After I joined the FSFE Fellowship a few months ago, I received a nice OpenPGP smartcard. Now I'm using it for real, and I like it!

I've decided to buy two OpenPGP card readers on Kernel concepts:

• Gemalto PC Express card for my laptop
• SCM SCR-335 for my workstation

Both are very easy to get working on Arch Linux: just install ccid and pcsclite from the AUR, restart udev, start pcscd (/etc/rc.d/pcscd start), plug your reader in, and you're good to go.

The next step is to create a key to be used with the card. There is a good tutorial on this topic on the FSFE Wiki. Only one step can be greatly enhanced: step 12, "Removing the master key from the keyring". Here is a much easier version:

1. Backup your public key: gpg --armor --export 559C215F > publickey.asc
2. Remove your private and public key from your keyring: gpg --delete-secret-and-public-key 559C215F
3. Import your public key: gpg --import publickey.asc
4. Edit your key and set its trust level to Ultimate: gpg --edit-key 559C215F, trust, 5, save, quit
5. Make GPG check your smartcard and recreate the secret key stubs by itself: gpg --card-status

That's it! Now you can return to the tutorial and test your card.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And don't forget to have fun!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJL8+C0AAoJEMPdciX+bh5InokH/17+dG0bYU05dTqHVOIDUKch
dGJ75jnO3cci9UcZeqghyH0Odi1uPpidRLWKjd1EogHNo24fb6/CwyL+6yUgW/RF
No0YOKG2r6dJGqpD91v5afd70JSkwMo66CRBpsou5TM6b6bG2p6dHVg3r2pJOKwJ
WoMbrsgHAAX7pGpAjhjREMLTIADwh5+5d1aQJx3qTjWNh908PVm+KN1iT9eryBWE
UJb98O6Zj02I4OTX3VsBmC29FyjfISBJ7LIElZQFTV7I3BIE+FDK9H9Hnb/3psF+
G/VOgHPILzd+BxuUzo4PGVne2GMPHv6vmm+yQlgvuz5Bnn/duU8gWVc+erDC2xQ=
=K7tA
-----END PGP SIGNATURE-----

Many thanks to the people involved in this thread on the GnuPG mailing list for the tip!

Go, first solo album of Sigur Rós's singer Jón Þór Birgisson (aka Jónsi), was released on April 6th.

Of course, I had pre-ordered it. But I'm attending to a conference in Lille this week, so no CD for me (it hasn't arrived yet anyway). But thanks to Spotify, I've been able to listen to it anyway... and, well, I could say it is great, wonderful, magical, or even insanely awesome, but this would be an understatement.

A little earlier, while walking in the street, I decided that I should definitely dent/tweet something about this album. Then I thought that listening to Jónsi is a little bit like flying without the fear of falling. And that's the moment I realized that writing reviews for albums is complicated (especially when you're not using your mother tongue), and that I should probably not even try to do that myself.

So here is an excellent review of Go. Now go listen to it, you won't regret it.

Paper is a safe way to backup a secret key: you can't hack into it remotely, you can hide it very easily, and you will still be able to use it in 50+ years. No USB stick can do that...

If you want to store your GnuPG secret key on a paper sheet, it is quite simple to do. You can use PaperKey, a small tool that strips all the useless data from a secret key and formats it into a printable result. This is great, but the result can be quite long: printing my 2048 bits secret key would take 3 pages.

But there is a nice way to store more data on a small surface: 2D barcodes, for example in the DataMatrix format, using the great libdmtx library. For small keys, this is really easy:

gpg --export-secret-key KEY_ID | paperkey --output-type raw | dmtxwrite -e 8 -f PDF > secret-key.pdf

If your key is bigger (like my 2048 bits key), you will need to split it in several parts, because the result of the paperkey command will be too big to be encoded in a single DataMatrix. Here is a simple method:

# Generates key-aa, key-ab, ...
gpg --export-secret-key KEY_ID | paperkey --output-type raw | split -b 1500 - key-

# Convert each of them to a PNG image
for K in key-*; do
    dmtxwrite -e 8 $K > $K.png
done

You now have several PNG images that you can print together on a single page.

To restore your key, it's just as simple: scan each DataMatrix into a separate image, decode them with dmtxread, concatenate all the resulting files (cat...), and use paperkey:

cat my-scanned-keys | paperkey --pubring ~/.gnupg/pubring.gpg > secret-key.gpg

Source: TPK Archival (by David Shaw, creator of PaperKey).

This morning I read the latest Piled Higher & Deeper about égalité des chances.

I am part of the few people who do a PhD after a grande école. The part about "Good job €€€€" vs "Crappy job" is quite true -- except that, from what I experienced, these "good jobs" are often boring, non-technical ones: contract managers, directors, etc. The kind of job that takes 50+ hours a week, plus many weekends. Not my cup of tea. And that is just why I decided to do a PhD: it is very interesting and rewarding, and I have enough free time to do what I like to do besides my work.

After more than two months of silence, I'm back! And, once again, with a brand new blog...

So, why did I change again? Many reasons: Tumblr was annoying (non-free, no control over your data, simplistic template system). Before that, Dotclear required constant attention to make it was up-to-date because of security issues (and it would have been even worse with WordPress...). I realized that what I really want is something that generates a static website: plain (X)HTML files are much safer than any dynamic website! However I do not want to do everything by hand, so I need something that generates these static files from some human-readable markup (preferably Markdown). I also need to track everything I do on my data, to backup it easily, and to be able to quickly revert to an older version: I want to use Git on my blog. And since I now use Emacs all day long, I definitely want something that integrates well in Emacs.

Several static blog generators are available:

• BlazeBlogger: quite nice! Written in bash, Markdown syntax... However, nothing for Emacs, and it uses a kind-of-version-control system that I do not like very much (it adds a lot of files to my git repository and just logs "this post was edited" without being able to revert to a previous version, so what's the point?).
• nanoblogger: written in bash too. Seems too complex for what I want. Plus, it describes itself as "slow"...
• Jekyll: close to perfect. It uses the Markdown syntax, has a nice template engine, integrates very well with Git (it's hosted on GitHub, which I like very much, and is even used for GitHub Pages). An Emacs mode is available. It has some very good ideas, like its YAML front matter. But Jekyll is written in Ruby, which is far from being my favorite language, and it lacks some features I like (tags...).

I finally decided to do something much funnier: write my own blog engine in Python. It took me a few days, but now it's done: Golbarg is born!

This brand new engine is written 100% in Python. It uses the Jinja 2 template engine, python-markdown for turning Markdown into HTML, and PyYAML for managing posts headers and metadata. golbarg.el is bundled, so every Emacs user can enjoy golbarg-mode. And all of this is of course available under the terms of the GNU GPLv3 license.

Golbarg is hosted on GitHub, as well as this blog. I also made Golbarg available on the Python package index (yes, you can install it with a simple pip install Golbarg!). Except for the comments in the source code, there is very little documentation available... So if you want to give Golbarg a try, look at the source of this blog, it's probably the best way to dive in.

Last few words: the old RSS feed will be available for a few weeks. Be sure to switch to the new feed as soon as possible!

The Tetris God

I tired emacs and I liked it!