Planet Freitagsrunde

This is a good one on TED:

A.J. Jacobs: How healthy living nearly killed me.

Manche Tools oder Websiten benoetigen einen Text eingegeben per "keypress" von der Tastatur.

Um diesen dennoch einen kopierten Text unterzujubeln, hier ein kleines Script von mir:

#!/usr/bin/python

import os

import virtkey

import time



def presskey(keyName):

        vk.press_unicode(ord(keyName))

        vk.release_unicode(ord(keyName))



vk=virtkey.virtkey()



time.sleep(2)



for c in os.popen('xsel').read():

        presskey(c)

Ihr muesst dafuer die pakete python (evt. python-dev) und xsel installiert haben. Haf Vun!

Until recently, page margins in LaTeX had more control over me than I had over them. I already heard that package geometry could be of use here, but quick hacks seemed more fun than going through the docs of that package.

I had a closer look now and geometry turned out to be much more convenient than I expected in the end.

The code that I experimented with can be reduced to this snippet:

%% Demo by Sebastian Pipping <sebastian@pipping.org>
%% Released to the public domain
\documentclass[a4paper]{article}
\usepackage[hmargin=2cm,vmargin=1cm]{geometry}
\begin{document}
\rule{\textwidth}{\textheight}
\end{document}

So I am abusing \rule here to draw a filled rectangle that spans the whole content area. I am asking for horizontal margins of 2cm width and vertical ones of 1cm height.

Strangely, the output I received did not match my expectations. Look how much bigger the left margin is than the right one.

It turns out that indentation of the first line of a paragraph is at work here. The insertion of \noindent solved that problem.

LWN.net brought my attention to this: Microsoft confirms UEFI fears, locks down ARM devices

Dass man RFID-Chips in Kleidung einbauen kann, war mir klar, aber dass es wirklich gemacht wird, hat mich dann doch ziemlich vom Hocker geworfen:

FoeBuD enttarnt RFID-Chips in Kleidung

Nachdem sich die Festplattenpreise stabilisiert haben auf gut das doppelte, hier ein Ueberblick mit Alternativen:

Das ganze geplotet:

Massenspeicher im Vergleich

Intro

I recently got bitten by the hyphenation of LaTeX and learned a few things in return. I noticed that two other LaTeX users in my environment were running into similar hyphenation trouble or were about to start a bigger text document without sufficient knowledge of hyphenation. So I would like to summarize a few essentials here.

Why care about hyphenation?

By default, LaTeX does hyphenation for you. If it gets things wrong the reader will attribute that error to you, not to LaTeX. Sometimes bad or wrong hyphenation even affects the layout of the page and makes text go into the margin area. Maybe a reader attributes that to LaTeX; however, it still doesn’t look very professional.

Why hyphenation needs to be correct from the very start (and for every word)

Imagine you work on a document 20+ pages long. You pass a snapshot of the document to someone to read, get some corrections back, start integrating corrections. If you modify content on page 10 there is a chance that hyphenations on pages later in the document change: it may happen the the set of hyphenated words before and after do not share a single word. What that means is that as long as you work on the document, places of hyphenation change. That means errors that no reviewer had a chance to see before. Ouch.

Common pitfalls with hyphenation

Words containing hyphens, e.g “well-understood”

If you use words that contain hyphens, e.g “well-understood”, LaTeX breaks these at the very place of the present hyphens only. It may even write the end into the margin area of the page, if it exceeds a certain length. The following example illustrates the issue.

Let’s look at a document made of the text

Hyphenation is well-understood. Maybe not.

six times. Without manual work you get output as shown in the following excerpt. Focus on the right border.

\documentclass{article}
\usepackage{hyphenat}
\begin{document}
Hyphenation is well\hyp{}understood. Maybe not.
[..]
\end{document}

This time the output respects the size of the text area. Again, focus on the right border.

Mixing languages, e.g. English and German

If you mix two or more languages within the same document you have to tell LaTeX which words belong to which language. (Once you get used to it, it’s bearable; there isn’t much of a way around it.) Otherwise you end up with things like German hyphenation applied to English words, i.e. wrong hyphenation.
In a case where the main text is written in language A it makes sense to mark selected words as language B.
To mark English words in an otherwise German document I use a simple self-made command \ENG:

\usepackage{babel}
[..]
\newcommand{\ENG}[1]{\foreignlanguage{english}{#1}}

An example use would be

UnionFS ist ein \ENG{Stackabe file system}.

Mapping that to other combinations is left to the reader

Debugging tool \showhyphens

The command \showhyphens can be used to query all the places where LaTeX dares to hyphenate a word (or compound word). The output however does not go into the actual document but to the shell and the log file. If you feed the following document to LaTeX

\documentclass{article}
\usepackage{hyphenat}
\begin{document}
\showhyphens{well-defined}
\showhyphens{well\hyp{}defined}
Dummy
\end{document}

you can spot this output on the shell:

...
[] \OT1/cmr/m/n/10 well-defined
...
[] \OT1/cmr/m/n/10 well-de-fined
...

In case you have a script extracting all used words from a LaTeX document for another view on spelling mistakes you could combine that with the results of \showhyphens to a make a single list with all words and their hyphenation for review.

Futher reading and sources

• Wikibook LaTeX -> LaTeX/Formatting -> Hyphenation
• Multilingual LaTeX with the Babel Package
• \showhyphens #1
• \showhyphens #2

I recently discovered that the sound of rain makes a great ambient sound for working. Unlike with real music I do not have to switch artists or albums every few hours and there are no foreign words injected into my thinking process so it’s easier for me to focus.

Finding a good recording of rain can be a bit difficult. What I ended up using is these two CC-BY-licensed samples in loop at the same time:

• rain.wav by mystiscool
• rain_on_car_roof.flac by 833-45

The Freesound website makes that kind of playback possible without even involving sound editors. All you need is two tabs (or even one) kept open in a browser.

Food for your brain: news.ycombinator.com

It's better than heise.de .

I ran into error 24 today: “Too many open files”. Ooops.

The solution that I eventually went for is not among the first Google hits for “increase limit open files” so I felt like blogging about it here.

There are two functions getrlimit and setrlimit that allow querying and modifying certain resource limits, e.g. the maximum number of open files for a single process (and they do have a shared, detailed man page). For each of the resource limit types, there is a hard and a soft limit: the soft limit, is the one you run into. In my case the soft is 1024, the hard one is 4096. The cool things is: Any non-root process can increase the soft limit to the hard one. That’s my rescue.

Simplified, this is what I do:

#include <sys/time.h>
#include <sys/resource.h>

...

struct rlimit open_file_limit;

/* Query current soft/hard value */
getrlimit(RLIMIT_NOFILE, &open_file_limit);

/* Set soft limit to hard limit */
open_file_limit.rlim_cur = open_file_limit.rlim_max;
setrlimit(RLIMIT_NOFILE, &open_file_limit);

Works like a charm.

If you should ever stumble upon this bug, consider yourself very lucky that I have found the solution to this already, because it took me _AGES_ to figure this out. No shit.

So here's the problem: We used a self signed certificate on on of our servers and curl and all tools relying on curl just couldn't connect to this server at all (with certificate validation). Despite the fact that the root certificate that signed the server certificate was happily in my keychain and marked as trusted.

The solution first: Turns out that the Keychain will eat certificates in many formats, specifically it supports DER and PEM. curl however can't use the DER certificate in the keychain and just reports it as missing. Exporting the certificate, converting it to PEM and then reimporting it (making sure to remove the DER version beforehand) fixed it.

I converted the file with this command

openssl x509 -inform DER -in some.ser.ver.der -out some.serv.ver.pem

Here's some of the error messages I got:

% curl -I https://some.serv.ver -v
* About to connect() to some.serv.ver port 443 (#0)
*   Trying some.ip... connected
* Connected to some.ser.ver (some.ip) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

If you hit this brick wall - hope this helps you too.

Tried a lot of different beans here in Berlin. These are the best: "African Queen" by Impala Coffee

A house blend. Dark roasted, with a hint of caramel.

Get it fresh.

When I listen to music, I mostly use my atom-board home server as a player and of course I want to control it from remote. But I don't like those complicated networked sound architectures (mpd, pulseaudio, jack). I just want to ssh on the box, put some music on the playlist and disconnect.

To do that, you obviously need a player that works from the command line. So far I used herrie. It has done a great job and I still like its simple interface.

But recently I wanted to upgrade from the onboard Intel HD audio to a solution with optical out. As I will need the single PCI slot for a gigabit ethernet card, I bought a USB soundcard, a "Creative SoundBlaster X-Fi 5.1 Sourround Pro USB". It works pretty much out of the box, you just need to build snd-usb-audio module into the kernel (3.0.4 that is). Sadly it's a pretty stupid device: It has no hardware mixer. So alsamixer won't give me a volume control bar, unless I set one up through a complicated asound.conf soft mixer. But I don't really need that anyway.

So, back on topic, the new USB soundcard now is connected, but for some reason herrie doesn't work well with it. Sound is horrible and stuttering. Maybe I'll file a bug...

So it was time to look for other players. Gentoo has media-sound/moc. Turns out it was a good idea to try something new. First of all, moc works nicely with the USB soundcard. It might have something to do with the architecture. Moc is multithreaded and has a seperate thread for the playback and for the user interface.

This is how moc looks on my console:

Besides beeing a functional console music player, moc also has some cool features:

• can run in the background (without screen)
• is themable
• can seek pretty fast
• has it's own soft mixer for volume
• supports a good number of audio formats

So if you are looking for a good console audio player, you can give it a try.

Most native code / C++ software vendors nowadays have implemented coredumps for their software. "coredump" is a term from computer history, when main memory was magnetic core memory. A coredump is the frozen and stored state of a process at the time of a CPU exception (aka crash). It can be loaded in the debugger and analyzed (given you have the binary and the debugging symbols). On Linux it must be enabled in the kernel and by the system administrator via rlimit. On Windows, developers can use structured exception handling to catch a deadly exception and execute some little piece of code which then calls a Windows API function which creates a coredump.

When a crash in a production environment should happen, you then get a coredump stored on disk and can receive that from you customer. While crashes should not happen at all, when they happen, coredumps are extremely helpful.

Now recently I got a very special coredump on my desk. Here is what happened (Intel assembly this time, as it's on Windows).

The exception handler has catched an exception: "Unhandled exception at 0x57dff720 in SomeBinary.exe.dmp: 0xC0000005: Access violation."

Hmm, not much to see here, but the debugger put's us at the position of the crash:

.
.
.
004D4AFF  mov         edx,dword ptr [ecx]
004D4B01  push        eax
004D4B02  mov         eax,dword ptr [edx]
004D4B04  call        eax
-- baaammmm, crash here --
.
.
.

With registers:

EAX = 57DFF720 //indeed, thats what happened
ECX = 7843BD48
EDX = 7891F8D0
EIP = 004D4B06 //crash here

Hmm, what could that be? When something like that happens during development, you most likely have used an old invalid pointer or committed a crime of pointer juggling. When it happens during production, it's probably something terrible like a heap corruption or a race condition which you didn't find during development. The fact that there were something like a hundred other threads open in this coredump, didn't make matters betters. I feared for the worst. So the first thing I did was to find the bigger picture of where exactly I am in the code. The problem with production assembly code is, that it's optimized and has little to do with the source code anymore. Especially C++ templates and inlining make reading assembly hard, even if you have the sources.

From the debugger line it was clear that this is in the return section of a method call when the compiler starts calling destructors. Something like this:

void SomeClass::someMethod(...) {
  boost::intrusive_ptr<SomeBaseClass> foo(new SomeContreteClass());
  .
  .
  .
  // -- crash here, right before the return --
  return;
}

A little more assembler context made it clear, that the final call instruction should have been the invocation of the virtual destructor from the SomeConcreteClass object in the heap. foo is an intrusively reference counted pointer on the dynamically allocated object. Intrusively counting the reference means, that the object itself contains the counter and carries it, even when it is degraded to just a raw pointer. Because SomeConcreteClass was derived from SomeBaseClass and polymorphic, the compiler needs to find out the correct destructor uppon destruction of foo. With that knowledge I could start looking at the heap. ECX seemed to contain the address of the object in the heap. Now I had a look at the memory:

@ECX:
0x7843BD48 | 0082cf54 00000001 ...

That looks like a vtable pointer followed by the refcount which was down to 1. Maybe the vtable pointer was bad? So I followed the vtable pointer.

0x0082CF54 | 004355b0 0042c5d0 0042c5e0 ...

Well, this doesn't help much, but the disassembly looked sane and the debugger had a symbol for the address:

SomeConcreteClass::`vftable':
0082CF54  mov         al,55h //whatever, I don't care 
0082CF56  inc         ebx    //but it looks OK
0082CF57  add         al,dl

So why could that fail?

Just look what happend. The first mov instruction at 0x004D4AFF is supposed to load the address of the vtable into EDX which should be 0x0082cf54. But EDX has a totally different value (0x7891F8D0).

And that's the end of the story: the CPU must have failed on us. I repeat: The CPU has failed.

Either through broken RAM (most likely) or something like a TLB bug. I just loved finding that one ... and telling the customer to fix his hardware :)

You know, those web browsers with ssl support ... they have a reason why they basically ignore any OCSP/CRL errors.

Today I stumbled uppon a root certificate of a not-so-small international CA. Opinions differ, but generally CA roots should also be revokable and thus have an OCSP responder configured. Said certificate is one of the better roots and thus has a responder https://ocsp.some-ca.com set.

Now when you contact this responder something unexpected happens:

~ $ openssl s_client -host ocsp.some-ca.com -port 443
CONNECTED(00000003)
3125948630696:error:140770FC:SSL routines:\
  SSL23_GET_SERVER_HELLO:\
  unknown protocol:s23_clnt.c:683:

...

hmm ... something went wrong. tcpdump + wireshark shed some light on the problem: SYN, SYN-ACK, ACK ... tcp up, that's good ... now we send the SSL Client Hello. What we didn't expect was the reply from the server. A blatant (unencrypted):

HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Thu, 03 Nov 2011 17:45:54 GMT
Connection: close

Indeed, openssl is right: that doesn't look like an SSL handshake. It looks more like a slap with a large trout.

Wer kennt das nicht, da hat man eine USB-Soundkarte gekauft, weil der Eingang des Notebooks zu nah an der Festplatte vorbei geführt wird (sic!) und dann kann man an der Soundkarte kein Linepegen anlegen.

Nun, für diesen Fall möchte man ein Dämpfungsglied bauen. Ohne zu sehr auf die Details einzugehen, was die Anpassung angeht, hier ein einfacher Schaltplan um ein Mikrofoneingang zu einem Line-In zu machen.

Obacht: Dies ist für XLR, also symmetrische Signale, gedacht.

       ___ 7500
 o)---|___|-----o--------(o 
       R1       |                mit 2x7.5 und 1x150
LINE           | | 150     MIC   ergibt sich ein Teiler
 IN            |_| R3      OUT   verhältnis von 
       ___      |                15000:150 = 100:1 = -40dB
 o)---|___|-----o--------(o      Bitte 
       R2  7500                  Metallschichtwiderstände
                                 verwenden, die Rauschen nicht.

Für asymmetrische Signale sollte ein normaler Spannungsteiler funktionieren:

         ___15000
 o)-----|___|----o-----(o
                 |
                | | 150
IN              |_|          OUT
                 |
 o)--------------o-----(o

Samstag nichts zu tun? Perfekt fuer ein update aufs neue Ubuntu! Ist doch sicherlich Idioten sicher... dacht ich mir.

Leider hatte der idiotensichere Aktualisierungsmanager vergessen, dass /boot volllaufen kann und war der Meinung, dass das updaten des initramfs so kritisch waere, dass er irgendwie versucht hat die Installation rueckgaenging sic zu machen bzw. dann einfach wegzusterben. Natuerlich hat er dabei mich mit paar Paketen zu wenig zurueck gelassen und komplett gnome mitgenommen beim sterben.

Also: Neustart.. Hilft doch sonst immer!

Danach befand ich mich in einer schicken schlichten Unity-Oberflaeche, der aber die Symbole und die Windowdecoration (die kommt wohl von Compiz?) fehlten. Diese 'neue' Oberflaeche bedeutet aber mehr Klicken, weniger blinkende Applets und keine/schlechte Konfiguration.. da kann ich mir ja gleich Fluxbox installieren! Also geguckt wie ich das "gute, alte" gnome wiederbekommen:

aptitude install gnome-session-fallback

Danach alle Applets wieder zusammen gesucht, die ganze 3D-Optik reduziert und alle hotkeys wieder eingerichtet. Jetzt laeufts wieder.. aber ob ich das beim naechsten Ubuntu-update immernoch machen kann? Naja.. man wird sehen.

I recently wanted to disable echoing of the terminal in Python. When googling for that you quickly run into recommendations on getpass.getpass. Sadly, in my case of sort-of-non-blocking I/O it didn’t fit. It needed something to fit with this:

def read_line(timeout, timeout_func):
	ready_to_read, _, _ = select.select([sys.stdin], [], [], timeout)
	if ready_to_read:
		return sys.stdin.readline().rstrip()
	else:
		timeout_func()
		return &apos&apos

So I needed a way to just disable terminal echo. This is what I came up with:

import termios

def enable_echo(fd, enabled):
       (iflag, oflag, cflag, lflag, ispeed, ospeed, cc) \
                     = termios.tcgetattr(fd)
       if enabled:
               lflag |= termios.ECHO
       else:
               lflag &= ~termios.ECHO
       new_attr = [iflag, oflag, cflag, lflag, ispeed, ospeed, cc]
       termios.tcsetattr(fd, termios.TCSANOW, new_attr)

Also, I added this code to restore the terminal on progam exit:

import atexit
atexit.register(enable_echo, sys.stdin.fileno(), True)

It was the newsletter of Trinity Concerts that brought my attention to BOY a few days ago: a female-female duo making good mood music — quite fun to listen to. Sadly it seems the local concerts are sold out already. YouTube has quite a few videos on/of them though, both live and studio. Check them out. Among my favourites are the two below: “Little numbers” (studio) on top and “Boris” (live) at the bottom. Enjoy.

The atoi function has a serious flaw: it “does not detect errors”, see man 3 atoi. Same with its siblings atol, atoll, atoq.

Recently I played with different replacements for atol, the long-producing version of atoi: one based on strtol, the other on sscanf. The following is what I came up with.

Replacement using strtol:

#include <stdlib.h>
int str_to_long__strtol(const char * text, long * output) {
	if (! text) return 0;
	char * end;
	long number = strtol(text, &end, 10);
	if (end != text) {
		*output = number;
		return 1;
	}
	return 0;
}

Replacement using sscanf:

#include <stdio.h>
int str_to_long__sscanf(const char * text, long * output) {
	if (! text) return 0;
	long number;
	int count = sscanf(text, "%ld", &number);
	if (count == 1) {
		*output = number;
		return 1;
	}
	return 0;
}

Both of these two functions deliver behavior equivalent to atol on these inputs:

• “0002″
• “2″
• “2Hallo”
• “+2″
• “  2″

However, they differ to atol in two aspects:

• No crash on input NULL
• No success on input “”

Please note that all of these functions happily turn “2Hallo” into integer 2 with no complaints.

The code above is public domain.

When you accompany beamer slides with notes (using the \note{...} command) and you make them shown (using \setbeameroption{show notes}) you gain extra note pages like this:

When printing note pages alone, the header and preview makes sense. In my case with both slides and notes, it doesn’t. What I want is note pages that…

• contain no header, no preview, no date (which also increases space for note content)
• do not increment page numbers
• have proper spacing between paragraphs

To put that into an image, I want this:

To get there I came up with the following. First, to get rid of the header and preview I re-write the note page beamer template:

\setbeamertemplate{note page}{%
  \insertnote%
}

If you want to stay closer to the original, you can copy from the default code of that template, located at /usr/share/texmf-site/tex/latex/beamer/base/themes/outer/beamerouterthemedefault.sty in Gentoo Linux:

\defbeamertemplate*{note page}{default}
{%
  [..]
  \vskip.25em
  \nointerlineskip
  \insertnote
}

Second, to fix page numbers and spacing I wrote a wrapper around the \note{...} command using \renewcommand{\note}[1]{...}:

\newlength{\parskipbackup}
\setlength{\parskipbackup}{\parskip}
\newlength{\parindentbackup}
\setlength{\parindentbackup}{\parindent}

\let\notebackup\note
\renewcommand{\note}[1]{\notebackup{%
	\mode<handout>{\addtocounter{page}{-1}}%
	\setlength{\parindent}{0ex}%
	\setlength{\parskip}{10pt}%
	\noindent%
	{\normalsize{}#1}%
	\setlength{\parskip}{\parskipbackup}%
	\setlength{\parindent}{\parindentbackup}%
}%
}

If you have used \renewcommand before, this code should explain itself. If not, please drop me a mail. If you have ideas on improving above-mentioned approach, I’d be interested to hear from you, too.

The sources of the presentation are available here:

• .tar.gz download
• Gitweb

Die Bundesregierung will mal wieder Vorratsdatenspeicherung, wir wollen es nicht. Also gibt es eine Petition die man mitzeichnen kann. Wir müssen also mal wieder alle unser Login rauskramen und mitmachen.

Argumente dafür:

• Sie wissen eh schon auf welcher Seite du stehst.
• Es ihnen nochmal zu sagen, kann schlimmstenfalls dazu führen, dass die Botschaft diesmal ankommt.
• Ja, Petitionen bewirken formell eh nichts. Die Wirkung kann aber doch informell in den Köpfen der Abgeordneten eintreten.

Also nochmal: Login rauskramen, mitzeichnen.

Die Razzia bei Pfarrer Lothar König

Nachdem ich schon die Hoffnung auf einen File-Commander fuer Linux, der so ist wie der TotalCommander unter Windows/Android *hint*, abgeschrieben hatte, habe ich mich letzte Woche irgendwann doch nochmal dazu verleiten lassen genauer zu suchen und auszuprobieren.

Liste der getesteten Programme:

1. Total Commander (mit wine)
2. Gnome Commander
3. mc (MidnightCommander)
4. bsc (BSCommander)
5. gentoo
6. Krusader

I remember when I first came across that list: “Shit, it’s that bad? Ouch”. It certainly changed my view. I just stumbled over the list again and remembered I wanted to blog about it.

I bet as a male you’ll probably find some points you didn’t think of:
The Male Privilege Checklist

Comments closed on purpose.

Sarah Kaminsky: My father the forger

“[I]t will help the Git community a lot to understand your needs, what you like about Git, and of course what you don’t like about it.” (quoted from here)

Git User’s Survey 2011

Wie unsicher sind deutsche Mobilfunknetze?

Dyan deNapoli: The great penguin rescue