Du coup Octave, ben ça marche pas mal du tout en 2023. La rapidité est tout à fait honorable sur un mac récent, et l'IDE qui reprend grosso modo celui de matlab est en Qt et est tout à fait fonctionnel : éditeur, debuggeur, inspecteur de variables, plots, etc. Donc thumb up pour octave et fuck you pour matlab.
]]>So, up to june 2023, in order to sign windows binaries, you had to choose between buying:
Drawback of the OV certificate: Microsoft does not trust you by default, so the first people that will download your signed executables will received a pretty scary warning from Windows Defender SmartScreen, telling them that they most likely have downloaded malware and they should erase it ASAP. Thank you MS, I'm glad I paid $700 for such a great service. After a few days/downloads, the warning is gone as MS now thinks your identity is trustworthy. Until.. 3 years later, when you renew the certificate, and all your earned "trust" is gone.
So, on 27 may 2023, I decided to renew our previous OV certificate which was about to expire. The provider I use is Sectigo. I could have been one of the last people on earth to receive a 3-years valid PKCS12 OV Certificate file, but no, what I got was a massive delay, and then a stupid SafeNet USB key that must be plugged when signing a file.
Why did this change ? Apparently there are these guys, named the 'CA/Browser forum', who have decided that handing a pkcs12 file to the user was not secure enough and that it was much more fun to make their life miserable by mailing them a stupid USB dongle.
How miserable ? Well quite a lot, indeed. You get a small USB key, and some software (from Thalès, mind you), the "SafeNet Authentification Client", that must be running when signing files. When you launch it, you get a screen with buttons such as "Change Token Password", "Unlock Tocken" etc. But, you cannot unlock the token because you do not have its password, the company that sold you the USB dongle is not giving you the token password. You can have a look at what is inside the token, and find that there is indeed a certificate at your name. You can only export its public key, not the private part. When signing, the SafeNet software will prompt you for a password. That is not the token admin password, but a "PIN" specific to the certificate. This one you can change.
So, by default, EACH time you sign a file, you get that dialog box from the SafeNet Authentification Client that asks you for the PIN of the certificate. EACH time. But that's not all, if you enter the wrong PIN 3 times, then you just bricked your dongle. This happens really quick... you type too fast once, the second time fails and then you realize your keyboard has switched to qwerty, and now you're already at your last chance then you start to sweat for the last chance) (according to what Sectigo told me, they can un-brick the dongle, so it is not completely bricked, but it is still a massive loss of time).
There is a setting in SafeNet to control the number of tries, but it cannot be changed by me, the 'master' password of the dongle is required, I think. Fortunately it is possible to change a setting so that it asks for the password only once per session instead of every time (until logged out, or until the screen is locked) (url)
Still, even with this setting, you have to enter the password once each time the computer reboots, and windows computer do reboot quite often..
There is no official way to enter the token password from command-line. It has to be typed, from you physical keyboard with your little fingers into that stupid dialog box from SafeNet. So it is not possible to automate builds. Fortunately, people have figured some hacks around this, they are ugly and a bit dangerous since the dongle is locked after three unsuccessful attempts:
I saw, after buying that SafeNet USB key, that some providers (not Sectigo) do offer "cloud signing" solutions. Of course it is more expensive, these poor guys have to run servers etc.. I guess in the end, for them, these new requirement from the CA/Browser forum are very good for the business, they will sell both usb keys and cloud signing solutions. For everybody else it is just a TOTAL waste of time. Also, in the end, security will be downgraded instead of improved because everybody will have a script that enters the password automatically when the dialog box appears, and will run it on a Windows boxes with auto-login enabled, because it does not work if the user is not logged on. And then this box will connect to the internet with some half-finished python script so that other machines can connect to it to sign binaries.
A final remark : isn't that strange that I can sign my macOS/iOS binaries from any of my macs, without any stupid Thalès USB dongle plugged in my mac ? If that is safe enough for Apple, why does Microsoft enforce this dongle on us, for a more expensive price, and with a much worse service (the SmartScreen malware warning that appears while the 'reputation' is being built is not what I call a great service) ?
In conclusion: fuck the CA/Browser forum, we were fine with the pkcs12 files.
]]>And it turns out it is just the integrated GPU of my core i7 7700 which is hogging the RAM (the integrated GPU does not have its own RAM, it is shared with the CPU). Since this is on a shitty Lenovo desktop with a single RAM stick, it does not have much bandwidth to share. What makes it even worse is that I have a 4k screen plugged into the integrated GPU, so the GPU has to move a lot of pixels.
A good way to check that is to open a simple webgl demo in the browser, preferably one that does not use much CPU, but uses a lot the GPU (the Windows task manager shows graphics for both). And then run the sisoft sandra memory benchmark with this window visible, and then with the window minimized. In the latter case, I get 11GB/s of memory bandwidth, with a latency of 24ns. But when the opengl window is visible, the bandwidth drops to "5.9G/s" and latency drops to 219ns !!
The bandwidth is divided by 2 and the latency is multiplied by 10 when the GPU is in use. That's really bad, especially if you are running a real-time audio application that needs a stable performance. Ensuring that the CPU is not throttling , and that no other application is consuming too much CPU is not enough, one has also to make sure that the integrated GPU is not killing the performance of the RAM.
I have just ordered two new sticks of RAM (in order to double the bandwidth), and a pci-express graphics card, so hopefully with these two I should be able to get stable performance even when I switch between virtual desktops...
Update: I was right, everything is solved with dual channel memory and an pci-express video card.. The spikes in the cpu load when moving windows or switching workspaces have completely disappeared.
]]>xcrun altool --notarization-info blahblah
was displaying
Status: success Status Message: Package Approved
At first I was happy , until I tried to staple it:
xcrun stapler staple -v Fart3000.app
CloudKit query for Fart3000.app (2/1cff807b7db46318f4c15d93199fc6b3bf454edb) failed due to "record not found". Could not find base64 encoded ticket in response for 2/1cff807b7db46318f4c15d93199fc6b3bf454edb The staple and validate action failed! Error 65.
Strange isn't it ? The app is a fat binary with i386 and x86_64 arch. It turned out that if I build only the 64-bit file, then the stapling succeeds...
I don't reality need to built 32-bit versions of the App, so not a big sacrifice, but still it does not smell good, one tools says package approved and the other fails with a stupid and wrong message.
As a bonus, "altool" is a java application so it takes ages to start...
]]>#include <iostream> #include <cmath> int main(int argc, char **) { float f = 1, c = 0.1f; for (int i=0; i < 45; ++i) { std::cerr << "f=" << f << " sqrt(f)=" << sqrt(f) << "\n"; f *= c; } return 0; }
It's pretty simple, and one would expect it to print numbers smaller and smaller until it prints zeroes. That's not what happens when built with clang and the fast-math option on macOS:
clang++ -O1 -ffast-math t.cc && ./a.out f=1 sqrt(f)=1 f=0.1 sqrt(f)=0.316228 f=0.01 sqrt(f)=0.1 f=0.001 sqrt(f)=0.0316228 f=0.0001 sqrt(f)=0.01 (skipping some output..) f=1e-34 sqrt(f)=1e-17 f=1e-35 sqrt(f)=3.16228e-18 f=1e-36 sqrt(f)=1e-18 f=1e-37 sqrt(f)=3.16228e-19 f=1e-38 sqrt(f)=-inf # WTF ??? f=1e-39 sqrt(f)=-inf ...
So when f is so small that it is represented as a denormal number, the sqrtf function returns PURE GARBAGE instead of returning 0. Or any denormal number. I would accept anything, but not, for fucks sake, a negative number. Not -inf. Please.
I have reported this to Apple (more than one year ago) , I got a reply (one year later), and for them it is not an issue, because the argument of sqrtf being smaller than FLT_MIN allows undefined behaviour (!??). Well, let's agree to disagree. I don't think fast-math should allow the compiler to do whatever it wants. Denormal numbers do happen. Sqrtf is a common function. There is a difference between being fast and slightly incorrect, and being fast and absolutely wrong.
Note: I have not been able to reproduce it with gcc or msvc, or even clang on linux. It is only the mac version of clang/libc++ which is retarded.
]]>./build.sh -b nanopi-neo2 -p linux -t kernel
. Ca échoue rapidement mais on s'en fout maintenant y'a un .config dans le dossier linux.
Donc:
cd linux
make menuconfig et aller dans drivers / soundcard pour rajouter le support du sequenceur alsa sous forme de module.
Il faut aussi recuperer Modules.symvers:
cp /lib/modules/3.10.65/Module.symvers .
Faire
make prepare && make scripts make CC=gcc-4.9 M=sound/core/seq/ sudo make CC=gcc-4.9 M=sound/core/seq/ modules_install depmod -a
et voilà normalement on peut maintenant faire un modprobe snd-seq
et ça roule.
La grosse nouveauté de ce macbook c'est sa touchbar. Elle permet (et c'est sans doute son usage le plus spectaculaire) d'afficher la liste entière des emojis unicode quand on rédige un mail , c'est assez impressionnant et bien sûr crucialement utile. On trouve aussi sur internet plein de gens qui disent que la touche escape transformée en touche non physique sur la touchbar eh ben "saipagrave", personnellement je penche plus pour le "sapuducul". Ca m'a donné l'occasion de réaliser qu'en position de repos j'ai tendance à laisser trainer le petit doigt pas loin de cette touche escape et comme maintenant elle s'active dès qu'elle est frôlée j'ai tendance à balancer des rafales de ESC intempestifs dans emacs ou dans le terminal (des rafales parce que tant qu'on laisse le doigt dessus elle passe en mode autorepeat, c'est vraiment malin). En mode rédaction de mail, un bouton 'Send' apparait juste à côté de la touche escape, ce qui est une riche idée sauf pour ceux qui ont l'habitude d'avoir le petit doigt qui traine dans le coin. A l'extrême droite y'a le bouton marinesiri que j'ai aussi pas mal tendance à activer par erreur. Le réglage du volume sonore se fait aussi sur la touchbar, mais là ou autrefois on avait une touche pour augmenter, une touche pour baisser, il faut maintenant appuyer d'abord sur un bouton qui fait apparaitre un slider pour ensuite ajuster le volume, c'est très joli mais ça fait deux "clics" au lieu d'un. A part ça, la touchbar ne me sert à rien. Donc en gros on peut un peu dire que la touchbar c'est de la merde. Peut être qu'avec du retour haptique elle serait potable.
Le clavier est nouveau aussi, et il n'est ni magique ni révolutionnaire. En plus il fait du bruit (dans le bureau c'est clairement moi qui ai le clavier le plus bruyant maintenant), et ce n'est pas un bruit soigneusement designé qui évoque le matos cher et sophistiqué, mais plutot un vieux ploc cartonné qui me rappelle les pires netbooks avec leur claviers mous et gondolés. En plus je n'arrête pas de faire des fautes de frappe sur ce clavier.
Le bruit: j'ai pris le modele quad-coeur core i7 pour avoir une machine qui a la niaque quand il s'agit de compiler des trucs. Eh bien au bout de 10 minutes de compilation intensive le macbook réussit à faire plus de bruit que mon ancien mac pro (la grosse tour qui pèse au moins 200kg). Pas mal ! Et ça n'empeche pas le cpu d'être à 100°C (d'après l'application intel dont j'ai oublié le nom). Donc le corps du mac est confortablement chaud, comme une bonne bouillote de mamie, j'ai hâte de voir ce que ça va donner cet été.
Une feature sympa quand même: le touch-id , qui marche bien et j'apprécie de devoir saisir mon mot de passe un peu moins souvent. Et l'usb-C, si on oublie l'adapteur hdmi moisi de apple , pour le reste c'est plutot sympa.
En conclusion je décerne un 2/20 à ce macbook.
]]>Et donc pour Instruments.app , ce qui est nécessaire si on veut que cette mule soit capable d'annoter les sources du code profilé, c'est de bien veiller à compiler les sources en donnant le chemin *absolu* à clang, et non pas un chemin relatif.
]]>