Don't Download Zoom!

First, I strongly recommend switching to Jitsi Meet:

  • It's free
  • It doesn't require you to sign up at all
  • It's open source
  • It's on the cutting edge of privacy and security features

Second, Anything else that runs in a browser instead of trying to get you to download an specific desktop application. Your browser protects you from many stupid things a company may try to do. Installing their app means you are at more risk. (Apps for phones is a different story.).

A small sampling of other web based options:

  • Talky.io (also open source, no account required)
  • 8x8.vc which is the company that sponsors Jitsi Meet. Their offering has more business options
  • Whatever Google calls their video chat product this week (Duo, Hangouts, Meet).
  • join.me
  • Microsoft Skype (no signups or account required for a basic meeting!)
  • whereby

There are many reasons not to choose Zoom.

😞😞😞

Finally, So you have to use Zoom?

Zoom actually supports joining a call with a web browser. They just don't promote it. Some things may not work as well but you get to keep more of your privacy and security.

  1. On joining the meeting close the request to run a local app.
  2. Click Launch Meeting in middle of screen. Zoom join meeting page
  3. Again close out of the request to open a local app
  4. Ideally, you now get a join from browser, click that! Click join from browser

If it doesn't work try loading the site in another browser. First try Chrome (or those based on it - Brave/Opera) and then Firefox. It's possible that your organization may have disabled the join from web feature.

If you are a Zoom host or admin (why?) you can also ensure that the web feature is not disabled.

2020 LiveCD Memory Usage Compare

Time for a 20.04 LTS LiveCD memory comparison with a bunch more distros. I last did one in 2016.

Using Lubuntu as an example base memory usage approximately doubled from 2016 (251M) to 2020 (585M). Those numbers aren't strictly comparable because I'm not using the exact same setup as in 16.04 and I enabled more modern features (virtio graphics, EUFI, 4 cores).

Memory usage compared (in G) 000.20.20.40.40.60.60.80.8111.21.21.41.41.61.61.81.8222.22.2Clear 33300Elementary 5.1Endless 3.8Fedora 32KubuntuLubuntuManjaro 20.0.3 XFCEopenSUSE Leap 15.1Solus 4.1UbuntuUbuntu BudgieUbuntu MateXubuntu0.822.259000436946966356.3326446313486Clear 333000.869.95685851611904356.3326446313486Elementary 5.11117.6547165952911337.5288111415677Endless 3.81.25165.35257467446323314.02401927934153Fedora 320.8213.05043275363525356.3326446313486Kubuntu0.585260.7482908328073376.54676563286307Lubuntu0.9308.44614891197944346.93072788645816Manjaro 20.0.3 XFCE1.25356.14400699115146314.02401927934153openSUSE Leap 15.11403.84186507032354337.5288111415677Solus 4.11451.53972314949556337.5288111415677Ubuntu1499.2375812286677337.5288111415677Ubuntu Budgie0.9546.9354393078397346.93072788645816Ubuntu Mate0.6594.6332973870118375.1364781211295Xubuntu1.536.250372140170775290.51922741711536Clear 333001.2583.94823021934286314.02401927934153Elementary 5.11.5131.6460882985149290.51922741711536Endless 3.81.5179.34394637768705290.51922741711536Fedora 321.25227.04180445685907314.02401927934153Kubuntu0.7274.7396625360311365.73456137623907Lubuntu1.5322.43752061520325290.51922741711536Manjaro 20.0.3 XFCE1.75370.1353786943753267.0144355548892openSUSE Leap 15.11.5417.83323677354736290.51922741711536Solus 4.11.5465.5310948527194290.51922741711536Ubuntu1.5513.2289529318915290.51922741711536Ubuntu Budgie1.25560.9268110110635314.02401927934153Ubuntu Mate1.25608.6246690902356314.02401927934153Xubuntu1.7550.24174384339459267.0144355548892Clear 333001.7597.93960192256667267.0144355548892Elementary 5.11.75145.63746000173873267.0144355548892Endless 3.81.75193.33531808091084267.0144355548892Fedora 321.75241.03317616008286267.0144355548892Kubuntu0.9288.73103423925494346.93072788645816Lubuntu1.75336.4288923184271267.0144355548892Manjaro 20.0.3 XFCE2384.1267503975991243.50964369266302openSUSE Leap 15.11.75431.8246084767712267.0144355548892Solus 4.12.25479.5224665559432220.00485183043688Ubuntu2527.2203246351154243.50964369266302Ubuntu Budgie1.75574.9181827142874267.0144355548892Ubuntu Mate1.5622.6160407934594290.51922741711536XubuntuMemory usage compared (in G)Boots to DE that can start somethingBrowser load simple websiteYouTube plays Big Buck Bunny maximi…YouTube plays Big Buck Bunny maximized

Lubuntu is able to work with less at least partially because of Zram. The other distro that has Zram enabled is Endless, but they also use the Chromium browser which generally uses more memory than Firefox (also Elementary uses Ephipany). My guess is if Xubuntu enabled zram it's profile would more closely match Lubuntu.

Notes:

  • Time limit for each applicaton launch is approximately 30 seconds.
  • Accuracy over 1G is by .25G increments. Under 1G, I tried to narrow it down to at least .1G.
  • Getting out of full screen on YouTube apparently is an intensive task. Dropped testing that.
  • Screen size was set to 1080p/60Hz.
  • Sample qemu line: qemu-system-x86_64 -enable-kvm -cdrom clear-33300-live-desktop.iso -smbios file=/usr/share/ovmf/OVMF.fd -m 1024M -smp 4 -cpu host -vga virtio --full-screen
  • All Ubuntu derivatives were from 20.04 LTS

Quick Rust Comparison

I've been wanting to try out Rust with something very simple as a first pass through the language.

Rust Impressions

Although I didn't do much with functions on this quick pass - I love the ability to not have the order of main in a program to matter.

Super helpful error messages. Here is an example:

warning: value assigned to `temp` is never read
 --> src/main.rs:4:13
  |
4 |     let mut temp=0u32;
  |             ^^^^
  |
  = note: `#[warn(unused_assignments)]` on by default
  = help: maybe it is overwritten before being read?

I know others have said this, but the Rust compiler feels like it was designed to help me code, rather than just throw errors.

Speed?

I decided to write a simple unoptimized version of the fibonacci sequence. My goal was to take enough time to be noticable...

On my first pass:
  • Rust runs took 1m34seconds (using cargo run)

  • Python took more than 6 minutes

  • C got 7 seconds

Clearly I must have done something wrong...

It turns out that by default it has debug info and checks that slow Rust down. So a

cargo build --release
./target/release/fib

Then it was faster than C.. and I realized I need to turn off C's debug bits too with:

gcc -O2 -s -DNDEBUG to gcc helped. gcc  fib.c
The final results (all approximate):
  • Python: 6+ minutes.

  • C: 1.101s

  • Rust: .95sE

The Rust

fn main() {
    let mut previous=0u32;
    let mut current=1u32;
    let mut temp;
    let maxvalue = 2000000000u32;

    for _n in 0..2000000000 {
            if current >= maxvalue {
                //Reset!
                previous=0; current=1;
            }
        temp = current;
        current = previous + current;
        previous = temp;
    }
    println!("{}", current);
}

The C

#include <stdio.h>
int main() {

    unsigned long int previous=0;
    unsigned long int current=1;
    unsigned long int temp;
    unsigned long int maxvalue = 2000000000;
    for ( int n=0; n < 2000000000; n++ ) {
        if (current >= maxvalue) {
                //Reset!
                previous=0; current=1;
        }
        temp = current;
        current = previous + current;
        previous = temp;
    }
    printf("%lu", current);
}

The Python3

previous=0;
current=1;
temp = 0;
maxvalue = 2000000000;

for n in range(2000000000):
    if current >= maxvalue:
        #Reset!
        previous=0; current=1;
    temp = current;
    current = previous + current;
    previous = temp;
print(current);

3 Malaysia MPEG-2 Patents left

With February 13th passing it would appear there are only 3 Malaysia patents left:

  • MY 128994 (possible expiration of 30 Mar 2022)

  • MY 141626-A (possible expiration of 31 May 2025)

  • MY-163465-A (possible expiration of 15 Sep 2032)

These two just expired:

  • MY 118734-A - Exp. Jan 31, 2020

  • PH 1-1995-50216 - Exp. Feb 13, 2020

I am very much not a patent lawyer, but my reading indicates all the 3 remaining are really all the same expired US Patent US5565923A with varying Grant dates causing to expire far in the future.

I've started a detailed tracker for those who want more details.

Hack Computer review

I bought a hack computer for $299 - it's designed for teaching 8+ year olds programming. That's not my intended use case, but I wanted to support a Linux pre-installed vendor with my purchase (I bought an OLPC back in the day in the buy-one give-one program).

I only use a laptop for company events, which are usually 2-4 weeks a year. Otherwise, I use my desktop. I would have bought a machine with Ubuntu pre-installed if I was looking for more of a daily driver.

The underlying specs of the ASUS Laptop E406MA they sell are:

Unboxing and first boot

Unboxing

Included was an:

  • introduction letter to parents
  • tips (more for kids)
  • 2 pages of hack stickers
  • 2 hack pins
  • ASUS manual bits
  • A USB to Ethernet adapter
  • and the laptop:

Laptop in sleeveLaptop out of sleevefirst open

First boot takes about 20 seconds. And you are then dropped into what I'm pretty sure is GNOME Initial Setup. They also ask on Wifi connections if they are metered or not.

first open

There are standard philips head screws on the bottom of the laptop, but it wasn't easy to remove the bottom and I didn't want to push - I've been told there is nothing user replaceable within.

The BIOS

The options I'd like change are there, and updating the BIOS was easy enough from the BIOS (although no LVFS support..).

bios ez modebios advanced

A kids take

Keep in mind this review is done by 6 year old, while the laptop is designed for an 8+ year old.

He liked playing the art game and ball game. The ball game is an intro to the hack content. The art game is just Krita - see the artwork below. First load needed some help, but got the hang of the symmetrical tool.

He was able to install an informational program about Football by himself, though he was hoping it was a game to play.

AAAAAmy favoritewater color

Overall

For target market: It's really the perfect first laptop (if you want to buy new) with what I would generally consider the right trade-offs. Given Endless OS's ability to have great content pre-installed, I may have tried to go for a 128 GB drive. Endless OS is setup to use zram which will minimize RAM issues as much as possible. The core paths are designed for kids, but some applications are definitely not. It will be automatically updating and improving over time. I can't evaluate the actual Hack content whose first year is free, but after that will be $10 a month.

For people who want a cheap Linux pre-installed laptop: I don't think you can do better than this for $299.

Pros:

  • CPU really seems to be the best in this price range. A real Intel quad-core, but is cheap enough to have missed some of the vulernabities that have plaqued Intel (no HT).
  • Battery life is great
  • A 1080p screen

Cons:

  • RAM and disk sizes. Slow eMMC disk. Not upgradeable.
  • Fingerprint reader doesn't work today (and that's not part of their goal with the machine, it defaults to no password)
  • For free software purists, Trisquel didn't have working wireless or trackpad. The included usb->ethernet worked though.
  • Mouse can lack sensitivty at times
  • Ubuntu: I have had Wifi issues after suspend, but stopping and starting Wifi fixed them
  • Ubuntu: Boot times are slower than Endless
  • Ubuntu: Suspend sometimes loses the ability to play sound (gets stuck on headphones)

I do plan on investiaging the issues above and see if I can fix any of them.

Using Ubuntu?

My recommendations:

  • Purge rsyslog (may speed up boot time and reduces unnessary writes)
  • For this class of machine, I'd go deb only (remove snaps) and manual updating
  • Install zram-config
  • I'm currently running with Wayland and Chromium
  • If you don't want to use stock Ubuntu, I'd recommend Lubuntu.

Dive deeper

2020 Presidential Tracker now live

May Update

I've revamped it by creating a single score to summarize all the tests - the goal is to have some useful predictivate quality - and be easier to track over time. To predict how prepared they are for a "bump" or their "monent", but also provide an idea of how much outside actors might be able to meddle with their campaign.

There are 3 different categories:

  • Performance metrics - The top four are donaldjtrump.com, julianforthefuture.com, joebiden.com, and amyklobuchar.com.
  • Email security - Top are elizabethwarren.com, hickenlooper.com, corybooker.com, and joebiden.com. They will have a much better time communicating to their supporters.
  • and other website security metrics

Today's results:

  • 65 - joebiden.com - the highest score. only one with a non-F letter grade, but it's still a D.
  • 55,56 - corybooker.com, hickenlooper.com - both substancially improved over last evaluation.
  • 48,49 - amyklobuchar.com, elizabethwarren.com
  • Low 40s - betoorourke.com, , michaelbennet.com, johndelaney.com
  • High 30s - jayinslee.com, marianne2020.com, berniesanders.com, stevebullock.com
  • Low 30s - donaldjtrump.com, ericswalwell.com, weld2020.org
  • 20s - tulsigabbard.org, kirstengillibrand.com, kamalaharris.org, billdeblasio.com, peteforamerica.com, wayneforamerica.com, timryanforamerica.com
  • 18 - sethmoulton.com
  • 9 - yang2020.com - Will the math lover stand being last?

All the candidates can definitely do better, my website gets a 79. I don't really see anyone getting out of the race before the first debate, so I can't make any clear predictions at this point.

You can get the full details at the 2020 presidential website tracker. .


Original post:

Now it's a tradition (did it in 2016 too)... I'm launching my 2020 presidential website tracker.

I'm being harsh and limiting everyone to a C rating for now. There are some basic things all the candidates really could be doing. If you see a mistake I made or find something new to track, feel free to report a bug/pull request.

Firefox Snap is the best way to run Beta Firefox

Update 20019-08-23: I've since moved on from running Beta Firefox and switched from using Snaps for it

First things first. I haven't been a huge fan of Snaps (despite working for Canonical) or Flatpaks. Both I felt initally put convenience over security. I believe both are maturing now, but it again puts the evaluation if a package is secure on users - instead of distros which actually have teams to review items before inclusion.. Anyway, with that said: On to how I am loving the Firefox Snap

Backstory

I'm a long time Beta user of Firefox, but I've been using stable for a while cause it's just easier. I generally preferred getting the tarball from Mozilla directly which has a minor issue. Long story short, Nautilus doesn't want to be a program launcher of files provided in tarballs. In fact, Nautilus just dropped that support entirely - just at the same time where it was worked around in Firefox.

Snap Install firefox beta

sudo snap install firefox --beta

That's it. No unpacking a tarball - no making a desktop entry so you can launch it more easily. Of course, just leave off --beta if you want to get the stable version of Firefox via a snap.

It uses a separate profile from the deb installed Firefox, but you can only run one at a time. (This is the same if you download a tarball)

Some other steps that will vary based on wha you are doing: 1. Sync your data across (I use mozilla sync) and setup your extensions, etc. 2. Replace the deb based one from your dock and add the snap based one there. (Right click details in Gnome to see which is which)

Upgrade to 63 beta

So snaps autoupgrade and I soon found myself on Firefox 63 beta and everything looked good until I tried to join a hangout. It didn't work. Since I was using snaps I just tried a: sudo snap revert firefox and I was back on 62 beta in time for my hangout starting in 2 minutes. (Note: it was likely worth just switching to stable instead with sudo snap refresh firefox --stable)

Snaps will automatically upgrade to the next version with the hope that it will have fixed whatever bug made you revert. A few days they released a new version of 63 beta and Hangouts broke again. In this case I determined it was actually a Google Hangouts/Meet bug. One good way to tell when different channels have had releases is to look at https://snapcraft.io/firefox.

Privacy

The snap version does provide more protection from a compromised Firefox. It also separates the Downloads folder for the snap to a snap specific one at ~/snap/firefox/common/Downloads.

Access Denied trying to open .ssh from snap

Other issues

  • Checkboxes didn't show up for a bit on version 62.
  • Multi-account container's has a bug in Firefox 63.

From what I can tell these issues are all Firefox beta issues, not issues specific with the snap version. The only snap specific issue I've ran into is the first time you start a snap it takes a while.

Conclusion

I'm staying on a Firefox snap. It's faster to change between stable and beta channels. It also seems like it gets updates faster than Firefox in the Ubuntu archive.

Give it a try today with (or remove the beta for stable): sudo snap install firefox --beta

Stop changing the clocks

Florida, Tennessee, the EU and more are considering one timezone for the entire year - no more changing the clocks. Massachusetts had a group study the issue and recommend making the switch, but only if a majority of Northeast states decide to join them. I would like to see the NJ legislature vote to join them.

Interaction between countries would be helped by having one less factor that can impact collaboration. Below are two examples of ways this will help.

Meeting Times

Let's consider a meeting scheduled in EST with partipants from NJ, the EU, and Arizona.
NJ - normal disruption of changing times, but the clock time for the meeting stays the same.
Arizona - The clock time for the meeting changes twice a year.
EU - because they also change their clocks at different points throughout the year. Due to this, they have 4 clock time changes during each year.

This gets more complicated as we add partipants from more countries. UTC can help, but any location that has a time change has to be considered for both of it's timezones.

Global shift work or On-call

Generally, these are scheduled in UTC, but the shifts people actually work are in their local time. That can be disruptive in other ways, like finding child care.

In conclusion, while these may be minor compared to other concerns (like the potential health effects associated with change the clocks), the concerns of global collaboration should also be considered.

Now powered by GitLab, Nikola, and Cloudlfare

I just finished moving my website from Wordpress to Nikola (static site generator), GitLab (git and hosting), and CloudFlare (CDN, HTTPS and more).

Why Nikola

Their attitude in the handbook is "DON'T READ THIS MANUAL. IF YOU NEED TO READ IT I FAILED, JUST USE THE THING." That's my kind of software methodology. Don't blame the user, make the system better.

It is also a great handbook that has had pretty much every question I've asked. Documentation is still essential, but it's nice if the commands are self explanatory.

It just worked to import my Wordpress site (minus comments which I "inlined" or deleted for various reasons). I did do some manual HTML to markdown conversion for pages I want to edit more.

Why GitLab

I first tried and had Nikola working with GitHub, but GitLab gives me:

  • Automatic building - I don't have to have a separate branch for output, I just git push my changes (or change on the website) - and GitLab will run a job to create my website. I know this is possible on GitHub, but GitLab just makes it easy.
  • The option to upload SSL Certs. If I need to drop CloudFlare for some reason, I can have GitLab maintain my website using HTTPS (Which I need to because I'm on the HSTS preload list).
  • Easier drive by contributions. GitLab lets you sign in with Google, Twitter, GitHub, or BitBucket. I'm thinking for suggesting changes to say a paper (or even this blog post!), that will make for a lower barrier to entry. (Of course, I'd prefer any OpenID but it's better than requiring a new account)

I absolutely love that they have their company handbook maintained in Git and public to the world (with merge request welcome!).

Why CloudFlare

CloudFlare's free plan rocks. And if I ever need to be able to handle more traffic faster, I can upgrade/downgrade as necessary.

  • Free (Good) SSL with TLS1.3 Beta too
  • Free IPv6
  • Free HTTP2

Who we trust | Building a computer

I thought I was being smart.  By not buying through AVADirect I wasn't going to be using an insecure site to purchase my new computer.

For the curious I ended purchasing through eBay (A rating) and Newegg (A rating) a new Ryzen (very nice chip!) based machine that I assembled myself.   Computer is working mostly ok, but has some stability issues.   A Bios update comes out on the MSI website promising some stability fixes so I decide to apply it.

The page that links to the download is HTTPS, but the actual download itself is not. I flash the BIOS and now appear to have a brick.

As part of troubleshooting I find that the MSI website has bad HTTPS security, the worst page being:

Given the poor security and now wanting a motherboard with a more reliable BIOS  (currently I need to send the board back at my expense for an RMA) I looked at other Micro ATX motherboards starting with a Gigabyte which has even less pages using any HTTPS and the ones that do are even worse:

Unfortunately a survey of motherboard vendors indicates MSI failing with Fs might put them in second place.   Most just have everything in the clear, including passwords.   ASUS clearly leads the pack, but no one protects the actual firmware/drivers you download from them.

Main Website Support Site RMA Process Forum Download Site Actual Download
MSI F F F F F Plain Text
AsRock Plain text Email Email Plain text Plain Text Plain Text
Gigabyte (login site is F) Plain text Plain Text Plain Text Plain text Plain Text Plain Text
EVGA Plain text default/A- Plain text Plain text A Plain Text Plain Text
ASUS A- A- B Plain text default/A A- Plain Text
BIOSTAR Plain text Plain text Plain text n/a? Plain Text Plain Text
A quick glance indicates that vendors that make full systems use more security (ASUS and MSI being examples of system builders).

We rely on the security of these vendors for most self-built PCs.  We should demand HTTPS by default across the board.   It's 2017 and a BIOS file is 8MB, cost hasn't been a factor for years.