No Food for Thought

Food is something you should provide to your brain long before coming to this blog. You will find no food recipes here, only raw, serious, non-fake news for mature minds.

The paradox of password complexity requirements

admin Tuesday July 8, 2014

Users often choose unsafe passwords. Administrators wanting to prevent that will sometimes implement requirements on passwords. While these usually try to enforce complexity, any computer scientist will see why they also ease cracking, theoretically. And as Matthew Palmer explains, theory is quite right at times.

Ah, if only users would always choose passwords as complex as heuristics.


admin Tuesday May 27, 2014

So after a long time, summer is back in Quebec... what we call summer anyway. With these high temperatures, bugs are back too. Yesterday I came back at 1 AM. With the street lamps, I noticed that - obviously - bugs were also back on the door, just waiting for me to open it before infesting the basement. At that time a great idea came to mind, which resulted in me coining Chealer's architectural law:

Philippe Cloutier wrote:
One shall never install a white external door.

Cloutier's architectural law can be generalized - external doors and door frames should reflect as little light as possible on their outside part. Unless insects would seek darkness to sleep safely.

Yes, I hate bugs. I must have become an adult the day a summer camp destroyed my childhood dream of a bug-free world, presenting insects as an essential link of the food chain. Bugs should be small, but they're stealing a big part of my life.

Thankfully, I'm mostly an inside person. A few minutes after enunciating my architectural law, I was enjoying the insect-free inside by eating dinner in a well-illuminated but very silent kitchen. At some point, I realized there were some noises coming from one window. After nearly starting to get scared, I realized one awful huge bug was repeatedly trying to go through the windows.

Fortunately, the kitchen stayed bug-free despite the stupid bug's tens of impacts. Bugs can't go through windows, right? Unfortunately, even though I rarely open Windows, my PC attracts lots of bugs. In fact, an important part of my contribution to free software is to report bugs I hit when using or trying software.

I certainly file several tickets per week, but many are never resolved or even investigated. That's why the following view hit me today:
packages.debian.org has been lagging a little more lately. I take more time to confirm resolutions, so now the 7 latest mails in my inbox are bugfix notifications in 7 different projects/packages, which all arrived in less than 100 hours. If that rate was maintained, all of my open bugs would be solved by 2016. Unfortunately, I experienced 2 bugs just in the process of writing this post, one which was already fixed, and one which I reported (my fifth ticket against Debian's issue tracking system), which made me hit a Thunderbird bug (which I didn't report this time). So that schedule might slip a little with the software I use - or should I say, test.

Debian developers don't always treat tickets diligently, but now is an occasion to send a big kudos to my squashing colleagues. The bugs above weren't the most difficult, but there's one which has already started making my desktop less buggy.

I won't surprise anyone announcing that my favorite Firefox extension is Firebug. But as Firebug doesn't apply to Thunderbird, my favorite Thunderbird extension is FireTray. FireTray works around Mozilla's biggest issue on GNU/Linux - new mail notifications.

FireTray still has some way to go before reaching maturity, but my biggest issue with it was by far #119, a show-stopper if a show is expected to be attractive. I expected an easier fix - all I wanted was a non-broken notification icon. But I didn't expect the result to be so pleasing:
After hard work by Foudil Brétel, I now get this superb new icon (at least until I switch back to KMail, to which I'm hoping to give another chance soon). And you too will with version 0.5. Thanks to you too, foudfou! The next bug-squashing spree will be even more enjoyable smile

Now, let's just hope that shiny new icon won't attract more bugs... otherwise, it will take the door.

Update 1

A couple of years after writing this, I found an image about bugs I had forgotten I had created:
In French, the colloquial verb 'to bug' means software is misbehaving due to a software bug.
In French, the colloquial verb 'to bug' means software is misbehaving due to a software bug.

13 years later, after many more started offering such certifications, it is well overdue to put this timeless work of art in the public domain so it can be adapted to your favorite(?) software provider.

Update 2

Years after writing this, I realized the publication date didn't make sense. And eventually figured out that the update I did in 2016 had changed the year from 2014 to 2016. Because the blog engine wasn't designed to publish a post with a past date... so the HTML dropdown's options only started at the current year, causing the date to be silently changed - ah, bugsexclaim

Microsoft - Left-handedness is evil (but less so if your hand is holding a Microsoft mouse)

admin Monday March 10, 2014

Today appears to be my Microsoft rant day. Sorry, that might have been prompted by an awful experience claiming the warranty for a broken Microsoft keyboard. Readers who are free of Microsoft products have my apologies (and much luck).

As Ned Flanders brilliantly illustrates in The Simpsons, left-handedness is an economic problem. Mass production of artefacts for a majority of right-handed consumers disadvantages left-handed people. Keeping 2 items in stock - for one thing - comes at a price.

On the other hand, when a company produces software, being friendly to left-handed people shouldn't be costly. There is no marginal cost to a software sale, right? Well, it appears that the Microsoft Mouse and Keyboard Center isn't right at the center on the issue of handedness.

The ability to invert the mouse buttons has been present since at least Windows 95. Not a surprise, since handedness is possibly the most important mouse setting. However, when I bought my Microsoft keyboard, Windows automatically installed the modern Microsoft Mouse and Keyboard Center. I had previously noticed that the center was a regression for people often moving their mouse to the other side like me. Rather than controlling a checkbox in the control panel, inverting the buttons requires to redefine the behavior of each button via the Microsoft Mouse and Keyboard Center. Microsoft's configuration center removed the checkbox from the control panel.

What I hadn't noticed is that if your mouse is not supported, it does not appear in the Microsoft Mouse and Keyboard Center. And the control panel's checkbox is still gone. So if you own a Logitech or some even rarer mouse like I do, you're not dreaming. There is actually no way to invert your mouse buttons with this software installed, even in Windows 8.1. And this is not a new problem! Worst, I believe Microsoft Mouse and Keyboard Center had at least one feature. When you invert buttons with it, your RDP sessions will handle clicks correctly, as opposed to the default behavior from Windows, which I will be forced to live with.

In a sense, I'd like to think that this is an abuse of vendor lock-in. Because if it's not, this is proof of terrific incompetence.

Microsoft Outlook 2013 and IMAP - ouch

admin Monday March 10, 2014

After catastrophic issues with our file server caused by Outlook PST files, I've been trying to move from POP to IMAP at the office. A few months ago I did a first step, migrating my own mailbox. This was a very painful process.

Even though I'm using version 2013, which has had "a significant investment in IMAP", the result is impressively bad. The system tray's envelope icon, which shows when you have unread mail, now appears every few minutes. This feature becomes worthless and I gave up on it.

2 weeks ago, I started working from home thanks to our VPN. I was amazed to see huge bandwidth usage on the VPN ever since. I realized yesterday that the culprit was Outlook, which wastes close to a megabyte of bandwidth per minute, even when it's merely idling. That's right - even if I'm not using Outlook and not even receiving mails, Outlook will download about 28 GB per month, which is about half of my bandwidth limit. This happens even though I reduced my number of folders below 50 and my mailbox's size just above 1 GB. It doesn't depend on whether the server interval is 1 or 10 minutes (the latter being the maximum). Traffic shows that Outlook is doing something at a regular interval, about 18 times per hour. Yet, it seems to support IMAP IDLE (that is, mail is fetched instantly).

To be fair, I haven't tried to reproduce this with a fresh profile. I'll just dump Outlook for the time being.

Update: There is a pretty straightforward workaround: changing the send/receive interval. One way to do it is via the Advanced options, Send and receive section. Click "Send/Receive..." and adjust the interval for the default group.

Unfortunately, even though I thought my inbox showed mail instantly, it apparently doesn't. After changing the interval to an hour, it now takes time to notice new mail.


admin Monday May 6, 2013

Last month I bought my first desktop in a decade. Ordering and getting the parts from DirectCanada was already an experience. I expected some surprises as this was my first SATA PC, my first SSD and my first APU. Assembling was fairly uneventful. The parts are:

AMD A10-5700 APU Quad Core Processor Socket FM2 3.4GHZ 4MB 65W Retail Box$128.56
ASUS F2A85-M/CSM mATX FM2 85X FCH DDR3 2PCI-E16 1PCI-E1 1PCI SATA3 DVI HDMI USB3.0 Motherboard$93.75
Samsung 840 Series 120GB 2.5in SATA3 MDX Solid State Disk Flash Drive SSD$99.37
ASUS DRW-24B1ST 24X SATA DVD Writer OEM Black$17.79
Corsair Vengeance CML8GX3M1A1600C10 Low Profile Heatspreader 8GB DDR3-1600 CL10 Single Memory Module$55.33
Corsair CX Series CX430 430W ATX 12V 80 Plus Bronze Power Supply 120mm Fan$42.06

The ASUS F2A85-M/CSM uses a RTL8111F/8168 Ethernet controller and a Realtek ALC887 HDA chip. The A10-5700 uses a Radeon HD 7660D (Northern Islands series).

The first surprise was realizing my HDDs wouldn't fit on the motherboard - there's no IDE on the F2A85-M. Oops :-/

On the first boot, I wondered whether I had forgotten to plug in a fan. But no, the PC was just really quiet. Of course, I don't have any extension card, not even a graphics card, so I just have 3 fans (the PSU's, my case's old 120 mm fan and the CPU's). Even though I use the stock CPU fan, it's generally very silent. Good thing I bought the 65 W A10-5700 rather than the 100 W A10-5800K. The most noisy component was the 120 mm fan, which I set to medium speed. Now the PC is a quite a bit more quiet than I expected (i.e. very quiet). No HDD helps, but this is very satisfying considering that I didn't choose any part specifically to obtain a silent PC. Even with the 4 cores stressed, the PC remains silent.

BIOS-es surely evolved a lot in 10 years. The F2A85-M's BIOS is impressive. The only problem is it wouldn't detect my SSD. It turned out that one of my SATA cables has a partial defect. One of its connectors sometimes fails to connect, even if it is clipped. The other connectors don't have this problem. ASUS is not very generous in its F2A85-M accessories - with only 2 SATA cables, having a faulty one is a little annoying. But well, it may be an isolated case. All I have to do is to push on the connector when I plug it - and avoid touching the cable after.

At this point, I installed Windows 8. That was easy, almost completely bug-free. The driver disc from ASUS is cumbersome (basically forces you to install all of them), but since no extra drivers are needed, this is not a big deal.

With so few problems up to that point, it was time to get to the real thing - Debian. I installed Wheezy (then testing). The install went without issues (see #708019 for details). Even though the installer says the Ethernet card requires non-free firmware, it does not.

The real challenge started when I first booted Debian. Boot messages were horrific and GNOME (installed by error) was unusable. When I got to a tty, I realized there was a pulseaudio/Linux bug. I upgraded to experimental's Linux 3.8 and everything was fixed. You won't want a pure Debian wheezy on an F2A85-M. I don't know when the Linux bug was fixed, but other F2A85-M users should get a Linux version higher than 3.2, perhaps as high as 3.8.

With 3.8, the boot got quiet and GNOME got usable, but the screen resolution remained poor, since X used the generic vesa video driver. As I found out, current Radeon cards require (non-free) firmware to be installed to run with the radeon X driver. After installing firmware-linux-nonfree and rebooting, X automatically chose the radeon driver, which has been working as well as it ever did since. I'm curious to try with a newer radeon driver and mesa, but I already get decent 3D acceleration with the stock driver. Nothing great, but Neverball has fair fluidity. I tested a bit on Windows, and it seems the GPU itself is quite limited, more than I expected. I may decide to buy a graphics card if I want to actually play 3D games.

With the basics right, I went to install Flash and Java support. Java turned out to be already supported - yay! As for Flash, there is a Flash player in development by default, but I opted to install Adobe Flash Player. There were some sound problems remaining. The hardest one caused the Adobe Flash Player plugin for Iceweasel to be quiet, while sound worked everywhere else. I eventually found out that the default sound card is by default an HDMI sound card! Which is apparently not supported in Wheezy (even with radeon.audio=1). For some reason, KDE doesn't use that one, but Adobe Flash Player only tries it and speaker-test uses it too (see #709106).

If you have the same problem and wonder if the cause is the same, you can test by reloading the snd_hda_intel module with a parameter:

modprobe snd_hda_intel index=1,0

The more difficult part is to unload the module so you can [re]load it.

If that works, the permanent workaround I used should work for you, i.e. making the motherboard's card the permanent default by creating an /etc/asound.conf with the following content:

defaults.pcm.card 1

With Debian 9 (Linux 4.9), HDMI audio is now supported.


The basics working fine, I tested the components. The motherboard has a sensor, which can be read in the BIOS. The motherboard uses ITE's IT8603E chip, even though ITE does not even acknowledge that chip's existence. As for ASUS, it doesn't even say the F2A85-M uses the IT8603E. But Linux supports it8603 from version 3.14 (Debian 8). Unfortunately, the CPU's temperature is not clear. The it87 module reports a temp1 around 40, which looks like the CPU temperature reported by the BIOS. But CPUID HWMonitor shows a "Package" temperature around 47-62 °C usually, 87 maximum (under Stress testing), as of version 1.34, and, after upgrading to 1.40, between 0 and 37 °C, which is definitely broken, as the PC is inside. Version 1.40 also has a "Cores" reading between 49 and 86 °C, which seems to match version 1.34's Package reading. And, its "CPU" reading varies between 30 and 52 °C. Core Temp, for its part, indicates completely ridiculous temperatures (version 1.11 and 1.14, 2019-07-11). As for the k10temp module, it reports a broken temperature between 0 and 23 degrees. Good luck...


I won't order from DirectCanada again. As for my choice of parts, I do not really regret my choice, but I was expecting better from ASUS, in particular due to the missing specifications of the CPU thermometer. I'm very happy with the silence. The non-free firmware needed by the Radeon HD 7660D is a disappointment.

To summarize, it's easy to get most of the F2A85-M working almost completely on GNU/Linux once you know the issues. From a stock install, you need to:

  • Install firmware for the Radeon HD (previously firmware-linux-nonfree, now firmware-amd-graphics).
  • If you install an old distribution, upgrade to a recent Linux version. Good news: since my install, Linux 4.19+ is now in Debian stable.

After this, everything but sensors should work: USB, SATA, audio output, Ethernet, graphics, ODD writing. Untested: audio recording, eSATA. See the Debian HCL for more details on the devices.

Even though this is a blog post, I'll try to keep this state of things up-to-date, perhaps via comments. Comments from other users are also welcome.

Goodbye Sun, Hello Freedom!

admin Sunday April 28, 2013

I installed Debian countless times. So when I installed wheezy on my new desktop, I was following the usual routine of adding non-free sources then installing Adobe Flash Player and Sun Java, when I realized that the routine didn't work anymore - Debian no longer distributes Sun (Oracle) Java. So what should I do? Before I resigned to go back to java-package, it came to my mind that Sun Java's removal from wheezy was not new. How did my laptop work?

I had a nice realization checking that. I actually never installed Sun Java in the last install on my laptop, a year ago. I must have hit the problem then and delayed finding a solution, or chose to try IcedTea instead.

Whether this was intentional or not, it's time to realize that one doesn't "need" a proprietary Java anymore. Whether this is mainly due to IcedTea's quality or to a declining use of Java, it's now more than a year without proprietary Java, and I didn't even notice.

Improvements which you fail to notice are the best kind. Thanks to everyone who made this failure possible!

Penguin euthanasia - A villain idea

admin Thursday October 4, 2012

Man is born with a number of potential emotions - affection, pride, passion, hope - some of them negative - jealousy, hatred, etc. Maturity helps him control his emotions. But maturation never completes, and no man can entirely free himself from jealousy, or even hatred.

One particular emotion man fails to free himself from—despite the best efforts of modern society—is empathy. Pure apathy remains unattainable, even in our times. One will often fail to control natural empathy when faced with animal suffering (think of a struggling penguin) or terminal suffering. When these 2 situations are combined, even wise geeks will let their natural emotions prevail.

The desire for euthanasia is as natural as empathy. The former is simply a severe symptom of succumbing to the latter.
That being said, this writer is human, and is apprehensive of having to combat his natural emotions the next time he boards an aging Airbus.

Launches and updates

admin Saturday August 25, 2012

Around 1997, when I entered high school, I learned HTML (version 3!) and started LinkOPlaza, a website whose purpose was to share links to the webpages I liked. Although I found nice background pictures, and great horizontal rules designs, I never launched LinkOPlaza (if you find any reference to "LinkOPlaza" today, these are unrelated to the real LinkOPlaza, which Angelfire must have gotten rid of at some point - disk space for polychrome images is so costly!).

On my eighteenth birthday, Tiki 1.7 was released. This was the first CMS I downloaded and tried. At that time, I was working for Ido. Tiki was a great tool so I could build a website focusing on its content, rather than on its implementation. However, IdoWiki, my project to create a central website about Ido, was a lot more ambitious than LinkOPlaza. There was also a new technical difficulty - as a PHP website, I needed to find a real host. The free hosters wouldn't do, and I was on the low budget of a student working for practically minimal wages in the summer, so this was an important barrier to launch IdoWiki.

The final element against IdoWiki was… Tiki. I hadn't realized the tool I had chosen, which was not even 1 year old, was more beta than production software. I started working on improving Tiki, and I found that more rewarding than building IdoWiki. In the end, I effectively became a Tiki developer and abandoned IdoWiki. I would abandon Ido altogether soon after. This episode would concretize my taste for software development and determine my career choice. Yet… I still hadn't finished any website.

Today, I'm launching a true personal website using Tiki as www.philippecloutier.com (succeeding my minimal static personal homepage). This project was a lot more reasonable than IdoWiki - much smaller in content, and based on a tool which will soon have 10 years of maturity. Still, this site is not quite finished - a few pages are too long and probably not accessible enough. The translation to French is also just started.

The Tiki project now released version 9, highlighting its maturity by making its first serious commitment to support. Tiki 9 will be supported for 3 years, until at least November 2015.

I am proud to present my personal website using Tiki 9. This site currently presents my interests, projects, and this new blog. It simply uses blogs and wiki pages.

I must thank my long-time friend Xavier Douville for offering to host this website free of charge (on his Debian server). I must also thank all my Tiki colleagues for making Tiki 9 possible, helping me to create this website. I hit my fair share of bugs creating this site, but the good news for you is that I contributed fixes for most of these!

So, 15 years after starting LinkOPlaza, I am finally launching for the first time my own website, and after hundreds of commits to Tiki, I am becoming a real Tiki user! In fact, I am also becoming a mere Tiki user. After 3 years of freelancing, it was time to try something different. Since July, I am working fulltime as a developer for a Quebec tour operator. The Tiki experiment was worth it; I learned a lot as a freelance and it was much fun. It's sad to stop it entirely, but one has to make choices, and my new workplace has new challenges. I have had much less Tiki time for several months, and I'm only making my new status official by announcing that I'm resigning from Tiki's security team.

The golden opportunity I had would not have been possible without Tiki, the community of developers behind it, and the community of users which allows developers to work on Tiki. Thanks to my colleagues and customers for your trust.

Finally, I hope you appreciate the result of all my efforts and experiences. If not, I've enabled comments on blog posts (if this goes well, I'll do the same on wiki pages). And if you do like it, feelbe free to use it. Oh, and the same is true for Tiki 9. If you'd like to try it, it's free to try, and equally free to adopt. Enjoy!

Afghan schoolgirls, mass psychogenic illness and sources of conflict

admin Monday July 9, 2012
Johann Wolfgang von Goethe wrote:
Misunderstandings and neglect occasion more mischief in the world than even malice and wickedness. At all events, the two latter are of less frequent occurrence.

There is a lot of truth in Goethe's remark. But a list of sources of conflicts couldn't be complete without imagination. We all know that imagination can create fear. From there, there is only a small step to say that imagination can cause conflicts. A confirmation seems to come from an unlikely place - Afghan schoolgirls.
From Slashdot:

A number of incidents at schools in Afghanistan, especially girls' schools, have been attributed to poisoning by the Taliban. The World Health Organization has investigated 32 of them but found no poison. "Mass Psychological Illness is the most probable cause," they conclude, the Telegraph reports. The Taliban has consistently denied poisoning schools and have even consented to allow the education of girls in a deal with the government which allows significant Taliban control over the curriculum.

Fully Free

Kune ni povos is seriously freethough not completely humor-free:

  • Free to read,
  • free to copy,
  • free to republish;
  • freely licensed.
  • Free from influenceOriginal content on Kune ni povos is created independently. KNP is entirely funded by its freethinker-in-chief and author, and does not receive any more funding from any corporation, government or think tank, or any other entity, whether private or public., advertisement-free
  • Calorie-free*But also recipe-free
  • Disinformation-free, stupidity-free
  • Bias-free, opinion-free*OK, feel free to disagree on the latter.
  • Powered by a free CMS...
  • ...running on a free OS...
  • ...hosted on a server sharedby a great friend for free