Thu, 30 May 2013
GPS Tracking Systems
I use my smartphone in addition to the cyclocomputer in order to be able to record my speed, and later compare the speeds at the same place amongst various conditions. The problem is what to use for tracking and what for reviewing and comparing the recorded tracks?
So far I record the tracks using Move! Bike Computer on my Android phone. It is far from ideal, but at least it stores tracks as a GPX files which are accessible directly from the flash. It uses 1-second intervals, and as a bonus, it can display the track using Google maps. The drawback is that it sometimes does not switch the GPS on, so it needs to be switched on manually from the Android top bar menu. The other drawback is that while it can send the GPX files by e-mail to the desktop computer, it does not remember the prefered export format (GPX instead of KML for me) and the prefered export method (e-mail using K-9 mail to a predefined address). So sending tracks from my phone for further archivation is not so easy. But at least it can be done. Another problem is the start and end of the track: I usually start this app before leaving home, and stop it some minutes or hours after reaching the destination. The recorded tracks then cannot be easily compared, because their durations vary in the order of tens of percent, even though the real time of activity is roughly the same. The auto start/stop feature of the cyclo computer is much more precise - the GPS always report at least some movement because of its imprecision and noise.
As for the viewer, the situation is even worse. So far the best I have found is Endomondo, (and "the best" here does not imply "good" at all). Endomondo can import the tracks in the GPX format, and display them on top of Google map, can generate the speed and height profile, etc. On the other hand, it is way too skewed to training and fitness (computing calories, etc.), and has way too much useless social features. It also has its own proprietary Android App, which makes sending data to Endomondo easier, but with this app it is impossible to get your own data back in an open format. Moreover, when importing GPX data with 1 second granularity, Endomondo rescales it to something more coarse (tens of seconds to even minutes), so it makes comparing the speed at a given place pretty meaningless.
What do you use for your sports tracking, and how does it meet your data accessibility and openness requirements?
Wed, 29 May 2013
E-shop Reviews
Apparently at Mall.cz they think that they sell only perfect goods, and don't want people to write negative reviews to some of the goods, even though the description contains plain lies. As an example, we take this 9V rechargable battery. In the description, they say:
The rechargable NiMH battery from GP Batteries lasts up to 5 times longer than alkaline batteries [...]
There has to be some serious magic used by either Mall.CZ or GP Batteries, which causes that the battery rated at 8.4 V with 200 mAh capacity lasts five times longer than an ordinary 9V primary alkaline cell. Apparently the later according to Wikipedia has 565 mAh capacity, and thus stores three times more energy than the rechargable batery from GP Batteries.
I have written a comment along these lines to the Mall.CZ system on May 7th, but it is still not published as of now. So beware of any e-shop which doesn't allow negative comments, such as Mall.CZ. It is interesting that some bigger shops like DX are perfectly OK with people writing negative reviews to some of their goods.
Fri, 24 May 2013
File Manager
The last file manager I have used was Norton Commander back in the DOS era. Many years after that, during the flame wars between proponents of spatial and single-windowed Nautilus, I have only laughed at them, thinking that the command line was much better. Why would anybody need a GUI file manager? I feel slightly ashamed now, but I have to admit that for the last two weeks, I have also been using a GUI file manager.
I work on various things with respect to cabling, electricity, a new datacenter, and so on in the new building of Faculty of Informatics. The problem with the building specifications, projects, and so on is, that they are stored in the deep structure of directories, with names containing whitespace and even non-ASCII characters (in different character sets), and each directory contains many files or subdirectories with common prefixes shared by a set of files. So the usual tab-completion does not help - it is necessary to actually look at the completion prefix in order to know what character to add next. Here is an example of such a file name, starting from my automount point:
stavba_cerit_dok/01_ZADAVACI_DOK/02_zadavaci_projektova_dokumentace/\ FIMU_GD_SOD_příloha č. 1/!!!_02_FIMU_GD_SoD_Priloha_1_II.A_PD_DVD_PROJEKTOVA_DOK_1.etapa!!!/\ FI_F.3_03_PS 03 SUPERPOCITAC, DATOVE CENTRUM_DVD/\ F.3_03_5 SLABOPROUDE ROZVODY_DVD/F.3_03_5.2.01_PUDORYS 5NP - SLABOPROUD.pdf
In order to be able to quickly navigate inside such directory tree, I have started to use a GUI file manager. So far I use Thunar, the default file manager in XFCE. It can easily switch to any directory along the current path, and it has bookmarks for fast access to frequently-used directories. I use this feature a lot, because of the main drawback of GUI file managers: It is not possible to descend into a directory, which is an automount point (and which, from the VFS point of view, does not exist yet).
Do you use a GUI file manager?
Tue, 21 May 2013
Cell Phone Operators
Few weeks ago I have moved my cell phone number to a different phone operator (don't ask :-). Today, I've got an interesting call:
Caller: "Hello, I am a representative of $my_new_operator, do you have a minute or two?"
Me (thinking about possible problem with $my_new_operator, with payments, or whatever): "Well, only a minute."
Caller: "OK, then. We have a great offer for customers of $my_old_operator. If you move to $my_new_operator, you can save much money."
Apparently the $my_new_operator's representative does not know that I am already their customer.
Fri, 03 May 2013
Laptop Upgrade?
I've got my laptop, ASUS F3E, in September 2008. So maybe it's time for a new laptop. Last year I have briefly considered buying a new one, but I have found that after upgrading F3E to 4 GB of RAM, 9-cell battery, and a fast solid-state disk (OCZ Vertex 2), then-current models provided no significant improvement compared to my F3E. Is this year's offer better?
There are several problems with my F3E:
- Glossy display (no explanation needed, I think)
- Plastic chassis, which is already broken in two corners
- Slightly slower CPU than needed (I had problems playing full-HD video without frame dropping once or twice, but I am not sure whether mplayer can use both CPU cores)
- The WiFi interface supports 2.4 GHz band, not 5 GHz one
What parameters should my hypothetical new laptop have? Of course, it would need to be better than my upgraded F3E in every aspect, and meet the following criteria:
- Size: less than 16", preferably not smaller than 14"
- OS: sold without Windows (I don't want to pay the Microsoft tax)
- Display: matte, at least 1280x800, possibly with touch input
- RAM: at least 4 GB
- Graphics: supported in Linux using open source drivers, including 3D acceleration (so most probably I don't want nVidia)
- HDD: preferably SSD, but I can reuse the SSD from F3E
- CD/DVD/...: preferably none
- Battery: at least 4 hours with moderate usage
- Keyboard: with long backspace, double-height enter, inverse-T arrow keys, and preferably without separate numeric keypad; backlit if possible
- Chassis: aluminium or similar, definitely not plastic
Does such a laptop exist, my dear lazyweb? Or shall I stay with my upgraded ASUS F3E for another year?
Fri, 26 Apr 2013
Tinyboard: ATtiny universal board
Having learned how to design PCBs, how to solder SMD components, and how to work with Atmel microcontrollers, I wanted to use this knowledge in more projects. I have thought about two or three things which I could do with ATtiny MCUs, but I didn't want to design a single-purpose board for each of them. Let me introduce Tinyboard, a multipurpose 24x50mm printed circuit board for 8-pin ATtiny MCUs (Tiny25/45/85, or Tiny13). The list of features includes:
A Tinyboard with a single step-up converter, MCP1703AT voltage regulator, USBasp programming connector, and unstabilized power input. The MCU itself is on the bottom side.
- Each of the five data pins can be repurposed as digital input, analog input with low-pass filter, output, MOSFET-driven output, etc.
- Up to two Boost (step-up) converters with current feedback measurement can be built on Tinyboard, for example for driving a string of LEDs.
- The board can use on-board voltage regulator, or use externally stabilized power.
- Each ATtiny data pin has its own three-pin header on Tinyboard, with one pin for GND, one pin for Vcc (stabilized or unstabilized), and one pin connected to ATtiny pin.
More details are described in the Tinyboard project page. So far I have built a step-up converter with it, and I am considering using it together with 9V battery (the size is about the same) as a lighting solution for my kids' bikes. The PCB fab allows boards up to 5x5cm size, so I have put two Tinyboards in a single design, receinving a total of 20 tinyboards. So I definitely have spare Tinyboards. If you have a project using 8-pin ATtiny and you are near Brno, let me know.
Thu, 25 Apr 2013
Re: The Shared Office Printer
PHD comics is as funny as always. What I consider interesting is the last problem - printing on a special paper (a.k.a. the "Print Sprint"). I solve this problem differently:
Usually, such a print job is single-page only. So the easiest solution is to use the manual feed input. Open the manual input tray, print your job with manual tray specified, return to the printer, and feed your special paper into the manual input tray. People usually don't specify the manual tray as input.
Another alternative is when I don't want to research (again) how to print
using the manual input tray from the command line. I run something like
"sleep 60; lpr myfile", walk to the printer, open the default
tray and manual input tray, wait a moment, and when the print job arrives,
just select the manual tray from the front panel of the printer.
Of course it heps if CUPS together with the printer can cooperate enough to display at least the print job name (including the hostname) or even the job owners' login name, to be sure that it is really my print job. How do you print on a special paper on shared office printers?
Tue, 23 Apr 2013
LinkedIn Endorsements Again
A while ago, I wrote about the new feature of LinkedIn - endorsing skills of each other. I have publicly stated that this is a nonsense, and that I didn't want anyone to endorse me, and I would not endorse the skills of my connections. Half a year later, I have to say I was right:
My public profile contains several endorsements for things I barely know they exist, for example for a programming language which I didn't write a single line of code in.
Moreover, I have discovered that I am supposedly "following" several things like "higher education", "computer software", or "Masaryk University". I am not aware that I have willingly decided to "follow" these things, maybe LinkedIn has added them by itself (I have clicked on "unfollow", so I don't follow them anymore). Apparently this is another misfeature designed to make it look that LinkedIn network is big and deeply interconnected.
What do you "follow" on LinkedIn?
Mon, 11 Mar 2013
Are the Directories Evil?
Jimmac has an interesting blog post about how GNOME users are not satisfied with the current look of GNOME folder icon, explaining the reasons behind its current state. The blog post contains an interesting reasoning, but I wonder whether the fact that an explanation was actually necessary does not invalidate it. For me, however, the most enlightening part of his blog post is this:
Exposing the directory structure is the pre-GNOME 3 world. What we focus on now are the applications.
This is exactly the kind of mentality which leads us to the world of systems with severe usability problems like Android, GNOME 3, or most current MP3 players. Maybe this is a news for some of you, but the concept of directories actually is useful!
I hate it when the audio player Android app cannot present the albums that I have on my SD card neatly sorted into directories (also) as those directories. I hate it when my car stereo cannot use subdirectories with depth greater than 1, and does not have a "shuffle subtree" function, making the whole "shuffle" thing unusable: I have songs, tales for kids, audiobooks, and language courses stored there, and I obviously don't want to shuffle through all of these, intermixing random language lessons with songs and audiobook chapters.
Why do I have to use a domain-specific "directory sorter" (e.g. MP3 or photo tagging application), when the system already has a general purpose means of grouping various files together: the directory tree?
Tue, 22 Jan 2013
New GPG Key (please re-sign it!)
My PGP key is almost 16 years old now - it has been created on 1997-03-15. It is a 1024-bit RSA key, which is not so strong by today's standards. So I have generated a new GPG key 4096R/A45477D5. I plan to phase out my other two keys, 1024R/D3498839, and 1024R/F0BEFD45 in the near future, and publish revocation signatures for them. My new GPG public key signed by both old keys is available at the following locations:
https://www.fi.muni.cz/~kas/pgp-A45477D5.txthttp://pks.gpg.cz:11371/pks/lookup?fingerprint=on&op=vindex&search=0xA45477D5http://pgp.mit.edu:11371/pks/lookup?fingerprint=on&op=vindex&search=0xA45477D5http://stinkfoot.org:11371/pks/lookup?op=vindex&search=0xA45477D5
The fingerprint of the new key is: B634 17E5 731B 4F42 69FA 57FF 9453 3581 A454 77D5
I hereby ask everybody who has signed some of my previous keys, or who has any means of verifying the above fingerprint by an independent channel (e.g. over the phone) to sign my new key and send me a signature. It is possible to do this in Linux using the following steps:
1. Obtain my public key
gpg --keyserver pgp.mit.edu --recv-key A45477D5
or use another keyserver instead of pgp.mit.edu, or get the key from our webserver
wget -O - https://www.fi.muni.cz/~kas/pgp-A45477D5.txt | gpg --import
2. Display the fingerprint
gpg --fingerprint A45477D5
Verify the fingerprint (should be the same as above; you can also call me over the phone).
3. Sign the key
gpg --sign-key A45477D5
4. Export the key
gpg --armor --output A45477D5-signed.txt --export A45477D5
Now send the resulting file A45477D5-signed.txt to me. Thanks!
NOTE: The plain-text version of this blog post, signed by my old key
1024R/D3498839, is available here.
Thu, 17 Jan 2013
Fedora 18
Fedora 18 has finally been released after being delayed several times. So far my experience is not so bad - upgraded systems mostly work. What are the biggest problems?
Most of them of course are in the rewritten Anaconda/FedUp combo. In my opinion, developers should be explicitly told to not rewrite things from scratch, if there is at least a small possibility of getting to the similar set of features with incremental modifications. The problem is that the previous codebase mostly works, and have lots of working features even for many corner cases. This resembles the infamous gdm-2.20 rewrite. Here is the list of problems I have ran into so far, using F18 on my laptop, on my workstation at work, and on a testing virtual machine:
- Gdm still cannot set the X server command line options, even though the developers promised the feature to be restored more than three years ago.
- FedUp provides no visual feedback about the progress of update. Who the f* wants to see the flashing Fedora logo during the upgrade, instead of some meaningful information? Are we trying to emulate MacOS or what?
- The new Anaconda cannot setup the storage the way user wants it to be set up, even though the old version worked even in this case. The developers response? Use Kickstart.
- Anaconda can select only one desktop environment for the installation. The response is the same as above. WTF?
- On my laptop, there was no way to select the correct time zone using mouse.
- Configuration files are being gradually
replaced with
systemdservices, which communicate over D-Bus, and have their configuration stored elsewhere. Replacing a three-line/etc/sysconfig/clockwith a permanently running daemon which needs its own command-line utility which talks to it over D-Bus seems really questionable for me. - My laptop is switching off when I close the lid. Apparently, another
systemdcomponent is doing this. Here is the workaround. - Jindřich's TeXlive page is yet to be updated for F18. There is the texlive-release.rpm package, but it points to a non-existent directory. I have yet to solve this.
- On the positive side,
systemctlno longer needs the.servicesuffix for the services.
To sum it up, we are slowly heading to the distribution where find(1) and grep(1) are no longer the sysadmin's friends, and
the sysadmin will need to use the specific D-Bus interfaces to talk to the
most parts of the system. It is kind of sad.
Wed, 02 Jan 2013
PF 2013
I wish happy year 2013 to everyone who reads this blog.
Thu, 29 Nov 2012
Secure Login at Alza.CZ
Here is how the "secure" login works at alza.cz, one of the biggest e-shops in the Czech Republic:
In the login form, user can click to the link named "SSL", which leads to the SSL-encrypted page with an alternative login form. The problem is, that this page apparently sends the login form data unencrypted, so the usage of SSL to display the login form is completely pointless.
Wed, 28 Nov 2012
SOAP::Lite
Today's daily WTF goes to the SOAP::Lite CPAN package and its non-configurability and mis-design.
For example, look at this:
HTTP Basic authentication is accomplished by overriding the get_basic_credentials suboutine in LWP::UserAgent (which SOAP::Transport::HTTP::Client is a subclass):
BEGIN {
sub SOAP::Transport::HTTP::Client::get_basic_credentials {
return 'username' => 'password';
}
}
So apparently the only way how to use Basic authentication is to override
a global function in some foreign namespace. And what to do when I want to
use two SOAP servers with two sets of credentials inside a single application?
There are more similar "features" in SOAP::Lite. For example, tracing can
only be set up globally in compile-time, or by manually calling ->import().
My dear lazyweb, is there a SOAP module with cleaner design?
Update - Wed, 28 Nov 2012: Tracing
FWIW, it is probably easier and cleaner to do both basic authentication
and tracing at the transport level - the transport module here is
LWP::UserAgent (thanks Adelton for the hint!), so for example handlers described in the LWP::UserAgent manpage work:
$soap->transport->add_handler(
request_prepare => sub {
shift->authorization_basic($login, $pass);
},
);
$soap->transport->add_handler(
request_send => sub { print STDERR shift->content; },
);
$soap->transport->add_handler(
response_done => sub { print STDERR shift->content; },
);
I wonder why the SOAP::Lite manpages suggest such dirty ways
of handling this (and I have not even started mentioning things
like $SOAP::Transport::HTTP::Client::USERAGENT_CLASS global
variable; ugh)
Tue, 27 Nov 2012
Cookies Auth and 403 Forbidden
In IS MU we have recently abandoned the HTTP basic authentication and replaced it with cookie-based authentication. The main reason was that there is no portable way of logging out of the basic authentication. So I have based our new solution on Apache2::AuthCookie. The problem is, that it does not work correctly with some clients because of the way how the login form is handled.
When the yet-unauthenticated user accesses an URL for authenticated users only,
Apache2::AuthCookie returns the HTTP response with "403 Forbidden"
status code, and with text/html body containing the login
form. That way, the client cannot be possibly lead into the false assumption that the page it just received is in fact the content it wanted to receive.
So the user fills the login form, submits it, and the server returns the real
page for that URL, this time with "200 OK" status code.
This approach seems to be correct (even after reading the RFC 2616 :-). However, we observe problems with
the following two use cases:
- Nokia Symbian-based phones. After receiving 403 from the server, they display their own error message, and ignore the returned HTML altogether (except for the page background :-).
- Microsoft Word. When the link to the authenticated page is embedded inside the Word document, and user ctrl+clicks it, Word apparently starts MSIE to get the page. However, in this special case MSIE does not display the login form after getting the 403 status, but reports the error to its caller (MS Word) instead. So Word displays a generic error pop-up to the user, without the user being able to log in.
What to do now? The problem is clearly in the HTTP status code 403, and in its
mis-interpretation by some clients. I don't want to return the login form
in a 200 OK response, because I need e.g. the web crawlers to know that this
is not actually the page they tried to access. As for Symbian, they can be
clearly identified by their User-Agent string, so I can
return 200 OK only for them. But as for MS Word, I have no clue: what I see
is the request made by MSIE (and again, I probably don't want to return
200 OK to every unauthenticated MSIE request).
Any other suggestions, my dear lazyweb?

