L'Anarcarnet - The Anarblog

There is a split between the Debian and Ubuntu Wine packages. It is not necessary and we (Debian) should reuse the Ubuntu packages to get the latest and greatest wine into Debian.

This article was originally written as a bug report to the wine package in Debian.

Jumping quite late in the bandwagon, I have done our own security assessment of the most recent vulnerability in SSL called "BEAST" (Browser Exploit Against SSL/TLS). I have summarized my findings in the Koumbit wiki so that others can contribute. Basically, three steps should be taken:

1. block javascript, java and flash from untrusted sites using NoScript and Flashblock in Firefox, or by turning off plugins, java and javascript in Chromium (a little button will appear to re-enable them as needed)
2. update your browser when the fixes are released (in beta for Chromium, Firefox pretends they are not vulnerable, even though they committed a fix similar to chrome's)
3. start migrating to TLS 1.2 and pressure vendors to do so

After returning from vacation I have found my blog rampaged by spammers, which have successfully been able to bypass the CAPTCHA on the site, to post more than 400 comments, a notable amount, considering there are only 186 legitimate comments on this site at the time of writing. Since I was quite frustrated by this, I decided to study the matter a little more and since this took me quite a while, I figured I could document the results of my research and progress here.

At the very last I am taking my second long leave from my beloved job in the 7 years I have dedicated to this project. The first time was 5 years ago and was refreshing, so it is now clearly overdue. This is both to make sure Koumbit can survive without me but also making sure that I can survive without Koumbit - I am basically testing the backup procedures here.

What a way to spend your vacations! I have the unconfortable feeling that i have lent books to friends and that they are... well, not lost but ... somewhere. Wanting to get rid of this confusion, I started looking at library cataloging software.

Here's an excerpt of a second RMA request I have just filed with NCIX. I strongly recommend anyone looking for a netbook to not buy this machine, especially since it barely runs Debian.

So here I am, on a sunday night playing with various open source projects instead of having a proper non-geek life like I'm apparently supposed to be doing in our modern society.

Someone pointed to me this pretty good article about password hashing and HMAC. I must admit that before reading the article, I was barely familiar with HMAC. I am, however, familiar enough with one-way hash functions to comment a bit on the article, and since I feel there are incorrect conclusions in this article, I also feel I should try to correct those.

So I started experimenting with Diigo recently, as an alternative to Delicious, thanks to Robin. It seems to have a lot more bells and whistles, but I'm still unsure about the service, for various reasons. But what brought me there was the possibility of bridging my bookmark posts with Identica (as opposed to Twitter, which I only mirror to). So I put together a patch to the extension that does that and I hope it can be picked up upstream.

Playing chess with friends in the Pampa Humida, I couldn't find a proper way to teach my friends on how to play quickly enough so that the game wouldn't become boring as hell. So I found this web page with a simple chess clock on it. Written in javascript, it wasn't exactly reliable or fast, and required me to have network access (unless I saved the page to my machine, but anyways). Also, the web browser overhead was too much for my taste.