Michael Eriksson's Blog

A Swede in Germany

Posts Tagged ‘usability

Follow-up II: More on my current situation (and complaints about politicians)

leave a comment »

Concerning my previous text:

I have managed to print again through the pseudo-solution of removing and re-adding the printer object in “system-config-printer”. I have no idea what was wrong or how to fix it again without repeating the same pseudo-solution. I have no idea what might or might not cause the issue to re-occur, e.g. whether it will be with every printing, every unplugging of the printer, every reboot of the computer, whatnot. I do know that CUPS, or something CUPS related, has screwed up royally, as there was no valid reason for not printing (let alone pretending that printing had taken place)—the physical printer (and everything around it) was identical and identically configured before and after the re-add.

Of course, such a re-adding more than once-in-a-blue-moon would be unconscionable, as various manual settings now must be restored. Indeed, the document that I just printed was an A4 document destined for the A4 paper in the printer’s paper tray—but the default setting of the printer object in CUPS was the U.S. “letter”*, leaving me with odd margins and the spurious feed of a blank page after the two printed pages. I just hope that the config files that I backed up contain everything—and that re-adding them does not cause another malfunction. Actually having to go through the 1001 settings manually is not something that I wish to do again.

*I suspect that A4 dominates “letter” outside of the U.S. making this an odd default choice.

More generally, the delete-and-add-again, reboot-the-computer, reinstall-the-OS, whatnot school of “fixing” problems is a destructive dead-end, a sign that the “fixer” is not up to the problem. When it comes to professional IT-support, as with Chris O’Dowd’s mantra of “Have you tried turning it off and on again?”, it is an utter disgrace. In these cases, a true fix of the problem is avoided for the short-term convenience of the support—and often in a manner that indicates that the support worker knows too little about the topic at hand. (Indeed, my own knowledge of CUPS is far more superficial than my knowledge of, say, Vim and Bash.) The complete ignorance and the mania with rebooting, even among many Linux users volunteering as “experts” on stackexchange, can be disturbing. For instance, it is fairly common to see “advice” like “Add kernel module X to /etc/modules-load.d*. Reboot. If everything works, carry on. Else boot into rescue mood and remove module X again.”, where it should be basic knowledge that something like “Do modprobe X. If everything works, add X to /etc/modules-load.d* so that it will be automatically added again in two months time, when you next reboot. If not, do modprobe -r X.” is far better.

*Reservations for the exact directory. It has been a while.

Written by michaeleriksson

February 22, 2022 at 3:53 am

Posted in Uncategorized

Tagged with , , , ,

Follow-up: More on my current situation (and complaints about politicians)

with one comment

Unfortunately, the problems continue and continue to block me, bring me to the point of fury, and whatnot. For instance, in dealing with my overdue (snail) mail, I naturally want to print. I have already set up printing for my new notebook—indeed, I did so well in advance so that I would not have to tackle any printer problems once I actually needed to print something. At that time, a few weeks ago, both a “print test page” from within “system-config-printer” and a manual test print with “lpr” worked perfectly.

Today, I tried to print a letter for the first time and … nothing works. Specifically, the print jobs appear in the queue, stay around for a very short time, and then disappear from the queue—without anything actually being printed. There is no error message anywhere with normal CUPS-logging; and even with logging set to “debug” nothing obviously helpful appears. On the contrary, every step mentioned is claimed as successful.

The Internet is not helpful either (so far), with most promising hits leading to someone asking a question about a similar problem but receiving no answers, a “please turn on JavaScript” page, a “too many requests” page, or similar.* Notably, the ill-conceived and does-more-harm-than-good stackexchange-network refuses to show any pages on approximately half my visits, which is horrifying in light of its near-monopoly on questions and answers. (Of course, this type of single-point of failure is yet another reason why stackexchange is a bad thing.)

*Note that I use TOR for most browsing, which could make the situation worse. However, until somewhat recently things usually worked. At some point in the last few months, these problems have exploded.

I have not dug down in detail, e.g. with “strace”, yet, but I suspect that the many indirections (for want of a better word) that CUPS has will make even that tricky—and I note that these indirections make for an over-complicated and unnecessarily error prone system for most single-user, one-computer-with-one-printer systems. I will not go as far as to call it a flawed design, as many systems have more complicated needs and there is a cost to maintaining several different printing setups. However, there are times when I really do wish that I could just pump a PostScript file into a device (in the “/dev” sense) and see printing without any middle-men.* (Maybe I can, somehow, but it is a well-hidden secret, if so.)

*Here we have a bigger problem than CUPS involved: The year is 2022 and it should be an obvious requirement that any and all printers support one of the standardized languages, notably PostScript and PCL. and/or otherwise provide a standardized interface. Instead, they continue to brew their own proprietary solutions. More generally, this attitude abounds in the hardware world. By all means, if something is not covered by a standard, a proprietary extension to allow additional functionality is fine, maybe even good, but any modern hardware should work out-of-the-box and with generic drivers for at least the basic functionality. This appears to still be very far from the case.

A similar problem happened with a tool with a simpler-but-more-clearly-flawed architecture: I use “udisksctl power-off” to ensure that occasionally used external hard drives (e.g. for backups) are safely powered down before they are detached. I set this up a few weeks ago and it worked like a charm. After a reboot, it failed to work. (I suspect, due to a not-yet-running dbus.) Interestingly, there does not seem to be any direct means of causing the same action. Instead, udisksctl goes onto the dbus, sends a message to a daemon and the daemon then powers-off the hard drive. That this is possible might be good, but why is there no direct access? A good developer would have provided a tool with the ability to directly do everything that udisksctl and/or the daemon can do in one step—if in doubt, because this would make the life for testers, debuggers, administrators, whatnot easier. This tool might be restricted to root or some other user/group of an administrative or ad-hoc character, but that is not a problem. Then write a daemon with similar capabilities/with the same API calls (or even a daemon that calls the hypothetical tool directly to ensure consistency*); then write a tool like “udisksctl” to handle per-dbus access for regular users.

*Disclaimer: Based on first principles, I suspect that this approach will often be superior to programming directly against an API; however, I have never tested the approach in real life and there might be complications that I have not considered. (Some overhead during runtime might obviously be present, but will usually not matter on a modern computer and/or with a great many tasks.)

As an aside, I very strongly suspect that use of dbus and similar mechanisms poses a greater security threat than suid programs do—and then it might be better to use the hypothetical tool above, with suid set, as the sole point of access. Certainly, it is far easier to understand who can do what with that approach–and, indeed, dbus-solutions often work on assumptions that are unnecessarily lax, that almost everyone should be able to do almost everything., which I strongly disagree with. Interestingly, when I have looked into the possibility of getting rid of dbus, the answers seem to fall into two categories: 1) “I did it, but it took days of work.” and 2) “It simply cannot or must not be done, because without dbus regular users will not be able to do X.”, where X is something that I never do, either at all or as a regular user.

More generally, many in the dbus/sudo/pkexec/whatnot camps seem to simultaneously reason that “You must never, ever, under any circumstances log in as root, because root can do anything and your system might become compromised.” and “We need dbus/sudo/pkexec so that any user can do [what amounts to everything that root can do].”—and they do not seem to see the problem with that reasoning. Looking at the above, do I really want a regular user (account) to be able to power off hard drives? Only under the assumption that the physical user behind the account is some type of administrator or other highly trusted individual. But, if so, it would be better to have him login within an administrator account or, on the outside, make him a member of a restricted group with this right.

Generally, there seems to be a strong drive to use dbus or some other client–daemon setup as a default solution, even when it is not really needed and where a single-tool solution would often be superior. Separation of concerns is a good thing, but, outside of enterprise solutions and areas where complications like networking play in, separation by means of e.g. a clean API is usually a better road than separation through e.g. client–daemon. “Let’s see. I want to write a ‘Hello, World!’ program. Hmm … I write one component that the user can call. This component sends a message by dbus. Then I have another component to serve as a daemon. It reads from dbus and outputs the text. Neat. Or … maybe I should have third component, so that the second only determines what string to print and the third does the actually printing? Oops, I cannot pawn off a mere command-line tool on my users. I’ll write a KDE application instead.”

Oddly, there seems to be much inconsistent thinking. On the one hand, when it comes to security, very many seem to work on the basis that every individual system has exactly one physical user—so why should we care about access controls? (Incidentally ignoring some arguments like lowering the attack surface and avoiding privilege escalation that apply even when there is only one physical user.) On the other hand, compare above, when it comes to tools like CUPS, very many seem to reason that the standard case is far more complicated—resulting in software that is often overkill, a top-of-the-line tractor to move a wheel-barrow’s capacity of dirt from one side of the yard to the other. (A wheel-barrow is certainly not to be underestimated.)

In a bigger picture, looking at my overall situation, it is the sheer amount of things going wrong that is problematic—and of which I have mentioned just a fraction. A great number of these fall into the category (as with e.g. CUPS above) of “should work as is, but for some f-ing reason does not”. To give an illustrative example: After my ANC-headphone issues (cf. earlier texts), I went through what various other headphones and whatnots I have available. While there were surprisingly many (at least six regular headphones, at least two “earphones”, and at least one “in-ear” set) they were not very helpful. What I really wanted to try was the in-ears, but I simply cannot find them. (They are included in the count on the basis that I know that they are somewhere in the apartment.) Earphones are fairly useless; and of the regular headphones only one set is really good (Sennheiser HD 598).* Unfortunately, these have a 6.35 (?) mm plug, while my notebook needs 3.5 mm. A search also found one adapter, but this low-quality product drove me up the wall—unless the headphone-plug and the adapter were aligned exactly correctly, the sound went monaural. That is, unless it turned into nothing or spontaneously alternated between states every few seconds. Of course, aligning it perfectly bought be very little time, because even a slight movement caused the perfect alignment to cease. Tired of this shit, I disassembled the adapter and rigged it manually. This works well—most of the time.** Usually, I get hours of sound without any issue, but maybe once a day, the sound goes and I have to re-rig it. Of course, this usually happens just when I have something ready to eat in front of a movie, which causes both the meal and the movie to be delayed. Worse, the re-rigging does not usually take on the first attempt, forcing some experimentation and repetitions.***

*I also have a good pair from Beyer, but the plug has been bent over the years and I want to avoid the risk of it breaking off inside my notebook.

**Follow my example strictly at your own risk.

***Chances are that I could find a better solutions, with no need to re-rig at all; however, when it works I have no thought on the matter and when it does not work, well, in my typical mood over the last few weeks, it is safer that I wait.

Written by michaeleriksson

February 21, 2022 at 10:08 pm

Posted in Uncategorized

Tagged with , , , ,

Second set of ANC-headphones half-dead / Follow-up: Some UI problems and other complaints

leave a comment »

While the construction work has been absent for a while now (knock on wood), the stream of frustrations continues, preventing me from leaving the mire of anger and depression that the construction works brought on.

For instance, about two weeks ago ([1]), I wrote about the usability problems with (among other things) two ANC-headphones, one of which was destroyed through being the last straw on a breaking back.

This left me with only one pair and, due to COVID-restrictions, only a limited ability to buy new ones, should the need arise. But why should the need arise. Realistically, several years of additional life could be expected from the remaining set.

Today, two weeks later, need arose:

When I have trouble sleeping, or when I am very sleepy but lack the self-discipline to stop watching a movie/TV-episode, I like to put my laptop on my bed next to my head, lie on my side, headphones on, and watch something until sleep comes—which is usually quite fast, making this a good strategy from a sleep perspective.

I have done so, every now and then, for many years with several different headphones. Hardly ever has there been a problem of any kind. Today, I woke up to find that the headphone-side connector of my Bose 700s had broken off inside the headphones. Trying to listen to something, I now have either mono sound or no sound at all, depending on my luck. Even buying a replacement cable, even if possible to a reasonable price (which is far from a given), might not help, as pushing it in might be impossible or do some type of damage to the headphones as the broken-off piece of the old connector is displaced.

Now, why is there a headphone-side connector to begin with? Presumably, because Bluetooth is the preferred-by-Bose means of connection—and God forbid that someone using Bluetooth is spotted with a cable dangling from the headphones. Then again, cf. [1], I have no ability to use Bluetooth with my computer,* making this yet another case of expensive extra-functionality that I have no benefit from and which, de facto, lowers the value of the headphones to me. In this specific case, note that a fix connection with just continuous copper wire could not have broken in the same manner, because there would be nothing stiff to break (and often a smaller lever to break with).

*So far. As I am currently on a newer computer with a newer kernel, a newer set of drivers, a newer set of configuration programs, whatnot, I might be luckier this time around. (But I have yet to make the attempt. It might work trivially; it might cost me hours of time and further aggravation and, ultimately, not work—and I do not want to take that risk right now.)

After I detached the cable, the headphones played some insanely loud music and began to pester me about setup this and download that. (And what the hell for?!?) Realizing that I might have to cave and use the Bose app to have some sensible functionality without a cable (if and when I get Bluetooth to work), I had a look around on the Internet. First impression: there is no way to download it without registration and without activating JavaScript. User hostile bullshit! A customer friendly supplier had simply had a HTML page list direct links to various versions, to download simply by clicking on them—no registration, no JavaScript, no bullshit.

What I need and want are regular, over-ear, quality headphones with strong ANC—and compared to non-ANC headphones, it is the ANC that I pay for. What do I get instead and what do I actually pay for? Useless-to-me extras like Bluetooth, telephony functionality, smartphone functionality, Alexa/Siri support, whatnot. Then there are the secondary issues like on-ear instead of over-ear and that easily breakable connector that a non-Bluetooth set would not even have had.

For my own part, it is highly unlikely that I will buy another Bose product (of any kind) in the foreseeable future. Generally, I might go as far as letting my next experiment with ANC (depending on whether I can make Bluetooth work) be an in-ear one in combination with (when the need arises, e.g. during construction works) earmuffs. (To be contrasted with my previous approach of earplugs + headphones.) These tend to be cheaper and less over-loaded with functionality that I do not need and/or that outright hinders me.

This, however, seems to be a part of a bigger, negative trend, where the high prices make the manufacturers throw on as many features as they can in order to justify the price, but where these new features drive the price even higher. (By no means limited to headphones.)

I further fear that headphones have moved from something for audiophiles (or, for ANC, those who wish to reduce outside disturbances) to a status symbol, which drives prices up artificially. Much of this is likely to blame on Apple and Beats, with their image based sales-tactics. Beats, in particular, might have more in common with Nike than with Sennheiser (or, possibly, the Sennheiser of old).

Other trends do not strike me with enthusiasm either. Notably, the big buzzword today appears to be “true wireless”. This sounds impressive—like wireless-but-better. In fact, it is like wireless-but-worse, because the “true” part merely implies that there is no secondary ability to connect the headphones by wire.* Notably, the trend towards a “smartphone assumption” is quite strong—not only is the user supposed to own a smartphone and have the right app installed, but he is supposed to use the smartphone as the source of sound. Do not dare presume that your expensive headphones should be usable with, say, a computer, a CD/tape/record player, or a portable (non-smartphone) player.

*To avoid misunderstandings, I have no major objections against Bluetooth or connecting this-or-that per Bluetooth—except for the problems with Linux connectivity. However, there are some more general advantages to a wire, including that the headphones can be used with an empty battery, that the quality in poor conditions remains high, and that the risk of someone spying is smaller. Then there are all those gadgets that do not have Bluetooth to begin with.

Finally, above I said “Hardly ever has there been a problem of any kind.” and I can, indeed, only recall two instances of problems (prior to today). These two issues are very similar and add further concern as to the true quality of these expensive ANC-headphones. The first was with my Sennheiser HD 4.50 BTNC, where the covering of the earmuffs soon lost quality and eventually tore, leading to less comfort and (likely) a reduction in the noise isolation. In contrast, all other headphones that I have ever used in this manner had kept perfectly intact. The second? My Bose 700s, where the covering of the earmuffs soon lost quality and has already started to tear. Who said that newer, or more expensive, was better?

Written by michaeleriksson

February 9, 2022 at 10:00 pm

Some UI problems and other complaints

with one comment

The last few weeks have been so horribly frustrating, between construction work, idiot politicians, absurd UI decisions, an extensive (and not smooth-running) laptop installation, a winter depression, and a great number of other annoyances and wastes of my time, that I feel like snapping. Below I try to get rid of at least some of my frustration. (Do not expect a quality text.)

Specifically, UIs will be the topic. The focus will be mostly on “modern” UIs and not always restricted to events of the last few weeks.

New laptop: My old laptop died a few weeks ago, and I have spent considerable time setting up a new one, while switching from Debian to Gentoo.*/** Among the various UI problems encountered, and two which made the early phase horribly frustrating:

*Gentoo has a more sensible approach, with the user more in charge and (by default) fewer conceptually flawed components. Out of the box, I now am rid of e.g. Systemd, PulseAudio, and most of the desktop nonsense. Debian also has a long history of interfering extensively with the “upstream” code of various packages, and often for the worse.

**Note that this has brought many issues that are not “someone’s fault” or UI related, but still contribute to the overall “annoyance load”, including e.g. the need to learn a new package management system or the need to switch window manager, as WMII, which I had used for a few years, is currently not sufficiently supported. (The tentative replacement, Awesome, is good, after some considerable config changes.) Another good example is that my longstanding personal configuration choices were never automatically present, e.g. that any non-configured Bash starts in Emacs-mode instead of Vi-mode. A borderline case is some odd defaults, like the odd insistence to shove a umask of 022 down the user’s throat—as if the average user would like every other user to have the right to read his every document …

The BIOS (UEFI, whatnot) has no generic “boot from USB” or “boot from CD/DVD” setting and it refuses to remember a device-specific one from boot to boot, implying that any (non-harddrive) reboot involves going into the BIOS, selecting the appropriate individual device for boot, and hoping that everything goes as planned—which is not a given, as sometimes even this individual change is ignored, forcing repeated reboots and BIOS visits.

The virtual consoles per default have a horrifyingly annoying blinking cursor. A blinking cursor is, in general, an ill-advised distraction and annoyance, but this one blinked at such a hysterical rate that it was borderline impossible to do any work. The alleged fix, “setterm -blink off” did not work, and I eventually resorted to a “setterm -cursor off”, as having no (!) cursor was better than having this hysterically blinking one. Unfortunately, this had no effect in many of the used tools and use of many tools, e.g. Vim, turned the cursor back on, even after leaving them. Eventually, I included “setterm -cursor off” in the PROMPT_COMMAND, causing it to be automatically executed after each command.

Microwave (Samsung something-or-other): In the long time before I moved “full time” to my apartment, and only spent a weekend now and then in it, I splashed on a microwave with a built-in “regular” oven-function to have a wide range of options even without a kitchen. While I do not remember the price, it was by a considerable distance the most expensive microwave oven that I have ever bought, in part guided by my strong earnings and the wish for some experimentation in price classes.* Apart from the (regular) oven functionality, which is surprisingly** limited, it is also the worst microwave that I have ever owned.

*I habitually to go for cheaper products and have made the experience that breaking habits, every now and then, can be valuable, because I often find something of value, a new insight, a better habit, whatnot. This could well apply even to price-range habits. (However, during my limited experiments, I have tendentially found that more expensive products have worse UIs and worse usability than cheaper ones—and are not always superior in other regards either.)

**Or not: As it runs from a regular wall socket, the power requirements of a regular oven might be too much to be safe, which could explain the restrictions.

Consider:

  1. There is a barrage of one-button controls for this-and-that, e.g. to make popcorn. They have no practical use for me, as I prefer to go by the instructions on the package of the food to cook and as such generic one-size-fits-all attempts tend to give poor results in light of varying quantities, densities, and whatnots. Moreover, as they are icon based, it is often hard to understand what they are supposed to do in the first place. (Generally, I note that if an interface uses English, only those who understand English understand. If it uses icons, no-one understands.)
  2. The traditional (and vastly superior) dials to choose effect* and duration for the microwave function is missing in favor of a multi-step button-clicking: First, choose the microwave function per one button. Second, note that the (unconfigurable) default effect is 900 watt, while most food packages indicate 600 watt. Third, manually reduce the effect. Fourth, wait and wait until the indicator switches from effect to time. Fifth, manually enter the time with several clicks. (And, no, the time is no more saved for the next time around than the effect.) Sixth, start the actual cooking. This takes several times as long as just (if at all needed) turning two dials and pressing the “on” button.

    *Many more traditional microwaves have another problem here: The effect is not given in watt, but indicated with informationless claims like one, two, or three stars. Well, the package says to use 600 watt—how many stars is that supposed to be?

  3. There is a built-in digital clock, the setting of which requires the usual number of steps,* making it a hassle. But: even a very short cut of electricity, e.g. due to a single moment of power failure or a kitchen-internal move, resets the clock to 12:00**. This is the type of cost-saving that I do not expect in a machine of this price. Just adding a small buffer to keep the time for a few minutes would cost next to nothing in comparison to the overall price—and less than the pointless functionality that has been added.

    *I have only done so once, a few years ago, and do not remember the details, but the reader is likely familiar with similar clocks.

    **I.e. noon; as opposed to the more common 00:00, i.e. midnight.

    On the upside, this allows a circumvention of the time setting: Simply wait until noon and unplug the machine, then plug it back in. (Downside: I have to remember to actually do this, and at exactly noon, e.g. as daylight savings time begins or ends, which can lead to a considerable delay, often weeks, before I correct the time.)

  4. The usual alarm to indicate the end of cooking is present. However, where a typical and sensible microwave indicates the end of cooking once and then lets the user handle matters, this one is silent for a while, then signals again, is silent again, signals again, until the user has actually opened the door. Horribly annoying and with, at best, minimal value in return. To boot, the alarm is so loud and shrill that it borders on the painful.

    In due time, I found myself keeping a separate eye on the time, so that I could pre-emptily stop the machine a few seconds before the alarm went off—thereby entirely invalidating the reason for an alarm. (Yes, there is a setting to not ring the alarm at all, but no volume control and no “ring once” setting. Of course, turning the alarm off entirely could legitimately lead to misses on my behalf, as I do not catch it every time and as I can be very focused on other matters.)

Bose 700: To make the various bouts of construction noise easier to survive, I use a pair of Bose 700s, widely considered among the best in noise-cancellation—and bought at a price above 200 Euro. (And even that was with some rebate. The typical list price at the time was 299 Euro, or 300 Euro with sensible rounding.) As far as noise-cancellation goes, they are the best* that I have tried, and the sound reproduction is, at least, among the best. The UI on the other hand is horrifyingly poor. (Some additional negatives, from my personal point of view, arise from the strong focus on mobility, e.g. that the construction is “on-ear” instead of “over-ear”.)

*But note that “best” does not necessarily imply “good”. The field still has a long way to go. For instance, even with simultaneous use of these headphones and ear-plugs, construction noise remains very audible. I would further opine that ear-plugs alone do more than the headphones alone—at a small fraction of the price.

Consider:

  1. The main control for the headphones is intended to be a smartphone app, which limits the users unnecessarily. What if someone does not have a smartphone? What if the battery has run out? What if the smartphone is in another room? Or, as in my case, what if the user knows better than to install various apps from sources likely to abuse the confidence?

    And why not allow the same type of control from a regular computer?

  2. The few “mechanically obvious” controls are too sensitive. Touch the headphones in the wrong place, e.g. when putting them on, taking them off, or making a minor adjustment of position, and something could easily be triggered. I am particular prone to accidentally touch the left-side control for degree of noise-cancellation, which results in a loud and annoying claim of “Five!” and then my noise-cancellation is halved. Two more (deliberate) clicks are now needed to give me “Zero!” and then “Ten!” and a restored cancellation. This is the more absurd, as I never have any use for them outside of the full “Ten!”. They simply are not so good that a reduced setting would be useful. Even if worst came to worst, the user could just remove them from his head, if “Zero!” was what he actually wanted. (Note, e.g., that playing music while at “Zero!” makes little sense, as the music is as likely to cause the user to miss whatever external sound he wanted to hear as the noise-cancellation would have been.)
  3. Volume (and some other things) can be controlled by a touch pad of sorts, located on the front of the right side. This had the disadvantage of being hard to detect—the user is unlikely to even realize that there is a control there unless he reads the instruction manual. (I did, many others do not; and it could be argued that the task at hand is so simple that it should not be needed. The need would, then, be a sign of design failure.) Most of the time, the volume control works well, but, often, it does not. Instead, I am met with a loud and annoying “Boop!” and nothing happens.*

    *Why, I have not yet figured out. It might relate to something like the temperature or dryness of my fingers, that they are recognized as fingers on the one occasion and not on the other. If so, this is so severe a design issue that the touch pad cannot be defended.

    To boot, when I am thinking or relaxing, I often put my lower right arm on my forehead. (Do not ask me why—it just happens.) If I do so when wearing the headphones, my upper arm often comes into contact with the touch pad—and a loud and annoying “Boop!” follows.

  4. Every time that I turn the headphones on, I have to wait for many seconds before I hear a loud and annoying “Bluetooth off!”. Only after this do they work, even when I have them plugged in by wire. (Presumably, some type of Bluetooth search is made, even when a wire is present, which is highly dubious. The loud and annoying announcement does not help.)
  5. The headphones are usable even with an empty battery, assuming a wire and with no noise-cancellation and a worsened sound, just like I am used to. However, this does not apply when charging. When charging, even the use of the turned-off headphones over a wire is not possible! This is a highly annoying and hard to defend restriction, which does not match the behavior of any of the other noise-cancellation headphones that I have owned over the years.
  6. If the battery runs low, the user is pestered with loud, annoying, and poorly pronounced claims of “Battery low! Please charge now!”. These achieve nothing but shortening the use of the headphones, as e.g. any music playing is suppressed in favor of these announcements (and few external disturbances are equally annoying). Note that there is no informational value to them either, as the effective use of the headphones is ended as the messages begin. (In contrast, a single claim of “Battery will run out in twenty* minutes.”, while dubious enough, would at least have the benefit of an advance warning.) What has any other noise-cancellation headphone done so far? Given the user the full run of the battery, after which he has noticed that the battery is empty and charged accordingly. Consider a car that turns it self off before the tank is empty, with a warning that the tank soon will be empty. How would the driver be helped by that?!?

    *I have, for obvious reasons, not checked for how long this annoying message goes on (but it appears to be for some time), and it is likely to be less than twenty minutes; however, twenty minutes might be reasonable for an actual advance warning.

    In doubt, some type of charge indicator per LED would have been much to prefer.

  7. Which brings me to the topic of LEDs. There is an indicator present, but it is so obscure in its semantics as to be near useless. Moreover, when the headphones are charging, we have another case of hysterical blinking. For obvious reasons, this blinking is easier to ignore than the cursor discussed above; however, it is still an unnecessary annoyance, and I often find myself turning the headphones so that the LED is not visible at all, during charging, making the blinking entirely pointless.

Smartphone (Android): If I had kept notes during my rare smartphone uses, I could likely have written a few pages worth on that alone. To give just one example, I often use the smartphone for Internet access for my laptop by USB-tethering. Turning this on the first time was easier said than done. Once on, it turned it self off again and again, every time that I unplugged the USB cable, and sometimes spontaneously during use. In order to make the tethering permanent, which I only found out through an Internet search, I had to enable the developer options and change a setting there. Absolutely inexcusable! To make matters worse, at some point, a few months ago, USB-tethering was suddenly turned off again, despite my not having touched the actual smartphone for days (i.e. no user action could explain this). It turned out that the entire developer options had somehow, spontaneously, reset themselves, and now needed renewed activation.

Sennheiser HD 4.50 BTNC : Earlier today, my Bose headphones were charging and I tried to use an older pair of Sennheiser headphones—for the first time in (likely much) more than six months. I had forgotten the exact use of the controls, and the controls were unmarked. There only seemed to be one candidate for an on/off button, however, based on layout and my vague memories. I pressed this button—nothing happened. I pressed it again—nothing happened. I pressed it for longer—and my soundbar went quiet as the headphones stole an existing Bluetooth connection! This is inexcusable on two counts. Firstly, any control overloading should be done in a natural manner, not mixing “orthogonal” concerns like “headphones on/off” and “pair Bluetooth” or “Bluetooth on/off” (or whatever this might have been). Two separate controls, preferably of the mechanical type, should have been provided.* Secondly, the headphones, the source device, the Bluetooth protocol, or whatever is ultimately to blame, should have respected the existing connection.**

*There were several other controls, none relevant today, which I have never used, because they appear to deal with e.g. volume increase/decrease over Bluetooth and I have virtually always used the headphones connected by wire to my old laptop. (Debian, at least, only supported Bluetooth and sound over the idiotic PulseAudio bullshit—and I was not going to re-infest my computer with said bullshit just to save myself a single small cable.)

**This the more so, as there is a risk of third parties taking something over. I note that I somehow managed to receive someone else’s TV (?) on my soundbar during early and failed attempts to pair it with my computer. (Again, no Bluetooth sound without the PulseAudio bullshit.)

Of course, both this and my attempts to correct the situation were interpunctuated with highly annoying and overly loud “Connection!” and “Lost connection!” from the headphones—not as bad as with the Boses, but really not helpful.

I used to love these headphones: Sound and comfort were both great, the noise-cancellation was very-good-by-the-standard-of-the-day, the UI, while far from perfect, was far better than with my Boses. (An on/off button is really all that is needed.) I would probably still have preferred them, outside of construction-work phases, had the earmuffs not been so worn down. Now, I tore them into pieces. Week in and week out of frustration, I could not take this last straw, and I literally tore them into pieces.

Design advice (very incomplete):

  1. Prefer optical indicators/indications to voice/audible indicators/indications. If you do use something audible, keep the volume at a reasonable level, avoid shrill or unpleasant noises, and make any voices used as natural sounding as possible.
  2. Be cautious with any type of notification and its strength. For example, only use blinking when you have a valid reason to attract the users attention—never for something that merely exists (e.g. a cursor) or to indicate a long-term state with no need of intervention (e.g. that something is charging). More generally, a signal that amounts to “Pay attention to me!” should only be used when and for as long as there is an actual need to pay attention.
  3. Prefer easily recognizable controls over more obscure ones.
  4. Prefer controls with a mechanical effect over a (solely) digital one, e.g. an on/off switch that is pushed between on- and off-positions over a “stateless” button.
  5. Simpler and more generic controls, e.g. microwave dials for time and effect, are usually better than less generic ones, like the one-push buttons or the elaborate choice dialogue described above.

    (Consider, as an analogy, a water tap: Would you rather have a typical modern tap with one control for water flow and one for temperature—or a set of buttons where you can chose, say, nine pre-determined combinations of water flow and temperature? Almost certainly the former.)

  6. Try to design from a user-centric perspective—not a designer-centric one.

    Note, in particular, that what the designer might consider important is not necessarily what the user will consider important, be it in terms of functionality or when notifications are needed. (Cf. above examples or note the case of focus stealing, which can hardly ever be justified.)

  7. Be cautious with experimentation when users might have expectations from similar products. If the users ask for a better horse, give them a better horse first, and investigate the topic of cars second. (Note that there might be quite a few things that a better horse is well-suited to do, but a car is not, like traveling a narrow forest path or handling impossible looking terrain.)
  8. Beware behaviors than can prove annoying over time (let alone immediately). This applies in particular to repeated efforts on behalf of the user (which could have been avoided by more sensible defaults, the ability to change defaults, or similar) and intrusive (e.g. loud or blinking) notifications to the user. (Also see excursion below.) Keep in mind that catching someone who is already at the edge can make even a normally tolerable event cause disproportionate reactions (note my poor Sennheisers above).

    As an aside, there are many analogues to this in other areas. For instance, I would give the two single most important rules of movie/TV/YouTube/whatnot music as 1. No music is always better than bad music, and 2. No music is almost always better than highly repetitive music. (Still, especially on YouTube, bad and repetitive music is very common.)

Excursion on repeating and unsolvable issues vs. anger and frustration:
If we look at humans during many earlier time periods, anger was a constructive and/or helpful reaction to many problems—not restricted to the obvious case of fighting. Consider e.g. moving a fallen tree trunk off someone, pushing a carriage back onto the road, removing a stubborn stone from a field, or similar. If at first you don’t succeed, get angry and try it with more force than available in a calm state. Fail again, get angrier. Even many interpersonal issues, short of a fight, could in some sense benefit from anger, in that the angrier person has a larger chance of getting things his way, e.g. because he creates the impression of being more likely to take a physical fight on the issue. (Note that I am not saying that such “interpersonal” anger would be constructive, in the best interest of the group, or, even, necessarily in the best long-term interest of the individual.)

Such anger has never been without problems, as there is always a trade-off, e.g. in that the carriage pusher increases his injury risk or that someone involved in an interpersonal issue increases the risk of a fight*. However, evolution will have ensured that anger occurs at least approximately when and where it had a net-benefit in terms of expectation value in older times.

*Actually reaching the point of a fight is usually a bad thing, which is why the perceived anger works—if the one party seems willing to take the fight, the second has to think hard about the risks vs. payoffs. Note similar situations among animals, where e.g. a stronger individual might yield in the territory of a weaker individual, or to a female defending her offspring, because the willingness to take a fight is large in the other party.

Now look at the modern world, where other situations often apply. If, e.g., someone has a computer problem, anger will rarely help, because a greater exertion of physical force is more likely to damage the computer than to resolve the problem—and anger makes it harder to think clearly, which is what is really needed. Still, the tendency to anger is still there, and when a certain problem or annoyance repeats again, and again, and again, without anger helping in the least, the anger and (later) frustration is likely to rise rapidly. I am, myself, unusually prone to this issue, but I have e.g. heard many a colleague suddenly type with several times his normal force, spotted him silently (or not so silently) curse over some user-hostile program or MS Windows, or seen him leave his computer to get a cup of coffee* with fire in his eyes on so many occasions that I have no doubt that the problem is wide-spread. (And it seems more likely to hit those highly computer proficient, possibly because they know how much better things could be without the many idiocies and idiotic restrictions of modern UIs, in general, and GUIs, in particular. Many failures to grow angry, here and elsewhere, are not so much based in a cool head as they are in ignorance.)

*A very good idea, as it gives some distance and relaxation, but one surprisingly hard to actually implement, as at least I have a natural urge to continue with the problem until it is resolved.

Similarly, anger in interpersonal situations is more likely to backfire today than in the past, be it because it is less productive or because any actually manifested violence, often even threat of violence, can be punished by the authorities—and not necessarily in an even remotely fair manner. Consider e.g. even the most incompetent and uncooperative civil servant* or customer-service rep: No matter how natural the anger, it will not help, because no actual consequences for the counterpart are likely, protected as he is by semi-anonymity, an often large geographic distance, and, at least for civil servants, a stronger power prepared to defend his incompetence with any means. Worse, any expression of anger, no matter how justified, is likely to antagonize the counter-part, who is, again, protected against consequences, but who might very well be able to cause further problems for the citizen/customer—by now deliberately substandard work, if nothing else.

*I have repeatedly read claims of civil servants being more exposed to threats or whatnots today than in the past. For lack of detail in this reporting, usually restricted to what amounts to “bad citizens harass poor civil servants”, I cannot say much. However, every time that I read something like that, I ask myself how much of the problem actually lies with the citizen and how much with the civil servant and/or his employer—treat citizens like shit and they will grow angry. Many of my own experiences with civil servants have been utterly inexcusable.

Written by michaeleriksson

January 26, 2022 at 6:22 pm

The struggling author: Amateurish Amazon and follow-up on construction noise

leave a comment »

Another shitty day: It appears that the construction works are here again—and, again, without any notification or possibility to judge the size of the problem. Indeed, there is now scaffolding along the house wall, which could imply something very major and something not perpetrated by an individual apartment owner or resident but the actual building management.

Fortunately, the disturbances started in the mid-afternoon, and I could spend enough time walking to come back home after they had stopped. However, firstly, I have no idea how the future will look, and, secondly, the city is almost dead due to COVID-restrictions, meaning that there is very little to actually do, except walking (per se).

To conclude the day, I decided to finally open that Amazon KDP account that I will need in the mid- or long term. This was a frustrating and annoying experience. A partial summary (even at the risk of exceeding the policy for this closed-ish blog, but I need to unload the frustration):

  1. The interface asks for an email address, sends a confirmation code to that address, and awaits entry of that code.

    OK.

  2. The interface ADDITIONALLY asks for mobile phone number, sends a second confirmation code there, and awaits entry of that code.

    Not OK.

    Firstly, it must not be a prerequisite to have a cell phone to participate in various non–cell-phone activities. (Indeed, I have gone through quite long stretches without one and it is pure coincidence that I have a working cell-phone number at the time of writing.) Secondly, email confirmation should have been enough. Thirdly, Amazon claims that it would later be possible to opt out of cell phone verifications, but because it has to be activated the first time around, Amazon can now steal data that I would very much like to keep absent, e.g. to avoid abusive SMS/“text” spam. (Note that Amazon has no legitimate reason to know my telephone number, unlike e.g. my street address and email, for the current purposes. I have yet to investigate whether the opt-out claim holds true.)

    Moreover, the implementation was utterly incompetent, by repeatedly* resetting the country to the U.S. Here my explicit choice of Germany should have been kept; and the original default should have been Germany, too, as my address was German and I was clearly accessing the site from Germany. (In my recollection, but I might be wrong, Amazon even used German as the interface language.)

    *I tried to get past this step, as no mention of the reason had been made (itself a poor UI decision), by first entering a landline number, which is less susceptible to abuse. As the claim that a SMS had been sent was given after entry, I re-tried it with a cell-phone number, including (unthinkingly) a leading “0”. As no SMS arrived, I tried again, removing the “0”, for a total of three attempts.

  3. A highly annoying, moving CAPTCHA needed to be answered.

    At best dubious, as there seems to be little reason to assume that someone goes to the immense effort of handling automatic confirmations per email and SMS for a purpose like creating an Amazon account. (Indeed, with this level of overall stringency, it might have been better to simply send a postal confirmation code and accept the temporary delay in exchange for one single confirmation.)

    Moreover, the implementation was awful, including crossing the border to where it becomes hard even for a human to complete the confirmation. (I needed two attempts, myself.)

  4. I proceeded to enter the user account, an act apparently considered a separate log-in, despite following directly after the account-creation process, which required a second SMS confirmation.

    Not OK.

    Firstly, this particular type of two-factor authentication is very dubious in general,* increasing the efforts needed for trivial tasks disproportionately. (But note mentions of opt-out above.) Secondly, specifically in this situation, it was entirely redundant and my previous SMS confirmation should have been considered enough.

    *In fact, the two main scenarios where it is needed is (a) with idiot users who pick poor passwords (I use random and automatically generated ones) or have sloppy local security (I do not), (b) with idiot service providers who have too many flaws in their own systems or allow password hashes to get out (or, worse, have actually stored plain-text passwords). The risk of e.g. a snooper stealing a password exists, but is a lot smaller. Moreover, the (partially false) sense of security created by two-factor authentication can worsen the problem with (a); moreover, when more and more users access the Internet per cell phone, the value of this specific type of two-factor authentication is drastically reduced.

  5. (My account was marked as incomplete (as expected), and I proceeded to complete the data. Note that the below items might be in the wrong order or be incomplete. It does, in particular, not include several amateurish oddities with the workflow and ambiguities concerning what-button-does-what.)
  6. Address fields included an empty field for my telephone number, which was mandatory.

    Not OK.

    Firstly, my phone number is plainly and simply not Amazon’s business. Secondly, as a mobile number had already been entered, this should have been the pre-filled default.

  7. For my bank information, separate entries of IBAN, BIC, and name-of-bank were needed.

    Not OK.

    This shows a fundamentally flawed approach, as the IBAN is intended to serve as the sole account identification. Requesting a separate BIC is amateur hour. (This unlike the “old” German system, where a BLZ identified the bank, and an account number the account within that bank.) The bank name might be acceptable as a safety check, but better systems fill it out based on the IBAN.* Moreover, it should be a near given that data like account numbers are copy-and-pasted, which would either make the check unnecessary (data is guaranteed to be correct) or pointless (if, highly unlikely, the original is faulty, repeated copy-and-paste procedures will not help).**

    *Here Amazon might be excused as an international operation.

    **However, other checks, like “is the IBAN of the right length” are still justified, to catch e.g. an incompletely copied IBAN.

  8. I was led to the fill-out-the-U.S.-tax-excemption area.

    Not OK.

    A reasonable operation should have made sure that such nonsense is not necessary, e.g. through use of a non-U.S. subsidiary. A smaller company (or one, like Barnes & Nobles, highly U.S. centric) might have deserved a pass, but Amazon is one of the largest and most international companies in the world.

    (But I was already aware of the need to do this to avoid an absurd-for-any-European tax deduction of 30 % in favor of the U.S. (!) IRS, and had indeed even prepared by finding my German TIN in advance.)

  9. Required further fields for the preceding item included address fields that had already been entered.

    Not OK.

    Already entered data should be taken as default values.

  10. My German address contains an umlaut (a “ü”, to be specific). This was rejected when I tried to proceed.*

    *I am a little uncertain whether this was only with the tax fields or already with the main address fields. Below, I assume tax fields. If not, it is far worse.

    Not OK.

    Even assuming that this restriction was posed by the U.S. IRS, the check should have been performed during entry and a pre-filled value with a suggested correction provided and/or the data incompatibility should have been mentioned explicitly and up-front.

  11. As I re-submitted, post-adaption, there was an apparent error text, which read merely that “This field has been corrected.” (or very similar), leaving me uncertain whether further action was necessary. I tried to save again, and was brought back to the same error message. (The page automatically centered on the “error”.) I checked the top and the bottom of the page, in vain, and tried a third time, just in case. I was returned to the same message. I now went through the page in detail and found, a little further down, but outside of the area displayed by the browser after Amazon’s deliberate focus, a request that I confirm the correctness of the correction.

    Not OK.

    The page should have made crystal clear that further action was needed and what action. (Note that the idiotic focus and choice of layout sabotaged this.) Moreover, as I had corrected the field, there should have been no further assumption of error than with any other data entry, making the inquiry/error/whatnot redundant.

Now let us see what future problems occur, including (I very strongly suspect) unsolicited and highly unwanted emails and/or text messages.

Written by michaeleriksson

February 23, 2021 at 12:47 am

Undue checks of values

leave a comment »

A common annoyance with poor software is undue intolerance against values that are, in some sense, faulty. (And, no, this is not a post about the political Left …)

Checks for correctness and consistency can be a great aid, as can automatic warnings of errors. However, often, the baby is thrown out with the bath water.

Consider e.g. Alpine, an email client that I use extensively: It has a field in the configuration to specify the default sender address. Here I have simply specified “@” and my domain because I use a great number* of different user names for different tasks (mostly to reduce the damage when one address falls victim to spammers). The idea is that I have this string pre-filled in the “From” field and then just need to add the right user name.

*Too many for a solution using e.g. Alpine’s role system to be a good alternative.

But what happens? If I begin to compose an email, the “From” field is just filled* with INVALID_ADDRESS@”.SYNTAX-ERROR.” (quote signs present in the original), presumably to indicate its dissatisfaction with the missing user name. The actual value entered by me is neither visible nor retrievable and there is no reasonable world in which this is a good reaction. A check when the user attempts to send, by all means, but not when a default value is retrieved or entered. If there are objections to the default value, they should be uttered when and where the default value is configured;** however, here such objections are not reasonable, as use cases like the above are quite common.

*The actual field. Contrast this with keeping the “faulty” value and displaying a warning message next to it. (Which also would have been acceptable.) Writing this, I begin to suspect that this is not so much a deliberate choice as poor programming, that there is an internal consistency check when retrieving the value, that this check gives an unnecessary error message, and that the error message is blindly taken over as the value.

**This is not the case with Alpine. The explanation might be that the the entry mask deliberately has a tolerance that is later arbitrarily removed, or that this config value is part of a larger string, which is not parsed or verified at the time of entry.

The result is that I have to delete the error message, write the user name, and copy the remainder of the address from elsewhere, i.e. one step more than without this configuration and two steps more than if it had worked reasonably. Time to remove it …

Of course, these extra steps occasionally lead to errors. For instance, when I use post-by-email with WordPress, I usually just “reply” to the last post, switch out Subject and Body, and re-enter* the email address. But today, with the three steps needed for the email address, I forgot the Subject and published a text under the same title as the previous (entirely unrelated) text …

*No, Alpine is not smart enough to handle replies to own messages correctly, i.e. that the old address is kept. Instead, the configured one is used (if present, else the field is, probably, empty).

Other examples include e.g. applications that prevent any entry of faulty information, even without saving*, e.g. that a numerical value using a decimal point is not allowed in a German application expecting a decimal comma. Then, instead of copying a (read-only) value from a PDF file or output from a calculator into the field, changing the point to a comma, and then continuing, the user is forced to copy the value, paste it in an editor, edit the point to a comma, re-copy it, and then paste it in the field.** Or consider fields that allow entry of most, but not all, legal values or makes normally optional parts mandatory.***

*In many cases, even the saving of faulty values can be beneficial, e.g. that a numeric field can be filled with a “TODO”, and that the application merely gives a warning that the input is faulty. However, this is not always trivial and rarely worth the benefit, as it might require switching a numeric internal data type to a string data type or similar.

**Yes, this could be solved e.g. by some type of keyboard macro, but it is not a sufficiently common scenario to be worth the trouble—in stark contrast to writing a better functioning field that e.g. allows entry of any value and just shows a warning message or allows entry but not saving.

***I do not remember any of the specific cases off the top of my head, but consider, again, email addresses: These can be quite complicated, and e.g. a simplistic name-plus-@-plus-domain parser would disqualify many legitimate versions. Vice versa, an idiotic tool could make the idiotic display name idiotically mandatory.

Written by michaeleriksson

July 26, 2020 at 2:36 pm

Odd usability decisions and rsync

leave a comment »

One of the most popular tools among e.g. software administrators is rsync, which allows efficient and flexible synchronization of files between different directories—even when located on different servers.

However, every second time that I use it, I feel like tearing my hair in frustration:

For some reason, the makers of rsync decided to implement something better governed by flags through obscure and unintuitive “directory semantics” (for want of a better word) and the behavior of rsync varies depending on whether a source and/or destination directory has a trailing directory separator*. Moreover this behavior is incompatible with almost any other tool, including the Unix command cp, for which it is a natural replacement.** Indeed, I would go as far as calling it a “best practice” to normalize directory inputs with a directory separator to exclude*** it before further processing, in order to ensure that both cases are handled identically and to avoid programming errors through assuming that a directory separator has to be added (or removed) at some later stage, e.g. when specifying the name of a new sub-directory to be created. Of course, here we have an other reason why rsync’s behavior is unfortunate: in a programmatic context, a normalized directory could lead to a very different behavior from the intended—as could a minor slip of the keyboard.

*In the Unix world, a slash resp. “/”. I have not investigated the behavior on other systems, including whether rsync is tied to the slash or the local directory separator, but I go with the more generic term for now.

**The cp command CoPies files and directories. In most cases, it is perfectly good at this, but rsync can be a superior choice for the same task in certain circumstances. Consider, e.g., copying between two servers over an imperfect network connection. If the connection fails during a use of cp, one can either start over from scratch or spend time with a manual clean up, and even then a partially transmitted file has to be re-transmitted from scratch. With rsync, the command can be repeated and the download will automatically be resumed with little overhead. (Interestingly, rsync can be used to save an interrupted cp, but then why not use rsync to begin with?)

***Why “exclude”? In part, through convention; in part, because the directory separator is not a part of the name of the directory, and it makes little sense to keep it at the end of a directory, even when given through a full path, when there is no further sub-directory that it could separate.

Specifically, I am ever again caught by the trailing directory separator of the source directory leading to a different treatment of the destination directory.* If a trailing directory separator is present, the files of the input directory are put directly into the output directory; if it is absent, they are put into a sub-directory** with the same name as the input directory. Not only is this very easy to forget, and not only is this highly counter-intuitive, but the standard file-name completion of e.g. Bash automatically adds a trailing slash when it expands a directory name, implying that the user who has used completion to generate the name has to explicitly think about removing that slash (should it not be wanted in conjuncture with rsync—in almost any other context it will be either wanted or irrelevant).

*At least in terms of manifestation. Conceptually, it might possibly be argued to that the source directory is treated differently. Cf. the rsync–cp comparison that follows.

**Created, should it not already be present. I suspect that the original motivation for these special behaviors related to the complication that such a sub-directory could or could not already be present.

For comparison: “cp -r x y”, “cp -r x/ y”, “cp -r x y/”, and “cp -r x/ y/” all do the same thing—they copy the directory x to the directory y, where there will be a new sub-directory with the appropriate name. In contrast, “cp -r x/* y” (or “cp x/* y/”; in both cases, note the asterisk, which here does not point to a footnote) copies the individual files and sub-directories present in x to y.* An “rsync -r x y” does the same** as the first four cp commands; “rsync -r x/ y” does the same** as the fifth (and sixth).

*Excepting “hidden files”, as the “*” is expanded thus by Bash and shells in the same family. Other shells might have a different behavior. Writing this footnote, I suspect that this could be another clue to the origins of rsync’s idiosyncratic behavior—a poorly thought-through attempt to reduce the dependency on the shell (or scripting language) used.

**With reservations for details, e.g. that cp might give an error and/or ask for a user decision when it tries to copy something which already exists or that, cf. above, cp-with-Bash is more restrictive in terms of hidden files.

Pure insanity.

How to do it better? Well, one option, would be to just have a flag that indicates whether the input directory, it self, should be copied or just its contents—while any trailing slashes are entirely ignored.

Excursion on (and reservation for) flags:
The behavior of these commands can vary considerably depending on what flags are given. The rsync “r” flag is roughly equivalent to the “cp” one, according to documentation, and I use it for consistency between examples. In practical use, I almost always call rsync with “avz”, of which the “a” includes the full effect of “r”. I have “cp” aliased to ‘cp -i”, which increases the “interactiveness”, in case of name collisions, over the “vanilla” cp. (Similarly, I have “mv” aliased to “mv -i”.)

Written by michaeleriksson

May 31, 2020 at 2:40 pm

Posted in Uncategorized

Tagged with , , , ,

CAPTCHAs and forced JavaScript

leave a comment »

An increasingly common annoyance, at least for us Tor users, are CAPTCHAs that are impossible to overcome without JavaScript* activated. Worse, an increasing number of sites seem to use “JavaScript is not enabled” as a heuristic for “is a bot”. The point might come where even a security-minded and well informed user is forced to surf with JavaScript activated in a near-blanket manner just to satisfy such checks and to handle such CAPTCHAs, while the site visited, per se, would have worked well anyway. A particular problem is Cloudscape, which in multiple ways is a threat to usability, anonymity, and security for the end users, due to the extreme number of sites that route their contents over the Cloudscape network—a very significant portion of these CAPTCHA requests stem from Cloudscape.

*I highly doubt that JavaScript, or even images, are necessary in order to implement any level of CAPTCHA protection, in terms of difficulty of automatic solving. More likely, the current JavaScript-and-images construct is chosen through a mixture of laziness and a wish to apply the no-JavaScript heuristic mentioned above. (Possibly, combined with an analog no-images or even a no-cookies heuristic.) However, I will not go into this below.

However, JavaScript is a severe hazard, its use in combination with Tor is almost always brainless*, and I would generally, even for non-Tor users, recommend that it only be activated on a case-by-case basis and on sites with a great degree of trust. Such sites cannot include those with a presence of content not under strict control by the site, which rules out, among others, any site using an advertising network**, the whole of Wikipedia***, and all search services****. (As a bonus, most sites intended for reading are more enjoyable with JavaScript off, e.g. due to less or less intrusive advertising and fewer annoying animations. Other sites, unfortunately, are often so misprogrammed that they simply do not work without JavaScript.)

*The main purpose of Tor is anonymity and no-one who has JavaScript activated has any guarantee of anonymity anymore. Even a selective activation of JavaScript for chosen sites (e.g. by the NoScript plugin) can help with profiling and, indirectly, threaten anonymity—even without e.g. a JavaScript attempt to spy on the user.

**The ads come from a third party and can contain hostile content.

***Wikipedia can be edited by more-or-less anyone and could, at least until detection, contain hostile content.

****Search services display foreign content as a core part of their service, and with insufficient sanitizing, someone could smuggle in hostile content. (Even ambitious sanitizing can overlook something, run into bugs, or otherwise be flawed.) Of course, search services also often serve content from an advertising network …

The last few days, Startpage, my currently preferred search service, has thrown up CAPTCHA-with-JavaScript requests at such a rate that I will be forced to switch again, should the situation not improve.

Specifically, I am, again and again, met with the text:

JavaScript appears to be disabled in your web browser. To complete the CAPTCHA, please enable JavaScript and reload the page.

As part of StartPage’s ongoing mission to provide the best experience for our users, we occasionally need to confirm that you are a legitimate user. Completing the CAPTCHA below helps us reduce abuse and improve the quality of our services.

The best that can be said about this, is that it does not make the (otherwise common and highly ignorant) claim that my browser would be outdated or not support JavaScript.

Firstly, a search site is (cf. above) not a place to ever activate JavaScript. Secondly, the legitimacy of a CAPTCHA, at all, is highly dubious. Thirdly, in as far as a legitimate* reason is present, the cited reason is not it. Fourthly, there is nothing “occasionally” about it—today, I have been hit about ten times for about a dozen searches. Fifthly, the talk of “best experience” (and so on) seems almost insulting, considering the quality problems of Startpage**.

*E.g. that the IP from which the current request comes has sent a very great number of request in a very short time span.

**And DuckDuckGo, etc. If anything, these Google-alternatives appear to grow worse over time. Outside the search services that are known or strongly suspected to engage in user-tracking and profiling, are involved with advertising networks, or similar, I know of no truly good alternative since the demise of Scroogle—and that might have been close to ten years ago.

In fact, when I see a combination of such an implausible* message and such a high frequency of CAPTCHAs, I must at least suspect that this is a deliberate attempt to either drive Tor users away or to force users to surf with JavaScript enabled. Whether this is so specifically with Startpage, I cannot know, but that it is the case with at least some sites out there is almost a given.

*In contrast to e.g. “We have seen some odd activity from your IP. Please confirm that you are a human user.”.

As an aside, the use of CAPTCHAs to solve the perceived problem is disputable on several counts, including that CAPTCHAs can often be solved by clever bots, that they can pose great problems to many human users, including those less-than-bright or of weak eye sight,* and that better solutions might be available, e.g. that IPs with a large amount of requests see an artificial delay before treatment**. To boot, it can make great sense to investigate whether a block of bots makes sense, as they are often beneficial or neutral, or whether a block based on amount of traffic, irrespective of the human vs. bot issues, would be better.*** Certainly, a CAPTCHA-based block on bots should only be contemplated if means like the use of a robots.txt (which, in all fairness, is quite often ignored) have failed.

*But even very bright people who can read the text well can run into problems. I have myself sometime failed because it has been unclear e.g. whether a certain character was a distorted “O” (Upper-case letter), a distorted “o” (lower-case letter), or a distorted “0” (digit).

**This has the advantage of serving everyone, while keeping the situation acceptable for a human who makes one or two requests, and while posing a major problem for a bot that makes a few thousand requests.

***This especially with an eye on the truly problematic bots—those that perform denial-of-service attacks.

Startpage does have a robots.txt, which manifestly does not attempt to exclude bots from the page that I have accessed—a further stroke against it:

User-agent: *
Disallow: /cgi-bin/
Disallow: /do/
Noindex: /cgi-bin/
Noindex: /do/

Written by michaeleriksson

April 29, 2020 at 10:35 am

Follow-up: Stay away from Unitymedia

leave a comment »

The saga of the inexcusable customer hostility of Unitymedia continues:

My most recent problems had long resulted in no reaction whatsoever from Unitymedia (not counting automatic confirmations of receipt), until the 28th of February, almost a month after my first marked-as-urgent (!) query.

This reaction first came in the form of another* “please confirm your email address” email, again with a body consisting just of the text “null”**. Of course, this is entirely pointless, because I have terminated the contract with Unitymedia and have no intention whatsoever of confirming, registering, or whatnot anything—and this should have been obvious even to Unitymedia.

*As I speculate, based on previous interactions, every time a Unitymedia staffer gets her hands on an email address, the first thing she does is to create some type of online account for this email address. Once it is created, automatic emails are sent badgering the user to confirm this email address—even when he has no interest in this account.

**Either the email is basically empty or it is made out of such poor HTML that my email client cannot convert it to something readable. Using HTML, per se, is wrong in an email (and especially business email); using severely broken HTML is inexcusable. I note that this problem was present already during my first contacts with Unitymedia several years ago, and that I pointed it out explicitly: not correcting a known problem with inexcusable behavior over several years is doubly inexcusable.

This email I just saved in my Unitymedia folder and wrote it off as yet another proof of gross incompetence. Worse is to come, however:

Later the same day, I received a (readable, but extremely poorly formatted) email from a human. First claim: “Bitte entschuldigen Sie die ungewohnt lange Bearbeitungsdauer.” (“Please excuse the unusually long treatment [processing?] time.”) Under no circumstances will I excuse an almost month-long response time to a message marked as urgent—a time during which, important, not even a message of “we are sorry, but there will be several weeks before we can get back to you” arrived. Even now, an explanation for the delay was missing.

Next claim: She was sending a replacement router. Why?!?! I have TERMINATED my account! I have no interest in anything relating to Unitymedia and under no circumstance will I bother with collecting a package from Unitymedia, renew my troubleshooting, and whatnot for an account that I do not want!

Various other claims were equally idiotic, like that I should give her my telephone number, that she would check whether compensation was possible after my connection had been restored (Why the hell would that be relevant? Why should I go by her opinion on the matter?), a one-sided rejection of any damage claims (for a more* than month-long service interruption), and a request that I manually transfer allegedly outstanding fees.

*In a best case scenario, I would receive the new router (cf. below) tomorrow, March 6th, 34 days after my first email for assistance—and 41 days after the likely occurrence of the problem (January 24th, based on router logs). Factoring in my experiences with e.g. DHL, I doubt that I would have had the package, even would I try to receive it, before Monday, the 9th, for another three days and a total of a-month-and-a-half.

A particular absurdity is the claim “Wunschgemäß habe ich Ihnen einen Retourenschein zugesandt. Sie können Ihren Vertrag nicht allein durch die Rückgabe des Zubehörs kündigen. Die monatlichen Beträge werden weiterhin berechnet.” (in paraphrase: I have sent you the requested pre-address return label*, but you cannot terminate the account just by sending back the equipment and we will continue to charge monthly fees.). Considering that I have explicitly (!) terminated my account, the return of the equipment (i.e. router, etc.) is secondary, and was certainly not the means of my termination. Unitymedia has no basis whatsoever for continuing to charge monthly fees, and this seems like an outright fraudulent attempt to trick unsavvy customers into continuing an unwanted, intolerable, and unconscionable contract.

*I have not found a good translation for “Retourenschein”, but I do not that it has yet to arrive. Further, that I had explicitly requested a pre-paid one, and whether that will be the case is yet to see.

I replied with harsh email stating that I remained as a non-customer and would* outright block the used email address. About a week later, this email has seen no reaction, but I have received a notification that “my” package, presumably with the replacement router, would now be underway (earlier today, March 5th). I have also noted that Unitymedia has made an illegal “Lastschrift” withdrawal from my account, despite my having terminated the corresponding permission and despite an alleged (according to the above email) switch from Lastschrift to manual transfer for my account.

*And will, but I have not yet gotten around to it. It is the very next thing on my todo list after publishing this text …

Written by michaeleriksson

March 5, 2020 at 11:41 am

Stay away from Unitymedia

with 2 comments

I have repeatedly, but highly incompletely, written about my problems with Unitymedia (cf. [1], [2], [3]).

The original problems eventually resolved themselves through my efforts, with not one iota of help from Unitymedia. However, as of January 24th, my connection is gone again and nothing seems to help. Contacting Unitymedia has been hard, because, of course, my telephone runs over the same connection and is also not functioning.* An attempt to visit one of Unitymedia’s stores failed due to it being closed in the middle of the day.**

*I do not currently have a cell-phone; however, due to problems like these, the extreme restrictions on e.g. credit-card payments without a cell- or even smart-phone, etc., I am currently looking into the topic again. Effectively, individuals without a cell-, increasingly smart-, phone are put in an evermore unconscionable situation, have it ever harder to function in a smartphone-centric society.

**And I strongly suspect that I would have been turned out again with a “Call the hot-line. We only sell subscriptions and refuse to help in any way, shape, or form.” had it been open.

Over the weekend, I moved a planned visit to Mönchengladbach ahead; and used the WIFI in my hotel room to send an email, including a detailed description of the problem and my counter-measures, and to do research on various related topics.

Despite my email being marked as “urgent”, I have still not, five days later, received a reply of any type (except an automatic confirmation of receipt) and my connection is still unusable. Correspondingly, I have today terminated my contract(s) with Unitymedia, effective immediately.

Excursion on my current situation:
I am currently, based on my research, using a near-by Deutsche Telekom hotspot, which is actually cheaper per month and seems to have a considerably lower latency (and/or otherwise let me surf faster). On the downside, there is an automatic disconnect every six hours, the maximal through-put is lower (but not too low), and I do stand a risk that the hotspot is turned off at some point (has not happened during these few days). Long-term, this might be replaceable with a mobile subscription and tethering, but at the moment I am kept back by the poor conditions in Germany. There are recently some true* flatrates, but these go at 85 (?) Euro per month with a 24-month minimum subscription, which does not leave me enthusiastic. Non-flatrates invariably have an upper limit on the high-speed traffic which is much too low for the money paid, while the providers praise the high speed and hope that the customers are too stupid to calculate how short a time that speed is usable before the limit is hit.**

*As opposed to the pseudo-flatrates often claimed to be flatrates, where the user has a few GB per month to surf at high speed with, after which the speed is dropped to the level of an ISDN connection.

**Useless speed-promises are extremely common. For instance, Unitymedia raves about how it can deliver up to 400 Megabit/s, but only rarely will even several parallel users actually benefit from that rate. In my case, the WIFI on my (possibly outdated) notebook could not handle more than a fraction of that rate and even my old 100 Mbit/s subscription was overkill. (Specifically, the highest numbers I have seen during download have been around 50 Mbit/s, resp. 6.x MB/s.)

Written by michaeleriksson

February 6, 2020 at 10:06 pm