December 01, 2015

lsns(8) new command to list Linux namespaces
The namespaces are commonly used way how to isolate global (ipc, mount, net, ...) resource instances. Unfortunately, we have no command line tool to list namespaces. The new command lsns(8) tries to fill this gap.


# lsns
4026531836 pid 276 1 root /usr/lib/systemd/systemd --system --deserialize 15
4026531837 user 276 1 root /usr/lib/systemd/systemd --system --deserialize 15
4026531838 uts 276 1 root /usr/lib/systemd/systemd --system --deserialize 15
4026531839 ipc 276 1 root /usr/lib/systemd/systemd --system --deserialize 15
4026531840 mnt 269 1 root /usr/lib/systemd/systemd --system --deserialize 15
4026531857 mnt 1 63 root kdevtmpfs
4026531963 net 275 1 root /usr/lib/systemd/systemd --system --deserialize 15
4026532189 mnt 1 545 root /usr/lib/systemd/systemd-udevd
4026532390 net 1 776 rtkit /usr/libexec/rtkit-daemon
4026532478 mnt 1 776 rtkit /usr/libexec/rtkit-daemon
4026532486 mnt 1 847 colord /usr/libexec/colord
4026532518 mnt 3 6500 root -bash
and list namespace content:

# lsns 4026532518
6500 6372 root -bash
19572 6500 root └─/usr/bin/mc -P /tmp/mc-root/mc.pwd.6500
19575 19572 root └─bash -rcfile .bashrc
help output with columns description:
# lsns -h

lsns [options] [namespace]

List system namespaces.

-J, --json use JSON output format
-l, --list use list format output
-n, --noheadings don't print headings
-o, --output list define which output columns to use
-p, --task pid print process namespaces
-r, --raw use the raw output format
-u, --notruncate don't truncate text in columns
-t, --type name namespace type (mnt, net, ipc, user, pid, uts)

-h, --help display this help and exit
-V, --version output version information and exit

Available columns (for --output):
NS namespace identifier (inode number)
TYPE kind of namespace
PATH path to the namespace
NPROCS number of processes in the namespace
PID lowers PID in the namespace
COMMAND command line of the PID
UID UID of the PID
USER username of the PID

For more details see lsns(8).
The important detail is that you can see only namespaces accessible from currently mounted /proc filesystem. The lsns(8) is not able to list persistent namespaces without processes where the namespace instance is hold by bind mounts of the /proc/[pid]/ns/[type] files and the output may be affected by unshared PID namespace and unshared /proc (see unshare(8) for more details).

... it will be probably available in util-linux v2.28 (~ January 2016).

FAmSCo Elections: Interview with Gabriele Trombini (mailga)
Fedora Ambassador Steering Committee badge

Fedora Ambassador Steering Committee badge

This is a part of the FAmSCo Elections Interviews series. Voting is open to all Fedora contributors. The voting period starts on Tuesday, December 08 and closes promptly at 23:59:59 UTC on Monday, December 14th. Please read the responses from candidates and make your choices carefully. Feel free to ask questions to the candidates here (preferred) or elsewhere!

Interview with Gabriele Trombini

  • Fedora Account: mailga
  • IRC: mailga (mainly in #fedora-ambassadors, #fedora-commops, #fedora-docs, #fedora-join, #fedora-mktg, #fedora-websites)
  • Fedora User Wiki Page

What is your background in Fedora? What have you worked on and what are you doing now?

I started with Fedora locally as one of the main contributors of the Italian Community, I helped in the growth of its forum, website renewal,  and documentation; I also wrote a Fedora book for newbies with robyduck and produced the Italian pdf magazine “folio”.

Of course I’m part of the EMEA ambassadors, which was my first step into the Fedora Project. I attended many local events and the one I’m really proud of is the one we held in Milan with short talks by involved people. We showed the crew the main activities within the Project (Ambassadors, Design, L10n, Websites, Infra, Kernel and Virtualization).
Afterwards I spent more time with the international community. I attended a couple of EMEA FADs and Fosdem 2014, and I recently gave a talk at Flock 2015.

My interest range is across the entire Project (I’m avoiding development because even if I’m really interested in it, at the moment my spare time wouldn’t be enough). I’m part of the Marketing team (I performed some tasks for the F23 release), a member of the Fedora-Join SIG (renewed and able to give a help to the Ambassadors in the near future), a member of Websites (providing help with smaller works in support of the team), and lastly a new member of the Docs group (I’m putting in a home mail server and I want to share my experience even if, to be honest, this is going slowly, at the moment).

What are the most pressing issues facing Fedora today? What should we do about them?

Well, it isn’t easy to define the issues Fedora is facing.

We don’t have a real feel of what is going on outside. Yes, we can read posts, we can see people at events, we can have some metrics, but what is happening out of our border has several sources.

There are different kind of users, just like students, business and public administration.
Schools are the area which are going very well because a lot of our contributors are students (or keep contacts with schools and/or colleges) and usually educational establishments are willing to accept events or get involved in Fedora activities (the most important is that they have suitable spaces for hosting events). Our Ambassadors are doing a great job in this area.

Instead, it is harder to find a way of entrance for both private and public administration (even if lately public administration seems more flexible). Most of them are tied to other operating systems and we have to go to the top of management to try to open a door.

There are two kind of problems here:

  1. People: We have lots of contributors having little (or none) management experience in their employment (mostly due to their age), so they can’t be part of the renewal IT programs inside their workplace.
  2. Establishment: The problem here is the marketing is not structured to make campaigns targeted to private and public; this engages the Marketing team, and I, as part of the team, am thinking to go in that direction, studying strategies, analyzing metrics and dedicating time to get in touch with public and private areas.

Resolving point #2 makes easier the resolution of point #1; the Document Foundation is doing successful campaigns in this direction with LibreOffice, so why shouldn’t we as well?

What are the most pressing issues facing the Fedora Ambassadors today? What should we do about them?

This is somehow related to the previous point. At the moment, mostly at events, Fedora is well known for its software: always updated with the latest versions, but versus other distros, Fedora often is not the first choice and we are not able to go ahead. My opinion is that we don’t have any feedback from the users, so we really don’t know why people are going to other distros or operating systems.

We need feedback; seeing people at booth or conferences is not enough. We don’t communicate with them. Usually we answer a user’s questions, but often we don’t ask them what they think.

It’s really difficult being an Ambassador, especially when dozens of people come to our booth in order to only have a mug, a shirt, or some stickers. We should stop them and ask what they think about Fedora, take note of replies, and report them in the event list. Of course there are a lot of events we don’t attend directly, so we need help from local communities.

We have to create a database, or something similar, where stored answers could lead us to improve our effort and get them more focused.

Interest in traditional Linux events seem to be stagnating or even declining. How should the Ambassadors respond to this change?

True, that’s my opinion as well.

The increase in the use of the Internet makes knowledge and opinions more available; by now everyone gets information from the web and the Ambassadors activities should be based on the operating system inside itself.

To do that, the Ambassadors’ activity is to collect information from each group (at least WS, Server, Cloud and also Spins groups) in order to go deeper in the features hidden under the skin of the releases.

And yes, the Ambassadors should be prepared for the events, but not only target their talks or explanations on what is well-known by the web.

The tools are ready: there are talking points and channels for doing that, and overall, there is the Marketing team that should be more efficient to give the information they need.

There’s is also the possibility (as we are planning in the Fedora-Join SIG) to provide a contact with the Join group when requested (a PC with the IRC channel #fedora-join open is enough) where people can ask our contributors any information they need. We’re also planning to hold Ambassador Join-Days that current Ambassadors will be aware of.

At the least, the Ambassadors should have a way to be aware of things that other non-contributors would not be aware of because they can’t find it on the Internet yet. This is the way to make them really feel a part of the Project, and help be a part of the inside of Fedora.

What are your future plans? Is there anything what you can consider as “Mission Statement” in this role?

My plans as a FAmSCo member is to give to Ambassadors the tools for being persuasive in their activities. They’re are one of the most important parts of the Project (our business card) and my goal is having them always ready to get in touch with the public with information and tools.

Also FAmSCo have to uniform the ticketing system and budgeting rules for all the regions.

What is your take on the recent governance reorganization (Council, working groups, budget, etc.)?

Having more focused committees is the best way to operate; each sector is able to go deeper in their tasks to make things move ahead in a more accurate way. We should only be careful that each pool is working together; this kind of splitting, if not correctly managed, could cause dispersions and get the opposite effect.

It’s not a mystery that any working group is very active inside their tasks but often there’s a lack of information passed to others.

Usually each group waits for questions but we should reverse this way of acting.
The goal is that each working team gives information to the outside using some kind of tool (Ticketing system? Questionnaire?) based on a deadline, likewise to the tasks for the releases we are using. A wrangler checking this job is required.

It seems the Ambassador activities are disconnected from the rest of the project; what is your way for fixing the issue?

This should be fixed in the near future; FOSCo will incorporate members from other groups (as explained here) in order to get in touch with the main groups of the project and work together on tasks.

In the meanwhile FAmSCo (which is responsible for the transition to FOSCo) must activate preferential channels to other groups for getting news on software and many aspects of the project.

What kind of information should be exchanged between Ambassadors and the other Project groups?

The best is having Ambassadors briefing done by member of WG and marketing, but in the last releases it didn’t happen. This was left to the reading of the talking points or the release notes.

Ambassadors must be aware of:

  • Features
  • Future plans
  • Internal processes
  • Tools for handling info

The starting point, as said before, are the talking points and/or release notes, but we have to give the possibility to deepen things Ambassadors think users must be aware of. This can be done by now, but its real effect will happen with the FOSCo.

The second is on the shoulder of the Council. A brief communication (in the ML) where future directions are explained in few words should be enough.

The third is the more complicated IMHO; there are a lot of Ambassadors who still don’t know what the Project is asking them and how to get things done (swag, money requests, event listing, reporting and so on). This should be part of the mentors’ teaching. Mentors, with all the good things they’re doing, should also explain the correct form to get access to the internal process. Not an exam, but they have to explain how to do what/when/where.

The last bullet point is a CommOps task. One of the Ambassadors’ homework tasks is to take a peek at the tools available, aggregate data, draw reports and so on. CommOps (in its wiki page) provides several tools to get lots of information.

Are Ambassadors really up to date about new features of the releases? If not, what are you planning to do to keep them up to date?

Ambassadors are part of Marketing (also true the reverse) and they must have more points of contact with the Marketing team, who is aware of the new features and have channels to get in touch with developers and other groups. Ambassadors should have a preferential channel to communicate with Marketing and they must have a reply ASAP.
Of course Marketing is not able to satisfy this kind of request coming from lots of people, so FAmSCo should collect requests (on the Trac) and forward them to Marketing (IMHO once a week) on its ticketing system. Marketing will parse the tickets and answer directly.

Of course both Marketing and FAmSCo (waiting for FOSCo) will prepare a document where Ambassadors are informed about the features of the next releases.

The post FAmSCo Elections: Interview with Gabriele Trombini (mailga) appeared first on Fedora Community Blog.

Hosting Multiple Python WSGI Scripts on OpenShift

With OpenShift you can host WSGI Python applications. By default the Python cartridge comes with a simple WSGI app and the following directory layout


I wanted to add my GitHub Bugzilla Hook in a subdirectory (git submodule actually) and simply reserve a URL which will be served by this app. My intention is also to add other small scripts to the same cartridge in order to better utilize the available resources.

Using WSGIScriptAlias inside .htaccess DOESN'T WORK! OpenShift errors out when WSGIScriptAlias is present. I suspect this to be a known limitation and I have an open support case with Red Hat to confirm this.

My workaround is to configure the URL paths from the file in the root directory. For example

diff --git a/ b/
index c443581..20e2bf5 100644
--- a/
+++ b/
@@ -12,7 +12,12 @@ except IOError:
 # line, it's possible required libraries won't be in your searchable path
+from github_bugzilla_hook import wsgi as ghbzh
 def application(environ, start_response):
+    # custom paths
+    if environ['PATH_INFO'] == '/github-bugzilla-hook/':
+        return ghbzh.application(environ, start_response)
     ctype = 'text/plain'
     if environ['PATH_INFO'] == '/health':

This does the job and is almost the same as configuring the path in .htaccess. I hope it helps you!

Commit a file with the GitHub API and Python

How do you commit changes to a file using the GitHub API ? I've found this post by Levi Botelho which explains the necessary steps but without any code. So I've used it and created a Python example.

I've rearranged the steps so that all write operations follow after a certain section in the code and also added an intermediate section which creates the updated content based on what is available in the repository.

I'm just appending versions of Markdown to the .travis.yml (I will explain why in my next post) and this is hard-coded for the sake of example. All content related operations are also based on the GitHub API because I want to be independent of the source code being around when I push this script to a hosting provider.

I've tested this script against itself. In the commits log you can find the Automatic update to Markdown-X.Y messages. These are from the script. Also notice the Merge remote-tracking branch 'origin/master' messages, these appeared when I pulled to my local copy. I believe the reason for this is that I have some dangling trees and/or commits from the time I was still experimenting with a broken script. I've tested on another clean repository and there are no such merges.


For this to work you need to properly authenticate with GitHub. I've crated a new token at with the public_repo permission and that works for me.

podlators-4.00 in Rawhide
Trying have updated their website featuring their WebRTC chat. One of intriguing feature is the support up to 15 people highlighted below.
Revamped website featuring WebRTC
It appears their systems is a worthy alterntive of Google HangOut. It will be nice project like Empathy carries more love.
Virtualbox on Fedora

Make simple

First update your kernel and later reboot your machine

[root@new-host-5 asleqia]# dnf -y update kernel && reboot

Now we need install the dependencies and some kernel modules

[root@new-host-5 asleqia]# dnf -y install binutils gcc make patch libgomp glibc-headers glibc-devel dkms kernel-devel kernel-core kernel-headers kernel-modules kernel-modules-extra

Now we need download and install Virtualbox

32 bits

[root@new-host-5 asleqia]# dnf -y install

64 bits

[root@new-host-5 asleqia]# dnf -y install

Run virtualbox script

[root@new-host-5 asleqia]# sudo /etc/init.d/vboxdrv setup
Stopping VirtualBox kernel modules                         [  OK  ]
Uninstalling old VirtualBox DKMS kernel modules            [  OK  ]
Trying to register the VirtualBox kernel modules using DKMS[  OK  ]
Starting VirtualBox kernel modules                         [  OK  ]
[root@new-host-5 asleqia]#

Add your username to the virtualbox group

[root@new-host-5 asleqia]# usermod -a -G vboxusers $USER

it’s all.

How Is Fossaegean Doing?

I have been enrolled at the University of the Aegean for more than two years so far. It is a multi-campus university located in six (6) Greek islands: Chios, Lemnos, Lesvos, Rhodes, Samos and Syros. The Dept. of Information & Communication Systems Engineering, where I'm studying, is based in the town of Karlovassi in Samos.

Since I moved into the island, one of the first things I did was to find out if there were any people around interested in free & open source technologies. Luckily, there was this community called fossaegean, which pretty much stands for Free & Open Source Software Community of the University of the Aegean. However, it was not that active back then.

Let me tell you something: I'm not just passionate about free & open source software, I'm crazy about it. And I certainly enjoy spreading the word about things I value. That is why, together with other people, we decided to put some effort and bring the community back to life.

Over the last two academic years, we have organized more than fourteen (14) events (mostly workshops and presentations). For this academic year we had set a goal of ten (10) events, and within three (3) months we are already past seven (7). This probably makes us one of the most (if not the most) active tech-related student communities in our university.

During our "Intro to HTML" workshop (photo by Zacharias Mitzelos, CC BY-NC-ND).

Some of our very recent activities include: Intros to HTML & CSS (part of our web dev series of workshops), a Fedora 23 Release Party, an Arduino workshop and not-to-forget those great OpenBBQs. For more info regarding our Events, you can have a look at this page in our wiki. Where do all these take place? Thankfully, we have our own space provided by the university. A soon-to-be fully-equiped hackerspace I would say!

Greek Fedora contributors, alongside people from our community, during FOSSCOMM 2015 (photo by Zacharias Mitzelos, CC BY-NC-ND).

What could you expect in the near future? Plenty of workshops, for sure. We have some interesting topics, including Android, Arduino, BASH, Bitcoin, Fedora, Firefox OS, JavaScript, Jekyll, Ruby/Ruby on Rails and many more. But it's not just about the workshops; our goal is to bring students together and do stuff. There are quite a few projects we have in mind and I really can't wait to share more details with you.

Our people are the ones that make things possible and keep the space running. A big shoutout to Christos Sotirelis, George Makrakis, Vicky Tsima, Zacharias Mitzelos and many more, who currently act as the backbone of our community.

Exciting times ahead, wish us the best of luck! :)

Virtualbox en Fedora 23

Házlo simple.

Primero actualiza tu kernel y luego reinicia

[root@new-host-5 asleqia]# dnf -y update kernel && reboot

Ahora instalamos las dependecias y los módulos necesarios del kernel

[root@new-host-5 asleqia]# dnf -y install binutils gcc make patch libgomp glibc-headers glibc-devel dkms kernel-devel kernel-core kernel-headers kernel-modules kernel-modules-extra

Paso seguido descargamos e instalamos Virtualbox

32 bits

[root@new-host-5 asleqia]# dnf -y install

64 bits

[root@new-host-5 asleqia]# dnf -y install

Ejecutamos el script de virtualbox ( OJO que cada vez que actualizen el kernel y los módulos deberán de volver a ejecutar el script.

[root@new-host-5 asleqia]# sudo /etc/init.d/vboxdrv setup
Stopping VirtualBox kernel modules                         [  OK  ]
Uninstalling old VirtualBox DKMS kernel modules            [  OK  ]
Trying to register the VirtualBox kernel modules using DKMS[  OK  ]
Starting VirtualBox kernel modules                         [  OK  ]
[root@new-host-5 asleqia]#

Agregamos nuestro usuario al grupo de Virtualbox

[root@new-host-5 asleqia]# usermod -a -G vboxusers $USER


All systems go
Service 'COPR Build System' now has status: good: Everything seems to be working.
A look at the kernel bisection scripts

I've been hacking on the bisection scripts for quite some time now. Things got stalled for a bit in October/November. I introduced several bugs which caused me to lose multiple days of testing verification so I took a break and worked on other things to relieve my frustrations. They are now at the point where they could use some testing besides my own. Here's a walk through of what I have

F21 is going to be going EOL soon. The current (and final) kernel is 4.1.13-101.fc21. An upgrade to F23 might put you at 4.2.6-300.fc23. Upgrades between major versions are a common point at which things break. Let's pretend that something in the kernel broke between those two versions. Grab a copy of the bisect scripts

$ git clone
$ cd fedbisect

This contains the scripts. In order to bisect, we need copies of the git trees. The bisect scripts will take care of this. Everything will be stored in a subidrectory. This allows multiple bisects to be going on at the same time. Each command will take the target directory as an arguemnt. Generally the form will be ./ <command> <target dir>. For this example, the target name will be broken-things. The first step is to sync the trees

$ ./ sync broken-things
<take a  break while this syncs, it may take a while>

a directory named broken-things is now present. Inside the directory:

$ ls broken-things/
bisect-step  kernel  pkg-git  step-0

kernel is a clone of the tree from, pkg-git is the fedora repository. bisect-step and step-0 are part of the state for bisection. To actually start a bisect between the two kernel versions

$ ./ start broken-things 4.2.6-300 4.1.13-101

Note the order, it's bad tag first followed by good tag. Behinds the scenes, this is setting up the kernel tree to run git bisect. If you look at the kernel tree you will see exactly that:

$ cd broken-things/kernel
$ git bisect log
# bad: [1c02865136fee1d10d434dc9e3616c8e39905e9b] Linux 4.2.6
# good: [1f2ce4a2e7aea3a2123b17aff62a80553df31e21] Linux 4.1.13
git bisect start 'v4.2.6' 'v4.1.13'

Now you can build

$ ./ build broken-things

This is another command that will take a long time to run. In order for these scripts to be better than a regular bisect, the patches from Fedora need to be applied. Figuring out which set of patches to be applied is tricky as noted previously and brute force is still the best solution. With the exception of a few commits in the merge window, most commits will build but if for some reason no appropriate patches can be found, an RPM will be generated of just the upstream version. At the end there will be a message such as

Got a build that built! Check in /home/labbott/fedbisect/broken-things/step-0 for rpms

and in that folder there will be RPMs to install (there will also be a number of logs showing what exactly failed. Those can be ignored).

$ ls broken-things/step-0/*.rpm

The RPMs are generated from a custom kernel.spec. It's mostly the same as the regular one but lots of stuff has been ripped out (perf, debug options, cpu power util etc.) and it's just one big package. This was mostly for ease of generation of the RPM. When generating snapshots, it turned out to be a pain to figure out which filters to apply, especially if module names changed. Copying over parts and editing where necessary seemed like an uphill battle for not much value. The lifespan of these bisection images is going to be very short so making the trade off for build ease and time (copying modules takes a loooong time) seemed reasonable. In order to make sure the kernel will always install the version number is 9.9.9-bisect_step so each installation step should be increasing.

Once the kernel is installed, tests can be run. When there is a result, the build can be marked as good

$ ./ good broken-things

or bad

$ ./ bad broken-things

or it can be skipped if the build is untestable

$ ./ skip broken-things

Now you can build again

$ ./ build broken-things

and repeat marking the build as good or bad until the bisect scripts indicate that a broken commit is found.

These scripts are still in the testing states so there may be problems. I suspect most of them will be in the setup phase. The scripts are available on pagure . Feedback/bug reports/pull requests are very welcome. Suggestions for future extensions are also welcome although I have my own list there as well.

November 30, 2015

There are scheduled downtimes in progress
Service 'COPR Build System' now has status: scheduled: Scheduled cloud outage in progress
DNS for your Vagrant needs: with Landrush, libvirt and dnsmasq

Have you ever needed a DNS server that would be visible both on your host and your Vagrant guests? Landrush is one of those things that can pretty much save you. Unfortunately it was designed around VirtualBox and Mac OS, so it does not work on Linux out-of-the-box. And it does not work with libvirt provider at all. Until of course recently since I added the support there. Here is how to make all that work together on Fedora.

First things first — my libvirt patch is not yet merged, so you will have to build Landrush yourself. Check out my fork of Landrush and build the plugin with rake build, than you can install it with vagrant plugin install command:

$ bundle
$ bundle exec rake build
$ vagrant plugin install ./pkg/landrush-0.18.0.gem

This expects you to have Bundler and Vagrant installed. If you don’t, check Fedora Developer Portal and learn how to do it.

Now you should be able to run Landrush and it should work just fine for your guests. To confirm that Landrush is running run vagrant landrush status. Let’s make it work on Linux host too! On Mac OS Landrush adds entries in /etc/resolver, unfortunately that won’t work on Linux. That’s why I put dnsmasq in the title of this post.

We can tell dnsmasq to listen on (localhost) and make an entry to redirect requested domain names (such as all ending with .dev or .local for example) to our Landrush DNS server (which runs on localhost too, but on port 10053 instead of standard 53). Let’s do it:

Add the following to /etc/dnsmasq.conf:


And create a following file to redirect our .local domains traffic to Landrush:

$ cat /etc/dnsmasq.d/vagrant-landrush 

Now let’s try to start dnsmasq service:

$ sudo systemctl start dnsmasq.service 
$ sudo systemctl status dnsmasq.service 
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2015-11-29 10:13:17 CET; 4s ago
  Process: 26654 ExecStart=/usr/sbin/dnsmasq -k (code=exited, status=2)
 Main PID: 26654 (code=exited, status=2)

Nov 29 10:13:17 strzibny-x1 systemd[1]: Started DNS caching server..
Nov 29 10:13:17 strzibny-x1 systemd[1]: Starting DNS caching server....
Nov 29 10:13:17 strzibny-x1 dnsmasq[26654]: dnsmasq: failed to create listening socket for port 53: Address already in use
Nov 29 10:13:17 strzibny-x1 systemd[1]: dnsmasq.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Nov 29 10:13:17 strzibny-x1 systemd[1]: Unit dnsmasq.service entered failed state.
Nov 29 10:13:17 strzibny-x1 systemd[1]: dnsmasq.service failed.

Oh no. It seems that we have a conflict here. This is because libvirt actually starts dnsmasq for your domains as well automatically.

We can fix it by telling system dnsmasq to bind to specific interfaces. Open the /etc/dnsmasq.conf again and list only the interfaces you need (and don’t conflict):

# on my system

The service should start just fine afterwards. Let’s see if we can resolve our host:

$ host site.local
Host site.local not found: 3(NXDOMAIN)

We have dnsmasq set up, but it’s not used. For that we need to edit /etc/resolv.conf and add our new name server:


Is this working?

$ host site.local
site.local has address

Great! Can we ping it yet? Yes and no. If you went with .dev domain name, you are fine, but if you went with my changes and setup .local instead, ping won’t see your new settings. This is because of Avahi.

To change the domain for Avahi from .local, edit the avahi-daemon.conf configuration file and restart avahi-daemon:

$ cat /etc/avahi/avahi-daemon.conf

$ sudo systemctl restart avahi-daemon

If you don’t really need Avahi, you can also change the following in nsswitch.conf:

$ cat /etc/nsswitch.conf
#hosts:          files mdns4_minimal [NOTFOUND=return] dns
hosts:          files dns

Now you can ping your development hostnames and they should be redirected to your VM by dnsmasq and Landrush.

FESCo Elections: Interview with Adam Miller (maxamillion)
Fedora Engineering Steering Council badge, awarded after Fedora Elections - read the Interviews to learn more about candidates

Fedora Engineering Steering Council badge

This is a part of the FESCo Elections Interviews series. Voting is open to all Fedora contributors. The  voting period starts on Tuesday, December 08 and closes promptly at 23:59:59 UTC on Monday, December 14th. Please read the responses from candidates and make your choices carefully. Feel free to ask questions to the candidates here (preferred) or elsewhere!

Interview with Adam Miller (maxamillion)

  • Fedora Account: maxamillion
  • IRCmaxamillion (Primarily active in #fedora-devel, #fedora-releng, #fedora-cloud)
  • Fedora User Wiki Page

What is your background in Fedora? What have you worked on and what are you doing now?

My history in Fedora technically pre-dates the Fedora Project itself, I’ve been a member of the user community since Red Hat Linux 7 and I still have my boxed set of “Deluxe Workstation” sitting on my book shelf. However, my time as an active contributor to the Fedora Project is far more recent having started during the Fedora 8 cycle when I both became a Fedora Packager and a member of the Fedora QA community.

I’ve been a little all over the place over the years as I learn new things and am able to contribute to new aspects of the project or newer technologies that Fedora is working on/with have become things I find interesting. Below is a list of things I’ve been involved in, including what I continue to participate with and what I’m less involved in these days.

Current activities in Fedora include:

  • Fedora Release Engineering Team Member
  • Fedora Cloud SIG Member
  • Fedora Packager
  • Fedora Proven Packager
  • Fedora Package Sponsor
  • Fedora EPEL SIG Member

Past activities or things I’m less involved in Fedora:

  • Fedora QA Community
  • Fedora QA Proven Tester
  • Fedora XFCE SIG
  • Fedora KDE SIG

Thing’s I’m currently working on for Fedora are largely around Release Engineering, Cloud, and Containers. I’m working with others in the community to clean up “technical debt” around the tools used to actually produce Fedora as well as help to create new ones that help modernize the build and compose pipeline in order to allow the creation of Fedora to be more agile at it’s core. These tools are aimed at catering to the Fedora.Next concept.

I’m also participating in an effort to establish an easier “on-ramp” to Fedora Release Engineering with hopes of making it more welcoming for new community members who take an interest in Release Engineering to join in the efforts and contribute. Much of this is happening in the RelEng Pagure git forge location.

Along with this, here are current or recent Fedora Changes I’m participating in:

As of April 2015 I joined the Fedora Engineering Team.

Do you think Fedora should be time based or more feature driven distribution? Or compromise?

This is something that I tend to think we need a nice compromise on. Maintaining a time based release cycle is good for the sake of the users because it makes things like major updates predictable. However, by targeting features we can make sure that we’re delivering releases based on project motivations around features that work towards the future of Fedora. I think we do a pretty good job at this now but am not closed off to the idea of changing it in the future in the event a solid argument for making the change were to present itself.

What are the most pressing issues facing Fedora today (from engineering POV)? What should we do about them?

To me this question is going to be extremely subjective based on the perspective of the person that is being asked. That being said, for me myself I happen to think that our build and compose pipeline is still very rigid which causes our ability to produce new types of “deliverables” (think cloud or docker images, and then whatever is new and cool in 2 years) to be slower than it could be. Also, Fedora is a massive constantly moving target so it’s always a challenge to sanitize that.

What are your interests and experience outside of Fedora? What of those things will help you in this role?

My interests outside of Fedora are operating systems, programming languages, package managers, build systems and systems automation. I know that probably sounds horribly scripted or some kind of really targeted response to an honest question but it’s not, that really is a list of things I find very fascinating and I spend a large part of my free time trying to further educate myself on those topics. These interests in a lot of ways are what lead me to Fedora and why I’ve stayed in the community and plan to for the foreseeable future.

I’m often reading about operating system concepts as they relate to ongoing work in the open source community with the advent of technologies like containers and the ongoing convergence of the linux world around systemd. As a random side note, my favorite books to date in the Operating System space are Andrew S. Tanenbaum’s MINIX (Racoon) book and Robert Love’s Kernel Development book, but I’m always on the lookout for a good one so if you have suggestions I’d love to know about them. :)

I also find programming languages fascinating, the different paradigms and semantics are interesting in the way that language creators approach a similar set of problems with different solutions. I spend a potentially unreasonable amount of time reading books and articles about programming languages new and old that I’m not currently familiar with just for the sake of education. I wouldn’t claim to really “know” more than a few programming languages (python being my favorite) but I dabble a lot to try and constantly learn new things.

Package managers is an odd one I’ll admit, but I think it falls under the operating system topic because without a package manager, the OS is relatively boring. I’ve read as much as I can about package managers other than rpm/yum/dnf in an attempt to understand different perspectives on solving the common problem of package management including programming language specific toolsets. It’s mostly a thought experiment as I ponder how we could solve all the problems in Fedora space to cater to system level packaging and user level (including developer toolsets, programming language package management) using a nice unified toolset, but it’s something that I like to think helps keep me on my toes and not stuck with a case a “tunnel vision” thinking only about a single set of concerns around the topic of package management.

My interest in build systems spawned from when I started picking apart how the whole “./configure && make && make install” process actually worked. From there it spawned into an exploration of automake, cmake, qmake, scons, waf and more as well as distributed build systems like koji, obs, buildbot, and others. This also caused a tangent off into the land of continuous integration and continuous delivery, both of which are really interesting topics I enjoy reading about and trying new approaches to as new tools/techniques come to light.

Systems automation is one that goes all the way back to the first time I really learned the true power of the shell (bash). I wanted to script everything and it just flourished from there as an almost obsession with wanting to automate everything. I’m of the opinion that if I can completely automate away my current task set, then I can spend that time working on more interesting things. My favorite automation framework/tool is Ansible, I have some patches in upstream Ansible and even manage my laptop with a playbook.

Anything else voters should know about you?

I live for this stuff, a big part of why I wake up in the morning is because I have an earnest passion for Open Source software. I have a Red Hat Shadowman tattoo on my left forearm that I had even before working for Red Hat. (A picture can be found on my Fedora User Wiki page)

How can FESCo do a better job communicating with the rest of the Fedora community, or do you feel that FESCo is already doing well here?

I don’t inherently think that FESCo does a bad job of communicating, but I think as with all things there’s room for improvement as newer community members or those not as ingrained in the daily processes of Fedora may not always be familiar with what FESCo is doing because they don’t know where to obtain the information. This is also something that Fedora Hubs might be able to help address. However, in the mean time I think FESCo should collectively try to engage with the community instead of being passive about the spread of information, maybe making a point to post regular status updates to the Fedora Community Blog or writing articles for the Fedora Magazine. There’s likely an unclear understanding of the ongoing work that FESCo is involved in.

What can you accomplish as part of FESCo that you couldn’t accomplish as a contributor to Fedora without sitting on FESCo?

I think this largely goes back to what FESCo does, “FESCo handles the process of accepting new features, the acceptance of new packaging sponsors, Special Interest Groups (SIGs) and SIG Oversight, the packaging process, handling and enforcement of maintainer issues and other technical matters related to the distribution and its construction.” such that I believe that not any one Fedora Contributor is any more able to accomplish things within the purview of The Fedora Project than any other, regardless of if you sit on a Committee or not. However, the members of FESCo have the unique opportunity to help shepherd and advise those who are working towards accomplishing specific goals while keeping the technical concerns of the entire project in perspective. I believe that I could participate and contribute in that space.

With the advent of Fedora Council now, what do you see as the significance of FESCO in Fedora project?

I think the Fedora Council’s main goal is to focus on higher level concepts or ideas of the Fedora Project as a whole where as FESCo focuses on the technical implementation or concerns of those higher level concepts. I think a solid example of this would be the Fedora.Next initiative proposed by the Fedora Project Leader, Matt Miller, planned and guided from a high level conceptual standpoint within the Council where as FESCo has and will continue to provide guidance towards and help to enable the technical efforts specific to implementing the concepts of Fedora.Next as well as other initiatives that come from the Fedora Council.

Do you think FESCo can help with the reduction of the backlog of >400 packages awaiting review?

I would like to think that FESCo can, but it’s going to require more than just the small number of people who are a part of FESCo to conquer that many package reviews. This is definitely something that I think falls within the realm of FESCo’s charter to help resolve. Hopefully we can increase visibility on not only the review backlog itself but also that this is a blocker on so many packages waiting to get into Fedora. Possibly the creation of a Package Review SIG that focuses on enabling new packages to make their way into Fedora in a timely manner. This isn’t something that I have a firm answer to but hope that we could collectively focus on to resolve or at least help remedy.

What’s your point of view about library bundling in packages?

tl;dr – I’d prefer we don’t bundle things but I think with the current landscape of the open source ecosystem, it’s something that we need to be able to compromise on.

Library bundling is something I think is a bad idea. That being said, we don’t live in the same world we did in the late 90s and early 2000s where the primary method of acquiring software is the distribution’s repository. Upstream projects used to release source code and expected users to build from source or relied upon downstream projects such as Fedora to consume them and deliver consumable versions of their software with whatever policies around things like bundled libraries that went along with that project. These days it is very common for upstream projects to distribute binary releases themselves with the goal of targeting as many distros and/or platforms as possible. As a side effect of this, bundled libraries has become increasingly commonplace. I think that we should absolutely work towards debundling things that are bundled where applicable but the reality is that some upstreams have no interest in this and are not receptive to the changes. With that in mind, we can either maintain a fork or find a way to manage and mitigate the impact of bundled libraries in Fedora, which is something I think FESCo recently did very well. This goes along with the mantra of “upstream first” such that we engage with upstream projects and communities.

The post FESCo Elections: Interview with Adam Miller (maxamillion) appeared first on Fedora Community Blog.

Freeswitch vs. Asterisk?

VOIP of the highest quality

We’ve been experimenting with VOIP in our school, primarily for internal communication.  I’ve set up both asterisk and freeswitch servers, and have been quite frustrated with the limitations of both.

Asterisk only allows one registration to be connected to each extension.  Yes, there are ways to work around this restriction (for extension 101, set up multiple extensions – 980101, 981101, 982101, and then set up a ring group 101 that rings those extensions simultaneously), but it’s an incredibly irritating workaround.

Freeswitch does allow multiple registrations on a single extension, but it has other problems.  Some of our softphones are running over WiFi and we need SRTP for these systems.  Other hardware phones don’t support SRTP, which, while not ideal, is less of an issue because they’re connected via a physical link that we have complete control over.  Unfortunately, even with Freeswitch in bridging mode, it refuses to use SRTP on the softphone link, while using no encryption on the hardware phone link.  It’s either all or nothing.  Which means, during our testing phase, we’re stuck at nothing.  Lovely.

So should I bail on Freeswitch and switch over to Asterisk?  Stick with Freeswitch and hope that I can work out some way of fixing the SRTP problem?  Or should I just give our staff tin cans attached to Cat-6 cable and tell them that’s the new VOIP system?

FAmSCo Elections: Interview with Ben Williams (Southern_Gentlem / kk4ewt)
Fedora Ambassador Steering Committee badge

Fedora Ambassador Steering Committee badge

This is a part of the FAmSCo Elections Interviews series. Voting is open to all Fedora contributors. The voting period starts on Tuesday, December 08 and closes promptly at 23:59:59 UTC on Monday, December 14th. Please read the responses from candidates and make your choices carefully. Feel free to ask questions to the candidates here (preferred) or elsewhere!

Interview with Ben Williams

  • Fedora Account: jbwillia
  • IRC: Southern_Gentlemkk4ewt (usually in #fedora, #fedora-ambassadors)
  • Fedora User Wiki Page

What is your background in Fedora? What have you worked on and what are you doing now?

Wow, I really had to think hard about this question.  I have been in #fedora channel asking questions and helping others since Fedora Core 1 timeframe , during the Fedora Core 3 timeframe i was made a channel operator for the #fedora channel. I continue working in the #fedora channel still today helping where i can (IRC nicks Southern_Gentlem, VileGent, kk4ewt).  In the FC5 timeframe I was a founding member of the Fedora Unity Project who worked to provide useful documentation and provided updated respins for the community, I am currently the person that works to provide the updated lives for the community. I have also served as the host for FUDCon Blacksburg 2012.  I have  represented Fedora at several events including but not limited to Scale, Southeast LinuxFest, Ohio Linuxfest,  Fosscon, and talks and Installfest with the Virginia Tech Linux Unix Users Group. and I am currently the East Coast Distribution Coordinator for Fedora Ambassadors North America.

Interest in traditional Linux events seems to be stagnating or even declining. How should the Ambassadors respond to this change?

Well for one we all need to advertise Linux to the general public, it has been about 5 years since there was a push to advertise Linux to the general public.  (example: The Kid Commerical by IBM in 2005)

Our displays at events need to show the public what Linux can do for them for their daily computer tasks.  (examples be it from email, web browsing to using Linux for Amateur Radio Emergency Communications).

It seems the Ambassador activities are disconnected from the rest of the project. What is your way of fixing the issue?

I have seen this for a long time, I would really like to see more cooperation between Documentation, Marketing, Design and the Ambassadors for getting info out to our community.  I don’t know if we need a central Trac or quarterly meeting of all the groups concerned to resolve these communication issues. In the past the Ambassadors had tri-fold brochures that covered different things (Music, Desktop, Publishing, etc.) that could be used by the Ambassador at events.

What is your take on the recent governance reorganization (Council, working groups, budget, etc.)?

Well every organization goes through some sort of restructuring over time, we have a lot of things that have been working and we still have some rough edges on other things so IMHO time will tell what works the best.  As always Fedora will be driven by the ones doing the work.

Closing words

If I am elected to FAmSCo I will do as I have always done by doing the best I can to promote the project, and the people who give their blood, sweat and tears daily for the project.

– Ben Williams (jbwillia)

The post FAmSCo Elections: Interview with Ben Williams (Southern_Gentlem / kk4ewt) appeared first on Fedora Community Blog.

Install SimpleScreenRecorder in Fedora

Make simple

Add the russianfedora repository

sudo dnf install

Now install SSR

sudo dnf install -y simplescreenrecorder

it’s all.

Instala Simplescreenrecorder en Fedora


Agreguen el repositorio del remix ruso de Fedora

sudo dnf install

Instalen SSR

sudo dnf install -y simplescreenrecorder

Es todo.

Where is the physical trust boundary?
There's a story of a toothbrush security advisory making the rounds.

This advisory is pretty funny but it matters. The actual issue with the toothbrush isn't a huge deal, an attacker isn't going to do anything exciting with the problems. The interesting issue here is we're at the start of many problems like this we're going to see.

Today some engineers built a clever toothbrush. Tomorrow they're going to build new things, different things. Security will matter for some of them. It won't matter for most of them.

Boundaries of trust

Today when we try to decide if something is a security issue we like to ask the question "Does this cross a trust boundary?" If it does, it's probably a security issue. If no trust boundary is crossed, it's probably not an issue. There are of course lots of corner cases and nuance, but we can generally apply the rule.

Think of it this way. If a user can delete their own files, that's not crossing a trust boundary, that's just doing something silly. If a user can delete someone else's files, that's not good.

This starts to get weird when we think about real things though.

Boundaries of physical trust?

What happens in the physical world? What counts as a trust boundary? In the toothbrush example above an attacker could gain knowledge of how someone is using a toothbrush. That's technically a trust boundary (an attacker can gain data they're not supposed to have), but let's face it, it's not a big deal. If your credit card number was also included in the data, sure no question there.

But as such, we're talking about data that isn't exciting. You can make the argument about tracking data from a user over the course of time and across devices, let's not go there right now. Let's just keep the thinking small and contained.

Where do we draw the line?

If we think about physical devices, what are our lines? A concept of just a trust boundary doesn't really work here. I can think of three lines, all of which are important, but not equally important.
  1. Safety
  2. Harm
  3. Annoyance


When I say safety I'm thinking about a device that could literally kill a person. This could be something like disabling the brakes on a car. Making a toaster start a fire. Catastrophic events. I don't think anyone would ever claim this class of issues isn't a problem. They are serious, I would expect any vendor to take these very seriously.


Harm would be where someone or something can be hurt. Nothing catastrophic. Think maybe a small burn, or a scrape. Perhaps making someone fall down when using a scooter, or burn themselves with a device. We could argue this category for a while. Things will get fuzzy between if the problem is catastrophic. Some vendors will be less willing to deal with these but I bet most get fixed quickly.


Annoyance is where things are going to get out of hand. This is where the toothbrush advisory lives. In the case of a toothbrush it's not going to be a huge deal. Should the vendor fix it? Probably. Should you get a new toothbrush over it? Probably not.

The nuance will be which annoying problems deserve fixes and which ones don't? Some of these problems could cost you money. What if an attacker can turn up your thermostat so your furnace runs constantly? Now we have an issue that can cost real money. What if we have a problem where your 3D printer ruins a spool of filament? What if the oven burns the Christmas goose?

Where is our trust boundary in the world of annoying problems? You can't just draw the line at money and goods. What happens if you can ring a person's door bell and they have to keep getting up to check the door? Things start to get really weird.

Do you think a consumer will be willing to spend an extra $10 for "better security"? I doubt it. In the event a device will harm or kill a person there are government agencies to step in and stop such products. There are no agencies for leaking data and even if there were they would have limited resources. Compare "annoyance security" to all the products sold today that don't actually work, who is policing those?

As of right now our future is going to be one where everything is connected to the Internet, none of it is secure, and nobody cares.

Join the conversation, hit me up on twitter, I'm @joshbressers
I support Software Freedom Conservancy

If you’ve read this blog for any length of time, you know that free and open source software is important to me. It’s important to Software Freedom Conservancy as well. Conservancy is a 501(c)(3) organization dedicated to supporting software projects.

Conservancy provides a lot of services to member projects, including financial and administrivia. Conservancy also provides license enforcement services, including support of a high-profile suit against VMWare. Although Conservancy uses litigation as a last resort, it’s sometimes necessary. However, this has lead to some corporate sponsors pulling their funding.

In order to continue their efforts, Conservancy is moving to an individual-supporter model. I first became a Conservancy supporter last year, and when it’s shortly time to renew my support, I will contribute double. Free and open source software is important to my personal and professional lives, and the services Conservancy provide to projects is invaluable.

If you use computers at all, a Conservancy project is probably an important part of your daily life. Please join me in supporting the Software Freedom Conservancy with a tax-deductible* donation today.

*Consult your tax professional to see if donations are tax-deductible in your jurisdiction.

Blivet-gui 1.0 in Fedora 23

Blivet-gui, a graphical tool for storage management, reached an important milestone -- version 1.0 (blivet-gui 1.0 was actually already released in September and it took me more than two months to write this blog post, the latest version available in rawhide is 1.2).

So what's new since the previous blog post? Obviously, there is the new UI. The visualization in case of more complicated storage configuration is still not as good as I want, but so far I have not found any solution that would make it less complicated for configurations working with many devices. My testing machine has 25 disks with more than 20 different LVM volume groups, software RAIDs and BTRFs volumes and it's sometimes quite hard not to be confused even with the new UI.

New UI -- visualization of disk with an extended partition and "c" LVM volume group

New UI -- visualization of physical volumes of "c" LVM volume group

If you have any ideas that would make the UI and visualization better, feel free to contact me.

Other new features besides the new UI were added - some more visible, some less:

  • It is now possible to "force" create extended or primary partition. In previous versions of blivet-GIU, the fourth partition was always created as logical inside an extended partition.

  • Added support for LVM snapshots and LVM ThinProvisioning.

  • Simple progress is displayed when running scheduled actions.

  • You can specify PE size when creating an LVM Volume Group.

  • Blivet-gui is now Python 3 only.

  • I have created an (temporary) icon for blivet-gui. And I have also added AppData for blivet-gui, so it will be available in GNOME Software.

Future of blivet-gui

Blivet-gui now has all planned features. There are some small "nice-to-have" things, but new features for future versions of blivet-gui will depend on new features of blivet. Blivet now prepares for a new big release "2.0" with a lot of changes in API and code and many new features. Already implemented ones include support for LVM cache and LVM RAID (thanks to Vratislav Podzimek for implementing these). The LVM cache support is actually implemented in blivet-gui (but not yet released).

Adding cached LVM logical volume in blivet-gui

Daily builds

If you'd like to keep track with new features, you can use my Copr repo with daily builds of blivet-gui, blivet and other projects of our team (including Anaconda).

As always, if you'd like to help, the source code is available on GitHub. New ideas and bug reports are welcome as well. Visit Zanata if you'd like to help with blivet-gui localization.

Creating a laser light show with Fedora

Every day, people are making all kinds of incredible software powered by Fedora. The Fedora user community is broad and diverse, and sometimes, we hear about things that we never imagined possible. Rochester Institute of Technology student and Fedora user Brendan Whitfield developed an open-source library for interfacing with laser projectors to create all kinds of awesome images and animations using lasers (including the Fedora logo)! We wanted to know more about the work Brendan was doing and interviewed him about his project, LZR.

Impacting laser development with open-source

Brendan Whitfield, author of LZR

Brendan has always had a fascination for lasers.

LZR is one of Brendan’s latest projects fueled by a passion and interest in working with lasers. Since an early age, he wanted to learn more about all of the “magic” that goes behind powering powerful lights. LZR is just the latest manifestation of that obsession. In addition to writing the free and open-source library for handling the user’s graphics to the laser projector via a laser digital-to-analog converter (DAC), like EtherDream (open software DAC), he also spends some of his time building and modifying the actual laser projectors.

I spent some time with Brendan at the Rochester Mini Maker Faire on November 21st in Rochester, NY. In addition to being a student at RIT, he also is involved with FOSS@MAGIC, a group of students and professors passionate about Free and Open Source Software, which is associated with the FOSS Minor offered at RIT. As part of the FOSS@MAGIC booth at the Faire, he had a live demo of his laser software, along with a Leap Motion sensor to detect people’s fingers and convert it to moving lasers against a whiteboard. While I was with Brendan, I had the opportunity to ask him a few questions about his project and how open source influenced the creation of the library.

How does your program work and connect to the projector to create the digital laser images? How would you describe it to someone who has never seen your program’s code before?

“Lasers produce graphics by scanning a single beam according to vector data. To connect to a laser projector, you need a little bit of hardware. Typically, they take XY and color data from a digital-to-analog adapter that you attach to your computer. There are a number of proprietary options on the market, but also a smattering of independently-developed adapters. The one that caught my eye was the EtherDream. It’s an open-source ARM board that accepts vector graphics over Ethernet.

LZR: Making Fedora logo in lasers

Playing with the lights. Adjusting the colors of the laser output.

This gets you halfway to a laser show, but you still need a human interface to produce the graphics. These are typically reminiscent of video editors, with timelines, clips, and effects. My code currently consists of a library, a daemon, and a visualizer. The library provides applications with all of the functions and data structures needed to easily operate on laser graphics.

Modularity is also a strong point I’m focusing on. I routinely run into freeware that is written as a monolith, which makes it difficult to splice your own programs into the mix. For this reason, LZR uses ZeroMQ to stream frames between applications. This makes it trivial to attach things like visualizers, or if you feel so inclined, run your laser completely via IP. As long as there’s a daemon to run the adapter at the other end, you can route your laser graphics any way you see fit.”

What inspired you to make LZR?

“It started with an early love of lighting. My father is a professional lighting designer, and I always loved tagging along when I was little. I was introduced to automated lights, and that just about blew my little mind. I was hooked at an early age, and spent many summer days choreographing light-shows in my garage. From that starting point, lasers were an obvious next step.

LZR: Making Fedora logo in lasers

The lasers, the glass, the projector, and the DAC. Hardware is a major part of the exhibit!

Thankfully, there’s a fantastic community of enthusiasts on the net, and plenty of information to work from. So, somewhere at the end of middle school, with the help of my brother and father, I managed to wire a couple of galvos to a DAC schematic that I’d seen floating around. It looked like a mess, but it worked! I started off running the whole setup with various pieces of freeware from other hobbyists, but I quickly ran into limitations, or wanted different functionality. So I wrote my own projection software in Visual Basic (I was a young programmer). I had no idea what I was doing, but that’s how you learn. Back then, linking to DLLs for serial control was certified voodoo. How do you rotate 2D points? Who cares! Just copy the equation and match the variables! After some time, I managed to implement a basic drawing GUI, and a primitive effects stack. But, because VB timers can only give you millisecond resolution, I eventually abandoned this project.

Fast-forward to college years, and I’ve fallen into the black-hole of software. Specifically, the sub-black-hole of FOSS! So, with more software skills to leverage, I’ve decided to take another crack at building my own laser software.”

When you were beginning your project, why did you choose to use an open-source license for your project?

“There are many proprietary options for making laser shows. I stay away from them for the following reasons:

  • I can’t modify most of them beyond simple scripts and plugins.
  • They can be ludicrously expensive (I’m a college student).

While I am thankful for the work of the hobbyists, I often find the software to be…

  • Windows-only.
  • Freeware (free as in beer, but not open source).
  • Single-purposed (basic drawing, function generators, playback only, etc…).
  • Monolithic.

So instead of complaining about it, I will try to do better, and will share whatever I come up with. The only reason I was able to start lasing in middle school is because a bunch of people started sharing information online. So the next time some kid wants to make a wacky program for a local venue, they have access to all the tools. Open source is an amazing catalyst for creativity.”

LZR: Making Fedora logo in lasers

A close-up of the projector, tuned specifically for creating an awesome light show.

Check out LZR

LZR comes with the benefit of being completely open source, and contributions are welcome. Anyone can take the code and modify it to suit their purposes.

Brendan has several other projects available on his GitHub. You can also find his contact information in his profile.

All the photos in this article were taken by Brendan Whitfield.

Gotta Badge ‘Em All: Telegraphist

Telegraphist: What is it?

Telegraphist badge, for mapping names to packages

“You mapped an upstream project to a Fedora package on

The Telegraphist badge is categorized as a “Quality [Assurance] Badge” and is defined in this Trac ticket. But what’s the real scoop behind the Telegraphist badge?

In short, Telegraphist is awarded to Fedora contributors and users who map the names of their favorite upstream projects to packages available in Fedora. This makes it easier for developers and users to monitor updates on their favorite packages, and to make sure that new versions of upstream software are packaged and made available in Fedora. The software backing this site is called Anitya, and you can use it now on! The original announcement for this site was made by Ralph Bean on the developers mailing list in February 2015.

How do I earn Telegraphist?

Earning Telegraphist is easy! First, you should look through the list of software you have installed on your system. What are some of your favorite apps? What do you use all the time and think you couldn’t live without? Try searching for it on Anitya. Does it exist?

It may be that the package you search for is already mapped. In that case, take a look through it and see if the information is still correct and relevant. Sometimes a project’s homepage may change, or they might switch the locations of where they host their code. If something’s wrong, edit it and correct the info.

Telegraphist: Add a project to Anitya

Add a project to Anitya using info like this, except for your favorite project.

On the other hand, it may be that the package you want to add doesn’t exist. Viola, a badge opportunity has presented itself! You can help Fedora developers by providing the relevant info for a project. Click on “Add project” on the top bar and begin entering all the relevant info. For an example, see my mapping of the yubikey-personalization-gui in the screenshot.

The Telegraphist tl;dr

  1. Awarded to contributors who map upstream project info to specific packages in Fedora
  2. Automatically awarded when you map a project on
  3. Find project info for your favorite software, and if it doesn’t exist, add it to the database

The post Gotta Badge ‘Em All: Telegraphist appeared first on Justin W. Flory's Blog.

November 29, 2015

Support Software Freedom Conservancy

As some of you may know, Software Freedom Conservancy (SFC) has announced a "Supporter" program, allowing individuals to make a donation to SFC's general operating fund, helping them to do the things they do. Since I'm a huge fan of the work that SFC does, I've decided to become a supporter and I encourage others to do the same.

What is hacker culture?
Eric Raymond, author of The Cathedral and the Bazaar (an important work describing the effectiveness of open collaboration and development), recently wrote a piece calling for "Social Justice Warriors" to be ejected from the hacker community. The primary thrust of his argument is that by calling for a removal of the "cult of meritocracy", these SJWs are attacking the central aspect of hacker culture - that the quality of code is all that matters.

This argument is simply wrong.

Eric's been involved in software development for a long time. In that time he's seen a number of significant changes. We've gone from computers being the playthings of the privileged few to being nearly ubiquitous. We've moved from the internet being something you found in universities to something you carry around in your pocket. You can now own a computer whose CPU executes only free software from the moment you press the power button. And, as Eric wrote almost 20 years ago, we've identified that the "Bazaar" model of open collaborative development works better than the "Cathedral" model of closed centralised development.

These are huge shifts in how computers are used, how available they are, how important they are in people's lives, and, as a consequence, how we develop software. It's not a surprise that the rise of Linux and the victory of the bazaar model coincided with internet access becoming more widely available. As the potential pool of developers grew larger, development methods had to be altered. It was no longer possible to insist that somebody spend a significant period of time winning the trust of the core developers before being permitted to give feedback on code. Communities had to change in order to accept these offers of work, and the communities were better for that change.

The increasing ubiquity of computing has had another outcome. People are much more aware of the role of computing in their lives. They are more likely to understand how proprietary software can restrict them, how not having the freedom to share software can impair people's lives, how not being able to involve themselves in software development means software doesn't meet their needs. The largest triumph of free software has not been amongst people from a traditional software development background - it's been the fact that we've grown our communities to include people from a huge number of different walks of life. Free software has helped bring computing to under-served populations all over the world. It's aided circumvention of censorship. It's inspired people who would never have considered software development as something they could be involved in to develop entire careers in the field. We will not win because we are better developers. We will win because our software meets the needs of many more people, needs the proprietary software industry either can not or will not satisfy. We will win because our software is shaped not only by people who have a university degree and a six figure salary in San Francisco, but because our contributors include people whose native language is spoken by so few people that proprietary operating system vendors won't support it, people who live in a heavily censored regime and rely on free software for free communication, people who rely on free software because they can't otherwise afford the tools they would need to participate in development.

In other words, we will win because free software is accessible to more of society than proprietary software. And for that to be true, it must be possible for our communities to be accessible to anybody who can contribute, regardless of their background.

Up until this point, I don't think I've made any controversial claims. In fact, I suspect that Eric would agree. He would argue that because hacker culture defines itself through the quality of contributions, the background of the contributor is irrelevant. On the internet, nobody knows that you're contributing from a basement in an active warzone, or from a refuge shelter after escaping an abusive relationship, or with the aid of assistive technology. If you can write the code, you can participate.

Of course, this kind of viewpoint is overly naive. Humans are wonderful at noticing indications of "otherness". Eric even wrote about his struggle to stop having a viscerally negative reaction to people of a particular race. This happened within the past few years, so before then we can assume that he was less aware of the issue. If Eric received a patch from someone whose name indicated membership of this group, would there have been part of his subconscious that reacted negatively? Would he have rationalised this into a more critical analysis of the patch, increasing the probability of rejection? We don't know, and it's unlikely that Eric does either.

Hacker culture has long been concerned with good design, and a core concept of good design is that code should fail safe - ie, if something unexpected happens or an assumption turns out to be untrue, the desirable outcome is the one that does least harm. A command that fails to receive a filename as an argument shouldn't assume that it should modify all files. A network transfer that fails a checksum shouldn't be permitted to overwrite the existing data. An authentication server that receives an unexpected error shouldn't default to granting access. And a development process that may be subject to unconscious bias should have processes in place that make it less likely that said bias will result in the rejection of useful contributions.

When people criticise meritocracy, they're not criticising the concept of treating contributions based on their merit. They're criticising the idea that humans are sufficiently self-aware that they will be able to identify and reject every subconscious prejudice that will affect their treatment of others. It's not a criticism of a desirable goal, it's a criticism of a flawed implementation. There's evidence that organisations that claim to embody meritocratic principles are more likely to reward men than women even when everything else is equal. The "cult of meritocracy" isn't the belief that meritocracy is a good thing, it's the belief that a project founded on meritocracy will automatically be free of bias.

Projects like the Contributor Covenant that Eric finds so objectionable exist to help create processes that (at least partially) compensate for our flaws. Review of our processes to determine whether we're making poor social decisions is just as important as review of our code to determine whether we're making poor technical decisions. Just as the bazaar overtook the cathedral by making it easier for developers to be involved, inclusive communities will overtake "pure meritocracies" because, in the long run, these communities will produce better output - not just in terms of the quality of the code, but also in terms of the ability of the project to meet the needs of a wider range of people.

The fight between the cathedral and the bazaar came from people who were outside the cathedral. Those fighting against the assumption that meritocracies work may be outside what Eric considers to be hacker culture, but they're already part of our communities, already making contributions to our projects, already bringing free software to more people than ever before. This time it's Eric building a cathedral and decrying the decadent hordes in their bazaar, Eric who's failed to notice the shift in the culture that surrounds him. And, like those who continued building their cathedrals in the 90s, it's Eric who's now irrelevant to hacker culture.

(Edited to add: for two quite different perspectives on why Eric's wrong, see Tim's and Coraline's posts)

comment count unavailable comments
Software Freedom Conservancy

I support the Software Freedom Conservancy because they provide a virtual home for Free Software communities. In their own words:

Software Freedom Conservancy is a not-for-profit organization that helps promote, improve, develop, and defend Free, Libre, and Open Source Software (FLOSS) projects. Conservancy provides a non-profit home and infrastructure for FLOSS projects. This allows FLOSS developers to focus on what they do best — writing and improving FLOSS for the general public — while Conservancy takes care of the projects’ needs that do not relate directly to software development and documentation.

Some projects receive support from or are managed by companies or trade associations that benefit from the software the community produces. That is great as long as the community objectives and the company profit motives are aligned. Free Software is a good way for companies to work together. The services that the Conservancy provides allows projects to define their own terms and conditions for the community to work together. And companies can then join on equal terms. Making sure the project and community will work together for the public benefit.

Please support the Software Freedom Conservancy by donating so they will be able to provide a home to many more communities. A donation of 10 US dollars a month will make you an official sponsor. Or donate directly to one of their many member projects.

Software Freedom Conservancy Member Projects

Software Freedom Conservancy Member Projects

Inspecting Method Arguments in Python

How do you execute methods from 3rd party classes in a backward compatible manner when these methods change their arguments ?

s3cmd's PR #668 is an example of this behavior, where python-libs's added a new parameter to disable hostname checks. As a result of this s3cmd broke.

One solution is to use try-except and nest as much blocks as you need to cover all of the argument variations. In s3cmd's case we needed two nested try-except blocks.

Another possibility is to use the inspect module and create the argument list passed to the method dynamically, based on what parameters are supported. Depending on the number of parameters this may or may not be more elegant than using try-except blocks although it looks to me a bit more human readable.

The argument list is a member named co_varnames of the code object. If you want to get the members for a function then


if you want to get the members for a class method then


Consider the following example
import inspect

def hello_world(greeting, who):
    print greeting, who

class V1(object):
    def __init__(self):
        self.message = "Hello World"

    def do_print(self):
        print self.message

class V2(V1):
    def __init__(self, greeting="Hello"):
        self.message = self.message.replace('Hello', greeting)

class V3(V2):
    def __init__(self, greeting="Hello", who="World"):
        V2.__init__(self, greeting)
        self.message = self.message.replace('World', who)

if __name__ == "__main__":
    print "=== Example: call the class directly ==="
    v1 = V1()

    v2 = V2(greeting="Good day")

    v3 = V3(greeting="Good evening", who="everyone")

    # uncomment to see the error raised
    #v4 = V1(greeting="Good evening", who="everyone")

    print "=== Example: use try-except ==="
    for C in [V1, V2, V3]:
            c = C(greeting="Good evening", who="everyone")
        except TypeError:
                print "    error: nested-try-except-1"
                c = C(greeting="Good evening")
            except TypeError:
                print "    error: nested-try-except-2"
                c = C()


    print "=== Example: using inspect ==="
    for C in [V1, V2, V3]:
        members = dict(inspect.getmembers(C.__init__.__func__.__code__))
        var_names = members['co_varnames']
        args = {}

        if 'greeting' in var_names:
            args['greeting'] = 'Good morning'

        if 'who' in var_names:
            args['who'] = 'children'

        c = C(**args)

The output of the example above is as follows

=== Example: call the class directly ===
Hello World
Good day World
Good evening everyone
=== Example: use try-except ===
    error: nested-try-except-1
    error: nested-try-except-2
Hello World
    error: nested-try-except-1
Good evening World
Good evening everyone
=== Example: using inspect ===
Hello World
Good morning World
Good morning children
Qt testing packages for Fedora and Epel on copr

We’re ( kde-sig ) trying slowly improve the quality of Fedora KDE and Qt, and is a lot of work. Some of the members even got to new jobs reducing the time to deal as “life” happens, which makes the work harder. Rex Dieter, our fearless ( and reasonable ) leader do a fantastic 100 people work, but still, we have enough to 100+n persons. So anything that can reduce the test time and the burden on the process are a necessary solution.

Some can arg that rawhide is a test place, and they are right, but is for a devel future, not for a soon to be stable set of packages. And we’re hardly see people using rawhide on production aside us in some very very very restricted cases and most of all, in virtual machines, not bare metal.
Then we can go to the -testing repo, which leads to Fedora buildsystem, that not helps much as every new package submitted need rely of someone say’s ok to testing stage or worst, wait minimum 7 days until reach the servers.
And is not testing per se, as if we wait for 7 days without anyone really tested the package and reach the stable with a bad version, so we’re be double screwed.

So, for example, in a few days we will have Qt 5.6.0 rc and we want that people have it as soon as possible in their machines as soon it reaches the final if possible on the release day been in our default repositories, and avoid the now more common annoyed people saying that the other ** distro already has it or why it takes so long blaming us lazy packagers.

The solution ? kde-sig Copr group ! The recent upgrade on copr allow us to have groups instead of individuals, and now this leads to current Qt repo.

With the blessing of Dan Vratil, i took his original repository and recreated over Qt5 KDE Sig Copr Repo with most current Qt possible.

You will find now 5.6.0 beta available for rawhide, f23, f22 and Epel-7 restricted on f23 and f22 to x86_64 due a build bug on i386 chroots from copr ( a segfault that we’re not managed to find ).

Still missing the qtwebengine package due the work to remove included 3rdparty source to bind to Fedora policies, and this is a hard work, even simplified a lot by Qt devs ( thanks to Allan )

So, we’re open to “business” and if you think we can improve Fedora, any ideas are welcome.

Reinforcing: KDE Sig Copr place

Setting up IPA with a specific CA cert subject
If you are doing experiments with IPA where you install and reinstall IPA servers, you may notice SSL certificate errors when connecting to an IPA server using Firefox. The reason is that always the same Organization and serial is used when the CA cert is created. Normal users are usually only affected when using the […]
QElectroTech version 0.5

RPM of QElectroTech version 0.5, an application to design electric diagrams, are available in remi for Fedora and Enterprise Linux 7.

Only 9 months after the version 0.4 release, the project have just released a new major version of their electric diagrams editor.

Official web site : and version announcement.

Installation by YUM :

yum --enablerepo=remi install qelectrotech

RPM (version 0.50-1) are available for Fedora ≥ 19 and Enterprise Linux 7 (RHEL, CentOS, ...)

Updates are also on the road to official repositories

Notice :a Copr / Qelectrotech repository also exists, which provides "development" versions (also 0.5 for now).

November 28, 2015

Disabling Dynamic Currency Conversion (DCC) in Airbnb

In many travel-related web sites for airlines and hotels, there is some attempt to sting the customer with an extra fee by performing a currency conversion at an inflated exchange rate. Sometimes it is only about five percent and this may not appear to be a lot but in one case a hotel was trying to use a rate that increased the cost of my booking by 30%. This scheme/scam is referred to as Dynamic Currency Conversion (DCC). Sometimes the website says that they are making it "easy" for you by giving you a "guaranteed" exchange rate that "might" be better than the rate from your bank. Sometimes a hotel or restaurant in a tourist location insists that you have to pay in a currency that is not the same as the currency on your booking receipt or their menu card, this is also a DCC situation.

Reality check: these DCC rates are universally bad. Last time I checked, my own credit card only has a 0.9% fee for currency conversion. Credit card companies have become a lot more competitive but the travel industry hasn't.

Airbnb often claims that they want to help the little guy and empower people, at least that is the spin they were using when New York city authorities were scrutinizing their business model. Their PR blog tries to boast about the wonderful economic impact of Airbnb.

But when it comes to DCC, the economic impact is universally bad for the customer and good for Airbnb's bosses. Most sites just turn on DCC by default and add some little opt-out link or checkbox that you have to click every time you book. Airbnb, however, is flouting regulations and deceiving people by trying to insist that you can't manually choose the currency you'll use for payment.

Fortunately, Visa and Mastercard have insisted that customers do have the right to know the DCC exchange rate and choose not to use DCC.

What are the rules?

Looking at the Visa system, the Visa Product and Service Rules, page 371, s5.9.7.4 include the statement that the merchant (Airbnb) must "Inform the Cardholder that Dynamic Currency Conversion is optional".

The same section also says that Airbnb must "Not use any language or procedures that may cause the Cardholder to choose Dynamic Currency Conversion by default". When you read the Airbnb help text about currencies, do you think the language and procedures there comply with Visa's regulations?

What does Airbnb have to say about it?

I wrote to Airbnb to ask about this. A woman called Eryn H replied "As it turns out we cannot provide our users with the option to disable currency conversion."

She went on to explain "When it comes to currency converting, we have to make sure that the payments and payouts equal to be the same amount, this is why we convert it as well as offer to convert it for you. We took it upon ourselves to do this for our users as a courtesy, not so that we can inconvenience any users.". That, and the rest of Eryn's email, reads like a patronizing copy-and-paste response that we've all come to dread from some poorly trained customer service staff these days.

Miss H's response also includes this little gem: "Additionally, if you pay in a currency that’s different from the denominated currency of your payment method, your payment company (for example, your credit or bank card issuer) or third-party payment processor may apply a currency conversion rate or fees to your payment. Please contact your provider for information on what rates and fees may apply as these are not controlled by or known to Airbnb." and what this really means is that if Airbnb forces you to use a particular currency, with their inflated exchange rate and that is not the currency used by your credit card then you will have another currency conversion fee added by your bank, so you suffer the pain of two currency conversions. This disastrous scenario comes about because some clever person at Airbnb wanted to show users a little "courtesy", as Miss H describes it.

What can users do?

As DCC is optional and as it is not clear on the booking page, there are other things a user can do.

At the bottom of the Airbnb page you can usually find an option to view prices in a different currency. You can also change your country of residence in the settings to ensure you view prices in the host currency. This allows you to see the real price, without the DCC steal.

People have been able to email or call Airbnb and have DCC disabled for their account. Not all their telephone staff seem to understand these requests and apparently it is necessary to persist and call more than once. In the long term, the cost savings outweigh the time it may take even if you spend 20 minutes on the phone getting it fixed.

Whatever you do, with any travel site, print a copy of the information page showing the price in host currency. After doing that for an Airbnb booking and before making any payment, send a message to the host quoting the total price in their currency and stating DCC is not authorized. If Airbnb does wrongly convert the currency, send a letter to the credit card company asking for a full refund/chargeback on the basis that the transaction in the wrong currency was not an authorized transaction. It is important to ensure that you do not agree to the payment using Verified-by-Visa or Mastercard Securecode and do not pay with a debit card as these things can undermine your chances of a successful chargeback.

The chargeback rules are very clear about this. On the Visa website, the Guide for the Lodging Industry describes all the chargeback reason codes. On page 46, reason code 76 is described for cases such as these:

  • Cardholder was not advised that Dynamic Currency Conversion (DCC) would occur
  • Cardholder was refused the choice of paying in the merchant’s local currency

If you feel that Airbnb's web site was not operating in compliance with these rules, while many other web sites have made the effort to do so, why shouldn't you demand a correction by your bank? Once enough people do this, don't be surprised if Airbnb fixes their site.

Custom keyboard shortcuts for Evolution in GNOME

I’ve been a big fan of Thunderbird for years, but it lacks features in some critical areas. For example, I need Microsoft Exchange and Google Apps connectivity for my mail and contacts, but Thunderbird needs some extensions to make that connectivity easier. There are some great extensions available, but they lack polish since they’re not part of the core product.

My muscle memory for keyboard shortcuts in Thunderbird left me fumbling in Evolution. Some of the basics that I used regularly, such as writing a new email or collapsing/expanding threads, were wildly different. For example, there’s no keyboard shortcut for expanding threads in Evolution by default.

The search

In my quest to adjust some of the default keyboard shortcuts for Evolution, I found lots of documentation about previous versions of GNOME in documentation and countless forum posts. None of the old tricks, like editable menus and easily adjusted dconf settings, work any longer.

I stumbled onto an email thread from August 2015 on this very topic and I was eager to find out if GNOME 3.18’s Evolution would look at the same .config/evolution/accels file as the one mentioned in the thread.

First, I started Evolution with strace so I could review the system calls made during its startup:

strace -q -o evolution-trace.out -s 1500 evolution

Sure enough, Evolution was looking for the accels file:

$ grep accels evolution-trace.out 
open("/home/user/.config/evolution/accels", O_RDONLY) = 10
open("/home/user/.config/evolution/accels", O_WRONLY|O_CREAT|O_TRUNC, 0644) = 34

Adding custom keyboard shortcuts

Editing the accels file is easy for most changes, but be sure Evolution is stopped prior to editing the file. The file should look something like this:

; evolution GtkAccelMap rc-file         -*- scheme -*-
; this file is an automated accelerator map dump
; (gtk_accel_path "<Actions>/new-source/memo-list-new" "")
; (gtk_accel_path "<Actions>/switcher/switch-to-tasks" "<Primary>4")
; (gtk_accel_path "<Actions>/mailto/add-to-address-book" "")
; (gtk_accel_path "<Actions>/mail/mail-next-thread" "")

Editing an existing shortcut is easy. For example, the default shortcut for creating a new email is CTRL-SHIFT-M:

; (gtk_accel_path "<Actions>/new-item/mail-message-new" "<Primary><Shift>m")

I prefer Thunderbird’s default of CTRL-N for new emails:

(gtk_accel_path "<Actions>/new-item/mail-message-new" "<Primary>n")

Those edits are quite easy, but things get interesting with other characters. For example, Thunderbird uses the asterisk (*) for expanding threads and backslash (\) for collapsing them. Those characters are special in the context of the accels file and they can’t be used. Here’s an example of how to set keyboard shortcuts with those:

(gtk_accel_path "<Actions>/mail/mail-threads-expand-all" "asterisk")
(gtk_accel_path "<Actions>/mail/mail-threads-collapse-all" "backslash")

To determine the names of those special characters, use xmodmap:

$ xmodmap -pk | grep backslash
     51     0x005c (backslash)  0x007c (bar)    0x005c (backslash)  0x007c (bar)

Checking your work

Once you make your adjustments, Evolution should display those new keyboard shortcuts in its menus. For example, here’s my new shortcut for writing new emails:

evolution keyboard shortcuts

Go back and adjust as many of the shortcuts as necessary. However, remember to quit Evolution before editing the file.

The post Custom keyboard shortcuts for Evolution in GNOME appeared first on

November 27, 2015

The goats have strayed into GNOME

Here is a glimpse of what I have been doing lately.



The screenshots feature the photo please wait… by Garrett LeSage available under a Creative Commons Attribution-ShareAlike license.

Hurry up, only a few days left to do the 2015 Gluster Community Survey

The Gluster Community provides packages for Fedora, CentOS, Debian, Ubuntu, NetBSD and other distributions. All users are important to us, and we really like to hear how Gluster is (not?) working out for you, or what improvements are most wanted. It is easy to pass this information (anonymously) along through this years survey (it's a Google form).

If you would like to comment on the survey itself, please get in touch with Amye.

Forum PHP in Paris 2015

Back from Forum PHP Paris 2015.

First, a huge thanks to AFUP for the organization of this great event, as always, reception was beyond reproach.

This event was, once more, a great opportunity for many and rewarding meetings with lot of  PHP developers and users.

This year was exceptional, because PHP is 20 years old, AFUP is 15 years old and of course because of upcoming  PHP version 7:

<figure style="{figureStyle}">22976893670_aa78e7414b_o.jpg<figcaption> </figcaption></figure>

On the photo : (top) Derick Rethans, Anatol Belski, me, Zeev Suraski, (bottom) Pierre Joye, Rasmus Lerdorf, Bob Weinand and Nikita Popov.

More photos on Flickr.

I had the change to give a talk about collaboration between upstream (projects) and downstream (distribution) with an important part about QA management by the Fedora project.

Read the slides: Paris2015.pdf.

Feedback seems good, see

I waiting for next meetings.

All namespaces currently used

Reminder to myself:

readlink /proc/*/task/*/ns/* | sort -u
Configure Fedora 23 firewalld to allow nfs (Vagrant)

So today I have been trying to test some puppet modules in Vagrant but the machine bootup got stuck when trying to mount the nfs shares.

Some research showed, that firewalld and vagrant are not what you could call best friends, so basically the ports are blocked so the Virtualbox or libvirt (for example) connection tries get stuck in the firewall.

Here is a little script you need to run as root in order to allow nfs on your machine and be able to work with Vagrant like you did before again. Please note: This is for the Workstation version! You might need to change the zones for the server or cloud installations.

firewall-cmd --zone FedoraWorkstation --change-interface vboxnet0
firewall-cmd --zone FedoraWorkstation --permanent --add-service nfs
firewall-cmd --zone FedoraWorkstation --permanent --add-service rpc-bind
firewall-cmd --zone FedoraWorkstation --permanent --add-service mountd
firewall-cmd --zone FedoraWorkstation --permanent --add-port 2049/udp
firewall-cmd --reload

What this script does? It adds the vboxnet0 adapter Virtualbox uses to be taken care of by the FedoraWorkstation zone, allows all ports needed permanently (to survive reboots) and reloads the iptables rulesets created by firewalld.

More on Satellite 6.1 provisioning

Satellite 6.1 supposedly supports bonded network interfaces. If it does, we’ve yet to get it working.

To be fair, this is a slightly more complex setup with two interfaces on separate cards heading to separate switches using LACP for resilience which is more complex than balancing. There are then a number of virtual interfaces hanging off this on separate vlans.

However even without the VLAN interfaces in play, a basic bond fails and we are then presented with a failure cascade.

  • Foreman (the part of Satellite that controls provisioning) decides to change the IP of the provisioning node, not sure why, support case currently open. This happens whatever you do. Update – see below
  • You then delete the node which runs fine but leaves a dangling entry in DHCP because the MAC address has changed
  • You then have to edit the lease file to remove the entry and restart the daemon
  • Leave this to long and Satellite accepts fact uploads from the deleted node, adding it back into the foreman database and preventing re-provisioning. You then have to run db removal commands alluded to in my previous post. Update – see below

I have back-ported this fix:

which seems to prevent duplicate bonds getting created (another problem) but so far it hasn’t been an easy ride.

If you’re looking at using Satellite 6.1 to provision bonded networks (these are RHEL 7.2 machines) then I would avoid and use snippets, which is what we have done here and appear to be through the worst of the above.

Alternatively consider later versions of foreman with better bonding support?

Update: I have discovered that setting the following:


resolved the MAC address changing issue



resolves hosts getting re-added to the database after deletion.

PHP version 5.6.16

RPM of PHP version 5.6.16 are available in remi repository for Fedora  21 and  remi-php56 repository for Fedora ≤ 20 and Enterprise Linux (RHEL, CentOS).

Version announcements:

emblem-notice-24.pngInstallation : read the Repository configuration and choose your version and installation mode.

Replacement of default PHP by version 5.6 installation (simplest):

yum-config-manager --enable remi-php56
yum update

Parallel installation of version 5.6 as Software Collection (x86_64 only):

yum install php56

And soon in the official updates:

emblem-important-2-24.pngTo be noticed :

  • EL7 rpm are build using RHEL-7.1
  • EL6 rpm are build using RHEL-6.7
  • a lot of new extensions are also available, see the PECL extension RPM status page

emblem-notice-24.pngInformation, read:

Base packages (php)

Software Collections (php56)

FESCo Elections: Interview with Germano Massullo (Caterpillar / germano)
Fedora Engineering Steering Council badge, awarded after Fedora Elections - read the Interviews to learn more about candidates

Fedora Engineering Steering Council badge

This is a part of the FESCo Elections Interviews series. Voting is open to all Fedora contributors. The  voting period starts on Tuesday, December 08 and closes promptly at 23:59:59 UTC on Monday, December 14th. Please read the responses from candidates and make your choices carefully. Feel free to ask questions to the candidates here (preferred) or elsewhere!

Interview with Germano Massullo

What is your background in Fedora? What have you worked on and what are you doing now?

I am a Fedora user since 2009.

I co-maintain various packages: BOINC, darktable, LemonPOS and ownCloud client package.

I do tests of Fedora pre-releases in order to have the most stable releases and I am proudly involved in the bug reporting process because I think that the best help you can provide to developers, is helping them finding issues in their software.

I participate in English-Italian translations, documentation editing and I actually provide support to users in the Fedora website and mailing list of my country.

Given that I am a KDE Plasma user, I hope to have, soon, some free time to study the KDE infrastructure, in order to give my help to the KDE SIG.

Do you think Fedora should be time based or more feature driven distribution? Or compromise?

I think that the actual Fedora paradigm is a good compromise between them: we have two releases per year and each of them with a 13 months support. Fedora updates policy states that package maintainers should introduce a major update for each release, providing to users the possibility to use the old version (using the n-1 Fedora release) or the bleeding edge version (using the latest ‘n’ Fedora release).

What are the most pressing issues facing Fedora today (from engineering POV)? What should we do about them?

One of the pressing issues I have been personally involved in last months is about softwares that ship bundled libraries. There is a very important photo editing software that ships a library that concerns the core of its features. We contacted the upstream developers and we came to the conclusion that it was not possible to de-bundle it, so the Fedora “authorities” had to decide if not ship the affected software or to create a temporarily exception. Fedora Packaging Committee decided for the second solution.

Personally I am for being as much as possible in compliance with the Fedora Packaging Guidelines, but the temporarily exception procedure allows us to deal with problems such the one I just mentioned. I think that it is important especially when we are dealing with softwares that are too important to be rejected, obviously keeping security needs at first place over all.

What are your interests and experience outside of Fedora? What of those things will help you in this role?

Concerning information technology, my main interests outside Fedora are in grid computing platforms, in geodata handling and metropolitan area wireless networks. I don’t know if they can help me in this role, but I think that the grid computing platforms can apply in Fedora Cloud area of interest.

Anything else voters should know about you?

I am from Rome, Italy. On my wiki page here you can find more details about me.

I really care about distributed computing for helping medical research. If you have some time, please give a look to the BOINC project here.

How can FESCo do a better job communicating with the rest of the Fedora community, or do you feel that FESCo is already doing well here?

I had and I am having good experiences in communicating with FESCo, I am very often in contact with some of its components for many various reasons and they always have been nice, polite and available to provide their help.

What can you accomplish as part of FESCo that you couldn’t accomplish as a contributor to Fedora without sitting on FESCo?

As FESCo member I could help Fedora contributors in solving their problems and listening to their needs. Moreover I can bring my vision of things in the decision process.

With the advent of Fedora Council now, what do you see as the significance of FESCO in Fedora project?

Council is the top-level community leadership but I don’t think that we have overlap between FESCo and Council areas of interests. FESCo is pretty technical, Council instead has many other responsibilities.

Do you think FESCo can help with the reduction of the backlog of >400 packages awaiting review?

I think that the FESCo could propose some new guidelines: for example suggesting that each proven packager/sponsor should do a certain amount of review during a year or the person will be removed from such teams. On the other hand, what we need the most, is some new contributors, the community is doing a great job, but sometimes we feel that if we had more contributors, many problems could be solved in less time. For this task we need a support from Fedora ambassadors that everyday do a wonderful work in promoting the Project and seeking for new contributors.

What’s your point of view about library bundling in packages?

I have already explained previously my point of view about this in my answer to “What are the most pressing issues facing Fedora today (from engineering POV)? What should we do about them?”  :)

The post FESCo Elections: Interview with Germano Massullo (Caterpillar / germano) appeared first on Fedora Community Blog.

QA happenings, post-F23

Hi folks! I haven’t blogged for a while, so I thought I’d write up a few notes on what’s going on in QA now Fedora 23 has been released.

We’ve been working for the last few years to improve ongoing validation testing outside of the Alpha/Beta/Final TC/RC system, so of course, we’re testing Fedora 24 already. openQA is testing Rawhide nightly, and we’re getting nightly builds nominated for manual validation testing regularly. These validation test events are announced on test-announce and you can always find the current validation event summary. We’ve found several release blocker and showstopper bugs already, and gotten several of them fixed; today we saw that all the openQA tests had failed, so I checked it out and found that a new dracut build was causing the installer images not to boot.

We also wrote the Fedora 23 Common Bugs page, and have been keeping it up to date (along with the Fedora 22 Common Bugs page). It’s always a good idea to check out those pages if you’re running into what seems like a major bug – you may find more information and help there.

We’ve been working on an improved deployment of openQA. As I wrote about before, the current ‘semi-official’ Fedora openQA instance is running on a machine inside Red Hat’s firewall, so only Red Hat folks can see the tests. This isn’t what we want, of course, so we’ve been working for some time to make it possible to deploy openQA in the Fedora infrastructure. This is almost complete, now – there is in fact a staging openQA instance running in the Fedora data centre now, running tests nightly; we’re only waiting on some firewall rule changes to make it publicly visible. We should have both staging and production openQA instances fully up and running pretty soon, which will have two major benefits: more capacity (the new production instance should be able to handle 3-4x as many tests as the current instance) and of course allowing non-RH folks to see the tests (which means we can link to them in report emails, Bugzilla reports and so forth as well).

We’ve also been working on improving the blocker bug process, specifically the handling of ‘special blockers’. For some years now, we’ve been finding release blocker bugs for which the fix doesn’t actually go onto the new release media; we’ve informally referred to these bugs as ‘special blockers’ and had some ad hoc workarounds for dealing with them, but we really need something better. There are two groups of ‘special’ blockers: bugs where we need a fix to go into the 0-day updates for the new release (the set of updates which is already in the update repository on release day), and bugs where we need a fix to go out as an update for the previous release(s) (so, for the release of Fedora 23, we had a couple of cases where we needed to ship updates for Fedora 22 and Fedora 21). The current process gives us a strong guarantee that the release media won’t be built without fixes for all blocker bugs that need to go on the media, but we don’t really have any process in place for making sure either kind of ‘special blocker’ actually gets fixed in time – we often say something like “we’ll have to make sure we send out an update for that before the release”, but we don’t have any process in place to make sure that actually happens, and sometimes it doesn’t.

So we have a mailing list discussion going at present (sorry, I can’t link to it, as archives haven’t been imported to Hyperkitty yet…) about how we can better track those ‘special’ blockers, and how the release process could be adjusted to ensure the fixes actually appear in the appropriate places in time for the release date. These changes should start happening pretty soon, well in time for Fedora 24 Alpha.

Taskotron work continues at a good pace, with disposable clients now almost ready for deployment, and several interesting plans for new tests that should help ensure consistent repository quality.

Of course, things like update testing roll on as always, with many QA team members volunteering lots of their time to test updates – this is always a great way to help out the project if you have a little time! If you dropped out of testing while Fedora Easy Karma was broken by the Bodhi 2 transition, good news – it’s working again now!

The Fedora 24 Test Day cycle should start ramping up soon with a call for Test Days, and the Heroes of Fedora posts for the Fedora 24 cycle should be coming soon too. Before Fedora 24 testing really ramps up in earnest, we’re hoping to be able to automate even more of the release validation tests – in openQA, taskotron, Beaker, or whatever else works best! We’re looking at some of the simpler Desktop validation tests, the Base tests, and perhaps some of the Server tests as targets for this cycle.

November 26, 2015

On the relative openness of text/document formats: .txt and .csv

My friend and research colleague Todd Fernandez writes: I know the ODF (Open Document Format) is generally the preferred format from an open documents standpoint. My question is whether you [and other Free/Libre groups] would consider .txt files in Unicode and .csv (comma-separated value) data files considered equivalently open?

First of all, I can’t answer for FSF or other groups — so what you’re getting is the Mel answer to “are .txt and .csv files open?” This email reply is getting so long that I’ll turn it into a blog post.

The Mel answer is “yes.” I consider .txt files in Unicode and .csv to be “open.” In fact, I personally prefer to use them over ODF, which I’m rarely able to open with the software pre-installed on most computers I encounter.

In the paragraphs that follow, I’ll get into more detail behind my reasoning. To define “open” and “free,” I’ll loosely use the Open Source Definition (OSD) and the Free Software Definition, noting that these were created for software and need to be adapted for a discussion on file formats.

In discussing these file formats, I’ll cover .txt first, since .csv builds on top of .txt. The file extension”.txt” can mean a lot of things, and each of those things has different levels of open-ness (from a more legal-ish open standards standpoint, see definitions above) and accessibility (from a “how many people are able to read/write them on their computers with their current software” standpoint). I personally care about both.


You asked specifically about Unicode, but “.txt” can also mean ASCII, which is/was an American-developed standard for text information. I’ll start here, since ASCII was where Unicode began (in fact, ASCII’s 128 characters are Unicode’s first 128 characters).

ANSI X3.4-1968 is the document describing this encoding. It is a standard that’s widely used and published, lots of programs can access it, and you can use it in your programs without too much effort and without licensing costs (as far as I can tell; I can’t easily find the exact legal status). Basically, if I translate the Open Source Definition from software to file formats, I can’t find evidence that ANSI X3.4-1968 itself contradicts any of its criteria. I know this is different than proving that it absolutely meets all these criteria, but this is good enough for me.


As an interesting side note: ASCII is an ANSI standard (American National Standards Institute, hence the ANSI- prefix on its standards document). ANSI’s definition of “open” is about “do stakeholders have access to the consensus decisionmaking process that forms the standards?” and “are licensing fees and getting permission to use the standard at a reasonable and not overly burdensome level?” rather than “are there no licensing fees and permissions needed at all?” The latter corresponds to part of the 4 requrements for “freedom” according to the FSF, so it’s possible for something to be “open” according to ANSI but not “free” according to the FSF.

It would be interesting to go through and do a more rigorous look on whether ASCII’s legal/licensing criteria meets the Four Freedoms. I’m not a lawyer, but I’d be interested in what a lawyer would say.


“.txt” can also mean UTF, or Unicode Transformation Format; this is what your email asked about. The “A” in ASCII stands for “American,” and “American” in this case meant “monolingual,” meaning that if you wanted to type something outside ASCII’s 128-character, heavily-biased-towards-American-English set, you were flat out of luck. Unicode took the first 128 characters of ASCII, then… kept on going. Unicode is a more internationally-savvy superset of and successor to ASCII.

UTF-8 and UTF-16 are two Unicode variants in common use. The numbers refer to the number of bits per character, which you can think of as “UTF-16 has more letters in its gigantic international meta-alphabet than UTF-8.” UTF standards are developed by the Unicode Consortium, which I keep mistakenly typing as the “Unicorn Consortium” (which would be kinda awesome).

Unicode’s copyright permissions language seem very, very similar to the 4 requirements of the FSF for freedom. Since ASCII is a subset of Unicode, this makes me even more comfortable saying that ASCII is also “open.” However, I am not a lawyer, nor am I using “open” in a legally rigorous sense here — remember, I am a non-legally-trained engineer going “yeah, I don’t see anything that contradicts the definitions made for Open and Free software, if we were to translate it to file-formats-land.”


CSV is a format that’s layered atop plaintext (ASCII, UTF, whatever). In other words, you use plaintext to write a CSV document. CSV itself is not formally specified, which means it’s a free-for-all, and… you can use it for whatever, because you’re pretty much making it up. It’s just that you’re just making it up in the same way lots of other people have made it up.

Then again, “official standards” are just a group of people who have made things up and have agreed to stamp the label of “official” on their work; it’s still a social construct that depends on how many other people agree with them. (I can make something an “official” standard according to Mel, but if nobody else agrees with me, my standard is useless.)

Anyway, I’m not sure if that qualifies CSV as “open,” but it’s certainly not “closed.” To me, CSV is just as open as whatever underlying plaintext (.txt) format it’s using. But again, I’m not a lawyer, don’t work for the FSF, etc. This is just one hacker’s opinion, and I’d love to hear what others think.

3 New Python Markdown extensions

I've managed to resolve several of my issues with Python-Markdown behaving not quite as I expect. I have the pleasure to announce three new extensions which now power this blog.

No Lazy BlockQuote Extension

Markdown-No-Lazy-BlockQuote-Extension makes it possible blockquotes separated by newline to be rendered separately. If you want to include empty lines in your blockquotes make sure to prefix each line with >. The standard behavior can be seen in GitHub while the changed behavior is visible in this article. Notice how on GitHub both quotes are rendered as one big block, while here they are two separate blocks.

No Lazy Code Extension

Markdown-No-Lazy-Code-Extension allows code blocks separated by newline to be rendered separately. If you want to include empty lines in your code blocks make sure to indent them as well. The standard behavior can be seen on GitHub while the improved one in this post. Notice how GitHub renders the code in the Warning Bugs Present section as one block while in reality these are two separate blocks from two different files.

Bugzilla Extension

Markdown-Bugzilla-Extension allows for easy references to bugs. Strings like [bz#123] and [rhbz#456] will be converted into links.

All three extensions are available on PyPI!

Bonus: Codehilite with filenames in Markdown

The standard Markdown codehilite extension doesn't allow to specify filename on the :::python shebang line while Octopress did and I've used the syntax on this blog in a number of articles. The fix is simple, but requires changes in both Markdown and Pygments. See PR #445 for the initial version and ongoing discussion. Example of the new :::python syntax can be seen here.

Untitled Post

Globalization Fedora Activity Day 2015 in Tokyo

From Sunday, November 1st to Tuesday, November 3rd, the Globalization Fedora Activity Day event took place in Tokyo, Japan.
Sunday morning, I walked from the hostel near Akebonobashi to the Red Hat office at Ebisu. It was a beautiful autumn day, sunny and warm. At Ebisu station I met Daiki Ueno and he led me to the Red Hat office.
Around 15 people had come to this FAD, from the zanata team, the l10n team and the i18n team. From the community, Tomoyuki Kato who works on Japanese translations and Anish Patil joined. It was a great opportunity to meet colleagues I had never met in person before and only knew from IRC and e-mail. Our colleague Sundeep had not been able to join in person and we tried to to let him take part remotely but this did not work well.
Jens Petersen welcomed us all and opened the meeting. Everybody introduced himself to the others, then we had talks about the current state of globalisation, localisation, and internationalisation by Pravin Satpute, Noriko Mizumoto, Ani Peter, and Akira Tagoh. Then Alex Eng gave a talk about the translation system Zanata. Later we had a video hangout with the Khmer translation team.
We used the remaining time for a hackathon, working together on internationalisation issues.

On Monday morning it was raining heavily and I used the subway and the Yamanote line to get to Ebisu. It is always a pleasure to use the efficient train system in Japan.
We started the second day with a video hangout with Matthew Miller (FPL). Then we continued with the hackathon. I worked with Jens Petersen and Peng Wu on the sub-packaging of the glibc locales. Peng Wu showed me the bootchart project project and we worked together using it to benchmark how much using folders to store the glibc locales slows down the boot process compared to using a locale-archive file. We tested in virtual machines and real hardware, the slowdown seems to be quite small, apparently smaller than random fluctuations.
Because of the Red Hat Forum on Wednesday, Jim Whitehurst was in the Red Hat office in Ebisu today and gave a talk, answered questions and signed copies of his book “The Open Organization”. I was fascinated by the lady translating Jim’s speech into Japanese, it seemed unbelievably fast and accurate to me.
In the evening we had a very nice dinner in an Indian restaurant with the whole team.

Tuesday I discussed with Daiki Ueno how ibus-typing-booster could support Inscript2 which basically means that it must support AltGr keys. Currently ibus-typing-booser uses libtranslit which uses m17n-lib or icu to do the actual transliteration. But libtranslit doesn’t support modifier keys like AltGr and it is debatable whether a transliteration library should do that. Modifier keys don’t have anything to do with transliteration really. But of course they are useful (and sometimes necessary) for input methods. So it seems to be better to use m17n-lib directly from ibus-typing-booster instead of going through the extra layer of using libtranslit. m17n-lib is more an input method library and supports extra stuff in addition to just transliterating, including modifier keys. I wrote a small test program to check how this could be done and discussed it with Daiki Ueno.
In the late afternoon we had summary sessions presenting what people worked on during the hackathon. Finally we did planning for Fedora 24.
Wednesday, most of us went to the Red Hat Forum event.

After the FAD I had a few days of vacation. On Monday, November 9th I went to Yokohama to go to the Enterprise Users Meeting Japan. There were many interesting presentations including one on how Linux is used on the international space station. After this meeting I also had the chance to see an old colleague and friend from SuSE and go for dinner together in Sakuragi-chou.

Meeting all colleagues during the FAD and working together was a very good experience, I hope we will meet again.
Elections: Nominations Filed, Campaign Period, Candidate Interviews Coming Soon

Campaign period extended

The Fedora Elections campaign period has been extended to Monday, December 7th, 23:59:59 UTC.

The Fedora Elections cycle for November/December 2015 is currently in progress and the Nomination period just ended on Tuesday.  Here is a quick visualization for numbers of vacant seats versus the number of nominations received.

Fedora Elections Campaign: Vacant Seats vs Nominations Received

Env & Stacks

Env & Stacks had four open seats, but unfortunately, only two nominations were received. As a result, the Elections for Env & Stacks WG are currently on hold. According to the ongoing discussion here, Env & Stacks WG is probably going to turn into a discussion platform with no need for a steering committee.

Other campaign info

This cycle has seen some diverse nominations from the Fedora Community with nominees from around the globe and lots of first-time nominees (especially for FAmSCo) along with incumbents. Additionally, many past candidates are applying for different seats than they normally hold.

Track the status of Elections here and keeping watching this space for Election Campaigns, including Candidate Interviews and more!

For nominees

If you are a nominee, you have received an individual email asking you to publish answers to questions from the Election Questionnaire (and other information if you choose) on the Fedora Community Blog. If you are a nominee and have not received this mail, please contact bee2502 for FESCo nominees or jkurik for FAmSCo and Council nominees (IRC : #fedora-commops).

The post Elections: Nominations Filed, Campaign Period, Candidate Interviews Coming Soon appeared first on Fedora Community Blog.

Five Things in Fedora This Week: HyperKitty, Elections,, Wayland, and Python 3

HyperKitty is here!

What’s HyperKitty, you may ask? It’s a cute name for something that’s not actually particularly feline (and while we hope you’ll think it’s hyper-good, it’s not hyperactive). It’s a new, modern web interface for all the Fedora mailing lists. At Flock this August, I spoke about how much of Fedora’s vital activity is buried behind increasingly archaic Internet technologies — mailing lists and IRC (Internet Relay Chat). We’ll leave IRC for another day, but HyperKitty is part of the scheme to bring that to the visible web-based world — without taking away the things that are working.

HyperKitty is the official web interface for Mailman3, and we’re migrating most of our lists over this week After migration, you should be able to use the new Hyperkitty UI to read and post to the lists, or you can continue to get emails in the traditional way. Registered Fedora users can even post to the lists without needing to subscribe individually, and the online archives will be millions of times more usable.

There  may be some changes in some headers, so if you filter your list emails, be ready to adjust your filters. See the wiki page for details on the migration.

Fedora 24 Election Cycle

With F23 out the door, it’s time to refresh our community governance. Nominations are now closed, and we’re in the campaign period. See the nominations for Fedora Council (our top–level leadership and governance body), FESCo (the Fedora Engineering Steering Committee), and FAmSCo (the Fedora Ambassadors Steering Committee, which is in the midst of a refresh/update — see this discussion on the Fedora Council mailing list). Note that previously we’ve run interviews on Fedora Magazine, but this time around, they’ll be on the new Fedora Community Blog, so make sure you don’t miss seeing them. Voting will start on December 8th.

Those list links go to HyperKitty,  by the way, so this is a good excuse to check it out. talk submission Deadline is an annual tech /open source / developer conference run by the Red Hat Czech office in Brno, Czech Republic. It’s free, and attracts thousands of people every year. We usually have a lot of Fedora activity, and I’ll be there with a State of Fedora talk. Which I need to remember to submit! If you have something to contribute, you should submit one too! The deadline is November 30.

Wayland is default in Rawhide

Wayland is the next-generation graphics stack which will eventually replace the current graphics system, called X11.

Fedora developer Ray Strode recently posted to the Fedora Developers list with the news that Wayland is now used by default in Rawhide — Fedora’s always-moving development branch — when you log into GNOME with Fedora Workstation. Previously, to try out Wayland with Workstation, there was an additional session in the login screen that allowed you to choose to either login with Xorg or Wayland. This change is part of the much-anticipated proposed Fedora 24 feature, “Wayland by Default“.

Ray also noted that as the change is still proposed, if “Wayland by Default” doesn’t pan out or the change isn’t approved, Rawhide will be switched back to having both sessions. The goal is to make the experience basically seamless, and there’s definitely some things to work out. But, as Ray says, “it’s good to get this in Rawhide now, so we can get as much exposure as possible to potential Wayland problems and get them fixed up before release.” So if you use Rawhide, test away and file bugs!

Python 3 Fedora Activity Day overview

Last weekend — not the previous one, the one before that — there was a Fedora Activity Day — a “FAD” — where over two dozen Fedora Python developers across the world worked on porting older Python 2 packages in Fedora to Python 3. This comes not long after the Fedora 23 release, which defaults to using Python 3 instead of Python 2 for most packages shipped by default. This was also an opportunity for one of the more uncommon Fedora badges to be awarded, the Parselmouth badge. You can learn more about what went on for the Activity Day by reading summaries by Abdel Gadiel Martínez Lassonde or Matej Stuchlik. There’s also a lot more to be done, so if you’re a Python-ista, join #fedora-python on Freenode IRC to find out how you can contribute.

Thanks again to Justin W. Flory and the CommOps team for help in putting this together! And Happy Thanksgiving to everyone for whom that’s a Thing.

All systems go
New status good: Everything seems to be working. for services: Fedora Wiki, Fedora People, Zodbot IRC bot, The Koji Buildsystem, Darkserver, Tagger, Package Database, Fedora pastebin service, Blockerbugs, Badges, Services, Mirror Manager, Koschei Continuous Integration, Ipsilon, Mirror List, Package maintainers git repositories, Account System, Fedora websites, Documentation website, COPR Build System, Package Updates Manager, Ask Fedora, Fedora Packages App, FreeMedia, Fedora Messaging Bus, Fedora elections, Mailing Lists, Fedora Calendar

November 25, 2015

Introducing the Fedora Cinnamon Spin

Fedora 23 features the brand new Cinnamon Desktop Spin for users craving a more traditional user interface. The Fedora 23 Cinnamon Desktop Spin features version 2.8.3 of the Cinnamon Desktop which by default features a taskbar and applications menu at the bottom of the screen, and includes many applications that are also present in Fedora Workstation such as Firefox and Terminal. In addition to the applications it shares with Fedora Workstation, the Cinnamon Desktop Spin also ships with its own versions of some applications, including the Nemo file browser. The Cinnamon Desktop Spin also prides itself on being highly configurable by default with Cinnamon Spices, allowing you to easily customize your desktop with new themes, applets, desklets, and extensions.


Nemo File Manager

The Fedora 23 Cinnamon Desktop spin features Nemo as the default file browser, which is based off the GNOME file browser Nautilus, but with extra features and tweaks. Nemo features a compact view of files and folders in a directory, and also has the ability to display a treeview in the left side panel.


Taskbar and Applications menu

Cinnamon, by default, also features a taskbar and applications menu at the bottom of the screen allowing you to easily browse the applications you have installed, and to view the applications you currently have open, and switch between them with the mouse.

taskbarThe panels in the Cinnamon Desktop spin are also highly customizable using controls built in to the panel. You can add new panels and move items like the taskbar, clock, and applications menu to different locations and panels. The built-in controls allow you to add new applets to the panels, and panels can also be easily resized and made to autohide.


Default Applications

The Fedora 23 Cinnamon Desktop spin comes standard with a range of applications designed to get things done, including Firefox for browsing the internet, Thunderbird for email, the LibreOffice suite, Pidgin for instant messaging, and Hexchat for IRC.

Cinnamon Spices

Cinnamon also features “Spices” that allow you to customize and tweak your desktop further. Cinnamon Spices come in four forms: Themes, Applets, Desklets, and Extensions. Each of these Spices comes with an interface in Cinnamon for finding, downloading, installing, and enabling your Cinnamon Spices.

Theme Spices

Cinnamon Theme Spices allow you to easily change the look and feel of your desktop. There are hundreds of different themes that can be browsed and installed directly from the Cinnamon Desktop.


Applet Spices

Applets in Cinnamon are small programs that you can configure to display in your Cinnamon taskbars. There are many different applets that can be browsed and installed from inside Cinnamon to do a range of tasks, including displaying the weather, displaying hardware usage graphs, even a quick button to take a screenshot or screencast.


Desklet Spices

Desklets in Cinnamon are small applications that live on the desktop, and provide quick access to information or performing simple tasks. Like all the other Spices, Cinnamon provides a GUI for searching, installing, and configuring desklets. Some examples of desklets in the Fedora Cinnamon spin include Clocks, stickynotes, and a calculator.


Extension Spices

The final type of Spice in Cinnamon is extensions. These allow you to tweak some of the underlying behaviors of the Cinnamon Desktop, like changing how Alt+Tab behavior works or enabling windows that wobble when you move them.

Get Fedora Cinnamon

Fedora 23 with Cinnamon is available for download now. For support, you can visit the #fedora-cinnamon channel on Freenode IRC or use the Users Mailing List.

A Basic ECC Crypto C Library
$ gcc -Wall -O2 -o crypto.out crypto.c 
$ ./crypto.out pgen 

x: [0][7][8]=[4880449572248532107701327692677150037572104965674444437385142643512]
y^2: [0][8][8]=[55380869580354224246510320945966028555317502525493429017926966133843051295792]
y: [0][8][8]=[29139577269574826820926935201858599433659429201914524387051377879407947248399]

$ ./crypto.out pmul 1234 

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)

      = Q(x, y) = (18206451842499844314490798032571880528057955079683619485520729741704923668746, 55099281372339261354661430206942188142506901030545900625591649041311027490900)

$ ./crypto.out ecdh 

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)

      = Q(x, y) = (38616894501258673852970036866543659072635089662921568068340331697101576554270, 11643169480892671629858370512120070259223559167488419079368716073871895962191)

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)

      = Q(x, y) = (32477568348650104756356831653582245276448206004887493791495532411741897328458, 28063399834915231969701720976238207473037393607389857712493721633327966471074)

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (32477568348650104756356831653582245276448206004887493791495532411741897328458, 28063399834915231969701720976238207473037393607389857712493721633327966471074)

      = Q(x, y) = (50351522368134241142819091458530332577142187603512687882689541070260459723459, 50221873001104206223375144395698504985316658966829066883833880358017679689691)

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (38616894501258673852970036866543659072635089662921568068340331697101576554270, 11643169480892671629858370512120070259223559167488419079368716073871895962191)

      = Q(x, y) = (50351522368134241142819091458530332577142187603512687882689541070260459723459, 50221873001104206223375144395698504985316658966829066883833880358017679689691)

$ ./crypto.out psig 1234

P=(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)
dP=(x, y) = (13602700003324719335350990181328772280705022582959195038506843247143153317836, 54234034308970382623511474254075599586011832349299787903418524106345814540150)


kP=(x, y) = (31393914866738295202977246050362786174714736441076892500499066960128526257261, 8825543509506737480075720693859025825868206416548721612922831691314181317076)



kP=(x, y) = (31393914866738295202977246050362786174714736441076892500499066960128526257261, 8825543509506737480075720693859025825868206416548721612922831691314181317076)

hkrdP=(x, y) = (56471439785890882552831446009596375543840684197952864890220542591387692092035, 35922208972732007026631210828513032412049823580881458874202002620004229684124)
sP=(x, y) = (56471439785890882552831446009596375543840684197952864890220542591387692092035, 35922208972732007026631210828513032412049823580881458874202002620004229684124)

$ ./crypto.out penc 1234

P=(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)
dP=(x, y) = (19547865285467707344496388019666506767309887017163137556078134582670804301851, 36180672281078333342162157694938953906019362565570590334768364807054263309922)


kP=(x, y) = (31307487414183777373465427652384958249613501222520858769326720798351611112341, 42327343332069595141617190350930625663948508466032477124028143798481079201841)
kdP=(x, y) = (17546014782981223520910010062776248455503090940217295620750099274078977893385, 40213720617506594547897783150731613585768378209283692064354760696398013829358)


P=(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)
dP=(x, y) = (19547865285467707344496388019666506767309887017163137556078134582670804301851, 36180672281078333342162157694938953906019362565570590334768364807054263309922)

dkP=(x, y) = (17546014782981223520910010062776248455503090940217295620750099274078977892151, 40213720617506594547897783150731613585768378209283692064354760696398013829358)


#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>

#include "ec.c"

bnum *bnrnd(int size)
	FILE *f;
	bnum *r;
	r = bninit(size);
	f = fopen("/dev/urandom", "r");
	fread(r->nums, sizeof(unsigned int), size - 1, f);
	r->leng = size;
	while ((r->leng > 1) && (r->nums[r->leng - 1] == 0)) { r->leng -= 1; }
	return r;

void eccp(ecc *e, char *xs)
	int psiz = (e->p)->size;
	bnum *x = bninit(psiz), *y = bninit(psiz), *t;
	bnum *xa = bninit(psiz * 4), *xx = bninit(psiz * 4);
	bnum *yy = bninit(psiz * 4), *vv = bninit(psiz * 4);
	if (xs != NULL) { t = bndec(xs); }
	else { t = bnrnd(psiz); }
	bncopy(t, x);
	while (1)
		// yy = ((x * (x * x)) + (a * (x * x)) + x) % m
		bnzero(xx); bnmul(x, x, xx);
		bnzero(xa); bnmul(xx, e->a, xa);
		bnzero(vv); bnmul(x, xx, vv);
		bnzero(yy); bnadd(vv, xa, yy, 1); bnadd(yy, x, vv, 1);
		bndiv(vv, e->p, xx, t);
		// todo: divide t by b?
		bnout("x: ", x, "\n");
		bnout("y^2: ", t, "\n");
		if (sqrtmod(t, e->p, y) == 0) { break; }
		if (x != NULL) { bnfree(x); }
		x = bnrnd(psiz);
	bnout("y: ", y, "\n\n");
	// note: another y point == p - y
	bnzero(yy); bncopy(t, yy);
	bnzero(vv); bnmul(y, y, vv);
	bnzero(xx); bndiv(vv, e->p, xa, xx);
	bnfree(xa); bnfree(vv); bnfree(t);
	if (bncmp(xx, yy) != 0)
		bnout("y^2: ",xx," != "); bnout("y^2: ",yy,"\n");
	bnfree(xx); bnfree(yy);
	bnfree(x); bnfree(y);

Curve25519: a=486662, b=1, p=2^255 - 19
ECC DH : a * (b * P) == abP == baP == b * (a * P)

char *ecdh(ecc *e, char *n, int o)
	char *r = n;
	bnum *m;
	ecc *f;
	if (r == NULL)
		m = bnrnd((e->p)->size);
		r = bnstr(m);
		m = bndec(n);
	f = ecdup(e);
	pmul(m, e, f);
	if (o == 1)
		char v[2050];
		bzero(v, 2050 * sizeof(char));
		strncat(v, "    "       , max(0, 2048 - strlen(v)));
		strncat(v, r            , max(0, 2048 - strlen(v)));
		strncat(v, "\n      * P", max(0, 2048 - strlen(v)));
		ecout(0,"      = Q",f,"\n");
	bnfree(e->x); e->x = bndup(f->x);
	bnfree(e->y); e->y = bndup(f->y);
	return r;

ECC - Private Sign / Public Verify

* initialize
- generate secret key          : d
- publish                      : P, dP

* private sign
- hash message                 : h = SHA256(m)
- secret unique multiplier     : k
- calculate public multipliers : r = ((k * h * d) % n)
                               : s = ((k * h) + (r * d))
- publish                      : kP, r, s

* public verify
- hkP + rdP                         == sP
- ((h * k) + (r * d)) * P           == ((k * h) + (r * d)) * P
- ((h * k) + ((k * h * d) * d)) * P == ((k * h) + ((k * h * d) * d)) * P

int ecsig(ecc *e, bnum *d, ecc *dp, char *hh, ecc *kp, bnum *r, bnum *s, int o)
	int a = 0, psiz = (e->p)->size;
	bnum *k, *h;
	bnum *t = bninit(psiz * 5), *u = bninit(psiz * 5), *v = bninit(psiz * 5), *w = bninit(psiz * 5);
	ecc *hkp = ecdup(e), *rdp = ecdup(e), *hkrdp = ecdup(e), *sp = ecdup(e);
	ect *tadd = etinit(e);
	if (hh != NULL)
		if (((kp->x)->leng == 1) && ((kp->x)->nums[0] == 0))
			if ((d->leng == 1) && (d->nums[0] == 0))
				k = bnrnd(psiz); bncopy(k, d); bnfree(k);
				pmul(d, e, dp);
				if (o == 1)
					bnout("d=", d, "\n");
					ecout(0, "P=", e, "\n");
					ecout(0, "dP=", dp, "\n\n");
		h = bndec(hh);
		if (o == 1) { bnout("h=", h, "\n\n"); }
		if (((kp->x)->leng == 1) && ((kp->x)->nums[0] == 0))
			k = bnrnd(psiz);
			pmul(k, e, kp);
			if (o == 1) { bnout("k=", k, "\n"); }
			bnzero(t); bnmul(k, h, t);
			bnzero(u); bnmul(t, d, u);
			bndiv(u, e->p, v, r);
			bnzero(v); bnmul(r, d, v);
			bnadd(t, v, s, 1);
		if (o == 1)
			ecout(0, "kP=", kp, "\n");
			bnout("r=", r, "\n");
			bnout("s=", s, "\n\n");
		pmul(h, kp, hkp);
		pmul(r, dp, rdp);
		padd(hkp, rdp, hkrdp, tadd);
		pmul(s, e, sp);
		if ((d->leng == 1) && (d->nums[0] == 0))
			if (o == 1)
				//ecout(0, "hkP=", hkp, "\n");
				//ecout(0, "rdP=", rdp, "\n");
				ecout(0, "hkrdP=", hkrdp, "\n==\n");
				ecout(0, "sP=", sp, "\n\n");
		if (bncmp(hkrdp->x, sp->x) == 0)
			if (bncmp(hkrdp->y, sp->y) == 0)
				a = 1;
	bnfree(t); bnfree(u); bnfree(v); bnfree(w);
	ecfree(hkp); ecfree(rdp); ecfree(hkrdp); ecfree(sp);
	return a;

ECC ElGamal - Public Encrypt / Private Decrypt

* initialize
- generate secret integer  : d
- publish                  : P, dP

* public encrypt
- generate secret key      : t = (SHA256(pwd) || tmpkey)
- secret unique multiplier : k = rand()
- public key encrypt       : r = k * P        = kP
                           : s = t + (k * dP) = t + kdP = kdP(x + t, y + t)
- encrypt optional message : i = rand()
                           : e = AES256CBC(m, i, t)
- publish                  : [ (r, s) , (i, e) ]

* private decrypt
- private key decrypt      : u = s - (d * r)
                               = (t + kdP) - (d * kP)
                               = kdP(x + t, y + t) - dkP(x, y)
                               = kdP(x - x + t)
                               = t

void ecenc(ecc *e, bnum *d, ecc *dp, char *hh, ecc *kp, ecc *kdp, int o)
	int psiz = (e->p)->size;
	bnum *k, *h, *t;
	ecc *dkp;
	if (hh != NULL)
		if ((d->leng == 1) && (d->nums[0] == 0))
			k = bnrnd(psiz); bncopy(k, d); bnfree(k); k = NULL;
			pmul(d, e, dp);
		if (o == 1)
			ecout(0, "P=", e, "\n");
			ecout(0, "dP=", dp, "\n\n");
		h = bndec(hh);
		if (((kp->x)->leng == 1) && ((kp->x)->nums[0] == 0))
			if (o == 1) { bnout("h=", h, "\n\n"); }
			k = bnrnd(psiz);
			pmul(k, e, kp);
			pmul(k, dp, kdp);
			t = kdp->x; kdp->x = bninit(psiz + 1); bncopy(t, kdp->x); bnfree(t);
			bnadd(kdp->x, h, kdp->x, 1);
			if (o == 1)
				bnout("k=", k, "\n");
				ecout(0, "kP=", kp, "\n");
				ecout(0, "kdP=", kdp, "\n\n");
			dkp = ecdup(e);
			pmul(d, kp, dkp);
			t = bninit(psiz); bnsub(kdp->x, dkp->x, t, 1);
			if (o == 1)
				bnout("d=", d, "\n");
				ecout(0, "dkP=", dkp, "\n\n");
				bnout("t=", t, "\n\n");

int main(int argc, char **argv)
	char *a = "486662", *b = "1", *p = "57896044618658097711785492504343953926634992332820282019728792003956564819949";
	char *x = "9", *y = "43114425171068552920764898935933967039370386198203806730763910166200978582548";
	char *n, *m, *z = NULL;
	bnum *d, *r, *s;
	bnum *t, *u, *v, *w;
	ecc *e, *f, *dp, *kp, *kdp;
	if (argc > 2) { z = argv[2]; }
	t = bndec(p);
	u = bninit(t->size); w = bndec(x); bncopy(w, u); bnfree(w);
	v = bninit(t->size); w = bndec(y); bncopy(w, v); bnfree(w);
	e = ecinit(bndec(a), bndec(b), t, u, v);
	if (strcmp(argv[1], "pgen") == 0)
		eccp(e, z);
	if (strcmp(argv[1], "pmul") == 0)
		ecdh(e, argv[2], 1);
	if (strcmp(argv[1], "ecdh") == 0)
		f = ecdup(e);
		n = ecdh(e, NULL, 1);
		m = ecdh(f, NULL, 1);
		t = e->x; u = e->y;
		e->x = f->x; e->y = f->y;
		f->x = t; f->y = u;
		ecdh(e, n, 1);
		ecdh(f, m, 1);
		free(n); free(m);
	if (strcmp(argv[1], "psig") == 0)
		d = bninit((e->p)->size);
		dp = ecdup(e); kp = ecdup(e);
		r = bninit((e->p)->size * 5);
		s = bninit((e->p)->size * 5);
		(kp->x)->leng = 1; (kp->x)->nums[0] = 0;
		(kp->y)->leng = 1; (kp->y)->nums[0] = 0;
		ecsig(e, d, dp, z, kp, r, s, 1);
		if (ecsig(e, d, dp, z, kp, r, s, 1) != 0) { printf("[GOOD]\n"); }
		else { printf("\n[FAILED]\n"); }
		bnfree(d); bnfree(r); bnfree(s);
		ecfree(dp); ecfree(kp);
	if (strcmp(argv[1], "penc") == 0)
		d = bninit((e->p)->size);
		dp = ecdup(e); kp = ecdup(e); kdp = ecdup(e);
		(kp->x)->leng = 1; (kp->x)->nums[0] = 0;
		(kp->y)->leng = 1; (kp->y)->nums[0] = 0;
		ecenc(e, d, dp, z, kp, kdp, 1);
		ecenc(e, d, dp, z, kp, kdp, 1);
		ecfree(dp); ecfree(kp); ecfree(kdp);
	return 0;

Curve25519 ECDH Using bn.c
$ a="486662"; b="1"; p="57896044618658097711785492504343953926634992332820282019728792003956564819949"
$ x="9"; y="43114425171068552920764898935933967039370386198203806730763910166200978582548"
$ ./ec.out "$a" "$b" "$p" "$x" "$y"

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)

      = Q(x, y) = (2152181765955508802144811366391548358206596269149408838626058763387933371482, 11578758651574146923540708489424215527254544219548915855368449621649032022464)

$ ./ec.out "$a" "$b" "$p" "$x" "$y"

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)

      = Q(x, y) = (10616717952671290844210554362351196131260739681824015303968067548318407877443, 44474405861832920486283648404346377112839096552743000067399554821542048806382)

$ x="10616717952671290844210554362351196131260739681824015303968067548318407877443"; y="44474405861832920486283648404346377112839096552743000067399554821542048806382"
$ ./ec.out "$a" "$b" "$p" "$x" "$y" "25401056036235045220436215630227531782477232918721757282083167532085"

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (10616717952671290844210554362351196131260739681824015303968067548318407877443, 44474405861832920486283648404346377112839096552743000067399554821542048806382)

      = Q(x, y) = (5796465362698668629448044005371479448781495853974848652041497206752313461872, 30198337259834952114045673142150509214022566212693868468740722556827195886413)

$ x="2152181765955508802144811366391548358206596269149408838626058763387933371482"; y="11578758651574146923540708489424215527254544219548915855368449621649032022464"
$ ./ec.out "$a" "$b" "$p" "$x" "$y" "14923829837058818803507170043209691418601607100463140519943405743260"

  1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
      * P(x, y) = (2152181765955508802144811366391548358206596269149408838626058763387933371482, 11578758651574146923540708489424215527254544219548915855368449621649032022464)

      = Q(x, y) = (5796465362698668629448044005371479448781495853974848652041497206752313461872, 30198337259834952114045673142150509214022566212693868468740722556827195886413)

#include "bn.c"

struct ecurve {
	bnum *a, *b, *p, *x, *y;

#define ecc struct ecurve

struct ectemp {
	bnum *i, *s, *xr, *yr;
	bnum *t, *u, *v;
	bnum *w, *h, *g;

#define ect struct ectemp

ecc *ecinit(bnum *a, bnum *b, bnum *p, bnum *x, bnum *y)
	ecc *r = malloc(1 * sizeof(ecc));
	r->a = a; r->b = b; r->p = p;
	r->x = x; r->y = y;
	return r;

ecc *ecdup(ecc *e)
	ecc *r = malloc(1 * sizeof(ecc));
	r->a = bndup(e->a); r->b = bndup(e->b); r->p = bndup(e->p);
	r->x = bndup(e->x); r->y = bndup(e->y);
	return r;

void ecfree(ecc *e)
	bnfree(e->a); bnfree(e->b); bnfree(e->p);
	bnfree(e->x); bnfree(e->y);

void ecout(int d, char *s, ecc *e, char *t)
	char *a = bnstr(e->a), *b = bnstr(e->b), *p = bnstr(e->p);
	char *x = bnstr(e->x), *y = bnstr(e->y);
	char as[2], bs[2];
	as[0] = '+'; as[1] = '\0';
	bs[0] = '\0'; bs[1] = '\0';
	if ((e->a)->sign == 1) { as[0] = '-'; }
	if ((e->b)->sign == 1) { bs[0] = '-'; }
	if (d == 1) { printf("  %s%s*(y^2) = x^3 %s %s*(x^2) + x (mod %s)\n", bs, b, as, a, p); }
	printf("%s", s);
	printf("(x, y) = (%s, %s)", x, y);
	printf("%s", t);
	free(a); free(b); free(p);
	free(x); free(y);

ect *etinit(ecc *e)
	ect *t = malloc(1 * sizeof(ect));
	int ss = max(1, (e->b)->size);
	ss = max(((e->a)->size * 2) + 2, ((e->p)->size * 2) + 2);
	ss = max(((e->x)->size * 2) + 2, ((e->y)->size * 2) + 2);
	t->i = bninit(ss); t->s = bninit(ss); t->xr = bninit(ss); t->yr = bninit(ss);
	t->t = bninit(ss); t->u = bninit(ss); t->v = bninit(ss);
	int tt = ((ss * 2) + 2);
	t->w = bninit(tt); t->h = bninit(tt); t->g = bninit(tt + 4);
	return t;

void etfree(ect *t)
	bnfree(t->i); bnfree(t->s); bnfree(t->xr); bnfree(t->yr);
	bnfree(t->t); bnfree(t->u); bnfree(t->v);
	bnfree(t->w); bnfree(t->h); bnfree(t->g);

// modular multiplicative inverse

void egcd(bnum *a, bnum *b, bnum *g)
	int size = ((a->size + b->size) * 3);
	// s = 0; news = 1
	bnum *s = bninit(size);
	bnum *news = bninit(size); news->nums[0] = 1;
	// r = b; newr = a
	bnum *r = bninit(size); bncopy(b, r);
	bnum *newr = bninit(size); bncopy(a, newr);
	// init some temp vars
	bnum *prev = bninit(size), *quot = bninit(size), *temp = bninit(size);
	while ((r->leng > 1) || (r->nums[0] > 0))
		// quot = (newr / r)
		if ((r->leng == 1) && (r->nums[0] < 3))
			bncopy(newr, quot);
			if (r->nums[0] > 1) { bnrshift(quot, 1); }
		else { bndiv(newr, r, quot, temp); }
		// prev = s
		bncopy(s, prev);
		// s = (news - (quot * prev))
		bnzero(temp); bnmul(quot, prev, temp);
		bnsub(news, temp, s, 0);
		// news = prev
		bncopy(prev, news);
		// prev = r
		bncopy(r, prev);
		// r = (newr - (quot * prev))
		bnzero(temp); bnmul(quot, prev, temp);
		bnsub(newr, temp, r, 0);
		// newr = prev
		bncopy(prev, newr);
	if (news->sign == 1)
		// news = news + b
		bnadd(news, b, news, 0);
	bncopy(news, g);
	bnfree(s); bnfree(news);
	bnfree(r); bnfree(newr);
	bnfree(prev); bnfree(quot); bnfree(temp);

// modular square root

int sqrtmod(bnum *a, bnum *p, bnum *r)
	bnum *o = bninit(1);
	o->nums[0] = 1; o->leng = 1; o->sign = 0;
	// legendre symbol
	// define if a is a quadratic residue modulo odd prime
	// g = (p - 1) / 2
	// p - 1
	bnum *qq = bndup(p);
	bnsub(qq, o, qq, 1);
	// (p - 1) / 2
	bnum *g = bndup(qq);
	bnrshift(g, 1);
	// l = pow(a, g, p)
	// pow(a, g, p)
	bnum *l = bninit(max(max(a->size, g->size), p->size) * 3);
	bnpowmod(a, g, p, l);
	if (bncmp(l, qq) == 0)
		bnfree(o); bnfree(qq); bnfree(g); bnfree(l);
		return -1;
	// factor p - 1 on the form q * (2 ^ s) (with Q odd)
	// q = p - 1; s = 0
	bnum *q = bndup(qq);
	bnum *s = bninit(p->size);
	while ((q->nums[0] % 2) == 0)
		// s += 1; q /= 2
		bnadd(s, o, s, 1);
		bnrshift(q, 1);
	// select a z which is a quadratic non resudue modulo p
	// z = 1
	bnum *z = bninit(p->size);
	z->nums[0] = 1; z->leng = 1; z->sign = 0;
	while (1)
		// while (lsym(z, p) != -1)
		bnpowmod(z, g, p, l);
		if (bncmp(l, qq) == 0) { break; }
		// z += 1
		bnadd(z, o, z, 1);
	// c = pow(z, q, p)
	bnum *c = bninit(max(max(z->size, q->size), p->size) * 3);
	bnpowmod(z, q, p, c);
	// search for a solution
	// f = ((q + 1) / 2)
	bnum *f = bndup(q);
	bnadd(f, o, f, 1); bnrshift(f, 1);
	// x = pow(a, f, p)
	bnpowmod(a, f, p, r);
	// t = pow(a, q, p)
	bnum *t = bninit(max(max(a->size, q->size), p->size) * 3);
	bnpowmod(a, q, p, t);
	// m = s
	bnum *m = bninit(p->size), *i = bninit(p->size), *e = bninit(p->size);
	bncopy(s, m);
	// u = 2
	bnum *u = bninit(1);
	u->nums[0] = 2; u->leng = 1; u->sign = 0;
	bnum *b = bninit(p->size * 4), *v = bninit(p->size * 4), *w = bninit(p->size * 4);
	while ((t->leng > 1) || (t->nums[0] != 1))
		// find the lowest i such that t ^ (2 ^ i) = 1
		// i = 1; e = 2
		i->nums[0] = 1; i->leng = 1; i->sign = 0;
		e->nums[0] = 2; e->leng = 1; e->sign = 0;
		while (bncmp(i, m) < 0)
			bnpowmod(t, e, p, l);
			if ((l->leng == 1) && (l->nums[0] == 1)) { break; }
			bnlshift(e, 1);
			bnadd(i, o, i, 1);
		// update next value to iterate
		// (m - i - 1)
		bnsub(m, i, v, 0);
		bnsub(v, o, v, 0);
		// 2 ^ (m - i - 1)
		bnpowmod(u, v, p, l);
		// b = (c ^ (2 ^ (m - i - 1))) % p
		bnpowmod(c, l, p, b);
		// x = ((x * b) % p)
		bnzero(v); bnmul(r, b, v);
		bndiv(v, p, w, r);
		// b = (b * b) % p
		bnzero(v); bnmul(b, b, v);
		bndiv(v, p, w, b);
		// t = ((t * b) % p)
		bnzero(v); bnmul(t, b, v);
		bndiv(v, p, w, t);
		// c = b; m = i
		bncopy(b, c);
		bncopy(i, m);
	bnfree(o); bnfree(qq); bnfree(g); bnfree(l);
	bnfree(q); bnfree(s); bnfree(z); bnfree(c);
	bnfree(f); bnfree(t); bnfree(m);
	bnfree(i); bnfree(e); bnfree(b);
	bnfree(u); bnfree(v); bnfree(w);
	// r = [x, p - x]
	return 0;

// montgomery curve arithmetic

void nmod(bnum *a, bnum *b)
	if (a->sign == 1) { bnadd(b, a, a, 0); }

void pdub(ecc *p, ecc *r, ect *t)
	// printf("2P=\n");
	// l = 3*x^2 + 2*a*x + 1 / 2*b*y
	// x^2
	bnzero(t->w); bnmul(p->x, p->x, t->w); bndiv(t->w, p->p, t->t, t->v);
	// 3*x^2
	bnadd(t->v, t->v, t->w, 1); bnadd(t->w, t->v, t->w, 1);
	// 2*a*x
	bnzero(t->h); bnmul(p->a, p->x, t->h); bnlshift(t->h, 1);
	bndiv(t->h, p->p, t->t, t->u); nmod(t->u, p->p);
	// 3*x^2 + 2*a*x + 1
	bnadd(t->w, t->u, t->g, 1);
	int x, o = 1;
	for (x = 0; (x < (t->g)->leng) && (o == 1); ++x)
		o = 0; if ((t->g)->nums[x] == 0xffffffff) { o = 1; } (t->g)->nums[x] += 1;
	if (o == 1) { (t->g)->nums[x] = 1; (t->g)->leng += 1; }
	bndiv(t->g, p->p, t->t, t->yr);
	// 1 / 2*b*y
	bnzero(t->w); bnmul(p->b, p->y, t->w); bnlshift(t->w, 1);
	bndiv(t->w, p->p, t->t, t->u); nmod(t->u, p->p); egcd(t->u, p->p, t->i);
	// 3*x^2 + 2*a*x + 1 / 2*b*y
	bnzero(t->w); bnmul(t->yr, t->i, t->w); bndiv(t->w, p->p, t->t, t->s);
	// xr = b*l^2 - a - 2*x
	// l^2
	bnzero(t->g); bnmul(t->s, t->s, t->g);
	// b*l^2 - a
	bnzero(t->w); bnmul(p->b, t->g, t->w);
	bnsub(t->w, p->a, t->w, 0);
	// 2*x
	bnzero(t->h); bncopy(p->x, t->h); bnlshift(t->h, 1);
	// b*l^2 - a - 2*x
	bnsub(t->w, t->h, t->w, 0);
	bndiv(t->w, p->p, t->t, t->xr); nmod(t->xr, p->p);
	// yr = ((3*x + a) * l) - b*l^3 - y
	// (3*x + a) * l
	bnadd(t->h, p->x, t->w, 1); bnadd(t->w, p->a, t->w, 0);
	bndiv(t->w, p->p, t->t, t->u); nmod(t->u, p->p);
	bnzero(t->w); bnmul(t->u, t->s, t->w);
	// l^3
	bncopy(t->g, t->h);
	bnzero(t->g); bnmul(t->h, t->s, t->g); bndiv(t->g, p->p, t->t, t->u);
	// b*l^3
	bnzero(t->h); bnmul(p->b, t->u, t->h);
	bndiv(t->h, p->p, t->t, t->u); nmod(t->u, p->p);
	// ((3*x + a) * l) - b*l^3 - y
	bnsub(t->w, t->u, t->w, 0); bnsub(t->w, p->y, t->w, 0);
	bndiv(t->w, p->p, t->t, t->yr); nmod(t->yr, p->p);
	(t->xr)->leng = (p->p)->size; bncopy(t->xr, r->x);
	(t->yr)->leng = (p->p)->size; bncopy(t->yr, r->y);

void padd(ecc *p, ecc *q, ecc *r, ect *t)
	// printf("P+Q=\n");
	// l = (Qy - Py) / (Qx - Px)
	// Qy - Py
	bnsub(q->y, p->y, t->yr, 0);
	// Qx - Px
	bnsub(q->x, p->x, t->xr, 0);
	bndiv(t->xr, p->p, t->t, t->u); nmod(t->u, p->p);
	// 1 / (Qx - Px)
	egcd(t->u, p->p, t->i);
	// (Qy - Py) / (Qx - Px)
	bnzero(t->w); bnmul(t->yr, t->i, t->w);
	bndiv(t->w, p->p, t->t, t->s);
	// xr = b*l^2 - a - Px - Qx
	// b*l^2 - a - Px - Qx
	bnzero(t->w); bnmul(t->s, t->s, t->w);
	bnzero(t->g); bnmul(p->b, t->w, t->g);
	bnsub(t->g, p->a, t->g, 0);
	bnsub(t->g, p->x, t->g, 0);
	bnsub(t->g, q->x, t->g, 0);
	bndiv(t->g, p->p, t->t, t->xr); nmod(t->xr, p->p);
	// yr = ((2*Px + Qx + a) * l) - b*l^3 - Py
	// 2*Px + Qx + a
	bnadd(p->x, p->x, t->t, 1);
	bnadd(t->t, q->x, t->t, 1);
	bnadd(t->t, p->a, t->t, 0);
	bndiv(t->t, p->p, t->u, t->v); nmod(t->v, p->p);
	// (2*Px + Qx + a) * l
	bnzero(t->w); bnmul(t->v, t->s, t->w); bndiv(t->w, p->p, t->t, t->u);
	// b*l^3
	bnzero(t->w); bnmul(t->s, t->s, t->w);
	bnzero(t->g); bnmul(t->w, t->s, t->g); bndiv(t->g, p->p, t->t, t->v);
	bnzero(t->w); bnmul(t->v, p->b, t->w);
	// ((2*Px + Qx + a) * l) - b*l^3 - Py
	bnsub(t->u, t->w, t->v, 0);
	bnsub(t->v, p->y, t->v, 0);
	bndiv(t->v, p->p, t->t, t->yr); nmod(t->yr, p->p);
	(t->xr)->leng = (p->p)->size; bncopy(t->xr, r->x);
	(t->yr)->leng = (p->p)->size; bncopy(t->yr, r->y);

void pmul(bnum *m, ecc *p, ecc *r)
	int init = 0;
	bnum *mul = bndup(m);
	ecc *b = ecdup(p);
	ect *t = etinit(p);
	while ((mul->leng > 1) || (mul->nums[0] > 0))
		if ((mul->nums[0] % 2) == 1)
			if (init == 0)
				bnfree(r->x); r->x = bndup(b->x);
				bnfree(r->y); r->y = bndup(b->y);
				padd(r, b, r, t);
			init = 1;
		pdub(b, b, t);
		bnrshift(mul, 1);