Why is it you can’t convert a TrueType font to PostScript or the other way around?

This is one of those outrageous assertions you find very frequently in the intarwebs: “You just can convert this TTF font to PostScript” or the same thing backwards. Someone with technical knowledge explains why it is not possible to obtain a remotely decent result and then another pundit repeats the same stupid assertion.

The technical reality of it all is this: PostScript fonts use quadratic equations to describe shapes (“splines”), while TrueType fonts use cubic equations to describe splines. Furthermore, hinting is very different. PostScript fonts use generalized hinting subroutines that need an external hinter to produce properly shaped output at the required sizes (is there still people old enough to remember and have used Adobe Type Manager anywhere that are not professional typographers or typesetters?). On the other hand, TrueType hints are full blown self shape-modifying programs, the font modifies itself at the given output sizes and the external hinter influence on final output is minimal if any — I’m not touching subpixel rendering here, just in case someone engages keyboard before brain in the, very unlikely, comments.

A brief analogy: A PostScript font is like an Arabian racehorse. Beautiful and very fast but to win it requires a jockey who can read the animal’s quirks and needs to take it first in a race. A TrueType font is like a Formula 1 race car. The car is a fully computerized machine where the pilot’s role is to keep it on the road and make sure it doesn’t splat onto a wall or chrash with another car while trying to go as fast as possible. The computers and the technical team take care of the rest remotely.

To convert a PostScript font to a TrueType font just by using Fontforge, FontLab, etc., or the other way around, is like taking an Arabian racehorse, putting it in a meat grinder and expect to obtain a Formula 1 race car in the other end. QED.


Trolling Requires Quality

I’ve found “Things that BSD owes GNU/Linux | BSD, the truth” http://aboutthebsds.wordpress.com/ a most amusing read. Most of the write ups have the ring and weight of truth, but it is unfortunate that:

a.) The author enjoys personal attacks and character assassination; too much. It is immature and destroys whatever real arguments he/she may present in his/her rants.

b.) The author’s first language is not English and the command is poor. I suspect poor knowledge of his native language as well. Hey! Not all of us have a sound literary education; much less literacy. Unfortunately it shows in the incoherent expression of ideas. It removes credence; a lot.

Using a *real* x.509 certificate with Irssi and OFTC.

Due to random reasons — read: highest point in the yearly “I’m bored to death” bell distribution curve — my x.509 certificates expire on the last days of the year. Now, I don’t really use them much if at all because PKI certificates have been out of vogue for several years now. But that doesn’t say anything about their usefulness! They can help you be more secure and more conscious of the need of security. In fact, there are places where using a x.509 certificate can simplify your life. Case in file: OFTC.

If you don’t use a x.509 certificate to log in to OFTC, they will make sure your life is miserable, trust me. What do you think of having 10 seconds to login with your password every time you connect. OK, I exaggerate with the time, but you get my point. Right? OFTC’s website is a wiki. Not particularly well-organized, I’m afraid, so you need to go digging for a while to find instructions on how to use a x.509 certificate to login to the network, but after a while you find the darned instructions.

So, I won’t touch that particular theme. Besides I’m sure there are at least 5,230 places out there where you can find that information. What I do want to touch in this post is the matter of x.509 certificates.

What do I call a real certificate? One emitted by a recognized certificate authority. And if I can get it for free, I’m in for as long as the ride lasts. So instead of creating my own self-signed x.509 certificate as the OFTC instructions suggest, I decided to use a real x.509 certificate with a real certificate chain. What to do?

First, there was the matter of choosing a certificate authority that would give me a x.509 certificate for free. Thawte stopped its personal PKI a couple of years ago. So the ones left, to my knowledge, are CAcert and StartSSL. After some thought I chose StartSSL, because they work as a OpenID authentication source as well.

Now, the problem was how to use the certificate. To generate the certificate I used Firefox, not because I wanted to but rather because I had trouble with Chromium doing the right thing. After exporting it I had a PKCS12 file where both public and private keys are encrypted with a password of my choice. But irssi needs a PEM file where both keys are unencrypted in ASCII armor format. So what now? Here is the hack:

openssl pkcs12 -in in.p12 -out out.pem -nodes -clcerts

Give your encryption password when asked. Make sure you don’t give a password to the private key! Use out.pem according to the instructions in OFTC’s wiki, and that’s it. Of course, the usual “don’t be a moron” precautions ensue: Set file permissions so that only you can read the file, don’t do it in a shared or public computer, perhaps use something like ecryptfs to keep your $HOME/.ssh directory encrypted, or do it with your whole home directory or, better yet, encrypt your partitions with dmcrypt! All depends on your level of paranoia and real need of security.

Creating a MPEG2 file with mencoder

Note to self: This is a reminder and follow up on the previous post of how I managed to reencode an AVC1/AC3 video in a Matroska container to a DVD-ready MPEG2 file with the original AC3 sound in a MPEG container (VOB), just like DVD authoring tools like their files (no sign of players supporting h.264 where I live yet, else…).

mencoder the_darned_movie.mkv -sub subtitles_spa.srt -utf8 -subfont-text-scale 3.3 -subpos 96 -oac copy -ovc lavc -lavcopts vcodec=mpeg2video:vbitrate=5000:mbd=2:trell=yes:gmc=yes:aspect=1.83/1:vpass=1 -of mpeg -mpegopts format=dvd:muxrate=24000:tsaf=yes:interleaving2=yes:vframerate=25 -noskip -o /dev/null

and then the actual encoding (make sure to copy the log file from the first pass somewhere safe just in case):

mencoder the_darned_movie.mkv -sub subtitles_spa.srt -utf8 -subfont-text-scale 3.3 -subpos 96 -oac copy -ovc lavc -lavcopts vcodec=mpeg2video:vbitrate=5000:mbd=2:trell=yes:gmc=yes:aspect=1.83/1:vpass=2 -of mpeg -mpegopts format=dvd:muxrate=24000:tsaf=yes:interleaving2=yes:vframerate=25 -noskip -o the_darned_movie.mpg

I made a couple of fix ups, such as converting the srt file to UTF-8, with gaupol. As well, lavf output doesn’t support VOB output as it was my first idea and to make things worse, it is broken as per program output (MPlayer SVN-r31918 a.k.a MPlayer 1.0.rc4). But, the MPEG muxer supports VOB, yay!

Evolution, Google Calendar and CalDAV

I dunno what’s wrong with GNOME Evolution’s native Google Calendar support, but for me it hasn’t been nothing but a disappointment. A while ago during an speleological expedition in Google’s Help site, I found how to use CalDAV instead of the Google connector. In order to access the main calendar one uses the address:


Unfortunately this doesn’t give access to other calendars one may have in the account. If using Apple’s iCal or Mozilla’s Sunbird/Lightning, or whatever name their calendar has these days, you can use the address:


to retrieve a list of calendars, pick and choose.

Wine and µTorrent can rot an Ext3 filesystem

Note to self: All bittorrent clients are horrid. Some have a bearable stench, others haven’t. And for some reason these days I find all POSIXy clients despicable.

Thus enter µTorrent running under wine. And I start getting these weird filesystem errors that could eventually eat the whole filesystem where there are some really rare and valuable files. I started poking at the problem and discovered that µTorrent has its own disk-cache manager that, of course, enters in conflict with the Linux one. There you have a testament to the design flaws of the Windows NT VM and the NTFS filesystem; you  have to implement your own disk-cache manager if you want something that works. Fortunately you can turn it off.

So I’ve settled on this configuration:

  • Linux: 2.6.30 (yeah, a release candidate for now), makes Ext filesystems work in writeback journaling mode with write safety.
  • Filesystem: Ext3 with write barriers enabled to cover your backside against hardware write cache idiocy.
  • wine: A very recent vintage
  • µTorrent: The latest with all disk cache settings disabled.

Courier 15 CPI crawls back from the woodwork

Earlier this week I was contacted by Alan G. Isaac asking me about the whereabouts of the Courier 15 CPU aka Courier Dot 15 fonts I made several years back. The old website at Tripod is gone and I’ve redirected my energies to other interests in the meantime.

I’ve digged up the fonts from old backups and I’ll repost them all in this blog. Let’s see if I’m game to start hacking fonts again. 🙂


NOTE: I managed to delete the file by mistake several weeks ago. It is restored now and I’ve added an OTF version to boot.