vmware Horizon Client on Ubuntu with Firefox

Sometimes things “just” work on Linux, and sometimes it’s a bit more fiddling. It’s the latter when running vmware Horizon client with Firefox. But as so often, there’s a fix here.

Copy&pasted the answer here:

1. Download the client from the VMWare Horizon Client for 64-bit Linux
2. In Firefox, open about:config and click through the warning.
3. Add a new boolean entry called network.protocol-handler.expose.vmware-view and set the value to false
4. Create a file called ‘test.html’ somewhere on your computer and put the following in it:
   <html><a href=’vmware-view://example.com’>test</a></html>
5. Open the file in Firefox and click on the link, which should prompt you for a path to open the link.
6. Select /usr/bin/vmware-view and it should work for future uses!

Making JetBrain’s IDEs less sluggish

WebStorm works on my Chromebook in Crostini. I’m happy it works. It’s a bit sluggish, but I attributed this to the CPU (m3), the many pixels on the screen (2400×1600) and/or Crostini itself. It’s fine as I won’t run thousands of lines of code here.

On my home Linux desktop (i7-4510U) it’s much better. Not speedy, but ok. Sublime Text is way snappier though.

Turns out you can improve both significantly by changing the Java runtime environment to the one from JetBrain one. Here the steps:

1. File->Settings->Plugins.
2. Click marketplace, search for “Choose Runtime”
3. Install official Choose Runtime addon from JetBrains
4. Wait for install and click to restart IDE.
5. Once back in project, press shift twice to open the search window
6. Search for Runtime. Select “Choose Runtime”
7. Change to “jbrsdk-8u-232-linux-x64-b1638.6.tar.gz”, which should be the very last one at the bottom of the list.
8. Click install, restart IDE, enjoy!

Obviously pick the latest version of the jbrsdk-8u-232-linux-x64. Why this is not default, I cannot say. It should be.

Source: https://www.reddit.com/r/Crostini/comments/e67tij/pycharmwebstormjetbrains_ide_fix/

Citrix Workspace and Linux

Installing the Citrix Workspace (formerly Receiver) on a Linux machine should be simple. After all, installing it on a Chromebook worked just fine (after enabling High DPI since my Chromebook has such a display).

But on Linux all I got was: You have not chosen to trust “Entrust Root Certification Authority – G2”, the issuer of the server’s security certificate.

Well, I was not aware of it and Chrome itself as well as Firefox had no issues with https://validg2.entrust.net/

So what’s throwing that error message?

Seems it’s the Citrix Workspace application itself which uses its own certificate store and it needs some more certificates (see https://support.citrix.com/article/CTX231524):

1. Get the missing Entrust G2 root certificate from here
2. Copy it to /opt/Citrix/ICAClient/keystore/cacerts/ (this is where the Debian package installed into)
3. Rehash the certificates

sudo /opt/Citrix/ICAClient/util/ctx_rehash

Et voilà: it works. See also this entry in the Citrix forum. Different root certificate, but same problem.

Seems the Citrix Workspace app has its own certificate store. Why is beyond me as the system usually has a certificate store already. Why not use that one?

Note: The need for the Entrust certificate seems to be because the point to what I connect to uses a certificate signed by Entrust. Thus not everyone will need this particular root certificate. But whichever you need, it needs to be in /opt/Citrix/ICAClient/keystore/cacerts/

Get your https:// back in Chrome

Google changed the Address bar in Chrome to remove https:// and the leading www. I am fine with the closed lock for https:// and an open lock for http://, but I do not like the mangled DNS name.

So it looks like this as per the new default:

If you are like me and prefer to see the protocol and the complete DNS name like this:

then install the Suspicious Site Reporter from Google and you get back your https://www.

Source: this post in reddit.

There used to be a Chrome flag to enable this (chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains), but it’s gone. Or use Firefox.

The Inner Workings Of SSDs

Found a most interesting article series about how SSD internally work: http://codecapsule.com/2014/02/12/coding-for-ssds-part-1-introduction-and-table-of-contents/

It goes quite deep, e.g. explains the internal structure of FLASH memory as well as how the Flash-Translation-Layer (FTL) works. I have not see any such detailed description yet.

A Bit Related

hdparm works well doe SCSI disks (or disks which behave like SCSI disks), but it does not work with NVME disks. But nvme does. See here: https://tinyapps.org/docs/nvme-sanitize.html how to erase NVME SSDs.

Moving DNS

Part 1: Moving DNS Registrar

I bought my domains quite a while ago via GoDaddy, but I had my DNS servers at Linode as that’s where the VMs were I used. Linode have an easy-to-use GUI and a well-working API (important for Let’s Encrypt certificates via acme.sh). Life was good. when it was renewal time and GoDaddy’s prices increased quite a bit, I moved the registrar from GoDaddy to AWS: it was actually cheaper than GoDaddy and there are zero attempts to sell more things to me I don’t need.

Recently I started to look at Cloudflare Workers when I saw that CF is also a registrar. And it’s a rather special one:

Cloudflare Registrar securely registers and manages your domain names with transparent, no-markup pricing that eliminates surprise renewal fees and hidden add-on charges. You pay what we pay — you won’t find better value.

See https://www.cloudflare.com/products/registrar/

Well, that sold me. So I moved from AWS to CF for one of my 2 domains, and it was done in about 30min. Most of that time I was waiting for an email from AWS on my wrong email account. It probably could have been done within 5 minutes.

Moral of the story: Don’t be afraid of moving your DNS registrar.

Part 2: Moving DNS Server

While moving the registrar is a non-event with no outages whatsoever, moving DNS servers for a zone is more worrisome as there can be outages for your domain. Cloudflare makes it quite easy to move a zone to them: add your zone to CF, and they’ll give you 2 DNS servers which you need to update in your registrar’s zone info. Then CF will shortly later copy the zone information (mostly) over.

Few rarely used entries were not copied for some reasons. Add those missing ones. Keep the old zone active for a while (look at your TTL time in the SOA record).

And that’s it.

The most interesting part of Cloudfront is that their DNS server (usually) proxies traffic through their servers before contacting my server. And they cache the data. So theoretically that might make my web page faster. It now got some DDoS protection, I can turn on firewalls, do HTTP/3, and learn where traffic comes from. Like this:

I can understand that plenty requests come from US. That’s where Google & Friends got their crawlers and my blog is in English, but why France?

The main reason I moved DNS servers is that now I can use CF Workers using my domains. And that works just fine. An unintended side-effect of the DNS servers move is that Let’s Encrypt certificates via acme.sh now take seconds instead of (15) minutes to renew. That’s 2 wins for me!

Now let me see what shenanigans I can do with those CF Workers ☺

OKR – I like it!

Objective – Key Results (OKR) is a way to align teams to move towards a common goal. OKRs are result-oriented: It’s not prescriptive how to do something as that’s left to the implementing team. There’s a clear connection between objective and key results.

KPIs (Key Performance Indicators) and goals which come down from management on the other side give you numbers you should reach. The “why” is not relevant.

It might seem that “result” and “KPI” are the same: If you do reach your KPI, you get the intended result. However that’s more a hypothesis and it’s often wrong. If you have a metric of what you want to get done, you can try several approaches of how to do it. While it might match the method you’d do via KPI, you might change your approach if you see that it does not work. In a KPI world you simply continue down the (wrong) path: KPI is the goal.

A quick summary of OKRs how I understand it

1. Have a vision: define where you want to go. The boss usually does that.
2. Define key results and metrics which show that you move in the right direction. Done by boss and employees. This is where the alignment happens: Everyone must agree here that this is what matters and this is how we measure it.
3. Define tasks which will likely make the key results move into the right direction. Done by whoever is the expert in this area.
4. Confirm once in a while (daily, weekly) that the metric looks good resp. better than before.

Common Problem: Defining Key Results

Regarding the key results, the main problem I see is that instead of providing key results, often simply tasks are listed here with the implicit assumption that doing this task will help the objective. And if you can count this, it’s a great key result. Well, it ain’t like this.

The Awesome Notebook-Shop

You own a small computer service shop which among other things builds custom notebooks for your clients. This is your main income generator. Your average is 10 per week. You’d like to afford a cruise holiday next year. It’s quite expensive.

Objective: Go to a cruise next year

What’s the key result? One answer could be:

Key result: Build 20 notebooks per week.

Easy to measure. Nice metric. Or is it?

The fallacy is that the unspoken assumption is that building more notebooks means more can be sold and thus you can go on the cruise next year. But do you have staff to build that many notebooks? Maybe you have to hire people. Or pay overtime. And can you even sell 20 per week? How about:

Key result: Sell 20 notebooks per week.

This includes building them. But if you have to lower the price in order to sell 20 per week, you’d not be able to go to your cruise.

Why don’t we instead measure directly what matters? This seems to be better:

Key result: Increase profit by 20%.
Key metric: Net money earned

You now have more options available: You can do advertising or you can offer trade-in’s. Selling 20 instead of 10 notebooks per week might be an option too, as would be buying from a cheaper vendor or selling for higher prices by adding some extra services. By measuring what actually matters, you always know you are on track. No assumptions needed.

Side note: You might want to add some key results to ensure that shortcuts are discouraged.

Constraint key result: Keep customer happy
Key metrics: User retention rate, Customer satisfaction

Otherwise you get a short term increased profit, but if the quality goes significantly down or you are overcharging your customers, you will hurt your long term objective. If you own a shop, you might do this automatically, but if you don’t measure it, how do you know your customers are happy with your work?

Why I like OKRs

It’s a chance to focus on something (the hand full of objectives) to improve by everyone marching in the same direction. Teams who don’t usually care what the other teams do, suddenly work together because they have a common objective and a common metric. Employees understand why they do something. OKRs are transparent, removing potentially duplicate work done by different teams. Metrics show where you are instead of you making up status reports which main purpose is to make you look good. Results are rewarded. Effort is not. (Those who put in more effort, usually get better results.)

More Info About OKRs

Some good links in no particular order:

• WhatMatters by John Doerr (John made OKR popular)
• How Google Sets Goals: OKRs
• 10 Examples of OKRs
• 5 Ways Your Company May Be Misusing OKRs
• The Beginner’s Guide To OKR especially the Common OKR Mistakes
• 9 Initial Mistakes To Avoid When Starting To Do OKR Goals
• Goals Gone Wild
• OKRs: A Tool To Engage Your Employees

Moving Blog – Again

I started to host my own WordPress blog since January 2008. First as a stand-alone installation on a cloud server, then as containers on a cloud server.

December 2017 I moved this to an AWS hosted serverless blog (see here for the source code). Technically interesting, but harder to use unfortunately.

Now I’m back on WordPress. I think it’s easier to use and looks better. Posting blog entries is just more fun. The difference compared to before is that now it’s hosted on wordpress.com instead of being self-hosted.

The Old Blog Entries

My old blog items are copied and are still available here: https://blog-static.harald.workers.dev/. It’s missing all dynamic features as it’s a static copy.

For those who are curious how this works: It’s copy of the previous blog via httrack and stored on BackBlaze B2 object storage (copy via MinIO) and served via CloudFlare Workers.

Here the rather simple code. Replace B2BaseUrl and downloadKey with your own values.

// Hosting static web files on BackBlaze's B2

const B2BaseUrl = 'https://f000.backblazeb2.com/file/BUCKET/blog/static/';
const downloadKey = '3_20200112......33_0005_dnld';

addEventListener('fetch', event => {
    event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
  let response;

  if (request.method !== 'GET') {
    response = new Response('Expect only GET requests', { status: 400 })
  } else {
    let b2Url = request.url.split('/').slice(3).join('/');
    if (b2Url == "" || b2Url == "/") {
            b2Url = "index.html";
    }
    b2Url = B2BaseUrl + b2Url;

    let b2Headers = new Headers(request.headers);
    b2Headers.append("Authorization", downloadKey);
    modRequest = new Request(b2Url, {
        method: request.method,
        headers: b2Headers
    });
    response = await fetch(modRequest);
    // Make the headers mutable by re-constructing the Response.
    response = new Response(response.body, response);
    response.headers.set('Cache-Control', 'max-age=7200')
  }
  return response;
}