# Some random thoughts

I realized I’ve been pretty idle and did not post over the last month. September is gone, and that blog stayed empty. I did not really do anything technical last month (I mostly blame work and laziness), but I have a few random and unorganized thoughts I wanted to post.

• I have finally seen the move “Rush (2013)” and I only regret not seeing it earlier. I was not born at this epic age of formula one racing, I knew about Lauda (ofc) but nothing about Hunt.The movie is great, it really shows what I imagined the 70s to be about racing: different philosophies battling on the grid, the begin of professionalism, the death at each corner. I can only recommend the movie, even if you’re not a petrol head.
• Speaking about Petrol Heads, a friend of mine drove me last week in California in a Tesla X. This car is impressive. Performance wise, it would made cry my sportly german 6-inline, at least on straight line. Actually, the car itself is a mix between a tank and a sports car. It seems to be a californian hipster version of the muscle car, weighting tons but compensating by sheer goodwill horsepowers. Calling that an eco friendly car is definitely an overstatement. Outside of the pure performance part, the car itself is quite disruptive on the technoologies it uses: ~20 inches embedded touch screen controlling everything, 7 seaters, falcon wings, everything electrified. I can’t help but be scared about the future of this car. It’s definitely a cobblestone in the world of car making, with the equilibrium slowly shifting and newcomers finally challenging the establishment. However, my cell phone lasts in average 2 years, my computer up to 5. I’m pretty sure the supply line is not made in a way that this car will be maintainable in the long term. Which means that this car is likely going to be a myth, but a myth that will die in less than 10 years.and won’t ever make it to collection. You can still drive a 1923 Bugatti or a 300SL gullwing (at least if you have a few spare dollars), I fear modern cars won’t have that fate and will end up discarded (which is an interesting problem for an eco-friendly care)
• I’ve read slingshot, by a former colleague of mine. The book is awesome, don’t hesitate, buy it read it, share it if you like SF. Second book got published in August and is my (big) pile of stuff to read, but failry high priority.
• I’ve finished (and went above) my goodreads challenge and retrospectively, I’m not proud: I’ve read chick litt, bit lit but really only a few books of higher value. I’ll try to focus more on content and less on quantity next year.
• I’ve seen the latest x-men, it’s good to see such a talented young actress playing someone else than Sansa and moving to the big screen. The movie is quite good as well. I would not say the same about Batman v. Superman: I happily slept in front of it and found it awfully boring. I didn’t know about Deadpool, foun dit was a nice way of spending an evening (or a quarter of a transatlantic flight)
• I’ve flown again with SAS (Scandinavian Airlines) : that company has cheap business flights with good quality, but comfort in eco is awful. So Good for business, Ok for Eco+, avoid for Eco in the future.
• This blog is now served over https or http, still tuning the details, so edges might be rough. I’ve also put some monitoring in place with uptime.com and tuned the apache configuration, so things should be slightly more stable and have elss downtime than previously.
• Mandatory picture : my last business trip had a nicer weather than the grey sky of  september in Switzerland

# g-watch crashlooping

I have a LG G-watch (android smart watch, the square one). I’m not using it much and it mostly seats on my desk, uncharged.
For some reason, I decided to give it another try and it could never start: just after boot, it would say that settings crashed, proposing to wait or to close. Tried all several times and it was stuck in a crash-loop. Rebooting, letting it run out of battery again did not help.
The goal of this post is to keep some notes of the reparation.

Some notes:

• G-watch hardware is called dory and builds are named platina. This helps recognize if the build is for the correct platform or not.
• To go into boot-loader mode, you need to swipe in diagonal when LG logo pops-up (from top left to down right)
• From bootloader, you can do a factory reset. It did not help for me (suspecting issue with hardware or corrupted firmware)
• adb can be found in the recent android sdk, you need to install the usb driver on windows. it handles communication with the device over usb.
• Watch is recognized by computer (using adb devices -l) only when it’s in sideload mode. adb logcat never provided anything, which is not really surprising on a production device.
• Finding a firmware can be fun. I finally had some luck on this website and ended up getting that firmware. Not much chances of failing as firmware are signed : if it’s not for the correct device, it will likely fail with code 7 (had some of these). Likely legit as it comes from googleapis.com domain. I usually am weary of getting stuff from unknown source for firmwares as it can be quite easy to push a virus.
• The physical button on bottom of watch needs to be pressed for ~6s for the watch to shut down. It requires a lot of pressure to press it and hold it (but does a nice click to let you know)

After quite a bit of messing around, it finally reworks. Somehow, one OTA update must have failed.

# Bruce reads (it’s funnier in French)

I’m just back from vacation and beach is super boring, so I’ve had plenty of time for reading and I haven’t posted in a long time.

• Redeemed: last book of the “House of Night” serie, as usual, lots of stuff is happening when a serie is finishing. Compared to some other, that one is fairly easy to read but mostly enjoyable, with some surprise. Definitely recommended for teenagers and non-native speaker wanting to read some random bit-litt.
• Lenobia’s vow: this is a book explaining the story behind one of the teacher from the house of night series, by the same authors. The book brings absolutely no value if you already read the house of night series as everything is already known and just repeated.
• You’re never weird on the internet (almost): autobiography of Felicia Day, who is a web addict / video game player / video producer / internet business woman. I didn’t know the lady, I found the story really interesting, with lots of things echoing into my personal experience. I recommend this reading for any geek, this is really interesting for remembering some old good time and seeing the point of view of a woman on this old age. Not necessarily as glorious as we’d like it to be. To be clear, I didn’t know the author before reading the book and I know want to see what she produced.
• Des femmes dans la mafia: written in French, the role and situation of women in the various italian mafias. Interesting because it’s happening now (some stories are less than 5 years old), because it’s super close and it explains a lot about what the mafia really is. Not an easy read, but I loved it.
• Fire touched: last episode of the adventures from Mercy Thompson. Nothing really interesting, quite boring IMHO but good if you’re reading the serie.
• Written in Red: First book of “the Others”, it’s happening in the equivalent of the US, in an alternate universe where shapeshifters would own the land and lease it to the humans. Easy and thrilling read, more mature IMHO than average teenage bit-litt. Quite a few interesting analysis on how society works are intereleaved in the story,.
• Murder of Crows: second book of the others, still very good :-).

This brings me to 23 books read this year, which makes me complete my 2016 goodreads challenge. Not really ambitious this year, I think I’ll plan for ~30 next year. As it’s a good time to look back: I read mostly in english (2 books in French, out of which one is a gift), I read mostly bitt-lit / Heroic Fantasy / Science Fiction. I think my english level is now good enough for me to start tackling more complex books. I must say that I pretty much know everything about vampires and shapeshifters. These last vacations where the opportunity to dig into different topics and I really liked it.

# Box for GoPro batteries

I recently bought a GoPro and wanted to make a box to store the batteries. To be clear, my model is Hero 4 Silver and is using these (AHDBT-401) batteries. It’s easy to find the electrical properties (3.8V DC, 1160mAh, 4.4Wh), not so easy to find the physical size. Here is a quick overview of the key dimensions I noted:

Out of this unreadable post-it, the important to remember is

• the full battery measures 36 x 10.9 x 32.5 (in mm)
• the bottom part of the battery, where GoPro is written measures 30 x 10.9 x 30 (in mm)

The design will be symmetric, to allow to store the battery facing the lid or the opposite side, to distinguish between full and empty ones. I also decided that 4 spare batteries is a good number.

I usually draw my laser-cut design with inkscape but I decided to follow a different path this time. I recently discovered fusion 360, which is free (as in free beer, not free speech) to use for hobbyist. So, for the first time, I did a full 3D model, that can be found here. You can play with the model online and explode it to see the various components.

This is one of my first parametric 3d design, I learnt quite a lot. It’s then definitely time for a pro vs contra using Fusion360 vs inkscape.

Pro fusion 360 / against inkscape:

• design is fully parametric, changing thickness of material or size of the battery does not involve to restart the design from scratch. I typically had to move from using an m2.5 to a M3 screw (to match what I had in my inventory)
• you can use standard parts in your design (I used a M3x12 bolt and nut)
• You got full mechanical constraints, so you can play with your various pieces and check. I discovered an issue that way (there was not enough place for the nut) and avoided a prototyping iteration
• There is friendly support on forums and a lot of very well made explaining videos (tutorials) on a youtube channel.
• There is a CAM module, to do machining with a CNC (not tried yet)
• the web viewer has support nice features. You can explode the components, select specific components (using design button, top left). Time to check the model again 😉

Pro inkscape / against fusion 360

• inkscape is open-source, uses a standard format, stores locally. This allows to use version control and have lots of freedom (and is future safe)
• fusion 360 has a 1-year long license that you can renew, courtesy of autodesk and is storing its data in autodesk cloud. It might stop at any time, locking you out of your own designs or forcing you to pay an (expensive) license
• inkscape’s use of splines is more common for computer users (rather than bezier)
• Doing a full 3D model currently takes me ~3x more times than drawing in inkscape. I think on complex design, the reduction in the number of iterations evens this out.

Overall, I’m super glad I tried Fusion 360, it’s quite easy to use and has super nice results.

About the design itself, I wanted to have a design with a lid and it’s the first time I really have moving components. the trick I used was to deport the axis of rotation on the top-left to make the rotation work.

I used 2 bolts and nuts for the rotation (M3x12). Tightening them is enough to have a lid not opening.As usual, the box is also posted on thingiverse.

For bragging rights, some more pictures:

# pgp, keys, security, privacy

It’s been a long time since I wrote on this blog. I recently attended a talk with Phil Zimmerman recently and it was the opportunity to reuse pgp/gpg and I thought it was a good idea to talk about it.

# Why

I often had the questions why I would need to use strong encryption, especially since it used to be very illegal in my own country (there was a limit on 40 bits in France back when I started using cryptography). Usually, people tend to say that if you use cryptography, you must be hiding stuff and probably doing some very illegal and dangerous. I beg to differ on this topic: I keep my personal data in my home, which is usually locked. If a judge comes and ask to open the drawer, I’ll gladly do it if the due process is rightly followed. In the same way, I consider that my communication is private and while I’ll surrender my private key to the right officials and the right request, I prefer not having anyone being able to excess its authorization and illegally eavesdrop on me, which seem to have been a pretty common game for most governments. In a pettier way, some company sysadmin might be overusing their privilege and while you may trust them to watch you personal folder, it might be interesting to make sure they actually can’t do it.

# Theory

## Private/public keys

Quick reminder on theory:

• you want your communication to be secure (i.e. not easy to listen to silently)
• you want your communication to be authenticated (i.e. I need to be sure whom I’m talking to) and non compromised (i.e. if someone attempts at modifying the message, I want to know).

This can be enforced through cryptography the following way:

• signing with a private key will allow anyone having the corresponding public key to check the integrity of the message. Trusting that the set of key actually belong to the person you’re thinking about is a different problem.
• ciphering with a public key will allow only the target private key to read the message. Practically, message is ciphered with a random session key and that key is ciphered using the public key (for performance reason).

One fun side effect is that you need to encrypt the session key with the public key of each of the message recipient, including the ones in BCC, hence displaying them on the clear. You’ve been warned.

## Trust

While using asymmetric cryptography ensures that only a set of key is involved, knowing whether this set of key actually belong to an individual is a different problem. To solve this, the concept of “web of trust” exist. The principle is that at any time, you can check the real life identification of someone and cryptographically sign their key, hence providing the community that you checked that a given person is who they claim to be. Then, if you trust someone who trust someone else, you’re likely to actually trust that some one else to be who they pretend to be.

# Practically

## Generating a key

I’ll explain how to do most command using gpg command line, mostly as a reminder for me. There are several bazillions tools to help you automate and work around these process.
Modern standards seem to use a 4096 RSA key (this won’t prevent you from having your communication read when quantum computer will be there, so if you care…). Elliptic curves can be as safe for shorter keys but are not widely supported yet. The passphrase will be protecting your private key, it seems to be a very good idea to have something really strong here. I’m not talking about reusing a 8 letters web password kind of strong, but writing a full sentence that only you will remember kind of strong (like a pass-phrase, not a pass-word).

gpg --full-gen-key

This will generate a key, including a key id and a fingerpint:

bruce@morannon:~\$ gpg --fingerprint C3F53DD4
pub 4096R/C3F53DD4 2016-06-10
Key fingerprint = 77EE B582 C4AA 7724 AD2D 53AC AC42 DF1E C3F5 3DD4
uid Florent Revelut (Bruce) <florent@revelut.ch>
sub 4096R/92F7C250 2016-06-10

The id (C3F53DD4 in my case) will be used to identify your key. The fingerprint will be used when cross checking identities (i.e. if you check and identity, you need to be sure that you check the fingerprint)

## Signing someone else key

Say I want to sign my old key FBE03BF7 with my new and shiny one C3F53DD4.

Make sure you have the key, if not get it from a keyserver (pgp.mit.edu is a common alternative)

gpg --keyserver pgp.mit.edu --recv-keys FBE03BF7

Sign the key (level 3 is the highest level of trust, meaning you checked really closely an official id)

gpg --sign-key --default-cert-level 3 --no-ask-cert-level -u C3F53DD4 -a FBE03BF7

Export the key to a file

gpg -a --export FBE03BF7 > FBE03BF7.txt

and prepare a to send it to your stakeholder (this will generate a FBE03BF7.txt.asc that you can safely cut and paste in an e-mail)

gpg -u C3F53DD4 --armor --recipient FBE03BF7 -e -s FBE03BF7.txt

delete the key form your local keyring, you’ll get it from a keyserver later when you need it

gpg --delete-key FBE03BF7
rm FBE03BF7.txt

## Importing a signature

You’ll probably receive ane-mail with a file attachment named something.asc. You’ll have to decrypt it:

gpg -d *.asc > clear.txt

Then probably extract the file attachment, this will generate new files

munpack clear.txt

Then import the signature (check whatever file was generated in previous step). It will merge the new signature with the existing ones.,

gpg --import florent@revelut.ch.asc

Then publish it:

gpg --keyserver pgp.mit.edu --send-keys C3F53DD4

And done : your public keyis now available, including the trusted signature from your stakeholders.

# Traps/tips

If you encrypt an e-mail/a file you’re sending to someone else, you’d better encrypt it for you as well or you won’t be able to read it later (remember, you don’t have the private key of your recipient). If you have the file “in clear” on your file system, you will definitely want to delete it in a safer way than rm. Depending on your OS, file system and caching policies, this might get tricky to make sure your content is actually properly wiped out (or close to impossible).

Enigmail is a very easy and user friendly way to cipher your e-mails. If you’re using a web-app to access your e-mail, you might  want to switch to using a real mail client and imap to access your emails as webapp usually don’t support cryptography. It might eventually be coming for gmail though (blog post from google).

Cryptography and BCC don’t work well together: the IDs of all recipients are in the clear… In the same way, ciphering and mailing list don’t work unless you have a way to expand the mailing list on client side and know all recipients (think about exchange server). There is no issue with signing cryptographically when sending to a mailing list and it’s considered a good practice.

You can (and should) use your private key when tagging a git repository. As you put your reputation on line, you might want to review branch merge with extra care.

Most people won’t check the signature of the public key, which is really bad. Anyone can publish a public key on a key server, if it’s not signed, it does not bring anything.

Some extra paranoid people don’t want ot have their public key hosted on a key server. There are some use cases where it makes sense, use your best judgement on convenience vs security.

# What could go wrong ?

In the list of daily WTF, I stumbled upon this video:

Someone backflipping over a speeding formula. That’s impressive. Kinda dumb & useless as well.

# Music and mood

I always listen to music, but most of the time I don’t really care or pay attention. I tend to use quite random playlist and mostly let them run. Or at least, this what I thought until I recently checked.

What I discovered surprised me. Most people say their mood will be influenced by the music they listen to. This is explained in detail (and in French) by someone smarter and way more knowledgeable in music (which is easy considering my quasi-null level)

In my case, I tend to influence my playlist based on my mood. The fun thing is that I do that unconsciously and that it seems to correlate sometime surprisingly.

Let’s dig:

Renaud can be good (Molly Malone) or bad (p’tite conne in a loop is a fairly good indicator of depression).  Brel, Moustaki, Ferrat is mostly always bad: not for the singer himself but rather for the memories of a lost one they evoke. Funnily enough, Jean Yanne, which is from the same environment, is not triggered by the same feeling.

On the contrary, classical music, opera and even requiem are an indicator of good mood. I especially like listening to symphonies, Fauré or Mozart requiems as it helps me getting isolated from the rest of thew world.

My main problem now: each time I choose an album, I wonder if I’m making a conscious or unconscious choice. I have several hundreds disks in digital format but no real way or making statistics (as I use several players). Currently, this is more a feeling than hard-data backed evidence, which disturbs me. I know not to trust a feeling as it’s usually the best way to be wrong.

For the coming weeks, I’ll try to sweep the darker area of my collections, to dig into stuff I know less and see if I have the opposite effects. Anyway, I found  funny to realize after so many years and to discover such a correlation.

# What I currently play, march edition

Roughly 5 years after everyone, I’ve started playing the Witcher 2. I don’t have much available time so I play in easy mode. The fighting system is good, despite requiring to memorize 6 pictograms for some sorts (I actually did not memorize them but bound them to some mouse buttons). The quest part is simple but interesting, with lots of content and a nice story.It probably would not win the game of the year but it’s good to waste some time that I don’t have. It’s super cheap on steam, so definitely worth the few bucks it costs if you didn’t try it yet.

I’ve played Jamestown which is a good old fashioned shoot them up. Not much to say, it’s hard, entertaining, good to empty your brain. Several ships with different weapons, an hair-fetched scenario. I had it for a while, rather a good surprise and one of a few games that can be played with the kids watching, thanks to the very cartoon-like/unrealistic feeling (easy to spot the bad : they’re ugly)

GRAVARK: Survival Evolved, Rust: these were games I really wanted to play. Open-world, mmo, sandboxing. I was really hoping for a feeling of collaboration, man against the environment, creativity. What I got was half finished games, full of bugs, almost impossible to play, with lots of gankers, fuzzy objectives, broken scenario. Clearly a huge deception and I don’t recommend investing time in these, which was a surprise for me.

Last, millie is a very nice snake-like game. I didn’t play much but it’s one of the few games which is really nice and playable by one of my 5 years old twin.

# Box with non vertical sides

While creating a perch for our parrot, I stumbled upon something non trivial : if you want to assemble a box with non vertical sides, what cut angle are you supposed to use to have a nice assembly ? It’s obvious that it should be a trapeze, but what would be the α angle ?

Easy peasy, let’s dig into the maths!

On the schematics, once assembly is done, we have B=B’ and A,B, B’, A’ in same plane.

Supposing that we have an angle β with vertical (meaning a standard box has β=0), this means

$$tan(\alpha)=\frac{AB}{OA}=\frac{OA’.sin(\beta}{OA}$$

as OA = OA’, we have trivially $$\alpha=atan(sin(\beta))$$

If you need to be convinced, the animation above is done with β=30°. It’s been realized with pov and the code can be found on my POV repository on bitbucket.

And by the way, why did I need that ? Just to make it real :

Pour changer, voilà un article en français. J’ai longuement hésité à le faire, puis je me suis lancé. Avec 10 ans de retard, je découvre youtube. J’ai un peu honte, je travaille dans la technologie, j’ai travaillé dans l’industrie des médias et c’est seulement maintenant que je m’intérèsse à ce nouveau média.

Pour moi, youtube, c’était des mauvaises vidéos de chat, c’était des gens qui tombent filmés en SD, surencodés et pixellisés, c’était également du contenu copyrighté dont la légalité avait souvent la même odeur que la qualité. Et petit à petit, je me suis mis à regarder de plus en plus de vidéos et à changer d’avis.

Tout d’abord, youtube est certes un repaire de pré-ado, surtout en lecture. De nombreux contenus font peur, par leur naïveté ou pour la violence de leurs propos. En tant que parent, je me dis que jamais je ne laisserai un téléphone portable ou une caméra à mes enfants. Et bien sûr, je n’aurai pas le choix.

Alors oui, il y a des vidéos de gens ivres morts qui font la fête, d’accidents horribles non censurés, de gamines de 13 ans qui font des tuto maquillage hyper sexués sans se rendre compte de l’image qu’elles projettent. Ou sans se rendre compte de qui peut être derrière l’écran. Oui, il y a des viédos de chat qui font des millions de vue. Oui, Gangnam Style a fait tellement de vues qu’il a fallu coder le nombre de vues sur 64 bits. Ca fait quand même plus de deux milliards de vue sur une vidéo qui a de la publicité, probablement de quoi se payer quelques menus objets.

À côté de ces gros tubes, il y a plein d’autres choses et c’est à elles que je veux rendre hommage. Personnellement, les comiques qui passent à la TV ne me font que rarement rire, mais je me marre quand je regarde le rire jaune.

Et puis, il y a de vrais créateurs, qui passent des messages forts ou une vision alternative, de la réalité. Souvent des messages forts, artistiques, contestataires.

Ce qui m’a décidé à faire ce billet, ce sont quelques vidéos que je vais mettre ici, brutes de décoffrage

Les jeunes et la drogue, de Nad Rich’ Hard

Facebook, tu ne nous auras pas, sauf que pour certains métiers, c’est nécessaire. Ou comment la loi est impuissante devant les impératifs business (en anglais sous-titré – le texte anglais est plus policé):

Vous pensez que les motards sont tous de jeunes cintrés de vitesse. Changez d’avis avec mehdiator

Ce que sont les crises d’angoisse, avec Meghan Rienks (en anglais)

JB Bullet chante son indignation au lendemain des attentats de Charlie Hebdo (un an déjà…)