put in my domain names in the config.js and docker-compose.yaml. One important piece is to set the httpAddress: 'cryptpad' in the config.js because the docker-compose.yml sets this as the hostname of the container. If you leave this at localhost, Traefik will not be able to connect and you’ll just get a “Bad gateway” error when trying to connect.

Next quest is to the get OnlyOffice stuff running to support Spreadsheets and Presentation documents as well…

[Update 2024-11-11] got the OnlyOffice extension working. Had to execute the ‘install-onlyoffice.sh’ from the GitRepo inside the running application container and restart once.

Art Forest hiking

On Saturday we had organised a hike from our neighbour village through the art forest to the “Mittelpunkt der Erde” (middle of the earth) restaurant in Kurtschlag. That was a nice hike with funny and insightful information shared by one of our neighbours.

The restaurant was really lovely as you would imagine an old small village restaurant that fell out of time. There were 3 dishes on the menu and the max price was 7.95 EUR. You could have eaten all 3 and were still cheaper than a normal meal in Berlin. Amazing.

Fall of Carthage

Sascha and his band “Fall of Carthagerelease their new album “Kernel Panic” a few days ago. Of course I had to listen in although I never really like their earlier albums. Not because they were not good. Quite to the contrary. But the previous albums were just not my taste at that time.

The new album however I really do like. The style is still more on the heavy metal side. But I like the arrangements on the new album.

If you like their music and want to support the band, make sure you either buy on Bandcamp or if you’re streaming, then consider donating directly to the band via PayPal. As a small band, there is virtually no revenue for the band from the commercial streaming services.

#weeklyreview 44/24

Wellness day

Sunday started with a good run in the forest. Further preparation/training for the 2025 Berlin Half-Marathon, in which you can still support me over at the WWF ActionPanda page.

It was partially like running on the beach in sand. The forest keepers had dug up many pathes in the forest because they were quite damaged from the heavy wood hauling trucks.

After the run we had our weekly swimming gathering and I crossed the lake at about 11ºC without any issues still. A friend invited me over to his sauna that he had already fired up in anticipation of the shaking from the cold swim. We had really relaxing two session at nearly 90ºC watching out into the sun lit autumn forest.

To round up the perfect day my wife and I went for ice cream to Prenzlau 🙂

Mushrooms

On Monday I took one meeting for a handover to a colleague while I’m on vacation. But after that, kiddo an me went to pick some mushrooms. We were looking for a specific kind, the porcini mushrooms, which is supposed to be rather delicious. There are quite many mushrooms around in the forest at this time. I know a few types and like searching them. Not too big of a fan for eating them though. So we focused just on the porcini and found a whole basked full.

Vaccination

On Tuesday we took to chance to get our COVID-19 vaccination refreshed at our local doctor. More than half the family lined up on the bench to get our jab. Must have been a funny picture, but no photo unfortunately.

Everyone tolerated their shot quite well. Little bit of pain on the stitch site and slight feel of fever on the first day.

I did not rest on that day but instead drove 350km to do the groceries for a friend with severe ME/CFS and pick up our oldest kid from his final exams in Berlin.

There were dozens, maybe hundreds of students outside the Messe Berlin to celebrate the last exam with sparkling wine and music from their mobile. Seems to be a thing.

While in Berlin we also had dinner at a nice indian restaurant in Lichtenberg together.

More doctors appointments

Wednesday the other half of the family had their doctors appointments in the city. My wife got her quarterly doses of iron infusion and the big kiddo had his stomach issues checked. Apparently he catched a bug that’s currently circulating and causing diarrhoea. But he seems over the hump already.

Delivered him to the train to get back to Berlin.

Later in the afternoon I secured our water pipes for the winter. That means emptying all the hoses and stow them away in the shed. Also emptying the pipes and turn off the well pump. While at it… dig up the roots of some plants my wife wants to keep and store the bulbs down in the well shaft for winter. There it’s dark and frost free.

To round up the garden work I helped two old chaps from the village to rake the leaves around our cemetery at bring them to the central collections place at the end of the village. Always fun to work and chat with these old people. They always tell stories from the old times in the village and joke around. And of course it was rewarded with an after-work beer.

Breakfast

There is a quite good hotel near our village and we always wanted to try out their breakfast buffet. I like hotel breakfast as it’s like brunch. You have a larger variety of stuff to taste from and you wouldn’t usually take that level of effort at home for breakfast. Also … no cleaning of the kitchen needed afterwards 😀

So we reserved a table and showed up early. Of course the buffet was quite nice. But even nicer, was to accidentally meet and old friend of ours who happen to be the director of the Hotel :). So we spent the whole morning chatting and having breakfast. I can deal with that…

Cron vs. Queue

I have a backup job started via CRON on one of my machines. Every once in a while the machine seems to get into high load but low CPU usage stage. Upon checking I figured that this CRON job (an rsync job) seems to hang. But every hour a new process is started and just piling up.

So today I’ve finally switched from simple CRON to a job queue. Instead of starting the backup process by CRON, it’s added to the queue by CRON. Under normal circumstances the queue would be empty and the job started right away. If the previous job isn’t finished yet, then the new job is just queue but not yet started.

I’ll add some monitoring for the queue length too. To install the tool:

sudo apt install task-spooler

Then one can simply add jobs to the queue by calling:

tsp <command>

If the command is called without any parameters, it displays the job queue:

$ tsp
ID   State      Output               E-Level  Times(r/u/s)   Command [run=0/1]
0    finished   /tmp/ts-out.z5XJRx   0        458.62/3.54/13.42 /usr/bin/rsync -rv --delete --exclude=database/ /home/daemon/paperless-ngx/ /opt/synology/nas/linux/daemon/paperless-ngx/

Mastodon Tools

Found two useful Mastodon tools from Ralf Stockmann. One is the Mastowall which displays a whole browser page of toots which contain a certain hashtag. Refreshing on a regular basis. So you can follow live events etc.

The other of his tools is Mastothread, which splits up longer posts into smaller toots so they fit into the posting character limit of your Fediverse instance.