Threads for naggie

  1. 2

    The PID controller temperature problem is why I did mine on the outside. It was a little unwieldy there, but didn’t overheat. (Mine was a late 90s aluminum boiler model.)

    Steaming was improved by attaching a spare steam wand intended for a Rancilio Silvia. I used an auber controller with a second set point for steaming. I don’t think autotune ever worked very well for me.

    Here’s a not-terribly-good video of what mine looked like in action. I’m glad to see people are still doing these same mods.

    That steamer you wound up with looks fancy. Is it larger and more expensive than the classic?

    1. 1

      It was about £150 from Amazon. Works very well!

      1. 2

        So you’re getting an experience that approaches a high end double boiler machine with a classic + that beast. Very nicely done!

        (I don’t mean to dismiss a good double boiler setup… there is a lot to be said for one, especially if it’s got a rotary pump and you’re going to connect its feed and drain to your household plumbing, but then you’d be spending around 4x what I’d guess your entire coffee station cost, for what amounts to a very minor step-up in espresso quality plus some nice ergonomics.)

        1. 1

          Thank you :)

          I do plan on upgrading to a plumbed in, dual boiler machine with rotary pump at some point.

          1. 1

            As someone who moved from a Silvia with PID and insulation, I disagree with your statement about approaching a high end double boiler. It’s still not as consistent and the steam capabilities of a Gaggia/Silvia are awful when compared with a DB or even HX.

            1. 1

              I was referring to the OP’s solution with the separate dedicated milk steamer. Even the PID’d gaggia’s steam was a challenge compared to the DB. (I could manage a good macchiato, but it was harrder.)

              I moved from my classic to an Izzo Alex Duetto when I got the opportunity to plumb in, along with the HG-One manual grinder (with Mazzer Robur burrs). Before I passed my modified Classic along, I took the opportunity to do some triangle tests with Klatch’s World’s best blend and the two machines, using the same grinder, with me pulling all the shots, and the same basket for both.

              While the shots were distinguishable on the triangle tests the verdict was distinctly mixed as to which was better. Duetto won, but it was a much closer margin than I’d have guessed.

              That’s why I called the espresso a minor step-up on the higher end machine. The ergonomics were hands down better, of course. But if plumbing wasn’t a possibility and I had a separate milk steamer? Pairing a really good grinder with the low-end machine and a great basket, I’d put the espresso from the well-controlled low-end machine next to the high-end one with confidence as long as I wasn’t catering, running a bar, or engaged in some other high volume activity.

      1. 2

        That said, my original 2012 battery that came with the Thinkpad was in good condition.

        Wait what?? How?

        1. 3

          I don’t know! Maybe it was never used.

          1. 2

            The battery in my 2013 MacBook Pro died this year and that machine was in daily use for the last 8 years. The battery was holding around 90% of the charge that it held when new, but it had swollen enough that I couldn’t push the trackpad button down properly, I wouldn’t have noticed that it was in a might-catch-fire-soon state if it hadn’t pushed up against the trackpad (cutting through the glue to get it out was quite stressful, but we got it out without anything catching fire and disposed of it). This one had been kept more than 50% charged most of the time, which is generally good for LiIon batteries (keeping them at 60-70% charge is ideal, I believe), which reduces the wear.

            The probability of failure for LiIon batteries goes up over time (and at different rates depending on charge level) but it remains probabilistic failure. Outliers will be happy after 10+ years or die in under one year. The battery in my G4 PowerBook (2005 or 2006 edition?) is still fine, though that one got only a couple of years of use before being displaced by the Core 2 Duo version (Apple lost the original machine when I sent it in for repair and after spending £20 on phone calls being lied to by their support reps and writing an article that was picked up in syndication by a few places about it, they finally sent me a replacement about 6 weeks after I sent in the original).

          1. 11

            I don’t really get these “bolt a bunch of stuff onto an X220” articles. It just seems like a lot of money and effort to have something that doesn’t work very well (i.e. fighting SeaBIOS or dealing with improperly fit keyboards) in the end.

            My interest in ThinkPads is pretty much over anyways though.

            1. 10

              Oh, and fn belongs to the left of control. Apple and Lenovo get this right, why can’t anyone else?

              🧐

              1. 2

                There’s a few Lenovo laptops that do that… Yoga L13 to give an example. But in all of them you can switch it in bios and in many you can even swap the keycaps.

              2. 2

                Haha, yes. It is indeed. What I have ended up working rather well, no issues except the stiffness will never be as good as a macbook.

                1. 1

                  I bought a secondhand Latitude e6220 (Dell’s equivalent of the X220) as it was much cheaper than X220s at the time (about 5 years ago) - it’s still going strong with 8Mb RAM and 275Gb SSD. I use it when I travel as it’s tough as old boots, and it’s still faster than my usual “browsing” machine (a cheapo Asus with an N5000 CPU, but 1080p), the only thing that lets it down is the 768p screen.

                1. 8

                  Paperkey https://www.jabberwocky.com/software/paperkey/ is another option for physical backup. I’d also like to point out that the yubikey 5 DOES support ECC but you need the newer version of it with updated firmware, a disappointing revelation I ran into as well.

                  If you’re interested, a decent way to post your public key is with keybase. In days of yore, you’d upload to a keyserver but that depended on good faith actors and experienced an attack a while ago. It seems to remain vestigial in a lot of software. Trust chains are a major part of this and having a place to do this is useful.

                  I also prefer to make an ultimate trust key that is only on backup that signs and makes my yk root, that has its own subkeys. With that air gapped, never online key, you can have it not expire thus maintaining trust signatures.

                  One more note, you should also make sure you generate revocation certs and keep those backed up as well. Ideally your authorized keys on your server should check a known keyserver location for revocation prior to authorizing a user. If a key is compromised and you revoke it, it doesn’t matter if your server never checks to see if it has been revoked

                  1. 2

                    5 DOES support ECC but you need the newer version of it with updated firmware

                    Yes, you missed the footnote.

                    ? Paperkey https://www.jabberwocky.com/software/paperkey/ is another option for physical backup

                    Indeed! Thanks for the link. Though I might do something similar with QR codes.

                    One more note, you should also make sure you generate revocation certs and keep those backed up as well. Ideally your authorized keys on your server should check a known keyserver location for revocation prior to authorizing a user. If a key is compromised and you revoke it, it doesn’t matter if your server never checks to see if it has been revoked

                    That’s a good improvement.

                  1. 2

                    I don’t like how they use the old-fashioned GPG SSH auth, when the new U2F auth built into openSSH is a lot easier to set up and use.

                    1. 2

                      Well, the new key types aren’t supported everywhere yet.

                      1. 2

                        True, but it requires server support and configuration.

                        1. 1

                          Doesnt require special configuration on the server, only that the openSSH version on it is recent enough.

                        2. 1

                          Are you able to use openSSH’s U2F while using the hardware key for other things, like GPG keys, or is it one or the other?

                          1. 2

                            I use both. I have a resident SSH key (ed25510-sk) on it, and also a PGP key with subkeys. And I also use it for fido2 u2f with sites like gitlab etc.

                            1. 1

                              Thanks for the reply. What model YubiKey do you use? I’m thinking of getting one soon.

                              1. 2

                                I have two yubikey 5 NFC. One on my keyring, one at home.

                          2. 1

                            SSH auth is only a part of the article. It also mentions integration with Pass, which can be encrypted with GPG, which works with YubiKey. I don’t know if it can be encrypted with an SSH key that’s stored on a YubiKey?

                            1. 2

                              I don’t recall if pass supports encrypting secrets for multiple keys, this being the reason why I migrated to gopass a long time ago, but for the later you can have your secrets encrypted for both (or multiple) gpg keys, one of which can be on the Yubikey. I’ve been using this setup for a number of years and it’s pretty good. It allows for key rotation a lot better than a single key setup.

                              1. 2

                                Pass does permit multiple keys. You can provide any number to pass init as arguments. I believe there’s also a facility to make different parts of the hierarchy use different keys, but I haven’t used it. Incidentally, you can use pass init with an existing database to re-key the whole thing.

                                1. 1

                                  That’s great to hear. Gopass in the past year or two has had a habit of bolting a couple of kitchen sinks to their functionality.

                              2. 1

                                You can have both ssh keys and GPG keys on the yubikey. Multiple of each even.

                            1. 3

                              I’d like to set up my Yubikey for all of this, but good grief, it looks like a long slog. Key topologies? Seriously?

                              For the average coder not working in a highly-secure environment, the effort doesn’t seem worth the reward.

                              1. 2

                                but good grief, it looks like a long slog. Key topologies? Seriously?

                                That’s exactly why I wrote scripts to automate it.

                              1. 2

                                looks great. I wish the config was not done in JSON, which does not allow comments.

                                1. 1

                                  Thanks!

                                  The reason the config file is in JSON is because it’s always written to programatically. I know it’s slightly annoying but I believe it’s a worthwhile compromise; when I wrote it I considered SQLite but settled on prettified JSON to allow the file to be tracked in git or similar.

                                  1. 1

                                    Fair, you could have opted for YAML or TOML which are also easy to write programatically, but also allow humans to edit them easily (including comments).

                                    Great project btw, I am going to play with it on a test server.

                                    1. 2

                                      Fair, you could have opted for YAML or TOML which are also easy to write programatically, but also allow humans to edit them easily (including comments).

                                      Sure, but I’m not aware of any serialiser that would retain the comments when writing the file.

                                      Great project btw, I am going to play with it on a test server.

                                      Thanks :)

                                      1. 2

                                        Sure, but I’m not aware of any serialiser that would retain the comments when writing the file.

                                        https://docs.rs/toml_edit/0.2.0/toml_edit/

                                1. 1

                                  Also see TaskWarrior, which I have been using for several years now.

                                  1. 1

                                    This is explicitly referenced in the README. Looks like this is intended to be better than TaskWarrior.

                                    1. 1

                                      Huh, I have not used their sync service. I use git to manage the files in the data directory.

                                      1. 3

                                        I started with taskwartrior, indeed using git to sync the data directory at one point. I gave up doing that after the merge conflicts (caused by the data format, and syncing across computers) were too frequent and difficult.

                                        I did like taskwarrior, and it’s what inspired me to write dstask after a found several things I wanted to do differently.

                                        1. 2

                                          Thanks for the history!

                                    1. 3

                                      That’s a planned feature, and why dstask hasn’t reached v1.0 yet. Coming soon!

                                      A main challenge with reminders is synchronisation. It’s important to avoid duplicate tasks when synchronising across machines – which I’d found is an issue with taskwarrior sometimes. I have a mechanism in mind to avoid this problem.