Language Selection

English French German Italian Portuguese Spanish

SUSE

Nils Brauckmann, SUSE's CEO, Steps Down (The first of many goodbyes)

Filed under
SUSE

I have recently made the decision to retire as the SUSE CEO and subsequently to leave SUSE. I care very deeply for the SUSE business and its employees, and this difficult decision is based entirely on personal reasons. My step down from the SUSE CEO role will be effective August 5.
My decision comes at a positive point in time for SUSE, where the business has completed its journey to becoming standalone and has a solid foundation to continue to accelerate its success and growth as an independent company.
For me personally this means I will have more time to devote myself to other important things in my life.
In FY18, the SUSE business saw record-breaking revenues. This level of growth has only been realized through the whole SUSE Team showing huge commitment to working together to deliver great outcomes. I am extremely proud of what we have achieved collectively over the last eight years, and I have every confidence that SUSE will exceed all future expectations. I will naturally be following the SUSE journey closely during my retirement, and my positive wishes will always be with the company and all connected with it.
As we look to the future I am delighted and, of course, reassured to be passing the SUSE CEO baton to such a talented and accomplished leader as Melissa Di Donato. Melissa has an outstanding track record of growth, leadership and transformation in the tech sector, having enjoyed enormous success as the chief operating officer and chief revenue officer at SAP. Prior to SAP, she held senior executive positions at Salesforce and was recognized for her contribution to growing global organizations by winning the 2018 Digital Masters Award for Excellence in Commercial Management.

Read more

KDE Applications, Squid, SQLite, VIM Update in Tumbleweed

Filed under
SUSE

Three openSUSE Tumbleweed snapshots in the middle of this week brought new minor version updates to ImageMagick, Squid, SQLite, VIM and more. The new KDE Applications 19.04.3 version arrived in the first two snapshots.

The more recent snapshot, 20190718, brought a half-dozen new packages, which include fix for the UrbanCode Deploy (UCD) script data for Unicode 10+ scripts for the OpenType text shaping engine package harfbuzz 2.5.3. A two-year old Common Vulnerabilities and Exposures (CVE) was fixed with the update of libpng12 1.2.59. The tool that cleans RPM spec files, spec-cleaner 1.1.4, added a temporary patch to fix a test that fails if there is no internet connection. Caching proxy squid 4.8 fixed GNU Compiler Collection (GCC) 9 build issues and added a fix to prevent parameter parsing used for a potential Denial of Service (DoS). RISC-V support was added with the virt-manager 2.2.1 update and xclock 1.0.9 was also updated in the snapshot, which is trending at a 97 rating, according to the Tumbleweed snapshot reviewer.

Read more

Operating Systems: Debian, Clear Linux, OpenSUSE and Vista 10

Filed under
GNU
Linux
Microsoft
Debian
SUSE
  • John Goerzen: Tips for Upgrading to, And Securing, Debian Buster

    Wow.  Once again, a Debian release impresses me — a guy that’s been using Debian for more than 20 years.  For the first time I can ever recall, buster not only supported suspend-to-disk out of the box on my laptop, but it did so on an encrypted volume atop LVM.  Very impressive!

    For those upgrading from previous releases, I have a few tips to enhance the experience with buster.

  • Clear Linux Could Soon Be Faster Within Containers On AVX2 Systems

    While Clear Linux as part of its standard bare metal installations has long defaulted to having an AVX2-optimized GNU C Library installed by default, it turns out that it wasn't part of the default os-core bundle as used by containers. That though is changing and should yield even better out-of-the-box performance when running Clear Linux within containers.

    Intel's William Douglas sent out the proposal for adding the AVX2 version of the Glibc libraries into the os-core bundle in order to get picked up by containers and other bare/lightweight Clear configurations.

  • OpenSUSE Enables LTO By Default For Tumbleweed - Smaller & Faster Binaries

    The past few months openSUSE developers have been working on enabling LTO by default for its packages while now finally with the newest release of the rolling-release openSUSE Tumbleweed this goal has been accomplished. 

    As of today, the latest openSUSE Tumbleweed release is using Link-Time Optimizations (LTO) by default. For end-users this should mean faster -- and smaller -- binaries thanks to the additional optimizations performed at link-time. Link-time optimizations allow for different optimizations to be performed at link-time for the different bits comprising a single module/binary for the entire program. Sadly not many Linux distributions are yet LTO'ing their entire package set besides the aggressive ones like Clear Linux. 

  • Investigating why my 7-year old Windows 10 laptop became unbearably slow

    The laptop had also begun to run into blue screens of death (BSoD) whenever I used the built-in camera and when I opened Spotify or Netflix in a web browser. The slowdown and crashes were actually related, but I didn’t realize this at first. The camera-induced BSoD error message blamed the camera vendor’s driver without any further details. This sounds believable enough for a 7-year old laptop so I didn’t think any more of it.

People of openSUSE: Sébastien Poher

Filed under
Interviews
SUSE

I got into Linux in two steps, first, in 2007 but I was the only one among my friends to use it so I ended up sticking to the shitty OS I had. My next re-discovery of Linux was later in 2012 when I started professional training in system administration.

Read more

Tumbleweed’s July Snapshots Are Trending Strong

Filed under
SUSE

There have been a total of five openSUSE Tumbleweed snapshots since the beginning of July and all the snapshots have a strong, stable rating.

The rolling release had the most updates arrive in the 20190702 snapshot. The packages update in that snapshot included Mesa 19.1.1 and Mesa-drivers 19.1.1 that had fixes for Intel ANV and AMD RADV driver as well as Nouveau and R300 Gallium3D drivers. The bzip2 file compression application fixed undefined behavior in the macros in version 1.0.7 and fixed a low impact Common Vulnerabilities and Exposures (CVE). The programing language package guilef was updated to version 2.2.5 and provided bootstrap optimization. Portability improvements were made in the library for encryption, decryption, signatures and password hashing with libsodium 1.0.18. A major release of the PulseAudio’s Volume Control package pavucontrol 4.0 was made; the new version dropped support for Gtk+ 2 and added more than a handful of new language translations.

The most recent snapshot, 20190708, didn’t offer a changelog due to the server that the web app uses to produce the changelogs being upgraded to Leap 15.1. The changelog is expected to be included in the next snapshot that is released.

Read more

OpenSUSE Leap 15.1 - A dream come untrue

Filed under
Reviews
SUSE

OpenSUSE Leap 15.1 is significantly better than the first edition. It fixes tons of the problems that the previous version had. But then, it still retains lots of problems and introduces some new ones. You get decent media and phone support, but it's not a perfect record. Network support is average, and overall, the hardware compatibility with the 2010 Pavilion machine is meh.

The installer is no longer as awesome as it used to be, the package management is quite broken, and the system wasn't stable enough to be fun and enjoyable, before or after my tweaks. The Plasma desktop is sweet, and while SUSE does have tricks most other distros don't have, like YaST, BTRFS, Snapper and such, it feels raw and jumbled and hastily put together. There were too many rough edges and errors and application crashes for me to consider this for serious work. Alas, my dream of using openSUSE in my production setup was dashed once again. All in all, Leap 15.1 deserves something like 4/10, a far cry from the legend it used to be. Maybe, maybe one day. But hey, at the current rate, 15.2 might be quite all right. We shall see.

Read more

Openwashing by SUSE: Can You Have Open Source without True Partnership?

Leftovers: OpenSUSE, SUSE and Red Hat

Filed under
Red Hat
SUSE
  • openSUSE.Asia Summit 2019 Logo Competition Winner

    The votes are in and the openSUSE Project is happy to announce that the openSUSE.Asia Summit 2019 logo competition winner is Hervy Qurrotul from Indonesia. Congratulations Hervy! As the winner, Hervy will receive a “mystery box” from the committee.

    On this logo competition, we have 18 submissions from all over the world. All the designs are great. This logo competition is voted by openSUSE.Asia Committee and Local Team. Thank you for your vote.

  • Cloud Application Platform vs Container as a Service vs VM hosted application

    In the “old days,” applications were always hosted in a traditional way on a physical server or a group of physical servers. However, physical servers are expensive, hard to maintain and hard to grow and scale. That’s when virtual machines (VM) grew in popularity. VMs provided a better way to maintain, grow and scale. That is, they were easier to backup and restore and migrate from one region to another and they were easier to replicate across multiple domains/zones/regions.

  • Sysadmin vs SRE: What's the difference?

    In the IT world, there has always been a pull between generalist and specialist. The stereotypical sysadmin falls in the generalist category 99 times out of 100. The site reliability engineer (SRE) role is specialized, however, and grew out of the needs of one of the first companies to know real scale: Google. Ultimately, these two roles have the same goal for the applications whose infrastructure they operate: providing a good experience for the applications’ consumers. Yet, these roles have drastically different starting points.

Open Build Service bids farewell to old UI and – what did you just ship there?

Filed under
Development
SUSE

Open Build Service (OBS), an open source system to build and distribute binary packages from source code, is now available in version 2.10. After a year in the works, the openSUSE-nurtured project now comes with better container support and GitLab integration amongst other things.

The work on the former is only reasonable, given the burgeoning interest in containers as a means of shipping and deploying. To help with delivery, OBS 2.10 comes with an integrated registry that can be built into a release workflow. It also makes use of binary tracking, so that ops can get the full insight into who has shipped what when. Improved parsing of Dockerfiles, container layer deduplication and support for multi-arch container manifest generation should help spark interest in the containerisation community as well.

Read more

LWN's Latest: An OpenSUSE 'Foundation', Security, Programming and Kernel (Linux)

Filed under
Development
Linux
SUSE
  • An openSUSE foundation proposal

    The idea of spinning openSUSE out into a foundation is not new; it has come up multiple times along the way. The most recent push started back in April at two separate board meetings where it was discussed. It picked up steam during a board meeting at the openSUSE Conference 2019 in late May. While waiting for the outcome from that meeting (though there was a panel session with the board [YouTube] at the conference where some of the thinking was discussed), the community discussed ideas for a name for the foundation (and, possibly, the project itself). Now, board member Simon Lees has posted a draft of the foundation proposal for review.

    The proposal outlines the current thinking of the board. It notes that the move to a foundation is not meant to pull away from SUSE, "but to add more capabilities to the openSUSE Project". In particular, having a separate entity will allow the project to "receive and provide sponsorships (in terms of money, hardware, or contracted services)". Currently, any kind of agreement between the project and some other organization has to be done via SUSE, which can complicate those efforts. The new foundation would be able to partner with others, receive donations, spend money, and sign contracts with venues, service providers, and the like, all on behalf of the openSUSE project.

    SUSE would clearly have a role in the new foundation; the board is requesting some funding to set up the organization as well as one or two people to help with the administrative side. The new foundation's board would take the place of the existing project board, with the same election rules as there are today (which results in a board of six, five elected from the members of the project and the chair appointed by SUSE).

    The board is looking at setting up a German stiftung foundation as the legal entity for the new organization, though that was not clearly specified in the draft proposal. An eingetragener Verein (e. V.) was considered, but the structure of that type of entity is inflexible; in addition, the purpose of an e. V. can be changed if there was a "hostile takeover" at some point. Umbrella organizations (e.g. the Linux Foundation) and simply keeping things the same were also looked at, but were deemed unworkable for various reasons.

    There is also a handful of open questions, including logistical issues such as whether SUSE or the new foundation would own the IT infrastructure, trademarks, and so on. Also, who would be responsible (in a GDPR sense) for the project's data collection and storage. The biggest open issue is to create a charter for the foundation, which requires legal advice. The Document Foundation (TDF) is something of a model for what openSUSE is trying to achieve; it is also a stiftung and shares some of the attributes with the proposed structure.

  • CVE-less vulnerabilities

    More bugs in free software are being found these days, which is good for many reasons, but there are some possible downsides to that as well. In addition, projects like OSS-Fuzz are finding lots of bugs in an automated fashion—many of which may be security relevant. The sheer number of bugs being reported is overwhelming many (most?) free-software projects, which simply do not have enough eyeballs to fix, or even triage, many of the reports they receive. A discussion about that is currently playing out on the oss-security mailing list.

  • C, Fortran, and single-character strings

    The calling interfaces between programming languages are, by their nature, ripe for misunderstandings; different languages can have subtly different ideas of how data should be passed around. Such misunderstandings often have the effect of making things break right away; these are quickly fixed. Others can persist for years or even decades before jumping out of the shadows and making things fail. A problem of the latter variety recently turned up in how some C programs are passing strings to Fortran subroutines, with unpleasant effects on widely used packages like LAPACK.

    The C language famously does not worry much about the length of strings, which simply extend until the null byte at the end. Fortran, though, likes to know the sizes of the strings it is dealing with. When strings are passed as arguments to functions or subroutines, the GCC Fortran argument-passing conventions state that the length of each string is to be appended to the list of arguments. 

  • Statistics from the 5.2 kernel — and before

    As of this writing, just over 13,600 non-merge changesets have been pulled into the mainline repository for the 5.2 development cycle. The time has come, once again, for a look at where that work came from and who supported it. There are some unique aspects to 5.2 that have thrown off some of the usual numbers.
    1,716 developers contributed changes for the 5.2 kernel, 245 of whom made their first contribution during this cycle. Those 1,716 developers removed nearly 490,000 lines of code, which is a lot, but the addition of 596,000 new lines of code means that the kernel still grew by 106,000 lines. 

  • Lockdown as a security module

    Technologies like UEFI secure boot are intended to guarantee that a locked-down system is running the software intended by its owner (for a definition of "owner" as "whoever holds the signing key recognized by the firmware"). That guarantee is hard to uphold, though, if a program run on the system in question is able to modify the running kernel somehow. Thus, proponents of secure-boot technologies have been trying for years to provide the ability to lock down many types of kernel functionality on secure systems. The latest attempt posted by Matthew Garrett, at an eyebrow-raising version 34, tries to address previous concerns by putting lockdown under the control of a Linux security module (LSM).
    The lockdown patches have a long and controversial history; LWN first wrote about them in 2012. Opposition has come at all kinds of levels; some developers see lockdown as a way of taking control of systems away from their owners, while others see it as ultimately useless security theater. There does appear to be some value, though, in making a system as resistant to compromise as possible, so these patches have persisted and are often shipped by distributors. Disagreement over more recent versions of the lockdown patch set were focused on details like whether lockdown should be tied to the presence of secure boot or integration with the integrity-measurement infrastructure.

    One outcome from the most recent discussion was a concern that the lockdown patches were wiring too much policy into the kernel itself. The kernel has long had a mechanism for pushing security-policy decisions out to user space — the security-module mechanism. So it arguably makes sense to move lockdown decision-making into an LSM; that is indeed what the more recent versions of the patch set do.

    First, though, there is the problem of initialization. LSMs exist to apply policies to actions taken by user space, so as long as the LSM infrastructure is running by the time user space starts, everything is fine. Lockdown, though, must act earlier: it needs to be able to block the action of certain types of command-line parameters and must be functional even before a security policy can be loaded. So the patch set starts by creating a new type of "early security module" that is initialized toward the beginning of the boot process. At this point, the module can't do much — even basic amenities like kmalloc() are not available — but it's enough to register its hooks and take control.

openSUSE Leap 42.3 Linux OS Reached End of Life, Upgrade to openSUSE Leap 15.1

Filed under
SUSE

Released two years ago, on July 26th, 2017, the OpenSuSE Leap 42.3 operating system was the third maintenance update to the openSUSE Leap 42 series, which is also the last to be based on the SUSE Linux Enterprise (SLE) 12 operating system series.

openSUSE Leap 42.3 was based on the packages from SUSE Linux Enterprise 12 Service Pack 3 and was powered by the long-term supported Linux 4.4 kernel series. It was initially supposed to be supported until January 2019, but the openSUSE and SUSE projects decided to give users more time to upgrade to the major openSUSE Leap 15 series.

Read more

Syndicate content

More in Tux Machines

Debian and Ubuntu Leftovers

  • Ritesh Raj Sarraf: Bpfcc New Release

    bpfcc version 0.11.0 has been uploaded to Debian Unstable and should be accessible in the repositories by now. After the 0.8.0 release, this has been the next one uploaded to Debian.

  • Utkarsh Gupta: Joining Debian LTS!

    Back during the good days of DebConf19, I finally got a chance to meet Holger! As amazing and inspiring a person he is, it was an absolute pleasure meeting him and also, I got a chance to talk about Debian LTS in more detail. [...] I had almost no idea what to do next, so the next month I stayed silent, observing the workflow as people kept committing and announcing updates. And finally in September, I started triaging and fixing the CVEs for Jessie and Stretch (mostly the former). Thanks to Abhijith who explained the basics of what DLA is and how do we go about fixing bugs and then announcing them. With that, I could fix a couple of CVEs and thanks to Holger (again) for reviewing and sponsoring the uploads! :D

  • Ubucon Europe 2019 in local media

    News from the new Ubuntu distribution, the exploration of the several platforms and many “how to”, rule the 4-days agenda where the open source and open technologies are in the air. The Olga Cadaval Cultural centre in Sintra, is the main stage of a busy agenda filled with several talks and more technical sessions, but at Ubucon Europe there’s also room for networking and cultural visits, a curious fusion between spaces full of history, like the Pena Palace or the Quinta da Regaleira, and one of the youngest “players” in the world of software. For 4 days, the international Ubuntu Community gathers in Sintra for an event open to everyone, where the open source principles and open technology are dominating. The Ubucon Europe Conference begun Thursday, October 10th, and extends until Sunday, October 13th, keeping an open doors policy to everyone who wants to Afterall, what is the importance of Ubucon? The number of participants, which should be around 150, doesn’t tell the whole story of what you can learn during these days, as the SAPO TEK had the opportunity to check this morning. Organised by the Ubuntu Portugal Community, with the National Association for Open Software, the Ubuntu Europe Federation and the Sintra Municipality, the conference brings to Portugal some of the biggest open source specialists and shows that Ubuntu is indeed alive, even if not yet known by most people, and still far from the “world domain” aspired by some.

Devices/Embedded: Win Enterprises and Raspberry Pi 4

  • Win Enterprises unveils Atom-based LAN gateway and compact SBC

    Win Enterprises unveiled a fanless “PL-82000” networking gateway with 6x GbE and 2x SFP ports based on an Atom C3000. It also launched a Raspberry Pi sized “MB-5000” SBC that runs Ubuntu or Win 10 on Intel Apollo Lake. We tend to forget Win Enterprises because as its name suggests, the company typically sticks to Windows-supported products. Yet, they have increasingly produced barebones products without listed OS support, such as the new PL-82000 networking appliance, as well as Linux supported systems such as the MB-5000 SBC announced back in June. (In 2017, we covered an Intel Bay Trail based MB-80580 SBC and Win IoT-380 Gateway with Linux support.)

  • Raspberry Pi 4 PCI Express: It actually works! USB3, SATA… GPUs?

    Recently, Tomasz Mloduchowski posted a popular article on his blog detailing the steps he undertook to get access to the hidden PCIe interface of Raspberry Pi 4: the first Raspberry Pi to include PCIe in its design. After seeing his post, and realizing I was meaning to go buy a Raspberry Pi 4, it just seemed natural to try and replicate his results in the hope of taking it a bit further. I am known for Raspberry Pi Butchery, after all.

  • Raspberry Pi 4 B+ - PCI Express

    Why did I do it? Because I wanted to see if it can be done. Because Raspberry Pi 4 might be the cheapest device that is PCIe capable after a relatively minor modification (if I didn't lift the capacitors when desoldering the VL805, this is literally 12 soldering points). That, in turn, can be quite handy for developing own PCIe cores for various FPGA based experiments.

    I'm sharing it to allow people to learn from this - and to dispel the myth that PCIe is somehow out of reach of hobbyists due to some concerns over signal integrity or complexities. Stay tuned for more Pi4/PCIe experimentation!

OSS: Odoo, WordPress, MongoDB vs. MySQL

  • What's New in Odoo 13?

    Fast, Simple and Effective Business Management- this is the motto of Odoo, the leading open source ERP of the globe. And this is what makes Odoo the prominent and most favorite choice among business enterprises. With the release of Odoo 13, the open-source ERP has become all more fit and robust to meet the diversified needs of businesses. With Odoo 13 users can go along with better designs and customizations. With each version release, Odoo makes it a point to bring in major and minor improvements in the application, alongside a set of new features for improving the user interface and functionality of the user. The users worth 3.4 million is the evidence of Odoo being the finest application for business management.

  • Becoming Better Digital Citizens Through Open Source

    The WordPress Project is on a mission to democratize publishing. As WordPress empowers more people to participate in the digital space, we have the opportunity to make sure that everyone can participate safely and responsibly. Today marks the start of Digital Citizenship Week. We are going to share how open source can be used as a tool for learners (regardless of age) to practice and model the essential parts of being a good digital citizen. [...] Digital Citizenship is for all age groups. Anyone who uses the internet on a computer, mobile device or a TV is a digital citizen. You don’t have to be tech-savvy already, maybe you are taking your first steps with technology. Digital Citizenship Week is a chance to reflect together on our impact on the digital world. It can help us to make our consumption more considered and our interaction friendlier. It enables us to make a positive difference to those around us. All of us can strive (or learn) to become better digital citizens. It can be affected by the access those teaching have had to digital skills and good practice. Adult education classes and community tech hubs play a part in basic tech skill development. Unfortunately, these are not always accessible to those in less populated geographic locations.  Open source communities like WordPress already make a difference in encouraging the principles of digital citizenship, from sharing tech skills to improving security knowledge. They give people an opportunity to learn alongside their peers and many of the resources are available regardless of location, resources, or skills.

  • MongoDB vs. MySQL: How to choose

    During the dot-com bubble in the 1990s, one common software stack for web applications was LAMP, which originally stood for Linux (OS), Apache (web server), MySQL (relational database), and PHP (server programming language). MySQL was the preferred database mostly because it was free open source and had good read performance, which fit well with “Web 2.0” apps that dynamically generated sites from the database. Later the MEAN stack, which stood for MongoDB (document database), Express (web server), AngularJS (front-end framework), and Node.js (back-end JavaScript runtime), came to prominence. The MEAN stack was attractive, among other reasons, because the only language you needed to know was JavaScript. It also needed less RAM than an equivalent LAMP stack.

Security: XML External Entity (XXE) Example and the Latest Patches

  • XML External Entity (XXE) Example

    According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. If a parser accepts unsanitized XML, we can take advantage of that and send our own crafted external XML payload to exploit our target. This post won’t be long so let’s get into it.

  • Security updates for Monday

    Security updates have been issued by Arch Linux (chromium, sdl, and unbound), Debian (clamav, libdatetime-timezone-perl, openssl, tcpdump, and tzdata), Fedora (cutter-re, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-parent, libapreq2, ming, opendmarc, radare2, and thunderbird), openSUSE (chromium), Oracle (kernel), and SUSE (axis, jakarta-commons-fileupload, kernel, sles12sp3-docker-image, sles12sp4-image, system-user-root, and webkit2gtk3).