Skype now has a rather functional web interface, at least in Chromium-based browsers. If you need to use Skype, I think this is a preferable solution to the sandboxing approach presented in this blogpost (which I no longer use).

More of the same. After sandboxing Dropbox, I also wanted to run Skype as its own user. Again, this is not an endorsement of Skype, which is proprietary and quite creepy software.

Once again, I chose to use a lightweight solution where Skype is run as a separate user and where I implement access control with various mechanisms, as opposed to more ambitious approaches using containers, virtual machines, etc. The main difficulty is that, unlike Dropbox, Skype is not headless, so it needs to access the X server, whose security model is far from perfect. If Skype could directly access the X server, it could log all keystrokes (even those directed to different applications), take screenshots, etc. I use the approach of running Skype in Xpra, following an idea found here. Xpra acts as an X server to which Skype will connect, and it will display as a client in my real X server, but it will not relay X events of my server to its client unless they are addressed to the client.

However, one should keep in mind the possibility that Skype could access desktop notifications, and possibly (and more annoyingly) that it could be accessing clipboard data.

User setup

Start by setting up the Skype user as in my sandboxing Dropbox guide, following steps from 1 to 5. You can probably be stringent with the disk limit (I used 500MB), but you should be generous with the RAM limit, as Xpra may fail to start otherwise (I used 1024000000 bytes). Step 5 can be followed as-is because the ports used by Skype are the same as those used by Dropbox.

You should also add yourself to the skype group, to be able to access later files created by the skype user.

If you want Skype to be able to access the webcam, on Debian, the skype user should be put in the video group. However, I am not sure about the security implications of this choice.

Pulseaudio configuration

A problematic issue is that Skype will need access to the speakers and microphone. I use PulseAudio with a user-level daemon for my user, and we need to arrange things so that the skype user will be able to connect to the daemon. Of course, however, we will not make the pulseaudio open to all local connections, and only allow them from the skype user.

To do this, we need to change the Pulseaudio configuration to create its socket at a place where the skype user can access it, and instruct Pulseaudio clients to look for the socket at its new place. The following assumes that you do not have a configuration file already:

mkdir -p ~/.pulse
cd ~/.pulse
cp -n /etc/pulse/default.pa .
echo "load-module module-native-protocol-unix socket=/tmp/pulse-socket" >> default.pa
cp -n /etc/pulse/client.conf .
echo "default-server = unix:/tmp/pulse-socket" >> client.conf

Once this is done, restart Pulseaudio. When running Skype (using the script that I will talk about later), the credentials to access the main Pulseaudio server will be passed from the main user using pax11publish.

Mind the security implications: this means that you may consider all sound input and output compromised while Skype is running. This is hardly avoidable, however, as Skype communications themselves cannot be considered secure.

Skype installation

First, apt-get install the dependencies of Skype.

Then, download the Evil Skype Binaries from skype.com, put them in the home of the Skype user and chown them so that the skype user owns them. Of course, retrieve the "Dynamic" version, as the point is that we want to be able to install them without root privileges. As the skype user (sudo su -s /bin/bash skype), extract them. I recommend symlinking the created folder to "skype" so you can have a path that does not change even when you update to newer versions.

Setting up Xpra

Install xpra (it is packaged for Debian).

Then do the following as the skype user, which we will use to host the Xpra socket:

cd ~skype
mkdir xpra
chmod g+rwx xpra

Running Skype

The task of running Skype is a bit complex, so I wrote a script that does it for me. It also does similar sanity checks to the one done by my dropbox wrapper, to make sure that the access restrictions don't suddenly stop working.

The way it works is that starts an Xpra display without Pulseaudio (as we will be connecting to the Pulseaudio server started by our true user) and with --mmap-group and the right socketdir to make the socket accessible to members of the skype group (that is, your true user); also using a specific local encoding to avoid JPEG artifacts. It waits for the server to be ready, and then uses pax11publish to send Pulseaudio credentials to the server. Then it runs Skype in the Xpra display and attaches it from your real session. It also includes what is needed to kill all Skype processes when you are done using Skype.

The script will not work out of the box for you, but you should be able to adapt it to your needs.

One problem that you will have to fix is that sound notifications will not play because Skype will be unable to find them. This can be fixed by going in Skype's parameters, and selecting manually the sound files in the ~skype/skype/sounds folder.

This post is about a kind of French song where syllabes are repeated from one verse to the next. To my knowledge it has no equivalent in English though there are analogous poetic forms. This post is thus written in French.

La chanson Trois petits chats est une ritournelle bien connue :

Trois p'tits chats, trois p'tits chats, trois p'tits chats, chats, chats,
Chapeau d'paille, chapeau d'paille, chapeau d'paille, paille, paille,
Paillasson, paillasson, paillasson, -son, -son,
Somnambule, somnambule, somnambule, -bule, -bule...

La chanson continue de la sorte, chaque vers répétant en première syllabe la dernière syllabe du vers suivant, pour généralement finir par revenir à "Trois p'tits chats". De façon amusante, les chansons de cette forme semblent rares dans d'autres langues.

zorun a eu la mauvaise idée de me poser la question : serait-il possible de générer des chansons de ce type, voire des chansons plus longues, de façon automatique ? Ce billet répond par l'affirmative à cette importante question. Voici un exemple de chanson générée automatiquement, avec 86 vers, en utilisant Lexique :

Lingala, lingala, lingala, -la, -la,
Laticlave, laticlave, laticlave, -clave, -clave,
Clavecin, clavecin, clavecin, -cin, -cin,
Sainte nitouche, sainte nitouche, sainte nitouche, -touche, -touche,
Touchotter, touchotter, touchotter, -ter, -ter,
Télégramme, télégramme, télégramme, -gramme, -gramme,
Graminée, graminée, graminée, -née, -née,
Nécessaire, nécessaire, nécessaire, -saire, -saire,
Cervidés, cervidés, cervidés, -dés, -dés,
Démesure, démesure, démesure, -sure, -sure,
Zurichois, zurichois, zurichois, -chois, -chois,
Quadrature, quadrature, quadrature, -ture, -ture,
Turquerie, turquerie, turquerie, -rie, -rie,
Richissime, richissime, richissime, -sime, -sime,
Symétrie, symétrie, symétrie, -trie, -trie,
Triqueballe, triqueballe, triqueballe, -balle, -balle,
Baliveau, baliveau, baliveau, -veau, -veau,
Vocalise, vocalise, vocalise, -lise, -lise,
Liséré, liséré, liséré, -ré, -ré,
Réticule, réticule, réticule, -cule, -cule,
Culbuto, culbuto, culbuto, -to, -to,
Taurobole, taurobole, taurobole, -bole, -bole,
Bolcheviks, bolcheviks, bolcheviks, -viks, -viks,
Victimaire, victimaire, victimaire, -maire, -maire,
Mercredi, mercredi, mercredi, -di, -di,
Dipsomanes, dipsomanes, dipsomanes, -manes, -manes,
Managers, managers, managers, -gers, -gers,
Jerricane, jerricane, jerricane, -cane, -cane,
Canapé, canapé, canapé, -pé, -pé,
Pécheresse, pécheresse, pécheresse, -resse, -resse,
Restaurant, restaurant, restaurant, -rant, -rant,
Rancissure, rancissure, rancissure, -sure, -sure,
Survenue, survenue, survenue, -nue, -nue,
Numismate, numismate, numismate, -mate, -mate,
Matelot, matelot, matelot, -lot, -lot,
Locataires, locataires, locataires, -taires, -taires,
Thermostat, thermostat, thermostat, -stat, -stat,
Talmudiste, talmudiste, talmudiste, -diste, -diste,
Dysthymie, dysthymie, dysthymie, -mie, -mie,
Misogyne, misogyne, misogyne, -gyne, -gyne,
Gynéco, gynéco, gynéco, -co, -co,
Connétable, connétable, connétable, -table, -table,
Tableautin, tableautin, tableautin, -tin, -tin,
Tintamarre, tintamarre, tintamarre, -marre, -marre,
Marabout, marabout, marabout, -bout, -bout,
Boulangère, boulangère, boulangère, -gère, -gère,
Gerberas, gerberas, gerberas, -ras, -ras,
Radicale, radicale, radicale, -cale, -cale,
Califat, califat, califat, -fat, -fat,
Phallophore, phallophore, phallophore, -phore, -phore,
Formica, formica, formica, -ca, -ca,
Capitale, capitale, capitale, -tale, -tale,
Thalamus, thalamus, thalamus, -mus, -mus,
Muscadine, muscadine, muscadine, -dine, -dine,
Dynamo, dynamo, dynamo, -mo, -mo,
Monoplaces, monoplaces, monoplaces, -places, -places,
Placebo, placebo, placebo, -bo, -bo,
Bogomiles, bogomiles, bogomiles, -miles, -miles,
Milonga, milonga, milonga, -ga, -ga,
Galalithe, galalithe, galalithe, -lithe, -lithe,
Liturgie, liturgie, liturgie, -gie, -gie,
Gyrophare, gyrophare, gyrophare, -phare, -phare,
Pharmacie, pharmacie, pharmacie, -cie, -cie,
Silicate, silicate, silicate, -cate, -cate,
Catalpa, catalpa, catalpa, -pa, -pa,
Palikare, palikare, palikare, -kare, -kare,
Carambar, carambar, carambar, -bar, -bar,
Barricade, barricade, barricade, -cade, -cade,
Caducée, caducée, caducée, -cée, -cée,
Séfarade, séfarade, séfarade, -rade, -rade,
Radical, radical, radical, -cal, -cal,
Calamines, calamines, calamines, -mines, -mines,
Minéral, minéral, minéral, -ral, -ral,
Rallumage, rallumage, rallumage, -mage, -mage,
Magistrat, magistrat, magistrat, -trat, -trat,
Traversine, traversine, traversine, -sine, -sine,
Cinéma, cinéma, cinéma, -ma, -ma,
Martingale, martingale, martingale, -gale, -gale,
Galoubet, galoubet, galoubet, -bet, -bet,
Betterave, betterave, betterave, -rave, -rave,
Ravioli, ravioli, ravioli, -li, -li,
Libérale, libérale, libérale, -rale, -rale,
Ralenti, ralenti, ralenti, -ti, -ti,
Tisserande, tisserande, tisserande, -rande, -rande,
Rendement, rendement, rendement, -ment, -ment,
Mandoline, mandoline, mandoline, -line, -line,
Lingala, lingala, lingala, -la, -la,

Le reste de ce billet donne plus de détails sur la façon dont cette chanson a été calculée ; le code est également disponible.

J'utilise Lexique, que je trie en mettant d'abord les formes non-dérivées (e.g., le singulier avant le pluriel, même s'il y a parfois des erreurs), puis par ordre de fréquence décroissance (pour privilégier les mots courants en faveur des mots rares, même si le programme n'hésitera pas à utiliser un mot rare quand c'est la seule manière d'aller d'une syllabe à une autre).

Lexique indique heureusement des informations de découpage en syllabes au niveau phonétique et orthographique, donc il est facile de retenir les mots de trois syllabes. Je ne retiens que les noms, à peu près comme dans la chanson originale (mais il y a là encore des erreurs). Je ne garde que les mots de lexique avec des informations de découpage complètes (elles sont parfois absentes dans Lexique).

La chanson originale contient, outre des noms, des groupes nominaux (par exemple "Trois p'tits chats"), que Lexique ne contient pas. J'ai envisagé de tenter de récupérer de tels groupes (par exemple, à partir de titres d'articles Wikipédia), qu'il faudrait ensuite consolider avec Lexique, mais finalement je ne l'ai pas fait, eu égard par exemple à la difficulté qu'il y aurait à déterminer si les élisions entre un mot et le suivant sont possibles.

Je filtre encore les mots : étant donné qu'en répétant la dernière syllabe on veut toujours garder une consonne avant, on peut éliminer tous les mots qui commencent par une voyelle, ou qui se terminent par deux sons vocaliques en succession (par exemple "hévéa" ou "casoar").

J'observe ensuite que, dans la chanson originale, on aime bien répéter un 'e' muet final sur les lignes paires (par exemple "pail-leuh", "somnambu-leuh"). J'identifie les 'e' muets en testant pour une finale en 'e' ou "es" qui ne soit pas précédée de 'i', 'u', ou 'é', et je décide d'imposer l'alternance entre de telles finales et des mots qui n'en disposent pas, un peu comme l'alternance entre rimes féminines et masculines en poésie (les règles diffèrent, cependant, par exemple "-ie" est tout de même une finale féminine en poésie).

Je considère qu'un mot u peut être atteint à partir d'un mot v si la dernière syllabe de la prononciation v, entière, est un préfixe de la prononciation de u. Ainsi, j'impose que la dernière syllabe soit entièrement préservée, afin de pouvoir la répéter ("radiogramme, -gramme, -gramme", et non "radiogramme, -ramme, -ramme"), mais on peut aboutir à un mot dont la première syllabe est suivie de davantage de sons consonantiques que la finale du vers précédent.

J'obtiens ainsi un graphe orienté de 205 sommets et 629 arêtes : pour chaque passage d'un couple "syllabe, genre" (masculin ou féminin) à l'autre, je ne retiens que le premier mot qui le permet dans la liste d'entrée (donc, normalement, le plus courant). Ce graphe a été écrémé pour ne conserver que les sommets accessibles et co-accessibles pour un point de départ arbitrairement choisi. J'interdis également, par souci esthétique, les arêtes qui restent sur la même syllabe en changeant de genre, e.g., "trinitrine"

Je recherche ensuite un cycle dans ce graphe, que je tente de rendre aussi grand que possible, mais je lui interdis de passer deux fois par la même paire "syllabe, genre", parce que dans ce cas on peut raccourcir la chanson. Ce problème d'optimisation est difficile : il est en fait NP-dur, vu qu'on peut facilement y réduire celui de la recherche d'un cycle hamiltonien. Je ne connais pas de manière simple d'approximer ce problème pour chercher un grand cycle, donc j'ai à la place implémenté une approche naïve qui énumère tous les chemins par parcours en profondeur. Cette approche génère le cycle de longueur 86 que j'utilise pour formatter les paroles ensuite. Sans doute peut-on en trouver un plus long ; c'est certainement le cas si on tente de corriger Lexique pour pouvoir conserver les mots avec des données incomplètes...

À titre expérimental (et pour récompenser le lecteur patient qui est parvenu jusqu'ici), j'ai tenté de combiner la mélodie avec le système de synthèse vocale Festival. Malheureusement, je ne sais pas comment lui indiquer la prononciation des paroles, et je ne peux donc indiquer que les paroles sous forme orthographique, qui est par ailleurs interprétée comme de l'anglais par le logiciel, avec des problèmes manifestes de gestion des caractères accentués. Le résultat se passe de commentaires...

Do you leave computers running, just on the off chance that you will need to ssh into them or otherwise access them remotely? I used to do this and feel a bit bad about wasting energy to power mostly idle machines, but I recently discovered Wake-on-LAN, which allows you to power or resume your computer from the network. I vaguely knew this existed, but I had no idea that it was something stable and available on normal computers. In fact, as it turns out, it works mostly out-of-the-box on my machines.

The basic principle of Wake-on-LAN is to setup your computer's network interface to react to specific incoming packets by powering up or resuming the machine, allowing you to suspend or power down the machine, and turn it up or wake it up remotely.

When to use it

When can you use Wake-on-LAN? First, of course, you cannot do this on machines that have to stay on because an actual server is running on them. Of course, however, such services should probably be run on low-power machines to avoid wasting energy. Second, it only works with Ethernet, so if your machine doesn't have a wired connection you are out of luck.

Third, your network interface must support Wake-on-LAN, which you can enable as follows, using the ethtool command (packaged in Debian with the same name). I'm assuming that eth0 is your network interface:

sudo ethtool -s eth0 wol g

You can then check that it works by issuing:

sudo ethtool eth0 | grep 'Wake-on: g'

If Wake-on: g is indeed returned, then Wake-on-LAN is enabled on your machine.

Earlier versions of this guide incorrectly explained how to enable Wake-on-LAN after explaining how to test for it.

How to enable it persistently

You probably want to enable Wake-on-LAN on the target machine (the one to wake up remotely) automatically at boot. What worked for me on Debian is to use udev following these instructions. In fact, this is an excellent guide and I am paraphrasing a lot from it.

For future purposes you should also retrieve the MAC address of the interface of the target machine, I will call this MACADDR:

ip addr show dev eth0 | grep 'link/ether' | awk '{print $2}'

And retrieve its public IP address (I use IPv4), I will call this IPADDR:

curl -4 icanhazip.com

How to send the packets

Now that Wake-on-LAN is enabled, you will need another machine to send the magic packet to wake up the target machine. To do this, I use the command wakeonlan from the Debian package of the same name.

The easiest is to do it from a computer on the same LAN, where you can just do:

wakeonlan MACADDR

If you are not on the same LAN, then either you should ssh to a computer of the LAN where you can do this, or you should set up forwarding. For instance, with a Freebox, you can make it work like this:

• enable the specific Wake-on-LAN proxy option;
• set up a permanent DHCP lease for your machine based on MACADDR so it always has the same IP address in the LAN (if you haven't done so already),
• configure a redirection from UDP and TCP port 9 from the WAN to the target machine (use different public ports if you have different target machines on the LAN);
• reboot your Freebox and renew the DHCP leases from the target machines

You can then do, from any computer:

wakeonlan -i IPADDR MACADDR

Of course, in terms of security it is a bit worrying that this is possible, because there is no authentication. You can be reassured by the fact that an attacker would need to know your MACADDR to be able to wake up your machines in your stead, but as it is sent in the clear when doing a Wake-on-LAN, that's not so reassuring. Also, you have to hope that your network controller, with its fancy Wake-on-LAN features, does not have flaws that could allow an attacker to do more than just wake the computer up...

In fact, the setup with the forwarding didn't work reliably for me after all, so, if you can, it's better to ssh to something on the same LAN to wake the machine up instead.

To test the setup, an easier way than actually suspending the machine, especially if you can't resume it manually in case of failure, is to check with socat that the target machine can actually receive the magic packets. On the target machine, do:

sudo socat -u udp-recv:9,reuseaddr -

Now test sending the magic packet; if things work correctly, some garbage (corresponding to the raw packet) should appear. If nothing appears, the packet is not being received by the target machine and you should troubleshoot this.

If the target machine can receive the packet, you can make it suspend to RAM using pm-suspend (package pm-utils in Debian). Do the following on the target machine:

sudo pm-suspend

The target machine should go to sleep, spending a minimal amount of energy to keep the RAM powered. Now, sending the magic packet from another machine should cause the target machine to resume. Hopefully all network interfaces should become usable (and all hardware should remain in the same state as before), so you can then ssh into the target machine a few seconds later, use it in the normal way, and just put it back to sleep with pm-suspend once you're done with it.

In many situations, e.g., when filing bug reports or asking questions on mailing-lists or forums, one needs to take a file which triggers a certain behavior and reduce it to a file of minimal size that still triggers the behavior. For instance, you have written a long program that makes your compiler segfault, and you want to extract from it a minimal program that does the same. This is called minification, and the minimal file is often called a minimal working example.

You can minify your file by hand, testing again each time you remove something, but this is quite inefficient. This post is a brief tutorial on how to use the tool Delta, which does this automatically.

First, you should install Delta. On Debian systems, it is packaged as delta, and its main command, that we will use, is named singledelta.

Second, the interesting part, you should create a shell script test.sh that takes a file as parameter and decides whether this file triggers the behavior of interest, returning 0 if the file is interesting and 1 if it is not. singledelta will use this script to test intermediate versions of the file while minifying.

For instance, to detect a segfault:

#!/bin/bash
myprogram --option "$1"
if ! test $? = 139; then
  exit 1
fi
exit 0

To test whether the output matches the contents of file "reference":

myprogram --option "$1" > output
! diff output reference

To test if the standard output or standard error contain the string "problem":

myprogram --option "$1" 2>&1 | grep problem

Third, you just copy your original file to a different name, say "minified_file", then run singledelta, which will minify "minified_file" in-place.

cp original_file minified_file
singledelta -in_place -test=./test.sh minified_file

The process is very chatty. Once it completes, "minified_file" is a file that still triggers the behavior and is as small as possible.

Well, technically, this is not true, because I have observed that in some cases, for reasons unknown, rerunning singledelta again on the supposedly minified file can minify it further. I have written a trivial script to run singledelta repeatedly until the file no longer shrinks. Use it thus:

cp original_file minified_file
manydelta ./test.sh minified_file

Once again, this will minify "minified_file" in place by invoking singledelta repeatedly. Of course, once the process has completed, you may still be able to apply human intelligence to minify the file further in ways that singledelta cannot do. Indeed, singledelta only tries to remove lines, it will not, e.g., shorten identifiers or strings.

If you need more advanced features, Delta can also be used for other things, e.g., running on multiple files. See for instance this guide.

Smartphones nowadays seem to have a "social" aspect, where people talk about which hardware and accessories they use, and which apps and services they rely on. I don't care so much about this as about my computer setup, but it seems that for most other people the opposite is true. Hence, this post describes the software part of my smartphone setup.

For reasons related to privacy, ethics, and ideology, I try to avoid proprietary software to the extent possible. Hence, my phone runs mostly free software (with exceptions, see below). This implies that my choice of apps to run on my phone is limited, which is part of the reason why my phone is a comparatively unimportant part of my general computing setup, and why this list of apps is short and easy to write. Other reasons why my phone is not important are:

• personal preference: I'd much rather use a computer with a real keyboard than a phone, and I often have a computer at hand.
• ethics: the phone ecosystem is much less open-source-friendly and much less privacy-friendly than the computer one (at least when you run Linux); on phones it takes way more effort to evade proprietary software, anti-features, tight integration with cloud services that I don't want, etc.;
• laziness: it's nevertheless clear that I should be doing more with this Internet-connected computer I always carry with me, even if it means I have to write my own software, but this would be a lot of work.

CyanogenMod

I have never tried non-Android smartphones. Apple and Microsoft smartphones are obviously a no-go in terms of freedom and privacy, but Firefox OS and Ubuntu phone look like decent options that I would need to investigate. For now, however, I use Android.

The precise operating system I use is CyanogenMod. There are multiple reasons. I prefer using a system which is (in principle) community-managed, and I prefer using one I installed myself rather than the default one (which I feel is more likely to come with anti-features). Further, CyanogenMod's slight power-user focus means that it sometimes includes some additional options and/or is less eager on hiding advanced settings to protect users against their own foolishness.¹ The most important reason, however, is that I know no easier way to have a mostly open-source Android system without the proprietary Google applications. I do have a Google account for various reasons,² but nothing I'd like to associate with my phone. Using CyanogenMod allows me to have an Android-system which is as Google-free as possible.³

A slight downside of this choice is that you cannot use some of the proprietary Google applications that have nice features even though they shouldn't in principle require a Google Account, e.g., the Google Maps app. Instead, I use the Web version, even though it is inferior. The major drawback, however, is that you cannot use the Google Play Store client. As it is not possible otherwise to download the APK packages of applications (even the freeware ones), it means you cannot install any of the Android apps which are only available on Play Store, i.e., a vast majority of them. No Google apps also means no Google Play Services, and even some apps available outside of the Play Store, e.g., TextSecure, cannot be used then because they require them (see, e.g., TextSecure's FAQ entry about this).

For many real-world services (banks, restaurants, cinemas, etc.), as "mobile apps" means "Android and iPhone", and as "Android" means "Google Play", this means that I cannot use their apps. This would not be a problem if such services had decent Web interfaces, but many of them spend most of their efforts polishing their closed apps rather than their websites, so it is sometimes annoying.

Another downside is that CyanogenMod still contains proprietary software and drivers, so it would be better to switch, e.g., to Replicant, but its support of my phone is not sufficient for me to consider it yet.

F-Droid

To install apps and keep them up-to-date, instead of the Google Play Store, I use F-Droid, a repository of apps which only includes free software.

The main drawbacks of F-Droid is that there are comparatively little applications available (1563 as of this writing, against 1.4 M on the Play Store), and that the interface is a bit primitive in some respects (e.g., apps are not downloaded in the background, apps must be manually updated one by one, etc.). The advantage is that there is only free software, and that the developers are serious about identifying anti-features, building apps without tracking or advertising libraries, etc. This saves me the effort of figuring out whether all those apps are ethical.

OsmAnd

To display maps and compute routes when moving my body in the real world, I use OsmAnd, which relies on OpenStreetMap (OSM) data. OSM is a free map database which is the main open-source competitor to Google Maps. OsmAnd uses Android's feature to figure out the phone's location (using GPS, for instance), and it can either draw maps retrieved directly using an Internet connection, or it can draw them from offline OSM data downloaded beforehand, which requires no data connection. The offline feature is extremely useful abroad, where data is unreliable and prohibitively priced, and it is something that Google Maps does not always allow (for licensing reasons that don't exist with OSM).

Except the nicety of being usable offline, OsmAnd has a lot of drawbacks relative to the Google Maps app. The interface is ridiculously counter-intuitive. It is sometimes sluggish (especially when drawing the offline maps); this is quite legitimate as it's harder to decompress and draw maps than to just fetch them, but it seems like it could be improved (for instance, it doesn't seem to cache a lot of what is drawn). Offline routing is quite brittle. There is no public transportation routing, and of course no Street View. Also, addresses need to be input in a structured format, there is no good unstructured search.⁴

As a proud OSM editor, I use OsmAnd's editing features to fix OSM or leave notes whenever it does not match the real world.

WeeChat

I use IRC to chat, mostly on a self-hosted server, and I use XMPP via a bitlbee gateway. On my server, I use weechat. To support this on my phone, I use the Weechat-Relay Android client.

The reason why I use weechat is mostly because of this relay feature, to replace a former setup with irssi and the bip proxy which was unmaintained and had bugs. Still the result doesn't really work that well, and I can't really trust weechat to reconnect reliably whenever my data connection disappears and reappears. (In contrast with previous setups, however, this one has a crucial feature which isn't necessarily a given: when the Android client displays a message that I sent, then it has got the confirmation that the message was actually sent; it won't display my messages before sending them and then silently realize it cannot send them because it disconnected.)

ConnectBot

I use ConnectBot as an SSH client to my various machines. I use it whenever I need to check something on the machines, be it searching mail archives with notmuch,⁵ administering mailing-lists with listadmin, anything really...

I also use ConnectBot to create SOCKS proxies, for various purposes: whenever I need to evade network restrictions; whenever I have the feeling that my data connection lags when opening new TCP connections but is usable otherwise; when I want to use Tor on my phone through one of my machines. Port forwards and SOCKS proxies can be configured by long-tapping hosts in ConnectBot.

DAVdroid

I use DAVdroid to synchronize my calendar with my server: more details in my blogpost about this. I use the default AOSP Calendar application to manage my calendar.

K-9 mail

I use K-9 mail to manage mail on my phone, accessing my account via IMAP. I use IMAP IDLE to get my mail when it arrives without having to refresh periodically. I haven't yet invested the time to support reading OpenPGP-encrypted mail on my phone.

When I'm abroad and data is expensive, I use a procmail filter to send myself an SMS for each incoming mail using my mobile provider Free's API. I pipe the mail through this script and then through an invocation of this script. This gives me the sender, subject, and the first few lines of the message. That way, I can at least read email in real-time for free, and punctually enable data when I want to get the full email, or reply to it.

Aard Dict

I query Wikipedia very often, and I want to be able to do so when I have no Internet access, and to do it fast when data is too slow. For this, I use Aard Dict, with the French Wikipedia. (I would prefer the English one for most purposes, but it is too large, given that I also want to store music on my phone.) The dump is almost two years old, but it doesn't matter so much for most of what I need it for. Beyond their use when fact-checking, Wikipedia pages make for fairly interesting reading when bored.

I don't use yet version 2 of Aard Dict, because it hasn't been packaged for F-Droid yet. I'm not in a hurry, I'm quite satisfied with version 1.

On my computers, where I have more space, I use Kiwix with more dumps, see the blogpost about this. This is very useful on planes or in other places with no or crappy Wi-Fi.

Firefox Mobile and default browser

To browse the Internet, I use either the default browser or Firefox for Android. I'm not especially fond of either, especially their sluggishness, and their inexplicable habit of flushing pages after they have been downloaded, so that if there is no longer a data connection they can't be displayed anymore.

I need Firefox Mobile whenever I need to use a SOCKS proxy, because the default browser doesn't seem to support it: configuring Firefox Mobile to use a SOCKS proxy must be done via the about:config page, with the following settings: network.proxy.socks, network.proxy.socks_port, network.proxy.socks_remote_dns, and network.proxy.type. Conversely, I rely on the default browser's tolerably functional feature to save pages for offline viewing.

Anki

I haven't used it in a while, but Anki is a very good flashcard application, and spaced repetition, that this app implements, is a nice way to optimize writes to your brain.