PreSonus makes good computer speakers. They’re marketed as “reference monitors” but at $100 for a small set I have my doubts about their referenceness. Fortunately I have a tin ear and they sound just fine for my computer playing YouTube videos, compressed music, games. Wirecutter agrees.

The specific ones I have are these 3.5" Bluetooth speakers for $150. Inputs are RCA line-in, balanced, and Bluetooth, also an Aux-In and Headphone jacks on the front. Decent amplifier, plenty loud for an office. There’s 100Hz and 10kHz equalization knobs and a Bluetooth pairing button in the back. The “Gen 2” version includes an optional standby mode for power savings which seems to work fine. The cabinet is MDF and while it’s light it doesn’t have that hollow sound of cheap plastic. The website only promises 80 Hz so these are not the speakers for bass thumping.

Fifteen years ago I recommended the M-Audio speakers. IIRC their quality went downhill, maybe they went to plastic enclosures? I also had some Creative Mackie speakers but they have a manufacturing problem that causes them to fail after a few years. We’ll see how long these PreSonus ones last.

I’m self-conscious how this post looks like a spammy marketing affiliate page written by an AI. It’s not! I just like the product.

  2024-06-08 18:42 Z

Phanpy is good software for reading Mastodon or other Fediverse posts. Astonishingly it’s an open source passion project from a single developer, Chee Aun. Its quality is extraordinary, better than most commercial social media software.

There’s so many good things about Phanpy that it’s hard to know where to start. It has several innovations for reading social media. My favorite is the Boost Carousel, a way to collapse the ordinary spammy boosts / retweets so they don’t overwhelm original posts. There’s also the catch-up UI, a novel approach to the problem of helping you read the last 12+ hours of posts quickly.

Mostly I like Phanpy because it’s just very high quality. All the little things work so well, like the post UI and the image display and the notifications. The account switcher is great too. So many software products are full of rough edges and bugs and annoyances. Phanpy is immaculate.

It’s easy to get started. Phanpy runs as a PWA so there’s not even really an install, you just visit the website, approve the login from your main Mastodon host, and you’re up and running. I use it that way in my browser on desktop but have it installed as a formal PWA on my phone. Works great, including notifications.

Honestly surprised a product of this quality is an open source project. AFAICT Chee Aun has worked full time on it for at least a year and he is very good at what he does. He has a modest request for sponsors but I hope somehow his work ends up paying him very well or compensates him in some other way.

  2024-05-30 17:49 Z

Google search is overwhelmed with spam these days. Back in January I switched to Kagi and have been happy with it. It’s not free but there’s a limited trial to check it out. I pay $10/mo for unlimited access. Turns out I do about 50 searches a day.

I’m unclear on how Kagi works or why it’s better than Google. It seems to be returning more quality results and less SEO-churn old-but-look-new pages. I see some AI-padded content on the results at times but mostly better stuff. I assume under the hood it’s mostly Bing. Whatever they’re doing works for me, a bit of a surprise since the similar DuckDuckGo has never succeeded for me.

Kagi is ad-free. It has some interesting advanced features but I don’t use them often. Honestly most of my queries are navigational. Kagi does have a new sidebar LLM feature where it generates a synthetic answer with references, much like Bing, sometimes I find that useful.

My biggest annoyance is Kagi’s local and maps search is nowhere near as good as Google. It’s Apple Maps; their cartography is good these days but they don’t have the local search data with user reviews. Also Kagi doesn’t work in incognito mode because I’m not logged in. They have a workaround for it but then you lose anonymity.

I have a feeling I’m going to be changing search engines several times in the next few years. It’s a shame Neeva didn’t make it, I feel like now is the best time ever for serious search competition. I’m grateful Bing is still viable. And maybe Google will finally get its act together.

  2024-05-13 16:00 Z

Restic is good backup software. It’s a command line tool for backing up filesystems to various local and remote options. It is well documented, easy to set up, secure, and quite fast. It’s a very professional product. I am now backing up all my Linux systems with it. Note it’s a sysadmin tool; I don’t think there’s a friendly consumer GUI.

The underlying data model is its genius. Backups are stored in a repository, some complex hash-index blob store that I don’t understand at all. But it seems able to quickly store blocks of data and de-duplicate them so incremental backups are efficient. It’s encrypted and the blobs in the repository are stored in a simple filesystem. That makes it easy and safe to backup to all sorts of places including untrusted remote stores. I’m doing remote backups to BackBlaze’s S3-like filesystem for about $1/month.

The repo format means you need a working copy of restic to restore your files. I’m OK with that, it’s open source. And the tool is great. It has options for bulk restore, individual file restore, interactive restore via a FUSE filesystem. Also a check command you can use to verify subsets of the backup on your own schedule.

The basic command line tool is good but limited. I’m using resticprofile as a frontend. You set up a single config file and it takes care of running restic for you, even scheduling itself in cron. It’s a bit idiosyncratic but seems to work fine once set up. backrest is another frontend, I haven’t tried it.

Shout out to rsnapshot, I’ve been backing up with it for 18 years now. Time for something new. rsnapshot is pretty slow on lots of little files and remote backups were awkward. Years ago I said 5 minutes to do an incremental backup of 165GB was good; that takes more like 5 seconds in Restic now.

  2024-02-05 21:44 Z

Proxmox is good software for a home datacenter. It’s an OS you install on server hardware that lets you easily run multiple virtual machines and LXC containers. It also manages disk storage and has some more complex support for high availability in a cluster, distributed storage via Ceph, etc. But even with a single small server running a single VM Proxmox offers advantages.

my home server

I’ve had a Linux server in my home for 20+ years now. Every few years I have to rebuild it, often from the ashes of failed hardware, and it’s always a tedious manual process. Now my server is truly virtualized, a nice tidy KVM/QEMU virtual machine with a disk I can snapshot and back up. And migrate an exact copy to new hardware in minutes.

Right now I’m mostly running my stuff in one big VM under Proxmox that I migrated from the old server. But I’m slowly moving services to separate VMs and LXC containers. So now my SMB server for Sonos lives in one container, and my Plex server in another, and my Unifi router manager in a third. All running isolated from each other. This feels tidier, more manageable.

Proxmox does a lot of nice things for home-scale servers. It handles ZFS for filesystems, including snapshots and backups. It has a nice web GUI for managing things, even graphical consoles where needed. And I like how it supports both VMs and containers as a first class things. There’s other ways to manage guest systems, like Docker (containers only) or VMware ESXi (proprietary, VMs only). Proxmox feels the right scale for me. I’ve spent about a month tinkering with it and like the software quite a bit. It’s usable, well documented, and seems well designed.

  2024-01-18 19:51 Z

Obsidian is good software for taking and organizing notes. There are many apps for this task, Obsidian is my current favorite. In the past I’ve used a text file, SimpleNote, Standard Notes, Joplin. I never used emacs org-mode nor Evernote. Obsidian works reliably and is simple yet powerful.

The core Obsidian data model is “a folder of markdown files”. That’s it, really basic, and the files are easily usable as ordinary files. There’s natural support for links between notes. There’s also a metadata option I don’t use. I appreciate it’s easy to move files in and out of Obsidian.

But where Obsidian really shines is the plugin ecosystem. I don’t actually use many plugins, just HTML export and system tray. But I appreciate the power. If you check the reddit you’ll find an enthusiast community that does a lot more complicated stuff, turning their Obsidian archives into 1000+ article infobases. Me, I just write grocery lists and blog posts.

Obsidian is not open source. They’re thoughtful about why not. (Logseq is a popular open source alternative). The core product is free and works great. I am paying $96 per year for syncing. It’s pricy but it works well and I want to support the company. You can do your own free sync but none work as easily.

I want to give a shout-out here to Simplenote, an excellent and venerable free product. And after a brief lull development started again in 2020. Kudos to Matt and Automattic for supporting that tool. I like Obsidian’s fanciness but Simplenote is pretty great.

  2023-09-12 17:28 Z

Recently I switched to a new calorie counting app, Cronometer. I’m quite happy with it. It’s a huge improvement over MyFitnessPal (MFP) or Lose It and is not exploitative like Noom.

The key improvement with Cronometer is accuracy, particularly good data sources for nutrition information. MFP offered obviously wrong entries from random people, sapping my confidence. Also it’s quicker to log things from a trusted database.

And the app works well. Cronometer’s UI is modern and easy to use. It doesn’t display extra distractions. MFP’s insistence on scolding me about things I don’t care about was a bummer. The data sync is fast. And they have a good data export, something MFP won’t do.

I have some minor complaints. Cronometer is very excited to track macros and every single obscure nutrient (threonine, selenium?!). I really only want to track calories. Fortunately the other things don’t take up too much space. They also display ridiculous calorie precision in the diary. But that feels like a rare UI mistake, not a general design ethos.

The free version is pretty complete. The $55/year paid plan adds a bunch of stuff, the one I care about is dividing your diary up into individual meals.

I have a long history with food diaries, more off than on. Having a good app that I trust and is easy to use is important.

  2023-09-10 16:53 Z

That’s the post. What are passkeys? I don’t have answers, just questions. I believe passkeys are a great idea but the tech world is doing a terrible job explaining them. Someone really needs to explain how passkeys work in Internet products. Existing descriptions aren’t sinking in, as evidenced by the confusion online. For instance this Hacker News discussion where a new Passkey product announcement is met with a bunch of basic questions about what Passkeys even are.

Update: see these newer Passkey overview articles here and here. Also my own notes written after this was published.

The tech is pretty well defined: Passkeys are a password replacement that uses WebAuthn to log you in to stuff. Companies are widely deploying them now: Apple, Google, Microsoft, 1Password. Passkeys are an industry consensus and are arriving in production very soon or already has. Great! Now then what are they really?

Here’s some questions from my perspective as an ordinary if expert Internet user. I own a few computers and phones and don’t want to trust just one company with my entire digital identity.

  • What device holds my passkey(s)? Let’s assume it’s my phone.
  • What software do I use for my passkeys? I trust 1Password already; can they do all my Passkeys for me? Or can my web browser hold my passkeys?
  • Who issues me a passkey? Let’s say Google issues me one.
  • Logging in to Google with a Google passkey is easy, right? I just unlock my phone and press a button? Awesome!
  • Do I have many passkeys or just one?
  • How do I log in to some other website, say my Mastodon server? Can I use my Google passkey there too? Or does my Mastodon server issue a different passkey?
  • How do I log in to Google if I temporarily don’t have my phone with my passkey on it?
  • How do I reset a passkey if my phone is stolen?
  • How do I log in to other sites if Google goes offline or revokes my account or something?
  • How do I migrate my passkeys to a new phone?
  • Can I store the same passkey on several devices for convenience?
  • Can that passkey be automatically synced between devices, securely?
  • Can I use multiple passkeys to log in to the same account?
  • Can I share a passkey with my partner so we can both log in to the thermostat?
  • Can I still use passwords to log in to a site even with a passkey enabled?
  • I have two factor authentication with a TOTP code generator. Does the passkey replace my password? The code? Both?
  • I really want to use two factors for my bank: I don’t trust just my passkey on my phone to log in me in. How does that work?
  • Can I use passkeys to log in to apps and computers? Or just web sites?
  • If I own a fancy Yubikey device can I use it as a passkey? Use it to protect my passkey?
  • Is there a way for me to generate a passkey myself so I don’t have to trust a company to issue it for me?
  • Can I turn off passkey on a site and log in some other way?

The core of many of these questions is exactly what a passkey is. What I want to read is an article that explains the gestalt of passkeys and identity on the Internet in a way the answers to all these questions becomes clear.

My understanding from what I’ve read is that passkeys are an authentication token, basically a replacement for a single secret like a password. Naively that’d mean I’d need a different passkey for every website I log in to (just like I need different passwords). But I could be wrong. Or maybe the passkey intention is that we use federated logins, so sites like my Mastodon server use Google to help me log in with my Google passkey? (That’s an enormous business problem, if so.)

My other understanding is a lot of my questions don’t have good answers yet. Ie: revocation of a passkey or migrating to new devices. The product announcements from various companies say “trust us, that’s coming soon”. But I do not trust a company like Google or Apple to later add a feature that will make it easy for me to migrate away from their loving embrace. That stuff has to be defined and working before Passkeys are a good product for consumers and the Internet.

Update: Ensuing discussion has made one thing clear: you don't share passkeys between sites. You have a separate passkey for each thing you log in to. That clears up several of my questions. I don't know how I didn't understand that already but the confusion isn't mine alone.

There really needs to be a good, clear description of Passkey as a product so questions like this aren’t being asked over and over again. I’m hopeful the folks working on this stuff understand the answers and just haven’t communicated it well.

  2023-05-19 18:19 Z

After yesterday’s post about passkeys I got enough answers to learn how to use passkeys myself as a consumer. Here’s what I learned. If you want to try it yourself, is a nice demo server.

Passkeys work a lot like passwords do today. You create a different passkey for each website and use it to log in. Your passkeys are stored in what’s called a “Passkey Authenticator”, agent software on your computer. (Behind the scenes passkeys use public key systems that are better than passwords.) Your phone probably works today as a passkey authenticator but most sites don’t support passkeys yet.

Managing passkeys — backing up, migrating, sharing passkeys between devices — is still a work in progress. Android and Apple both support syncing passkeys between devices, that’s important so you can log in even if you don’t have your phone with you. Some software can also delegate. For instance Chrome on Windows will use Bluetooth to use a passkey on a nearby Android phone.

The passkey authenticator is the main user interface. The rest of this post is notes on what authenticators are available to consumers. See also this companion piece that’s a deep dive into the user experience on Android, Chromebooks, and Windows.

Apple seems the best implementation of a passkey authenticator today. It’s built in to Keychain, Apple’s existing authentication product that is pretty well designed. There’s a bunch of screenshots in this article of how the Apple experience works. My Apple-using friends say it’s pretty usable. Keychain syncs passkeys between devices via iCloud.

Android has a passkey authenticator built in called “Google Password Manager,” which already saves ordinary passwords you use in the phone’s web browser. Here’s Google’s docs for users about that and some technical notes on security. Android syncs syncs passkeys between devices. It’s also pretty usable but passkeys are Android-only, not available on desktop (yet).

Chrome on Windows or a Chromebook has passkey support. But the Chrome browser doesn’t store passkeys itself, it delegates to nearby Android devices via Bluetooth. Firefox and Edge on Windows can also do this delegation. Chrome can also delegate to Windows as the passkey authenticator instead of Android.

Microsoft Windows has an authenticator that is connected to Windows Hello, their relatively new login system. I don’t know much about it but it's what you'd use to store passkeys on your Windows machine.

1Password, the password agent, is shipping passkey support in about a month. They have a demo that actually works on Chrome and Edge. It’s nice! In theory this should be a good cross-device way to manage and sync passkeys. I'm waiting for it before adopting passkeys widely.

Dashlane, the password agent, has passkey support. Sounds like early days but usable.

Yubikey, the hardware login token, has a passkey story. I don’t know much about it, their writing points out that passkeys aren’t really anything new and they’ve been doing this kind of thing all along.

Having spent most of a day playing with passkeys my impression is they work today and are usable. My main concern is there’s no support for migrating your passkeys out of, say, Google Password Manager and in to Apple Keychain. And I fear given business realities no one is in a hurry to enable that. The other problem is how long it will take sites to adopt passkeys; we’re going to be stuck with passwords for a good long time.

  2023-05-19 18:06 Z

I tried out Noom, the weight loss and cognitive behavioral therapy program. The app is more like CBT for upselling customers than CBT for weight loss. Now I’m hoping they’ll delete my sensitive medical data and refund the $3 they tricked me out of. (They did, quickly in response to my support email.)

I was excited to try Noom. I’ve used basic calorie counters in the past and was hoping for something better. I’m also curious about CBT. And a friend recommended it.

The account creation process goes OK at first. Then it gets more and more involved, taking 10–20 minutes to fill out the questions. There’s little UI tricks to keep you engaged: fake progress bars, questions injected at random intervals. Classic product UI hacking.

At first it told me that I’d reach my weight goal in about a year. Seemed reasonable! Then it kept shaving weeks off that as I answered questions, like I was making progress already. The conclusion it came to is that I was going to lose 18 pounds in the first month. Pretty sure that’s not possible, certainly not healthy.

Then the upselling begins. They ask some questions to find out your interests and then offer premium packages. “Folks who pay for this package lose 35% more weight” Look, I just want to try the basic thing.

It looks like a 7 day free trial but before you know it they want you to pay asserting “it costs $10 to offer a 7 day trial”. Really? They gave me a choice of what to pay from $0.50 to $18.83. I chose $3 and had to pay via PayPal / credit card; super sus they don’t just use Google Pay on the Android app.

They also try to get you to sign up your friends. They talk about how having folks involved in your program will make you more successful. Which is probably true but then immediately they’re asking for email addresses and offering discounts and gift certificates. It’s marketing, not therapy.

The whole thing was so sleazy and deceptive. Particularly for a therapy-like product. Real therapists have all sorts of ethical guidelines to stop them from exploiting their customers. Noom instead seems to be using CBT to trick customers into paying more. Gross, gross, gross.

  2023-04-08 16:11 Z