Tanguy Ortolo - Miscellaneous

Safely untying a shoelace knot

Tanguy — Sat, 09 Feb 2019 16:23:00 +0000

Untying a shoelace knot is easy, but sometimes, one end got through a loop, and you end up blocking the knot. I invented a way to safely untie such a knot, regardless of whether or not it has been messed up, all with a single hand!

Here it is:

Catch a loop using your middle finger as a hook.
Grab the end of the same side with your thumb and index finger.
Pull the loop and end together.
The knot will untie itself cleanly, after which you will be left with the starting knot which is always easy to remove.

Note that, while useful with regular knots, this method will not work if you are using safety knots. You cannot have your cake and eat it, sorry.

Homemade U-lock holder

Tanguy — Tue, 04 Dec 2018 13:12:00 +0000

A U-lock is, arguably, one of the best ways to secure a bicycle against theft. When you buy one, it comes with a holder to carry it on the bike frame. Now, while the lock, basically made of hardened steel, is very tough and will probably last more than ten years, the holder is made of plastic, and will fail after a couple of years. Then, like most cyclist, you will have to carry your lock on the rack, which is far less practical.

There are several ways to make a U-lock holder; here is mine, which I have never found documented, so I may have actually invented it. It requires very simple material, it is very easy to implement, and it is quite durable and practical to use.

Material

a short length of plastic pipe, chosen so a lock arm can slide into it, and cut so it is about one centimetre longer than the rack width;
some duct tape, ideally with the same colour as the rack.

Oh, and you need to have a rack on your bicycle. Some racks may not be optimally compatible with that, sorry if that happens to be your case. You will also not be able to carry your lock that way together with bicycle bags.

Instructions

This is so simple that this photograph may be enough to explain it. You will find text instructions just below.

Put the pipe on the two arms that attach the rack to the seat stays, so it is perpendicular to bike frame. Try to find a place where it can be held stable;
Attach it with some tape.
Open the U-lock.
If your rack has a spring-loaded clamp, open it and hold it that way.
Slide one of its arms into the pipe, the other one relying on the rack.
Release the rack clamp, if you have it, otherwise use a bungee cord to secure the lock against vibrations.

I am buying stuff for Green Friday

Tanguy — Fri, 23 Nov 2018 13:48:00 +0000

So, today is Black Friday, and today, environmental and zero-waste organizations are promoting Green Friday, suggesting that people abstain from buying stuff, and to create and repair things instead.

Well, believe it or not, while I am in favour of reducing consumption and waste, and because of that, I am buying stuff on Black Friday, and doing so in order to repair things, namely, my bicycle.

I am an intensive bicyclist, commuting almost exclusively by bike every day, and guess what? A bicycle needs to be maintained, and for that, requires spare parts. As a bicyclist, I do not believe at all in zero waste, which is just an unrealistic goal, perfectly impossible to achieve. With the six thousands kilometres I ride every year, I am buying an average of two tires, one cassette, one or two chains and eight brake pads every year, and proudly dumping exactly the same, used ones.

So, for Black Friday, bike resellers are offering actual discount on spare parts, and, for the planet's greater good, I am buying some. This is not additional purchase, just stuff I need to maintain my environment-friendly attitude.

Let's Encrypt: threat or opportunity to other certificate authorities?

Tanguy — Fri, 15 Apr 2016 13:25:00 +0000

Let's Encrypt is a certificate authority (CA) that just left beta stage, that provides domain name-validated (DV) X.509 certificates for free and in an automated way: users just have to run a piece of software on their server to get and install a certificate, resulting in a valid TLS setup.

Let's Encrypt logo

A threat to other certificate authorities

By providing certificates for free and automatically, Let's Encrypt is probably a threat a other CAs, a least for part of their activity. Indeed, for people that are satisfied with DV certificates, there are not many reasons to pay a commercial CA to get certificates in a non-automated way. For the CAcert non-commercial CA, that may mean a slow death, as this is their main activity¹.

For people that want organization-validated (OV) or extended validation (EV) certificates, Let's Encrypt is not suitable, so it will not change anything regarding that.

An opportunity for the most reactive

The entrance of Let's Encrypt is also a significant opportunity for the certificate authorities that will be reactive enough to take advantage of their innovation. Indeed, they introduced automation in both domain name validation and certificate issuance (and revocation), by defining an open protocol that is meant to become an Internet standard. That protocol, named ACME, is not tied to Let's Encrypt and has several free software implementations, so it could be used for the same purpose by commercial CAs.

A certification authority could, for instance:

ask the customer to provision some pre-paid account;
manually validate the customer's identity once;
allow the customer to register using ACME, and associate that registration to his validated identity;
allow the customer to get organization-validated, or perhaps even extended validation certificates using ACME, and making corresponding debits to his pre-paid account.

Such processes may require or benefit from improvements of the ACME protocol, which is the very reason Internet standards are defined in an open way.

The first certification authority that would implement such a process could gain an advantage over its competitors, as it would greatly simplify getting and renewing certificates. I think even Let's Encrypt people would be happy to see that happen, as it would serve their goal, that is basically to help securing the Internet! Personally, I could buy such a service (assuming it is not restricted to juridical persons, according to a quite common (and detestable) sale discrimination against natural persons²).

Notes

CAcert is an unrecognised certificate authority, that provides an identity validation through a web of trust, and issues DV server certificates that do not include the validated identity. Now that Let's Encrypt can issue valid DV certificates, CAcert is no longer relevant for that activity. It also issues personal certificates, that do include the validated identity, and that can be used for encryption (e.g. S/MIME), signing (e.g. code signing) or authentication, which is an activity Let's Encrypt does not compete with.
Yes, the Organization field of a certificate is probably not relevant to indicate a physical person's name, but the CommonName field is. Yes, that field is usually abused to store the domain name, but a proper use would be to put the owner's name in the CommonName field, and the domain names in the subjectAltName field.↑

Scale manufacturers…

Tanguy — Mon, 26 Jan 2015 14:54:00 +0000

Dear manufacturers of kitchen scales, could you please stop considering your clients as idiots, and start developing useful features?

Liquid measurement: this is one feature that is available on almost every electronic scale available. Except it is completely useless to people that use the metric system, as all it does is replace the usual display in grammes by centilitres and divide the number on display by ten. Thank you, but no person that has been to school in a country that uses the metric system needs electronic assistance to determine the volume corresponding to a given weight of water, and for people that have not, a simple note written on the scale, stating that “for water or milk, divide the weight in grammes by ten to get the volume in centilitres” should be enough.

Now, there is still one thing that an electronic scale could be useful for, which is determining the volume of liquids other than water (density 1 g/ml) or milk (density approx. equal to 1 g/ml), most importantly: oil (density approx. equal to .92 g/ml for edible oils like sunflower, peanut, olive and canola).

Proof of address: use common sense!

Tanguy — Thu, 08 Jan 2015 12:54:00 +0000

As I have just moved to a new home, I had to declare my new address to all my providers, including banks and administrations which require a proof of address, which can be a phone, DSL or electricity bill.

Well, this is just stupid, as, by definition, one will only have a bill after at least a month. Until then, that means the bank will keep a false address, and that the mail they send may not be delivered to the customer.

Now, bankers and employees of similar administrations, if you could use some common sense, I have some information for you: when someone moves to a new home, unless he is hosted by someone else, he is either renter or owner. Well, you should now that a renter has one contract that proves it, which is called a lease. And an owner has one paper that proves it, which is called a title, or, before it has been issued by administration, a certificate of sale. Now if you do not accept that as a proof of address, you just suck.

Besides, such a zeal to check one's address is just pointless, as it is just to get a proof of address without waiting for a phone, DSL or electricity bill (or to prove a false address, actually…) by just faking one. And as a reminder, at least in France, forgery is punishable by law but defined as an alteration of truth which can cause a prejudice, which means modifying a previous electricity bill to prove your actual address is not considered as a forgery (but using the same mean to prove a false address is, of course!).

PayPal cut a secure email project's funds

Tanguy — Wed, 02 Jul 2014 19:36:00 +0000

It should be no news that PayPal have made an habit of opposing to projects that fight for the respect of freedom and democracy by cutting their funds. Anyway, they have just provided us another example of such an abuse, against the ProtonMail project.

ProtonMail is a secure email service project, similar to the defunct Lavabit service, with characteristics that should allow it a greater resistance to external pressure: it is based in Switzerland (which has specific privacy laws and with a strong democratic control) and developed by CERN and MIT researchers.

Well, it seems that this project was not appreciated by some organization, for which PayPal is just a puppet. Long story short, PayPal cut ProtonMail's funds without prior warning nor real explanation. When pressed to explain themselves, they eventually asked them if their email encryption project was approved by the government (which one, by the way?)!

As I said in introduction, this is not really a surprise, but it remind us that PayPal's major position is a threat to freedom and democracy as they still behave as enemies of these values (or as collaborator to known harmful organization, which is close enough) and that no project should rely on them. Fortunately, ProtonMail does not.

Pure Sensia digital and Internet radio receiver: good idea, bad design

Tanguy — Fri, 13 Dec 2013 14:16:00 +0000

Thanks to a corporate reward program, I just got a Pure Sensia digital and Internet radio receiver: basically, it is a device able to play streams from FM, DAB, HTTP and USB sticks. In overall, it works fine, and it has a remote controller, so it makes a nice addition to my home equipment, but it has what I consider a major flaw, which I suspect to have been designed on purpose.

For playing streams from FM or DAB, the process is rather simple: you select a frequency and it plays, nothing else is involved. I did not try USB yet but it should be similar: you select a file or a playlist and it plays it. But for HTTP streams, it is quite different: you select a stream from a the “Pure Connect” directory which is a list of HTTP streaming services maintained by the manufacturer Pure.

This raises three concerns:

If all HTTP stream access is made from that remote directory, it probably means Pure knows, and possibly logs, every stream you listen to. That is not acceptable.
What will happen when that service is shut down? Not if it is shut down, mind you, but when it is, because it will, since I never heard of any company keeping a service forever, or any company lasting forever itself actually. Well, here is what will happen: all these digital and Internet radio receivers will become digital but not Internet radio receiver. That is not acceptable: when you buy a radio receiver, you buy a device, not a service of indefinite term.
What do you do if you want to listen to an HTTP stream which is not listed on Pure's directory? Answer of Pure's support: you can add custom streams by URL to your Pure account's favourites. Well, good try, but that is not enough or rather, that is too much: requiring a Pure account to do that, is an artificial restriction, which suffers from exactly the same flaw as the Pure directory. And letting a single company know every Internet stream you listen to is not acceptable either.

Considering that flaw, here is my overall comment about that radio receiver: it is based on a good idea, and it has a good overall design, but it implements it in a precarious way. If you buy one of these things, you should know that you are not buying a complete digital and Internet radio receiver but only a digital radio receiver with some Internet features with privacy concerns, which will work for a time and one day stop working on Pure's decision.