Some people care if software is free of cost or if it has the best features. I don't. I care that I can legally dissect its parts, adjust it to my needs, and share my modifications with the community: run, study, redistribute, improve. That's why I happily avoid macOS, Windows, Skype, Photoshop. I love … free software!

If you want to join in speaking your mind about software libre and the #ilovefs campaign, please find related artwork here.

libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C. It is cross-platform and licensed under the MIT license.

Expat 2.2.8 has been released yesterday. This release fixes a security issue — a heap buffer over-read known as CVE-2019-15903 reported by Joonun Jang resulting in Denial of Service —, starts using the rand_s function on Windows and MinGW (ending the previous LoadLibrary hack), includes non-security bugfixes, many build system fixes and improvements, improvements to xmlwf usability, and more.

For more details regarding the latest release, please check out the changelog.

If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.2.8. Thank you!

Sebastian Pipping

I ran into this talk, and found it very interesting: Managing Data in Microservices

I ran into article Get your work recognized: write a brag document by Julia Evans on Hacker News today.

Great idea and great read as well. Will probably apply this to note taking for the next day's daily stand-up, as well.

I found this talk about technical debt both smart and interesting. There is a bit of a dry segment in the middle that you need to get past. After that even the Q'n'A at the end is interesting. A slide with a definition of technical debt and interest(!) is at 3m42s.

See for yourself:

Technical debt isn't technical - Einar Høst - DDD Europe 2019

libexpat is a fast streaming XML parser written in C. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C. It is cross-platform and licensed under the MIT license.

Expat 2.2.7 has been released a few days ago. Besides improvements to the build system, 2.2.7 fixes security issue CVE-2018-20843 that allowed use of specially crafted XML to cause Denial of Service. The issue was found during fuzzing of LibreOffice by the Chromium team and reported by Caolán McNamara.

With regard to Denial of Service protection, libexpat still needs a partner to sponsor additional development workforce — my own time remaining free but limited — to prevent Denial of Service through Billion laughs attacks by default, for the masses, with sane defaults, and with knobs for tuning. If you operate software accepting XML from the internet in an enterprise and aim at 99.9%-and-beyond availability per year, please get in touch.

For more details regarding the latest release, please check out the changelog.

If you maintain Expat packaging and/or a bundled copy of Expat and/or a pinned version of Expat somewhere, please update to 2.2.7. Thank you!

Sebastian Pipping

Some fun electronic music from my years-ago bookmarks that I would like to share with you:

City 17 - Wage War (Original Mix)

City 17 - Makin' Good Time (Original Mix)

I just came across this talk again and remembered that I found it doing a great job explaining and demonstrating Kanban when I first ran into it. Maybe you find it interesting:

A few minutes ago uriparser 0.9.3 has been released. 0.9.3 is a fix-up to 0.9.2. Combined, releases 0.9.2 and 0.9.3 feature:

• Migration from GNU autotools to CMake

• Link fixes for use of uriparser from C++ code

• Library visibility fixes / introduction of -fvisibility=hidden

For more details please check the change log.

Last but not least: If you maintain uriparser packaging or a bundled version of uriparser somewhere, please update to 0.9.3. Thank you!

Hintergrund

Dieses Rezept basiert auf einem DDR-Rezept für Marmorkuchen — (der Sekundärquelle nach) aus dem Buch Kochkunst. Lukullisches von A bis Z — und der Beobachtung, dass bei Marmorkuchen die Schoko-Hälfe die spannende ist: Warum also nicht die langweilige Hälfte weglassen und die spannende Hälfte verdoppeln?

Außerdem mag ich Haferflocken und ersetze deshalb — bezogen auf die Vorlage — 100g Mehl durch 200g Haferflocken.

Zutaten

• 250 g Margarine
• 250 g weißer Zucker
• 400 g Weizenmehl
• 200 g grobe Haferflocken
• 80 g Back-Kakao
• 4 Eier
• 250 ml Milch
• 1 Päckchen Vanillinzucker
• 1 Päckchen Backpulver
• Abgeriebene Schale von 1/2 Bio(!)-Zitrone
• 2 Esslöffel weißer Rum

Zubereitung

• Margarine sahnig rühren, nach und nach beide Sorten Zucker, Eier, geriebene Zitronenschale und Rum hineinrühren.
• Das mit Backpulver gemischte Mehl portionsweise abwechselnd mit Milch hinzufügen und verrühren, dann die Haferflocken, dann den Kakao.
• Eine gefettete Kastenform mit Teig befüllen.
• Bei Mittelhitze backen, z. B. 100 Minuten bei Stufe 5 von 8 im Gas-Backofen ohne Vorheizen.
• Fertig.