Indy News Assistant

After noticing the recent increase in (self)censorship by mainstream media I created the “Indy News Assistant”. It takes any topic and provides both news sources as well as latest YouTube videos published on the matter.

Here’s the link: https://chat.openai.com/g/g-AvKUgF4F4-indy-news-assistant

To make it easy for those without a ChatGPT subscription here is a public Streamlit app using the same api: https://indy-news.streamlit.app

It uses vectors and bm25 to make search work, and I think it is an interesting and cheap approach. Unfortunately vector searches, like LLMs, suffer from producing irrelevant output, and so this comes with a YMMV warning 😉

Source: https://github.com/morriz/indy-news

KrakenFX now KrakOn

Google decided to block my KrakenFX app because it infringed on their impersonation policy. As such I rebranded it KrakOn and managed to keep the same in-app purchase ids. This will hopefully mean that previous customers who purchased the trading functionality will keep having access in the new app as well.

Finally released: new KrakenFX app to trade on the Kraken exchange

Over one year ago, after noticing the lack of a mobile app to trade on the Kraken exchange, I set out to build one. A good opportunity to learn React Native I thought. After some months of hard work it had all I wanted. But when I was already using it myself for a while I lost interest. Well, maybe also because the whole crypto market crashed. Anyway, I (literally) took distance and started traveling again.

But a little over a month ago I broke my hip and could only lie down. I was separated from the world and stepped into my programming bubble once again. And so I finally manage to finish up the app, so I hereby want to present to you the first production release of the new KrakOn app for Android (iOS still pending review).

I specifically wanted the app to stay simple, beautiful and easy to use. Because some of these apps out there are so ugly and hard to grasp, it just made me cry ;p

So why don’t you head over to the Play Store and try it out? It makes trading on Kraken fun again. Their api rarely times out nowadays, which tells me that Kraken has made an effort to stay in the game as one of the major exchanges.

iOS 12 shortcuts review

The purchase of the Workflow app by Apple, and releasing it as Shortcuts app in their latest iOS 12 release, is a step forward in personal automation if you ask me. A huge step, but let’s zoom in to what is possible from a developers standpoint.

Shortcuts are a succession of actions, like ones interfacing with the native device capabilities exposed (camera, maps, text messaging etc), script actions such as setting/getting a variable and looping over a list of found/selected items, or even other inline shortcuts. When working with them you find that you can almost always find a way to realize the idea in your head with the building blocks provided. But that is exactly the limitation of the current implementation. They are linearly executed predefined building blocks that take an input and create an output. This leads to very cumbersome programming, with simple constructs like filtering/sorting becoming a huge headache.

In order to execute function-like behaviour you typically first park the main threads value in a variable, then extract what you need into new variables, do some processing (recursion or looping bringing even more headaches), and then ‘get variable’ to come back to the main thread. I find myself wishing for a real scripting environment all the time. Of course Apple tries to keep the attack vectors to a minimum with this approach, but maybe in the future a proofing layer over a scripted approach can achieve the same result. Making us developers happy shortcut coders.

But, being a power user seeing automation possibilities first of all, I felt the need to create some shortcuts. I spent quite some moments in my car lately, and am disappointed about Siri’s shortcomings when it comes to dictation in other languages and delegating results to other apps. So I created the following shortcuts:

  1. Dictate to Siri in my native language (Dutch), while operating her in English, and copying what I said to the clipboard (to be used in subsequent actions).
  2. Run other shortcuts that take clipboard contents as input, like automatically translating to english.
  3. Match a certain contact from voice/clipboard input  (like from step 1)
  4. Extract maps location from voice/clipboard (which can contain an address of type Text, or a found Contact with one or more addresses)
  5. Navigate  to (selected/clipped text, apple maps location or contact) with the app of my choice: Waze, sometimes Google Maps.
  6. Drive to a contact, or home, with Waze.

As you can see I have named the shortcuts with “>” in front (expressing it expects a previous input), or with “>” behind (expressing it is a building block for other shortcuts). I hope these shortcuts and it’s implementation details can serve you as well. I still have to find out how to publish my shortcuts in an open source manner like on GitHub. Maybe I will just create a repo with a doc of iCloud hosted shortcut URLs.

UPDATE: I have done just that and published my GitHub hosted shortcuts.

Have fun breaking your head over this new functionality!

Oh Danalock

Ok, I have had it. I am so frustrated about my Danalock lock and app that I have to tell the world what is bothering me about it.

My Danalock v2 was not strong enough (and was ugly big), and broke it’s internals after some rotations. Ok, so Danalock didn’t want to refund me for v2, but offered to buy v3 for half price. Take it or leave it. So, with a bitter taste in my mouth, I took it.

V3 fared better, and lasted a year. Then it just fell off, and the company admitted that the mounting ring must have worn out. So they sent me a new one and it works again (for a year?).

But what frustrated me even more was the app. It was the most broken UX you imagine from the start, and they never managed to make it any better. I strongly advised them to hire a good UX team, but they only made features less usable. Check out what my guests now see after they finally managed to make an account:

Disconnected Danalock interface
Disconnected Danalock interface is meaningless,  ambiguous and confusing.

Actually, the red and green icon is greyed out and only becomes coloured during their stay. Ok, I can live with that. Most guests understand that, but a lot of guests keep asking me about what is going on. Those that have an active key, and still see the button halves (indicating that the app has trouble connecting via  bluetooth to the lock, because not in range or flaky) start pressing the button halves to discover that they have “no rights to unlock the door remotely”. Where in the interface does it even become clear that remotely opening doors is an option? Sure, Danalock offers a “danalock bridge” but I don’t have one registered on the lock, so why offer that interface to the users??

Then, when they arrive at the doorstep and manage to connect with the lock the interface changes to this:

Danalock confusing interface
The most simple Danalock step has the worst UX you can imagine.

What button would you press to open the lock? The big fat green one, right? WRONG! You have to press the small red one. (The green one deep-locks the door!) How simple could it be? Maybe two buttons that say “open” and “lock”?
How they conceive of such a confusing interface is beyond me. If a user test group would see this they would certainly fail to use that app. I suspect the Danalock developers think they are smarter than their user base.

But why did I choose this lock above others? They offer airbnb integration. Check out their promise, as it is nowhere near what they deliver. It never managed to work because of the following:

  1. I have to choose which listing to associate with the lock, but I want them all associated, as I have multiple rooms in one house with one lock. Why force that choice?
    I suspect this related to issue #2, as I sometimes reassociate the lock to another listing when a booking comes in:
  2. Invitations send links that always seem to be expired, frustrating guests, so I still have to send one manually.
  3. I can’t send invitations on the day that my guest arrives (or even tomorrow!), so I can never serve short bookings. Why have that limitation?

Failed Danalock AirBnB integration
Danalock shows past reservations as “cancelled”, even when they are one day in the future!!

So I was very disappointed and quickly avoided that shitty part of the app, and started sending links manually. But then my guests started complaining about manual invitation links also not working or being expired, even though I just sent them, within the 24 hours on the next screenshot:

Why does Danalock let invitations expire? It makes no sense.

Again, their “smart” developers introduced limitations that don’t serve any business purpose. Not only that, their links miraculously expired even within the 24 hour time window! These bugs managed to frustrate our guests so much, that our airbnb ratings for “Check-in” experience started going down. So with text messaging I had to prepare my guests for a not-so-nice-and-sometimes-failing experience, because I needed them to be able to come in with that app!

But what is bothering me most about all of this is the lousy stance Danalock has to bug reporters like me. Instead of supporting us and evaluating our needs and grievances, we are left in the cold. One year ago, after threatening to tell the truth about my experiences to the world they immediately changed their tone and stopped defending themselves and used polite language in their responses. Months later they introduced zendesk, but none of the grievances were met. More guests got put off by their product. Nothing has changed in over a year of me trying to work with them. Nothing but hiding behind their choices for their stupid logic and promises. Leaving me with cleaning up their mess, and making me do way too much work to manage guest entry to my property.

So out it is, from the bottom of my festering gut…let’s hope this post helps to bring focus to the Danalock team.

Coming back to Kubernetes

After traveling for a long time I started playing with tech again. I started building a crypto currency trading app for the Kraken Exchange API. The resulting app can be downloaded here: expo.io/@morriz/krakenfx-react-native.

But then I started playing with Kubernetes again, and started working on mostack: a stack with Kubernetes best practices. This was a hard and long road past obscure pitfalls and learnings. Some I just have to give back in the hope you may avoid them.

Drone CI/CD.

To automate software building we need a CI/CD build system. I chose to go with Drone, as I like the simplicity of working with docker containers, and it’s open source and not SaaS. But Drone uses Docker in Docker (dind) and that gave me the following problem:

Drone starts the host docker container running the dind with a custom network. Probably for good reasons, but this makes it impossible to resolve any cluster ips from known kubernetes service names.
I needed to docker push to a locally running docker-registry service, as well as make kubectltell the api server to update deployments. Since there is no way around this, I had to use the host docker socket and manually instrument the wiring of the plugins. Including the custom dns settings. Please see the .drone.yml in the morriz/nodejs-demo-api how I did that. For more information around my dns related issues see my posts in the drone discourse .

Helm

The biggest challenge in k8s userland is the deployment of the manifests. Ideally one would like to have a uniform approach to apply the entire new desired cluster state in one go. Preferably automated after a git push to the cluster repo. For now I chose to experiment with Helm, which allows me to make one root ‘Chart’ (the name they use for a ‘package’) for the entire cluster, with app subcharts that describe the components running on the cluster. But somehow the Helm people have decided to use a ‘Tiller’, which is an agent pod listening to the helm client. Supposedly it helps in managing the cluster, but the logician in me says it goes against the unidirectional flow of stateless architectures. I wanted to avoid running the agent, and luckily the ‘template’ helm plugin lets met do that. You can install it with helm plugin install https://github.com/technosophos/helm-template. Now we can just apply the entire application state (from the root folder) like this: helm template -r mostack . | kubectl apply -f -

Another downside to using helm is the fact that I can’t deploy subcharts in their own namespaces. But that option might come in the future.

Happy helming!

iD!OTZ got hax0red

While I was minding my health on many levels in a beautiful place called Ängsbacka, friggin criminals got access to my wordpress site and used it as a spam server. Thanks to my good friend hosting it, it was pulled offline for further inspection.

But while in retreat I recovered from serious back problems and stiffness, and decided to take a whole year off to travel the world and stay healthy. I did not want to slip back into my previous life, which involved way too much sitting behind a computer. So I quickly fixed this blog by putting back the wp_posts table in a new setup. And by doing just that I regained all my pages and posts. Nice!

So without much further ado I present the new and stable iD!OTZ wordpress website, based on the twenty ten something theme 😉

TADAAA!

Milieuzone Utrecht app

De gemeente Utrecht is de eerste met een verbod op 15 jaar oude diesel auto’s in het centrum. Omdat ik het nogal problematisch vind om mijn 15 jaar oude BMW 530D -die ik met zoveel liefde heb behandeld- weg te doen, heb ik een app gemaakt die me waarschuwt wanneer ik de milieuzone nader.

Ik heb de app aangeboden aan de app store, en wacht op bevestiging. Ik heb hier alvast een pagina aangemaakt met details over de Mileuzone Utrecht app.

Ook heb ik hier een web versie online gezet: de web versie van de Milieuzone Utrecht app

Mocht je er wat aan hebben, dan zou ik het leuk vinden als je een reactie plaatst 🙂

Google’s golang for president

Being a hungry geek I can’t help myself from innovating myself, and so I read blogs here and there on the current state of software and architecture. But I didn’t really have any alarm bells going off the last couple of months when I came across Google’s Go language. I think it was just a classic example of my assumptions getting in the way (knowing Docker was built using Go, I figured it was some new low level generic language). But now that I finally started studying it, it appeals to me more and more.

You see, after having advocated Node.js for some years now, and seeing the architectural shift towards frontend middleware becoming a reality, I never really looked for anything better or more suited for that. And that is exactly where Go fits in. It’s such an elegant solution to the need of scalable applications that handle concurrency and parallelism gracefully. It’s still a functional language, but at the same time it’s blocking! It’s kinda weird that I am excited about that, since I have been addicted to events for the last years, and have a hard time shedding that skin. But I have seen the complexity of large scale applications that are built upon callbacks and promises, and it secretly made me wish for something simpler. Something that did not make us do custom code-(re)structuring all the time. But the flexibility just kept me in love and favor it above anything else.

And now I found Go, and Rust, but that is another story that might not have a happy ending.

My pentesting crash course

Oh yeah, after a silent retreat of about 4 months, I was super hungry for new knowledge, and couldn’t resist to dive into the world of internet security. I got myself up to par with the current state of affairs with regards to vulnerabilities and exploits, pentesting distros, and learnt the basics of crypto technology to make sense of it all. I was getting kinda paranoid and gloomy when I found out that the cyber criminals where winning and already had a huge head start. All the vulnerabilities that were found and left in place by vultures such as the NSA and other criminals allowed for mass surveillance and infiltration and manipulation of our digital lives, including our finances.

So I just had to study on, to know what is going on, what I could do, or what I SHOULD do. But I am not sure anymore, maybe I just want to stay with the sheep and pretend I am not interesting to any party, and can manage to keep my data intact and safe from criminals by rotating passwords and such. Or should I go completely off the grid and hope to turn my signals into noise? I have no such illusions, knowing where and how my data is tapped into. What I can do from now on is use encryption that the NSA did not get their hands on (like RSA-ECC/AES/SHA-3). Please google for yourself. You can start by checking the links on this post by Bruce Schneier.