Fedora People

Brexit: If it looks like racism, if it smells like racism and if it feels like racism, who else but a politician could argue it isn't?

Posted by Daniel Pocock on March 29, 2017 05:33 AM

Since the EU referendum got under way in the UK, it has become almost an everyday occurence to turn on the TV and hear some politician explaining "I don't mean to sound racist, but..." (example)

Of course, if you didn't mean to sound racist, you wouldn't sound racist in the first place, now would you?

The reality is, whether you like politics or not, political leaders have a significant impact on society and the massive rise in UK hate crimes, including deaths of Polish workers, is a direct reflection of the leadership (or profound lack of it) coming down from Westminster. Maybe you don't mean to sound racist, but if this is the impact your words are having, maybe it's time to shut up?

Choosing your referendum

Why choose to have a referendum on immigration issues and not on any number of other significant topics? Why not have a referendum on nuking Mr Putin to punish him for what looks like an act of terrorism against the Malaysian Airlines flight MH17? Why not have a referendum on cutting taxes or raising speed limits, turning British motorways into freeways or an autobahn? Why choose to keep those issues in the hands of the Government, but invite the man-in-a-white-van from middle England to regurgitate Nigel Farage's fears and anxieties about migrants onto a ballot paper?

Even if David Cameron sincerely hoped and believed that the referendum would turn out otherwise, surely he must have contemplated that he was playing Russian Roulette with the future of millions of innocent people?

Let's start at the top

For those who are fortunate enough to live in parts of the world where the press provides little exposure to the antics of British royalty, an interesting fact you may have missed is that the Queen's husband, Prince Philip, Duke of Edinburgh is actually a foreigner. He was born in Greece and has Danish and German ancestry. Migration (in both directions) is right at the heart of the UK's identity.

Queen and Prince Philip

Home office minister Amber Rudd recently suggested British firms should publish details about how many foreign people they employ and in which positions. She argued this is necessary to help boost funding for training local people.

If that is such a brilliant idea, why hasn't it worked for the Premier League? It is a matter of public knowledge how many foreigners play football in England's most prestigious division, so why hasn't this caused local clubs to boost training budgets for local recruits? After all, when you consider that England hasn't won a World Cup since 1966, what have they got to lose?

Kevin Pietersen

All this racism, it's just not cricket. Or is it? One of the most remarkable cricketers to play for England in recent times, Kevin Pietersen, dubbed "the most complete batsman in cricket" by The Times and "England's greatest modern batsman" by the Guardian, was born in South Africa. In the five years he was contracted to the Hampshire county team, he only played one match, because he was too busy representing England abroad. His highest position was nothing less than becoming England's team captain.

Are the British superior to every other European citizen?

One of the implications of the rhetoric coming out of London these days is that the British are superior to their neighbours, entitled to have their cake and eat it too, making foreigners queue up at Paris' Gare du Nord to board the Eurostar while British travelers should be able to walk or drive into European countries unchallenged.

This superiority complex is not uniquely British, you can observe similar delusions are rampant in many of the places where I've lived, including Australia, Switzerland and France. America's Donald Trump has taken this style of politics to a new level.

Look in the mirror Theresa May: after British 10-year old schoolboys Robert Thompson and Jon Venables abducted, tortured, murdered and mutilated 2 year old James Bulger in 1993, why not have all British schoolchildren fingerprinted and added to the police DNA database? Why should "security" only apply based on the country where people are born, their religion or skin colour?

Jon Venables and Robert Thompson

In fact, after Brexit, people like Venables and Thompson will remain in Britain while a Dutch woman, educated at Cambridge and with two British children will not. If that isn't racism, what is?

Running foreigner's off the roads

Theresa May has only been Prime Minister for less than a year but she has a history of bullying and abusing foreigners in her previous role in the Home Office. One example of this was a policy of removing driving licenses from foreigners, which has caused administrative chaos and even taken away the licenses of many people who technically should not have been subject to these regulations anyway.

Shouldn't the DVLA (Britain's office for driving licenses) simply focus on the competence of somebody to drive a vehicle? Bringing all these other factors into licensing creates a hostile environment full of mistakes and inconvenience at best and opportunities for low-level officials to engage in arbitrary acts of racism and discrimination.

Of course, when you are taking your country on the road to nowhere, who needs a driving license anyway?

Run off the road

What does "maximum control" over other human beings mean to you?

The new British PM has said she wants "maximum control" over immigrants. What exactly does "maximum control" mean? Donald Trump appears to be promising "maximum control" over Muslims, Hitler sought "maximum control" over the Jews, hasn't the whole point of the EU been to avoid similar situations from ever arising again?

This talk of "maximum control" in British politics has grown like a weed out of the UKIP. One of their senior figures has been linked to kidnappings and extortion, which reveals a lot about the character of the people who want to devise and administer these policies. Similar people in Australia aspire to jobs in the immigration department where they can extort money out of people for getting them pushed up the queue. It is no surprise that the first member of Australia's parliament ever sent to jail was put there for obtaining bribes and sexual favours from immigrants. When Nigel Farage talks about copying the Australian immigration system, he is talking about creating jobs like these for his mates.

Even if "maximum control" is important, who really believes that a bunch of bullies in Westminster should have the power to exercise that control? Is May saying that British bosses are no longer competent to make their own decisions about who to employ or that British citizens are not reliable enough to make their own decisions about who they marry and they need a helping hand from paper-pushers in the immigration department?

maximum control over Jewish people

Echoes of the Third Reich

Most people associate acts of mass murder with the Germans who lived in the time of Adolf Hitler. These are the stories told over and and over again in movies, books and the press.

Look more closely, however, and it appears that the vast majority of Germans were not in immediate contact with the gas chambers. Even Gobels' secretary writes that she was completely oblivious to it all. Many people were simply small cogs in a big bad machine. The clues were there, but many of them couldn't see the big picture. Even if they did get a whiff of it, many chose not to ask questions, to carry on with their comfortable lives.

Today, with mass media and the Internet, it is a lot easier for people to discover the truth if they look, but many are still reluctant to do so.

Consider, for example, the fingerprint scanners installed in British post offices and police stations to fingerprint foreigners and criminals (as if they have something in common). If all the post office staff refused to engage in racist conduct the fingerprint scanners would be put out of service. Nonetheless, these people carry on, just doing their job, just following orders. It was through many small abuses like this, rather than mass murder on every street corner, that Hitler motivated an entire nation to serve his evil purposes.

Technology like this is introduced in small steps: first it was used for serious criminals, then anybody accused of a crime, then people from Africa and next it appears they will try and apply it to all EU citizens remaining in the UK.

How will a British man married to a French woman explain to their children that mummy has to be fingerprinted by the border guard each time they return from vacation?

The Nazis pioneered biometric technology with the tracking numbers branded onto Jews. While today's technology is electronic and digital, isn't it performing the same function?

There is no middle ground between "soft" and "hard" brexit

An important point for British citizens and foreigners in the UK to consider today is that there is no compromise between a "soft" Brexit and a "hard" Brexit. It is one or the other. Anything less (for example, a deal that is "better" for British companies and worse for EU citizens) would imply that the British are a superior species and it is impossible to imagine the EU putting their stamp on such a deal. Anybody from the EU who is trying to make a life in the UK now is playing a game of Russian Roulette - sure, everything might be fine if it morphs into "soft" Brexit, but if Theresa May has her way, at some point in your life, maybe 20 years down the track, you could be rounded up by the gestapo and thrown behind bars for a parking violation. There has already been a five-fold increase in the detention of EU citizens in British concentration camps and they are using grandmothers from Asian countries to refine their tactics for the efficient removal of EU citizens. One can only wonder what type of monsters Theresa May has been employing to run such inhumane operations.

This is not politics

Edmund Burke's quote "The only thing necessary for the triumph of evil is for good men to do nothing" comes to mind on a day like today. Too many people think it is just politics and they can go on with their lives and ignore it. Barely half the British population voted in the referendum. This is about human beings treating each other with dignity and respect. Anything less is abhorrent and may well come back to bite.

Tether a digital camera using Entangle

Posted by Fedora Magazine on March 29, 2017 05:00 AM

Ever wanted to be able to control your digital camera or DSLR from Fedora? Entangle — an application to tether digital cameras — allows you to take a shot, tweak settings, and view the shot all from the comfort of your desktop. Simply connect your camera up via USB, launch Entangle, and start taking photos.

The Entangle user interface allows you to tweak the settings of the shot — for example aperture, shutter speed, and ISO settings — right from your desktop, without having to play with these settings on the camera itself. Entangle also makes it easy to view statistics and details about the shots you have taken, without having to view them on the small screen of your camera.

Screenshot of entangle on Fedora

Entangle uses the Picture Transfer Protocol (PTP) to control digital cameras and DSLRs from within Fedora. Specifically, Entangle uses the remote capture functionality implemented in libgphoto2. Entangle upstream states in the FAQ, that the best supported cameras are Nikon or Canon DSLRs — they have the widest range of functions, and are tested extensively on libgphoto2.

Installing Entangle

To Install Entangle, search for it in the Software application:

Entangle in the Software app

Alternatively, install using dnf on the commandline, using the command:

sudo dnf install entangle

 

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

GdMainBox — the new content-view widget in libgd

Posted by Debarshi Ray on March 28, 2017 10:06 PM

Now that I have written at length about the new fluid overview grids in GNOME Photos, it is time to talk a bit about the underlying widgets doing the heavy lifting. Hopefully some of my fellow GNOME developers will find this interesting.

Background

Ever since its incubation inside Documents, libgd has had a widget called GdMainView. It is the one which shows the grid or list of items in the new GNOME applications — Boxes, Photos, Videos, etc.. It is where drag-n-drop, rubber band selection and the selection mode pattern are implemented.

However, as an application developer, I think its greatest value is in making it trivial to switch the main content view from a grid to a list and back. No need to worry about the differences in how the data will be modelled or rendered. No need to worry about all the dozens of little details that arise when the main UI of an application is switched like that. For example, this is all that the JavaScript code in Documents does:

  let view = new Gd.MainView({ shadow_type: Gtk.ShadowType.NONE });
  …
  view.view_type = Gd.MainViewType.LIST; // use a list
  …
  view.view_type = Gd.MainViewType.ICON; // use a grid


Unfortunately, GdMainView is based on GtkIconView and GtkTreeView. By this time we all know that GtkIconView has various performance and visual problems. While GtkTreeView might not be slow, the fact that it uses an entirely separate class of visual elements that are not GtkWidgets limits what one can render using it. That’s where GdMainBox comes in.

GdMainBox

GdMainBox is a replacement for GdMainView that is meant to use GtkFlowBox and GtkListBox instead.

GListModel *model;
GtkWidget *view;

model = /* a GListModel containing GdMainBoxItems */
view = gd_main_box_new (GD_MAIN_BOX_ICON);
gd_main_box_set_model (GD_MAIN_BOX (view), model);
g_signal_connect (view,
                  "item-activated",
                  G_CALLBACK (item_activated_cb),
                  data);
g_signal_connect (view,
                  "selection-mode-request",
                  G_CALLBACK (selection_mode_request_cb),
                  data);
g_signal_connect (view,
                  "selection-changed", /* not view-selection-changed */
                  G_CALLBACK (selection_changed_cb),
                  data);


If you are familiar with with old GdMainView widget, you will notice the striking similarity with it. Except one thing. The data model.

GdMainView expected applications to offer a GtkTreeModel with a certain number of columns arranged in a certain order with certain type of values in them. Nothing surprising since both GtkIconView and GtkTreeView rely on the existence of a GtkTreeModel.

In the world of GtkListBoxes and GtkFlowBoxes, the data model is GListModel, a list-like collection of GObjects [*]. Therefore, instead of columns in a table, they need objects with certain properties, and methods to access them. These are codified in the GdMainBoxItem interface which every rendered object needs to implement. You can look at this commit for an example. A nice side-effect is that an interface is inherently more type-safe than a GtkTreeModel whose expected layout is expressed as enumerated types. The compiler can not assert that a certain column does have the expected data type, so it left us vulnerable to bugs caused by inadvertent changes to either libgd or an application.

But why a new widget?

You can definitely use a GtkFlowBox or GtkListBox directly in an application, if that’s what you prefer. However, the vanilla GTK+ widgets don’t offer all the necessary features. I think there is value in consolidating the implementation of those features in a single place that can be shared across modules. It serves as a staging area for prototyping those features in a reasonably generic way so that they can eventually be moved to GTK+ itself. If nothing else, I didn’t want to duplicate the same code across the two applications that I am responsible for — Documents and Photos.

One particularly hairy thing that I encountered was the difference between how selections are handled by the stock GtkFlowBox and the intended behaviour of the content-view. Other niceties on offer are expanding thumbnails, selection mode, and drag-n-drop.

If you do decide to directly use the GTK+ widgets, then I would suggest that you at least use the same CSS style classes as GdMainBox — “content-view” for the entire view and “tile” for each child.

The future

I mentioned changing lists to grids and vice versa. Currently, GdMainBox only offers a grid of icons because Photos is the only user and it doesn’t offer a list view. That’s going to change when I port Documents to it. When that happens, changing the view is going to be just as easy as it used to be.

gd_main_view_set_view_type (GD_MAIN_BOX (view), GD_MAIN_BOX_LIST);



[*] Yes, it’s possible to use them without a model, but having a GListModel affords important future performance optimizations, so we will ignore that possibility.


2.5.0

Posted by Bodhi on March 28, 2017 09:39 PM

Bodhi 2.5.0 is a feature and bugfix release.

Features

  • #1313 - The web interface now uses the Fedora Bootstrap theme. The layout of the update page has also been revamped to display the information about an update in a clearer manner.
  • The bodhi CLI now has a --url flag that can be used to switch which Bodhi server it communicates with. The BODHI_URL environment can also be used to configure this flag.
  • The documentation has been reorganized.
  • The Python bindings are now documented.
  • 6d6de4bc - Bodhi will now announce that karma has been reset to 0 when builds are added or removed from updates.
  • d3ccc579 - Bodhi will now announce that autokarma has been disabled when an update received negative karma.
  • 57a80f42 - The docs theme is now Alabaster.
  • #1322 - The Bodhi documentation now has a description of Bodhi on the landing page.
  • #1323 - The REST API is now documented.
  • 1087939b - The client Python bindings can now accept a base_url that doesn't end in a slash.

Bugs

  • #902 - The position of the Add Comment button is now the bottom right.
  • #1187 - An unusuable --request flag has been removed from a CLI command.
  • #1296 - The cursor is now a pointer when hovering over Releases button.
  • #1305 - The number of days to stable is now correctly calculated on updates.
  • d5bec3fa - Fix a query regular expression so that Fedora update ids work.
  • #1033 - Karma thresholds can now be set when autopush is disabled.

Development improvements

  • The Vagrant development environment automatically configures the BODHI_URL environment variable so that the client talks to the local server instead of production or staging.
  • Test coverage is up another percentage to 82%.
  • Bodhi is now PEP-8 compliant.
  • The development environment now displays all Python warnings once.

Release contributors

The following developers contributed to Bodhi 2.5.0:

  • Ryan Lerch
  • Trishna Guha
  • Jeremy Cline
  • Ankit Raj Ojha
  • Ariel O. Barria
  • Randy Barlow

Fedora 26 Supplementary Wallpapers: Vote now!

Posted by Fedora Community Blog on March 28, 2017 04:26 PM

At the end of January, the submission phase for Fedora 26 Supplementary Wallpapers opened. Now, the submission phase is closed and the voting phase is now open. If you have a FAS account and meet the CLA+1 group requirement, you can cast your vote in Nuancier.

Wallpapers for Fedora 26

We have again around 100 submissions from more then 60 different contributors, from which we will choose 16 to get packaged as supplemental wallpapers for Fedora 26. The contributors who successfully submitted their wallpaper should all now have the badge.  In case your badge was not awarded, ping gnokii in #fedora-design on freenode.

As for past contests, a lot of the participants made their first contribution to Fedora. We will continue to improve Nuancier and the submission process for supplementary wallpapers. We will also try to improve the quality of submissions. We have already improved with limiting the amount of submissions. We have also had longer phases for submissions and the time for the voting is also longer than before.

Be sure to cast your vote before April 6th, 2017 to have a say in what wallpapers are included! By participating, you can also receive a limited edition badge too. Please note, this badge must be claimed manually from you during the voting process, it is not automatically awarded. It can be not awarded afterwards, as it is not visible who has voted.

The post Fedora 26 Supplementary Wallpapers: Vote now! appeared first on Fedora Community Blog.

Valkyrie - one year.

Posted by mythcat on March 28, 2017 01:43 PM
Valkyrie marks its first birthday today.
Let's see this video about the voice of this game Katee Sackhoff 

<iframe allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/X5BUMb7SatI?ecver=2" style="height: 100%; left: 0; position: absolute; width: 100%;" width="640"></iframe>

EVE: Valkyrie is a multiplayer dogfighting shooter game set in the EVE Online universe[3] that is designed to use virtual reality headset technology. Originally launched for Microsoft Windows for use with the Oculus Rift virtual reality headset,[4][5] CCP Games has announced they plan to enable cross-platform play between the three major VR systems: the Oculus Rift, the HTC Vive, and the PlayStation VR.[6] - source: wikipedia.org

In Norse mythology, a valkyrie (from Old Norse valkyrja "chooser of the slain") is one of a host of female figures who choose those who may die in battle and those who may live. Selecting among half of those who die in battle (the other half go to the goddess Freyja's afterlife field Fólkvangr), the valkyries bring their chosen to the afterlife hall of the slain, Valhalla, ruled over by the god Odin. - source: wikipedia.org

The journalctl command.

Posted by mythcat on March 28, 2017 11:36 AM
This is a good linux command for Linux maintenance.
First step is to read the documentation:
[root@localhost mythcat]# man journalctl
JOURNALCTL(1) journalctl JOURNALCTL(1)

NAME
journalctl - Query the systemd journal

SYNOPSIS
journalctl [OPTIONS...] [MATCHES...]

DESCRIPTION
journalctl may be used to query the contents of the systemd(1) journal
as written by systemd-journald.service(8).

If called without parameters, it will show the full contents of the
journal, starting with the oldest entry collected.

If one or more match arguments are passed, the output is filtered
accordingly. A match is in the format "FIELD=VALUE", e.g.
"_SYSTEMD_UNIT=httpd.service", referring to the components of a
structured journal entry. See systemd.journal-fields(7) for a list of
well-known fields. If multiple matches are specified matching different
fields, the log entries are filtered by both, i.e. the resulting output
will show only entries matching all the specified matches of this kind.
If two matches apply to the same field, then they are automatically
matched as alternatives, i.e. the resulting output will show entries
matching any of the specified matches for the same field. Finally, the
character "+" may appear as a separate word between other terms on the
command line. This causes all matches before and after to be combined
in a disjunction (i.e. logical OR).
...
The self maintenance method is to vacuum the logs.
This help you with free space into your Linux OS.
For example: I got 3 Gigabytes of data in just 3 days.
# journalctl --vacuum-time=3d
Vacuuming done, freed 3.7G of archived journals on disk. To clean up this you can use the command into several ways:
  • by time
  • journalctl --vacuum-time=2d
  • retain only the past 500 MB
  • journalctl --vacuum-size=500M
As you know: The is an init system used in Linux distributions to bootstrap the user space and manage all processes subsequently. The journald daemon handles all of the messages produced by the kernel, initrd, services, etc. You can use the journalctl utility, which can be used to access and manipulate the data held within the journal. Let's start with some examples: How to see the configuration file for this process:
[root@localhost mythcat]# cat /etc/systemd/journald.conf
Also you can see the status of this service:
[root@localhost mythcat]# systemctl status  systemd-journald
● systemd-journald.service - Journal Service
Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static; vendor preset: disabled)
Active: active (running) since Tue 2017-03-28 09:12:20 EEST; 1h 8min ago
Docs: man:systemd-journald.service(8)
man:journald.conf(5)
Main PID: 803 (systemd-journal)
Status: "Processing requests..."
Tasks: 1 (limit: 4915)
CGroup: /system.slice/systemd-journald.service
└─803 /usr/lib/systemd/systemd-journald

Mar 28 09:12:20 localhost.localdomain systemd-journald[803]: Runtime journal (/run/log/journal/) is 8.0M,
max 371.5M, 363.5M free.
Mar 28 09:12:20 localhost.localdomain systemd-journald[803]: Journal started
Mar 28 09:12:22 localhost.localdomain systemd-journald[803]: System journal (/var/log/journal/) is 3.9G,
max 4.0G, 23.8M free.
Mar 28 09:12:23 localhost.localdomain systemd-journald[803]: Time spent on flushing to /var is 915.454ms
I hope this article will help you on Linux maintenance

Fedora Activity Day, Bangalore 2017

Posted by Fedora Community Blog on March 28, 2017 08:15 AM

The Fedora Activity Day (FAD) is a regional event (either one-day or multi-day) that allows Fedora contributors to gather together in order to work on specific tasks related to the Fedora Project.

FAD in Bangalore

On February 25th 2017, a FAD was conducted in one of the admirable university of Bangalore: University Visvesvaraya College of Engineering (UVCE). It was not a typical “hackathon” or “DocSprint” but a series of productive and interactive sessions on different tools.

Fedora Activity Day, Bangalore 2017

16992118_596170640578151_7867005483610103531_oThe goal of this FAD was to make students aware about Fedora so that they can test, develop and contribute. The event was a one-day event, started at 10:30 in morning and concluded at 3:00 in the afternoon.

First talk: Ansible and automation

The first talk was on Ansible, which is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates. The session was taken up by Vipul Siddharth and Prakash Mishra, who are Fedora contributors. They discussed about the importance of such automation tool and gave a small demo for getting started with Ansible.

Second talk: Contributing to the kernel

16904800_596185137243368_2294766962062607577_oThe Ansible session was followed by the session on contributing to Linux kernel, given by our esteemed guest Vaishali Thakkar (@kernel_girl ). Vaishali is Linux Kernel developer at Oracle. She is working in kernel security engineering group and associated with the open source internship programs and some community groups. Vaishali highlighted upon each and every aspect of kernel one should know before contributing. She discussed the lifecycle and how-where-when of a pull request. The session was a three hour long session with a short lunch break. The first part of the session was focused on theoretical aspects of sending your first patch to the kernel community and the second part was a demo session where she sent a patch from scratch (Slides).

Third talk: Contributing to Fedora

The last session was taken up by Sumantro Mukherjee (Fedora Ambassador) and Kanika Murarka, on pathways to contribute to Fedora with a short interactive session.

The speakers were awarded t-shirts as a mark of respect. We would like to thank Fedora community and the IEEE subchapter of UVCE college for making this FAD possible.

The post Fedora Activity Day, Bangalore 2017 appeared first on Fedora Community Blog.

Remember kids, if you're going to disclose, disclose responsibly!

Posted by Josh Bressers on March 28, 2017 02:02 AM
If you pay any attention to the security universe, you're aware that Tavis Ormandy is basically on fire right now with his security research. He found the Cloudflare data leak issue a few weeks back, and is currently going to town on LastPass. The LastPass crew seems to be dealing with this pretty well, I'm not seeing a lot of complaining, mostly just info and fixes which is the right way to do these things.

There are however a bunch of people complaining about how Tavis and Google Project Zero in general tend to disclose the issues. These people are wrong, I've been there, it's not fun, but as crazy as it may seem to the ouside, the Project Zero crew knows what they're doing.

Firstly let's get two things out of the way.

1) If nobody is complaining about what you're doing, you're not doing anything interesting (Tavis is clearly doing very interesting things).

2) Disclosure is hard, there isn't a perfect solution, what Project Zero does may seem heartless to some, but it's currently the best way. The alternative is an abusive relationship.

A long time ago I was a vendor receiving security reports from Tavis, and I won't lie, it wasn't fun. I remember complaining and trying to slow things down to a pace I thought was more reasonable. Few of us have any extra time and a new vulnerability disclosure means there's extra work to do. Sometimes a disclosure isn't very detailed or lacks important information. The disclosure date proposed may not line up with product schedules. You could have another more important issue you're working on already. There are lots of reasons to dread dealing with these issues as a vendor.

All that said, it's still OK to complain, and every now and then the criticism is good. We should always be thinking about how we do things, what makes sense today won't make sense tomorrow. The way Google Project Zero does disclosure today was pretty crazy even five years ago. Now it's how things have to work. The world moves very fast now, and as we've seen from various document dumps over the last few years, there are no secrets. If you think you can keep a security issue quiet for a year you are sadly mistaken. It's possible that was once true (I suspect it never was, but that's another conversation). Either way it's not true anymore. If you know about a security flaw it's quite likely someone else does too, and once you start talking to another group about it, the odds of leaking grow at an alarming rate.

The way things used to work is changing rapidly. Anytime there is change, there are always the trailblazers and laggards. We know we can't develop secure software, but we can respond quickly. Spend time where you can make a difference, not chasing the mythical perfect solution.

If your main contribution to society is complaining, you should probably rethink your purpose.

Episode 39 - Flash on your dishwasher

Posted by Open Source Security Podcast on March 28, 2017 01:08 AM
Josh and Kurt discuss certificates, OpenSSL, dishwashers, Flash, and laptop travel bans.

Download Episode
<iframe frameborder="no" height="150" scrolling="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/314794586&amp;auto_play=false&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false&amp;visual=true" width="100%"></iframe>

Show Notes



Building IoT enabled power-strip with MicroPython and NodeMCU

Posted by Kushal Das on March 27, 2017 03:20 PM

This was on my TODO list for a long time. But, never managed to time to start working on it, I was also kind of scared of doing the AC wiring without adult supervision :).

Items used

  • Power-strip
  • USB power plug (any standard mobile phone charger)
  • wires
  • NodeMCU Amica
  • Relay board
  • MicroPython
  • Mosquitto server on my home network

I ordered double relay boards (this one was marked for Arduino) from Amazon, and they were laying in the boxes in the Pune Hackerspace for a long time.

Yesterday, we had a Raspberry Pi workshop in the hackerspace as part of the Python Pune monthly meetup. Nikhil was present in the meetup, and I asked for help from him as he is a real hardware expert.

We took one of the existing power-strip from the hackerspace, and also a mobile phone charger. After taking out 2 of the power sockets we had enough space to plug-in the rest of the system inside of it. Of course, Nikhil did all the hard work of soldering the wires in the proper manner.

The relay board is connected to a NodeMCU Amica running MicroPython. It has a code like the following example:

import time
from machine import Pin
from umqtt.simple import MQTTClient

# Received messages from subscriptions will be delivered to this callback
def sub_cb(topic, msg):
    led1 = Pin(14,Pin.OUT)
    if msg == b"on_msg":
        led1.low()
    elif msg == b"off_msg":
        led1.high()

def main(server="SERVER_IP"):
    c = MQTTClient("umqtt_client", server)
    c.set_callback(sub_cb)
    c.connect()
    c.subscribe(b"your_topic")
    while True:
        c.wait_msg()
    c.disconnect()

if __name__ == "__main__":
    try:
        time.sleep(10)
        main()
    except:
        pass

I will have to cover up the holes with something, and also push the code to a proper repository. Meanwhile this was the first usable thing I made with help from friends in the Hackerspace Pune. Come and join us to have more fun and build new things.

Btw, remember to have a password protected mosquitto server :)

Customize Packages for Atomic Host : Ansible Automation

Posted by Trishna Guha on March 27, 2017 10:50 AM

My earlier post automate-building-your-own-atomic-host describes how to Automate building Atomic Host with Ansible. But it is not capable of customizing packages for OSTree and build Atomic host based on it.

This post includes Ansible Automation for customizing packages of OSTree and build Atomic Host. Below are the improvements on this updated post :

  • Add packages to OSTree (It is suggested not to delete any pre-existing packages from the OSTree, that might break your Atomic host).
  • No need to create VM from the QCOW2 image will shell script anymore, It will be now all-in-one playbook.

If you do not know about Atomic host, please refer to http://www.projectatomic.io.

Requirements:

The requirements remain the same just like the earlier post. I will use Fedora distribution for the demo, but the same will be applicable for CentOS as well.

  • Make sure Ansible is installed on your system. If you are using Fedora workstation/any other platform, do not forget to install python2-dnf as well.
  • Download Atomic QCOW2 image: Fedora-Atomic.

Procedure:

Clone:

$ git clone https://github.com/trishnaguha/build-atomic-host.git
$ cd build-atomic-host/

Environment Setup:

The following will install requirements on your system, initializes OSTree and starts HTTP server as daemon service. The OSTree is made available via web server at TCP port 35000. After running the playbook you may use ip addr to check the IP Address of your HTTP server.

$ ansible-playbook setup.yml --ask-sudo-pass

Variables:

I am going to use variables applicable for Fedora. If you are using CentOS please modify the variables based on it.

  • Primary Variables.
    vars/atomic.yml
---
# Variables for Atomic host
atomicname: my-atomic                          # OSTree name
basehost: fedora-atomic/25/x86_64/docker-host  # Basehost
httpserver: 192.168.122.1                      # IP Address of HTTP Server
  • Additional packages you would like to have in your OSTree.
    vars/buildrepo.yml
# Variables for OSTree packages
repo: https://pagure.io/fedora-atomic.git
branch: f25
repodir: fedora-atomic
abs_path: /workspace                                # The absolute path to the git repo.
custommanifest: customized-atomic-docker-host.json  # The manifest that goes into the custom host(ostree) content that we are going to build.
sourcemanifest: fedora-atomic-docker-host.json      # The manifest that goes into the actual Base Fedora host(ostree) content.
packages: '"vim-enhanced", "git"'                   # Packages you want to have in your Atomic host.

Add packages like above separate by comma.

  • Variables for the VM
    vars/guests.yml
# Variables for Creating VM
domain: atomic-node                        # Domain name
image: Fedora-Atomic-25-20170228.0.x86_64  # Image name
cpu: 1
mem: 1536
os:
  variant: fedora23
path: /tmp                                 # Path to QCOW2 Image

Main Playbook:

Run the main Playbook which will create VM from QCOW2 image, compose OSTree and perform SSH-Setup and Rebase on OSTree:

$ ansible-playbook main.yml --ask-sudo-pass

Note: user-name: atomic-user, password: atomic are the credentials for the instance.
If you wish to change it, modify the cloud-init user-data.
We will have the credentials as variables/vault later.

To Check the IP Address of the VM running:

$ sudo virsh domifaddr atomic-node

Now SSH to the Atomic host and perform Reboot so that it will reboot in to custom OSTree.

$ ssh atomic-user@IP-ADDRESS-OF-VM
$ sudo systemctl reboot

SSH again and You will have your own OSTRee.

[atomic-user@atomic-node ~]$ sudo rpm-ostree status
State: idle
Deployments:
● my-atomic:fedora-atomic/25/x86_64/docker-host
       Version: 25.1 (2017-02-07 05:34:46)
        Commit: 15b70198b8ec7fd54271f9672578544ff03d1f61df8d7f0fa262ff7519438eb6
        OSName: fedora-atomic

  fedora-atomic:fedora-atomic/25/x86_64/docker-host
       Version: 25.51 (2017-01-30 20:09:59)
        Commit: f294635a1dc62d9ae52151a5fa897085cac8eaa601c52e9a4bc376e9ecee11dd
        OSName: fedora-atomic
[atomic-user@atomic-node ~]$ rpm -q git vim-enhanced
git-2.9.3-2.fc25.x86_64
vim-enhanced-8.0.386-1.fc25.x86_64

If you find any bug/idea please open up issues here. Thanks.

Atomic-Host


Using cloud-init to initialize Fedora Cloud VMs on oVirt

Posted by Fedora Magazine on March 27, 2017 08:19 AM

This article shows how to use cloud-init on the oVirt management platform. With cloud-init, you can start up a Fedora Cloud Base Image template, configured for network and logins, without logging into the virtual machine.

What is oVirt?

oVirt is a free, open-source virtualization management platform with an easy web interface.

What is cloud-init?

The cloud-init tool provides early initialization and setup of a virtual machine (VM). This usually happens during the startup of the guest operating system on the VM.

What can I do with cloud-init in oVirt?

oVirt allows you to configure:

  • an initial user account including password and your SSH key
  • a hostname
  • the timezone of the VM
  • DNS settings and networks on the VM

Additionally, it allows you to pass a custom cloud-init script. That script gives you even more control over the VM.

Virtual machine requirements

To use cloud-init with a virtual machine, the cloud-init package must be installed on the VM in question. Packages for cloud-init are available in most distributions’ package repositories, including Fedora.

The VM you’re booting should have the cloud-init package preinstalled and configured to start automatically on boot.

cloud-init configuration within oVirt

There are two ways to configure the cloud-init parameters:

  • Permanent: Saves a configuration, which is useful for stateless VMs that discard all changes after shutdown.
  • Temporary: Passes configuration via the run once dialog used only for the current run of the VM.

How to permanently setup cloud-init parameters for a VM in oVirt

  1. Log in to the user portal or the administration portal of your oVirt instance.
  2. In case of the user portal, select the Extended link in the upper left corner to get the list of your VMs. (This step is not required for the Administration portal.)
  3. Select the VM in the list you want to configure.
  4. Select the Edit link which is now active in the list header.
  5. The Edit Virtual Machine dialog then opens. Now choose the Initial Run section on the left hand side of the dialog. This is usually the third entry from the top. (Note: If the Initial Run section is not present, select the Show Advanced Options in the bottom left area of the dialog to reveal hidden options.) Mark the check box Use Cloud-Init/Sysprep. This will reveal the available options.

Now configure the options as desired and select OK. oVirt applies the configuration to the VM the next time it’s started.

How to temporarily setup cloud-init parameters for a VM in oVirt via Run-Once

  1. Log in to the user or administration portal of your oVirt instance.
  2. If using the user portal, select the Extended link in the upper left corner to get the list of your VMs. (This step is not required for the administration portal.)
  3. Select the VM you’d like to configure in the list.
  4. Select the Run-Once link in the list header. The Run Virtual Machine(s) dialog appears.
  5. Now choose the Initial Run section.
  6. Mark the check box Use Cloud-Init. This will reveal the available options.

Now configure the options as desired and select OK. The VM starts with these options configured and applied. The information entered is not persistent. It’s discarded on shutdown of the VM. However, changes you apply inside the VM persist, as long as the VM isn’t stateless.

Hands on with the Fedora Cloud Base Image

From the oVirt administration portal, one imports a virtual machine disks from an predefined image. oVirt comes with a glance repository with many Linux distribution images. Several versions of CentOS 7, Ubuntu, and Fedora are included.

Importing the image

This example uses the Fedora 25 Cloud Base Image. Within the Storage section of the administration portal, select the ovirt-image-repository entry in the table. A list of available images to import appears in the lower pane.

Image selection in the oVirt Administration Portal

Image selection in the oVirt Administration Portal

Right click on the entry to setup the import. You can import to the datacenter and storage domain of choice as a new disk or template. This example imports as a disk.

The Import Image Dialog in oVirt

Import Image Dialog in oVirt

Setting up the virtual machine

After the disk image has been imported, switch to the Virtual Machines section and create a New VM. In the dialog choose Linux as the operating system. Configure it to be optimized for Server usage. Next, set a name for the virtual machine. The name of virtual machines in oVirt may not contain spaces.

Next attach the disk image to the virtual machine in the Instance Images section. The imported disk image should be called GlanceDisk followed by a dash and some numbers and letters. However, if you opted to rename it in the import dialog, look for the name you assigned there.

New Virtual Machine Dialog in oVirt

New Virtual Machine Dialog in oVirt

Now, configure the network interfaces. For this scenario add two adapters and set them to the appropriate network. The correct network depends on your configuration. By default the network is called ovirtmgmt/ovirtmgmt. In your environment, or in more complex scenarios, this might be different.

Change the amount of memory and number of CPUs in the System section of the dialog as needed.

Getting started with cloud-init

Now you can configure the virtual machine details from the Initial Run section of the dialog. Check the Cloud-Init/Sysprep checkbox to make the options visible.

Setting up cloud-init in the oVirt 'New Virtual Machine' dialog

Setting up cloud-init in the oVirt ‘New Virtual Machine’ dialog

Set a hostname as desired. This example uses f25.magazine.example.com. Next, set up a time zone by checking the Configure Time Zone checkbox and choosing the appropriate time zone.

Setting up authentication

The oVirt Cloud-Init configuration dialog lets users create new users and set their password. Additionally it lets you supply a SSH key for the root user. This key is added to the authorized-keys so you can establish a password-less SSH connection to the VM.

VM edit dialog - Cloud Init options - Adding authentication options

VM edit dialog – Cloud Init options – Adding authentication options

Networking options

oVirt offers a straightforward way to configure networks via cloud-init. To use the functionality, check the Network checkbox. Here you can set up DNS servers, DNS search domains, and network interface configurations.

To add an interface configuration, click the Add new button. Give the network a name, which may not contain spaces or special characters.

You may choose a dynamic network configuration, which is usually the default. It’s a good idea to check the Start on Boot checkbox, so the network configuration will be processed when the VM boots.

If you have no DHCP available, or if you prefer a fixed IP, choose the Static option from the Boot Protocol drop down. Then edit the IP address, Netmask and Gateway for your interface.

VM dialog - Cloud Init options - Network configuration

VM dialog – Cloud Init options – Network configuration

Finishing up

Once all information is configured, select OK and start the VM. If the VM is configured correctly and the cloud-init package is enabled to start on boot, it will find the configuration and apply all the settings.

In case of persistent information, oVirt marks a VM as initialized after the VM’s first runM. Once it is marked as initialized, the cloud-init information is no longer passed to the VM. This is not the case if the VM is stateless. A stateless VM discards all changes applied after the run, and therefore the VM won’t be marked as initialized.

 

Save

Save

Arranging Install Fest 2017

Posted by Julita Inca Chiroque on March 27, 2017 05:43 AM

Next Thursday at the auditorium of the School of Computer Science, we are going to install in more than 200 new students of the university FEDORA + GNOME, since during the first year they study algorithms, C programming and GNU/Linux in general.

Thanks to the authorities of the National University of Engineering for arranging all the proper permissions and also the company Softbutterfly will provide us a Website to document all the Linux events that we have done in universities during the last years.

uni.pngSpecial thanks to our designer Leyla Marcelo who have designed some new stickers for GNOME and Fedora. Balloons and t-shirts were also been prepared for this new event! 🙂


Filed under: FEDORA, GNOME Tagged: fedora, Fedora release, GNOME, install fest 2017, install fest Peru, InstallFest2017, Julita Inca, Julita Inca Chiroque, National University of Engineering, UNI, Universidad Nacional de Ingenieria

Setting up a 6in4 tunnel with Fedora

Posted by Luc de Louw on March 26, 2017 11:51 AM

Why using IPv6 Tunnels anyway? Today, most Internet access providers are IPv6 enabled. However, unfortunately the majority of them do not provide a static /64 prefix, you will get it dynamically assigned. Some providers can assign you a static prefix … Continue reading

The post Setting up a 6in4 tunnel with Fedora appeared first on Luc de Louw's Blog.

Technical Workshop Guidelines

Posted by Robbie Harwood on March 26, 2017 04:00 AM

Semi-recently, I attended a workshop-style conference. While I think I really like the organization and their work, there were some issues in organizing around "techies". So from that, I'd like to present some suggestions as to how to run one of these events:

  1. Make sure your wireless works. If your tooling lives on GitHub, and your venue's wireless blocks GitHub, you're going to have a bad time. (This is not a hypothetical example.)

  2. Be sure you have things to be done. This requires effort on your part: not only checking that the work exists, but that it is of reasonable scope.

  3. Match work to participants. In particular, do not give programming jobs to people who have never programmed before. There is a tendency to be welcoming; keep in mind that people who are over their head are unlikely to return.

  4. Don't sweat inefficiency. Someone who knows the project or codebase already will be able to accomplish the tasks you have prepared faster (and possible better) than your attendees. If the primary purpose of the event is either (or both!) of onboarding or face-to-face collaboration, then there's no reason to worry.

  5. Have mentors. Your participants will want to excel regardless of the previous item; it's natural. And they'll feel better if they are enabled to do so; having a better time makes people more likely to stick around.

  6. Give time for schmoozing. It's best if this isn't explicitly labeled in the schedule. Ideally, it's slop around moving from place to place, or longer-than-necessary breaks for food, and things like that. This way people do not feel forced to "network", but are still free to socialize.

  7. Formally collect all work at the end. You of course care some about the work being done (hopefully), so it makes sense to gather it. There is also value in associating people with a project since then they feel accountable for it, and are more likely to continue working on it in the future.

  8. Contextualize. Make sure your participants know why the work they're doing is important, and what more they can do once they have good knowledge of the project.

I don't mean this list to be exhaustive: while not sufficient for a good conference, these are I judge necessary conditions. I think these events can be very valuable, especially for bringing on new people, and don't want to discourage them in any way, just improve them.

Pine64 + USB drive

Posted by Richard W.M. Jones on March 25, 2017 05:52 PM

It looks like a crazy ball of string and rubber bands now. I added an external SSD in an enclosure powered by the compatible JMS578 chipset. But the board itself cannot supply enough power through USB to external drivers, so there’s also a powered USB hub (thus the whole thing needs two power supplies).

It works is the best I can say about it at this point.

Important edit: I discovered that the powered USB hub is not necessary (presumably because this is an SSD, not a spinning disk). That eliminates the power supply problem.


[Fedora 26] NetworkManager update mach WLAN unbenutzbar

Posted by Fedora-Blog.de on March 25, 2017 01:07 PM

Wer sein Fedora 26 über WLAN mit dem Internet verbindet, sollte nach dem installieren des aktuellen Updates für den NetworkManager auf Version 1.8.0 noch das Paket NetworkManager-wifi installieren, da ansonsten keine Verbindungen per WLAN mehr möglich sind.

Grund hierfür ist, das die Unterstützung für WLAN in Version 1.8 aus dem NetworkManager core entfernt und in ein Plugin ausgelagert wurde.

Easy qemu commandline passthrough with virt-xml

Posted by Cole Robinson on March 25, 2017 01:30 AM
Libvirt has supported qemu commandline option passthrough for qemu/kvm VMs for quite a while. The format for it is a bit of a pain though since it requires setting a magic xmlns value at the top of the domain XML. Basically doing it by hand kinda sucks.

In the recently released virt-manager 1.4.1, we added a virt-install/virt-xml option --qemu-commandline that tweaks option passthrough for new or existing VMs. So for example, if you wanted to add the qemu option string '-device FOO' to an existing VM named f25, you can do:

  ./virt-xml f25 --edit --confirm --qemu-commandline="-device FOO"

The output will look like:

--- Original XML
+++ Altered XML
@@ -1,4 +1,4 @@
-<domain type="kvm">
+<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0" type="kvm">
<name>f25</name>
<uuid>9b6f1795-c88b-452a-a54c-f8579ddc18dd</uuid>
<memory unit="KiB">4194304</memory>
@@ -104,4 +104,8 @@
<address type="pci" domain="0x0000" bus="0x00" slot="0x0a" function="0x0"/>
</rng>
</devices>
+ <qemu:commandline>
+ <qemu:arg value="-device"/>
+ <qemu:arg value="foo"/>
+ </qemu:commandline>
</domain>

Define 'f25' with the changed XML? (y/n):

MUA++ (or on to thunderbird)

Posted by Kevin Fenzi on March 25, 2017 12:11 AM

So, a few weeks ago I moved my MUA (Mail User Agent) from claws-mail over to evolution. Last week I decided to move on and give thunderbird a try.

Mostly evolution worked, but it had some bugs I hit that were quite annoying: From time to time it would duplicate emails on my work imap server. Suddenly I would get 50 copies of some list post. I could of course select them and ‘delete duplicates’ but this was pretty anoying. I tried all sorts of tuning to get it to not do that, but nothing seemed to work. Additionally I found the keyboard shortcuts difficult to get used.

So, thunderbird. For this I needed to make a change I had been meaning to for a long time, but kept never getting around to: I needed to switch to using my home server’s imap server instead of delivering email to my laptop (thunderbird only does imap for incoming emails). Fortunately, it was easy to just change my .procmailrc to deliver to the server and serve it via imap. However then I ran into some real confusion: I had setup my server (dovecot) a number of years back to provide 2 ‘namespaces’ in imap: The first would be a Mailbox that it would deliver email to, and the second would be a Maildir that it used for folders (this was due to having some friends using my mail server who insisted on using mail clients via shell that didn’t understand Maildir). I had to do a bit of tweaking to get it working for me, but not breaking it for others. The mbox namespace also meant there was a mail directory with mailbox folders and if you were not careful how you set things up you would get those (mailbox is a good deal less permofrmant than Maildir, so I wanted to avoid them). Finally, I got it all working there.

So, after now using thunderbird for a week or so, the good:

  • thunderbird has no problems talking to various imap servers. No duplicate emails, no errors, everything works nicely and pretty quickly.
  • lightning plugin is now built in/included in thunderbird and it has had no problems talking to all my vaious calendars.
  • enigmail seems to do a fine job with encrypted emails and signing my outgoing emails.
  • The keyboard commands seem a lot easier to get used to, and with the Nostalgy extension it’s pretty easy to file emails and go to places.
  • The search features seem very fast and work well. I ‘star’ mails I want to deal with later, and have a search folder that shows all starred emails. I can from there easily open a tab with the entire conversation if I want to read the thread the email was in again.
  • There’s a handy sort by ‘Grouped’ thats nice for some things. It will show you for example todays emails and let you expand previous days if you like.

The bad:

  • I cannot quite seem to get the message view to look the way I want. It seems to change what fonts it uses sometimes based on “I am not sure what”. Possibly if the email is html only? Will keep looking into it.
  • I had to enter all my stupid filtering rules _again_. I just redid them for evolution, but now again for thunderbird. I really need to look into sieve and just doing it on the server. There outta be a standard!

and the things that are just related, but not directly thunderbird:

  • My mail is now in imap on my main server and I can read it via thunderbird, or roundcubemail.
  • I’ve unsubscribed or otherwise removed myself from a bunch of lists or things that were sending me email that I never read anymore or cared about. There’s still some more of these to go, but its good every once in a while to drop all your filters and rebuild them to see what should just never come in at all.

Will I stick with thunderbird? Time will tell. So far this week indications are good, but we will see.

Installing OpenSUSE Tumbleweed under Fedora

Posted by Zbigniew Jędrzejewski-Szmek on March 24, 2017 11:00 PM

Fedora is in the process of getting a native package for zypper (review requests 1427182 and 1427185 from Neal Gompa). Once you have zypper installed, it should be trivial to install OpenSUSE in a chroot. But either my google-foo is weak today, or up-to-date instructions are nowhere to be found… Based on this and this, as a note to self and others, here are the instructions:

mkdir -p /var/lib/machines/tumbleweed/{dev,etc}
cp -a /dev/{null,random,urandom,zero} /var/lib/machines/tumbleweed/dev/
grep -E '^(root|bin|daemon|sync):' /etc/passwd > /var/lib/machines/tumbleweed/etc/passwd
grep -E '^(root|bin|daemon|sys|adm|tty|lp|mail):' /etc/group > /var/lib/machines/tumbleweed/etc/group
zypper --root=/var/lib/machines/tumbleweed ar https://download.opensuse.org/tumbleweed/repo/oss tumbleweed
zypper --root=/var/lib/machines/tumbleweed refresh
# press 'a' here
zypper --root=/var/lib/machines/tumbleweed install --no-recommends -y zypper wget vim systemd
# allow password-less login as root
sed -i 's/try_first_pass/\0 nullok/' /var/lib/machines/tumbleweed/etc/pam.d/common-auth
systemd-nspawn -M tumbleweed passwd -d root

This installs a bunch of packages:

The following  NEW packages are going to be installed:
  filesystem ... sysvinit-tools ... zypper zypper-log ...
  systemd-sysvinit dracut suse-module-tools udev kmod dbus-1

151 new packages to install.

Some of those are superfluous, but most of those 151 are libraries, and I'm getting what I asked for plus a few small packages. Unfortunately some errors about unknown groups and users still appear.

Finally:

$ systemd-nspawn -j -M tumbleweed -b
Spawning container tumbleweed on /var/lib/machines/tumbleweed.
Press ^] three times within 1s to kill container.
systemd 232 running in system mode. (+PAM -AUDIT +SELINUX -IMA +APPARMOR -SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN)
Detected virtualization systemd-nspawn.
Detected architecture x86-64.

Welcome to openSUSE Tumbleweed!
...

If you read this far, maybe you know something about Tumbleweed and zypper — if there's a better way (shorter and fully automated), let me know down in comments and I'll update this page. It'd also love to have a one-two line form suitable for systemd-nspawn(1) man page.

Factory 2, Sprint 13

Posted by Ralph Bean on March 24, 2017 08:55 PM

The Factory 2.0 team is plugging along on a design phase for our next set of projects in the F27 timeframe.

  • The WaiverDB prototype is done (a key component in our vision for CI/CD). Next steps here are to have our technical fellows review the prototype and make sure it will meet our needs. We'll be aiming for production deployment soon after that (so we can iterate as needed).
  • The design work for Arbitrary Branching and Automated Rebuilds is nearing completion. We'll be planning out prototype work for those in the coming sprints.
  • Our design for PolicyEngine and Module Updates are both still cooking. Expect to see conclusions to their design phases in the next few sprints.

arbitrary-branches-fedora-focus-doc, by mprahl

This demo discusses the concept of “Arbitrary Branching" (package dist-git branches) and how that is a requirement for Fedora 27 to be a fully modularized operating system. It also elaborates on the high-level changes that will need to take place for this to become a reality.

<video controls="controls" height="350" preload="none" width="600"> <source src="https://fedorapeople.org/groups/factory2/sprint-013//mprahl-arbitrary-branches-fedora-focus-doc.mp4"> </video>

coco-focus-doc, by jkaluza

In this demo, I briefly describe the status of Continus Compose Service focus document.

<video controls="controls" height="350" preload="none" width="600"> <source src="https://fedorapeople.org/groups/factory2/sprint-013//jkaluza-coco-focus-doc.ogv"> </video>

waiverdb-prototype, by mjia

In this demo I describe the background of WaiverDB, what problems it solved, showing how to use the HTTP APIs to manage the waivers.

<video controls="controls" height="350" preload="none" width="600"> <source src="https://fedorapeople.org/groups/factory2/sprint-013//mjia-waiverdb-prototype.ogv"> </video>

Factory 2, Sprint 12

Posted by Ralph Bean on March 24, 2017 08:50 PM

Late report here. This sprint actually concluded two weeks ago. We did a combined demo with the Modularity and base-runtime teams, but never published our stuff independently. Better late than never; here it is!

mbs-in-production, by threebean

In this demo I show the Module Build Service in its initial deployment to production, showing how to query the API and how to submit a new module build.

At the request of FESCo, use of the MBS is locked down to only members of the Modularity Working Group until we have an FPC approved module review process in place in the F27 timeframe.

<video controls="controls" height="350" preload="none" width="600"> <source src="https://fedorapeople.org/groups/factory2/sprint-012//threebean-mbs-in-production.ogv"> </video>

multiple_submit_same_nvr, by fivaldi

When someone tries to submit the module build and some components are submitted for a build and the module build fails but the submitted components are not removed from the Koji, there can be a situation where the same module and component is submitted for a build for second time, but the first Koji build of this component finishes before the second one. This video presents how this is handled via requests to Koji API.

<video controls="controls" height="350" preload="none" width="600"> <source src="https://fedorapeople.org/groups/factory2/sprint-012//fivaldi_multiple_submit_same_nvr.ogv"> </video>

pungi_modular_compose, by jkaluza

<video controls="controls" height="350" preload="none" width="600"> <source src="https://fedorapeople.org/groups/factory2/sprint-012//jkaluza_pungi_modular_compose.ogv"> </video>

The A/V guy’s take on PyCon Pune

Posted by farhaan on March 24, 2017 04:35 PM

“This is crazy!”, that was my reaction at some point in PyCon Pune. This is one of my first conference where I participated in a lot of things starting from the website to audio/video and of course being the speaker. I saw a lot of aspects of how a conference works and where what can go wrong. I met some amazing people, people who impacted my life , people who I will never forget. I received so much of love and affection that I can never express in words.  So before writing anything else I want to thank each and everyone of you , “Thank you!”.

My experience or association started the time when the PyCon Pune was being conceived Sayan asked me if I could volunteer for Droidcon so that I can learn how to handle A/V for PP,  and our friends at HasGeek were generous enough to let me do that. The experience at Droidcon was crazy, I met a lot of people and made crazy lot of friends. Basically me and Haseeb were volunteering to learn the A/V stuff and Karthik was patient enough to walk us through the whole complex set up, to be very honest I didn’t get the whole picture till now but I some how able to manage. I learned a thing or two about  manning the camera and how much work actually goes to record a conference.

Since I was anyhow going to the conference I thought why not to apply for a talk but somehow I knew I wasn’t going to make it reason being the talks got rejected in a lot of other conferences 😛 . But anyhow being my stubborn self I don’t give up on rejection I gathered all the courage and got Vivek involved and we decided to apply for the talk and to my surprise it got in. This was our first conference talk and it was on one of the projects that we really really love, Pagure.

Since these things happened over a large span of time, by the time conference dates came I have nearly got out of touch with the A/V setup I only have vague idea about what is happening. So Sayan who is a one man army stepped in and he assured me that he will help me with getting the setup ready and we turned again to our friends at HasGeek and they were really humble to help us out this time and also help us with the instruments. We literally had a suitcase full of wires in case things go wrong. We spend around 3 days to up skill ourselves to handle the setup but this time the setup was very simple.

After all this happened and Sayan and Chandan took all the instruments to Pune. I arrived at Pune somewhere around two days before the conference the bus that I took from Bangalore to Pune dropped me somewhere near Telegaun which is near to Mumbai than Pune and I somehow managed to get back to Pune and reached Sayan and Chandan’s house. We were bunking together and there were more people about to come. I took some rest and then we were out , first stop was Reserved Bit , oh I can’t forget this place.

It is a perfect place for geeks and I loved every aspect of it. There I met Siddhesh for the first time we have had conversations over IRC though and met Nisha too. Amazing people the whole experience to travel to Reserved Bit and way back was amazing. We went to the venue to checkout where the camera will be and verify various aspects of the venue. After we came back I started working on the setup and man it was very tough and tricky to gather live feed from the camera.

First of all I was little hesitant to use any proprietary software but then I had no option so we somehow found a windows laptop and tried configuring it but almost everytime either we got a “BLUE SCREEN” or “UPDATES” which annoyed me , the sole reason of using windows was because we had a piece of hardware called capture cards, and the driver for which were not available. After long struggle and a lot of digging done by Siddhesh we got driver for Epiphan capture card for Linux and this was around 12 in the night and we all were still there at Reserved Bit. This gave all of us new hope and then it started we kind of got our minimalistic set up and Siddhesh did a “Compiler talk by Angle Fish” , it was a lot of fun by the time we got it working it was somewhere around 4 in the morning. After all this Sayan and Me actually took a walk back home and picked up Subho on the way. The next day CuriousLearner arrived and then Haseeb , Amit and Gaurav.

We were around 10 people squeezed in a single room but without any discomfort we kind of enjoyed our stay with occasional leg pulling to deep intense tech discussion the whole experience was just terrific. Then comes the actual venue setup that was one crazy thing so the video setup was working with Linux , we had Epiphan capture card working on Kernel version below 4.9 and OBS studio as a recording software. I actually spent a good number of hours to install OBS and downgrading kernel to 4.6 so that Epiphan driver works on at least 6 laptops. When we tried the setup on site and it broke because we didn’t take into account the audio from the mic. All of us were stuck in a state of panic then we realized that we have a mixer with us, but its power cord was left at Reserved Bit . By this time this setup kind of became our conference hack and we wanted it to work so badly. We actually ran back to Reserved Bit spent sometime there since we had some work and then quickly came back to the venue, connected the mixer and after few trial and run it worked.

“YES IT WORKED ” our efforts paid off, we recorded the whole conference using this setup, some of the recordings were a little glitchy and one other hack that we added was we weren’t recording the slides from speaker’s laptop we were doing it manually on our laptops. That means one copy of slide was being played on our laptops and we were recording it accordingly.

Apart from this experience I actually got the opportunity to meet all the keynote speaker the first so I met Nick, Honza, Terri,  John, Steven and Praveen. This was another experience in itself to know them and talk to the Rockstars of the FOSS WORLD.

As a speaker Kushal introduced me as the Speaker who is also the Cameraman for the event and that was may be the first time in a tech conference. Vivek and I have been collaborating over the talk for a long time and we figured out the order in which we need to speak and we spoke accordingly we kind of covered all the things that we wanted to and got a great response from the audience. I attended most of the talks since I was The A/V GUY but I had a huge help from rtnpro he was always there humble and ready to help.

The conference came to an end where Nisha told all the people about the effort that was put in from every person and specially Sayan. After this we had two days of devsprint where we had amazing projects, Vivek and I were mentoring for Pagure and we got a lot of new contributors and quite a number of PRs ( 13 to be precise ), the devsprint was a run away success.

I also got chance to interact with mbuf and man I saw him smile and crack jokes for the first time and it was crazy fun ,  I think it was the dinner after the last day of the conference. One of the most amazing experience was to talk to Haris and yes his name is Haris not Harish. The whole experience was so lovely that I don’t think that it can be better than this.

PS: We fixed my Macbook too

PPS: Video of our talk at PyCon Pune

<iframe allowfullscreen="true" class="youtube-player" height="315" src="https://www.youtube.com/embed/5E_VekmbNGk?version=3&amp;rel=1&amp;fs=1&amp;autohide=2&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" style="border:0;" type="text/html" width="560"></iframe>

Fedora @ Konteh 2017 - event report

Posted by nmilosev on March 24, 2017 09:46 AM

DSC_0045.JPG

This year we managed to get a booth on a very popular student job fair called Konteh. (Thanks to Boban Poznanovic, one of the event managers)

Konteh is an annual event where local companies send their recruiters to find young, educated students who would be good candidates for open positions at their companies. As it is primarily a job fair, at first I wasn’t sure if this is a place where Fedora would benefit from a booth, but the number of people asking about what is it, what do we do and how to join certainly changed my mind.

DSC_0046.JPG

This year Konteh took place on Wednesday 23 and Thursday 24 March at the Faculty of Technical Sciences in Novi Sad, Serbia.

Our booth was on the second floor of the main venue. I had some leftover Fedora goodies (DVD’s were a hit!) from previous release parties, so this was a good opportunity to share it with a great number of CS students.

DSC_0051.JPG

We had a couple of Fedora users there, who asked about new releases and some issues they are having, but most of the people were new to Fedora. Since the audience was mostly CS students, almost all of them heard about Linux and knew the benefits already.

We also talked about how can someone get involved with Fedora and what are the easiest ways to join the project. I printed a couple of generic Fedora brochures as well as some useful links for new contributors: whatcanidoforfedora.org and join.fedoraproject.org. Sadly I forgot to print out one for easy fixes in Fedora, but I mentioned it to several people. There were also questions about Google Summer of Code which definitely isn’t talked enough about on our University.

DSC_0052.JPG

We could only stay one day, but it was very useful and I think we did a very good job. I would also like to thank everyone who came to the booth to say hello, and I hope we see each other next year! :)

How to use Java and other NPAPI plugins in Firefox

Posted by Fedora Magazine on March 24, 2017 08:00 AM

Mozilla decided to stop supporting NPAPI plugins for Firefox browser two years ago. NPAPI plugins are binary components integrated to the browser. Some well known NPAPI plugins are Flash, Java, and the GNOME Shell web extension.

The stock Firefox 52 browser disables these components. The exception is Flash, but Firefox will remove its support in the future, too. Fortunately, Fedora users still have options to bypass that plugin ban.

Enable plugins in Fedora Firefox browser

This may be the easiest choice for now. Firefox 52 allows you to override the plugin block using a preference setting in about:config. In Firefox, enter about:config in the location bar, and confirm the warning dialog. Then right click anywhere on the option list and add a new Boolean option named plugin.load_flash_only and set it to false.

Be aware this entry could be removed anytime without further warning, and is strictly unofficial.

Install Firefox 52 ESR

This is the official to run NPAPI plugins by Firefox now. However, at the end of this year Firefox 52 ESR (Extended Support Release) is planned to be discontinued.

The Firefox 52 ESR binary package is provided from Mozilla site. Download and unpack the tar archive somewhere in your home directory and launch the browser. You can then register it as a default browser. It also updates itself automatically when a new release is available.

You can have more than one browser installed. To choose the default in Fedora Workstation, go to the Settings control panel, and select Details, Default Applications.

Use dedicated browser for plugins only

This will be the final option when Firefox 52 ESR reaches its end of life. You can still use an old and unsupported browser, but it may contain flaws and vulnerabilities which won’t be fixed. A typical use case may be an internal system which needs a Java plugin but is otherwise secured. Never use an old browser for public web pages, since the browser may have known, exploitable flaws.

You can use a different browser profile for such a dedicated browser. Open the Terminal app, change directory to the old browser, and run this command:

./firefox -ProfileManager -no-remote

To launch the browser:

./firefox -P your_dedicated_profile -no-remote

Applying to Outreachy and GSoC for Fedora and GNOME

Posted by Julita Inca Chiroque on March 23, 2017 11:45 PM

The next 30 is going to be the deadline to apply to the Outreachy program and on April 3rd to the GSoC program. Lately in Peru a group of students were so interested in applying on it, since they have heard about the programs in FLOSS events such as LinuxPlaya 2017 and HackCamp2016, among other local events.

The companies that are participating in these programs fully reflect all available information; however, crucial questions are still on the air. This fact made me write a little post about these programs. So far, the Outreachy offers for FEDORA and GNOME:

Fedora

Fedora is a Linux-based operating system, which offers versions focused on three possible uses: workstation, server, and cloud.

Internship projects:

  • Improve Bodhi, the web-system that publishes updates for Fedora (looking for applicants as of March 17) Required: Python; Optional: JavaScript, HTML, CSS

GNOME

GNOME is a GNU/Linux-based innovative desktop that is design-driven and easy to use.

Internship projects:

  • Improve GTK+ with pre-compiled GtkBuilder XML files in resource data (looking for applicants as of March 12) Required: C, ability to quickly pick up GTK+

  • Photos: Make it perfect — every detail matters (looking for applicants as of March 12) Required: C, ability to quickly pick up GLib and GTK+

  • Make mapbox-gl-native usable from GTK+

    Required: C, GTK+; optional: C++, interest in maps

  • Unit Testing Integration for GNOME Builder (looking for applicants as of March 7) Required: GTK+, and experience with either C, Python, or Vala

  • Documentation Cards for GNOME Builder

    Required: GTK+, and experience with either C, Python, or Vala

First of all, it is compulsory to know what the programs are. Boths,  GSoC and Outreachy program ask to complete a requested free and open-source software coding project online during a period of 3 months, with a stipend of $5500. It is not required to complete that tasks before you apply, or to travel abroad to complete the internship, neither a Google recruiting program. To apply you must fulfill the requirements and other five points (that I also consider important as well):

1.- Be familiar with the project

In the case of GSoc for Fedora, please see the wiki of ideas published, for the GSoC GNOME, a wiki of ideas is also posted with the list of projects, and finally, the ideas for the Outreachy that are happy to receive contributors with very different programming skills.

I think that at least a year of experience as a user and as developer is important to mention. For example, in you decide to participate in the GNOME games project, it is important to prove that you have checked or interact with the code they use. It can done by posting it in a blog or by your git hub account. Fixing newcomers bugs related the GNOME games application is also an important plus to consider:: Additionally, the bugs for Fedora.

2.- Read the requirements and provide a proof of evidence

Before submit the proposal, it is important to attach a document to prove that you are currently enroll in a university or institute.
Another important requirement is the age, +18 and they also consider the eligibility to work in the country you live. Tax forms will be asked when you are selected.
You can upload individually more than one proposal could be submitted but only one will be accepted. You can participate in both programs too, the Outreachy program and the GSoC program. Only one will be accepted.

3.- Think about your strangeness and weakness

During the application is asked to prove an evidence of any other projects that you have participated. Maybe it is coincide in my case, but all the students that I found interested in Linux IT are also leaders in their communities or universities, and have participated in other interesting projects. A proof documented of those activities are also part of the process and in case you do not have videos, or posts, search for a letter of an authority (egg. dean of the faculty) to have the letter as a voucher of your committed to the society.

4.- Be in contact with your mentor

When you are about to finish the proposal, it is asked to add a calendar of the tasks and deadlines. In this case, it is better to set up the schedule of duties with the mentor approval. It is suggested to write a mail to introduce yourself with an attached tentative calendar to achieve the request posted in the wiki ideas of the project.

Each project has a list of mentor published, GSoC GNOME wiki shows them between parenthesis aside the name of the project as well as the GSoC for Fedora. The Outreachy mentor’s wiki list for GNOME and the mentor list for Fedora is also public online.

5.- Be responsible and organize your schedule

Be sure that you will accomplish the tasks you have planned in time.

Some students enroll in more than 6 courses at university that demand overtime than another regular student, others have a partial job while they are studying. Those factors must been foreseen before applying. Success in the GSoC program at the same time to pass the courses at the university with great grades is an effort that will open many doors locally and overseas in the academic and professional fields.

  • You can find on the Web examples of previous year’s proposals of the Outrechy programGNOME GSoC and Fedora. If you have further questions, please review the official WebSite FAQ, and if you think something is missing here, you are more than welcome to comment additional tips.

Best wishes for students in Peru and around the world! 🙂


Filed under: FEDORA, GNOME Tagged: 2017, apply GSoC, fedora, FLOSS programs, GNOME, Google Summer of Code, GSoC, GSoC Fedora, GSoC GNOME, Julita Inca, Julita Inca Chiroque, Outreachy, Perú

Inverse Law of CVEs

Posted by Josh Bressers on March 23, 2017 11:26 PM
I've started a project to put the CVE data into Elasticsearch and see if there is anything clever we can learn about it. Ever if there isn't anything overly clever, it's fun to do. And I get to make pretty graphs, which everyone likes to look at.

I stuck a few of my early results on Twitter because it seemed like a fun thing to do. One of the graphs I put up was comparing the 3 BSDs. The image is below.


You can see that none of these graphs has enough data to really draw any conclusions from, again, I did this for fun. I did get one response claiming NetBSD is the best, because their graph is the smallest. I've actually heard this argument a few times over the past month, so I decided it's time to write about it. Especially since I'm sure I'll find many more examples like this while I'm weeding through this mountain of CVE data.

Let's make up a new law, I'll call it the "Inverse Law of CVEs". It goes like this - "The fewer CVE IDs something has has, the less secure it is".

That doesn't make sense to most people. If you have something that is bad, fewer bad things is certainly better than more bad things. This is generally true for physical concepts brains can understand. Less crime is good. Fewer accidents is good. When it comes to something like how many CVE IDs your project or product has, this idea gets turned on its head. Less is probably bad when we think about CVE IDs. There's probably some sort of line somewhere where if you cross it things flip back to bad (wait until I get to PHP). We'll call that the security maginot line because bad security decided to sneak in through the north.

If you have something with very very few CVE IDs it doesn't mean it's secure, it means nobody is looking for security issues. It's easy to understand that if something is used by a large diverse set of users, it will get more bug reports (some of which will be security bugs) and it will get more security attention from both good guys and bad guys because it's a bigger target. If something has very few users, it's quite likely there hasn't been a lot of security attention paid to it. I suspect what the above graphs really mean is Free BSD is more popular than OpenBSD, which is more popular than NetBSD. Random internet searches seem to back this up.

I'm not entirely sure what to do with all this data. Part of the fun is understanding how to classify it all. I'm not a data scientist so there will be much learning. If you have any ideas by all means let me know, I'm quite open to suggestions. Once I have better data I may consider trying to find at what point a project has enough CVE IDs to be considered on the right path, and which have so many they've crossed over to the bad place.

New badge: Fedora 27 Change Accepted !

Posted by Fedora Badges on March 23, 2017 06:25 PM
Fedora 27 Change AcceptedYou got a "Change" accepted into the Fedora 27 Change list

New badge: SELF 2017 !

Posted by Fedora Badges on March 23, 2017 04:46 PM
SELF 2017You visited the Fedora table at SouthEast LinuxFest (SELF) 2017!

First-ever overnight hackathon in Albania for sustainable goals

Posted by Justin W. Flory on March 23, 2017 02:55 PM

This article was originally published on Opensource.com.


Redon Skikuli addresses all attendees in Open Labs to kick off the hackathon

Redon Skikuli addresses all attendees in Open Labs to kick off the hackathon. © Eduard Pagria, used with permission

The local hackerspace in Tirana, Albania might be small, but they make up for size in spirit. During the weekend of 18-19 March 2017, the Open Labs Hackerspace organized the first-ever 48 hour “open source” hackathon focused on the United Nations Sustainable Development Goals. The UN Sustainable Development Goals are seventeen objectives identified by the United Nations Development Programme (UNDP) to build a better world, starting in our own communities. Some of the goals include quality education, gender equality, decent work and economic growth, clean energy, and more. During the course of the hackathon, participants selected a goal, broke into teams, and worked on projects to make real change in their own neighborhoods. In the spirit of open source, all projects are made available under free and open licenses.

Organizing the hackathon in Albania

The board members of Open Labs oversee most of its operations and help guide members in hosting events and keeping the hackerspace busy. The current board members are Redon Skikuli, Jona Azizaj, Elio Qoshi, Kristi Progri, and Anisa Kuci. However, they emphasize that it’s strongly a community-based organization. Board members invite others to take part in the organization’s governance.

Open Labs board members. Pictured left to right: Jona Azizaj, Anisa Kuci, Kristi Progri, Redon Skikuli, Elio Qoshi

Open Labs board members. Pictured left to right: Jona Azizaj, Anisa
Kuci, Kristi Progri, Redon Skikuli, Elio Qoshi. (Justin W. Flory, CC-BY-SA 4.0)

When the opportunity came to take part in this event, the board members felt it was a great opportunity to try something new. While hackathon events are popular and well-known in the United States and elsewhere, this was foreign territory for the community. “At first, we were nervous because this type of 48 hour event was new for Open Labs but also for Albania. But we wanted to use this as a chance to introduce the open source philosophy to new people and to show what we do and why,” said Azizaj. The organizers hoped to appeal to a wider audience than only active community members too.

The visiting representative from the United Nations meets participants and helps work with them on brainstorming ideas

The visiting representative from the United Nations meets participants
and helps work with them on brainstorming ideas. © Eduard Pagria, used with permission

Organizing the hackathon was a challenge since many of the core team members were traveling the week before the event. However, community members and UN representatives were more than willing to help help with organizing the hackathon. This event also required a level of coordination that was uncommon for the normal type of event organized in Open Labs. “When planning, we were hoping to reach out to non-members of Open Labs too. This way, more people are exposed to open source and its culture. This lets people who want to make change, but don’t know how, to understand what is available to help them,” said Skikuli. When the Friday before the event arrived, the team was ready for a weekend of open source, civic hacking.

On Saturday morning, approximately 30 people were present for the event kick-off. Open Labs members and United Nations representatives introduced the hackathon and the themes for attendees to focus on during the weekend. Attendees were a diverse group of people as well: there was a balance between technical and non-technical people, and the gender ratio was almost evenly split between males and females.

Working on projects

One participant, Edlina, worked with Augest to develop an application that creates a feedback loop with students and teachers to NGOs and governments to understand problems in schools and find ways to work together without duplicating work

One participant, Edlina, worked with Augest to develop an application
that creates a feedback loop with students and teachers to NGOs and
governments to understand problems in schools and find ways to work
together without duplicating work. © Eduard Pagria, used with permission

The Open Labs organizers placed emphasis in networking between participants at the beginning. The event started with introductions and each participant made a note of whether they were a technical or non-technical contributor. After this, they wrote their names on sticky notes along with their preferred goals to stick on the wall. Participants were paired up with someone with a different background but with a mutual interest in a specific goal. “We separated participants into two groups: technical and non-technical. Our idea was the two sides would complement each other to share experiences to build a strong team,” said Azizaj. After the teams were formed, they began brainstorming and working on their projects. Mentors were available to offer support to participants and to introduce them to open source tools to help them prototype their projects.

World of Sounds

Silva Arapi, one participant, worked with her team on their project "World of Sounds"

Silva Arapi, one participant, worked with her team on their project
“World of Sounds”. (Justin W. Flory, CC-BY-SA 4.0)

One participant, Silva Arapi, worked with teammates Dritan Sakuta, Hulemita Leka, Kristi Leka, and Klajdi Qehaja to address reduced inequalities. Their team project is called “World of Sounds”.  The application is a resource for parents of children with hearing or speaking disabilities. “World of Sounds is a platform to understand early on to improve education of parents and accessibility for children. This is very helpful for rural parts [of Albania],” Arapi explained.

She has been involved with the Open Labs community for almost a year and a half. It was her first hackathon but she also hadn’t seen an event like this in Albania before. “It was a new experience and something different. We get something done in 48 hours to have a social impact – why not participate?” Arapi balances her time leading the NextCloud efforts in Tirana while working towards her master’s degree in Information Security. She hopes to take part in another event at Open Labs like this again in the future.

Tackling gender equality in Albania

Another Open Labs community member came with an idea and a friend to try thinking through a specific issue she had seen in her community. Nafie Shehu is an Information Communication Technology student and has been involved with Open Labs for the past seven months. With her, she brought her friend Afrim Kamberi to help, for his first visit to Open Labs and an open source event in Tirana.

Two attendees work together on their project idea

Two attendees work together on their project idea. © Eduard Pagria, used with permission

Shehu’s selected goal was gender equality combined with an experience of one of her friends. In some rural areas and villages in Albania, women have a more difficult time maintaining their rights. They rarely have financial independence, and as a result, this sometimes leads them to live a life they might not want. Sometimes, women are obligated into a non-consensual marriage and aren’t in a place to defend what they want for themselves. Her friend was in this situation and divorced later, but she didn’t know where to go after and had little resources of her own. Nafie heard about this story and it deeply affected her. She hoped to brainstorm ideas on how to improve this problem.

After research and looking at other solutions, she discovered similar attempts had been started to solve this problems. However, for various reasons, they were ineffective and weren’t thorough solutions to the problems. While this changed her own project development, she finished the hackathon determined to find ways to improve on what was already there and continue this even after the weekend ended.

Closing the hackathon

Towards the end of Sunday, participants put the last touches onto their projects. The deliverable product was prepared and all participants organized a short presentation to demo their project. “In the end, you get a real product, not just talking. It’s a real product that has an impact,” Progri explained. All of the various teams pitched their projects to the Open Labs community and to representatives from the United Nations.

Anxhelo Lushka helps two participants after midnight to help work through some problems in their project

Anxhelo Lushka helps two participants after midnight to help work
through some problems in their project. (Justin W. Flory, CC-BY-SA 4.0)

In the project presentations, teams were given specific criteria to present in the project.

  1. Summary or main idea of the project
  2. Sustainability of the project for implementation beyond the weekend
  3. Recommendations for funding the project / creating a budget to carry it out
  4. Reasons why they would support this if it wasn’t their own project

After the presentations, teams were given the option to send their information and projects to the UNDP via Open Labs. The UNDP will select one project and team to bring to the United Nations office in New York City to propose their project and seek support to develop it further.

That’s a wrap!

After a closing ceremonies and words of encouragement from Skikuli, the hackathon came to an end. Both participants and organizers felt it ended on a high note. “I love coming to these events to learn new things, meet new people, and they’re cool!” Arapi said. Additionally, the organizers hoped that participants left with valuable knowledge and resources that would go beyond this weekend. “We hope people understand the role open source had in this event and understand why the philosophy is so important,” Qoshi explained. “Some people might think the projects are the main part, but networking with people from different backgrounds goes beyond the event. These connections support sustainability for people working together. We hope these projects continue beyond this event.”

The presence of open source software and its philosophy was present throughout the event. Stickers and swag from various open source projects was available for participants to take. This included stickers from Mozilla, Fedora, LibreOffice, NextCloud, and more. “We hope attendees enjoyed the experience and had fun meeting new people. Later on, when they leave Open Labs and work on their own projects, we hope they will remember open source tools to build their work and create FOSS solutions,” said Azizaj.

What’s next for Open Labs?

Brainstorming together at the beginning of the Open Labs Albania 48 hour hackathon on project ideas

Brainstorming together at the beginning of the hackathon on project ideas. © Eduard Pagria, used with permission

This was a milestone event for the Open Labs community, but they have more on the horizon after the weekend of this event. Organizers, volunteers, and members are putting together the first Linux Weekend in Tirana from 25-26 March. This is a traditional barcamp-like model with talks and workshops by several local and international speakers. However, there are a couple of goals ahead that the team hopes to begin working at.

One of them is a book in time for the hackerspace’s fifth anniversary. The book would be an “open source handbook” in the Albanian language. Not only would it have the history of Open Labs, but it would introduce various open source projects and connect readers to resources so they could have an impact on a project. Additionally, the team is looking at policy in their government as a next step. Qoshi had a great deal to say on this: “It feels like we’re reaching critical mass and gaining momentum to influence local policy in Albania. We want to push for open policies and government, especially with the coming elections in June. This is a great opportunity to let people know our stances on policies. Pushing FOSS only in our space can’t be an insider secret—we need conversations with people coming from different views if we want change.”

You can learn more about the hackerspace online at their website.

The post First-ever overnight hackathon in Albania for sustainable goals appeared first on Justin W. Flory's Blog.

Away from github

Posted by Remi Collet on March 23, 2017 09:14 AM

For some years, the package development tracking for my repository was managed on a github repository: https://github.com/remicollet/remirepo.

This was, of course, for easiness.

Contrary to fashion of using this gratis, but not really free, service, I chose to self-host my work on the dedicated server already used for my repository, my blog and the forum.

All the sources of packages, tools and web sites will be progressively moved to the git.remirepo.net server, and can be browsed on  https://git.remirepo.net/cgit.

Github repository will stay open, only used for issues and other requests, but patch proposal should be send by email (preferably using  git format-patch so I can apply them using git am).

I will also consider moving from cgit to pagure, as soon as possible.

Fedora goes front-end in Minsk, Belarus

Posted by Fedora Community Blog on March 23, 2017 08:15 AM
Presenting PatternFly in Minsk, Belarus, equipped with a Fedora t-shirt and a Red Hat

Presenting PatternFly in Minsk, Belarus, equipped with a Fedora t-shirt and a Red Hat

A casual slip in conversation that I would be attending a conference spiraled into a Fedora community booth and a PatternFly speech related mission. As a result, I went to Rolling Scopes to find out what these developer types thought about Fedora and also to present PatternFly. PatternFly is an open source project with a community of designers and developers collaborating to build a UI framework for enterprise web applications.

The most common question we received from attendees: what was I doing here? A good question too. Well, what was I doing there? I was on a fact-finding mission. What are front-end developers doing in order to carry out their work? What desktop are they using, what servers are they using? Would they be willing to use Fedora?

Getting to Rolling Scopes in Belarus

So how did it start? Wake up, pitch black. What am I doing? Going to Rolling Scopes, Minsk’s premier front-end developer conference. The receptionist at my hotel kind of points me in the right direction. One bus, three more bus stops by foot, a precarious transit under a motorway and I arrive full of trepidation. The reward, a technological park of epic magnitude.

The location was very luxurious, it had the kind of established start-up vibe, bright colors, and slogans. There was also an exhibition about Korea. I get my name badge. There are some of the eloquent characters running the conference present, Dima and Paul, sporting blazers and making sure that everything was running like clockwork.

“Here is your table.” Strategically positioned, between two walls. Get out the Fedora tablecloth. It’s on.

At the Fedora table

I started distributing the swag (Fedora things like pins, stickers and such). Ask the attendees questions, do they know about Fedora? Do they use Linux? What workstation do they use? This is new territory for Fedora. This is the bleeding edge. This audience is a different audience than many of the conferences that Fedora attends. Not many attendees are using a Linux-based system. Thus, it presented a great opportunity to find out why was this case.

There are only two community tables: me and my friends from Mozilla. Mozilla had a competition to give out a Mozilla cuddly toy thing. Nice touch.

As soon as one of the talks finished, they came in droves, conferences goers, swarmed towards the free swag in pure rapturous glee. Fedora pins could be seen attached to badges and clothing. They were loving it and the attendees were pleased to chat and were pleasantly surprised that Fedora was attending.

What did I learn?

Now, what about the overall impression? Did people see the mighty infinite ‘F’ of Fedora and they thought… they have come the Fedora folks, distributors of the finest most utilized Linux distro ever.

In action at the Fedora table at Rolling Scopes in Minsk, Belarus

In action at the Fedora table

It may come as no surprise that the developers were not using Fedora en masse. They were using MacOS en masse. Why? Why were they not coding away on beautiful Fedora and having fun? They claimed stability citing their preferred platform never crashing and so forth. It is my firm belief that a lot of people have an outdated view of Fedora and other Linux distributions. The folks at the conference have tried Linux in the past and have not been satisfied with the stability of it. However, Fedora is now synonymous with stability. This shows that a lot of marketing work needs to be done in order to correct the image of Fedora.

There was a close second after MacOS and that was was Ubuntu. Oh, Ubuntu our rivals but friends. Anyway, I would say from the sample I found a lot of attendees were using Ubuntu and especially Ubuntu servers for deployment. Why? That’s what they knew about or they cited being able to solve problems quickly with a strong user-base in Belarus.

I, for one, spot a big opportunity here, Belarus is starting to become a vibrant IT economy. We heard about a huge success story, Masquerade: a way of incorporating facial decorations with video, that was recently bought by Facebook. The atmosphere was electric. Why should Ubuntu have all the success in Belarus? There is a hungry audience in Belarus. It makes sense for developers to use some version of Linux at the very least for deployment. Belarus, and similar places give us a way to test the strategies required to approach and convert developers into users and contributors.

Overall, the swag was well-received and despite us being in somewhat alien territory, there was a lot of curiosity and questions. Good fun and a good job.

Special moment

However, something really nice happened after putting our booth away and I want to share the story: This is the story of Michael, he had come to the booth but he hadn’t stayed long. Michael is a user of Fedora! He was really surprised to see us, but he was also very pleased. He uses Fedora Workstation and Fedora Server for his front-end development needs. Michael said that he rarely has any issues with Fedora and if he does he is able to quickly solve them. It turns out you can use Fedora as a front-end Developer “in the wild”. Thanks Michael.

It was coming to the end of the conference, and there was very little swag left. Michael was hanging out with his friends near the entrance.

“Hey, Michael, here is some extra swag just for you. I had only 2 t-shirts left. Do you want a medium or a medium?”

“You know what? I have friend who also uses Fedora who is not here but would really love a shirt.”

“Go ahead, take one for your friend too.”

His friends broke into spontaneous applause. What a magical moment. It was just awesome connecting with a small part of the Belarusian Fedora community.

Thank you Rolling Scopes, for hosting us. Thank you to Belarus for a magical experience. Go out and spread the word about Fedora. We should visit different places and different audiences and spread our message.


Featured image courtesy of Ilya Pavlov on Unsplash. Modified by Justin W. Flory.

The post Fedora goes front-end in Minsk, Belarus appeared first on Fedora Community Blog.

Running MicroPython on 96Boards Carbon

Posted by Kushal Das on March 23, 2017 06:42 AM

I received my Carbon from Seedstudio a few months back. But, I never found time to sit down and work on it. During FOSSASIA, in my MicroPython workshop, Siddhesh was working to put MicroPython using Zephyr on his Carbon. That gave me the motivation to have a look at the same after coming back home.

What is Carbon?

Carbon is a 96Boards IoT edition compatible board, with a Cortex-M4 chip, and 512KB flash. It currently runs Zephyr, which is a Linux Foundation hosted project to build a scalable real-time operating system (RTOS).

Setup MicroPython on Carbon

To install the dependencies in Fedora:

$ sudo dnf group install "Development Tools"
$ sudo dnf install git make gcc glibc-static \
      libstdc++-static python3-ply ncurses-devel \
      python-yaml python2 dfu-util

The next step is to setup the Zephyr SDK. You can download the latest binary from here. Then you can install it under your home directory (you don’t have to install it system-wide). I installed it under ~/opt/zephyr-sdk-0.9 location.

Next, I had to check out the zephyr source, I cloned from https://git.linaro.org/lite/zephyr.git repo. I also cloned MicroPython from the official GitHub repo. I will just copy paste the next steps below.

$ source zephyr-env.sh
$ cd ~/code/git/
$ git clone https://github.com/micropython/micropython.git
$ cd micropython/zephyr

Then I created a project file for the carbon board specially, this file is named as prj_96b_carbon.conf, and I am pasting the content below. I have submitted the same as a patch to the upstream Micropython project. It disables networking (otherwise you will get stuck while trying to get the REPL).

# No networking for carbon
CONFIG_NETWORKING=n
CONFIG_NET_IPV4=n
CONFIG_NET_IPV6=

Next, we have to build MicroPython as a Zephyr application.

$ make BOARD=96b_carbon
$ ls outdir/96b_carbon/
arch     ext          isr_tables.c  lib          Makefile         scripts  tests       zephyr.hex  zephyr.map           zephyr.strip
boards   include      isr_tables.o  libzephyr.a  Makefile.export  src      zephyr.bin  zephyr.lnk  zephyr_prebuilt.elf
drivers  isrList.bin  kernel        linker.cmd   misc             subsys   zephyr.elf  zephyr.lst  zephyr.stat

After the build is finished, you will be able to see a zephyr.bin file in the output directory.

Uploading the fresh build to the carbon

Before anything else, I connected my Carbon board to the laptop using an USB cable to the OTG port (remember to check the port name). Then, I had to press the *BOOT0 button and while pressing that one, I also pressed the Reset button. Then, left the reset button first, and then the boot0 button. If you run the dfu-util command after this, you should be able to see some output like below.

$ sudo dfu-util -l
dfu-util 0.9
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2016 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
Found DFU: [0483:df11] ver=2200, devnum=14, cfg=1, intf=0, path="2-2", alt=3, name="@Device Feature/0xFFFF0000/01*004 e", serial="385B38683234"
Found DFU: [0483:df11] ver=2200, devnum=14, cfg=1, intf=0, path="2-2", alt=2, name="@OTP Memory /0x1FFF7800/01*512 e,01*016 e", serial="385B38683234"
Found DFU: [0483:df11] ver=2200, devnum=14, cfg=1, intf=0, path="2-2", alt=1, name="@Option Bytes /0x1FFFC000/01*016 e", serial="385B38683234"
Found DFU: [0483:df11] ver=2200, devnum=14, cfg=1, intf=0, path="2-2", alt=0, name="@Internal Flash /0x08000000/04*016Kg,01*064Kg,03*128Kg", serial="385B38683234"

This means the board is in DFU mode. Next we flash the new application to the board.

$ sudo dfu-util -d [0483:df11] -a 0 -D outdir/96b_carbon/zephyr.bin -s 0x08000000
dfu-util 0.9
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2016 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
dfu-util: Invalid DFU suffix signature
dfu-util: A valid DFU suffix will be required in a future dfu-util release!!!
Opening DFU capable USB device...
ID 0483:df11
Run-time device DFU version 011a
Claiming USB DFU Interface...
Setting Alternate Setting #0 ...
Determining device status: state = dfuERROR, status = 10
dfuERROR, clearing status
Determining device status: state = dfuIDLE, status = 0
dfuIDLE, continuing
DFU mode device DFU version 011a
Device returned transfer size 2048
DfuSe interface name: "Internal Flash "
Downloading to address = 0x08000000, size = 125712
Download [=========================] 100% 125712 bytes
Download done.
File downloaded successfully

Hello World on Carbon

The hello world of the hardware land is the LED blinking code. I used the on-board LED(s) for the same, the sample code is given below. I have now connected the board to the UART (instead of OTG).

$ screen /dev/ttyUSB0 115200
>>>
>>> import time
>>> from machine import Pin
>>> led1 = Pin(("GPIOD",2), Pin.OUT)
>>> led2 = Pin(("GPIOB",5), Pin.OUT)
>>> while True:
... led2.low()
... led1.high()
... time.sleep(0.5)
... led2.high()
... led1.low()
... time.sleep(0.5)

Another media codec on the way!

Posted by Christian F.K. Schaller on March 22, 2017 05:02 PM

One of the thing we are working hard at currently is ensuring you have the codecs you need available in Fedora Workstation. Our main avenue for doing this is looking at the various codecs out there and trying to determine if the intellectual property situation allows us to start shipping all or parts of the technologies involved. This was how we were able to start shipping mp3 playback support for Fedora Workstation 25. Of course in cases where this is obviously not the case we have things like the agreement with our friends at Cisco allowing us to offer H264 support using their licensed codec, which is how OpenH264 started being available in Fedora Workstation 24.

As you might imagine clearing a codec for shipping is a slow and labour intensive process with lawyers and engineers spending a lot of time reviewing stuff to figure out what can be shipped when and how. I am hoping to have more announcements like this coming out during the course of the year.

So I am very happy to announce today that we are now working on packaging the codec known as AC3 (also known as A52) for Fedora Workstation 26. The name AC3 might not be very well known to you, but AC3 is part of a set of technologies developed by Dolby and marketed as Dolby Surround. This means that if you have video files with surround sound audio it is most likely something we can playback with an AC3 decoder. AC3/A52 is also used for surround sound TV broadcasts in the US and it is the audio format used by some Sony and Panasonic video cameras.

We will be offering AC3 playback in Fedora Workstation 26 and we are looking into options for offering an encoder. To be clear there are nothing stopping us from offering an encoder apart from finding an implementation that is possible to package and ship with Fedora with an reasonable amount of effort. The most well known open source implementation we know about is the one found in ffmpeg/libav, but extracting a single codec to ship from ffmpeg or libav is a lot of work and not something we currently have the resources to do. We found another implementation called aften, but that seems to be unmaintaned for years, but we will look at it to see if it could be used.
But if you are interested in AC3 encoding support we would love it if someone started working on a standalone AC3 encoder we could ship, be that by picking up maintership of Aften, splitting out AC3 encoding from libav or ffmpeg or writting something new.

If you want to learn more about AC3 the best place to look is probably the Wikipedia page for Dolby Digital or the a52 ATSC audio standard document for more of a technical deep dive.

Customer security awareness: alerting you to vulnerabilities that are of real risk

Posted by Red Hat Security on March 22, 2017 01:30 PM

Every day we are bombarded with information. Something is always happening somewhere to someone and unfortunately it's rarely good. Looking at this through the lens of information security, NOT getting the right details at the appropriate time could be the difference from stopping and blocking an attack, or being the next sad, tragic headline...

Red Hat Product Security oversees the vulnerability remediation for all of Red Hat's products. Our dual mission of governing guidelines and standards for how our products are composed and delivered is balanced with our in-taking, assessing, and responding to information about security vulnerabilities that might impact those products. Once a flaw has been identified, part of our role is to understand its real impact and try to produce a calm, clear direction to get issues that matter remediated. One big challenge is understanding when something is bad and could cause harm compared with something that is completely terrible and WILL cause major havoc out “in the wild." For the layperson, the facts and the hype can be extremely difficult and time-consuming to separate so that they can act appropriately.

Recent trends in the security field haven't been helping. It seems as if every month there is a new bug that has a cute name, a logo, and a webstore selling stickers and stuffed animals. While awareness of a problem is an excellent goal, oftentimes the flashing blinky text and images obscure how bad (or not) an issue is.

Thankfully, for over 15 years Red Hat Product Security has been providing calm, accurate, timely advice around these types of issues. We're able to separate the hope from the hype, so to speak. To that end, with the meteoric rise of “branded” flaws not stopping in the foreseeable future, Red Hat Product Security developed a special process to help inform our valued subscribers and partners when these situations arise. We call it our Customer Security Awareness (CSAw) process:

We've augmented our processes to include enhanced oversight and handling of these very special issues. Some of these issues could be of such grave risk the need for quick actions and good advice merits extra special handling. Other times we might recognize that a security bug has the potential to have it's own PR agent, we take the right steps so that customers proactively get the appropriate level of information, allowing them to decide how quickly they need to react based on their own risk appetites. We ensure we provide special tools and extra alerts so that when these things really DO matter, the decision makers have the right data to move forward.

For more details about the process, please check out the Red Hat Product Security Center or reach out to us via secalert@redhat.com or our Twitter Account @RedHatSecurity.

Category

Secure

Tools for PDF modification on Fedora

Posted by Fedora Magazine on March 22, 2017 09:53 AM

There are many options in the Fedora repositories for quickly modifying the page order of a PDF document. In Fedora, two of the easiest-to-use GUI tools for modifying PDFs are PDFMod and PDFShuffler. While GUI tools are well suited to this task, if you need a command line tool, the pdfseparate and pdfunite commands provided by the poppler-utils package can modify PDFs directly from your Terminal. All These tools allow you to remove, add, and rearrange pages and export it to a new document.

These tools are also useful when creating PDFs with Inkscape. Inkscape currently only supports single-page export of PDFs, so you can use these tools in your workflow to join PDFs together after using Inkscape. Inkscape also supports importing a single pages of PDFs, so if you need to edit the actual content of a PDF Document, give Inkscape a try.

PDFmod & PDFShuffler

Both PDFmod and PDFShuffler are available in the Fedora repositories. Install them from the Software app in Fedora Workstation, or via the command line with DNF:

sudo dnf install pdfmod pdfshuffler

PDFMod and PDFShuffler are very similar applications — they look and function pretty much the same way. Once you have imported one or more PDFs into them, they provide a display of all the pages in the document, ready for you to start your modifications.

Screenshot of PDF Mod and PDF Shuffler

PDF Mod on the left; PDFShuffler on the right

Rearrange the order of the pages by selecting (using Shift + Click and Ctrl + Click to select multiples), and drag ‘n’ drop them to their desired location in the Document. The same goes for removing pages; Select, then press delete. When you are done, simply save your document as a new PDF file.

pdfseparate and pdfunite

The popper-utils package provides several different commands for interacting with and modifying PDF files. However, the two commands that help us the most here are pdfseparate and pdfunite. Use dnf on the command line to install poppler-utils:

sudo dnf install poppler-utils

pdfseparate extracts pages into multiple PDFs that we can later merge together with pdfunite. To extract all the pages of a document into individual files, use:

pdfseparate ColoringBook.pdf ColoringBook-page_%d.pdf

To export a range of pages — say just pages 3,4,5,6,7,8 and 9 of a PDF — use the command:

pdfseparate -f 3 -l 9 ColoringBook.pdf ColoringBook-page_%d.pdf

Finally, after using pdfseparate, if we wanted to create a new document (NewColoringBook.pdf) with ColoringBook-page_3.pdf and ColoringBook-page_3.pdf we could use the following pdfunite command:

pdfunite ColoringBook-page_3.pdf ColoringBook-page_7.pdf NewColoringBook.pdf

 

Save

Save

Save

Save

Episode 38 - We Ruin Everything

Posted by Open Source Security Podcast on March 22, 2017 01:34 AM
Josh and Kurt discuss disclosing your password, pwn2own, wikileaks, Back Orifice, HTTPS inspection, and antivirus.

Download Episode
<iframe frameborder="no" height="150" scrolling="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/313701429&amp;auto_play=false&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false&amp;visual=true" width="100%"></iframe>

Show Notes


OPPP: OK, this is new unwork

Posted by Monty Montgomery on March 22, 2017 12:32 AM

....and, of course, immediately after mastering the water slide decal-fu, I discover the laser printer will, with no intermediate steps, print and fuse directly to the polyester diffuser sheet thankyouverymuch.

Ah well. Knowledge gained for next time. Hmmm.... I wonder upon what else this thing will print directly.

<img src="banana.jpg">

Slice of Cake #2

Posted by Brian "bex" Exelbierd on March 21, 2017 08:33 PM

Better late cake than no cake!

A slice of cake

This week as FCAIC I:

  • Lots of work toward the new Fedora Budget website. I need to still send some emails to the fedora-website group, but we are doing budget-level internal reviews. Want to see a sneak peek, visit here. And, yes, I know there are some CSS issues. Want to help out?
  • Preparing for my US trip (see below) which involved lots of triaging.

A la Mode

I also made some personal progress doing:

  • Submitted CZ taxes to my preparer (no this never gets old).
  • I’ve been doing even more thinking about data security and backup as I prepared my electronics for travel. This series I want to write is getting longer.

Cake Around the World

I’ll be traveling:

  • 19-25 March: I’ll be traveling to Boston, MA for a staff meeting. If you’re around, ping me.

Announcing the Shim review process

Posted by Matthew Garrett on March 21, 2017 08:29 PM
Shim has been hugely successful, to the point of being used by the majority of significant Linux distributions and many other third party products (even, apparently, Solaris). The aim was to ensure that it would remain possible to install free operating systems on UEFI Secure Boot platforms while still allowing machine owners to replace their bootloaders and kernels, and it's achieved this goal.

However, a legitimate criticism has been that there's very little transparency in Microsoft's signing process. Some people have waited for significant periods of time before being receiving a response. A large part of this is simply that demand has been greater than expected, and Microsoft aren't in the best position to review code that they didn't write in the first place.

To that end, we're adopting a new model. A mailing list has been created at shim-review@lists.freedesktop.org, and members of this list will review submissions and provide a recommendation to Microsoft on whether these should be signed or not. The current set of expectations around binaries to be signed documented here and the current process here - it is expected that this will evolve slightly as we get used to the process, and we'll provide a more formal set of documentation once things have settled down.

This is a new initiative and one that will probably take a little while to get working smoothly, but we hope it'll make it much easier to get signed releases of Shim out without compromising security in the process.

comment count unavailable comments

GNOME Photos 3.24.0

Posted by Debarshi Ray on March 21, 2017 11:13 AM

After exploring new territory with sharing and non-destructive editing over the last two releases, it was time for some introspection. We looked at some of the long-standing problems within our existing feature set and tried to iron out a few of them.

Overview Grids

It was high time that we overhauled our old GtkIconView-based overview grids. Their inability to reflow the thumbnails leads to a an ugly vertical gutter of empty space unless the window is just the right size. The other problem was performance. GtkIconView gets extremely slow when the icons are updated, which usually happens when content is detected for the first time and start getting thumbnailed.

gnome-photos-flowbox-1

Fixing this has been a recurrent theme in Photos since the middle of the previous development cycle. The end goal was to use a GtkFlowBox-based grid, but it involved a lot more work than replacing one user interface component with another.
Too many things relied on the existence of a GtkTreeModel, and had to be ported to our custom GListModel implementation before we could achieve any user-visible improvement. Once all those yaks had been shaved, we finally started working on the widget at the Core Apps Hackfest last year.

Anyway, I am happy that all that effort has to come fruition now.

Thumbnails

Closely related to our overview grids are the thumbnails inside them. Photos has perpetually suffered from GIO’s inability to let an application specifically request a high resolution thumbnail. While that is definitely a fixable problem, the fact that we store our edits non-destructively as serialized GEGL graphs makes it very hard to use the desktop-wide infrastructure for thumbnails. One cannot expect a generic thumbnailer to interpret the edits and apply them to the original image because their representation will vary greatly from one application to another. That led to the other problem where the thumbnails wouldn’t reflect the edited state of an image.

Therefore, starting from version 3.24.0, Photos has its own out-of-process thumbnailer and a separate thumbnail cache. They ensure that the thumbnails are of a suitably high resolution, and the edited state of an image is never ignored.

Exposure and Blacks

Personally, I have been a heavy user of Darktable’s exposure and blacks adjustment tool, and I really missed something like that in GNOME Photos. Ultimately, at this year’s WilberWeek I fixed gegl:exposure to imitate its Darktable counterpart, and exposed it as a tool in Photos. I am happy with the outcome and I have so far enjoyed dogfooding this little addition.


University Connect – D. Y. Patil College, Pune

Posted by Fedora Community Blog on March 21, 2017 08:15 AM

This was not an everyday routine when I get up so early in the morning with my alarm clock bell at 6AM. Definitely it was not an usual morning. Thanks to Red Hat Pune site team to come up with such a fabulous initiative of University Connect. University Connect is an outreach effort in a nutshell. The Pune site team has figured out and short listed some good colleges in and around Pune, where interested speakers can go and reach out to the young, passionate crowd of students and share knowledge about Open Source, Fedora and many new technologies like OpenStack, Cloud, ManageIQ etc.

Arriving at D. Y. Patil College, Pune

uc1This was going to be our very first visit to D.Y. Patil college. We gathered in office at 8 AM and we started our short trip (from Red Hat office in  Magarpatta City to D.Y. Patil college). It was quite a long drive. We reached college at around 10 AM. It is a beautiful college campus. I was feeling so fresh looking at the young student crowd.

Without wasting time, we went to the college auditorium where all the students gathered for the event. I was happy to see the auditorium was already full of the crowd which is the future of the technical industry.

Schedule and speaking arrangements

uc2We were given the front seats. Arrangements were nice. College student volunteers were very active and so was the audience. We started the event with Rupali Talwatkar speaking about Red Hat and the University Connect. Satya talked about Manage IQ and Aziza took over the session with a small quiz later on. I have discussed about Fedora, Open Source and how to get involved in different Fedora projects. Students were all excited about the new technologies and Open Source. I have showed that FOSS Wave  too, from where they can get easily connected to IRC and mailing lists.

There was a huge crowd of students with lots of queries and some innocent doubts. It took us a while to handle all of them. We encouraged them to stay connected with us and to start with open source projects to contribute in. After a short discussion with faculty staff members for future, deeper meetings, we headed towards college canteen for most deserving food (our first meal of the day). After a quick meal break, we reached back to office in second half of the day.

Evaluating the response

Considering the very first visit, it was really a nice start. The mailing list to stay connected for the students is universityoutreach-pune@redhat.com. One can get subscribed to it by using the subscription page.

uc3

 

The post University Connect – D. Y. Patil College, Pune appeared first on Fedora Community Blog.

Supporting large key sizes in FreeIPA certificates

Posted by Fraser Tweedale on March 21, 2017 12:59 AM

A couple of issues around key sizes in FreeIPA certificates have come to my attention this week: how to issue certificates for large key sizes, and how to deploy FreeIPA with a 4096-bit key. In this post I’ll discuss the situation with each of these issues. Though related, they are different issues so I’ll address each separately.

Issuing certificates with large key sizes

While researching the second issue I stumbled across issue #6319: ipa cert-request limits key size to 1024,2048,3072,4096 bits. To wit:

ftweedal% ipa cert-request alice-8192.csr --principal alice
ipa: ERROR: Certificate operation cannot be completed:
  Key Parameters 1024,2048,3072,4096 Not Matched

The solution is straightforward. Each certificate profile configures the key types and sizes that will be accepted by that profile. The default profile is configured to allow up to 4096-bit keys, so the certificate request containing an 8192-bit key fails. The profile configuration parameter involved is:

policyset.<name>.<n>.constraint.params.keyParameters=1024,2048,3072,4096

If you append 8192 to that list and update the profile configuration via ipa certprofile-mod (or create a new profile via ipa certprofile-import), then everything will work!

Deploying FreeIPA with IPA CA signing key > 2048-bits

When you deploy FreeIPA today, the IPA CA has a 2048-bit RSA key. There is currently no way to change this, but Dogtag does support configuring the key size when spawning a CA instance, so it should not be hard to support this in FreeIPA. I created issue #6790 to track this.

Looking beyond RSA, there is also issue #3951: ECC Support for the CA which concerns supporting a elliptic curve signing key in the FreeIPA CA. Once again, Dogtag supports EC signing algorithms, so supporting this in FreeIPA should be a matter of deciding the ipa-server-install(1) options and mechanically adjusting the pkispawn configuration.

If you have use cases for large signing keys and/or NIST ECC keys or other algorithms, please do not hesitate to leave comments in the issues linked above, or get in touch with the FreeIPA team on the freeipa-users@redhat.com mailing list or #freeipa on Freenode.

33C3 - Event Report

Posted by Giannis Konstantinidis on March 21, 2017 12:00 AM

I recently had the opportunity to attend the 33rd Chaos Communication Congress (33C3). The event, as its name suggests, was chaotic. Let me give you two hints: twelve thousand (12000) participants, plus twenty-four (24) hours unrestricted access to the venue.

This was the first time I was wearing three (3) “hats” simultaneously. I was representing the Fedora Project, Mozilla and Ura Design. Both the Fedora Project and Mozilla had their own assemblies - in other words, booths.

Introducing the Fedora Project Introducing the Fedora Project (photo by Elio Qoshi, CC BY-SA)

The conference provided fertile ground for networking. Not only did I meet with fellow free and open-source advocates to work on projects, but also made new connections. I spent several hours each day staying at the Fedora and Mozilla assemblies, speaking with fellow participants and regularly moving around the venue.

I did not miss the chance to run a self-organized Fedora session where I introduced the Fedora Project and the work we are doing. In addition, I briefly went into contribution opportunities. The session was well-attended, with about thirty (30) to fourty (40) participants filling the room.

With Elio Qoshi outside CCH With Elio Qoshi outside CCH (photo by Elio Qoshi, CC BY-SA)

As long as the participation of contributors from both the Fedora Project and Mozilla is concerned, I must note there was some generic lack of co-ordination. Mozilla, as far as I can recall, did not even have sufficient promotional material to be given away during the congress. Assembly shifts did not, strictly speaking, take place either. 33C3 is seen as a major player when it comes to free and open-source software related events in EMEA, therefore planning more solid participations should be in order next time.

Overall, 33C3 was an extremely unique experience for me. Getting a grip on the hacker subculture is not something being offered every day. It was amazing.

Vagrant etcd cluster

Posted by Fabio Alessandro Locati on March 21, 2017 12:00 AM

Sometimes I need to do some tests which are destructive and I need to perform them over and over until I figure out a process that reliably brings me to a desired state. I usually create some kind of easy to provision environments and work on it.

In the last few weeks I found myself working on an etcd cluster, so I created an environment with Vagrant, and since I had to write the majority of this by myself, since I have not found anything on Google that suited my needs, I’m going to share this with you.

I have created 3 files to setup the environment, install etcd and cluster the machines.

The first file is the Vagrantfile, and looks like this:

N = 3
Vagrant::configure("2") do |config|
    (0..N-1).each do |machine_id|
        config.vm.box = "centos/7"
        config.vm.define "etcd#{machine_id}" do |machine|
            machine.vm.hostname = "etcd#{machine_id}"
            machine.vm.network "private_network", ip: "192.168.60.#{10+machine_id}"
            if machine_id == N-1
                machine.vm.provision :ansible do |ansible|
                    ansible.limit = "all"
                    ansible.playbook = "setup.yaml"
                end
            end
        end
    end
end

As you can notice, in the first line N is declared. N is the number of nodes of the cluster. If you change it from 3 to 5, for instance, everything will work as well.

Since I have used the centos/7 image, CentOS 7 will be installed, and to to the high compatibility of the CentOS image and the absence of specific syntax for any specific virtualisation backend, this code should perform properly on the majority of virtualisation backends.

The second file setup.yaml is an Ansible Playbook to actually install the etcd daemon.

---
- name: Configure properly etcd
  hosts: all
  tasks:
    - name: Ensure that etcd is present
      yum:
        name: etcd
        state: present
      become: True
    - name: Ensure that etcd is properly configured
      template:
        src: etcd.conf
        dest: /etc/etcd/etcd.conf
      become: True
    - name: Ensure etcd is running
      service:
        name: etcd
        state: started
        enabled: True
      become: True

As you can notice, I install etcd from yum. This allowed me to simplify the process and be able to keep it updated using simply yum.

The third file (etcd.conf), is a template for the /etc/etcd/etcd.conf file.

ETCD_NAME={{ ansible_hostname }}
ETCD_INITIAL_ADVERTISE_PEER_URLS=http://{{ ansible_eth1.ipv4.address }}:2380
ETCD_LISTEN_PEER_URLS=http://{{ ansible_eth1.ipv4.address }}:2380
ETCD_LISTEN_CLIENT_URLS=http://{{ ansible_eth1.ipv4.address }}:2379
ETCD_ADVERTISE_CLIENT_URLS=http://{{ ansible_eth1.ipv4.address }}:2379
ETCD_INITIAL_CLUSTER_TOKEN=etcd-vagrant-test
ETCD_INITIAL_CLUSTER="{% for host in groups['all'] %}{{ hostvars[host]['ansible_hostname'] }}=http://{{ hostvars[host]['ansible_eth1']['ipv4']['address'] }}:2380,{% endfor %}"

This template will generate a proper configuration file with all needed variables setted up properly, so that when etcd will be run (last step of the Ansible Playbook) the nodes will recognise each other and start the election to determine the leader.

I hope this will be useful for other people as well.

A copy of the sources can also be found on GitHub.

Buying a Utah teapot

Posted by Matthew Garrett on March 20, 2017 08:45 PM
The Utah teapot was one of the early 3D reference objects. It's canonically a Melitta but hasn't been part of their range in a long time, so I'd been watching Ebay in the hope of one turning up. Until last week, when I discovered that a company called Friesland had apparently bought a chunk of Melitta's range some years ago and sell the original teapot[1]. I've just ordered one, and am utterly unreasonably excited about this.

Update: Friesland have apparently always produced the Utah teapot, but were part of the Melitta group for some time - they didn't buy the range from Melitta.

[1] They have them in 0.35, 0.85 and 1.4 litre sizes. I believe (based on the measurements here) that the 1.4 litre one matches the Utah teapot.

comment count unavailable comments