Michael Eriksson's Blog

A Swede in Germany

Posts Tagged ‘software

That bad cosmic joke again

leave a comment »

And another day where the frustrations mount to the point that I feel like screaming (and did, for a very valid reason, cry a little)—and, no, I do not write about even half of these feel-like-screaming days:

I woke up in the morning to find a server hosted at Hetzner inaccessible. From the last time around, several months ago, I knew that the web/html interface for resets no longer worked in my browsers,* something that had back then cost me more than an hour of trial and error, until I had stumbled upon a web-service API that could be used from the command line. I now tried to find the commands that I used back then—but found no trace.**

*Barring later fixes. As to the reason, I can only speculate as no proper error message was given. Hetzner is yet another case of a service provider that gradually makes the interfaces less usable.

**Again, I can only speculate on the reason. Maybe this was something that was lost between backups before a notebook crash. Cf. earlier texts.

I went on the Internet to search for the API again—and found nothing. (Search engines are not what they used to be.)

Before moving on to the provider’s website,* I decided to check my emails. This, in part, because I already felt my annoyance growing, fueled by prior poor experiences with Hetzner,** and knew that a break was a good idea; in part, because I should have received email notifications about the server being down, and thought that these might contain a direct link to the right documentation. (They did not.)

*Known to be poorly structured and filled with “Buy now!” messages. There is a reason that I began with a search engine.

**Including the aforementioned issues, several others issues, emails to the support that either go unanswered or are answered weeks later, and an actual letter to complain about e.g. the unanswered support emails, which is still, it self, unanswered—after several months.

Among my emails, I found a message that my step-grandmother, one of the most lovable women that I have ever met, and as dear to me as my regular grandparents, had died. Day ruined.

I spent the next half hour writing a short email, just a few lines, to my step-father, hindered by how hard it was to find suitable words, my own sorrow, and a mind that kept wandering, especially to how different things turn out for different persons: she made it to an amazing 107, while (among many other losses) my mother died at 67, my maternal grandfather at 61 or 62, depending on the months involved, when I was 7, and my paternal grandfather at, maybe, 69, when I was 1 or 2.

Email done, I then went to the providers website. While it was as bad as I remembered, I soon found the information, and with a bit of puzzling, I managed to recreate the right commands in just a few minutes.

Things seemed to, within what was possible, be looking up a little. I went back to my emails, to clean up all the “server down”, “reset requested”, “server up” messages—and found that the half-hour email to my step-father had been unilaterally rejected by Gmail as alleged spam. Kicked when I am already down.

Now truly at the point of wanting to scream, I moved on to this text to get some pressure relief.

Excursion on Gmail:
There are a great many reasons not to use Gmail, including major privacy and security concerns. This mishandling of spam filtering is yet another.

Apart from the above misclassification being absurd in light of the contents, format, and sending address, there is not one line in the return email on how to remedy the situation. Moreover, email providers simple should not reject the delivery of emails, except in the most blatant cases: they might well classify an email as spam, but the email should still be forwarded to the recipient, so that he has the ability to override the decision. Spam-filtering is and must be a user* decision.

*I originally wrote “client-side”, which would be the typical case. However, a server-side intervention under the user’s control is equally valid. Moreover, there is the possibility of a third-party, e.g. an employer, forcing client-side filters outside the user’s control, which is at best disputable, at worst as bad as what Gmail does.

This is the more absurd, as an email to my father, who also uses Gmail, was not rejected as spam—or, if it was, I received no such notification.

Written by michaeleriksson

June 11, 2022 at 12:30 pm

Posted in Uncategorized

Tagged with , , , ,

Redesigning for the worse / Blogroll update

leave a comment »

Last October, I added the Daily Sceptic to my blogroll. Today, I have decided* to remove it again. This in part due to a lower relevance and (my subjective feeling of) less, and less valuable, content as the COVID hysteria, countermeasures, whatnot have subsided.** The main reason, however, is a disastrous redesign.

*I do not currently have access to my WordPress account, and there might be a delay before the actual removal takes place. (This due to various notebook crashes and reinstalls, as discussed in earlier texts. To post on WordPress, I only need my email account.)

**Should they flare up again, I might revisit the decision.

To first look at the big picture:

I have been on the Internet since 1994, and it seems that web design tendentially has grown worse, year by year, that almost every individual redesign of a website makes it worse than before,* and that bigger organizations and organizations with more money tend to have worse websites than smaller ones.

*Indeed, this is not the first time that I abandon a site due to a misguided redesign.

A key issue here might be that web design is best kept simple, while there is a drift towards the more complex, e.g. because the more complex might, in some shallow sense, look fancier (at the cost of usability), that a design firm might be hard-pressed to charge money for something less fancy (even if more usable), that an executive/manager/product-manager* might push for the more fancy looking, etc., etc. As a special case, there seems to be a great unwillingness to accept the “default look” of HTML, which leads not only to excessive CSS-customizations but also, often, a reduced readability or usability, be it because pages from different web-sites look unnecessarily different** or because the default look was superior to begin with.***

*As a software insider, I can attest that many of the problems that the outsiders blame on the software/web/whatnot developers are actually caused by others. Developers usually have little say on topics like “user experience”, “look and feel”, what workflows are available and how they are structured, etc. (Which is a shame, because the developers are often better qualified and more insightful on such topics than those who do make the decisions.) Then there is the complication that the visual design of e.g. a website or a software is often done by others than those who implement the design.

**Which, sadly, appears to be seen as an advantage by the decision makers: Who cares about usability? The main thing is that we can push our unique corporate look/identity/whatnot! We need to stand out! We need to be unique! Besides, the visitors are not supposed to read and be informed, they are supposed to look at pretty pictures and be impressed!

***Fiddling around with the look of various control elements is particularly ill advised. For instance, some modern designs make it hard to determine whether a checkbox is actually checked, because no check mark is present. (Does that non-standard, specific to this one website, change of color mean that the checkbox is now checked or that it is now unchecked?) One extraordinarily idiotic website (I do not remember which one) had designed a radio-button to look like a checkbox.

A particular sub-issue could be that some individual designers want to experiment with various features, display their technical skills, whatnot, rather than favoring usability.

How to do good web design? Keep it simple, stupid!* Focus on readability and usability, not looks. Be user-driven, not design-driven. Do not make assumptions about the user (especially, that he is an idiot) or his wishes—ask him. Etc.

*This “KISS” principle applies very much to software development (and many other areas) in general. It is often one of the first things taught—and one of the first things forgotten. (And, possibly, is rarely taught to non-developers, e.g. product managers.)

Looking at the Daily Sceptic in detail:

Between my discovery of the site and the redesign, the main-page layout consisted of a long list of entries, somewhat like on a regular blog, most of which contained either own contents or a lengthy/article-sized quote from elsewhere (with some minor own comments), while a once-a-day entry contained a “news roundup” with a list with links to and one-sentence descriptions of texts from various other websites and news services. (This “news roundup” was (is?) the main source of value.)

The site was by no means perfect, but except for three things, this worked very well and was highly usable. All three things would have been easy to fix within the old design, and the second was easy for the user to work around (once wise the problem):

  1. The site had not made up its mind whether, for the individual entries/pages/whatnots, it should follow the “give the entire text in the list, with the option of opening it in a separate page to, e.g., give a comment” paradigm or the “give a taster in the list, and let those interested open the full text in a separate page” paradigm.

    Instead, the site combined the disadvantages of both systems, by giving a long-but-incomplete version of the text in the list. Those wanting to skim forward to open interesting seeming texts in separate pages were hampered by the length; those wanting to read the text without using separate pages could not do so, because the whole text was not present.

  2. The internal system, contrary to most blogging platforms, seemed to have two pages for the same text, one reflecting the abbreviated contents of the list and one reflecting the full text.

    In order to get the full text, the user had to scroll down to the end and click “Read More”, after which he was lead to the full version. However, what most experienced users are likely to do was to read a paragraph or two and then, if interested, click on the heading. (Or, on a site with a sufficient proportion of interesting texts, click on the heading in a blanket manner.) Unlike other platforms, however, this did not bring the user to the full version, but only the abbreviated version already seen in the list.

    (During my first few visits, I was highly annoyed to find, a “Read More” at the end of what should have been the full text, forcing me to another page visit. With time, I just scrolled down to the “Read More” of the original list in the first place.)

    Moreover, the lengthy/article-sized quotes ended with a “Worth reading in full” and a link to the original text. If the text is worth reading in full, why am I not? Either the actual full text should have been provided or I should have been linked to the full text to begin with.* This half-measure just wastes time. (Also see excursion.)

    *The semi-pointlessness of this approach is demonstrated by the same text often occurring both as a quote and as an entry in the news roundup.

    (Again, highly annoying during my first few visits, but something that I later worked around by just scrolling down to the “Worth reading in full”, while ignoring the Daily Sceptic’s version entirely.)

  3. Like many other sites, the comments were not immediately accessible even on the full version of a text. This is a near incomprehensible error, especially with an eye at how common it is. Show the bloody comments by default!

    Specifically, do so without a requirement to register and/or log in. Such a requirement might be acceptable for writing comments, but not for reading them.

The new design?* So bad that I will stay clear of the site for the time being:

*As observed during today’s (2020-06-06) visit. The statements need not be true at the time of reading.

  1. That very useful list is gone.
  2. The news roundup has been moved to a separate page and, it appears, a separate page per day, implying that I cannot just go to the same page every day, but have to go to the main page and pick out whatever the current day’s page is.
  3. The (new) main page is poorly designed, wastes space, and has replaced the original list with a much shorter two column list.

    The “shorter” implies that further pages must be visited to find all entries of the day (or since the last visit)—which is not possible without JavaScript. At the end of the page there is a “Load More” button, which should (a) have been a link, (b) should have loaded* more. Instead, it unnecessarily uses JavaScript to do something or other.** General rule: Never, ever use JavaScript for something that can be done with a regular HTML link.

    *Or, better, switched to a “page 2”. I have not investigated the details of Daily Sceptic here, but a common issue with other sites that use formulations like “load more” is that the new page begins with a repetition of the original contents, for a major waste of time—I want more contents, not the same contents again.

    **Presumably, to load more, but I will not activate JavaScript for any random site—especially one with foreign and, therefore, untrusted-even-should-I-trust-the-site contents. Correspondingly, I cannot test this.

    The two columns are a worsening relative a straight list, and columns are usually a bad idea in HTML to begin with—an attempt to imitate a paper design without a feel for the actual medium. (Generally, adopting something from the one medium to another can be highly sub-optimal. Even in good cases, adaption (note spelling) is necessary and often not even that gives a good result.)

  4. The comment issue has not been fixed. Arguably, cf. below, it has been made worse.
  5. On the upside, the site has now made up its mind on the two aforementioned browsing paradigms, settling on short descriptions with a full page view. The “Read More” issue seems to have disappeared as a side-effect. However, the “Worth reading in full” issue remains. Indeed, it has grown worse, because I cannot now jump from the main page directly to the original article. Instead, I have to first visit the Daily Sceptic’s version, and then jump to the original article.
  6. There are now three (!) highly intrusive requests for donations at the bottom of each (!) page.* By all means, ask for donations if you need money (running a popular website can be expensive—I understand that), but be polite and discreet—no-one likes to have a begging hand shoved in his face every two minutes.

    *There might be some discussion whether this should be considered design or content. As they seem to appear without variation on all pages, I consider them design for the purposes of this text. Similar points might apply elsewhere.

    This is the more annoying, as the site provides comparatively little own contents. The main benefit was always the news roundup with contents from other parties; and of the other entries, only roughly half were own contents, with the other, and often more interesting, half being the lengthy/article-sized quotes from other parties.

    Moreover, the third of these intrusive requests contains an inexcusable “We ask for a minimum donation of £5 if you’d like to make a comment or post in our Forums.”:

    Not only is this amount utterly and entirely out of proportion,* but the site is effectively punishing visitors for contributing value to the site.

    *Really, £5! Compare this with what can be had for the same amount elsewhere.

    (Generally, it is absurd, utterly absurd, how many websites seem to think that they are doing their visitors a favor by allowing them to contribute, while it is often these contributions that give the site value in the first place. This obviously in forums, many wikis, and sites like Youtube, but at least sometimes on other websites, blogs, whatnot. Steve Sailer is, again, a great example of a blog where almost all the value comes from the commenters.)

  7. According to an announcement there will now be advertising. Their choice, but it will worsen the “reader experience” and it will make me even less likely to visit.

Excursion on general technologies and trends:
I am often tempted to blame such problems on developments in technology, e.g. increased use of JavaScript (should be minimized) and CSS “position: fixed” (should never have been invented and should never be used). However, the Web has a long history of idiocies and over-use. For instance, Flash was long a problem, but is now almost gone. For instance, one of the early banes of web design was frames, and they have been very rare for at least a decade, maybe even two.

Moreover, at the end of the day, technologies can make it easier to make poor designs, but the blame ultimately rests on the designer (and/or whomever gives the orders).

A partial exception to this is responsive web design (and, maybe, adaptive web design), which pretends to solve a problem that does not exist,* and causes enormous increases in efforts, complexity, JavaScript use, etc. Another partial exception is a drive to design exclusively or primarily for smartphones, which often leads to pages that look like shit in and wastes space for a desktop browser, while, typically, not being very impressive on a smartphone either.**

*Or, rather, would not exist, if the design was solid in the first place. Design well, and the exact same page will look good in both a desktop browser and a smartphone browser without dynamic adaptions. Indeed, in the days of yore, where “mobile versions” were common, a flawed redesign of the “desktop version” often moved me to use the “mobile version” on the desktop too—as it was usually better designed for desktop use than the redesigned desktop version…

**Yes, there is an apparent contradiction of the previous footnote. From memory, I would say that the old “mobile versions” used a look-and-feel which was simply a less complex version of a regular desktop version (cf. the above comments on keeping it simple, etc.), while the modern try to additionally use an Android- and/or iPhone-inspired look-and-feel, including ideas like removing links in favor of big buttons or button-like constructs and preferring many low-information pages/screens/whatnot to fewer high-information dittos. (As an aside, I would welcome it, if the smartphone OSes looked and behaved more like desktops, to the degree that screen space and lack of keyboard/mouse allows it.)

Excursion on earlier writings:
I have a number of older texts dealing with both web design and software development on my website proper.

Excursion on “Worth reading in full”:
To quote and discuss portions of a text, in conjuncture with a “Worth reading in full” (or something to the same effect), is not wrong. I have certainly done so myself. In the case of the Daily Sceptic, there are at least three problems: (a) that this is done on a very large scale, (b) that the link to the original only comes at the very end,* and (c) that the own comments, analysis, whatnot are small in comparison to the quoted text—and usually quite superficial. There simply was not much point in reading the Daily Sceptic’s version over going straight to the source.

*Without checking, I suspect that I have always or almost always linked at the beginning of such texts—and I certainly will try to remember it for the future.

Excursion on utter idiocies:
To illustrate how far some idiots can go, there actually are websites that try to impress the user by playing music when he visits, or accompanies the main page with a spoken message. (This disregarding both that most users will not hear the music/message in the first place, that those who do might be pissed off, and that third parties might be disturbed.) A very common problem is the use of overly large, utterly uninformative, and constantly switching images, which do little but annoy the visitor. (This as part of the deliberate design. Advertisements can have a very similar effect, but are a separate issue.) Generally, overly large and utterly uninformative images, even when not switching, appear to be a staple of corporate web design.

Written by michaeleriksson

June 6, 2022 at 4:09 pm

Follow-up II: More on my current situation (and complaints about politicians)

leave a comment »

Concerning my previous text:

I have managed to print again through the pseudo-solution of removing and re-adding the printer object in “system-config-printer”. I have no idea what was wrong or how to fix it again without repeating the same pseudo-solution. I have no idea what might or might not cause the issue to re-occur, e.g. whether it will be with every printing, every unplugging of the printer, every reboot of the computer, whatnot. I do know that CUPS, or something CUPS related, has screwed up royally, as there was no valid reason for not printing (let alone pretending that printing had taken place)—the physical printer (and everything around it) was identical and identically configured before and after the re-add.

Of course, such a re-adding more than once-in-a-blue-moon would be unconscionable, as various manual settings now must be restored. Indeed, the document that I just printed was an A4 document destined for the A4 paper in the printer’s paper tray—but the default setting of the printer object in CUPS was the U.S. “letter”*, leaving me with odd margins and the spurious feed of a blank page after the two printed pages. I just hope that the config files that I backed up contain everything—and that re-adding them does not cause another malfunction. Actually having to go through the 1001 settings manually is not something that I wish to do again.

*I suspect that A4 dominates “letter” outside of the U.S. making this an odd default choice.

More generally, the delete-and-add-again, reboot-the-computer, reinstall-the-OS, whatnot school of “fixing” problems is a destructive dead-end, a sign that the “fixer” is not up to the problem. When it comes to professional IT-support, as with Chris O’Dowd’s mantra of “Have you tried turning it off and on again?”, it is an utter disgrace. In these cases, a true fix of the problem is avoided for the short-term convenience of the support—and often in a manner that indicates that the support worker knows too little about the topic at hand. (Indeed, my own knowledge of CUPS is far more superficial than my knowledge of, say, Vim and Bash.) The complete ignorance and the mania with rebooting, even among many Linux users volunteering as “experts” on stackexchange, can be disturbing. For instance, it is fairly common to see “advice” like “Add kernel module X to /etc/modules-load.d*. Reboot. If everything works, carry on. Else boot into rescue mood and remove module X again.”, where it should be basic knowledge that something like “Do modprobe X. If everything works, add X to /etc/modules-load.d* so that it will be automatically added again in two months time, when you next reboot. If not, do modprobe -r X.” is far better.

*Reservations for the exact directory. It has been a while.

Written by michaeleriksson

February 22, 2022 at 3:53 am

Posted in Uncategorized

Tagged with , , , ,

Follow-up: More on my current situation (and complaints about politicians)

with one comment

Unfortunately, the problems continue and continue to block me, bring me to the point of fury, and whatnot. For instance, in dealing with my overdue (snail) mail, I naturally want to print. I have already set up printing for my new notebook—indeed, I did so well in advance so that I would not have to tackle any printer problems once I actually needed to print something. At that time, a few weeks ago, both a “print test page” from within “system-config-printer” and a manual test print with “lpr” worked perfectly.

Today, I tried to print a letter for the first time and … nothing works. Specifically, the print jobs appear in the queue, stay around for a very short time, and then disappear from the queue—without anything actually being printed. There is no error message anywhere with normal CUPS-logging; and even with logging set to “debug” nothing obviously helpful appears. On the contrary, every step mentioned is claimed as successful.

The Internet is not helpful either (so far), with most promising hits leading to someone asking a question about a similar problem but receiving no answers, a “please turn on JavaScript” page, a “too many requests” page, or similar.* Notably, the ill-conceived and does-more-harm-than-good stackexchange-network refuses to show any pages on approximately half my visits, which is horrifying in light of its near-monopoly on questions and answers. (Of course, this type of single-point of failure is yet another reason why stackexchange is a bad thing.)

*Note that I use TOR for most browsing, which could make the situation worse. However, until somewhat recently things usually worked. At some point in the last few months, these problems have exploded.

I have not dug down in detail, e.g. with “strace”, yet, but I suspect that the many indirections (for want of a better word) that CUPS has will make even that tricky—and I note that these indirections make for an over-complicated and unnecessarily error prone system for most single-user, one-computer-with-one-printer systems. I will not go as far as to call it a flawed design, as many systems have more complicated needs and there is a cost to maintaining several different printing setups. However, there are times when I really do wish that I could just pump a PostScript file into a device (in the “/dev” sense) and see printing without any middle-men.* (Maybe I can, somehow, but it is a well-hidden secret, if so.)

*Here we have a bigger problem than CUPS involved: The year is 2022 and it should be an obvious requirement that any and all printers support one of the standardized languages, notably PostScript and PCL. and/or otherwise provide a standardized interface. Instead, they continue to brew their own proprietary solutions. More generally, this attitude abounds in the hardware world. By all means, if something is not covered by a standard, a proprietary extension to allow additional functionality is fine, maybe even good, but any modern hardware should work out-of-the-box and with generic drivers for at least the basic functionality. This appears to still be very far from the case.

A similar problem happened with a tool with a simpler-but-more-clearly-flawed architecture: I use “udisksctl power-off” to ensure that occasionally used external hard drives (e.g. for backups) are safely powered down before they are detached. I set this up a few weeks ago and it worked like a charm. After a reboot, it failed to work. (I suspect, due to a not-yet-running dbus.) Interestingly, there does not seem to be any direct means of causing the same action. Instead, udisksctl goes onto the dbus, sends a message to a daemon and the daemon then powers-off the hard drive. That this is possible might be good, but why is there no direct access? A good developer would have provided a tool with the ability to directly do everything that udisksctl and/or the daemon can do in one step—if in doubt, because this would make the life for testers, debuggers, administrators, whatnot easier. This tool might be restricted to root or some other user/group of an administrative or ad-hoc character, but that is not a problem. Then write a daemon with similar capabilities/with the same API calls (or even a daemon that calls the hypothetical tool directly to ensure consistency*); then write a tool like “udisksctl” to handle per-dbus access for regular users.

*Disclaimer: Based on first principles, I suspect that this approach will often be superior to programming directly against an API; however, I have never tested the approach in real life and there might be complications that I have not considered. (Some overhead during runtime might obviously be present, but will usually not matter on a modern computer and/or with a great many tasks.)

As an aside, I very strongly suspect that use of dbus and similar mechanisms poses a greater security threat than suid programs do—and then it might be better to use the hypothetical tool above, with suid set, as the sole point of access. Certainly, it is far easier to understand who can do what with that approach–and, indeed, dbus-solutions often work on assumptions that are unnecessarily lax, that almost everyone should be able to do almost everything., which I strongly disagree with. Interestingly, when I have looked into the possibility of getting rid of dbus, the answers seem to fall into two categories: 1) “I did it, but it took days of work.” and 2) “It simply cannot or must not be done, because without dbus regular users will not be able to do X.”, where X is something that I never do, either at all or as a regular user.

More generally, many in the dbus/sudo/pkexec/whatnot camps seem to simultaneously reason that “You must never, ever, under any circumstances log in as root, because root can do anything and your system might become compromised.” and “We need dbus/sudo/pkexec so that any user can do [what amounts to everything that root can do].”—and they do not seem to see the problem with that reasoning. Looking at the above, do I really want a regular user (account) to be able to power off hard drives? Only under the assumption that the physical user behind the account is some type of administrator or other highly trusted individual. But, if so, it would be better to have him login within an administrator account or, on the outside, make him a member of a restricted group with this right.

Generally, there seems to be a strong drive to use dbus or some other client–daemon setup as a default solution, even when it is not really needed and where a single-tool solution would often be superior. Separation of concerns is a good thing, but, outside of enterprise solutions and areas where complications like networking play in, separation by means of e.g. a clean API is usually a better road than separation through e.g. client–daemon. “Let’s see. I want to write a ‘Hello, World!’ program. Hmm … I write one component that the user can call. This component sends a message by dbus. Then I have another component to serve as a daemon. It reads from dbus and outputs the text. Neat. Or … maybe I should have third component, so that the second only determines what string to print and the third does the actually printing? Oops, I cannot pawn off a mere command-line tool on my users. I’ll write a KDE application instead.”

Oddly, there seems to be much inconsistent thinking. On the one hand, when it comes to security, very many seem to work on the basis that every individual system has exactly one physical user—so why should we care about access controls? (Incidentally ignoring some arguments like lowering the attack surface and avoiding privilege escalation that apply even when there is only one physical user.) On the other hand, compare above, when it comes to tools like CUPS, very many seem to reason that the standard case is far more complicated—resulting in software that is often overkill, a top-of-the-line tractor to move a wheel-barrow’s capacity of dirt from one side of the yard to the other. (A wheel-barrow is certainly not to be underestimated.)

In a bigger picture, looking at my overall situation, it is the sheer amount of things going wrong that is problematic—and of which I have mentioned just a fraction. A great number of these fall into the category (as with e.g. CUPS above) of “should work as is, but for some f-ing reason does not”. To give an illustrative example: After my ANC-headphone issues (cf. earlier texts), I went through what various other headphones and whatnots I have available. While there were surprisingly many (at least six regular headphones, at least two “earphones”, and at least one “in-ear” set) they were not very helpful. What I really wanted to try was the in-ears, but I simply cannot find them. (They are included in the count on the basis that I know that they are somewhere in the apartment.) Earphones are fairly useless; and of the regular headphones only one set is really good (Sennheiser HD 598).* Unfortunately, these have a 6.35 (?) mm plug, while my notebook needs 3.5 mm. A search also found one adapter, but this low-quality product drove me up the wall—unless the headphone-plug and the adapter were aligned exactly correctly, the sound went monaural. That is, unless it turned into nothing or spontaneously alternated between states every few seconds. Of course, aligning it perfectly bought be very little time, because even a slight movement caused the perfect alignment to cease. Tired of this shit, I disassembled the adapter and rigged it manually. This works well—most of the time.** Usually, I get hours of sound without any issue, but maybe once a day, the sound goes and I have to re-rig it. Of course, this usually happens just when I have something ready to eat in front of a movie, which causes both the meal and the movie to be delayed. Worse, the re-rigging does not usually take on the first attempt, forcing some experimentation and repetitions.***

*I also have a good pair from Beyer, but the plug has been bent over the years and I want to avoid the risk of it breaking off inside my notebook.

**Follow my example strictly at your own risk.

***Chances are that I could find a better solutions, with no need to re-rig at all; however, when it works I have no thought on the matter and when it does not work, well, in my typical mood over the last few weeks, it is safer that I wait.

Written by michaeleriksson

February 21, 2022 at 10:08 pm

Posted in Uncategorized

Tagged with , , , ,

Tax filings for 2020 / The German IRS and Elster (again)

leave a comment »

And again fucking, unusable Elster!

Among the problems encountered:

  1. I began the process in (likely) July, by creating the needed documents and making some preliminary entries. With one thing and another, the rest of the job had to wait, which should have be no problem in light of a COVID-related and blanket three-month extension of the deadlines.

    But no: A few months later, I received emails that some of these documents would now be automatically deleted by Elster, because they had gone unedited for too long. I wrote back and forbade this deletion, while pointing out that this was an inexcusable act of user hostility. (Even by the standards of Elster and the German “IRS”.) I note that there is no advantage to such a deletion, but potentially enormous disadvantages.

    They were deleted nevertheless.

  2. The field for messages to the IRS still (!) does not take line-breaks.
  3. That I had added such a message brought Elster into a destructive loop, where (the German version of) “check document” led to a semi-error page that pointed out that I had left such a message (and why?!?!), which repeated again and again on subsequent attempts. The document was still sendable, but this broke the apparently preferred-by-the-IRS workflow of check-and-send-from-the-results-page. (Cf. an older text for these absurdities.)
  4. The “check document” for the main document originally failed on the claim that I needed to indicate whether I had received COVID support—even when I had not. There was no obvious field for this anywhere, there was no indication of help on how to do this, and only an internet search revealed that I needed to add an entire new attachment to the document, which then contained two fields, one for yes/no on whether I had received help, and another for the amount for those who had.
  5. Generally, “check document” is extraordinarily incompetent at indicating where an error (real or imagined by Elster) is located and makes odd jumps. (And there is not or only rarely a visual indication which fields are mandatory in advance.) For instance, in the EÜR document, there are two fields that seemed irrelevant to me, but where “check document” insisted on an entry. I made one entry (indicating 0) and clicked the confirmation button for that entry. Now, I obviously wanted to continue with the second field, which was immediately below the first. But no: Elster took me back to “check document”, forcing me to go back and find the relevant field again.
  6. Did I mention that mandatory fields are usually not marked as mandatory? (Yes, I did.)
  7. I copied a calculated-by-Elster value from one document to another (and why is this not handled automatically?!?), because this value was needed as an input in the second document. The output value contained both a thousand separator and decimal places (and a decimal separator). The input field required a value in whole Euro (no decimal places) and could not cope with the thousand separator, giving me two separate error messages.
  8. A great help in filling out the EÜR could have been pre-filled fields based on last year (which works well with the other documents, where the advantage is lesser), so that I could e.g. see where I had put postage and where train rides and where this-and-that. Specifically in the EÜR, this does not seem to work, however, as only trivial fields (like name and identifiers) are filled out. Then it is down to guesswork or Internet searches to find the right fields.

And to this a few things I might have forgotten, the great many problems discussed in earlier entries, the incomprehensible German tax system, …

Fucking amateurs!

Written by michaeleriksson

October 29, 2021 at 10:35 am

Posted in Uncategorized

Tagged with , , , ,

Tax filings for 2019 / The German IRS and Elster (again)

with one comment

Earlier today, I filed my (German) taxes for 2019—and, for once, with a few days to spare. This through a combination of a general increase in the last date for filing (July 31st; previously, Mai 31st), my less stressful workload, and the fact that I had less positions to file.* It still cost me several hours distributed over two days, to get everything in order and to use ElsterOnline, that utter bullshit tool that the German “IRS” has forced down the throat of the users.

*I spent half of 2019 on a sabbatical and then switched from IT consulting to writing novels, with no bills issued, no income, and much less costs for e.g. hotels and travel than in previous years.

I am not going to give a complete overview of Elster, as I have discussed it repeatedly in the past.* However, a few new (?) observations:

*Search for “Elster”, “IRS”, and/or “Finanzamt”.

  1. There is a new free-text field where the user can add a message to the IRS within the filing—finally: this has been years overdue.

    But: It is not possible to add line-breaks in this message. This repeats an inexcusable error, hostile to both the user and the IRS staff that later works with the filings, which was previously present in the specialized form for sending (external) messages. In that separate form, this error has been fixed—but it is still repeated here. Absolutely incredible!

  2. On several occasions, I tried to run my mouse over a field with outdated values to mark the contents, hit backspace, and then enter the new data. This was simply not possible, which is absurd for a functionality that works out of the box with a regular HTML form—unless somehow sabotaged, be it out of incompetence or malice. Instead, I had to click into the field, right-arrow until I was at the end, and then hit backspace until the field was empty.* This is the more annoying as the form based input and the structure of the forms more-or-less forced use of a mouse for tasks like navigating. This way, the user is forced to constantly switch between keyboard and mouse in a manner that goes too far. (And does it for no legitimate reason.)

    *In my impression, I was always, by force, put at the beginning of the field, with no ability to “click” to another position; however, I did not verify whether this was true. It is also conceivable that I could have “deleted” my way backwards with the “delete key”, but it is awkwardly placed and requires a simultaneous “shift” on my notebook, so that would have been more work—if it actually did work at all …

  3. One of the forms had two (times three; cf. below) fields for the Steuernummer*, one in a “cover” part, one in a content part. The latter was correctly imported from last years forms; the former had to be entered manually. WTF!

    *An identification number used by the IRS.

    To make matters worse, the forms insist on dividing the Steuernummer into three parts, each with a field of its own, which implies that a simple one-step copy-and-paste is not possible. To copy it within a form, with no additional sources, the tax payer then has to go forward one (or more?) page(s?), copy part one, go back to the original page, paste, go forward again, copy part two, etc., until all three parts are filled. (Personally, I committed parts one and two to memory and copied just the third part, trading a slight risk of errors for a reduced work load.)

  4. The data import from my previous filing was not complete. At least the VAT portion likely had not one single data field filled, which makes the new filing harder: there are a great number of obscure, poorly named, and poorly explained fields, and having the ability to just look at the old fields makes it much easier to identify which to use this year. Moreover, when I cannot rely on the old fields being pre-filled (if with outdated values), I do not just have to identify the correct fields, I also have to go through the sum of all fields on a just-in-case basis.
  5. While data import from the old filing was possible, I had no way of actually looking at the old filing, e.g. for comparisons per the previous item. For some reason, likely an arbitrary, unnecessary, and destructive time limit, they cannot be opened.

    And, no, there appears to be no way to save them locally in a reasonable format. (Something that I tried with my new filings, and likely last year too.) The only possibility to download the data, short of taking screenshots or saving countless individual HTML files, is a “save as PDF” functionality. This is sub-optimal and limiting to begin with, but, worse, this does not work at all on my computer (for reasons unknown). Odd: This should be a trivial task if implemented correctly: generate the PDF file server-side and then just let the browser download it. Possibly, the idiots are actually stupid enough to try generation client side, which is a recipe for unknown errors.* If it is server side and they still have bungled it, well, that is even worse.**

    *No, it cannot be justified by data protection. Such concerns are often legitimate, but here we had no data that was not already present and (at least somewhat) permanently stored server-side.

    **Software errors happen even to competent developers, but here we have a system that has been handling the 2019 taxes for almost seven months and is now in a high intensity phase. Not having fixed the problem by now, or having introduced it in the last few days, would be horrifyingly negligent. I also note that there was no error message of any kind, which would have been a must, had there been e.g. a temporary back-end problem, say, due to a temporary overload or system failure.

  6. Two fields were mandatory despite my having no value to provide (regarding transfer of assets from the private to the business sphere and vice versa). Here I had to add two entries of “0’, for no good reason. And, no, I could not just pick an existing field and enter the value “0”: these fields (in a wide sense) contained lists of fields, where each entry had to be manually added. Presumably, the IRS expects a detailed and enumerated list of each individual asset transferred, and it would then make sense to allow an empty list when no transfer has taken place. (This is indeed the case with other “list fields”.) But, no, an empty list was not allowed, and to signify that I had transferred no assets, I had to create two single list entries with the value “0” and an additional dummy “reason” (“name”, “details”, or whatnot).

    This is a “Software Development 101” mistake.

    (I have no recollection of this problem from prior years.)

I can only reiterate my yearly observation that this tool moves on a level of incompetence that is mind-numbing, including obviously faulty behavior, a complete disregard for established conventions, an extremely confused (and confusing) user interface, etc. As a former software developer, it boggles my mind that this type of shit can be made by (alleged) professionals—and while wasting tax payers money. Yes, I know, the government and incompetence, but still …

Written by michaeleriksson

July 29, 2020 at 6:34 pm

Posted in Uncategorized

Tagged with , , , ,

Undue checks of values

leave a comment »

A common annoyance with poor software is undue intolerance against values that are, in some sense, faulty. (And, no, this is not a post about the political Left …)

Checks for correctness and consistency can be a great aid, as can automatic warnings of errors. However, often, the baby is thrown out with the bath water.

Consider e.g. Alpine, an email client that I use extensively: It has a field in the configuration to specify the default sender address. Here I have simply specified “@” and my domain because I use a great number* of different user names for different tasks (mostly to reduce the damage when one address falls victim to spammers). The idea is that I have this string pre-filled in the “From” field and then just need to add the right user name.

*Too many for a solution using e.g. Alpine’s role system to be a good alternative.

But what happens? If I begin to compose an email, the “From” field is just filled* with INVALID_ADDRESS@”.SYNTAX-ERROR.” (quote signs present in the original), presumably to indicate its dissatisfaction with the missing user name. The actual value entered by me is neither visible nor retrievable and there is no reasonable world in which this is a good reaction. A check when the user attempts to send, by all means, but not when a default value is retrieved or entered. If there are objections to the default value, they should be uttered when and where the default value is configured;** however, here such objections are not reasonable, as use cases like the above are quite common.

*The actual field. Contrast this with keeping the “faulty” value and displaying a warning message next to it. (Which also would have been acceptable.) Writing this, I begin to suspect that this is not so much a deliberate choice as poor programming, that there is an internal consistency check when retrieving the value, that this check gives an unnecessary error message, and that the error message is blindly taken over as the value.

**This is not the case with Alpine. The explanation might be that the the entry mask deliberately has a tolerance that is later arbitrarily removed, or that this config value is part of a larger string, which is not parsed or verified at the time of entry.

The result is that I have to delete the error message, write the user name, and copy the remainder of the address from elsewhere, i.e. one step more than without this configuration and two steps more than if it had worked reasonably. Time to remove it …

Of course, these extra steps occasionally lead to errors. For instance, when I use post-by-email with WordPress, I usually just “reply” to the last post, switch out Subject and Body, and re-enter* the email address. But today, with the three steps needed for the email address, I forgot the Subject and published a text under the same title as the previous (entirely unrelated) text …

*No, Alpine is not smart enough to handle replies to own messages correctly, i.e. that the old address is kept. Instead, the configured one is used (if present, else the field is, probably, empty).

Other examples include e.g. applications that prevent any entry of faulty information, even without saving*, e.g. that a numerical value using a decimal point is not allowed in a German application expecting a decimal comma. Then, instead of copying a (read-only) value from a PDF file or output from a calculator into the field, changing the point to a comma, and then continuing, the user is forced to copy the value, paste it in an editor, edit the point to a comma, re-copy it, and then paste it in the field.** Or consider fields that allow entry of most, but not all, legal values or makes normally optional parts mandatory.***

*In many cases, even the saving of faulty values can be beneficial, e.g. that a numeric field can be filled with a “TODO”, and that the application merely gives a warning that the input is faulty. However, this is not always trivial and rarely worth the benefit, as it might require switching a numeric internal data type to a string data type or similar.

**Yes, this could be solved e.g. by some type of keyboard macro, but it is not a sufficiently common scenario to be worth the trouble—in stark contrast to writing a better functioning field that e.g. allows entry of any value and just shows a warning message or allows entry but not saving.

***I do not remember any of the specific cases off the top of my head, but consider, again, email addresses: These can be quite complicated, and e.g. a simplistic name-plus-@-plus-domain parser would disqualify many legitimate versions. Vice versa, an idiotic tool could make the idiotic display name idiotically mandatory.

Written by michaeleriksson

July 26, 2020 at 2:36 pm

Follow-up: Further Firefox screw-ups

leave a comment »

Since my original text, I have read some of the comments on the main Mozilla* page dealing with this issue.

*Mozilla develops Firefox. For convenience, my earlier text just spoke in terms of Firefox.

These comments show how dire the situation is—to the point that Firefox might disqualify it self as a serious browser candidate:

  1. There are many users who have been very hard hit. One commenter mentions how his password manager* with (IIRC) roughly 150 passwords has been disabled, which might be even worse than the NoScript issue. It is easy to imagine a user being cut off from email, blogging, social media, …, through such an issue. Worse: If this happens in a commercial setting, an entire business could be temporarily crippled.

    *However, I would advise against using an in-browser password manager (at least, where important passwords are concerned). This for reasons like the above, the greater risk of hacking, problems that can ensue when switching computers or trying to run several browsers in parallel, whatnot.

  2. The attempts by Mozilla to fix the issue appear to be slow and have not been met with enthusiasm.
  3. Mozilla’s preferred work-around, awaiting a proper fix, is to enable “studies”.

    This work-around has the side-effect of allowing Mozilla to run various spy-on-the-user functionality that many users have disabled for very good reasons—and that more-or-less everyone else should have disabled. This, obviously, amounts to Mozilla screwing up and then gaining an unfair advantage over its users through the screw-up…

    Further, this work-around can take up to six (!) hours to take effect, without an additional workaround (specifically, manual manipulation of the “app.normandy.run_interval_seconds” key). Mozilla’s stance: Wait, without attempting further work-arounds. Depending on timing, however, six hours can amount to an entire day lost, including for some who need the Internet extensively for professional reasons.

    Further, it is not even available on all Firefox instances, including those that use or are based upon the ESR*.

    *An older version with long-term support that is suitable for those in need of greater stability and/or who develop off-shot browsers, e.g. the Tor Browser.

    Further, some users who believe that it should work in their browsers report that it does not. (I have not kept tabs on the details and could be wrong, but I am under the impression that some of them were on the latest version—and, thus, correct in this estimate. There are some murmurings about some other key that might need to be manipulated, but, again, I have not kept tabs on the details.)

From a Tor-Browser perspective, there is an additional* complication through NoScript being used by the Tor Browser internally to implement some security features. The disabling of NoScript implies e.g. that the “security slider” will be highly misleading or malfunctioning. As some mention, such errors could cost someone his freedom or even life…** This, obviously, points to issues with the Tor Browser, including that it has chosen a dangerous path to implement security (dependent on the efforts of third parties) and that it has failed*** to protect it self against the risk of this type of deactivation.

*Which I had not realized when writing the first text, but which is clear from the page I linked to.

**Tor Browser is used by many dissidents in hostile regimes—not just regular surfers who value anonymity.

***In my understanding, such a protection and a protection mechanism is already present for some other plug-ins that come installed with the default Tor Browser, including “HTTPS Everywhere”. Correspondingly, an awareness of the possibility must have been present.

Written by michaeleriksson

May 6, 2019 at 3:04 pm

Further Firefox screw-ups

with one comment

And Firefox does it again:

A few days ago, my Firefox* suddenly claimed that the NoScript-plugin had been deactivated—and left me no means to reactivate it. There was precious little to be found on the topic on the Internet (at the time, cf. below), but I did find the tip that setting the “xpinstall.signatures.required” key to “false” might solve the problem. It did—but at an increased security risk** and after I had wasted a fair amount of time.

*The modified Tor Browser to be specific; however, the problems all originate in or surrounding the vanilla Firefox. Indeed, in the vanilla Firefox I might have been worse off, because the discussed key might not function…

**This key relates to signing and verification of plugins. Setting it to false could allow the installation of malware-plugins.

Today, it happened again in another browser installation*. Going back on the Internet to re-find the key to change, I found many more relevant seeming hits, e.g. [1] and links on that page. Apparently, the Firefox developers have screwed up severely, causing perfectly legitimate, signed, and previously verified plugins to be marked as non-verifiable during the last few days… (I have not looked into the exact details.)

*I have several different installations for different purposes.

However, this screw-up is not the main problem here (bad, yes; but not the end of the world—shit happens). Far more problematic—and further proof of a user-despising attitude:

  1. The plugin was deactivated without querying the user. Correct behavior would be to inform the user and request his decision as to what should be done with the plugin.
  2. There was no non-trivial and well-documented way to re-activate the plugin. However, such a way should have been present, e.g. through a “re-activate” button in the plugin view—if need be, with a big warning sign and a “Are you really sure?” query.
  3. An already installed plugin, which was previously deemed safe, was de-activated without the plugin it self having changed. Normally, such judgment should only be passed during the original installation.* On the outside, it might be sensible to allow a manual override by the developers due to new information, e.g. in that something that was previously considered secure and friendly has since proved dangerous or hostile. This could take the shape of e.g. (depending on the feature/software/whatnot under discussion) a manual key revocation or a manual blacklisting.

    *For this type of check. Other checks, e.g. virus scans, might legitimately allow for later re-evaluation. There might also be other types of files, installations, programs, whatnot that might legitimately be treated differently (but no obvious example occur to me, off the top of my head).

  4. The deactivations took place during on-going browser sessions and (at least, the first time) the notification of deactivation was belated: The first sign that something was wrong was that pages behaved differently than they should; the notification came a little later. This opens security and other risks; e.g. with NoScript,* that the user visits an untrusted or unknown site believing that JavaScript is off, while it actually is on—which is a much, much greater security risk than that posed by an already installed plugin. To boot, NoScript comes with quite a few security protections other than JavaScript on/off, e.g. relating to “click jacking”—these, too, are disabled with the plugin.

    *It is hard to give general examples, because the exact consequences vary from plugin to plugin.

  5. This could only happen because Firefox makes connections behind the user’s back, giving him no say and no transparency. (In particular, I have my browsers set to manual updates only. If this had been a side-effect of a user-allowed security update, it would have been a little less problematic.) No application, browser or other, should make such connections without having informed the user and having received his permission. This for a number of reasons, including the principle of having the user in control, the risks to the users privacy, the added amount of data (which can still be an issue on e.g. a smart-phone), the possibility that the application misbehaves or malfunctions when no Internet connection is present, ditto when a company goes bankrupt/turns off a server/is blocked by an ISP, …

    (Unfortunately, very many other software-makers also do make such connections.)

Written by michaeleriksson

May 6, 2019 at 4:25 am

Follow-up: The misadventures of a prospective traveler

with one comment

Recently, I had great problems booking an airplane ticket to Sweden, ultimately resorting to using a travel agency, which required both an unnecessary fee and a trip on foot.

For my return to Germany, my seasoned-traveler father booked the ticket from his computer.* While this worked in one go, the service that he ended up using (“supersavertravel”) was abysmal: The entire interface seemed geared at one thing and thing only—to coerce the user into buying expensive additional services that he did not need. This to the point that it was necessary to explicitly decline these many services and to do so individually—no, I do not want a hotel; no, I do not want extra insurance; no I do not want a rental car; no, …; no, …; no, …; no, …; no, …; no, …; no, …; no, …; no, …; … I even seem to recall (but could be wrong) that there was an additional query after submit along the lines of “You have not chosen this-or-that. Are you really sure that this is deliberate?”… Utterly inexcusable was the checkbox to decline spam: Where more main-stream businesses use a checked checkbox to imply “I consent to be spammed”, here the user needed to check the checkbox to decline spam…** The confirmation email, unsurprisingly, contained much more advertising and attempts to bring unneeded services to my attention than it did confirmation…***

*I had left my own computer in Germany in order to travel lightly; and only bought a one-way ticket to Sweden, because I did not know how long I needed to stay.

**Implying that the main idea almost certainly was to trick users into making the wrong choice.

***This in stark contrast to EuroWings below, where the confirmation email was informative, to the point, and did not even abuse HTML for the email text. (Portions of [1] contain some discussion of why HTML has no place in emails.)

A second trip turned out to be needed.* I tried EuroWings again, and this time everything actually worked.** However:

*My mother’s old house is being sold, and the time needed to sort through my own old books and whatnot turned out to be much longer than I originally thought.

**Contrast this with the original text. This time, I made sure to pay by credit card (3D-secure was not needed) instead of invoice. I do not know whether the old issue was a temporary server-side problem, a problem with a workflow somewhere, or whether there is some problem relating to invoices that I now ducked. (Regarding workflow: In my experience, most QA checks tend to run through fairly straight-forward scenarios, meaning that a scenario that involves the user e.g. going back to a previous step, responding to a validation error, actually reading the T-&-C’s, whatnot, is often left untested. These scenarios, however, are disproportionately likely to cause errors—especially when Ajax and other “state sensitive” technologies are used.)

  1. EuroWings too tried to advertise additional services, if far fewer, in a manner that detracted considerably from usability and prolonged the process unnecessarily. Unlike with “supersavertravel”, they were all opt-in, but it would be so much better if they were all collectively moved to a separate and skippable step, especially since they will only ever be interesting for a small minority of the customers. (Be it because they have no need, already have made other arrangements, would lose points with some program by booking/buying somewhere else, …)

    Hotels are a potentially odd area. In the specific context of a flight, admittedly, I can see many cases where it would be helpful to “co-book” a hotel. However, hotels are offered more-or-less everywhere, including for e.g. train-travel. In most of these cases, booking a hotel together with the means of travel turns the reasonable workflow on its head: It is usually the hotel, not the means of travel, that is the bottle-neck, and a reasonable workflow would then involve finding and booking a hotel first and finding means of travel second.

  2. Integrating a please-do-not-spam-me checkbox in the main pages would be trivial. Nevertheless, declining spam is only possible through visiting a separate page. On this page, moreover, the email address has to be added redundantly and manually, and it could be (depending on internals and the exact steps used by the customer) that the spam rejection only takes effect after the fact, e.g. in that the one click somewhere activates an unethical implicit consent to spam, while the other page only revokes this consent. This would leave a window of abuse open.

    Frankly, this is so common that legal measures are necessary: It must by law be forbidden both to use implicit consents and to require explicit rejections for any use of personal data (in general, but the more so for email data) that is not central to the process for which the data was provided. This, notably, from the customers perspective—not the data collector’s. (For instance, the data collector might see sending a news letter with advertising as a central part and having to send a confirmation email as an annoying negative, but for the customer it is the other way around.)

  3. There are potentially redundant entries for email, including one for the actual transaction and one for please-notify-me-in-case-of-delays. It would be better to keep them as one per default (if in doubt by automatically filling the one with the other and allowing a manual change). Further, the entries are likely made in the wrong order for most users, with a non-mandatory entry of please-notify-me-in-case-of-delays on one page and the mandatory actual transaction address on a later page. Further, the former came with a pop-up upon submit that urged me to fill in this non-mandatory field anyway—which seems more like fishing for email addresses than an attempt to provide a service.

    Why had I left the email address out? Well, I knew from my earlier attempts* that if I did provide an email address for notifications, then I would also be forced to provide a cell-phone** number—absolutely idiotic.

    *The attempts in general are described in the original text, but details like the above were left out.

    **Note that I currently do not even have a cell-phone. Also note that cell-phones too can be abused for spam (through SMS).

Written by michaeleriksson

February 25, 2019 at 1:08 am