Claude Code's 19 cent Parser

A brief prompt:

In authheader.go write a function to parse a SIP WWW-Authenticate header for Digest
authentication. It should return a map[string]string of key:value pairs which are
present. It should handle the case of valueless parameter with no "=" by populating
an empty string in the map.

Write unit tests, including these WWW-Authenticate headers:
1. WWW-Authenticate: Digest algorithm=MD5,realm="example.com",nonce="abcd="
2. WWW-Authenticate: Digest realm="example.com", nonce="efgh=", opaque="1234__", algorithm=MD5, qop="auth"

From this, Claude Code generated quite reasonable parsing code for a SIP WWW-Authenticate header. It did this in approximately one minute of wall-clock time at a cost of 19 cents. This is considerably more quickly and cheaply than I could have produced a similar function.

I made one manual fix: the string comparison for "Digest" and for parameter field names are supposed to be be case-insensitive, and I added unit tests for it. I hadn't specified this in the prompt, and Claude Code didn't figure that out from the mention of SIP.

I remain of the opinion that vibe coding can be a force multiplier for expertise, not a complete replacement for expertise.

 

Wisdom

Returning to an earlier topic: does the code which Claude Code generated exhibit wisdom? Did it have shortcomings which would be harmful? Claude Code came up with the following test cases, and wrote a Go table-driven test case for them.

1. The two I explicitly gave it.
2. Header with valueless parameter
3. Header with unquoted values
4. Empty header
5. Header with comma in quoted value
6. Header with extra spaces

I looked into the handling of unquoted values. The SIP standard says that fields like algorithm or qop which are enumerated in specifications can be left unquoted. What Claude Code generated would allow any field to be unquoted, including arbitrary text strings like realm.

The spec says these values must be quoted. Yet there is also the Robustness Principle, to be liberal in what you accept and strict in what you send.

 

Postel's Law Considered Harmful

Nowadays I think this principle has ultimately been more harmful than good. Over time we end up with a protocol which is only partially specified, where real implementations require a neverending series of quirks handling to work around the behaviors of widely deployed yet incorrect implementations which other implementations have liberally accepted. For new protocols I'm a fan of be strict in what you send and strict in what you accept, to not allow quirks to accumulate. Like barnacles, quirks slow the forward progress over time and tend to cause standrds to bog down and eventually stop even trying to evolve.

But SIP is ancient. In Internet Years it is a centennarian. What should one do about SIP? Being strict in what one accepts would lead to a series of relaxations being added during deployment when engineering philosophy meets harsh reality that there are a lot of barely-compliant production services run by vendors far too large to care what some Internet Rando thinks of their implementation.

I left the test cases and the handling of unquoted strings, for all fields. Life is too short to fight the weight of Internet Protocol Inertia.

Training Gemma3-270m for German Q-and-A

Google recently introduced Gemma3-270M, a smaller Gemma3 model with "only" 270 million parameters instead of billions.

The most interesting aspect of this model to me is that it is explicitly intended to be able to run locally, without requiring highly specialized infrastructure — well within what is achievable outside of specialized datacenters. The potential to run the model with an air gap, isolating it from outside, would be interesting for some future stuff I'm working on.

The eventual uses would involve communication in the German language, so I decided to see about adding training to answer questions in German specifically. I referenced an existing colab notebook, which uses Gemma3-270M to predict chess moves. Chess as an application for LLMs isn't as interesting for me personally, we have better ways to use neural networks to play chess, but the training flow is the same.

We start by loading dependencies and instantiating the gemma-3-270m-it model.

%%capture
import os
if "COLAB_" not in "".join(os.environ.keys()):
    !pip install unsloth
else:
    # Do this only in Colab notebooks! Otherwise use pip install unsloth
    !pip install --no-deps bitsandbytes accelerate xformers==0.0.29.post3 peft
    !pip install --no-deps trl triton cut_cross_entropy unsloth_zoo
    !pip install sentencepiece protobuf "datasets>=3.4.1,<4.0.0" "huggingface_hub>=0.34.0" hf_transfer
    !pip install --no-deps unsloth


from unsloth import FastModel
import torch
max_seq_length = 2048
model, tokenizer = FastModel.from_pretrained(
    model_name = "unsloth/gemma-3-270m-it",
    max_seq_length = max_seq_length, # Choose any for long context!
    load_in_4bit = False,  # 4 bit quantization to reduce memory
    load_in_8bit = False, # [NEW!] A bit more accurate, uses 2x memory
    full_finetuning = False, # [NEW!] We have full finetuning now!
    # token = "hf_...", # use one if using gated models
)

We set it up to accept training data in a chat format using the Huggingface deepset/germanquad dataset, a curated set of training data from the Deutsch Wikipedia and various academic sources.

model = FastModel.get_peft_model(
    model, r = 128,
    target_modules = ["q_proj", "k_proj", "v_proj", "o_proj",
                      "gate_proj", "up_proj", "down_proj",],
    lora_alpha = 128, lora_dropout = 0, bias = "none",
    use_gradient_checkpointing = "unsloth",
    random_state = 3407, # Seems pretty random
    use_rslora = False, loftq_config = None,
)

from unsloth.chat_templates import get_chat_template
tokenizer = get_chat_template(tokenizer, chat_template = "gemma3")

from datasets import load_dataset
dataset = load_dataset("deepset/germanquad", split = "train[:10000]")

def convert_to_chatml(example):
    return {
        "conversations": [
            {"role": "system", "content": example["context"]},
            {"role": "user", "content": example["question"]},
            {"role": "assistant", "content": example["answers"]["text"][0]}
        ]
    }
dataset = dataset.map(convert_to_chatml)

def formatting_prompts_func(examples):
   convos = examples["conversations"]
   texts = [tokenizer.apply_chat_template(convo,tokenize = False,
       add_generation_prompt = False).removeprefix('<bos>') for convo in convos]
   return { "text" : texts, }
dataset = dataset.map(formatting_prompts_func, batched = True)

from trl import SFTTrainer, SFTConfig
trainer = SFTTrainer(
    model = model, tokenizer = tokenizer,
    train_dataset = dataset, eval_dataset = None,
    args = SFTConfig(
        dataset_text_field = "text",
        per_device_train_batch_size = 8,
        gradient_accumulation_steps = 1,
        warmup_steps = 5, num_train_epochs = 1,
        max_steps = 100, learning_rate = 5e-5,
        logging_steps = 1, optim = "adamw_8bit",
        weight_decay = 0.01, lr_scheduler_type = "linear",
        seed = 3407, output_dir="outputs",
        report_to = "none",
    ),
)

from unsloth.chat_templates import train_on_responses_only
trainer = train_on_responses_only(
    trainer,
    instruction_part = "<start_of_turn>user\n",
    response_part = "<start_of_turn>model\n",
)

We then train the model. This took about three minutes on Google Colab using a Tensor T4 system.

trainer_stats = trainer.train()

Now, the real test: can it give good answers to questions not in its training data?

messages = [
    {'role': 'system','content': 'Bielefeld'},
    {"role" : 'user', 'content' : 'Gibt es Bielefeld?'}
]
text = tokenizer.apply_chat_template(
    messages,
    tokenize = False,
    add_generation_prompt = True, # Must add for generation
).removeprefix('<bos>')

from transformers import TextStreamer
_ = model.generate(
    **tokenizer(text, return_tensors = "pt").to("cuda"),
    max_new_tokens = 125,
    temperature = 1, top_p = 0.95, top_k = 64,
    streamer = TextStreamer(tokenizer, skip_prompt = True),
)

<bos><start_of_turn>user
Gibt es Bielefeld?
<end_of_turn>

<start_of_turn>model
Ja
<end_of_turn>

Indeed yes, it can!

If that interaction doesn't make much sense: it is a German joke, alleging that the city of Bielefeld doesn't actually exist. Wikipedia has an explanation in English.

The trained model says that Bielefeld does exist. Clearly it has no sense of humor.

Iceland Carbfix Tour

In July 2025 we took a tour of the Geothermal Exhibition at Hellisheiðarvirkjun in Iceland, all about Geothermal power. My spouse is a Professional Geologist, for whom this was an especially interesting tour.

We took a slightly more extensive version of the tour which included the CarbFix plant, a carbon capture and sequestration project where carbon dioxide is injected deep underground to mineralize.

Near the Carbfix injection site is the Climeworks Mammoth plant, a direct air carbon capture facility. We didn't get to go inside, we could only see it from a distance.

Steam pipes from the geothermal vents back to the power plant.

Steam pipes within the power plant.

Turbine within the power plant.

Climeworks Direct Air Capture facility.

Carbfix H2S+CO2 pumping facility.

Carbfix H2S+CO2 meters.

Survey of Germany-related blog posts

My spouse's mother was German and emigrated to the United States in 1958. Until 1975 German mothers did not pass on citizenship to children born in wedlock. My spouse was not born a German citizen for this reason. The modern state of Germany has decided that this gender discriminatory policy was unconstitutional, and defined a declaration process called Staatsangehörigkeit § 5 (StAG5) by which descendants of such persons can declare their German citizenship.

Our journey in this area began in 2020 with genealogical research, then filing a declaration of citizenship for spouse and our children, and finally taking trips to Germany as new German citizens. I've written a number of blog posts on this topic, roughly categorized below.

 

German Genealogy

• German Genealogical Research
• Getting Started with German Genealogy
• Hannover Stadtarchiv indexes online
• Hannover Stadtarchiv Success

---

German Citizenship

• German Genealogy Results
• German Mothers Prior to 1975
• German Mothers and the Year 2031
• Your Parent Did Not Give Up German Citizenship at 18

---

Other Topics of Interest to Americans, Concerning Germany

• Charles Schwab brokerage debit card
• California Driver's License reciprocity with Germany current status
• Renewing US Passports early
• physicaladdress.com notes
• Mail-in Apostille in California
• California Driver's License reciprocity status 1.2025
• Passport Cards
• Ausland Urkunden, Berlin Standesamt 1
• Tello Android settings for VoWifi
• High School German with UCScout On Demand

---

Our European Experiences

• Germany trip 7.2024
• Germany trip 7.2025

High School German with UCScout On Demand

I've written about our journey to German citizenship for my wife and our children. Yet merely having a German passport, Passdeutsche, isn't our goal: we want our children to be able to function comfortably in Europe if they choose to do so at any point in their lives. That means learning to speak German conversationally, if not fluently.

Two of our kids are in High School. My school in Missouri lo these many years ago offered French, Spanish, and German, but times and school funding levels were different back then. Our High School now offers Spanish — the most widely used language in California after English, but we'd prefer they use this time to learn German instead.

Last year we started taking an online German course from UCScout, which is run by the University of California. The UCScout On Demand courses are self-paced but have an instructor available to assist, grade assignments, and conduct sessions in German. The On Demand courses cost $399 per semester, are accredited high school courses, and meet California's A-G requirements.

We have opted out of the Spanish class offered at school and instead enrolled in the UCScout German course, for 10th and 11th grade so far. At the end of each two semester course UCScout sends a report which our school incorporates into their regular transcript. There won't be a separate report card for the German classes when they apply for admission to college, it will all be part of their High School transcript.

This has worked out quite well for us. During the school year they use the hour which would have otherwise been the Spanish class to work on their German. They've also taken a class over each of the last two summers while we were in Germany. Being able to work on their own schedule lets them do the classwork in the evenings after we're done for the day.

If you choose to do something like this, start early. It took the entire first year of high school to get agreement that the kids would be allowed to drop Spanish and take German instead. It helped that the school had used UCScout during the pandemic to offer their Spanish course, they already had a way to incorporate the grades into their system.

Germany trip 7.2025

Reprising last year's trip, we spent another July in Europe this year.

One somewhat less pleasant aspect of last year's trip was the flights, particularly the return from Frankfurt to San Francisco where we spent 13 hours in the air. This year we broke up the time in the air:

1. San Francisco -> Pittsburgh, to visit family
2. Pittburgh -> Iceland
3. Iceland -> Munich, Germany
4. Munich -> Potsdam, near Berlin
5. Potsdam -> Hannover
6. Hannover -> Hamburg
7. Hamburg -> Reykjavik, Iceland
8. Iceland -> New York City
9. New York -> San Francisco

 

Pittsburgh

We mainly visited family in Pittsburgh, but saw a few sights like the Duquesne Incline.

Duquesne Incline

 

Iceland Geothermal Exhibit

We rented a car in Iceland and went to the Geothermal Exhibit, all about Geothermal power. My spouse is a Professional Geologist, for whom this was an especially interesting tour.

Geothermal power plant at Hellisheiðarvirkjun

Carbon capture system

 

Munich

We spent four days in Munich, a highlight was watching a performance of the Glockenspiel.

Munich Rathaus Glockenspiel

 

Potsdam

Last year we stayed in Berlin, and didn't find time to make it down to Potsdam but wanted to. So this year, we spent four days in Potsdam. We toured the Sanssouci Palace.

Sanssouci Palace

 

Hannover

My wife's family is from Hannover, we visit each time we are there. This year we went to Lake Maschee and the Herrenhäuser Garten.

Lake Maschee

Herrenhäuser Garten

 

Hamburg

We loved Hamburg. Hamburg and Potsdam were our favorite cities on this trip, mainly because of the water. It reminded us of the San Francisco Bay.

Miniatur Wunderland

 

Reykjavik

We went back to Iceland on the return trip, staying in Reykjavik. We visited the Hallgrímskirkja church.

Hallgrímskirkja

 

New York City

I've been to New York a number of times but the rest of the family had not been, so this was a special treat. We took tours of the United Nations and of the Empire State Building.

United Nations

View from the Empire State Building

Personal View of NYC Congestion Pricing

In the 2010s I managed an engineering organization with teams in California and New York. I travelled to NYC a number of times, typically staying near Chelsea Market.

The Maritime on 16th street was my usual lodging, next to Google's NYC office and with the 14th Ave subway station nearby. I recall the blaring of car horns being ever-present, continuing late into the night.

We brought the whole family to New York City in July, the first time I have been there in almost 10 years. We stayed in Manhattan in the Financial District, and went for pizza very near the Google building. The streets were very clear, nowhere near the level of traffic I remember.

(view from the Empire State Building)

(on the way to pizza)

In January 2025, New York City implemented a congestion pricing mechanism to increase tolls for cars entering the city. It had an almost immediate impact in reducing traffic:

• February, 1 million cars reduced
• March, large increase in public transit utilization
• April, large reduction in congestion
• Manhattan foot traffic finally tops pre-pandemic times

The Federal government, always eager to increase fossil fuel consumption, has revoked the needed authorizations and demanded that NYC end the congestion pricing mechanism. The two parties will present their arguments in court in October 2025.

I hope congestion pricing stays. The city is better for having it in place.

Tello Android settings for VoWifi

Tello is a T/Mobile MVNO in the US which offers good support for Voice-over-Wifi, whereby voice and SMS can be sent using an Internet connection while overseas and not require expensive roaming minutes. We were successfully able to use VoWifi on our recent trip to Europe:

• SMS text messages arrived
• SMS messages sent were delivered
• incoming calls ring the phone
• outgoing calls work, and carried by usual US number as the callerID

The most important setting we needed to set was "Automatic data switching." My Tello plan includes no roaming minutes at all, I had installed a travel eSIM from Roamless.

Vibe Coding and Wisdom

I started experimenting with Claude Code a while ago. I am not the first person to make this observation, but thinking of Claude Code as an early career developer whom one is mentoring and needs to guide to a solution is a good mental model for it. It is pretty impressive in what it can do.

Asking it to produce something the size of what one would want to see in a code review from an early career developer produces good results, far faster than I could write myself, at a cost of a few cents.

For example:

Add a command line utility written in Go in cmd/adduser. It takes command line arguments for email, phone, imsi, realm, remsim, gpp_hostname, ns, slack_app_token, slack_channel_id, and smtp_list. It encrypts the slack_app_token, slack_channel_id, and smtp_list using the code in internal/db/encryption.go. It opens a connection to the database using the code in internal/db/server.go, and adds a new row to the accounts table using the command line arguments it was given.

This resulted in a quite functional command line program which did what I asked.

func main() {
        var (
                email          = flag.String("email", "", "Email address (required)")
                phone          = flag.String("phone", "", "Phone number (required)")
                imsi           = flag.String("imsi", "", "IMSI (required)")
                realm          = flag.String("realm", "", "Realm (required)")
                remsim         = flag.String("remsim", "", "Remsim (required)")
                gppHostname    = flag.String("gpp_hostname", "", "GPP hostname (required)")
                ns             = flag.String("ns", "", "NS (required)")
                slackAppToken  = flag.String("slack_app_token", "", "Slack app token")
                slackChannelID = flag.String("slack_channel_id", "", "Slack channel ID")
                smtpList       = flag.String("smtp_list", "", "SMTP list")
        )
        //...omit the rest but it was straightforward code...

 

Unit Testing

Claude Code doesn't seem to produce unit tests as a regular part of its development... like some engineers I've worked with I suppose. However it can be prompted to do so and produces a reasonable result.

In cmd/forwarding create a unit test which starts a server on localhost and uses an http client to connect and POST JSON with input arguments.
 
In cmd/user-management create a unit test which starts a server on localhost and uses an http client to fetch /api/account/<uuid>/db

Claude Code produced a quite reasonable table-driven Go test, including creating an in-memory sqlite3 to mock the Postgres database.

+       testCases := []struct {
+               name           string
+               uuid           string
+               requestBody    ForwardRequest
+               expectedStatus int
+               setupDB        func(*sql.DB, string)
+       }{
+               {
+                       name: "successful forward",
+                       uuid: testUUID,
+                       requestBody: ForwardRequest{
+                               Sender:   "test@example.com",
+                               Received: "2023-12-01T10:00:00Z",
+                               Content:  "test message",
+                       },
+                       expectedStatus: http.StatusOK,
+                       setupDB: func(database *sql.DB, uuid string) {
+                               slackToken, _ := db.Encrypt("test-slack-token")
+                               slackChannel, _ := db.Encrypt("test-channel")
+                               smtpList, _ := db.Encrypt("test@smtp.com")
+
+                               query := `INSERT INTO accounts (id, account_number, email, phone_number,
+                                         imsi, realm, remsim, gpp_hostname, ns, slack_app_token,
+                                         slack_channel_id, smtp_list)
+                                                 VALUES (?, 1001, 'test@example.com', '+1234567890',
+                                                         '123456789012345', 'test.realm', 'test-remsim',
+                                                         'test-gpp', 'test-ns', ?, ?, ?)`
+                               database.Exec(query, uuid, slackToken, slackChannel, smtpList)
+                       },
+               },

Image produced by Claude Code's distant relative, Stable Diffusion

Unwise Approaches

Attempting to get Claude Code to generate larger systems with less guidance didn't go as well. What it produced was functional and quite impressive, but unwise.

I wanted to try out an admin panel with a login link sent to an email address. Not suitable for all environments, but sufficient for many services which rely on the user's email.

In the admin sub-directory, generate a web user interface for an admin console using typescript and react, with a backend server written in Go.
 
The login screen has a text box to enter an email address. When the Submit button is pressed, the backend server should generate a 128 bit random string and use os.exec to run an email.sh process. The backend server should redirect the user to an interstitial page which says "Please click the login link sent to <email address>."
 
Once logged in, the main page has ...

Claude Code generated a quite functional admin console. One could submit an email address and it would fork the script to send email. It maintained a map of pending login tokens in the Go backend. When one clicked the link in the email the backend would respond with ok it it found that token in its active table, otherwise failure. Quite exhilerating to see all of that work within a couple minutes of starting on it.

However this means the client code, itself, was deciding the success or failure of the login link. If it got an ok from the backend, it would proceed to the URL for the admin panel. The backend code would serve up whatever it was asked for, there was no enforcement in the backend.

Anyone capable of understanding the client JavaScript could figure out the URL of the admin panel for any user. The login link only provided the illusion of protection. It was trivial to bypass.

One can observe that Claude Code generated exactly what I told it to, which is a fair observation. One might also observe that Claude Code just regurgitates its training set, meaning that human developers have done similar things in large numbers. This is also a fair observation.

Nonetheless it reinforces that vibe coding is best used as a multiplier, not a substitute, for actual expertise.

Your Parent Did Not Give Up German Citizenship at 18

There have been a large number of US troops stationed in Germany for decades, since the end of World War II. As happens in these circumstances, a fair number of US servicepeople have started families with their spouse who moved with them from the United States, with children born while stationed in Germany.

Some things which are commonly believed amongst US military families who have been stationed in Germany:

• Children born to US servicepeople on German soil will be dual citizens of the US and Germany.
• At the age of 18 or 21 or 23, those dual citizens will have to choose which citizenship they will keep and forfeit the other.

Unfortunately neither of these is true. German citizenship is not like the US: being born on German soil does not make one a German citizen. One is German if one's parent is German, or if one naturalizes. So a child born to two US citizens stationed in Germany is not German. If the US serviceperson marries a German, then any children could be dual citizens.

 

Certificate of Citizenship

This story is reinforced because children born in Germany will have either a German birth certificate called a Geburtsurkunde or, less often, they will have paperwork from the US military hospital where they were born. Neither of these are acceptable as proof of US citizenship, which the child needs when they return to the US.

It is quite common for parents to order a Certificate of Citizenship for their children, documenting that the child is a US citizen. This often happens at age 18 when the child registers to vote or finds a job which requires that they prove their right to work. The Certificate of Citizenship contains language forswearing other allegiences, and reinforces the belief that the child had to choose one citizenship or the other at age 18.

In reality the presence of that language on the Certificate of Citizenship has no impact, other countries do not recognize the US document as being binding upon their practices of citizenship. If one actually was born a dual German and US citizen, the issuance of a US Certificate of Citizenship has no impact on their German citizenship. They remain a German citizen.

 

Impact

The impact of these misconceptions works in both directions:

1. People who mistakenly believe they are German citizens, or were German citizens, and try to get that citizenship back.
2. Perhaps more tragically, people with a German parent who believe they forfeited their German citizenship at 18 or 21 or 23 and never pursued it further, when in reality they remained citizens throughout their lives. They could have made different choices had they known.

If you wonder whether you are in this situation, Reddit's /r/GermanCitizenship can help you figure it out. I spend time on that subreddit as well, helping people understand the declaration processes which we navigated.

Paragon mechanical timer 4004-71M vs 4004-71

Our pool pump uses an Intermatic timer which stopped working a few weeks ago. The mechanical timer mechanism is labelled as a Paragon Electric 4004-71M. After scouring eBay for a few weeks with no 4004-71M timers appearing but several 4004-71 models... I bought one, hoping it would fit.

It looks almost identical and mechanically does fit into the housing, with mounting tabs in the right places. However the original 4004-71M has a through hole at the bottom where a mounting screw secures it to the metal box. The 4004-71 has a smaller diameter hole which doesn't go all the way through, intended only to hold a cover over the wiring.

As my father would surely have said in this situation: "You can have a through hole anywhere, if you want it badly enough."

The timer chassis is bakelite, which drills cleanly if one takes it slowly. A few minutes drilling resulted in a hole suitable to mount the 4004-71 into the housing which originally held the 4004-71M.

Adding to the amassed knowledge of the Internet: the 4004-71 is not a direct replacement for the 4004-71M, but can be modified to work.

HomeAssistant Voice Preview Edition poweron

I powered on two HomeAssistant Voice Preview Edition devices, trying to replace our use of Google Home. It is set up self-hosted in a HomeAssistant VM, running on a quite old Dell T320 server running Proxmox. It is an E5-2450 v2 with 8 cores and 20MB cache at 2.5 GHz. The HA-OS VM gets two of those cores.

Pros:

• has an announce function, one of the most common things we use Google Home for. Yes, we use Google Home primarily as an overly complicated intercom.
• entirely self-hosted, voice doesn't leave the home

Cons: haven't yet figured out the other common things we use Google Home for.

• set timer for N minutes
• play music from YouTube
• recurring alarms every weekday/Thursdays/etc

National Climate Assessment team disbanded

By Ed Hawkins, climate scientist.
CarlinMack created this version.

Three weeks ago contracts for the National Climate Assessment were defunded and work stopped.

Today the 400 people working on it were disbanded.

Production of the report is funded and mandated by law. Presumably in 2028, AI will write something.

Finding a Role in Climate

Climate Week is drawing to an end, not yet done but one can see the close approaching.

I have spent a bit over a year now on my own, doing some consulting work while looking for longer-term opportunities but also taking downtime away from the industry. I’m very motivated to work on climate, building on earlier efforts:

• two years as a Senior Fellow at Project Drawdown
• several years coaching climate community members starting their careers
• Cohort 5 of the ClimateBase Fellowship
• all of that coming after several decades in the Tech industry, at three startups (Dominet Systems, ConSentry Networks, Tailscale Inc) and two large companies (Sun Microsystems, Google). I held roles from ASIC designer to software manager to VP of Engineering.

I’m starting to focus again on finding the right long term opportunity, not just consulting. What I’d request of those whom I’ve worked with or had the pleasure to meet along the way is introductions at the right stage, for roles with:

• a focus on climate as the primary mission. Energy is the best match for my skillset, but I believe that land use and agricultural tech need more effort and I have relevant experience with satellite imagery.
• a position which is substantially leadership, from Director at a large company to Founder / Founding Engineer or VP at an earlier stage. I can help hire, evolve organizations, and build a product.
• a technical component which is not zero. Managers should manage, but I believe managers who completely lose touch with the reality of the engineering work become less effective as leaders. I would seek an opportunity where there would be suitable opportunities to contribute technically, and believe it is important that the team see those contributions.
• an organization with a European connection. We enjoy Europe, have travelled in Germany several times, and have substantial family connections there.

These sorts of opportunities are mostly not posted publicly. I have responded to a few public postings over the past year, that is not an effective way to proceed. I’d ask for warm introductions you may be aware of, early in the process, perhaps when founders are talking about a new venture or considering a new project which needs leadership.

Thank you so much for any connections you can provide.

SF Climate Week Opening Keynote

As I did last year, I took the train to get to SF Climate Week. In this area that means taking Caltrain up the Peninsula before switching to the Bay Area Rapid Transit (BART) to the Embarcadero, then walking to Climate Week at the Exploratorium.

Both of those train systems have been substantially improved since last year:

• Caltrain completed a years-long electrification project, replacing all of the diesel trains.
• BART finished deployment of a new generation of cars, retiring all of the 25 year old rolling stock.

From this one might infer a renaissance of mass transit deployment in urban areas... but one would be wrong. Indeed, in nearly every area of climate action where the Inflation Reduction Act had spurred progress, the new administration of the last three months has attempted to roll it all back.

---

Former Vice President Al Gore presented the opening keynote speech, fiery and powerful.

SF Climate Week 2025

This is SF Climate Week! The opening keynote with former Vice President Al Gore, long-time Speaker of the House Nancy Pelosi, & SF Mayor Daniel Lurie is this afternoon at The Exploratorium in San Francisco.

I'll be in SF this week as a volunteer helping keep things running, hope to see you there.

German Mothers and the Year 2031

Until 1975 German mothers did not pass on citizenship to children born in wedlock, only German fathers did. To address historic gender discrimination in citizenship practices Germany has defined a declaration process called Staatsangehörigkeit § 5. I wrote about our experience with this process, which we completed in 2023.

In the 20th century several million Germans emigrated to the United States. Staatsangehörigkeit § 5 is applicable to a very large number of their descendants today. From a post on r/GermanCitizenship about an April 2025 visit to the German Consulate:

The caseload has increased exponentially in the past 4 months. He said that aside from all the appointments each day, they get between 80 and 90 inquiries a day in the Chicago office alone.

The Staatsangehörigkeit § 5 process will be open for ten years. Having started in August 2021, declarations will be accepted until August 2031. The current wait time in the queue to be processed is about 2.5 years, and is likely to grow with the number of Americans now applying.

If you were born to a German mother prior to 1975 and a declaration of German citizenship is something you'd consider doing, I'd advise starting on it soon. Applications received by 8/2031 should all be processed, but the queue is likely to be years long.

Coal Mining Policies

New coal policies are invariably announced in front of a group of workers wearing hard hats with lights affixed, and often in Pennsylvania for good measure. One might assume the mining profession is a huge economic force and under constant threat which must be fended off to preserve families and livelihoods.

As a profession, coal mining employs about 40,000 people in the US.

Source: FRED (Federal Reserve Economic Data).

---

Construction Management requires similar levels of education and experience and according to employment statistics enjoys a similar pay scale. There are 10x to 20x more Contruction Managers in the US.

Source: FRED (Federal Reserve Economic Data).

---

Coal policies are not driven by concern for workers. Coal policies are driven by concern for fossil fuel profits, which have only been made possible by externalizing the cost of the damage to human health and acceleration of global warming.

RSS Feed Likely to Break

Over a decade ago I configured this Google Blogger site to use FeedBurner. This blog never generated ad revenue and I turned ad insertion off, but left the feed still going through FeedBurner.

I'm making progress in moving the blog off of Google Blogger. I am actively trying to reduce my use of big tech companies, limiting them to easily-replaced commodified services wherever possible. I have a Jekyll site working locally, with all existing posts and images imported. I expect to serve the generated static site from somewhere like GitHub Pages or Cloudflare Pages so as to not operate a public-facing site myself, but retain the content and publishing infrastructure locally. The static hosting can be moved easily.

However: I expect the RSS feed will break, with a discontiguous update making it look like more than 400 posts have suddenly published. The Jekyll site will not generate an identical feed to Google Blogger. I also don't intend to use FeedBurner with the new site, as Google began shuttering the service several years ago.

Looking at the feed today, it is three posts behind. I don't know why, but I guess I'm heartened that it is not more. I'm posting this now in hopes that it will be published to any remaining subscribers of the RSS feed before the changeover happens.

Farewell, Google Charts API

Nearly 14 years ago I wrote a joke post about the Holtzmann Shields from Frank Herbert's Dune, complete with impressive-looking but nonsense equations like this one:

That equation was created using LaTeX:

T = \frac{(0.09\frac{m}{sec})^2(0.0289644\frac{kg}{mol})}{(3)(8.3145\frac{m^2\cdot kg}{sec^2\cdot mol\cdot K})}

 

At the time the post was written in 2011, Google offered a Charts API which would accept URL-encoded LaTeX and render it on the fly. The original posting from back then just embedded the Charts API URL as the source for the image, confident that Google would supply a suitable PNG:

https://chart.googleapis.com/chart?chs=239x83&cht=tx&chl=%0AT%20%3D%20%5Cfrac%7B(0.09%5Cfrac%7Bm%7D%7Bsec%7D)%5E2(0.0289644%5Cfrac%7Bkg%7D%7Bmol%7D)%7D%7B(3)(8.3145%5Cfrac%7Bm%5E2%5Ccdot%20kg%7D%7Bsec%5E2%5Ccdot%20mol%5Ccdot%20K%7D)%7D%0A

One can see the LaTeX code in the `chl` parameter.

 

The joke post turned into a joke on me: Google announced the deprecation of the Charts API the following year, and turned it off altogether in 2019. My post from 2011 has been broken for almost 6 years, without me knowing.

I am currently endeavoring to reduce my use of Big Tech services, turning to alternatives over which I have more control. Importing that 2011 post into Jekyll repeatedly failed because the image link was broken. I was able to recover the original LaTeX from the URLs to fix the old post, by generating PNGs.

I think this reinforces the desire to not depend upon Big Tech. Google kills services every day, especially ones like the Charts API which didn't have their own monetization path.

Preparing for Offsite Backup

For many years, too many years, my family computer backup plan was an aging Apple Airport Time Capsule paired with the fervent hope that nothing would ever fail. That worked pretty well in that we haven't lost anything important, but Backup Theater is honestly worse than just admitting there is no real backup.

Last year I decided that Adulting should include ensuring that family data remains safe and the kids don't lose schoolwork, or the custom Doom WADs they've developed, or what have you. The Adulting Plan for Backups consists of:

• Android and iOS devices should be backed up somewhere outside of the home.
• Windows and macOS laptops should be backed up somewhere outside of the home.
• Proxmox VMs and LXCs should be backed up somewhere outside of the home.

Repetative and boring, perhaps, but that is how a backup plan should be: replicated and safe.

 

Android and iOS

The mobile devices were simplest: they already backed themselves up, Android to Google Drive and iOS to iCloud. Downloading all iCloud photos to immich allowed us to drop to a less expensive iCloud+ storage plan while still using it for device backups.

One downside of using the mechanisms which Google and Apple provide is that the backups are not encrypted from outside access. Google and Apple can access the contents of the device backups. I hope to come back to re-examine these backup plans in the future with something we have more control over.

 

Windows and macOS

After some searching, we paid for Arq Backup Premium, which provides one license for each of our five laptops. Each laptop is configured to back itself up twice:

1. To the cloud storage which Arq Premium provides.
2. Using SFTP over Tailscale to the fileserver within our home.

The backup files for all of the laptops together come to a bit over 800GB, nicely fitting within the 1TB of Google Cloud storage from Arq Premium. The backups are encrypted using a key which only we have, neither Arq nor Google can read the contents.

 

Proxmox

The Proxmox server within the home has 10 terabytes of ZFS storage. It provides the SFTP backup which the laptops are configured to reach via Tailscale, and it backs up its own VMs and LXCs to ZFS using vzdump. I'm working on offsite replication for this and might post again when that is done.

ZFS Spooky Failure at a Distance

I use Proxmox with a ZFS array to run a number of self-hosted services. I have been working on setting up zrepl for offsite backup, replicating encrypted ZFS datasets which the remote system will be able to store but not decrypt.

 

While working through all of this, the new 28TB disk intended for the remote system appears to have failed.

root@zfsremote:~# zpool status
  pool: pool1
 state: DEGRADED
status: One or more devices has experienced an unrecoverable error.  An
        attempt was made to correct the error.  Applications are unaffected.
action: Determine if the device needs to be replaced, and clear the errors
        using 'zpool clear' or replace the device with 'zpool replace'.
   see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-9P
config:

        NAME        STATE     READ WRITE CKSUM
        pool1       DEGRADED     0     0     0
          sdb       DEGRADED     0    35     0  too many errors

 

Indeed, there are kernel messages about disk errors:

Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368396833 ...
Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368399137 ...
Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368397089 ...
Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368401697 ...
Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368401441 ...
Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368399393 ...
Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368402721 ...
Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368402465 ...
Mar 31 07:16:33 zfsremote kernel: I/O error, dev sdb, sector 23368402209 ...
Mar 31 07:16:34 zfsremote kernel: I/O error, dev sdb, sector 23368401953 ...

 

It seems odd, though. I had run `badblocks` destructive tests for weeks before moving on to creating the ZFS pool. After all that, it would choose this moment to begin uncorrectable failures?

Quite suspiciously, 07:16:33 is also the very instant when I sent a kill signal to a vzdump process running on the Proxmox host.

116: 2025-03-31 07:14:31 INFO:  29% (7.4 TiB of 25.5 TiB) in 9h 37m 2s
116: 2025-03-31 07:16:33 ERROR: interrupted by signal
116: 2025-03-31 07:16:33 INFO: aborting backup job

As I now know, trying to kill vzdump with a signal is not the right thing to do. `vzdump -stop` is the right way to interrupt it.

The OpenZFS docs say: "the following cases will all produce errors that do not indicate potential device failure: 1) A network attached device lost connectivity but has now recovered"

So far as I can tell, this is the explanation for this failure. Me sending a signal to vzdump interrupted the stream of ZFS operations, which manifested as a failed array on the other end. I have to say that I'm not fond of array failure as the way to report network errors. I've cleared the failure using `zpool clear` and will hope that zrepl will sort out bringing the two ZFS filesystems back into sync.

I plan to give it a day, then restore the remote dataset and check whether the file contents are sensible. The remote system does not, and will never, have the encryption key to be able to check the contents of the datasets it holds. I'll have to transfer them back to be able to access them.

Stadtarchiv Hannover bis 2026 geschlossen

I received a Sterbeurkunde from Stadtarchiv Hannover on 28 March 2025, with the following note in the email signature:

Von März bis Jahrsende 2025 verlagert das Stadtarchiv seinen Standort in das neue Sammlungszentrum an der Vahrenwalder Straße 321. Der Lesesaal ist geschlossen, die Bearbeitung von Anfragen eingestellt.

Bei der Erreichbarkeit unserer Kolleg*innen und unseres Funktionspostfachs stadtarchiv@hannover-stadt.de kann es zeitweilig zu Verzögerungen kommen. Wir bitten um Verständnis und freuen uns, Ihnen voraussichtlich ab Jahresbeginn 2026 am neuen Standort wieder im vollen Umfang zur Verfügung zu stehen.

Bitte beachten Sie hierzu auch die Informationen auf unserer Homepage unter www.stadtarchiv-hannover.de.

---

From March until the end of 2025, the city archive will relocate to the new collection center at 231 Vahrenwalder Straße. The reading room is closed and the processing of inquiries is suspended.

There may be temporary delays in reaching our colleagues and our functional mailbox stadtarchiv@hannover-stadt.de. We ask for your understanding and look forward to being fully available to you again at the new location from the beginning of 2026.

Please also refer to the information on our homepage at www.stadtarchiv-hannover.de.

In 7/2023 a request to Stadtarchiv Hannover would usually be answered in a week, but then something happened. Since 2024 response times have been 6-8 weeks. A post on their website mentioned a challenging staffing situation. I'm hopeful that in the long term, moving to a larger facility will help.

Imagery from the indexes was added to Arcinsys last year, those should still be available in the interim.

 

Update 8/2025: I sent a request for a Sammelakte, a marriage file, to the Hannover Stadtarchiv in 8/2025 and received a response that the archive is indeed closed for relocation for the rest of the year.

leider müssen wir Ihnen mitteilen, dass das Stadtarchiv Hannover seine Serviceangebote wegen des ab März 2025 stattfindenden Archivumzugs eingestellt hat. Unsere Bestände werden verpackt und sind nicht benutzbar. Der Lesesaal ist geschlossen und öffnet erst wieder zum Jahresbeginn 2026 im neuen Sammlungszentrum an der Vahrenwalder Straße 321 (Haltestelle Wiesenau).

---

Unfortunately, we have to inform you that the Hanover City Archives has suspended its services due to the archive relocation taking place in March 2025. Our holdings are being packed up and are not available for use. The reading room is closed and will not reopen until the beginning of 2026 in the new collection center at Vahrenwalder Straße 321 (Wiesenau stop).

Macbook Air M1 USB-C Port Replacement

My Macbook Air M1 was gradually developing some kind of impairment in its USB-C ports where I'd have to jiggle or put actual pressure on a USB-C cable to get it to be recognized — and since it has no Magsafe port for charging, this meant it would switch to and from battery as its charging cable periodically lost contact.

Searching turned up people reporting similar issues, especially that the rear port started having a problem first until eventually the front port did as well. There wasn't a consensus solution but a replacement USB-C board from iFixit came up several times. For only $20, I ordered one.

The original USB-C board is off to the right side in this picture. One can see some corrosion and dirt, and also a bit of blackening on what I assume is a power pin. I believe that carbon buildup is likely the primary issue. I'll scrub it off with some alcohol on a cloth and put it away for the future, it would probably work again if needed.

Venmo Public Transactions

Venmo pushes hard for transaction activity to be Public. It doesn't say whether any past payments were actually public, and puts up an interstitial to confirm a change to Private.

This selection does have a benefit for the user, in making it more straightforward for friends to find each other and to make payment arrangements. However the choice has a larger impact on Venmo's user growth, and does come with downsides for their users like making activities public which they assumed were not.

Presumably Venmo has data on how much of a network effect they get from having payment information be Public, drawing in friends and family and acquaintances and randos. Venmo appears to allow this data to impact their UI design to steer users toward the choice most beneficial to the company.

EFF Privacy Badger

I started using Privacy Badger from the Electronic Frontier Foundation several months ago. It is a browser extension — I use it with Chrome — which blocks or restricts domains known to track identities and activity across the web.

One can click on the Privacy Badger extension icon to see what has been blocked, and also to make exceptions for the website being visited if needed.

 
 

This includes live links to tweets and other social media, which Twitter uses to gather data about the viewer. I allow these on certain sites which curate related tweets into stories.

I don't actively use Twitter any more but still find the zeitgeist there to be informative.

Ringing Endorsement for Signal

As published in The Atlantic today:

The Trump Administration Accidentally Texted Me Its War Plans
U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
 
By Jeffrey Goldberg

The aforementioned group chat was using Signal. I guess that is quite the ringing endorsement of Signal's security and trustworthiness.

Signal was already being targeted by every nation-state and major criminal hacking group, I doubt that the knowledge it is being used for US war planning will especially increase the pressure they are under. As a family, we use Signal to coordinate everything important to us.

sync; sanc; sunc

# sync; sync; sync
#

Pros: Works.
Cons: Boring.
 

---

# cat ~/.profile
alias sanc=sync
alias sunc=sync
# 
# 
# sync; sanc; sunc

Much better.

Giant Airplanes Flying Low at 3am

Why yes, a Boeing 747 flying low directly over our house at 3am does wake us up. Who could possibly have predicted it?

Deleting Pokémon GO data

My final Pokémon

I was an enormous fan of Pokémon GO for several years, zealously playing no matter where I was. It spurred me to do interesting things like visit parks in my area to which I had never been, to capture the Pokestop. I joined in legendary battles. I recall captuing MewTwo at a local park with about a dozen other players. I'd been a player of Niantic's earlier game Ingress, and thought of Pokémon GO as a newer, shinier take on the concept.

As happens, my interest in catching Pokémon waned and eventually stopped by the summer of 2019. We went to LEGOLand and there is exactly one Pokémon screenshot in my photos, in what was surely a target rich environment. Emailed entreaties from Niantic to come back started a couple months later.

I knew that location data was the main economic reason for the game's existence. I wasn't especially concerned about it at the time, I felt confident that my visits to parks and monuments and fountains wouldn't be something to be concerned about.

 

That was then, this is now. The world seems more threatening, and Niantic's announcement of the sale of its games and location data to Scopely, which is owned by the Saudi Arabian sovereign wealth fund, is enough to trigger my spidey sense.

One can request deletion of the account and associated data from within the app if still installed, but it is not necessary to reinstall if already gone. Niantic has a request form to delete a Pokémon GO account. If you don't remember your account name, search your Inbox for the pleading entreaties to come back to the game — it went on for years.

After submitting the deletion request, Niantic sent an email requiring that I reply with a code to confirm the deletion within 30 days. Right now I'm trusting that they will actually delete the data: one person's information is valueless, there isn't a reason to lie about doing so.

Ausland Urkunden, Berlin Standesamt 1

In 2023 my wife and our children became German citizens via a declaration process called Staatsangehörigkeit § 5. The official paperwork came in the form of a document, an Urkunde über den Erwerb der deutschen Staatsangehörigkeit durch Erklärung, which we used to apply for Reisepässe.

The Urkunde durch Erklärung is very important, and will be needed to renew the passports. It is possible to replace it if something happens like fire or theft, but it isn't very straightforward to obtain the replacement. We decided to additionally file for birth certificates in Germany. These would be straightforward to re-order in the future as needed, and would serve as proof of citizenship. While at it, we also registered our marriage.

A civil records office in Germany is called a Standesamt, and registrations of foreign births are handled by Standesamt 1 in Berlin. The Berlin Standesamt 1 is famously backed up in processing submissions, we were advised to expect 2-3 years to process our forms.

Happily though, it effectively only took 5 months.

 

I say "effectively" because we missed the email of invoices to pay the Standesamt, until the Consulate sent them again 3.5 months later. So overall it took 8.5 months, three and a half months of which was on us.

Jun 17, 2024	Submitted forms at San Francisco Consulate.
Aug 2, 2024	Consulate forwards invoices from Standesamt in Berlin, which we missed seeing.
Nov 18, 2024	Consulate re-sends the invoices from Standesamt in Berlin, we paid the next day.
Jan 17, 2025	Recording date listed on the certificates.
Feb 7, 2025	Consulate receives the certificates from Germany.
Feb 28, 2025	Certificates delivered to us.

If you decide to do something similar, be aware that it is an expensive undertaking. Registering four births and one marriage cost 334 US Dollars in fees to the Consulate and a total of 630 Euros to Berlin Standesamt I. Altogether, the fees came to about a thousand US Dollars. One is not required to register the births in Germany, only do so if you believe it will be worth it.

Exporting 23andme Data

Our whole family had submitted DNA kits to 23andme including our kids and even my mother, who has since passed away. Our earliest kits used 23andme's v3 chip, the more recent ones used v5. However in the latter half of 2024 there came concerning news about 23andme's financial cicumstances. Last September we decided to export all of our data and ask that 23andme delete it. We didn't want it all to be handed over to a new buyer whose motivations we would not know.

We requested export and had to wait a bit for an email saying the exported data was ready. It generally arrived within a day of asking. Altogether each person's downloaded data is about 400 Megabytes, 375 Megabytes of which is in a single file: "imputed_genotype_data_r6." One of the requested exports seemed to get lost, but was processed on the second request. It took a few days altogether to request and download everything, then ask for deletion.

Nonetheless despite being concerned about what might happen at 23and me, we actually do want to continue to look for DNA matches to discover cousins and relatives. Each year at roughly the time of the RootsTech conference, MyHeritage offers free upload and processing of DNA data exported from other companies like Ancestry or 23andme. We uploaded the exported 23andme DNA data, omitting the kids for now.

We have decided to trust MyHeritage with our data because of a clear commitment in their privacy policy: MYHERITAGE HAS NEVER SOLD OR LICENSED GENETIC DATA OR HEALTH DATA, AND WILL NEVER DO SO IN THE FUTURE.

We'll watch for news if that ever changes, but such an unambiguous statement gives us enough confidence to proceed.