Debian LTS/ELTS

This was my hundred-fortieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

During my allocated time I uploaded or worked on:

• [DLA 4474-1] rlottie security update to fix three CVEs related to boundary checks.
• [DLA 4477-1] munge security update to fix one CVE related to a buffer overflow.
• [DLA 4483-1] gimp security update to fix four CVEs related to arbitrary code execution.
• [DLA 4487-1] gegl security update to fix two CVEs related to heap-based buffer overflow.
• [DLA 4489-1] libvpx security update to fix one CVE related to a buffer overflow.
• [ELA-1649-1] gimp security update to fix three CVEs in Buster and Stretch related to arbitrary code execution.
• [ELA-1650-1] gegl security update to fix two CVEs in Buster and Stretch related to heap-based buffer overflow.

Some CVEs could be marked as not-affected for one or all LTS/ELTS-releases. I also worked on package evolution-data-server and attended the monthly LTS/ELTS meeting.

Debian Printing

This month I uploaded a new upstream versions:

• … ipp-usb to unstable.
• … brlaser to unstable.
• … gutenprint to unstable.

This work is generously funded by Freexian!

Debian Lomiri

This month I continued to worked on unifying packaging on Debian and Ubuntu. This makes it easier to work on those packages independent of the used platform.

This work is generously funded by Fre(i)e Software GmbH!

Debian Astro

This month I uploaded a new upstream version or a bugfix version of:

• … c-munipack to unstable. This package now contains a version without GTK support. Upstream is working on a port to GTK3 but seems to need some more time to finish this.
• … libasi to unstable.
• … libdfu-ahp to unstable.
• … libfishcamp to unstable.
• … libinovasdk to unstable.
• … libmicam to unstable.
• … siril to unstable (sponsored upload).

Debian IoT

This month I uploaded a new upstream version or a bugfix version of:

• … pyicloud to unstable.

Unfortunately development of openoverlayrouter finally stopped, so I had to remove this package from the archive.

Debian Mobcom

This month I uploaded a new upstream version or a bugfix version of:

• … libsmpp34 to unstable.

misc

This month I uploaded a new upstream version or a bugfix version of:

• … nuspell to unstable.

I also sponsored the upload of some Matomo dependencies. Thanks a lot to William for preparing the packages

06 Mar 2026 6:27pm GMT

Krebs has an interesting article about the Kimwolf botnet which uses residential proxy relay services [1].

cory Doctorow wrote an insightful blog post about code being a liability not an asset [2].

Aigars Mahinovs wrote an interesting review of the BMW i4 M50 xDrive and the BMW i5 eDrive40 which seem like very impressive vehicles [3]. I was wondering what BMW would do now that all the features they had in the 90s have been copied by cheaper brands but they have managed to do new and exciting things.

Arstechnica has an interesting article about the recently declassified JUMPSEAT surveillance satellites that ran from 1971 to 1987 [4].

Cory Doctorow wrote an interesting blog post about OgApp which briefly allowed viewing Instagram without ads and the issues of US corporations misusing EU copyright law [5].

ZDNet has an interesting article about new planned developments for the web of trust for Linux kernel coders (and others) [6].

Last month India had a 300 million person strike, we need more large scale strikes against governments that support predatory corporations [7].

Techdirt has an insightful article on the ways the fascism is bad for innovation and a market based economy [8].

The Acknowledgements section from the Scheme Shell (scsh) reference is epic [9].

Vice has an insightful article on research about "do your own research" and how simple Google searches tend to reinforce conspiracy theories [10]. A problem with Google is that it's most effective if you already know the answer.

Issendai has an interesting and insightful series of blog posts about estranged parents forums which seems a lot like Incel forums in the way they promote abuse [11].

Caitlin Johnstone wrote an interesting article about how "the empire" caused the rebirth of a real counterculture by their attempts to coerce support for Israeli atrocities [12].

Radley Balko wrote an interesting article about "the courage to be decent" concerning the Trump regime's attempts to scare lawyers into cooperating with them [13].

Terry Tan wrote a useful resource on the API for Google search, this could be good for shell scripts and for 3rd party programs that launch a search [14].

The Proof has an interesting article about eating oysters and mussels as a vegan [15].

All Things Linguistic has an interesting and amusing post about Yoda's syntax in non-English languages [16].

• [1] https://tinyurl.com/2ypyzh5w
• [2] https://tinyurl.com/2b9kyl5x
• [3] https://aigarius.com/blog/2026/01/07/sedan-experience/
• [4] https://tinyurl.com/23ekabmj
• [5] https://pluralistic.net/2026/01/30/zucksauce/#gandersauce
• [6] https://tinyurl.com/29j6zzyc
• [7] https://tinyurl.com/2xvfmslu
• [8] https://tinyurl.com/2b7m8pwa
• [9] https://en.wikipedia.org/wiki/Scsh
• [10] https://tinyurl.com/2aajkoyv
• [11] https://tinyurl.com/ywd3kqel
• [12] https://tinyurl.com/2cqep7cj
• [13] https://radleybalko.substack.com/p/the-courage-to-be-decent
• [14] https://serpapi.com/blog/every-google-udm-in-the-world/
• [15] https://theproof.com/eating-oysters-and-mussels-as-a-vegan/
• [16] https://tinyurl.com/229soykv

06 Mar 2026 12:23pm GMT

Today I have made the tough decision of retiring the Wallabako project. I have rolled out a final (and trivial) 1.8.0 release which fixes the uninstall procedure and rolls out a bunch of dependency updates.

Why?

The main reason why I'm retiring Wallabako is that I have completely stopped using it. It's not the first time: for a while, I wasn't reading Wallabag articles on my Kobo anymore. But I had started working on it again about four years ago. Wallabako itself is about to turn 10 years old.

This time, I stopped using Wallabako because there's simply something better out there. I have switched away from Wallabag to Readeck!

And I'm also tired of maintaining "modern" software. Most of the recent commits on Wallabako are from renovate-bot. This feels futile and pointless. I guess it must be done at some point, but it also feels we went wrong somewhere there. Maybe Filippo Valsorda is right and one should turn dependabot off.

I did consider porting Wallabako to Readeck for a while, but there's a perfectly fine Koreader plugin that I've been pretty happy to use. I was worried it would be slow (because the Wallabag plugin is slow), but it turns out that Readeck is fast enough that this doesn't matter.

Moving from Wallabag to Readeck

Readeck is pretty fantastic: it's fast, it's lightweight, everything Just Works. All sorts of concerns I had with Wallabag are just gone: questionable authentication, questionable API, weird bugs, mostly gone. I am still looking for multiple tags filtering but I have a much better feeling about Readeck than Wallabag: it's written in Golang and under active development.

In any case, I don't want to throw shade at the Wallabag folks either. They did solve most of the issues I raised with them and even accepted my pull request. They have helped me collect thousands of articles for a long time! It's just time to move on.

The migration from Wallabag was impressively simple. The importer is well-tuned, fast, and just works. I wrote about the import in this issue, but it took about 20 minutes to import essentially all articles, and another 5 hours to refresh all the contents.

There are minor issues with Readeck which I have filed (after asking!):

• add justified view for articles (Android app)
• more metadata in article display (Android app)
• show the number of articles in the label browser
• ignore duplicates (Readeck will happily add duplicates, whereas Wallabag at least tries to deduplicate articles -- but often fails)

But overall I'm happy and impressed with the result.

I'm also both happy and sad at letting go of my first (and only, so far) Golang project. I loved writing in Go: it's a clean language, fast to learn, and a beauty to write parallel code in (at the cost of a rather obscure runtime).

It would have been much harder to write this in Python, but my experience in Golang helped me think about how to write more parallel code in Python, which is kind of cool.

The GitLab project will remain publicly accessible, but archived, for the foreseeable future. If you're interested in taking over stewardship for this project, contact me.

Thanks Wallabag folks, it was a great ride!

06 Mar 2026 3:05am GMT