RobPVN.Net

Blog

  • PDT: We Who Loved American Data Centres

    I wrote another op-ed on digi.no: Vi som elsket amerikanske datasentre. It’s meant as a short summary of what I’ve been doing with Dawn Treader, along with some hopefully useful hints for others considering the same course of action, either personally or professionally.

    The name might seem a bit exotic to someone who didn’t pass through the Norwegian education system, but it is a reference to a well-known essay by the Norwegian author Jens Bjørneboe – “Vi som elsket Amerika“, or “We who loved America”. It was written at the height of the Vietnam war, and it is still relevant to understanding the feelings of those feel let down by the USA.

    This is my translation of a key passage:

    For me, the USA was still a kind of symbol of everything guaranteeing the human liberties that make life worth living, but less and less so. A love can begin suddenly and passionately, but it dies slowly, little by little. I cannot definitely say when it was, but one day I realised that I no longer loved the USA.

    I miss the old days when digital sovereignity wasn’t an issue, because we loved America.

  • PDT: Social Networks Are Sticky

    The whole essence of a social network is the network effect, which is what makes it hard to start new social networks and hard to leave existing ones. It doesn’t help to be somewhere privacy-respecting and open source if no-one else from your daily life is there.

    Social networks are free to use, but as the saying goes – If you are not paying for it, then you are not the customer. You are the product. So quitting social networks would both be protecting my privacy and denying them a microscopic amount of their sales potential.

    I also have a motivation for leaving social networks other than sticking it to the American Man, which is the unhealthy amount of time I spend scrolling endless reams of bot-generated copyright infringement and algorithmic hypnotism that most social apps encourage today. If being frustrated with the current American administration is the extra push I need to do something that is healthy for me anyway, well, I’ll take it.

    So here, in order from easiest to hardest, are the social networks I have to take a long, hard look at:

    X-twitter: I stopped using it in 2017 when I realized that was getting angry every time I scrolled through my feed, and I can hardly imagine it’s any better today. I never got around to actually deleting my account before last week. I did not have a single moment of anguish doing that.

    Snapchat: I originally was drawn to the idea of ephemeral pictures, but never really got into it. My wife and two of my friends occasionally send me things, but I’m pretty inactive myself. Not a terribly big loss.

    Instagram: I never post anything, but my brother sends me a lot of funny memes, and I follow funny things. The algorithm has me clocked and provides a stream of funny things, but when it runs out of material it defaults to scantily clad ladies. Awkward. Losing access to funny memes will be sad.

    Facebook: I was an early convert back when it had just opened up to people outside of American colleges, but it’s been a decade since I really posted anything there. This probably goes for most people I know, since my feed is an endless mishmash of bots posting copyright infringing content from Star Wars, comic books and Reddit. However, a lot of school-adjacent activities are organised on groups there, so I kind of need access to it to not make my wife do all the work. I have joined the new, friendly and made-in-Norway alternative Hudd, now I just need to convince everybody else in my school district to join up as well.

    LinkedIn: This is literally where I am publicizing these blog posts.

    The net result of this will probably be me quitting some, but not all of these social networks.

  • PDT: Email Is Easy To Move, Calendars Are Harder

    The next part of Dawn Treader, my digital sovereignty project, is email and calendar. I have for many years had this via Google Workspace. This is effectively Gmail with my own domain, and since I started using it back when it was Google Apps for small businesses, I have had it for free ever since then.

    When it comes to email, I have two things I recommend to people: The first is to never use your work email for private things, because it is a hassle when you want to move jobs, and it makes things hard for IT administrators trying to respect your privacy and keep the company safe at the same time. Trust me – I’ve had that job, I’ve seen things I didn’t want to see.

    The second piece of advice applies to people in the tech industry, and that is to have your own domain. Moving email is easy when you have your own domain, all you have to do is update the relevant DNS records and all the mail sent to your current email address will start flowing to your new provider.

    Requirements

    That being said, my requirements for replacing Google Workspace were a bit more than just being able to receive emails at the same address as before:

    • I wanted a similar experience to Gmail’s automatic sorting of mails into primary, advertising, social and forums.
    • I have fallen into the habit of using my email as a document archive that I can search through when I need to find something. For me, this archive stretches back to 2009, and I would like to have it all imported. I have deleted about 40 000 largely unread emails from the non-primary inboxes in preparation for the move, but I still had 19 456 emails in my primary inbox (all read!).
    • Having the calendar well-integrated with my email is very useful.
    • The calendar needs to be sharable (specifically with my wife).

    In addition to email and calendar, my Google Workspace also provides Google Drive, Google Photos and the login I use for my Android phone. Replacing Drive and Photos are an upcoming part of Dawn Treader, but since I still will have an Android phone I may not be able to decommission the Google Workspace account completely. Emptying it out of content and keeping it alive will probably be more privacy-minded than closing it down and replacing my Android login with a regular ad-supported Gmail account.

    The contenders

    Now, for email in the simplest sense, there are thousands of alternatives. In fact, I have a generous amount of email accounts included in my web hosting plan for this website. But for calendars there is surprisingly little to choose from, even if you were not specifically looking only inside Europe.

    I identified two potential providers for my needs: a hosted NextCloud service (like Tab.Digital in Latvia/Sweden) or Proton Mail (Switzerland). NextCloud is a full business suite of software for businesses, while Proton Mail is a more consumer oriented privacy-minded Gmail replacement.

    While they both checked all the boxes in my requirement matrix, I felt that Proton Mail was probably easier to set up as a single user and has a stronger focus on Gmail-equivalent features. They also have a “Easy Switch” feature designed to make the transition from Gmail as easy as possible.

    Pedantry alert: Switzerland is not a member of the EU or the EEA, so it is not actually covered by the GDPR. But they adopted a new Federal Act on Data Protection that was intentionally designed to be compatible with the GDPR, and the EU has made an adequacy decision as per article 45 of the GDPR stating that data can flow freely to Switzerland. As an aside, article 45 is also the legal basis for allowing data transfers to the USA with the EU-US Data Privacy Framework, which seems to be on a more shaky footing than before.

    So I took the plunge! As expected, setting up a new account and all the needed DNS records for the email was straight-forward, with an easy wizard and lots of documentation. It’s still pretty nerve wracking when you are waiting for DNS records to propagate and you hope you haven’t made any silly errors causing emails to disappear in transit. One good tip is to prepare some days before by reducing your old DNS record’s Time-To-Live values to something like ten minutes, so that you don’t have to wait up to a day for the entire internet to catch up with every change.

    Of course, make sure your new records also have a short Time-To-Live initially in case you do like me and forget to add a period to the end of your MX records, meaning mails get sent to protonmail.ch.robpvn.net instead of protonmail.ch. So I may have lost about ten minutes of email in the switchover, oh well! To be a nice internet citizen and save servers constantly having to recheck your records you can set a longer TTL later.

    The Easy Switch feature was also really easy to use – you have to authorize Proton as an application with access to your Gmail, calendar and contacts, and then it just starts the import. It takes a few hours, but runs in the background quietly adding emails to your inbox one by one.

    The Android apps also seem very polished and easily connected to the new account. One minor quibble is that the calendar widget takes up more space than the old Google Calendar widget, so I have to rearrange my home screen and lose all sorts of muscle memory. I will also have to spend some time tweaking labeling, sorting and that kind of thing to get back to the workflow I’m used to, but all in all I am very happy with the transition experience.

  • PDT: Domain & Website

    As I mentioned previously, owning your own domain is a tremendous help when you want to migrate services, as it is much easier to change where a DNS record points then it is to change your email address every single place you are registered.

    My website has always been a small, low-traffic site. All I need is enough to run a WordPress website with a custom domain and well under 1 GB of storage. In most any provider that means the smallest or second-smallest plan. The pay-as-you-go service provided by NearlyFreeSpeech has been a very good match for my needs until now.

    Looking at european-alternatives.eu and applying some local knowledge, I narrowed it down to three good candidates: OVHCloud (France), Hetzner (Germany) and Domeneshop (Norway). Hetzner is getting a lot of buzz as a local challenger to the American hyperscalers, and both it and OVHCloud have solid-looking and well-documented offerings. Domeneshop I know from previous use to be very good, but they have, well, Norwegian prices.

    Hetzners web hosting plans have an interesting model where you pay an up-front fee to establish the site, then get the domain purchase and renewals included in the monthly price. OVHCloud has a lower monthly price but domain renewals are a separate yearly expense (with the first purchase/renewal for free). Since my domain is pre-existing and recently renewed, I had to break out a spreadsheet to figure it out.

    The jumps in the graph are for domain renewals. If I had intended to keep the domain less than 21 months, OVHCloud would have been cheaper, but Hetzner edges it out over time. It also has a name that sounds like something out of Blade Runner. Therefore I have moved my domain and website to Hetzner.

    Hetzner’s web hosting tools are pretty easy to use, although I miss having the ability to ssh in and muck about more directly with things. (That’s reserved for the next step up in web hosting plans with them.) Installing WordPress, importing all my backups from the old host and setting up a Let’s Encrypt certificate went well. As an added bonus, this site is now available via IPv6!

    The domain transfer was also quite painless (which of course also reflects well on NearlyFreeSpeech). All the emails from Hetzner are unmistakably German, that is to say conducted in impeccable English, very polite and always making certain to include information about my rights as a consumer and how to contact them. This is the sort of EU goodness I’m looking for.

    The next part of the project will be swapping email & calendar providers, as well as some continuing progress on entertainment services and social media.

  • Project Dawn Treader

    I have decided that I want to move my digital assets and workflows away from services hosted in the USA. There are three reasons for this:

    1. The leadership of the United States of America has become so erratic and untrustworthy that the calculus of reliability has changed. They may reinforce their ill-thought-out trade wars and have their obsequious broligarchs deny services to other countries, or their political malpractice might lead to other situations where I can no longer trust services located outside Europe to maintain user privacy.
    2. As a European, I simply want to vote with my wallet in support of the big lifts we have to make, and send an infinitesimally small signal to the Americans that they are not doing themselves any favours.
    3. It is also an interesting hobby project, both from a technical and a planning and management standpoint. Possibly the only subject rivaling AI for attention in the Norwegian tech press and Linkedin-osphere these days is digital resilience and homeshoring. Doing it for myself will give me some insight into the challenges it entails.
    CC-BY-SA by David Bedell

    So, what’s with the name? I enjoy naming my projects, and the The Voyage of Dawn Treader is a story about sailing east across a great sea, much like I plan on having my data do. It’s also a children’s fantasy book, which some people might consider this project to be.

    Any good IT project starts with a discovery phase; what are our requirements and priorities? My main requirement is to replicate today’s functionality as close as possible, and have it hosted in the EEA. The secondary requirement is to keep the price reasonably low, even though I will have to accept increased costs compared to what I have now. Consolidating on as few providers as possible in order to reduce administration and, presumably, costs is a tertiary concern.

    I have no issue using Open Source software originating in the USA, since by its nature we can always fix things ourselves if push comes to shove.

    Scott Hanselman wrote that it is important to own your words, that is to own your own domain – and I find that to be true. If my email was a regular gMail and my homepage was only on a social network, migrating everything would have been much more of a hassle. (But it will still be something of a hassle!) Here is the list of services I have identified:

    RequirementCurrent solutionNotes
    EmailGoogle WorkspaceGrandfathered plan for Workspace from when it was free for “small businesses”
    WebsiteNearlyFreeSpeech.netPay-for-what-you-use web hosting, very cheap and good
    Domain registrar + DNSNearlyFreeSpeech.net
    Online DriveGoogle Drive (Google Workspace)
    Automatic backup of photos from phoneGoogle Photos (Google Workspace)
    CalendarGoogle WorkspaceNeeds to be shareable
    NotesGoogle KeepPrefer to be shareable
    Search EngineDuckDuckGoA recent change
    Operating SystemWindows 10Was going to go back to full-time Linux anyway since my PC doesn’t support Windows 11
    EntertainmentAmazon Prime video, Netflix, YoutubeThank goodness Spotify is Swedish
    Social NetworksFacebook, Instagram, Snapchat, LinkedIn, X-Twitter (long dormant)Cancelling X is easy, Facebook and LinkedIn may be too hard

    Will I be able to migrate away from all of these and abstain from using those services that I can’t find a suitable replacement for? Quite possibly not! But I am focusing on services that I pay for with money directly, and on all services connected to my domain, email and personal files. Time to peruse
    european-alternatives.euthe first migration will be this website.

  • A formula to determine Kubernetes pod reroll frequency

    If you have an application running in a Kubernetes pod that uses relatively short-lived HTTPS certificates (like from Let’s Encrypt or Vault), and the application loads the certificates at startup, you may need to reroll (rollout restart) the deployment in order to trigger renewal of the certificates.

    Some definitions:

    • a is the lifetime of the certificate.
    • b is the number of days before certificate expiry to start trying to renew the certificate, the renewal period.
    • c is the number of days between each reroll.
    • d is the number of times we expect a reroll to happen during a renewal period, a kind of safety factor. (In an ideal world, this would be 1, but sometimes CronJob rerolls aren’t triggered as expected.)

    We know that the renewal period can at most be as long as the certificate lifetime, and we know that the reroll must happen at least once during the renewal period. We also know that if you reroll an infinite amount of times, the time period between rerolls becomes infinitely small. Thus, we end up with this formula:

    c = b d , b a , 1 d <

    In practice, you would set d to some value you feel comfortable with based on your experience, and then you can vary b according to your needs and come up with a c.

    Or you could work the other way around and set c to a value that suits you (if you for example want a daily or weekly reroll for some purpose), in order to discover the ideal b.

    b = c d , b a , 1 d <

    This post also shows off a bit of MathML, which has been available in Firefox and Safari since 2011, but for some reason only arrived in Chromium-derived browsers in 2023.

  • For new readers: AI Act could lead to a rush of half-baked products

    Last year I wrote a op-ed in the digi magazine: AI Act kan gi et rush av halvferdige produkter. It was quite a buzz for me to see a big picture of myself “above the fold” on one of Norway’s biggest sites dedicated to technology news! Later that year it was translated into English for Sopra Steria’s corporate website: AI Act could lead to a rush of half-baked products.

    I was inspired to write it after attending some meetings with EU officials who were quite concerned with upholding the dates mentioned. I felt that outside of the EU bubble the distinction between before and after the deadlines was under-communicated, and ripe for a lot of rush jobs once it was more widely understood. So I took it upon myself spread the news, as it were.

    I think it did quite well, got me some new connections and allowed me to be invited into some interesting meetings I otherwise wouldn’t have, as a “subject matter expert” on the AI Act. The qualifications for being such an expert consisting of actually having read the whole act and writing notes, which is much the same experience as I had when the GDPR was new and scary. Of course, this is exactly the kind of thought work people are increasingly turning to AI agents to do for them. I definitely have some classical Luddite feelings on the matter.

  • Regarding Ace Combat

    Fourteen years ago, I wrote a review of Ace Combat: Assault Horizon, and gave it fanboy out of ten points. But since then, my feelings for it have cooled – it never really lasted in my playing rota like the other Ace Combats. I found myself missing the lore of Strangereal, the “other Earth” that allows Ace Combat to disregard which nation those wonderful planes come from.

    In 2019, Ace Combat 7: Skies Unknown arrived and showed me what it was I was missing. Six years later, and it is still a go-to in my limited playing time. A beautiful spectacle and a triumphant return to form.

  • FOSS4G + Twitter = SOSI

    This is a short but sweet tale of the fun you can have with FOSS4G and ideas sparking off each other. It all started when I attended the GeoTools DataStore Workshop on the first day:

    https://twitter.com/robpvn/status/643274320437903360

    SOSI is a Norwegian data format from 1987, by the way. So I was mostly kidding. But then a wild Open Source appeared!

    https://twitter.com/torehalset/status/643284254730940416

    Turns out that it was exactly what I needed for a quick leg up on the required code, so I hit my hotel room for a couple of hours, copied code from the workshop (that is to say, I applied my skills learnt at the workshop), and tah-dah! We had a working plugin.

    https://twitter.com/robpvn/status/643343048412409856

    Now, it’s horribly hacky and not something you’d want to use for anything serious, but it was great fun and an example of how quickly you can make things work with Open Source.

    I put it on GitHub for those who are interested in having a look. I’m sure looking forward to the rest of the conference!

  • Installing Jedi Knight II On Linux

    After seeing the new trailer for Star Wars Episode VII, I was suddenly overcome with the urge to play my favourite Star Wars game of all time, Jedi Knight II: Jedi Outcast. Since I’ve sworn myself to a Windows-free home environment, some challenges were posed.

    Lucikly, Raven Software released the source code for the game engine last year, and this helpful person has created binaries that will run it on Linux: https://github.com/xLAva/JediOutcastLinux. But since it is only the engine and not the game assets, we need to get them from somewhere. Steam to the rescue! I went ahead and bought the full Star Wars pack on sale. But when you open Steam, you’re told that you can’t install the game since it is not available for Linux on Steam. Booo.

    This is where SteamCMD comes in! It’s a commandline tool meant for administrating dedicated servers, but it can be used to download game data for any game! Follow the instructions on the site to download it and run it, and if you have Steam for Linux installed, it will automatically pick up on your Steam login.   Just remember to remember to force it to pretend it’s on Windows by setting the correct variable, and then download the  app.  For JKII, the Steam app ID is 6030. (Protip: You can check the steam app ID by looking at the page for it in the Steam store: http://store.steampowered.com/app/6030/ .)

    Installing JKII with SteamCMD.
    Installing JKII with SteamCMD.

    Next, you have to follow the README for JediOutcastLinux.  One snag I hit was that Ubuntu 14.04 LTS 64-bit does not have ia32-libs, but install lib32z1,  libopenal1:i386, and libXrandr2:i386 instead and things should work the same. (When you run the game from the command line error messages will tell you what you’re missing.) Just download the whole repo as a zip if you’re only interested in playing, and grab the binaries from the code/Release folder. Copy the base folder that you’ve downloaded via SteamCMD together with the binaries, mark the binary as executable, and you should be good to go! The game works beautifully, with fullscreen, crisp graphics and smooth framerates.

     

    Jedi Knight II Fullscreen on LInux!
    Jedi Knight II Fullscreen on LInux!

    Update: I just finished playing through the entire game without ever crashing! (Which I believe is better than when I played it on Windows back in the day…)  The only things that were a bit off were that debug messages sometimes appeared in the top left corner, and that dark or foggy places sometimes were overly dark/foggy. (I guess the video drivers behave a bit differently than ten years ago on Windows.) But no problem, because we have night-vision gear in the game!

    I even managed to make it load up a mod, but sadly it crashed after the mod’s intro was over. Ah well, still not a bad showing all in all!