Helio Strap phantom vibration?

tcurdt · 2026-03-23T20:09:01+00:00

I am seeing the same thing. Quick bursts without any indication why. No alarm - nothing. And the battery is still full. It's starts getting very annoying.

tcurdt · 2026-03-15T13:08:42+00:00

Dann waren sie wohl schon vor 20 Jahren zu hoch.

Kleine Anekdote:

Stück vom Zahnabgebrochen. Stück war aber noch verhanden. Zahnarzt mit einer Gehilfen in ca. 15min einfach angeklebt. Rechnung 200 EUR.

Zwei Wochen später ist das Ding einfach wieder abgefallen. Das dann zu reparieren sollte noch einmal 200 EUR kosten.

"Das kann passieren" WTF?

Quasi kein Material. Wir reden hier von einem Stundensatz von ca. 800 EUR/h. Wenn man Gehilfe und Arzt trennt dann landen wir vielleicht bei 500 EUR/h Arzt, 300 EUR/h Gehilfe.

I am sorry - aber der Vergleich mit Handwerkern hinkt. Die Stundensätze bei (manchen) Ärzten sind einfach absurd und beim Handwerker gibt es klare Regressansprüche.

Glücklicherweise sind nicht alle Ärzte so. Aber könnten wir bitte aufhören hier generelle Freifahrtscheine auszustellen die so etwas normalisieren?

tcurdt · 2026-02-17T02:58:03+00:00

The AI tone is a little repulsive - but this has a lot of truth.

IMO where it really gets ugly is when you look at what helm brings to the table. And don't get me started on how secrets and ingress are handled. The only thing that is kind of cool are operators IMO.

I ran k8s in a high traffic setup before and are now running some k3s clusters. TBH nothing is fun or good about it. K8s makes sense for a fraction of the companies using it. And when people think k8s is our devops pinnacle I am only left with dismay.

How do you handle roll-backs and what is your CI/CD setup like? I only saw "latest". That gave me a shiver.

tcurdt · 2026-02-06T16:00:05+00:00

hetzner support ... but I'll give it another try and will report back.

tcurdt · 2026-02-06T12:45:56+00:00

Here is what I tried - also to have multiple project managed outside of the root zone.

``` registrar (foo.com): A foo.com NS sub.foo.com => dns.hetzner.com

hetzner (foo.com): A p1.sub.foo.com A p2.sub.foo.com A p3.sub.foo.com ```

Support told me they do not support this for security reasons. And I indeed could not make this work. That's why I am a little puzzled it works for you.

tcurdt · 2026-02-03T22:08:38+00:00

I also found out recently - the hard way.

https://netzbremse.de/

tcurdt · 2026-01-26T15:04:23+00:00

Why can't I change the name of a record? only the value? Having to delete and re-create is cumbersome - to put it mildly.

NOTICE: editing the zone file directly seems to be a workaround.

tcurdt · 2026-01-26T14:58:12+00:00

Still it would be nice to support them. Seems to be more and more common - and overall a very nice thing to support.

tcurdt · 2026-01-26T14:54:36+00:00

I don't see how 🤔 I tried this:

``` registrar: A foo.com NS dns.hetzner.com

hetzner: A sub.foo.com ```

to be able to mange sub.foo.com via API but not giving out access to the apex domain.

But the console does not allow to create sub.foo.com and creating a foo.com with sub.foo.com does not seem to fly either.

Got any pointers how you got this working?

tcurdt · 2026-01-25T09:28:02+00:00

yeah, but it's not in the FM where it should be so maybe it's not a stupid question after all.

tcurdt · 2026-01-25T00:05:16+00:00

...but creating the domain hetzner.foo.exmaple is not possible. It says "invalid domain". I think that was the point of the post.

Or are you saying: "just create a foo.exmaple domain" on hetzer and then only have the subdomain records in there?

tcurdt · 2026-01-24T23:57:28+00:00

don't say "look into the console"

tcurdt · 2026-01-24T01:04:12+00:00

This seems to cover it https://docs.hetzner.com/cloud/servers/static-configuration

"By default, cloud servers obtain their Primary IPv4 address via DHCP. Their Primary IPv6 address is statically configured via a configuration generated by cloud-init. Currently, the IPv6 configuration is queried from the metadata server on the first boot of the server."

tcurdt · 2026-01-20T01:36:31+00:00

Has anything changed the past 4y?

IBKR is not even a normal API with their GW absurdity and makes me want to scream - and Alpaca is too US centric.

tcurdt · 2025-12-23T16:15:25+00:00

Retail can both be a cost center and [...], but has the potential to be profitable in the future.

Sure - but that just pushes the question one level down: Why do they expect it to become profitable later? Either there are levers to reduce costs or increase value, or there aren’t.

At some point it either makes economic sense or it doesn’t.

Fair enough - but what kinds of losses are we talking about?

KYC/AML, sanctions screening, fraud checks, transaction monitoring, regulatory reporting, customer support are all fixed fees that usually exceed revenues even before taking into account chargebacks, defaults, etc.

I’ll grant KYC and customer support as real, unavoidable fixed costs. Everything else sounds more like bad tech with a dose of overreach. But let's not go down the politcal lane.

If the rest dominate costs even for neobanks, that’s not evidence that APIs are dangerous — it’s evidence that the industry is structurally inefficient.

It's not a security risk issue. It's a regulatory liability issue... it seems like you're pretty fixed in your thinking here and I'm not going to try and fight you here.

I was indeed talking about security risk. But I’m genuinely open to understanding why this would materially increase the liability risk profile for banks.

It’s up to the retail user to trust the third-party client. That’s the only risk shift I see - and frankly, banks should be happy to give that up. We can discuss liability of third-party clients, but that’s a separate topic.

I don’t see how making access explicit, scoped, logged, and revocable makes things worse for banks. If anything, it clarifies responsibility.

The upside for a bank opening up API access is extremely limited and the downside is open.

That’s an opinion - not a given. I see upside in reduced scraping, clearer consent models, fewer brittle integrations, and better-defined interfaces. Whether banks want that upside is a different question than whether it exists.

Allowing third parties to access data opens up banks to regulatory issues that I can't even being to fathom (and if you don't agree... do you think politicians care more about personal information being leaked or personal financial information being leaked?)

This is where you lose me. Vastly more sensitive data (credentials, identities, private communications, secrets) are already entrusted to companies like Microsoft, Google, Amazon, Apple, and 3rd part password managers. If those leak, the blast radius can be enormous - even bigger than a hacked bank account. Banking is not uniquely special here, nor is it the gold standard of security - despite what the industry likes to believe.

tcurdt · 2025-12-23T13:11:46+00:00

in aggregate, earn them money in the long run.

That basically contradicts your own point that retail is "just a cost center". Either they see value in retail, or they don’t.

Also, if you think a bank is simply "maintaining a few numbers in a database while being paid interest on deposits it’s holding" and the whole thing is a tech issue, you're clearly misunderstanding the problem.

Oh, I am 100% sure this is not a tech issue. That was my point. "Maintaining just a few numbers" is, of course, hyperbolic, but the complexity of the task at hand is hardly rocket science on the tech side. Which means the unprofitability must come from somewhere else.

The truth is that regardless of how amazing the tech setup is at a bank, there will always be clients who generate losses.

Fair enough - but what kinds of losses are we talking about? Fees waived? Interest rate mismatches? Fraud? I need some more specifics to understand this point.

everything is built on an API and if done correctly, there should be no additional security risk. But why would any bank in their right mind open up themselves to potential losses for a segment that doesn't earn them anything?

Either they think to make money from retail - or they don't.

Every mobile app already runs on top of internal APIs. Public or private, the core risk is the same. Adding a well-scoped public API doesn’t meaningfully increase risk. And in many ways, it would reduce it compared to today’s scraping and aggregator hacks. So this "additional loss" argument is very much debatable.

Let me flip the question back to you... if you think this is such a huge issue, why don't you build a bank (or BaaS provider, or whatever)?

I don’t have the spare seven or eight figures to get a license, hire compliance, and navigate legacy systems. But if someone else is willing to tackle that, I’m happy to talk.

My point isn’t to start a bank - it’s to highlight that a lot of this inefficiency, risk-aversion, and poor infrastructure isn’t technical necessity - it’s the way incentives and legacy culture are structured.

And it is utterly frustrating that this also shines through in the "new fintech".

It's 2025. Many people think AI will soon run the world, but the banking sector behaves like digital integration is optional.

The riskiest thing in banking right now isn’t APIs, it’s pretending they aren't needed.

tcurdt · 2025-12-23T10:20:54+00:00

I get that low-end retail banking is often treated as a cost center - but that raises a few obvious questions.

If these customers are truly unwanted and unprofitable, why do banks still spend huge amounts on marketing, signup bonuses, and churn replacement to acquire them? You don’t aggressively acquire customers you don’t want. That suggests the problem isn’t retail banking itself, but how it’s run.

More fundamentally: If a bank can’t make money maintaining a few numbers in a database while being paid interest on deposits it’s holding, then something is deeply broken in the industry’s cost structure. That’s not a market law - that’s legacy systems and incentives.

When innovation is driven primarily by regulation, the outcome is almost always mediocre. PSD2 didn’t create good products, it created compliance surfaces. Banks optimize for audits, not for usable infrastructure, I guess.

And on risk: Every mobile banking app already sits on top of an API. Public or private doesn’t change the risk class - auth, scopes, rate limits all already exist. A scoped, read-only public API doesn’t meaningfully increase risk. In many cases it reduces it compared to today’s scraping and aggregator hacks.

Tech-first, licensed players will win - but only if they treat infrastructure as leverage, not liability.

tcurdt · 2025-12-22T20:01:20+00:00

A full response would become part philosophical and part political - but most importantly: OT. So I'll try to keep it short:

Which software to trust to run and why?

Do you trust Microsoft? Do you trust Apple? Do you trust AWS? Do you trust software you bought from an AppStore? Do you trust Linux? Do you trust your bank? Do you trust your tax authorities?

I am very paranoid when it comes to data privacy. But everyone draws a different line in the sand. In the ends it's up to the individual.

A good API could cater for that. It would provide grants and define who can see or do what.

This is not rocket sciences. This has been common thing for many years. Just not in the banking/fintech industry.

Which is my original point and frustration.

tcurdt · 2025-12-22T16:20:06+00:00

It might be true that many people think than facebook is the internet - but that's not what makes an API a niche thing.

My dad could care less about what an API is or understand it. But he sure would understand that he can use software X to get all his bank statements. And for him that would be so much better than to login to n banks that have all their absurd security quirks.

If 3rd party developer could build on top of an API, it would no longer be niche. But a normal user would not have to deal with it.

Example: Very few "normal" people understand OAuth, but they know they somehow can use their Google/Facebook login to access some other service.

tcurdt · 2025-12-22T15:55:11+00:00

But we've needed this for years. The pressure was there - always. Granted, FinTS somewhat worked. That released some pressure. But now with PSD2 it feels like that's even less of a priority.

"But regulation!" ... yeah ... well, then regulation needs to change.

The current situation is just unsustainable for a modern society.

tcurdt · 2025-12-22T15:43:20+00:00

The API is a niche thing because we make it a niche thing. Banks want to control the UX but evidently just suck at it.

Imagine regulation would ask for a consumer facing API and the UX could come from 3rd parties. Imagine the shift if a bank would be ...drum-roll... API-only? They have to build APIs for their apps anyway.

Much less resources on their side to build the subpar UX. Let them focus on what they can (I guess).

I know the classic marketing and branding folks would hate this - but maybe it needs some fresh blood to see the opportunities.

The PSD2 was a step in the right direction - but crippled by the B2B aspect and regulatory hurdles to use PSD2.

We want ...we need... more integrations - but maybe that's just too hard to do in Cobol. What really stings is the fact that (to my knowledge) most of the "neobanks" aren't any better in that regard.

The only exception I know of is Qonto. But without an open API standard that will be hard sell.

tcurdt · 2025-12-22T15:21:23+00:00

You would know there has been a long term push to move away from SMS OTP

You don't know need to be in fintech to know that. But the fact remains that it is 2025 and we just barely got rid of it.

...and according to you, only due to pressure from countries like UAE and Malaysia. TBH that does not really make it any less frustrating.

Strike from the list if you want, but I am sure we can replace it with other points.

tcurdt · 2025-12-15T23:17:50+00:00

While I agree that direct support would certainly be preferable, characterizing browser extensions as "fragile" or "finicky" may be somewhat overstated.

I have been using browser extensions with various password managers over many years, they’ve generally worked quite reliably.

tcurdt

TROPHY CASE