Hartwork Blog

Includes security fixes, a short article about the release is up here: Expat 2.2.2 released (XML.com)

Expat 2.2.1 has been released. It’s a security release with a variety of security fixes, for instance: An infinite loop denial-of-service fix (that Rhodri James wrote more about), introduction of SipHash against sophisticated hash flooding, use of OS-specific high quality entropy providers like getrandom, integer overflow fixes, and more. We also got better code coverage, moved all but the downloads from SourceForge to GitHub, … but maybe have a look at the detailed change log yourself 🙂

So if you control copies of Expat somewhere, please get them updated.

Let me use the occasion to point out that we are looking for help with a few things Expat. There are tickets with details up here. If you can help, please get in touch.

Thanks and best

Sebastian

About rel=noopener (mathiasbynens.github.io)

Interesting and disturbing:
Facebook’s manual on credible threats of violence (theguardian.com)

Hi!

When I started fetchcommandwrapper about 6 years ago it was a proof of concept: It plugged into portage replacing wget for downloads, facilitating ${GENTOO_MIRRORS} and aria2 to both download faster and distribute loads across mirrors. A hack for sure, but with some potential.

Back then public interest was non-existent, fetchcommandwrapper had some issues — e.g. metadata.xsd downloads failed and some sites rejected downloading before it made aria2 dress like wget — and I stopped using it myself, eventually.

With the latest bug reports, bugfixes and release of version 0.8 in Gentoo, fetchcommandwrapper is ready for general use now. To give it a shot, you emerge app-portage/fetchcommandwrapper and append source /usr/share/fetchcommandwrapper/make.conf to /etc/portage/make.conf. Done.

If you have extra options that you would like to pass to aria2c, put them in ${FETCHCOMMANDWRAPPER_EXTRA}, or ${FETCHCOMMANDWRAPPER_OPTIONS} for fetchcommendwrapper itself; for example

FETCHCOMMANDWRAPPER_OPTIONS="--link-speed=600000"

tells fetchcommandwrapper that my download link has 600KB/s only and makes aria2 in turn drop connections to mirrors that cannot keep up with at least a third of that, so that faster mirrors get a chance to take their place.

For non-ebuild bugs, feel free to use https://github.com/gentoo/fetchcommandwrapper/issues to report.

Best, Sebastian

What’s Wrong with Disqus? / Replacing Disqus with Github Comments (donw.io)

Hey there!

If you are not subscribed to the new Gentoo packages feed, let me quickly introduce you to SafeEyes that I started using on a daily basis. It has found it’s way into Gentoo as x11-misc/safeeyes now. This article does a good job:

SafeEyes Protects You From Eye Strain When Working On The Computer (webupd8.org)

Best, Sebastian

An der Basis gegen Amazon (jetzt.de, Eva Hoffmann)

Ohne viele Worte: Wer ist eigentlich meine verrückte Nachbarin (ZEIT Online)

I recently noticed that I would clearly suggest Debian over Ubuntu to someone about to make that choice.

A few reasons why:

• The Chromium browser lagged so much behind Debian in Ubuntu recently, that payment on AirBnB would fail on Ubuntu (16.10) while working well on Debian; the update/fix took way too long.
• The corefonts installer is broken (and not hard to fix) in Ubuntu (16.10). I would not recommend any of the workarounds I have seen, the bug is not fixed for two years. Affected a non-IT friend of mine.
• The shutdown process of a freshly installed Ubuntu 16.04 took ages due to the cups-browsed daemon. Experienced that at a Linux install party.
• Pycharm freezes soon after start-up on Ubuntu (16.10)
• Right now Debian has Postgresql 9.6, latest alpha Ubuntu only has Postgresql 9.5 (while we want 9.6 features on the server at work).
• The Debian community will like you way better if you are not actually on Ubuntu if you end up asking questions in the Debian channel at some point (say you have questions on Debian packaging)

So much for now.