Language Selection

English French German Italian Portuguese Spanish

SUSE

Kata Containers Packages are Available officially in openSUSE Tumbleweed

Filed under
SUSE

Kata Containers is an open source container runtime that is crafted to seamlessly plug into the containers ecosystem.

We are now excited to announce that the Kata Containers packages are finally available in the official openSUSE Tumbleweed repository.

It is worthwhile to spend few words explaining why this is a great news, considering the role of Kata Containers (a.k.a. Kata) in fulfilling the need for security in the containers ecosystem, and given its importance for openSUSE and Kubic.

Read more

SUSE: Uyuni, openSUSE and Tumbleweed

Filed under
SUSE
  • openSUSE News: New 4.0.2 Version of Uyuni is Released

    Contributors of Uyuni Project have released a new version of Uyuni 4.0.2, which is an open-source infrastructure management solution tailored for software-defined infrastructure.

    Uyuni, a fork of the Spacewalk project, modernizing Spacewalk with SaltStack, provides more operating systems support and better scalability capabilities. Uyuni is now the upstream for SUSE Manager.

    With this release, Uyuni provides powerful new features such as monitoring, content lifecycle management and virtual machine management.

  • openSUSE Tumbleweed ? Review of the weeks 2019/31 & 32

    As you certainly know, there are more snapshots tested than we release in the end. In the last two weeks, for example, we tested 9 snapshots. Of those, only 4 made it to the mirrors and to you ? the users. During the last two weeks, these were snapshots 0726, 0730, 0805 and 0806.

  • Communities in the distrowatch.org top 20

    Only well-funded corporate sponsored Linux distributions (Fedora, Ubuntu, OpenSUSE) have all categories checked. That doesn’t mean that anyone is getting paid. I believe this means that employees are probably the chief contributors and that means there are more people putting in resources to help.

    Some distributions are “Pat’s distribution”. Pat’s group owns it and Pat doesn’t want a steering committee or any other say in how the distro works. Though contributions by means of bug reports may be accepted.

    A few distributions “outsource” resources to other distributions. Elementary allows Stack Exchange to provide their forum. Parrot Linux refers users to the Debian wiki. Mint suggests that you put in bug reports with the upstream provider unless it is a specific Mint create application.

    There are a few Linux distributions that leave me scratching my head. How is this in the top 20 distros on distrowatch? There’s nothing here and the forum, if there is one, is nearly empty. Who uses this?

  • Vagrant Boxes with openSUSE Tumbleweed – Check it Out!

    As part of the SUSE Developer Engagement, we recently kicked off the activity to automatically produce and validate Vagrant boxes for the openSUSE Tumbleweed distribution. The creation of Vagrant boxes for SUSE Linux Enterprise Server is currently work in progress. We will update you as soon as they are available for consumption.
    But for now, we are happy to announce that the infrastructure to automatically build, version and validate Vagrant box images is ready to use – and we are already producing Vagrant boxes for libvirt and Virtualbox – for openSUSE Tumbleweed.

Servers, SUSE, Red Hat and Fedora

Filed under
GNU
Linux
Red Hat
Server
SUSE
  • My Favorite Infrastructure

    PCI policy pays a lot of attention to systems that manage sensitive cardholder data. These systems are labeled as "in scope", which means they must comply with PCI-DSS standards. This scope extends to systems that interact with these sensitive systems, and there is a strong emphasis on compartmentation—separating and isolating the systems that are in scope from the rest of the systems, so you can put tight controls on their network access, including which administrators can access them and how.

    Our architecture started with a strict separation between development and production environments. In a traditional data center, you might accomplish this by using separate physical network and server equipment (or using abstractions to virtualize the separation). In the case of cloud providers, one of the easiest, safest and most portable ways to do it is by using completely separate accounts for each environment. In this way, there's no risk that a misconfiguration would expose production to development, and it has a side benefit of making it easy to calculate how much each environment is costing you per month.

    When it came to the actual server architecture, we divided servers into individual roles and gave them generic role-based names. We then took advantage of the Virtual Private Cloud feature in Amazon Web Services to isolate each of these roles into its own subnet, so we could isolate each type of server from others and tightly control access between them.

    By default, Virtual Private Cloud servers are either in the DMZ and have public IP addresses, or they have only internal addresses. We opted to put as few servers as possible in the DMZ, so most servers in the environment only had a private IP address. We intentionally did not set up a gateway server that routed all of these servers' traffic to the internet—their isolation from the internet was a feature!

    Of course, some internal servers did need some internet access. For those servers, it was only to talk to a small number of external web services. We set up a series of HTTP proxies in the DMZ that handled different use cases and had strict whitelists in place. That way we could restrict internet access from outside the host itself to just the sites it needed, while also not having to worry about collecting lists of IP blocks for a particular service (particularly challenging these days since everyone uses cloud servers).

    [...]

    Although I covered a lot of ground in this infrastructure write-up, I still covered only a lot of the higher-level details. For instance, deploying a fault-tolerant, scalable Postgres database could be an article all by itself. I also didn't talk much about the extensive documentation I wrote that, much like my articles in Linux Journal, walks the reader through how to use all of these tools we built.

    As I mentioned at the beginning of this article, this is only an example of an infrastructure design that I found worked well for me with my constraints. Your constraints might be different and might lead to a different design. The goal here is to provide you with one successful approach, so you might be inspired to adapt it to your own needs.

  • A Blunt Reminder About Security for Embedded Computing

    The ICS Advisory (ICSA-19-211-01) released on July 30th by the Cybersecurity and Infrastructure Security Agency (CISA) is chilling to read. According to the documentation, VxWorks is “exploitable remotely” and requires “low skill level to exploit.” Elaborating further, CISA risk assessment concludes, “Successful exploitation of these vulnerabilities could allow remote code execution.”
    The potential consequences of this security breech are astounding to measure, particularly when I look back on my own personal experiences in this space, and now as an Account Executive for Embedded Systems here at SUSE.

    [...]

    At the time, VxWorks was the standard go-to OS in the majority of the embedded production platforms I worked with. It was an ideal way to replace the legacy stove-piped platforms with an Open Architecture (OA) COTS solution. In light of the recent CISA warning, however, it is concerning to know that many of those affected systems processed highly-classified intelligence data at home and abroad.

  • Red Hat Recognized as a Leader by Independent Research Firm in Infrastructure Automation Platforms Evaluation [Ed: Forrester is not “Independent Research Firm”; It’s taking bribes to lie.]
  • Why Red Hat can take over the cloud sooner than you think
  • Red Hat Enterprise Linux 7.7: Final Full Support Update
  • Transport Layer Security version 1.3 in Red Hat Enterprise Linux 8

    TLS 1.3 is the sixth iteration of the Secure Sockets Layer (SSL) protocol. Originally designed by Netscape in the mid-1990’s to serve the purposes of online shopping, it quickly became the primary security protocol of the Internet. Now not limited just to web browsing, among other things, it secures email transfers, database accesses or business to business communication.

    Because it had its roots in the early days of public cryptography, when public knowledge about securely designing cryptographic protocols was limited, the first two iterations: SSLv2 and SSLv3 are now quite thoroughly broken. The next two iterations, TLS 1.0 and TLS 1.1 depend on the security of Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA1).

  • Cute Qt applications in Fedora Workstation

    Fedora Workstation is all about Gnome and it has been since the beginning, but that doesn’t mean we don’t care about Qt applications, the opposite is true. Many users use Qt applications, even on Gnome, mainly because many KDE/Qt applications don’t have adequate replacement written in Gtk or they are just used to them and don’t really have reason to switch to another one.

    For Qt integration, there is some sort of Gnome support in Qt itself, which includes a platform theme reading Gnome configuration, like fonts and icons. This platform theme also provides native file dialogs, but don’t expect native look of Qt applications. There used to be a gtk2 style, which used gtk calls directly to render natively looking Qt widgets, but it was moved from qtbase to qt5-styleplugins, because it cannot be used today in combination with gtk3.

    For reasons mentioned above, we have been working on a Qt style to make Qt applications look natively in Gnome. This style is named adwaita-qt and from the name you can guess that it makes Qt applications look like Gtk applications with Adwaita style. Adwaita-qt is actually not a new project, it’s been there for years and it was developed by Martin Bříza. Unfortunately, Martin left Red Hat long time ago and since then a new version of Gnome’s Adwaita was released, completely changing colors and made the Adwaita theme look more modern. Being the one who takes care of these things nowadays, I started slowly updating adwaita-qt to make it look like the current Gnome Adwaita theme and voilà, a new version was released after 3 months of intermittent work.

  • Fedora Community Blog: Friday with Infra

    Friday with Infra is a new event done by CPE (Community Platform Engineering) Team, that will help potential contributors to start working on some of the applications we maintain. During this event members of the CPE team will help you to start working on those applications and help you with any issue you may encounter. At the end of this event you should be able to maintain the application by yourself.

SUSE and IBM/Red Hat Leftovers

Filed under
Red Hat
Server
SUSE
  • No More Sleepless Nights and Long Weekends Doing Maintenance

    Datacenter maintenance – you dread it, right? Staying up all night to make sure everything runs smoothly and nothing crashes, or possibly losing an entire weekend to maintenance if something goes wrong. Managing your datacenter can be a real drag. But it doesn’t have to be that way.

    At SUSECON 2019, Raine and Stephen discussed how SUSE can help ease your pain with SUSE Manager, a little Salt and a few best practices for datacenter management and automation.

  • Fedora Has Formed A Minimization Team To Work On Shrinking Packaged Software

    The newest initiative within the Fedora camp is a "Minimization Team" seeking to reduce the size of packaged applications, run-times, and other software available on Fedora Linux.

    The hope of the Fedora Minimization Team is that they can lead to smaller containers, eliminating package dependencies where not necessary, and reducing the patching foot-print.

  • DevNation Live: Easily secure your cloud-native microservices with Keycloak

    DevNation Live tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this talk, you’ll learn about Keycloak from Sébastien Blanc, Principal Software Engineer at Red Hat.

    This tutorial will demonstrate how Keycloak can help you secure your microservices. Regardless of whether it’s a Node.js REST Endpoint, a PHP app, or a Quarkus service, Keycloak is completely agnostic of the technology being used by your services. Learn how to obtain a JWT token and how to propagate this token between your different secured services. We will also explain how to add fine-grained authorizations to these services.

Mesa, ImageMagick, Plasma, Frameworks Update in Tumbleweed

Filed under
SUSE

There have been three openSUSE Tumbleweed snapshots released since last week.

The snapshots brought a single major version update and new versions of KDE’s Plasma and Frameworks.

ImageMagick’s 7.0.8.56 version arrived in snapshot 20190730 and added support for the TIM2 image format, which is commonly used in PlayStation 2 and sometimes in PlayStation Portable games. The snapshot also delivered an update for Mesa 3D Graphics Library with version 19.1.3 that mostly provided fixes for ANV and RADV drivers, as well as NIR backend fixes. File searching tool catfish 1.4.8 provided some fixes with directories and a fix running on Wayland. The GNU Compiler Collection 7 added a patch and fixed for a Link Time Optimization (LTO) linker plugin. The 9.0.1 glu, which is the OpenGL Utility library for Mesa, fixed a possible memory leak. The Linux Kernel was updated to 5.2.3; the new version made a few fixes for PowerPC and added Bluetooth for some new devices. Serval Python packages were updated in the snapshot. LLVM tools and libraries were updated in Tumbleweed with llvm8 8.0.1 but the changelog states not to run LLVM tests on PowerPC because of sporadic hangs. The 2.4.7 version of openvpn in the snapshot added support for tls-ciphersuites for TLS 1.3 and updated openvpn.keyring with public key downloaded from https://swupdate.openvpn.net/community/keys/security-key-2019.asc. A lengthy list of fixes were made to the VIM text editor in version 8.1.1741. Other packages updated in the snapshot were ucode-intel 20190618, xapps 1.4.8, ypbind 2.6.1 and zstd 1.4.1. The snapshot is trending as moderately stable with a rating of 79, according to the Tumbleweed snapshot reviewer.

Read more

SUSE displaces Red Hat @ Istanbul Technical University

Filed under
Red Hat
SUSE

Did you know the third-oldest engineering sciences university in the world is in Turkey? Founded in 1773, Istanbul Technical University (ITU) is one of the oldest universities in Turkey. It trains more than 40,000 students in a wide range of science, technology and engineering disciplines.

The third-oldest engineering sciences university selected the oldest Enterprise Linux company. Awesome match of experience! The university ditched the half-closed/half-open Red Hat products and went for truly open, open source solutions from SUSE.

Read more

GNOME Packages, More Updated in Tumbleweed This Week

Filed under
GNU
Linux
GNOME
SUSE

Two openSUSE Tumbleweed snapshots have been released since our last Tumbleweed update on Saturday.

The most recent snapshot, 20190723, updated Mozilla Firefox to version 68.0.1. The browser fixed the missing Full-Screen button when watching videos in full screen mode on HBO GO. The new 68 version enhanced the Dark Mode reader view to include darkening the controls, sidebars and toolbars. It also addressed several Common Vulnerabilities and Exposures (CVE). The snapshot provided an update to GNOME 3.32.4, which fixed an issue that led to some packages with multiple appdata files not correctly showing up on the updates page. The Guile programming language package update to 2.2.6 fixed regression introduced in the previous version that broke HTTP servers locale encoding. Hardware library hwinfo 21.67 fixed Direct Access Storage Devices (DASD) detection. A major 7.0 version of hylafax+ arrived in the snapshot. The Linux Kernel brought several new features with the 5.2.1 kernel and enhanced security for a hardware vulnerability affecting Intel processors. The open-source painting program Krita 4.2.3 version offered a variety of fixes including a copy and paste fix of the animation frames. A few libraries like libgphoto2, libuv and libva received update. There were also several Perl and Rubygem packages that were updated in the snapshot. The file manager for the Xfce Desktop Environment, thunar 1.8.8, fixed XML declaration in uca.xml and the 2.15 transactional-update package enable network during updates and allow updates of the bootloader on EFI systems. The snapshot is currently trending at a 93 rating, according to the Tumbleweed snapshot reviewer.

Read more

Nils Brauckmann, SUSE's CEO, Steps Down (The first of many goodbyes)

Filed under
SUSE

I have recently made the decision to retire as the SUSE CEO and subsequently to leave SUSE. I care very deeply for the SUSE business and its employees, and this difficult decision is based entirely on personal reasons. My step down from the SUSE CEO role will be effective August 5.
My decision comes at a positive point in time for SUSE, where the business has completed its journey to becoming standalone and has a solid foundation to continue to accelerate its success and growth as an independent company.
For me personally this means I will have more time to devote myself to other important things in my life.
In FY18, the SUSE business saw record-breaking revenues. This level of growth has only been realized through the whole SUSE Team showing huge commitment to working together to deliver great outcomes. I am extremely proud of what we have achieved collectively over the last eight years, and I have every confidence that SUSE will exceed all future expectations. I will naturally be following the SUSE journey closely during my retirement, and my positive wishes will always be with the company and all connected with it.
As we look to the future I am delighted and, of course, reassured to be passing the SUSE CEO baton to such a talented and accomplished leader as Melissa Di Donato. Melissa has an outstanding track record of growth, leadership and transformation in the tech sector, having enjoyed enormous success as the chief operating officer and chief revenue officer at SAP. Prior to SAP, she held senior executive positions at Salesforce and was recognized for her contribution to growing global organizations by winning the 2018 Digital Masters Award for Excellence in Commercial Management.

Read more

KDE Applications, Squid, SQLite, VIM Update in Tumbleweed

Filed under
SUSE

Three openSUSE Tumbleweed snapshots in the middle of this week brought new minor version updates to ImageMagick, Squid, SQLite, VIM and more. The new KDE Applications 19.04.3 version arrived in the first two snapshots.

The more recent snapshot, 20190718, brought a half-dozen new packages, which include fix for the UrbanCode Deploy (UCD) script data for Unicode 10+ scripts for the OpenType text shaping engine package harfbuzz 2.5.3. A two-year old Common Vulnerabilities and Exposures (CVE) was fixed with the update of libpng12 1.2.59. The tool that cleans RPM spec files, spec-cleaner 1.1.4, added a temporary patch to fix a test that fails if there is no internet connection. Caching proxy squid 4.8 fixed GNU Compiler Collection (GCC) 9 build issues and added a fix to prevent parameter parsing used for a potential Denial of Service (DoS). RISC-V support was added with the virt-manager 2.2.1 update and xclock 1.0.9 was also updated in the snapshot, which is trending at a 97 rating, according to the Tumbleweed snapshot reviewer.

Read more

Operating Systems: Debian, Clear Linux, OpenSUSE and Vista 10

Filed under
GNU
Linux
Microsoft
Debian
SUSE
  • John Goerzen: Tips for Upgrading to, And Securing, Debian Buster

    Wow.  Once again, a Debian release impresses me — a guy that’s been using Debian for more than 20 years.  For the first time I can ever recall, buster not only supported suspend-to-disk out of the box on my laptop, but it did so on an encrypted volume atop LVM.  Very impressive!

    For those upgrading from previous releases, I have a few tips to enhance the experience with buster.

  • Clear Linux Could Soon Be Faster Within Containers On AVX2 Systems

    While Clear Linux as part of its standard bare metal installations has long defaulted to having an AVX2-optimized GNU C Library installed by default, it turns out that it wasn't part of the default os-core bundle as used by containers. That though is changing and should yield even better out-of-the-box performance when running Clear Linux within containers.

    Intel's William Douglas sent out the proposal for adding the AVX2 version of the Glibc libraries into the os-core bundle in order to get picked up by containers and other bare/lightweight Clear configurations.

  • OpenSUSE Enables LTO By Default For Tumbleweed - Smaller & Faster Binaries

    The past few months openSUSE developers have been working on enabling LTO by default for its packages while now finally with the newest release of the rolling-release openSUSE Tumbleweed this goal has been accomplished. 

    As of today, the latest openSUSE Tumbleweed release is using Link-Time Optimizations (LTO) by default. For end-users this should mean faster -- and smaller -- binaries thanks to the additional optimizations performed at link-time. Link-time optimizations allow for different optimizations to be performed at link-time for the different bits comprising a single module/binary for the entire program. Sadly not many Linux distributions are yet LTO'ing their entire package set besides the aggressive ones like Clear Linux. 

  • Investigating why my 7-year old Windows 10 laptop became unbearably slow

    The laptop had also begun to run into blue screens of death (BSoD) whenever I used the built-in camera and when I opened Spotify or Netflix in a web browser. The slowdown and crashes were actually related, but I didn’t realize this at first. The camera-induced BSoD error message blamed the camera vendor’s driver without any further details. This sounds believable enough for a 7-year old laptop so I didn’t think any more of it.

Syndicate content