Microblog : A very long article Wikipedia article on the orientation of toilet paper [7 jun à 22:52] [R]

Vendredi, 7 septembre 2018

Jour 8

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-09-07_1 nouvelle_cuisine_2018-09-07_2 nouvelle_cuisine_2018-09-07_3

[ Posté le 7 septembre 2018 à 18:16 | pas de commentaire | ]

Jeudi, 6 septembre 2018

Jour 7

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-09-06_1 nouvelle_cuisine_2018-09-06_2

[ Posté le 6 septembre 2018 à 18:07 | pas de commentaire | ]

Mercredi, 5 septembre 2018

Jour 6

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-09-05_1 nouvelle_cuisine_2018-09-05_2

[ Posté le 5 septembre 2018 à 18:14 | pas de commentaire | ]

Mardi, 4 septembre 2018

Jour 5

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-09-04_1 nouvelle_cuisine_2018-09-04_2

[ Posté le 4 septembre 2018 à 17:42 | pas de commentaire | ]

Lundi, 3 septembre 2018

Jour 4

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-09-03_1 nouvelle_cuisine_2018-09-03_2

[ Posté le 3 septembre 2018 à 17:06 | pas de commentaire | ]

Vendredi, 31 août 2018

Jour 3

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-08-31_1 nouvelle_cuisine_2018-08-31_2

[ Posté le 31 août 2018 à 23:45 | pas de commentaire | ]

Jeudi, 30 août 2018

Jour 2

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-08-30

[ Posté le 30 août 2018 à 23:45 | pas de commentaire | ]

Mercredi, 29 août 2018

Jour 1

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-08-29_1 nouvelle_cuisine_2018-08-29_2

[ Posté le 29 août 2018 à 23:45 | pas de commentaire | ]

Samedi, 25 août 2018

Ancienne cuisine

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-08-25_1 nouvelle_cuisine_2018-08-25_2

[ Posté le 25 août 2018 à 23:45 | pas de commentaire | ]

Jeudi, 23 août 2018

Tas de meubles

Catégories : [ Cuisine/Nouvelle cuisine ]

nouvelle_cuisine_2018-08-23_1 nouvelle_cuisine_2018-08-23_2

[ Posté le 23 août 2018 à 23:45 | pas de commentaire | ]

Mercredi, 18 juillet 2018

Advertisement on the Web

Traduction: [ Google | Babelfish ]

Catégories : [ Râleries ]

The economic value of a Youtube video

The Youtube platform has been designed for the purpose of making all of its videos are available to anyone at anytime. Given its large amount of content, its suggestion algorithm and the ability to automatically play the next suggested video, a user of Youtube can consider that the stream of videos he wants to watch is limitless. This makes the stream a nonscarce resource i.e., a free good which, from an economics point of view has no value.

Asking users to pay for watching videos would indeed be a bad business move for Youtube, as many user would refuse to pay for watching content they currently get at no cost. Even the Youtube Red subscription, according to an Ars Technica article and related user comments, seems to be valuable not for it exclusive content, but for the extra features provided by the mobile player (download for offline viewing and background playing). Interestingly, these features are already provided by non-standard software, which is freely available. The exclusive content being apparently of little interest according to the article, the subscription seems to rather be “tax” on people who don't know they could legitimately get the same service for free.

Youtube being a business, it needs to get revenue, at least to support the cost of its large IT infrastructure. Since users are not charged any money, Youtube's revenue comes (exclusively?) from advertising (I guess that the collection of user behavioural data and their profiling is also sold to advertisers). Youtube's content therefore has value only insofar as it attracts potential consumers and exposes them to advertisement. The content itself does not matter to the platform, as long as users are drawn to it.

This is thus the foundation of the Web platforms and the Attention Economy, where the users' attention is the actual product being sold by the platforms. User profiling and Big Data is only a tool used for maximising the amount of attention being captured.

Advertisers are gamblers, you don't need to let them win

In 2004, Patrick Le Lay, then CEO of the French TV channel TF1 said “what we sell to Coca-Cola is available human brain-time.” One aspect of this is that TV channels sell advertisers the opportunity to reach the channel's viewers and attempt to influence them into buying the advertised products.

From the point of view of the advertisers, it is a gamble: they bet money (the cost of producing the TV commercial and the price paid to the TV channel to show the commercial) and hope to gain from it (when viewers buy their products because they have seen the commercial and have been influenced by it). This gamble is two-fold: the viewers may or may not see the commercial, and they may or may not be receptive to the influence techniques used in the commercial.

In social media, advertisement can be considered from the same angle: the website sells advertisers display space on its pages, and the advertisers gamble that users of the website will see the commercial and be influenced by it.

While everybody agrees that you don't have a moral obligation to buy a product after you have seen a commercial, it seems less obvious that you don't either have any moral obligation to view the commercial. For example, you could close your eyes and plug your ears to ignore the commercial; you could even use tools that automatically hide the commercial from you.

Putting the advertisers' money to uses I approve of

As I want to protect myself from the influence of advertisers, I normally use automated tools that prevent me from seeing advertisement. I record television programs and skip the commercials (automatically when the tool works as intended, otherwise manually), and I use ad blockers in my Web browser to prevent commercials from being displayed on my screen.

The difference between TV and the Web is that the TV channel gets paid for broadcasting the commercials and cannot control whether or not I skip them while advertisers on the Web pay the websites only if the commercial is being fetched i.e., only if I allow the Web browser under my control to display the commercial. In that case, my preferred solution would be to fetch the commercial as if it would be displayed, without actually displaying it. And since advertisers not only display commercials but also track the users across websites, it is necessary to isolate each commercial so that the tracking is not possible.

I would not normally care about websites not being paid by their advertisers, but in the particular case of Youtube, I use tools that allow me to watch content without having to view any commercial, meaning that the content's creators cannot hope to get payment from Youtube. I therefore dream of a tool that would allow me to channel advertisers' money to the content creators without having to view any commercial, thus letting the advertisers gamble, but strongly shifting the odds of this gamble in my favor. I consider this to be retribution for the advertisers' attempt at influencing me for their profit.

[ Posté le 18 juillet 2018 à 16:34 | pas de commentaire | ]

Mardi, 22 mai 2018

ANSI colors and Solarized

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

The Solarized color scheme redefines some of the standard basic ANSI colors, making some color combinations unsuitable for display. In particular, bright green, bright yellow, bright blue and bright cyan are tones of grey instead of the expected colors.

Also, some terminals interpret bold text as bright colors, turning e.g, bold green into a shade of grey instead of the expected green. At least in URxvt, setting intensityStyles: False will prevent bold text from being displayed in bright colors (but will still be displayed in a bold font).

When redefining color schemes for terminal applications using ANSI colors, these are possible combinations, using the usual ANSI color names. Note that bright colors are usually not available as background colors.

Solarized Light default background (ANSI white)

Normal: black red green yellow blue magenta cyan (light)grey

Bright: black/grey red green yellow blue magenta cyan white

ANSI (Light)Grey background

Normal: black red green yellow blue magenta cyan (light)grey

Bright: black/grey red green yellow blue magenta cyan white

Solarized Dark default background (ANSI bright black/grey)

Normal: black red green yellow blue magenta cyan (light)grey

Bright: black/grey red green yellow blue magenta cyan white

ANSI Black background

Normal: black red green yellow blue magenta cyan (light)grey

Bright: black/grey red green yellow blue magenta cyan white

[ Posté le 22 mai 2018 à 23:21 | pas de commentaire | ]

Dimanche, 18 février 2018

From How Far to Watch TV?

Traduction: [ Google | Babelfish ]

Catégories : [ Science ]

The distance l from the TV depends on the desired horizontal viewing angle a, the screen's diagonal d and the number N of pixels on a row. Additionally, we will assume the screen's aspect ratio r to be 16:9 and the human eye's smallest angle that can be seen e to be 31.5 arcseconds.

Let R be the ratio between the diagonal and the width of the screen:

R = √(1 + 1/r2)

We can then write a relationship between a, N and e:

tan(a / 2) = NR tan(e / 2)    (1)

From (1) we can deduce that for any given e, there is a maximum horizontal viewing angle amax above which pixels can theoretically be distinguished.

For N = 1920 (FullHD), amax = 19.1°. With a 4K screen, amax = 37.2°.

We can also write a relationship between horizontal viewing angle, screen diagonal and distance:

d / l = 2 R tan(a / 2)    (2)

The ideal value or a is a matter of debate, but THX defines a horizontal viewing angle of at least 36° (the screen viewed from the rear seat of a THX theatre), while SMPTE suggests 30°. A value of 20° is also mentioned.

With a 4K screen, amax = 37.2° and (2), we draw that the ideal distance is 1.30 times the screen's diagonal. For example:

  • 132 cm for a 40" screen
  • 165 cm for a 50" screen
  • 197 cm for a 60" screen

With a = 30°, the ideal screen distance is 1.63 times the screen's diagonal. For example:

  • 132 cm for a 32" screen
  • 166 cm for a 40" screen
  • 207 cm for a 50" screen
  • 248 cm for a 60" screen

With a FullHD screen and a compromise angle a = 20°, the ideal distance is 2.47 times the screen diagonal. For example:

  • 201 cm for a 32" screen
  • 251 cm for a 40" screen
  • 314 cm for a 50" screen

EDIT: The value of e is valid for a high contrast between two pixels. Most images do not have such a high contrast, and therefore a value of e = 1 arcminute is a reasonnable assumption in practice.

From this follows that for N = 1920 (FullHD), amax = 35.5° (1.36 times the screen diagonal). With a 4K screen, amax = 65.3° (0.68 times the screen diagonal). This also gives a reasonnable value for standard definition PAL TV with N = 1024, amax = 19.4° (2.55 times the screen diagonal).

That would allow for larger horizonat viewing angles, such as 45° (1.05 times the screen diagonal) or 60° (0.75 times the screen diagonal) when viewing a 4K screen. At such short distances one must however take into account the possible lack of comfort due to the physical closeness of smaller screens.

[ Posté le 18 février 2018 à 18:41 | pas de commentaire | ]

Samedi, 27 janvier 2018

Petits pains pour hamburgers

Catégories : [ Cuisine ]

Recette adaptée de la recette de pain de mie du blog Pique-assiette.

Ingrédients

  • 300 g farine
  • 3 g levure sèche
  • 1 c. café poudre à lever
  • 1 c. soupe sucre
  • 200 mL lait tiède
  • 5 g sel
  • 30 g beurre mou
  • huile
  • 9 cercles métalliques de 9 cm de diamètre, huilés à l'intérieur
  • plaque à four et papier cuisson
  • lèche-frite (profonde si possible)
  • pinceau

Préparation

  • Mélanger tous les ingrédients secs, ajouter le lait et mélanger.
  • Ajouter le beurre et pétrir 5 min
  • Laisser reposer 1 h
  • Former 9 boules (de 61 g chacune), les étirer en disque et placer chaque disque sur la plaque couverte du papier cuisson, au centre d'un cercle
  • Passer le desssus des disque à l'eau à l'aide du pinceau
  • Laisser reposer 2 h
  • Préchauffer le four à 200 °C. Une fois chaud, y placer sur le fond la lèche-frite avec 1 L d'eau bouillante
  • Cuire les petits pains pendant 15 min
  • Les petits pains se conservent plusieurs jours dans une boite hermétique

[ Posté le 27 janvier 2018 à 23:54 | pas de commentaire | ]

Mercredi, 7 juin 2017

DNS 3: NSEC3

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

Third part of my DNS setup notes: changing the DNSSEC config from NSEC to NSEC3. This has be on my TODO list for over a year now, and despite the tutorial at the ISC Knowledge Base, the ride was a bit bumpy.

Generating new keys

The previous keys were using the default RSASHA1 algorithm (number 5), and we need new keys using RSASHA256 (number 8).

Generating those keys was easy. On a machine with enough available entropy in /dev/random (such as a Raspberry Pi with its hardware random number generator) run:
dnssec-keygen -a RSASHA256 -b 2048 -3 example.com
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.com

Transfer the keys to the server where Bind is running, into the directory where Bind is looking for them.

Loading the keys

The documentation says to load the keys with
rndc loadkeys example.net
but that ended with a cryptic message in the logs:
NSEC only DNSKEYs and NSEC3 chains not allowed

Apparently, the algorithm of the old keys does not allow to use NSEC3 (which I knew) so Bind refuses to load these keys (which I didn't anticipate). I eventually resorted to stopping Bind completely, moving away the old keys, deleting the *.signed and *.signed.jnl files in /var/cache/bind/ and restarting Bind. The new keys got then automatically loaded, and the zone was re-signed using NSEC.

NSEC3 at last

I could then resume with the tutorial.

First, generate a random salt:

openssl rand -hex 4
(let's assume the result of that operation was “d8add234”).

Then tell Bind the parameters it needs to create NSEC3 records:
rndc signing -nsec3param 1 0 10 d8add234 example.com.
Then check that the zone is signed with
rndc signing -list example.com

Linking the zones

Since the keys have changed, you need to update your domain's DS record in your parent domains DNS, using the tool provided to you by your registrar. This step is the same as in the “Linking the zones” of the previous part of this tutorial.

[ Posté le 7 juin 2017 à 23:15 | pas de commentaire | ]

Dimanche, 2 avril 2017

Gâteau arc-en-ciel

Catégories : [ Cuisine ]

Préparer une recette de gâteau au yaourt simple. J'ai ajouté 12g de sucre vanillé pour le goût. À la place du moule à cake, utiliser un moule à manqué beurré et fariné.

gateau_arc_en_ciel-1

Séparer la pâte en six portions, et colorer chaque portion avec un colorant alimentaire (rouge, jaune plus rouge pour l'orange, jaune, vert, bleu et rouge plus bleu pour le violet)

gateau_arc_en_ciel-2

Verser la pâte rouge au centre du moule. Par dessus, verser lentement la pâte orange en la faisant tomber d'une hauteur la plus faible possible. Si possible, tourner le moule d'un quart de tour au cours du versement pour que la pâte forme un disque plutôt qu'une ellipse.

gateau_arc_en_ciel-3

Verser de la même manière le jaune, puis le vert, le bleu et le violet.

gateau_arc_en_ciel-4

Cuire 20-25 min au four à 200 °C. Une aiguille enfoncée dans le gâteau doit ressortir propre.

gateau_arc_en_ciel-5

Déguster avec les yeux avant de manger :)

[ Posté le 2 avril 2017 à 18:35 | pas de commentaire | ]

Dimanche, 19 février 2017

Cookies aux pépites de chocolat

Catégories : [ Cuisine ]

Une recette adaptée de Cookwise avec des ingrédients disponibles en Finlande.

Ingrédients

Pour environ 32 cookies.

  • 140g + 30g beurre doux
  • 125g noix de pécan
  • 200g fariinisokeri
  • 1 c. à soupe extrait de vanille liquide
  • 1 oeuf
  • 200g kakkuvehnäjauho
  • 1,5 c. à café levure chimique
  • 1 pincée de sel
  • 80g chocolat noir 72% Pirkka luomu
  • 100g chocolat au lait Panda

Préparation

  • Préchauffer le four à 180 °C, étaler les noix de pécan sur une plaque à biscuits.
  • Mélanger (30s au mixeur) la farine, la levure chimique et le sel.
  • Battre (au batteur éléctrique équipé d'un fouet) 140g de beurre avec le sucre et l'extrait de vanille pour obtenir un mélange homogène. Ajouter l'oeuf et continuer à battre.
  • Faire griller les noix de pécan au four pendant 8 min.
  • Incorporer peu à peu le mélange de farine à l'appareil.
  • Lorsque les noix sont grillées, les mélanger à 30g de beurre et laisser refroidir un peu.
  • Hacher le chocolat au couteau en morceaux d'au plus 5mm et mélanger brièvement à l'appareil.
  • Hacher les noix au couteau en morceaux d'au plus 5mm et mélanger brièvement à l'appareil.
  • Laisser reposer 2h au réfrigérateur.
  • Préchauffer le four à 180 °C.
  • Placer 8 ou 9 boules de pâte grossièrement formées d'environ 35 – 40mm de diamètre sur une plaque en aluminium recouverte d'une feuille de cuisson réutilisable. Replacer le reste de pâte au réfrigérateur.
  • Cuire pendant 9 min au milieu du four.
  • Laisser refroidir 5 min puis déplacer les cookies à l'aide d'une spatule sur une grille.
  • Répéter les trois étapes précédentes avec le reste de la pâte.
  • Conserver dans une boite à biscuits en métal.

[ Posté le 19 février 2017 à 11:45 | pas de commentaire | ]

Dimanche, 5 février 2017

SSH access to a Buffalo LS210 NAS

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

My old NAS that I use for backups is now over 10 years old, and while it still works and faithfully backs-up my files every night, it has an always increasing probability to fail.

I decided to replace it with a Buffalo Linkstation 210, that offers 2 TB of space for 140 EUR, making it cheaper than building my own device, at the risk of not being able to use it the way I want it, being a commercial device that wasn't designed with my needs in mind.

The way I want to use the NAS is that it boots automatically at a given time, after which the backup script on the desktop starts, transfers the needed files, and puts the NAS to sleep mode again. That last feature was available on my previous device, but not anymore on the LS210. Hence the need to make it do my bidding.

Moreover, the Web UI for administrating the LS210 is horribly slow on my desktop due to bad Javascript code, so the less I have to use it, the better.

The device

The way to gain SSH access seems to vary depending on the exact version of the device and the firmware. Mine is precisely a LS210D0201-EU device with firmware version 1.63-0.04, bought in January 2017.

Initial setup

I found instructions on the nas-central.com forum. It relies on a Java tool called ACP_COMMANDER that apparently uses a backdoor of the device that is used for firmware updates and whatnots, but can apparently be used for running any kind of shell command on the device, as root, using the device's admin user's password.

Let's assume $IP is the IP address of the device and "password" is the password of the admin user on the device (it's the default password).

You can test that ACP_COMMANDER works with the following command that runs uname -a on the device:
java -jar acp_commander.jar -t $IP -ip $IP -pw password -c "uname -a"
It will output some amount of information (including a weird message about changing the IP and a wrong password ), but if you find the following in the middle of it, it means that it worked:
>uname -a
Linux LS210D 3.3.4 #1 Thu Sep 17 22:55:58 JST 2015 armv7l GNU/Linux

Starting the SSH server is then a matter of

  • enabling the SSH feature (which, on this cheap model, is disabled by default),
  • starting the SSH server,
  • changing root's password to "root" so that we can login (the password can be changed to something more secure later).
This is achieved through the following commands:
java -jar acp_commander.jar -t $IP -ip $IP -pw password -c "sed -i 's/SUPPORT_SFTP=0/SUPPORT_SFTP=1/g' /etc/nas_feature"
 
java -jar acp_commander.jar -t $IP -ip $IP -pw password -c "/etc/init.d/sshd.sh start"
 
java -jar acp_commander.jar -t $IP -ip $IP -pw password -c "(echo root;echo root)|passwd"

On some older version of the firmware, root login was disabled in SSH, and needed to be allowed with

java -jar acp_commander.jar -t $IP -ip $IP -pw password -c "sed -i 's/#PermitRootLogin/PermitRootLogin/g' /etc/sshd_config"
but that is not the case on my device.

Once this is done, I can run
ssh root@$IP

and login with password "root" (which was set earlier).

One nasty feature of the device is that the /etc/nas_feature file gets rewritten on each boot through the initrd. One last step is then to edit /etc/init.d/sshd.sh and to comment out near the beginning of the file the few lines that check for the SSH/SFTP support and exit in case SSH is not supported:
 #if [ "${SUPPORT_SFTP}" = "0" ] ; then
 #        echo "Not support sftp on this model." > /dev/console
 #        exit 0                                               
 #fi

According to a comment on the nas-central forum,

“The /etc/nas_feature is restored on each reboot, so sshd does not run on boot. Even if you change the init script.”

but I found this not to be true.

I checked that this setup really resists reboots, by logging in as root and typing reboot. SSH access was still possible after the device had restarted.

Going further

It was then possible to setup SSH access using keys; RSA and ECDSA are supported but not ED25519.

One missing feature is the sudo command, but I can live without it I guess.

I have then setup the device to wake up at a given time (through the “Sleep timer” feature in the administration Web UI). It is then possible to put the device to sleep by running as root
PowerSave.sh standby
The command is located in /usr/local/sbin, and this path is not available for non-interactive logins, so I wrote the following wrapper script to shutdown the device:
#!/bin/sh
 
ssh root@$IP 'bash -l -c "PowerSave.sh standby"'

After having been put into standby, the device will then start automatically on the set time, or when the “function” button on the back is pressed.

[ Posté le 5 février 2017 à 12:52 | pas de commentaire | ]

Mercredi, 3 août 2016

Patching a Debian Package

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

I finally found a tutorial that explains how to patch existing Debian packages. I just did that for wmweather that stopped working after NOAA changed the URL where the METAR data is published.

In a nutshell, and in case the original web page disappears, it goes like that:

apt-get source wmweather
cd wmweather-2.4.5
dch --nmu
mkdir debian/patches # because it didn't exist
quilt new update-url.patch
quilt edit src/wmweather.c
quilt refresh
debuild -us -uc

After that I could simply install the new package that had been created.

[ Posté le 3 août 2016 à 22:10 | pas de commentaire | ]

Mardi, 12 juillet 2016

Harmonie et Gamme

Catégories : [ Science ]

Les musiciens et les mathématiciens se sont cassés les dents pendant des milliers d'années sur la définition de la gamme, des notes, des intervalles et des accords. Ce qui suit est le résultat de mes refexions sur la raison dei ces difficultés.

Soit une note, appelée C1, de fréquence f. Lorsqu'on joue cette note sur un instrument, des harmoniques de fréquence 2 f, 3 f… sont produites en même temps. L'octave C2 (de fréquence 2 f) est donc naturellement en harmonie avec C1. Lorsqu'on joue en même temps C1 et C2 de même niveau sonore, les deux fréquences interfèrent et produisent un son de fréquence égal à la moyenne de C1 et C2, donc 3/2 f, que l'on appellera G1. Ce nouveau son est modulé par une fréquence perçue 2 f - f = f, trop élevée dans la pratique pour entendre le battement. L'intervalle de fréquence C1 – G1 est appelé une quinte juste.

De la même manière, lorsqu'on joue en même temps C1 et G1 de même niveau sonore, on obtient une interférence de fréquence égale à la moyenne des fréquences de C1 et G1, soit 5/4 f. On appelle cette nouvelle note E1. L'intervalle C1 – E1 est appelé une tierce majeure, et l'accord C1 – E1 – G1 est appelé accord majeur.

En théorie de la musique, on peut traverser toutes les notes de la gamme en partant de C1 et montant d'une quinte, puis en répétant l'opération. Ainsi, on passe de C1 à G1, puis en montant encore d'une quinte on passe de G1 à D2, puis A2, puis E3 et B3. Enfin, en montant d'une quinte depuis F0, on arrive à C1. On pourrait donc imaginer calculer les fréquences de D, F, A et B de cette manière:

  • En augmentant F0 (fréquence 2/3 f) d'une quinte (donc en multipliant par 3/2) on arrive bien à C1 (fréquence f) ; ceci donne une fréquence de 4/3 f pour F1.
  • G1 (3/2 f) augmenté d'une quinte (multiplié par 3/2) donne D2 (9/4 f), et donc D1, une octave plus bas, a une fréquence de 9/8 f.
  • D1 augmenté d'une quinte donne de la même manière A1 (27/16 f).
  • A1 augmenté d'une quinte donne E2 (81/32 f), donc E1 a une fréquence de 81/64 f.

Mais on a vu plus haut que E1 devait avoir une fréquence de 5/4 f (soit 80/64 f) pour être en harmonie avec C1 et G1 ! C'est donc là que l'édifice commence à s'écrouler : la tierce C1 – E1 n'a pas le même rapport de fréquences que la tierce C2 – E2 ; en d'autres termes, E2 n'est pas exactement une octave au dessus de E1 si on s'en tient à la définition « par quintes ». Les deux définitions de la tierce étant incompatibles, il a fallu trouver une solution.

La manière dont les fréquences des notes sont définies s'appelle le tempérament, et de nombreux tempéraments on été inventés au fil des siècles. La solution retenue depuis le XIXè siècle est le tempérament égal, où tous les demi-tons sont séparés d'un rapport de fréquence égal à 21/12. Ce tempérament donne des accords qui sont tous faux, mais suffisamment peu faux pour que ce ne soit pas gênant.

[ Posté le 12 juillet 2016 à 12:43 | pas de commentaire | ]

Mercredi, 27 avril 2016

DNS 2: DNSSEC

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

Second part of my DNS setup notes, this time about DNSSEC. The following notes assumes there is already a running instance of Bind 9 on a Debian Jessie system for an imaginary domain example.com, served by a name server named ns.example.com.

The version of Bind 9 (9.9.5) on Debian Jessie supports "inline signing" of the zones, meaning that the setup is much easier than in the tutorials mentioning dnssec-tools or opendnssec.

Again these notes are mostly based on the example from the ISC Knowledge Base.

Setting up a signed zone

If you have a delegated zone (like home.example.com from the first part), do the following for both example.com and home.example.com.

Generate the keys
On a machine with enough available entropy in /dev/random (such as a Raspberry Pi with its hardware random number generator ) run
dnssec-keygen example.com
dnssec-keygen -fk example.com

(you can add the -r /dev/urandom option to the command if you dare, if /dev/random is too slow. It can literaly take hours to generate those keys otherwise).

Transfer the keys to the server where Bind is running.

Configure Bind

Create a /etc/bind/keys directory where to put the keys. Ensure the .private files belong to root, are readable by the group bind and not by other users.

In named.conf.options add to the options block:
options {
        …
        dnssec-enable yes;
        dnssec-validation auto;
        dnssec-lookaside auto;
        …
};

Create in /var/cache/bind a symbolic link to /etc/bind/db.example.com.

In named.conf.local, in the zone "example.com" block, add
zone "example.com" {
				…
        #file "/etc/bind/db.example.com";
        file "/var/cache/bind/db.example.com";
        key-directory "/etc/bind/keys";
        auto-dnssec maintain;
        inline-signing yes;
};

Note that the db file must point to a file in /var/cache/bind, not in /etc/bind. This is because bind will create a db.example.com.signed file (among other related journal files), constructed from the path of the "file" entry in the zone declaration, and it will fail doing so if the file is in /etc/bind, because Bind would attempt to create the .signed file in this read-only directory.

Then reload the configuration with
rndc reconfig
Then check that the zone is signed with
rndc signing -list example.com

Linking the zones

Your registrar should provide a tool (most probably Web based) where to put DS records for your domain.

On the DNS server, generate a DS record with
dig @localhost dnskey example.com | /usr/sbin/dnssec-dsfromkey -f - example.com
Copy and paste these lines in the registrar's tool. After a little while, you should be able to query the DS record with
dig @localhost -t ds example.org
If you have a delegated zone such as home.example.com, generate a DS record for that zone with
dig @localhost dnskey home.example.com | /usr/sbin/dnssec-dsfromkey -f - home.example.com
and place these lines in db.example.com (i.e., the db file for the parent zone). Change the serial number of the zone in the same file and run
rndc reload
You should then be able to query the DS record with
dig @localhost -t ds home.example.org

You can use Verisign's DNS debugging tool to check that the signatures are valid and DNSViz to view the chain of signatures from the TLD DNS down to your DNS. This also helped me figure out that my zone delegation was incorrect and caused discrepancies between my primary DNS server and the secondary server.

[ Posté le 27 avril 2016 à 19:21 | 1 commentaire | ]

DNS 1: Dynamic DNS

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

Now that I have my own server, I can finally have my own DNS server and my own domain name for my home computer that has a (single) dynamic IP address.

The following notes assumes there is already a running instance of Bind 9 on a Debian Jessie system for an imaginary domain example.com, served by a name server named ns.example.com and you want to dynamically update the DNS records for home.example.com. This is largely based on the Debian tutorial on the subject, solving the problem that bind cannot modify files in /etc/bind.

On the server

Create a shared key that will allow to remotely update the dynamic zone:
dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DDNS_UPDATE
This creates a pair of files (.key and .private) with names starting with Kddns_update.+157+. Look for the value of Key: entry in the .private file and put that value in a file named /etc/bind/ddns.key with the following content (surrounding it with double quotes):
key DDNS_UPDATE {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
        secret "THIS IS WHERE YOU PUT THE KEY";
};

You can then delete the two Kddns_update.+157+ files. Ensure that /etc/bind/ddns.key belongs to "root" and to the "bind" group, and is not readable by other users.

Then in named.conf.local, include the key file and declare a new zone:

include "/etc/bind/ddns.key";

zone "home.example.com" { type master; file "/var/cache/bind/db.home.example.com"; allow-update { key DDNS_UPDATE; }; journal "/var/cache/bind/db.home.example.com.jnl"; };

In /var/cache/bind create the file db.home.example.com by copying /etc/bind/db.empty and adapting it to your needs. For convinience, create a db.home.example.com symbolic link in /etc/bind pointing to /var/cache/bind/db.home.example.com.

In db.example.com (that is, the parent zone), add a NS entry to delegate the name home.example.com to the DNS server of the parent zone:
home.example.com NS ns.example.com

You can now reload the bind service to apply the configuration changes.

I also found examples of how to test the dynamic zone with nsupdate.

On the home computer

I decided to use ddclient 3.8.3 because it supports dynamic dns updates using the nsupdate tool. I backported that version of ddclient manually from a Debian Testing package; it's written in Perl and the backporting is trivial.

Copy /etc/bind/ddns.key from the server to /etc/ddns.key on the home computer (the one running ddclient), ensuring only root can read it. Then add the following to /etc/ddclient.conf (be careful with the commas, there is no comma at the end of the second last line):
protocol=nsupdate, \
zone=home.example.com, \
ttl=600, \
server=THE_IP_ADDRESS_OF_THE_DNS_SERVER, \
password=/etc/ddns.key \
home.example.com

You can then try out the new setup.

[ Posté le 27 avril 2016 à 18:15 | 1 commentaire | ]

Mercredi, 13 avril 2016

Minimum Password Entropy

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

What is the minimum entropy for my home computer's password?

In recent (post-2007) Debian (and probably other) Linux distributions, the passwords are stored in /etc/shadow using the sha512crypt algorithm. According to Per Thorsheim, with 2012 hardware, a single Nvidia GTX 580 could make 11,400 attempts at brute-force cracking such a password. This means that a log2 11,400 = 13.5 bit password could be cracked in 1 second.

To have a password that would resist a year to such a brute-force attack, one must multiply the password complexity by 86,400×365 (seconds per year) i.e., add 24.5 bits to the password for a total of 38 bits.

But this password is guaranteed to be cracked in a year. To make the probability of cracking such a password much lower, let's say less than 0.01, one must increase the password's complexity by a hundred times i.e., add 6.7 bits. We now have a minimum of 44.7 bits.

If one does not want to change the password for the next 10 years (because one is lazy), one must again increase the complexity tenfold (that's another 3.3 bits for a total of 48 bits) and account for the increase in processing power in the coming years. Between 2002 and 2011, CPU and GPU computing power has been multiplied by 10 and 100 respectively i.e., +0.37 and +0.74 bits/year. That means that the password's complexity must be increased by 0.74 ×10 = 7.4 bits. We have now reached 55.4 bits.

Now we need to guess who are the password crackers. How many such GPU will they put together? Titan has 18,688 GPUs (add another 14.2 bits to stay ahead of it), and the (more affordable) machine that cracked LinkedIn leaked passwords had 25 GPUs (requiring to add only extra 4.6 bits).

Assuming the crackers have a 25-GPU setup and not a gigantic cluster, 60 bits should be perfectly safe. If they are a government agency with huge resources and your data is worth spending the entirety of that cluster's energy for 10 years, 70 bits is still enough.

The same article also mentions an Intel i7, 6-core CPU would make 1,800 attempts per second i.e., 10.8 bits. For a password that must resist for 10 years, that would mean 49 bits. Titan has 300,000 CPU cores (50,000 times more than the i7), so that makes an extra 15.6 bits for a total of 64.6 bits. The Tianhe-2 has 3,120,000 cores, adding 19 bits to the original 49 bits, leading to 68 bits total.

In summary, 70 bits is enough. If you are lazy and not paranoid, 60 bits are still enough. If you think the crackers will not use more than 32 i7 CPUs for a month to try and break your password (adding 2.4 + 21.3 bits to the original 10.2 bits), 48.5 bits are still enough.

[ Posté le 13 avril 2016 à 19:20 | pas de commentaire | ]

Dimanche, 13 mars 2016

Galettes de Sarrassin

Catégories : [ Cuisine ]

Ingrédients

  • 150g farine de sarrassin
  • 20g farine de froment
  • 1 pincée de sel
  • 1 oeuf
  • 250 mL lait
  • 200 mL cidre

Préparation

Mélanger les farines et de sel. Y ajouter l'oeuf et mélanger pour absorber une partie de la farine et obtenir une pâte épaisse. Délayer progressivement avec le lait, puis avec le cidre. Laisser reposer 1 à 2 heures. Faire cuire chaque galette dans une poële très chaude et huilée.

[ Posté le 13 mars 2016 à 20:27 | pas de commentaire | ]

Samedi, 12 mars 2016

Nouveau serveur

Catégories : [ Informatique ]

Le blog (et le reste de mes pages Web) a déménagé sur un nouveau serveur (une machine virtuelle hébergée chez shellit.org. Après longue réflexion et tergiversations, et afin de continuer la série des machines dont le nom se termine en « kone », j'ai décidé de l'appeler « lentokone », koska se on kone joka on pilvissä.

J'en ai profité pour recommencer à jouer les administrateurs système et j'ai installé des serveurs DNS, SMTP, IMAP, HTTP pour gérer mon domaine moi-même.

[ Posté le 12 mars 2016 à 15:30 | pas de commentaire | ]

Dimanche, 17 janvier 2016

Vue du bureau

Catégories : [ Râleries ]

Il faisait beau vendredi, alors j'ai pris des photos depuis les fenêtres du bureau.

Vue_du_bureau_201601_1 Coté lac.

Vue_du_bureau_201601_2 Coté lac aussi. On peut voir la piste de patin à glace sur le lac.

Vue_du_bureau_201601_3 Coté gare.

[ Posté le 17 janvier 2016 à 14:10 | pas de commentaire | ]

Mercredi, 23 décembre 2015

Photo haute vitesse

Catégories : [ Bricolage/Arduino ]

hsphoto-ensemble

Cet appareil n'a pas de nom, mais il sert à controller un appareil photo et un flash pour prendre des photos d'objets qui tombent. Un rayon laser (récupéré d'un pointeur laser rouge bas de gamme) dont la présence est détectée par un phototrasistor sensible à la lumière visible est interrompu par l'objet qui tombe, et après un temps déterminé, le flash est déclenché.

Le code est disponible.

hsphoto-interface

L'appareil utilise un RBBB (compatible Arduino, mais dans un format plus compact) pour contrôler un écran LCD alphanumérique, l'appareil photo via sa télécommande par câble, et le flash via son sabot. Il permet aussi de règler le délai entre la détection de la chute de l'objet et la prise de la photo. On peut en outre règler la longueur de l'impulsion du flash (ce qui n'est pas très utile apparemment, étant donné que cette durée n'a pas l'air d'avoir d'influence sur la durée du flash, mais cette durée détermine aussi le délai entre le déclenchement du flash et la fermeture de l'obturateur de l'appareil photo). En outre, on peut choisir à quel moment l'obturateur sera ouvert (avant de faire tomber l'objet à photographier, au moment où celui-ci coupe le faisceau laser, ou le mode manuel où l'utilisateur a la responsabilité d'ouvrir l'obturateur), et l'envoi ou non d'une impulsion pour effectuer la mise au point (la télécommande filaire est conçue de sorte à ce que le signal de mise au point soit toujours envoyé avant le signal d'ouverture de l'obturateur, il se peut que l'appareil ne fonctionne pas correctement si le second n'est pas précédé du premier).

hsphoto-pcb

Le RBBB est alimenté par 4 batteries rechargeables NiMH, qui fournissent ensemble une tension maximale de 5,4 V, juste en dessous de la limite maximum du microcontrolleur (5,5 V). Ceci permet de se passer d'un régulteur de tension, à condition de ne pas utiliser de piles alcalines (qui produiraient une tension trop élevée, 6,6 V au maximum).

Une des difficultés a été que le laser tend à chauffer, ce qui diminue environ de moitié sa luminosité au bout de 30 s. À ce moment, le laser n'est alors plus assez puissant pour être détecté par le phototransitor. La seule solution est de ne pas laisser au laser le temps de chauffer.

hsphoto-cadre

Une autre difficulté a été la construction du cadre en bois qui porte le laser et le phototransistor : il n'est pas parfaitement plan (je voulais le rendre démontable et j'ai donc utilisé des angles en acier à visser, mais comme je n'ai pas réussi à visser les vis bien verticalement, elles ont déplacé légèrement les angles et tordu les quatre morceaux de bois). De plus, il n'est pas facile de percer un trou bien droit (pour recevoir le laser) et aligné avec un trou similaire (pour recevoir le phototransitor) sur le coté opposé du cadre.

hsphoto-laser

Pour aligner le laser sur le phototransistor, il faut donc tourner un peu le premier dans son logement jusqu'à ce que le point rouge atteigne le centre du phototransistor. L'appareil dispose d'ailleurs d'un mode de fonctionnement où le laser est allumé en permanence et où l'utilisateur peut voir si le phototransistor est correctement éclairé.

La dernière difficulté a été de me rendre compte que le temps de chute de l'objet (entre le moment où le laser est interrompu et le moment où la photo doit être prise) dépend de la vitesse de l'objet au moment où il passe dans le faisceau laser, donc de la hauteur (au dessus du faisceau) d'où l'objet a été laché. Pour obtenir des expériences répétables, il faut donc faire tomber l'objet à partir du support sur lequel il repose, et il faut donc que ce support soit à une distance connue du faisceau. Le support est donc un morceau de carton ondulé percé d'un trou assez grand pour laisser passer l'objet (mais pas trop grand pour que l'objet ne puisse pas tomber à coté du faiscea) posé sur le cadre en bois. La distance d entre le haut du carton et le faisceau, la hauteur de chute h du haut du carton jusq'à l'endroit où la photo est prise et le temps de chute t sont liés par l'équation suivante : t = √(2/g) × (√h - √d) où g est l'accélération de la pesanteur.

hsphoto_de_1 hsphoto_azrael hsphoto_bonhomme

[ Posté le 23 décembre 2015 à 23:45 | pas de commentaire | ]

Mercredi, 9 décembre 2015

BÉPO 3

Catégories : [ Informatique ]

Au bout de 6 semaines, j'arrive à taper lentement en aveugle (ou alors vite en faisant énormément de fautes). J'ai tendace à confondre mains droite/gauche et majeur/annulaire. Si je me concentre ça va, mais c'est vite fatigant.

Sur le Typematrix du boulot ça va plus ou moins, mais le clavier normal (donc tordu) de la maison est une plaie, les doigts tombent systématiquement entre les touches du quart droit.

[ Posté le 9 décembre 2015 à 22:18 | pas de commentaire | ]

Samedi, 31 octobre 2015

BÉPO 2

Catégories : [ Informatique ]

Après 8 jours, ça commence à venir, mais pas vite. Taper en aveugle demande beaucoup de concentration.

BÉPO en disposition par défaut (tout du moins jusqu'au prochain redémarrage du serveur X), Scroll Lock permettant de basculer vers la disposition fi :

setxkbmap "fr,fi" "bepo,classic" "grp:sclk_toggle"

[ Posté le 31 octobre 2015 à 12:12 | pas de commentaire | ]

Dimanche, 25 octobre 2015

Bépo 1

Catégories : [ Informatique ]

Vendredi (il y a 2 jours), je me suis mis au BÉPO. C'est dur et je ne tape pas vite. Je fais des exercices.

[ Posté le 25 octobre 2015 à 11:18 | pas de commentaire | ]

Dimanche, 6 septembre 2015

Noursella v2

Catégories : [ Cuisine/Choco Noursy ]

Deuxième version du Noursella, cette fois-ci tartinable à température ambiante.

Ingrédients

  • 20g chocolat au lait
  • 50g sucre glace
  • 30g huile neutre (navette)
  • 25g cacao
  • 80g pâte de noisette (100% noisettes, grillées puis broyées)

Préparation

Faire fondre le chocolat au lait (p. ex. 1 min au micro-ondes). Y ajouter le sucre glace et le cacao tamisés, et mélanger. Délayer avec l'huile puis avec la pâte de noisette. Laisser reposer une nuit.

Commentaires

  • Liquide visqueux juste après préparation, devient tartinable après un temps de repos.

[ Posté le 6 septembre 2015 à 11:06 | pas de commentaire | ]

Samedi, 22 août 2015

Noursella v1

Catégories : [ Cuisine/Choco Noursy ]

Après des années de pause, j'ai retenté de fabriquer ma propre pâte à tartiner chocolat et noisette, cette fois-ci à partir de pâte de noisette.

Ingrédients

  • 60g sucre glace
  • 30g huile neutre (navette)
  • 30g cacao
  • 80g pâte de noisette (100% noisettes, grillées puis broyées)

Préparation

Tamiser le sucre glace et le cacao, le mélanger puis délayer avec l'huile puis avec la pâte de noisette. Conserver au réfrigérateur.

Commentaires

  • Liquide visqueux (comme du miel) à température ambiante, devient tartinable à température du réfrigérateur.
  • Facile à préparer, contrairement aux expériences précédentes (ici, un bol et une cuillère suffisent).
  • La texture granuleuse au début semble devenir moins granuleuse avec le temps.

[ Posté le 22 août 2015 à 14:41 | 1 commentaire | ]

Vendredi, 6 mars 2015

It will be URxvt after all...

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

I just switched from using Xterm to using evilvte but then I noticed that evilvte cannot be resize smaller. It can become bigger, but there is no way back. Then I learned that URxvt does everything I want (it even uses the same font as Xterm by default) with a bit of configuration. And it's much more lightweight than evilvte (it doesn't use GTK, that helps).

This is my .Xresources (everything you need to know is in the man page).
*VT100*foreground: black
*VT100*background: white
 
URxvt.scrollBar: false
URxvt.secondaryScreen: 1
URxvt.secondaryScroll: 0
URxvt.perl-ext-common: default,matcher
! old keyword
URxvt.urlLauncher: firefox
! new keyword
URxvt.url-launcher: firefox
URxvt.matcher.button: 1
URxvt.keysym.C-Up: \033[1;5A
URxvt.keysym.C-Down: \033[1;5B
URxvt.keysym.C-Left: \033[1;5D
URxvt.keysym.C-Right: \033[1;5C
URxvt.keysym.C-Page_Up: \033[5;5 
URxvt.keysym.C-Page_Down: \033[6;5 
You need to merge it with X's resource database
xrdb -merge .Xresources

and then you can run the terminal.

And Firefox just restored the --remote option, so wmnetselect should even work again (until next time, anyway). Let's say it was an opportunity to learn about stuff…

[ Posté le 6 mars 2015 à 19:09 | pas de commentaire | ]

Jeudi, 5 mars 2015

Local Debian Repository

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

Since I built a customized Debian package I could as well have my own repository. I started from this tutorial but it's a bit out of date and has a dead link to the reprepro short-howto, so here's a record of what I did.

First, you will need to install the reprepro package.

Then, choose a place where to put your repository (I chose my $HOME). Origin, Label and Description are free-form fields. Codename is the same as my current Debian version, and Architectures matches the architectures I'm using. Then run:
mkdir -p packages/debian/conf
 
cd packages/debian
 
cat <<EOF > conf/distributions
Origin: Matthieu
Label: Mathieu's Personal Debs
Codename: wheezy
Architectures: i386 amd64 source
Components: main
Description: Matthieu's Personal Debian Repository
SignWith: yes
DebOverride: override.wheezy
DscOverride: override.wheezy
EOF
 
cat <<EOF > conf/options
verbose
ask-passphrase
basedir .
EOF
 
touch conf/override.wheezy
Now's the time to add the packages. Since SignWith was set to yes in the conf/distributions file, your GPG key will be used for signing the manifest files.
reprepro -Vb . includedeb wheezy  /src/evilvte_0.5.1-1+custom_amd64.deb
reprepro -Vb . includedsc wheezy  /src/evilvte_0.5.1-1+custom.dsc
Next configure your system to use the newly created repository by adding to your /etc/apt/sources.list (replace $HOME with the actual path to your repository):
deb file:$HOME/packages/debian/ wheezy main
deb-src file:$HOME/packages/debian/ wheezy main
Add your GPG key to apt's keyring (replacing KEY-ID with the one of the GPG key that was used when adding the packages earlier):
gpg -a  – export KEY-ID | sudo apt-key add -
You can now run apt-get update and it should pick the content of your local repository. You can check that it is indeed the case:
apt-cache showpkg evilvte
Package: evilvte
Versions: 
0.5.1-1+custom …
0.5.1-1 …
…

[ Posté le 5 mars 2015 à 23:19 | pas de commentaire | ]

Bitmap Fonts for my Terminal

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

Since I started with Linux, back in 1997, my xterm have been using always the same font: a bitmap, fixed font which produces 6x13 pixels glyphs. I'm convinced that a bitmap font is the best possible choice for not-so-high resolution LCD monitors (I have a 17" 1280x1024 monitor which results in a 96 dpi resolution) where any vector font would inevitably produce aliased or fuzzy glyphs. My bitmap font is crisp and has no rainbow edges (who in his right mind could imagine that subpixel antialiasig is a good idea?).

With the xterm, I could simply specify the font as 6x13 and it would use it. That was simple, because it was meant for it.

Today I switched from pure X11 xterm to GTK-based evilvte and while evilvte is apparently a great tool, it didn't want to use my beloved 6x13 bitmap font. It would use 6x12 or 7x13, but not the one in the middle. The font is however available on the system through fontconfig, since I could find it with fc-match:
$ fc-match Fixed-10:style=semicondensed
6x13-ISO8859-1.pcf.gz: "Fixed" "SemiCondensed"
But evilvte, while showing "SemiCondensed" as an option in its font dialog, just seemed to ignore it. The fontconfig documentation mentions that one can trigger debug output by setting an environment variable FC_DEBUG=1. With it, I could see how Pango (GTK's font managemnt system) was interacting with fontconfig:
fc-match Fixed-10:semicondensed
Match Pattern has 19 elts (size 32)
	family: "Fixed"(s) …
	style: "semicondensed"(s)
	slant: 0(i)(s)
	weight: 100(i)(s)
	width: 100(i)(s)
…
Pattern has 18 elts (size 18)
	family: "Fixed"(w)
	style: "SemiCondensed"(w)
	slant: 0(i)(w)
	weight: 100(i)(w)
	width: 87(i)(w)
…
	file: "/usr/share/fonts/X11/misc/6x13-ISO8859-1.pcf.gz"(w)

That's the right font file.

While Pango:
python mygtk.py "Fixed SemiCondensed 10"
Match Pattern has 20 elts (size 32)
	family: "Fixed"(s)  …
	slant: 0(i)(s)
	weight: 80(i)(s)
	width: 87(i)(s)
…
Pattern has 18 elts (size 18)
	family: "Fixed"(w)
	style: "Regular"(w)
	slant: 0(i)(w)
	weight: 80(i)(w)
	width: 100(i)(w)
…
	file: "/usr/share/fonts/X11/misc/7x13-ISO8859-1.pcf.gz"(w)

And that's not the right font file…

Notice the important difference: fc-match asks for a weight of 100 (and style SemiCondensed) while Pango asks for weight 80 and width 87 (which is apparently equivalent to semi-condensed). Since my font had a weight of 100, it was never selected. However, when requesting a bold version (fc-match Fixed-10:semicondensed:bold or python mygtk.py "Fixed SemiCondensed Bold 10") the same font is found (6x13B-ISO8859-1.pcf.gz, which is the bold counterpart of my font). That took me several hours to find out.

Since the root of the problem seemd to be the weight, I needed to find out how to make Pango tell fontconfig to use a different weight, since there is apparently nothing between “Regular” (Pango 400, fontconfig 80) and “Bold” (Pango 700, fontconfig 200). And then, completely by accident, I found out there is actually a middle value: “Medium” (Pango 500, fontconfig 100), which is exactly what I neeed. But the outdated PyGTK documentation and the well-hidden man page (and very little help from Google and DuckDuckGo in finding a decent documentation for Pango, I must say) didn't make this any easy.

So finally, the magic font description I put in evilvte's config is “Fixed Medium SemiCondensed 10”. With it, Pango selects the font I want:
$ python mygtk.py "Fixed Medium SemiCondensed 10"
Match Pattern has 20 elts (size 32)
	family: "Fixed"(s) …
	slant: 0(i)(s)
	weight: 100(i)(s)
	width: 87(i)(s)
…
Pattern has 18 elts (size 18)
	family: "Fixed"(w)
	style: "SemiCondensed"(w)
	slant: 0(i)(w)
	weight: 100(i)(w)
	width: 87(i)(w)
…
file: "/usr/share/fonts/X11/misc/6x13-ISO8859-1.pcf.gz"(w)

Appendix

The mygtk.py script is a simple GTK tool I wrote for the purpose of using a specific Pango font description and producing the fontconfig debug output. This is the script:
import gtk
import pango
import gobject
import sys
 
window = gtk.Window(gtk.WINDOW_TOPLEVEL)
tv = gtk.Label("Hello World")
tv.modify_font(pango.FontDescription(sys.argv[1]))
window.add(tv)
tv.show()
window.show()
gobject.timeout_add(100, gtk.main_quit)
 
gtk.main()

[ Posté le 5 mars 2015 à 22:14 | pas de commentaire | ]

Customized Debian Package

Traduction: [ Google | Babelfish ]

Catégories : [ Informatique ]

Today I switched from using xterm (which I had been using for the past 15 years at least) to using evilvte. The reason is that evilvte allows to click on URLs and opens a new tab in Firefox, while xterm does not. Since Firefox removed the --remote option, wmnetselect did not anymore allow me to open a copied URL. Since wmnetselect has no been updated since forever and has even been removed from Debian, I thought it was time for a radical change (yes, I changed my terminal emulator because of the Web browser. I know).

Evilvte is one of those simplistic tools that you configure by editing the source code (the config.h, really), so I thought that after having done that, I may as well make my own custom Debian package. It wasn't too hard, but since I don't plan to do this regularly, here's the process.

Get the Debianized sources:
apt-get source evilvte
Enter the directory
cd evilvte-0.5.1

Edit the config file (or whatever you want to do for your own package), save it in the right place. In my case, the package contained a debian/config.h customized by the package's maintainer, so I needed to modify this one rather than the src/config.h one. During the building of the package, src/config.h is overwritten by debian/config.h.

Then edit debian/changelog and add a new entry. By doing that, you need to choose a new version number. I wanted to keep the original version number of the package (0.5.1-1) but make it known that it was slightly newer than 0.5.1-1: I decided to go for 0.5.1-1+custom (after discovering that my first choice, 0.5.1-1~custom, means that the package is slightly older than 0.5.1-1 and would therefore have been replaced during the next apt-get dist-upgrade) by 0.5.1-1 . The description of the change is simply “Custom configuration”. For the rest, follow the example of the existing entries in the changelog. Be careful, there are two spaces between the author and the date.

If you have changed the upstream source code instead of only Debia-specific files, the package building helpers will record a patch for your and let you write some comments in the patch file, based on the new entry in the changelog.

Then you just need to build the package:
dpkg-buildpackage
It will probably ask you for your GPG passphrase (when signing the package), and after that, you're done. The newly created package is in the parent directory, and ready to be installed.
cd ..
sudo dpkg -i evilvte_0.5.1-1+custom_amd64.deb

That's it!

[ Posté le 5 mars 2015 à 21:14 | 3 commentaires | ]

Mardi, 2 décembre 2014

Compute logarithms in your head

Traduction: [ Google | Babelfish ]

Catégories : [ Science ]

Let's consider base 10 logarithms and the basic equality
log(a×b) = log(a) + log(b)
Rounding to two places after the decimal separator, we also start with
log(2) = 0.30
and
log(10) = 1
Therefore, we have
log(4) = 2⋅log(2) = 0.60
and
log(8) = 3⋅log(2) = 0.90
Also,
log(10) = log(2) + log(5) = 1
therefore
log(5) = 0.70
Then a bit more approximation: 81 ≈ 80, therefore
2⋅log(9) ≈ log(10) + log(8)
This gives us
log(9) ≈ 0.95
and
log(3) = log(9)/2 = 0.48
as well as
log(6) = log(2) + log(3) = 0.78
In the same way, 50 ≈ 49, therefore
log(5) + log(10) ≈ 2⋅log(7)
in other words,
log(7) ≈ 0.85

With more approximations, one will find the logs of more prime numbers without the need for a calculator.

[ Posté le 2 décembre 2014 à 00:02 | pas de commentaire | ]

Vendredi, 18 juillet 2014

Circuit auto été 2014

Catégories : [ Jeux ]

circuit_auto_ete_2014

Voici le circuit millésime juillet 2014, tout en virages, il n'est pas facile à parcourir. Cette année, les voitures rouge et bleue sont devenues poussives vers la fin des vacances. Difficile de savoir si le problème vient d'un mauvais contact entre les rails et la voiture, des balais ou d'un frottement mécanique (au niveau de l'axe du moteur ?). Un patin de la rouge s'est percé à force de frotter contre les rails, je l'ai réparé en y mettant un peu d'étain à souder (et comme il s'agit d'un alliage à 60% de plomb, ça doit polluer un peu en prime…)

[ Posté le 18 juillet 2014 à 13:22 | pas de commentaire | ]

Samedi, 28 juin 2014

Interpreting Probabilities

Traduction: [ Google | Babelfish ]

Catégories : [ Science ]

On the radio the other day, I heard a mathematician warning about too hastily interpreting probability results. Here's the example he gave.

Imagine a population of 100,000 people, 100 of which having a rare disease (but not knowing about it) and therefore 99,900 of which not being sick. Imagine moreover there is a test that can detect this disease with a 99% accuracy: this means that the test will on average give a positive result on 100 × 0.99 = 99 of the 100 sick persons and a negative result on 100 × (1 - 0.99) = 1 of them. It will also give a negative result on 99,900 × 0.99 = 98901 non-sick persons and a (false) positive result on 99,900 × (1 - 0.99) = 999 non-sick persons.

This means that out of the 99 + 999 = 1098 persons (out of the whole population) who got a positive result, only 99 actually have the disease. This means that the test indicates, for a random person taken from the whole population, only a 99 / 1098 ≈ 9% probability of being sick. In other words, even if the test is positive, there is still a 91% chance of not being sick! This new result needs to be put into perspective with the probability of being sick before doing the test (0.1%) and after getting a positive test result (9%, i.e., 90 times higher chance of being sick). But it also means that because of the imbalance between sick and non-sick populations, the 1% failure of the test will yield a lot more false positive results among the non-sick population than correct positive results among the sick population.

[ Posté le 28 juin 2014 à 19:38 | pas de commentaire | ]

Dimanche, 4 mai 2014

New Leffakone Timer

Traduction: [ Google | Babelfish ]

Catégories : [ Bricolage/Arduino | TV/Leffakone ]

new_leffakone_timer

I finally built the timer for the new Leffakone. It is based on an Arduino Uno, which controls two reed relays and one LED. The reed relays can be activated with a very low current (10 mA), meaning that the Arduino can drive them directly from any I/O pin. The relays' contacts are connected in parallel to the power button and the reset button. The Arduino's serial-over-USB port is connected to one of the USB headers of the motherboard with a home-made cable, and the timer is set by software through this serial connection. All the wires coming from the computer case's front panel are connected to the circuit (to the 8-pin header protruding from the protoboard), and wires go from there to the motherboard's front-panel header (2 white wires for the power button, 2 grey wires for the reset button, and 2 blue+black wires for the power-on LED. The two boards are screwed on the bottom plate of the case of an old CD drive; for installation, I closed the case and put it into the computer as a regular CD drive.

While the timer is counting down, it blinks the computer case's HDD LED (which therefore is not anymore indicating the HDD activity).

When the timer expires, it closes the power button's relay for 500 ms. An optional watchdog timer would close the reset button's relay if the machine does not boot correctly i.e., if the timer is not reset within 30 s. This watchdog timer is currently disabled in the code, since the problems I have had with GRUB freezing on startup seem to be related to manually powering the device and switching the TV on shortly after. I'll enable it if it seems necessary. Here is the code for the Arduino.

The software client for the timer is written in Python and is very straightforward: send ASCII digits to the serial port, ending with a newline character. It interprets this number as a number of seconds, and starts counting down. When disconnecting the client from the serial port, the Arduino resets and forgets all about the timer value; I found out that setting the DTR line to False in the Python Serial object prevents this from happeining. I haven't however found out how to prevent a reset when connecting to the Arduino; this is less a problem, since when I connect to it, I want to reset the timer, and reseting the whole program does just that. It seems that it's the Linux driver that asserts the DTR line when opening the serial port; I haven't investigated further. It is worth noting that when the machine boots, it does not reset the Arduino.

Finally, the cristal in the Arduino is accurate to 99.5% which is not enough to guarantee that the timer will wake up the computer within a minute after a countdown of several days. I therefore apply a corrective factor to the time sent to the Arduino. The factor was estimated from a 15.5 hour countdown, which lasted about 90s more than it should have. Over a 7-days countdown, it would cause the timer to expire about 16 minutes too late.

[ Posté le 4 mai 2014 à 20:38 | pas de commentaire | ]