I started watching PyCon's videos. One of the first ones I saw is Amber Brown's "How we do identity wrong". I think she[1] is right in raising not only the notion of not assuming things related to names, addresses and ID numbers, but also that you shouldn't be collecting information that you don't need; at some point, it becomes a liability.

In the same vein about assuming, I have more examples. One of them is deciding what language you show your site depending on what country the client connects form. I'm not a millennial (more like a transmillennial, if you push me to it), but I tend to go places. Every time I go to a new place, I get sites in new languages, but maps in US!

Today I wanted to book a hotel room. The hotel's site asked me where do I live, so I chose France. Fact is, for them country and language is the same thing (I wonder what would happen if I answer Schweiz/Suisse/Svizzera/Svizra), so I can't say that I live in France but prefer English, so I chose United Kingdom instead. Of course, this also meant that I got prices in GBP, not EUR, so I had to correct that one too. At least I could.

Later they asked me country of residence and nationality; when I chose italian, the country was set to Italia, even when I chose France first!

I leave you all with an anecdote. As I said, I lake to go places, most of the times with friends. Imagine the puzzled expression of the police officer that stopped us to find a car licensed in France, driven by an italian, with an argentinian, a spanish and a chilean passangers, crossing from Austria to Slovakia, listening to US music. I only forgot to put the GPS in japanese or something.

So, don't assume; if you assume, let the user change settings to their preferences, and don't ask for data you don't actually need. And please use the user's Accept-Language header; they have it for a reason.

[1] I think that's the pronoun she[1] said she[1] preferred. I'm sorry if I got that wrong.

python misc

Posted dom 17 jun 2018 18:06:01 CEST Tags: misc

I never wanted this. Whatsapp and its parent company are some of the things I most hate about what tech has become, showing the utter lack of ethics in a industry that has too much impact on the rest of the planet. Just go and read all the reports about groups abusing these platforms (and them allowing them to) to change politics all over the world, or all the shitty security a lot of IoT stuff has, and how they're used to attack services on the Internet.

But reality is more complex than that. In my home country, Facebook and Whatsapp specifically are very popular, to the point that, due to our lack of net-neutrality laws, phone companies offer cheap contracts where those two application's data usage do not count as such, becoming completely free. This means people almost stopped using the phone or SMSs, but instead send text, pictures and voice messages via these platforms. That includes my whole family, which also almost stopped using email.

So for the moment I left my principles aside and installed the app. My last attempt at this had failed because you can't install it on a tablet; the device has to have phone capabilities. Even more, when you try to register it, it forces you to use a cellular phone number; Signal at least has the decency to let you register it to a land line too (if it can't send you an SMS, it gives you the option of being called and the registering code is spelled to you). Luckily I had a spare number from a throwaway line I bought in my last trip to homeland, so I used that number instead of the real one. I know it's a useless step, it's equivalent to giving the finger to someone's back.

Once installed, I tried to send a message to my wife. The app denies you to do so if you don't give it in exchange access to your contacts. Again luckily for me, this phone was mostly empty, but I still took steps to avoid giving it all my contacts. The few I had were already sync'ed to my owncloud instance back home.

First, I exported all my contacts locally and deleted them all. I reimported them after I got the app running. Then I created a new, empty owncloud account, so when Whatsapp asked me which 'account' to use to get/sync the contacts, I gave it that one. This way, when you add contacs, they go to this 'honeypot' and it doesn't have access to your real Contacts. If you don't have a owncloud or similar service you control, you can simply create a bogus Google account and use that instead. The only downside is that you will get dupe'd contacts, but once you sent them a message, you can safely delete the contact and even completely disable sync'ing the account. You can also revoque the permission to access Contacts, but that means you're back to square one, except for the conversations you already have started.

I'm sorry can't give you the exact steps I did, I was on the bus, and with all the failing attempts I lost track. Of course, removing all the contacts means that you only see phone numbers and their photos, but after a while you can recognize them by that. Right now I only have my wife and my family's group, and I hope I can keep it like that for a long, long time.

One last thing: Whatsapp asks you for your contacts, but you can't nicely ask them back: the phone numbers of new contacts are very difficult to extract. You either export them to the Contacts Account if you still have around (I didn't) or you copy them by hand (which I did). Last but not least, I still have the nagging sensation that Whatsapp would have been able to read the contacts; I really whish that Android would gives us more fine grained firewall capabilities. Also, remember that Whatsapp has no option to store media in an SD card, only the phone's internal storage (WTF, people, seriously!), and it's a pain in the ass to clean up the stuff you don't want. So for the moment I haven't gave it access to Photos, Media and Files.

misc rant

Posted lun 20 nov 2017 19:41:11 CET Tags: misc

This is the second time I spent hours looking for this, so this time I'm writing it down.

My 10 year old Dell Inspiron 1420N, which is now my home server where I keep several useful online tools, has two problems: The keyboard and the LCD do not work. Well, the LCD works erratically, most of the times a couple of seconds after boot. The first problem can be fixed by attaching a USB keyboard, and the second by attaching an external screen.

Except that the machine does not enable the VGA output by default; but no problem, you just press Fn+F8 and voilà, external screen works. Except that external keyboards do not have the Fn key; but no problem, you can emulate it with Scroll Lock by just telling the BIOS to do so.

But you can't do it if you can't see anything on the screen. To do it blindly, you have to either know you BOIS by heart or find any reference online. I don't know that BIOS by heart, mainly because it's been a loooong while since I had to use it for anything, but also because I barely touch that machine anymore. And online references, well, there are none for models so old.

One of the possible solutions it occured to me that could help was to try to run a BIOS image, which you can still download from Dell's site (!), under qemu, but this tool cannot run arbitrary BIOSes. A pity, but understandable.

So without further ado, a schematic of the BIOS contents and how to fix this blindly:

- System
| System Info         <-- the cursor starts here
| Processor Info
| Memory Info
| Device Info
| Battery Info
| Battery Health
| Date/Time
| Boot Sequence
+ Onboard Devices
+ Video
+ Security
+ Performance
+ Power Management
+ Maintenance
- POST Behaviour      <-- 14 * <Down> + <Enter> and the following menu opens
| Adapter Warnings
| Fn Key Emulation    <-- 2 * <Down> + <Enter> and the setup screen opens
| Fast Boot
| Virtualization
| Keypad (embedded)
| Numlock LED
| USB Emulation
+ Wireless

The setup screen is quite simple, it has two options, Off and Scroll Lock, and you move with <Left> and <Right>. I'm not sure if it's needed, but pressing <Enter> to choose your option does not hurt. Then you press <Esc>, which gives you the Exit screen. This screen has three options: Remain in Setup (which is selected), Save/Exit and Discard/Exit. Guess which one you want :^) Just press <Right>, <Enter> and you're done! The machine reboots and now you can use <Scroll Lock>+<F8> in your external keyboard to activate the external screen.


Posted dom 15 ene 2017 21:20:34 CET Tags: misc

Today I had to setup 3 Firefox profiles, because I started a new job, and I realized I never documented which extensions I use or why, so I had to work a little from memory. Hence, this post, which I plan to keep up-to-date as much as possible.

A little bit of rationale first. I'm very privacy-conscious, but at the same time very pragmatic. I use several profiles to add an extra level of data isolation. That also allows me to have different sets of extensions, because some are some intrusive that they break some non-important sites' functionality.

Finally, the list, in no particular order:

  • FlashGot, by Giorgio Maone: Better downloads handling.

  • Go-Mobile, by 'Geek in Training': A lot of sites are actually more useful (read, with less crap on them) in their Mobile versions. This plugins lets you switch from one to the other.

  • HTTPS everywhere, by EFF: Don't navigate in the clear anymore.

  • No Script, also by Giorgio Maone: A broad spectrum antibiotic. Not loading JS makes pages less CPU intensive, plus sites cannot track you if you don't make requests, plus also blocks videos.

  • Privacy Badger, also by EFF: In their own words, “protects privacy by blocking spying ads and invisible trackers”.

  • Tab Auto Reload, by 'Schuzak': I use this to reload sites that constantly log you out, but only under certain circumstances.

  • Tab mix plus, by 'onemen': Once upon a time ffox didn't have session management/recovery. Now it does, but not very good; I still think TMP's ones are better. Also, duplicate tab.

  • Toggle animated GIFs, by Simon Lindholm: Stop annoying animations. Just make sure to tick 'Pause GIFs by default'.

  • uBlock Origin, by Raymond Hill: an (ad) blocker, goodbye-adiós 15s ad videos in youtube.[1]

So that's it. Unluckily there's nothing against browser fingerprinting yet (and my browser ranks as quite unique), and I don't know how much can be/has been implemented by [Mozilla]. If you have other suggestions about plugins, please do in the comments below. As I said, I'll try to keep this post up to date.


[1] I used to use ABP, but it seems it became a protection scam.

Posted vie 14 oct 2016 19:30:38 CEST Tags: misc

Yesterday I climbed Cime du Cherion and to my surprise I saw Corsica[0]. Then a friend of mine pointed me to an article explaining that if you manage to see the island from the coast is because a mirage in a dry air layer 1000m high due to the Föhn's effect. It's notable that the French Wikipedia article about this effect is way more complete than the English one.

Punta Minuta (2556m) is one of the highest points in Corsica close to the northwestern coast. Cime du Cherion is 1778m. The distance between them is[1]:

surface_distance= 225.11km

Earth's mean radius[2] is:

km_per_radian= 6371km

which is also by definition the length of a radian on the theoretical surface of the Earth[3]. Those two mountains are then separated by an angle of:

alpha= 225.11km/6371km= 0.035333 radians.

or a little more than 2°[4]. According to this, the sagitta is then:

sagitta= km_per_radian*(1-math.cos (alpha/2))= 0.994215km, or 994.215m.

This means that is is possible to see the last 1.5km of Punta Minuta from Cime du Cherion and almost anything above around 1000m, which is quite a lot of Corsica, but definitely not what I saw.

In conclusion, we were both right, but him more than me :) And yes, I'm ignoring there is an angle between both points; if we take that in account and assume that Cime du Cherion is at 0°, then the projection of Punta Minuta over the secant that passes through those points is:

projection= math.sin (0.035333)/0.035333*2556m= 2555.46m

A little over half a meter :) Doesn't really change much in the calculations.

Last, a graph showing the height of the sagitta in function of the distance, quite surprising!

[0] Name in corsican :)

[1] Measured with marble.

[2] From the same page, polar radius is 6356.8km and equatorial is 6378.1km. We're measuring points between 42°20' and 43°50'N, so using the median is not that crazy.

[3] Don't go there.

[4] Another fun fact: 1° is about 111km.


Posted vie 15 abr 2016 14:47:19 CEST Tags: misc

In the last two weeks I took a couple of friends and my car to a trip around Deutschland and then some more. When I do this kind of road trips, the last thing I do each night is to take a picture of the dashboard with the trip counter showing the accumulated kilometers. Last year we did a slightly shorter one all the way to Praha and back, and on the last day I noticed that the counter seemed to reset a little bit beforehand. See, the trip counter only shows three integer digits and one decimal digit, so once it reaches 1000 km (1mm! Just not the small one :), it shows 000.0 again. So in this trip to Praha, while coming back, the counter reseted back to 0, so at the end of the trip I was not sure how many kilometers I did, only that it was around 3.5k km.

This time we were in the way between Hamburg and Köln when it happened again. This time I was sure we were around 3.2k km when it happened, and suddenly it struck me. But let me tell you how I was sure first.

In the first night, the numbers read 207780 for the total counter and 752.2 for the trip, which makes the start at around 207027.8. The last night they read 212048 and 743.3. Subtracting this last total counter to the belated start value makes some 5020.2 km!

Now, let's go back to the strange resetting problem. It's around the 3200.0 km mark, and the counter is digital. Digital counters need bits to count, and the amount of bits available determine the maximum number these bits can count. Also, this counter has a decimal place for counting kilometers... but what if it actually counted hundreds of meters (hectometers) and the display is just a representation? That would make the reset at around 32000 hectometers, hmm...

I just wonder why the technicians at BMW decided 20 years ago (my car is old) to use what looks like a signed int for this. With a two byte signed int a counter can go as up as 32767. If you're counting hectometers, that makes 3276.7 km, which seems to match the resetting point. Then, if we add the number from the last night, we get 4020.0. I knew that after Köln the digits shown wrapped once around 1000 km, so we end up with 5020.0 for the real trip. It's a suspiciously round number, but it's only a 1 in 10 probability.

So, cars can have bugs too. This time is just annoying bug for those us crazy people who make trips longer than 3.2k km, but with the tendency of making cars more and more dependent on computers (self-driving cars are the most clear cases), we have to be aware that worse things can happen. But then, we already have self-flying planes, which can even land mostly by themselves.


Posted lun 06 ene 2014 12:33:18 CET Tags: misc

Having an extraordinaire hangover is, by far, not the best way to start attending a conference. But with FOSDEM there doesn't seems to be any alternative. The night before the conference a bar is kidnapped from the night circuit so FOSDEM-goers can get together to have a drink or two... or three, four, I-lost-the-count. You have to buy 'tokens' from the organizers (EUR 3, standard price) and then exchange them at the bar. I bought 4, which probably it was a little too much for me (I weight around 60Kg and my food input during the day was not even on the 'enough' level), but that was not the reason I was so hungover the next day. The reason was that clever people were leaving early and left their extra tokens behind, and that I didn't control myself. That's probably because the first one I had was a Delirium Tremens, which is above 8% instead of the normal 4/5%. Whoever to blame, no matter how hard I tried, I couldn't get off bed before 15h the next day.

So the first thing I did in FOSDEM was to miss the talk about beernet[1], something that sounds like a transactional and replicated DHT. I also missed the KDE group photo, which would have been a good way to introduce myself to the (rest of the[2]) KDE guys.

The first talk I saw was Will Stephenson's talk about OBS which at first I wasn't really interested in seeing, but end up being really interesting. The OpenSuSE guys have a huge farm of machines for building packages. They can build packages for most of the mainstream distributions (I remember OpenSuse itself, Fedora, Debian, Ubuntu, Mandriva and more), for all the versions that run KDE4, for several archs. All that it's needed is the source code and the packaging instructions. And all this is available to us, developers, just a registration away. The other half of the talk was in charge of Luboš Luňák, who promised to also release a tool to help to generate the .spec and the debian/{control,rules,etc} files. I await spectantly for them!

That night I hung around with some Debian guys, some of them I knew from DebConf8. We found a nice italian restaurant, where we ate pizza and pasta almost alone in the fisrt floor. The waiter was all the time telling jokes and when we were asking for the bill someone asked for another beer, which led the rest for asking for dessert and coffee. Fun time, which continued in the Monk bar until 24h. One thing about bars in Belgium: they don't have the smoke ban, so by the end of the night I was reeking of smoke even when I don't smoke at all.

The second day gave me the surprise that the KDE track had already finished (it was only the previous afternoon), so I wandered around a little. I went to a talk called "apt-get for Android", which given my current work got all my attention. Unluckly it was only just an Android app store (a free one, both in the beer and freedom sense) and not an effort to port some Debian stuff to the platform (it wouldn't make any sense anyways). I also saw the Ofono talk, but I didn't even got it's motive of existence.

Sebastian Trueg gave a talk about the Nepomuk stack. It's impressively huge and it's incredibly useful, but it still needs more integration into apps. I got the apportunity to talk with Trueg after the talk and I promissed to look into a Konqueror plugin who's sitting in playground. I'm also concerned about the UI for tagging/adding tags. Let's see if I can keep my promises.

[1] again, given the size and behaviour of my hangover and the project's name, even if I could crawl off the bed in time to see it, probably it would be not advisable anyways :)

[2] being a user and a more-times-off-than-on developer makes me a KDE guy, but I'm still not confident enough.


Posted mié 24 feb 2010 22:34:52 CET Tags: misc

I'm going to FOSDEM, the Free and Open Source Software Developers' European

Hell yeah I'm going! It's the first free soft event I'll be attending since I moved to France and I'm quite excited about it. I really don't know what to spect, except drinking belgium and dutch beer (which I miss from last summer, which I spent in Netherland 20m away from a bar... how many times I came back drunk during that time I don't even fathom to try to count). Here I barely can get my hands on some Leffe and that's it.

So, I can't wait for those hangovers, yay!


Posted mié 24 feb 2010 22:34:45 CET Tags: misc

hace 4 días un chango de pyar me mandó una invitación a entrar en su red de contactos de linkedin. conocía el sitio de oídas, y un par de casos de éxito ("me contrataron porque teníamos un amigo en común en linkedin" o bongas similares).

curioso, decidí darle una vuelta. pero para hacerlo más interesante, decidí no agregar (al menos por ahora; una herramienta es una herramienta) contactos yo, sino sólo esperar que caigan invitaciones. hay dos hitos que espero: que me invite alguien que no conozca (no vale si lo conozco pero no le sé el nombre o el nick, cosa que no es difícil), y que me invite alguien que yo no quiera (los hay, y sé que están en esa red porque los ví).

por lo pronto mi perfil no está completo (otra cosa que quiero ver, cuánto te rompe las guindas el sistema), y ya van 6 contactos. yay?


Posted mié 27 ene 2010 23:55:55 CET Tags: misc