Category Archives: News

I’m angry (again)

It’s been quite a bit of time since I’ve posted here, so quick update on what’s happening.

It’s mothers’ day soon (it happens that this day is not the same depending on the country, so i’m hoping to be spammed twice as much) and I got spammed to “think about my mother and get her the latest kitchen appliance”. First, I think it’s awfully sexist to consider that my mom would be happy to have a new mixer or vacuum cleaner. I’m pretty sure she’d prefer a good science fiction book. Second, my mother died 3 years ago and that’s a painful topic for me. I do think about my mother and I don’t need to be reminded by random strangers for marketing purpose. It’s slightly too late for this year, but I plan public shaming on the topic next year.

I’m French, I could vote for the presidential election. First round was April 23rd, second round was May 7th. I received the place I could vote by mail (woohoo for snail mail) on May 4th (star wars day). The paper was originated from Paris on April 24th, so after the first round but it’s supposedly from the consulate of Geneva. More fun, I couldn’t change the location for my wife, so my wife and I were allocated to different locations (300 km apart). Of course, if I wanted to vote, I’d have to commute for more than 90 minutes and queue for more than one hour outside. I’m not sure if it’s on purpose or not, but I call that a scandal and not democracy. Of course, I could still vote at the same time because I never managed to get unregistered from metropolitan France when I moved abroad 12 years ago and I’m still receiving this at my parents, which is another scandal by itself (even better, the consulate told me once it’s work as intended  because I can’t vote for municipal elections s they don’t exist here, so I must be registered in France to be able to vote…) Of course, if I vote twice as the government offers me too, I’d be committing major fraud and be legally responsible, confirmed by the consulate as well. That block might end up translated and shared with the government to foster visibility if I get to find time.

I’ve restarted playing World of Warcraft, after a 6 years break. Stuff has really changed, often for the best. The game is much more casual now, it’s super easy to level up, earn money, much less grinding is required. The universe seem pretty empty: despite having a new extension, it’s clear the game is coming to end of life and struggling to keep players. Most of the game and UI by itself evolved quite a lot, much of what was before provided through addons is now embedded into the core game. While it’s feasible to play casually (we play 2 accounts with my wife), it’s still super easy to sink hours in it. Especially if you have a slightly addictive behavior and have to discover 4 extensions at once. The environment is even bigger than before, nicer. I however really don’t like the concept of pet battles, I don’t really get this in-game pokemon. Some new professions are really looking like useless grinding (thinking about archaeology) while some other mechanisms have been revamped for the best: I love the concept of garrison and wish I could customize it a bit more.

I’ve recently doused myself with some gifts: I upgraded my computer for new graphic card (from GTX 560Ti to GTX 1060), new screen (Ultra wide curved 34 inches screen for a whopping 3440×1440 resolution). I wished I’d done it earlier, the price step is steep but the comfort is just 10 times better. Got some new tools as well, so I’m pretty much setup now (sewing machine, belt sander, jigsaw and best of all, chisels from my great-grandfather). Time for some new hacks soon.

My website is currently hosted on google cloud for free (perks of working for them, I had a coupon). This coupon however is expiring, I need to either pay or switch providers. I was looking for a simple solution that would allow me to serve this simple blog with what I thought was some very easy requirements:

  • As managed as possible, I’m too old to do basic sysadmin myself (and I’m kinda already doing that very day at a slightly larger scale). Especially doing kernel updates and maintaining apache configuration is not what I want to spend my week-ends doing.
  • Https support: cause I’m paranoid (It’s not because you’re paranoid that there is not someone out there trying to kill you)
  • Vanity domain support: I have my domain, I don’t want to be on florent123.wordpress.net or foobar.blogger.net
  • Easy to update and maintain: auto-update, from web UI customization / updates (wordpress, despite not being super secure
  • Cheap and mostly powerful enough to handle a few hundred queries per day.

To my utter surprise, it’s not so easy to find and align all requirements. I’m almost thinking about serving from home…

 

End of march check – goals 2017

 

I had some goals / hopes for 2017, It’s currently end of 1st quarter and a good time to look back on how I’m faring.

  • Posting technical stuff on blog : mostly on track. Nothing in March (I’ve been travelling) but lots in January and February
  • Posting non-technical stuff: a few posts, not that many. Half-success
  • Doing technical stuff: some cool projects (lamp) done, with logbook. Some other have been made but badly documented (toy sword) and not published. Overall, I got the feeling I didn’t really change my methodology  or focused on smaller project, so not really a success so far.
  • Reading books: I’v read way more than I was expecting (Goodreads challenge). 12 books and clearly a stretch on some of them (trainingg cats, 2 autobiographies). I still need to interleave some more serious reading in the middle of this HF/SF I’m constantly reading. some progress, could do better.
  • Wellbeing: complete failure. I didn’t lose weight, I took weight (each trip to the US is a nightmare, I might blame the 24oz steaks – yes, that’s 750g). Didn’t train and spent my whole winter commuting by mass transportation, only minor activities (mostly skiing with the kids)

Overall, I got the feeling I could do better.

There are some stuff I did I’m happy about however:

  • I’m upgrading my video setup at home, learning and training to be sure I can make decent videos, especially for tutorials. I discovered I actually love sharing stuff I know how to do and I’m emphasizing this topic.
  • I id some real woodworking, despite my limited amount of HW/space. I’m actually quite proud I helped the kids with repairing, making toys.
  • I’ve restarted playing WoW, after a 6 years break. The feeling is weird, like rediscovering a place you lived when you were young. The game I changed very much, I’m playing casually in this reroll (and with people I know IRL). Anyway, this is really great.

joinindaily

I’ve been following the #joinindaily tag on G+ for a while and I’ve decided to try to participate.

The concept is simple: each day, a single theme is announced, you have the day to post (or not) a picture related to the theme. It’s not a competition, mostly a just for fun event.

I’ve done it for a few days and I have found 3 different usages:

  • theme interpretation: trying to bend the word into something different. One of the best example was the theme “star”, which had a bunch of night skies but also a lot of creative approaches (starfish e.g.)
  • tell a story: that’s currently what I’m doing, finding a picture and telling a story around it, being personal story around the picture taking (this picture reminds me of blah…) or story around what is in the picture  (this is a picture of a battlefield where this event happened…)
  • technical prowess: basically, anything from editing, post-processing, technicalities behind the picture.

To help me, I’ve uploaded my picture to google photos which allows me to search with the power of AI and find random themes. As AI is only partially smart, sometime, you’ll have to bend the wording to find the pictures, but I think that’s part of the fun. This allows me to tap into ~14 years of pictures and several GiB, which gives me lots of chances to find something.

As a personal constraint, I want to keep posting pictures without private information (faces you could recognize for example) in it, which makes it more challenging for some theme. For people interested in this but not in my rantings, you can follow this collection on Google+.

I don’t know for how long I’ll be doing that and how assiduous I’ll be, but for now, this is a great fun and this gives me ideas on new pictures and allows me to think creatively.

In the meantime, I’ve decided to upgrade my photo gear and I’m now the proud owner of an awesome new zoom lens that I plan to use soon. I’ve also started to shoot raw + jpeg, which enables me to post-process (so far, I really suck at it though, but I’m trying to learn). Thanks for everyone (Inês, Allen, Miso 🙂 ) who proved me it was useful and gave me advices, I’m now using lightroom and I’m happy with the situation. Quite a lot of work currently and I mostly use the JPEG from the camera but I’ve seen the kind of improvement I can get from the raw version and this convinced me. One of the most obvious being light balance correction: the 2 pictures below have been made with the same lens (my new shiny), smae day but one with indirect flash and the other one with electric light. Shooting raw allows to have the same tone (and actually pick the one most relevant) for the picture. (pictures here are jpeg from camera).

When (If?) I manage to progress on the topic, I’ll try to share my tips and tricks on this topics as this is very much non trivial to start but the potential gain is huge (especially thinking about landscape pictures which can’t be really awesome without some post-processing)

Our cat – Canon EOS 80D – f/4.5 – 1/15 – 108mm – ISO200 – indirect flash (ceiling)
Our cat (Canon EOS 80D – f/5 – 1/15 – 155mm – ISO200 – electric lights)

from 2016 to 2017

So 2016 has come and gone, it’s time for some post-mortem / retrospective and dive into the wonderful world of 2017. I must say that this post is the perfect example of what I should avoid as I started it roughly mid december and I realize that January is mostly gone and this is still not published (and becoming less and less relevant).

World

The world is more and more scarily broken. I feel sad just thinking about it, not that there is much I can do. Extreme right wing, religion, terrorism, war, genocides, I think most of the tick box can be checked, sadly.

It pains me to see how the future is shaping more and more like the grimiest forecast of the 60s science fiction and less and less like a happy fantasy. Even when the future is coming (google self-driving car, I’m looking at you), it gets boring.

On the other hand, it could have been worse. Austria chose greens instead of extreme right wing, we had no major nuclear incident, Switzerland is still a wealthy and mostly safe place to live.

That said, 2016 was an awful year for arts: Carrie Fisher, Leonard Cohen, David Bowie…

In summary, bad year, better forgive about it and hope for better.

Me and myself

I had a few resolutions last year and it’s time for a retrospective

Post on blog

I wanted to post at least once a month: I posted ~18 blog posts (of different quality, true) over last year, with an emphasis on begin of year and big gaping holes in some months (november, september). Currently, blog is read mostly by people I know / friends and has very low traction. Most of the external traffic is in French for HR related stuff I posted ~10 years ago.

Not too bad on this topic (70%?), but some clear axis of improvement:

  • More engagement, post twice per month seem to be a good cadence, ideally at fixed time/day
  • Finish stuff that I started : I have ~5 blog posts in various state of draft that could have easily filled the gaps I had provided I gave them a bit more log

For 2017:

  • Post at least once a month something technical, this can be a tutorial, a thing I realized, either soft or hard. lower bar would be typically building lego. In case of big projects, any significant milestone should be an independent post and count. Should be in english.
  • Stretch, post once a month on non-technical stuff, in french or english depending on the topic.

Do technical stuff

I wanted to do a technical hack per month. Scope and exact definition of technical were purposely left fuzzy.

I clearly did a lot of technical stuff and posted quite a bit of them, so a clear improvement on the topic. Especially, I got the feeling:

  • I clearly improved and learnt stuff in mechanical design / tinkering: learnt to use fusion 360, to do parametrical design, first 3D printer usage, lots of complex lasercutter designs that I mostly posted
  • Had some lego, not really technical but fun-ish and good with kids
  • Did some human-size furniture for the birds
  • Broke and repaired my drone

I also failed on various other stuff:

  • almost no electronic work. The stuff I tried stayed on breadboard and never really worked
  • got pwned on a server
  • couldn’t not really keep up with advent of code
  • broke an RC car

Overall, I’m super happy on the topic, I have identified a few axis of improvements:

  • When doing stuff, start a log (picture, video) early as backtracking the history is painful. Start early by defining goals follow up with pictures for any interesting step (better to have too many than too few). Start writing early and publish even if it’s a failure.
  • definition of technical is super fuzzy and covered stuff which is only technical as a stretch
  • no formal logbook

For 2017:

  • Do the technical things to feed the blog 🙂
  • Some stuff I would like to do will have to be postponed due to constraints, so focus on things which are achievable (I want a forge, but living in a flat, that does not sound realistic)

Read books

I read 32 out of the 20 books I had pledged to read, so clear achievement (details in goodreads challenge). However quality is still quite dubious.

Most of the books I read are teenagers’ books, of very low interest from a literacy stand point. There are however a few outliers that stand out:

The things to improve is obvious here: read more of the outliers and less of the other (as in aim for quality, not quantity)

For 2017:

  • Well, let’s restart goodread challenge for 20 books, but aiming at at least 5 books which are neither heroic-fantasy nor science-fiction.

Wellbeing

Being 36, I’m putting weight. Reasonably, but even so, it’s quite noticeable. I wanted to restart sport and get more healthy habits. This topic has been a complete failure:

  • I exactly commuted 0 time by bike and ~4 times using rollerblades
  • I started twice YAYOG and never went past the first week
  • I’ve been exactly once at the fitness room at work (while it’s free)
  • I’ve steadily gain weight, despite not tracking properly
  • I’m still eating candies (too many, in the evening), drinking too much beer and whisky and having too many snacks
  • I’ve tried counting calories and failed, I’m obviously getting way too many

I managed to partially:

  • cut on caffeine: I’ve managed to go to 2 coffee a day, no coke or other source of caffeine
  • get sleep habit under control: managed to sleep more and better, at least over some period of time

So, complete fail on that one, need to tune it a lot for next year

For 2017:

  • Train twice per week, even some light training (going to work rollerblading or skiing rover WE)
  • Improve overall fitness and reduce weight (aiming at back to 68kg?, which would be minus 5 stabilized)

Family

For 2017, kids are getting bigger and we can have more and more shared activity:

  • Focus on better splitting couple / kids / family / personal time and keep enough for each bucket.
  • [family] go skying, ice-skating, hiking, biking…
  • [family] schedule summer vacation for family, ideally some eastern / fall break as well
  • [couple] Get 2 week-end for us, without the kids or work
  • [kids] Build lego with the kids, involve in projects

Conclusion

Overall, having these “personal” targets helped me focus and prioritize over the last year. I’m trying to go one step further this year and actually make them public, hoping it will help me focus on them. Let’s see how it goes, I aim at reviewing this on a quarterly basis

LePin, Lego and Porsche

I’ve been a fan of Lego for ages and my only limiting factors are the place it takes and the cost.

Being a car fan, I was pretty excited by the release of the ego 911 GT3RS (Lego 42056). However, this model was not stocked much and is overly expensive, probably to account for the Porsche copyright. This model is one of the biggest Lego Technics set to date (3rd I think) and is also one of the most complex in terms of mechanics, with a 4 speed sequential gearbox and a realistic look and feel.

Deciding that 300+ swiss francs was too much for a toy, I skipped this model…. until a colleague pointed me to LePin.

Until now, I’ve only and ever bough real Legos. My kids got some BanBao bricks which were definitely of lesser quality compared to the danish originals. Some colleagues told me that LePin quality is much higher, on par with original Lego. I used the 11/11 (the Chinese equivalent of black friday or cyber monday) to order a set to try and picked the Porsche model for ~80 dollars (USD, roughly 1/4th of the Swiss price for original lego)

After building it, here are my first thoughts:

  • The set is a 1:1 copy of the Lego set, the instruction is a leaner version (without all the shininess and pictures from real porsche) of the Lego one, based on an older version (with bugs). This is a clear clone and I don’t know how this can be legal and not infringe copyrights… Just to be clear, it’s free for sale online, you don’t have to go into the deeper parts of the undernet to find it and it ships with dhl/goes through custom without problems.
  • The quality of the pieces is really good, almost impossible to differentiate from real Legos. The model I picked is a known stretch for Legos (way too many gears and way too much friction) and ends up a good test: if this one is working, almost any Lego set must be working.
  • Assuming I didn’t mess up with the montage, I had way more spare parts (connectors especially) than on a standard Lego set. I however ended up with a spare bar of length 4 and a missing one of length 5. I can’t really say who is responsible for that.
  • Chiral components are clearly identified on real Legos with an embedded number, LePin are not
  • Some pages of the manual are not printed to scale, so you can’t use the 1:1 size picture to measure (not a problem if you’re experience, might be an issue for beginners)
  • The set itself is astonishing: huge, realistic, bright orange, it really looks like a masterpiece and has overly complex mechanics carefully hidden 🙂
  • some tolerances might be slightly worse than lego: the clear disks used for lights tend to fall, some connections are overly loose while other required some force to actually snap (including some connectors)

My final conclusion is that I would not buy LePin on a standard set, the price difference is not enough to account for the lack of innovation. I’m fine if a group creates alternative original models and cheaper bricks on the ones where the patent expired (I guess it’s not the case for studless). In case of Lepin, the quality is really good (almost the same as Lego, at least in terms of tolerance, I don’t know about time resilience) but he legal aspect seem quite shady.

Some random thoughts

I realized I’ve been pretty idle and did not post over the last month. September is gone, and that blog stayed empty. I did not really do anything technical last month (I mostly blame work and laziness), but I have a few random and unorganized thoughts I wanted to post.

  • I have finally seen the move “Rush (2013)” and I only regret not seeing it earlier. I was not born at this epic age of formula one racing, I knew about Lauda (ofc) but nothing about Hunt.The movie is great, it really shows what I imagined the 70s to be about racing: different philosophies battling on the grid, the begin of professionalism, the death at each corner. I can only recommend the movie, even if you’re not a petrol head.
  • Speaking about Petrol Heads, a friend of mine drove me last week in California in a Tesla X. This car is impressive. Performance wise, it would made cry my sportly german 6-inline, at least on straight line. Actually, the car itself is a mix between a tank and a sports car. It seems to be a californian hipster version of the muscle car, weighting tons but compensating by sheer goodwill horsepowers. Calling that an eco friendly car is definitely an overstatement. Outside of the pure performance part, the car itself is quite disruptive on the technoologies it uses: ~20 inches embedded touch screen controlling everything, 7 seaters, falcon wings, everything electrified. I can’t help but be scared about the future of this car. It’s definitely a cobblestone in the world of car making, with the equilibrium slowly shifting and newcomers finally challenging the establishment. However, my cell phone lasts in average 2 years, my computer up to 5. I’m pretty sure the supply line is not made in a way that this car will be maintainable in the long term. Which means that this car is likely going to be a myth, but a myth that will die in less than 10 years.and won’t ever make it to collection. You can still drive a 1923 Bugatti or a 300SL gullwing (at least if you have a few spare dollars), I fear modern cars won’t have that fate and will end up discarded (which is an interesting problem for an eco-friendly care)
  • I’ve read slingshot, by a former colleague of mine. The book is awesome, don’t hesitate, buy it read it, share it if you like SF. Second book got published in August and is my (big) pile of stuff to read, but failry high priority.
  • I’ve finished (and went above) my goodreads challenge and retrospectively, I’m not proud: I’ve read chick litt, bit lit but really only a few books of higher value. I’ll try to focus more on content and less on quantity next year.
  • I’ve seen the latest x-men, it’s good to see such a talented young actress playing someone else than Sansa and moving to the big screen. The movie is quite good as well. I would not say the same about Batman v. Superman: I happily slept in front of it and found it awfully boring. I didn’t know about Deadpool, foun dit was a nice way of spending an evening (or a quarter of a transatlantic flight)
  • I’ve flown again with SAS (Scandinavian Airlines) : that company has cheap business flights with good quality, but comfort in eco is awful. So Good for business, Ok for Eco+, avoid for Eco in the future.
  • This blog is now served over https or http, still tuning the details, so edges might be rough. I’ve also put some monitoring in place with uptime.com and tuned the apache configuration, so things should be slightly more stable and have elss downtime than previously.
  • Mandatory picture : my last business trip had a nicer weather than the grey sky of  september in Switzerland
From the SF office
From the SF office

Bruce reads (it’s funnier in French)

I’m just back from vacation and beach is super boring, so I’ve had plenty of time for reading and I haven’t posted in a long time.

  • Redeemed: last book of the “House of Night” serie, as usual, lots of stuff is happening when a serie is finishing. Compared to some other, that one is fairly easy to read but mostly enjoyable, with some surprise. Definitely recommended for teenagers and non-native speaker wanting to read some random bit-litt.
  • Lenobia’s vow: this is a book explaining the story behind one of the teacher from the house of night series, by the same authors. The book brings absolutely no value if you already read the house of night series as everything is already known and just repeated.
  • You’re never weird on the internet (almost): autobiography of Felicia Day, who is a web addict / video game player / video producer / internet business woman. I didn’t know the lady, I found the story really interesting, with lots of things echoing into my personal experience. I recommend this reading for any geek, this is really interesting for remembering some old good time and seeing the point of view of a woman on this old age. Not necessarily as glorious as we’d like it to be. To be clear, I didn’t know the author before reading the book and I know want to see what she produced.
  • Des femmes dans la mafia: written in French, the role and situation of women in the various italian mafias. Interesting because it’s happening now (some stories are less than 5 years old), because it’s super close and it explains a lot about what the mafia really is. Not an easy read, but I loved it.
  • Fire touched: last episode of the adventures from Mercy Thompson. Nothing really interesting, quite boring IMHO but good if you’re reading the serie.
  • Written in Red: First book of “the Others”, it’s happening in the equivalent of the US, in an alternate universe where shapeshifters would own the land and lease it to the humans. Easy and thrilling read, more mature IMHO than average teenage bit-litt. Quite a few interesting analysis on how society works are intereleaved in the story,.
  • Murder of Crows: second book of the others, still very good :-).

This brings me to 23 books read this year, which makes me complete my 2016 goodreads challenge. Not really ambitious this year, I think I’ll plan for ~30 next year. As it’s a good time to look back: I read mostly in english (2 books in French, out of which one is a gift), I read mostly bitt-lit / Heroic Fantasy / Science Fiction. I think my english level is now good enough for me to start tackling more complex books. I must say that I pretty much know everything about vampires and shapeshifters. These last vacations where the opportunity to dig into different topics and I really liked it.

pgp, keys, security, privacy

It’s been a long time since I wrote on this blog. I recently attended a talk with Phil Zimmerman recently and it was the opportunity to reuse pgp/gpg and I thought it was a good idea to talk about it.

Why

I often had the questions why I would need to use strong encryption, especially since it used to be very illegal in my own country (there was a limit on 40 bits in France back when I started using cryptography). Usually, people tend to say that if you use cryptography, you must be hiding stuff and probably doing some very illegal and dangerous. I beg to differ on this topic: I keep my personal data in my home, which is usually locked. If a judge comes and ask to open the drawer, I’ll gladly do it if the due process is rightly followed. In the same way, I consider that my communication is private and while I’ll surrender my private key to the right officials and the right request, I prefer not having anyone being able to excess its authorization and illegally eavesdrop on me, which seem to have been a pretty common game for most governments. In a pettier way, some company sysadmin might be overusing their privilege and while you may trust them to watch you personal folder, it might be interesting to make sure they actually can’t do it.

Theory

Private/public keys

Quick reminder on theory:

  • you want your communication to be secure (i.e. not easy to listen to silently)
  • you want your communication to be authenticated (i.e. I need to be sure whom I’m talking to) and non compromised (i.e. if someone attempts at modifying the message, I want to know).

This can be enforced through cryptography the following way:

  • signing with a private key will allow anyone having the corresponding public key to check the integrity of the message. Trusting that the set of key actually belong to the person you’re thinking about is a different problem.
  • ciphering with a public key will allow only the target private key to read the message. Practically, message is ciphered with a random session key and that key is ciphered using the public key (for performance reason).

One fun side effect is that you need to encrypt the session key with the public key of each of the message recipient, including the ones in BCC, hence displaying them on the clear. You’ve been warned.

Trust

While using asymmetric cryptography ensures that only a set of key is involved, knowing whether this set of key actually belong to an individual is a different problem. To solve this, the concept of “web of trust” exist. The principle is that at any time, you can check the real life identification of someone and cryptographically sign their key, hence providing the community that you checked that a given person is who they claim to be. Then, if you trust someone who trust someone else, you’re likely to actually trust that some one else to be who they pretend to be.

Practically

Generating a key

I’ll explain how to do most command using gpg command line, mostly as a reminder for me. There are several bazillions tools to help you automate and work around these process.
Modern standards seem to use a 4096 RSA key (this won’t prevent you from having your communication read when quantum computer will be there, so if you care…). Elliptic curves can be as safe for shorter keys but are not widely supported yet. The passphrase will be protecting your private key, it seems to be a very good idea to have something really strong here. I’m not talking about reusing a 8 letters web password kind of strong, but writing a full sentence that only you will remember kind of strong (like a pass-phrase, not a pass-word).

gpg --full-gen-key

This will generate a key, including a key id and a fingerpint:

bruce@morannon:~$ gpg --fingerprint C3F53DD4
pub 4096R/C3F53DD4 2016-06-10
 Key fingerprint = 77EE B582 C4AA 7724 AD2D 53AC AC42 DF1E C3F5 3DD4
uid Florent Revelut (Bruce) <florent@revelut.ch>
sub 4096R/92F7C250 2016-06-10

The id (C3F53DD4 in my case) will be used to identify your key. The fingerprint will be used when cross checking identities (i.e. if you check and identity, you need to be sure that you check the fingerprint)

Signing someone else key

Say I want to sign my old key FBE03BF7 with my new and shiny one C3F53DD4.

Make sure you have the key, if not get it from a keyserver (pgp.mit.edu is a common alternative)

gpg --keyserver pgp.mit.edu --recv-keys FBE03BF7

Sign the key (level 3 is the highest level of trust, meaning you checked really closely an official id)

gpg --sign-key --default-cert-level 3 --no-ask-cert-level -u C3F53DD4 -a FBE03BF7

Export the key to a file

gpg -a --export FBE03BF7 > FBE03BF7.txt

and prepare a to send it to your stakeholder (this will generate a FBE03BF7.txt.asc that you can safely cut and paste in an e-mail)

gpg -u C3F53DD4 --armor --recipient FBE03BF7 -e -s FBE03BF7.txt

delete the key form your local keyring, you’ll get it from a keyserver later when you need it

gpg --delete-key FBE03BF7
rm FBE03BF7.txt

Importing a signature

You’ll probably receive ane-mail with a file attachment named something.asc. You’ll have to decrypt it:

gpg -d *.asc > clear.txt

Then probably extract the file attachment, this will generate new files

munpack clear.txt

Then import the signature (check whatever file was generated in previous step). It will merge the new signature with the existing ones.,

gpg --import florent@revelut.ch.asc

Then publish it:

gpg --keyserver pgp.mit.edu --send-keys C3F53DD4

And done : your public keyis now available, including the trusted signature from your stakeholders.

Traps/tips

If you encrypt an e-mail/a file you’re sending to someone else, you’d better encrypt it for you as well or you won’t be able to read it later (remember, you don’t have the private key of your recipient). If you have the file “in clear” on your file system, you will definitely want to delete it in a safer way than rm. Depending on your OS, file system and caching policies, this might get tricky to make sure your content is actually properly wiped out (or close to impossible).

Enigmail is a very easy and user friendly way to cipher your e-mails. If you’re using a web-app to access your e-mail, you might  want to switch to using a real mail client and imap to access your emails as webapp usually don’t support cryptography. It might eventually be coming for gmail though (blog post from google).

Cryptography and BCC don’t work well together: the IDs of all recipients are in the clear… In the same way, ciphering and mailing list don’t work unless you have a way to expand the mailing list on client side and know all recipients (think about exchange server). There is no issue with signing cryptographically when sending to a mailing list and it’s considered a good practice.

You can (and should) use your private key when tagging a git repository. As you put your reputation on line, you might want to review branch merge with extra care.

Most people won’t check the signature of the public key, which is really bad. Anyone can publish a public key on a key server, if it’s not signed, it does not bring anything.

Some extra paranoid people don’t want ot have their public key hosted on a key server. There are some use cases where it makes sense, use your best judgement on convenience vs security.

Music and mood

I always listen to music, but most of the time I don’t really care or pay attention. I tend to use quite random playlist and mostly let them run. Or at least, this what I thought until I recently checked.

What I discovered surprised me. Most people say their mood will be influenced by the music they listen to. This is explained in detail (and in French) by someone smarter and way more knowledgeable in music (which is easy considering my quasi-null level)

In my case, I tend to influence my playlist based on my mood. The fun thing is that I do that unconsciously and that it seems to correlate sometime surprisingly.

Let’s dig:

Renaud can be good (Molly Malone) or bad (p’tite conne in a loop is a fairly good indicator of depression).  Brel, Moustaki, Ferrat is mostly always bad: not for the singer himself but rather for the memories of a lost one they evoke. Funnily enough, Jean Yanne, which is from the same environment, is not triggered by the same feeling.

On the contrary, classical music, opera and even requiem are an indicator of good mood. I especially like listening to symphonies, Fauré or Mozart requiems as it helps me getting isolated from the rest of thew world.

My main problem now: each time I choose an album, I wonder if I’m making a conscious or unconscious choice. I have several hundreds disks in digital format but no real way or making statistics (as I use several players). Currently, this is more a feeling than hard-data backed evidence, which disturbs me. I know not to trust a feeling as it’s usually the best way to be wrong.

For the coming weeks, I’ll try to sweep the darker area of my collections, to dig into stuff I know less and see if I have the opposite effects. Anyway, I found  funny to realize after so many years and to discover such a correlation.