Skip to content


How to give different headers to different pages in LibreOffice

Following my previous adventures with LibreOffice, I wanted to place chapter names in headers, which means different pages would have different headers… which doesn’t seem to have an obvious solution, since the way headers (and footers) usually work is “same stuff for every page” (even though this can mean same automatic field with a different value on every page).

Anyway, LibreOffice provides a way to set different headers via page styles. The “Style and Formatting” dialog (accessible via F11), which you probably already use to format text at the character or paragraph level, also contains a “Page Styles” part. When you edit page styles, you can set specific headers, but also footers, margins, and even paper format.

The way I worked was to create one chapter per file, then combine all files manually. In each file, I defined a chapter-specific page style (like you would define any other style), which I then imported into the merged file (in the “Style and Formatting” dialog, top-right menu button them “Load styles” and import from file – don’t forget to check “Pages”), before copy/pasting the content. I’m not sure if there’s a better way or not, but to switch between different page styles in the global document, I used page breaks (Insert → Manual break), where you can specify the page style to be used after the break (default value being “[none]“).

Useful information on the LibreOffice wiki too: Defining Different Headers and Footers

Posted in LibreOffice & OpenOffice.


[R] How to fix package installation failure on “checking for xml2-config”

I’ve recently had to set up a secondary computation server running R-project. Unfortunately, like all my servers, it runs under Linux, and R is a PITA to run under Linux. Notably, packages must be compiled on the machine: not only this is long, but also it requires tons of programming-related dependencies (GCC and such), and, well, it tends to fail sometimes.

While I’m at it, here are the repositories to be added to /etc/apt/sources.list in Debian 7:

deb http://mirrors.softliste.de/cran/bin/linux/debian wheezy-cran3/
deb-src http://mirrors.softliste.de/cran/bin/linux/debian wheezy-cran3/

So, I wanted to install a few packages from Bioconductor, notably the “GOSim” package. But installation failed on the “XML” package dependency (yes, it’s a package named “XML”), with the following apparent issues:
checking for pkg-config... no
checking for xml2-config... no

So apparently, some dependencies were missing despite that infamous package manager system which I seem to be the only one to hate. The first dependency was trivial to fix:
apt-get install pkg-config
But for the second one, that trick didn’t work.

I eventually found on some Stackoverflow page that the relevant package is libxml2-dev, so:
apt-get install libxml2-dev

And that’s it, you should now be able to install your package… or move to the next missing dependency :-p

Posted in R (R-project).


How to avoid landing (too much) in spam folder when using Postfix: customize your hostname

Now that I changed e-mail provider for Fastmail, I have to deal with a more traditional anti-spam protection. Basically, SpamAssassin with quite default features. This is a bad thing because that piece of software just doesn’t seem to learn properly. Notably, the Bayes filter is totally underpowered, as even when fully trained it can’t decrease the score by more than 1.9, which isn’t even as high as some basic violations like CK_HELO_DYNAMIC_SPLIT_IP (1.499) or HELO_DYNAMIC_IPADDR2 (3.607). But this is also a good thing, because it forces me to actually look into the problems instead of just having them “fixed” by pushing the “not spam” button a few times to teach Hotmail or Gmail not to send those e-mails to the spam folder.

So, I had those 2 violations HELO_DYNAMIC_IPADDR2 and CK_HELO_DYNAMIC_SPLIT_IP, which I hadn’t had before at my previous hosts. After a quick search, it seemed that this was caused by my hostname looking too much like the one of an ISP. For instance, my ISP gives reverse DNS looking like 22-22-33-126.rev.numericable.fr, and my server host gives, well pretty much the same. Like 44-122-133-9.blue.kundencontroller.de. For SpamAssassin, this looks too much the same: the HELO address, 44-122-133-9.blue.kundencontroller.de, seems like a residential, end-user computer, not like a proper server.

The fix to this is simple: configure your hostname so that it’s not your host’s default anymore (and make sure your new name doesn’t look like an IP either). I suggest simply taking one of the domain names already hosted on your server (you have to make sure that the relationship IP < -> domain name works in both directions). For instance, I set mine to patheticcockroach.com. Probably even better (more convenient for migrations) would be to had a third level domain name assigned to it, like server1.patheticcockroach.com

To configure postfix to use the new hostname, change that in /etc/mailname. (don’t forget to postfix reload or postfix stop and postfix start to apply changes).
You should also be able to configure the reverse DNS associated to your server in your host’s control panel. You’ll then have to wait for it to propagate, however you should also be able to quickly see the change with some specific tools like DomainToosl, for instance: http://whois.domaintools.com/81.7.10.145 (the hostname is indicated as “Resolve Host”).
I’m not 100% sure both parts are useful, yet I think it’s a good idea to make sure the Postfix HELO address matches the server’s reverse DNS.

Edit: actually, the most important part seems to be the myhostname = stuff.com line in /etc/postfix/main.cf.

Posted in Linux, postfix, servers.


Tips to captioning figures and tables in LibreOffice

I’ve recently had the need to write in a format close to a scientific article within LibreOffice. However, I quickly encountered 2 issues related to figures and tables:

  1. When adding/inserting a caption for an image, there’s no “Figure” category
  2. When adding/inserting a caption for a table, I didn’t find it obvious to place the caption above the table.

First thing first, to add a caption for a picture or a table, just right-click on it (might take a bit of try and error for table) an select “Caption” in the context menu.

About point 1), bug reports are in the work (cf my first link), but meanwhile it’s possible to simply create a custom type that you’ll call “Figure” (you can manually edit the item in the “category” drop-down list).
Dialog box for caption creation
This manually-created type will then be available for auto-index creation (Insert → Indexes and Tables → Indexes and Tables):
Dialog box for figures index creation

About point 2), well maybe you already noticed it in my first screenshot: in the caption creation dialog, you have, as the last option (the one just above the preview), a “position” item, which can be either “below” (default) or “above”. Note however that “above” is a bit bugged at the moment: the text below your table will be moved upwards by as much pixels as the space taken by the caption. The workaround is simply to add an appropriate amount of line breaks after your captioned table.

Posted in LibreOffice & OpenOffice.


Mac OS – Solving can’t install Titanium CLI & Alloy (Invalid password)

Titanium is this thing, which allows for cross-OS mobile development. I recently had to compile an application written in Titanium for iOS. I’ll skip the highly weird “installation” method for Titanium (the installer itself unpacks some stuff and asks you to manually drag and drop it into the application folder). When running Titanium for the first time, it will try to update as well as to install dependencies. To do so, it will ask for your account password. And if you’re unlucky like me, your proper account password won’t work. The issue was reported there, but they only provided various workarounds which I don’t find very satisfying (notably due to their lack of simplicity).

First, a more accurate description: when your Mac gives you a password prompt, normally your name appears as “FirstName LastName”. In the case of this issue, my name would appear as my login, ie “lastnamefirstname”. I observed that on 3 machines: the 2 where the issue occurred had “lastnamefirstname”, the one where it worked had “FirstName LastName”. The accounts with or without the issue all apparently had full admin permissions (according to Apple → System Preference → Users & Groups).

Now, the solution for me was to set up the root password. That password isn’t set by default (or at least it’s unknown). And funny thing, this was just like setting the root password on any Linux distribution (I think I made a post about that for Ubuntu or Debian a while ago). Basically:
- open terminal (search “terminal”)
- type “sudo passwd”
- then enter your current (admin) user password, then enter the new root password (twice)
And voilà. On a side note, you can now use “su”. But more importantly, if you try to run those Titanium Updates/Additional package installs again, and enter the root password, it should work (NB: in my case, I chose the same password for both su and my admin user).

Posted in Uncategorized.


Various Facebook funny lines #6

Time for another batch, I guess. FYI, the previous one was there.

Great minds discuss ideas, average minds discuss events, small minds discuss people. (Eleanor Roosevelt)

Today, I will be as useless as the “g” in lasagna.

I hate getting up at stupid o’clock in the morning.

My kids’ favorite thing to play with is my patience.

Just remember, if we get caught, you’re deaf and I don’t speak English.

In alcohol’s defense, I’ve done some pretty dumb shit while completely sober too.

This is by far your most fucked up idea ever… I’ll be there in 10 minutes.

People with ethics have little use for the state. The state has little use for people with ethics.

The 5 second rule for food dropped on the ground does not work if you have a 2 second dog.

Trying to pick my favorite politician is like trying to decide which STD is just right for me.

You say you value your employees, but my paycheck determined that was a lie.

I’m glad the EPA raised the “safe” radiation levels, I was starting to worry about the Fukushima disaster.

I hate the phrase “kids will be kids”, I think it should be replaced with “bad parenting results in assholes”.

Based on how I react when toasts pop out of the toaster, I will never look cool walking away from an explosion.

Weird is a side-effect of awesome.

Strange new trend at the office. People putting names on food in the company fridge. Today I had a tuna sandwich named Kevin.

Posted in funnies, Totally pointless.


How to remove an e-mail from auto-type in Gmail

Before I finally decided to pay for my e-mail address, I wasn’t able to properly send e-mails from my @mydomain.com address, and people would see my real @yahoo.com, @hotmail.com or @gmail.com (yes, I know…) and often use the latter to write to me instead of the proper one. This lead to a classic issue when I changed provider: people wouldn’t update their address book quite promptly, even when notified about it a few times and promised it wouldn’t happen again (now that I totally insist on using my @mydomain.com, it really won’t, and actually my first @mydomain.com e-mail has been active and stable for about 9 years now).

Among those, a few kept writing to outdated (and sometimes totally abandoned) e-mails for ages, despite an incredible amount of reminders to update me in their contacts. And then it struck me: the common point between all those people was… they are all @gmail.com. As a former Gmail user myself, I get the picture now: Gmail has this very handy feature to save all the e-mail addresses you ever send an e-mail to, and serve them back to you every time you write an e-mail ever after. Of course, most other e-mail providers have caught up with this nowadays. But Gmail remains unique (I think) in the way it treats those e-mails: it saves them as invisible contacts, whereas as far as I know, other providers save them as visible (although quite empty) contacts.

Well, anyway, now that you know that auto-type e-mails are stored as invisible contacts, I guess you can find out the steps to remove them: search and destroy ;)
Here is the more detailed guide, in 3 picture steps as I find Gmail’s UI quite user-unfriendly nowadays…

1) Go to your contacts
Gmail menu: contacts

2) Use the search box to search for the e-mail address
Search box from contact section is the same as from e-mail section, but will search for contacts rather than e-mails

3) Open the invisible contact, and use the “more” drop-down menu to delete it (“Delete contact”)
Select the More menu in the contact card, and delete

Well, that’s it. Congratulations, you won’t accidentally write to my 5 years-long abandoned e-mail anymore :-p
(…but maybe you’ll do it on purpose? ^^)

Posted in Google.


Spamhaus strikes again (with the CBL, as usual)

Just a very short post to explain why I haven’t been approving new comments for the last 10 days. On April 2, the geniuses from Spamhaus pretended they detected a “Trojan called Win32/Zbot (Microsoft)” on the server. That’s funny, because it damned looks like a Windows-specific Trojan yet this server is definitely running Linux. Even though this first detection was also the last, the server’s IP wasn’t removed from the infamous retarded CBL list (Composite Blocking List), which admittedly doesn’t work based on actual spam sent but on “suspicious” behavior. Or if you’re into movies, this would be like the Minority Report list.

My current e-mail provider, Fastmail, which provides great features BUT has a much more retarded anti-spam arsenal than Gmail or Outlook, simply silently discarded all e-mails because of that bogus listing. And voilà, this is how I didn’t receive the notifications… Say thank you to the web-nazis from Spamhaus and their blind worshipers at Fastmail…

Posted in web filtering.


How to compile and install DNScrypt (dnscrypt-proxy) on OpenSUSE

DNScrypt is a tool that allows you to send your DNS queries to something else than your ISP’s DNS servers, while also encrypting those DNS requests to prevent snooping. I’m not sure how useful it is if you’re using a VPN, but I’m more of an SSH tunnel guy and as far as I saw, about every program except Firefox (when configured properly) will still perform its DNS requests in the wild instead of via the SSH tunnel, which is kind of retarded as it defeats the purpose of the tunnel… So that’s where DNScrypt comes in handy.

I found it quite trivial to use on Windows (except that setting a custom DNS server doesn’t seem to work – on a side note, this test page is great to check whether or not you are currently using OpenDNS as your DNS server), but on OpenSUSE it’s quite tougher to set up, as you’ll have to compile it yourself. Still, with the instructions it should be easy enough (plus in the end it works better than on Windows ;))

First, install some required stuff (may be more or less depending on what is already installed on your system – if more is required, the output on ./configure should
be most helpful in finding out the missing dependency):

zypper in gcc
zypper in -t pattern devel_C_C++

Then, download and install latest libsodium (it’s a dependency for which OpenSUSE doesn’t provide packages either):

wget http://download.dnscrypt.org/libsodium/releases/libsodium-0.4.5.tar.gz
tar xf libsodium-0.4.5.tar.gz
./configure
make && make install

Then you need to run ldconfig (just type ldconfig in the console). I have no idea of what it does, but if you don’t do it the ./configure for dnscrypt-proxy will most likely fail with a message like:

configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details
configure: error: ./configure failed for src/libevent-modified

Finally, download and install the latest dnscrypt-proxy:

wget http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.3.3.tar.bz2
tar xf dnscrypt-proxy-1.3.3.tar.bz2
./configure
make && make install

That’s it, you can already run it in console using:

dnscrypt-proxy

However, by default, it will use OpenDNS servers. And OpenDNS is actually all but open, so you may want to switch to a more neutral provider. At list of providers can be found on http://dnscrypt.org/. To use a specific provider you’ll simply have to add some more parameters to the call, like:

dnscrypt-proxy --resolver-address=178.216.201.222:2053 --provider-name=2.dnscrypt-cert.soltysiak.com --provider-key=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21

Last but not least, you must now configure your connection to use 127.0.0.1 as DNS resolver. In OpenSUSE, this is done via network connection management: for each connection, click “Edit”, then in the IPv4 Address tab, configure method to “Automatic (DHCP) addresses only“, and then set DNS servers to 127.0.0.1. You may want to set DNS servers to ::1 in the IPv6 Address tab, but I didn’t try that since my ISP doesn’t support IPv6 yet.

And now that’s really it: you should be using DNScrypt. To make sure you are, you can stop dnscrypt-proxy and see that when it’s stopped you can’t access websites (NB: try this on websites that you didn’t visit very recently, otherwise their DNS records may be cached by your browser or by the system).

Of course, this isn’t a very convenient setup so far, and you may want to look up how to configure this as a daemon automatically launched at boot time. I give here brief instructions, if you need more details see http://perseosblog.com/security-encrypt-traffic-dnscrypt/.

nano /etc/init.d/after.local

at the end, add:

exec /usr/local/sbin/dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --resolver-address=178.216.201.222:2053 --provider-name=2.dnscrypt-cert.soltysiak.com --provider-key=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21

I’m not sure how necessary the PID file is, but I preferred not to try to mess up with it. Now your setup is complete: your DNS requests are encrypted, sent via DNScrypt to a DNS server different from OpenDNS (or not), and that setup is automatically loaded at start-up. Enjoy :)

Posted in cryptography, Internet, Linux, privacy.


The face is the ultimate biometric data

When people ask me why I don’t want to post my photo on internet or any digital document, I usually reply with the (semi-) joke that the face is biometric data and that as such, I don’t want to diffuse it just like they probably wouldn’t want to diffuse their DNA details or their fingerprints (although the later might sadly become a habit with all the fingerprints readers getting included into the latest smartphone “just for you security because we know you’re too limited to remember a proper password”).

The face is biometric data

However, with the recent story about that silly (18 year old) “kid” (yay, when the objective is to get the public’s pity he’s a young kid, a few days before he was a brilliant young entrepreneur lending GoPro cams, go figure…) who videotaped the city of Nancy from a drone and doesn’t understand the privacy implications of this (not to mention the security ones – I mean the physical harm of getting your skull crushed by a drone falling from 30-50 meters high), I gave it some more thought. And I came to the conclusion that photo being some usual biometric data is indeed a semi-joke, as it is in fact the ultimate biometric data, as I’ll show below.

The face is officially recognized as one of the best ways to identify people (says Captain Obvious)

It’s been used for a very long time in ID documents, notably in the French ID card from its beginning in 1912-1917 (article in French), along with the fingerprints.
On a side note, the ID card became mandatory in 1940 under the Vichy administration (that’s the administration who collaborated with the Nazis). I’m not saying that having a picture of everyone was a fascist’s dream, but… well at least that could have been. It became non-mandatory again in 1955, although I wish you good luck to open a bank account without an ID card or a passport…

It’s about as unique as DNA

Two people may have two very similar DNAs just like 2 people may have very similar faces, in both cases it’s possible yet very unlikely. Even though you probably know a couple of persons who do look a bit alike among your friends, you probably have no pair that you really can’t distinguish (and if you do, I suppose they are twins – probably real twins, who do share about the same DNA?). Elvis doubles get a haircut like him, clothes like him, mimic his facial expressions, etc, but even though they tend to look alike, you can tell they’re not the real thing not just because you know the original is dead and used to sing much better, but also because he didn’t have exactly the same face.

It can be recognized by machines…

This wasn’t the case a couple of decades ago, which is why the general public still seems poorly aware of this, or at least of its implications, but facial recognition is quite trivial nowadays. Well, not trivial, but the tools to do it easily do exist (example). Basically, what you see in NCIS is fairly accurate in that respect.
Facebook does it (unless you configure it otherwise, they detect faces in the pictures you upload and are able to suggest friends’ names that match). The RATP (the company that runs the Paris metro system) planned to do it on its CCTV system, but they backed off when the general public became aware of the project and was quite upset about it.

…And it can be directly recognized by people too

And that’s a very unique feature for a biometric data. Usually it takes some computer, or at least (historically) a very thorough manual examination (like, to manually compare a fingerprint to a series of known fingerprints) to identify biometric data. With faces, computer recognition is possible as we saw, but humans are very good at recognizing faces too. And when they aren’t, it’s a proper medical condition called prosopagnosia.

It changes with time… but we know how! (well, partially)

A limitation of the face compared to DNA or fingerprints is that it changes in time. You may think at first that this breaks down the house as an ultimate biometric data, but it’s not really the case. Because those changes are, in a good proportion, deterministic. Don’t you recognize your old good friends from high school or even below, even when you haven’t seen them in a decade or more? Well, the computer should be able to too. Ongoing research on face aging simulation looks quite promising.
Clearly, this changing face will remain a weakness compared to DNA and such. But it’s quite a moderate one, because not only we are/will be able to predict face aging quite accurately, but also because we usually have recent enough pictures: predicting the aging of a few years, or even a decade, is much less of a challenge than predicting how a 20 year old young adult will look like when he retires at 70.

It can be taken from a large distance…

To get a DNA sample, you need to touch the person (or get an object they used, like a glass). Same goes for fingerprints. This is of course not the case of pictures. The picture of the iris – for iris recognition would be a bit intermediate as I suppose you need to get decently close to obtain a good enough iris scan.

…And by the average Joe

You don’t have people around you taking your DNA samples and fingerprints and reporting them to a central authority on a regular basis, do you? Well, with faces, you often do! Tourists, the photo-maniac at your diner (at your table… or not), the narcissistic idiot taking a “selfie” with you in the remote background, etc, etc: lots of people take lots of photos without caring much about people included by accident… And then they most often upload them “into the cloud”. I.e., their smartphone, which is actually often smarter than them, sends your face on the servers of some big data mining corporation such as Google, usually with geolocalization data and the timestamp.

Last but not least, it’s super cheap

Not only it’s as good as DNA and fingerprints, it’s also cheaper than the former and about as cheap as the later:
- cost of a photo: ~0.
- cost of facial recognition software and facial database: similar to DNA recognition and database, I suppose, but it’s a one-time or fixed cost.
The cost to use that is then about the same if you want to identify one face or a few thousands of them. Not really the case with DNA, with which each sample requires some reagents to be analyzed (even though those tend to quickly get cheaper)

Conclusion

Don’t give your face to people and entities you wouldn’t give a DNA sample and fingerprints to.
(yes, that’s a quite abrupt, but I guess that’s a nice summary)

Updates

2014-07-09

Quite an interesting read: Fashion that will hide you from face-recognition technology by Lauren Davis.

Posted in privacy.