October 23, 2014

Fedora Day @ DevConf.cz 2015

DevConf.cz is the largest developer conference devoted to Red Hat related technologies (Linux, JBoss, OpenShift, OpenStack,…). This year, there were around 1000 attendees which is a sizable number for a deeply technical conference. Because we were hitting the capacity limits of the venue, we decided to move the event to a different university campus which offers more rooms – FIT BUT. For those who attended GUADEC 2013: it’s the same venue.

The next DevConf.cz will span three days again – February 6-8th. And like this year we’d like to make the last day a Fedora Day. I think the Fedora Day was a success this year. Matthew Miller delivered his FPL’s keynote on Fedora.Next, representatives of working groups spoke about their progress, and there was overall an interesting discussion about the direction Fedora was taking. Not counting Flock, DevConf.cz is a conference with the largest number of Fedora contributors, so why not to use it for discussions, planning, and hacking?

I’m also in talks with the CentOS guys whether they want to join us for the Fedora Day and make it a Fedora & CentOS Day. I think there are quite a few topics the two projects can discuss.

DevConf.cz’s CfP has been on for some time and will be open till Dec 1st. If you have an interesting topic for a talk, workshop, or hackfest, submit it. And even if you don’t, consider attending. I assure you that you will enjoy the conference. You will have a chance to attend a lot of Fedora-related talks and meet many interesting people from the project.

devconf-logo


How to select and set default applications in Fedora

Do you have a type of document you want to open with a specific default application in Fedora? For example, do you want to always open JPG or PNG files in The GIMP, WAV files in Audacity, or SVG files in Inkscape? You can do this and more in the interface of the Files file browser (also known as nautilus) in Fedora via the Properties window.

Right-click on any file of the type you’re interested in. Then select Properties to bring up the file properties. Select the Open With pane, and select the desired app. You can then either open the file this time only with that app, or you can select Set as default to always open with the new app from now on.

Take a look at the demonstration graphic below:

set_as_default

Many apps automatically provide a default assignment like this when installed. However, often file types can be opened by more than one app. Now you can choose the one you prefer.

More Fedora in life

I am using Fedora from the very fast release. Started contributing to the project from around 2005. I worked on Fedora during my free time, I did that before I joined Red Hat in 2008, during the time I worked in Red Hat and after I left Red Hat last year.

But for the last two weeks I am working on Fedora not only on my free times but also as my day job. I am the Fedora Cloud Engineer as a part of Fedora Engineering team and part of the amazing community of long time Fedora Friends.

Using docker in Fedora for your development work

Last week I worked on DNF for the first time. In this post I am going to explain how I used Docker and a Fedora cloud instance for the same.

I was using a CentOS vm as my primary work system for last two weeks and I had access to a cloud. I created a Fedora 20 instance there.

The first step was to install docker in it and update the system, I also had to upgrade the selinux-policy package and reboot the instance.

# yum upgrade selinux-policy -y; yum update -y
# reboot
# yum install docker-io
# systemctl start docker
# systemctl enable docker

Then pull in the Fedora 21 Docker image.

# docker pull fedora:21

The above command will take time as it will download the image. After this we will start a Fedora 21 container.

# docker run -t -i fedora:21 /bin/bash

We will install all the required dependencies in the image, use yum as you do normally and then get out by pressing Crrl+d.

[root@3e5de622ac00 /]# yum install dnf python-nose python-mock cmake -y

Now we can commit this as a new image so that we can reuse it in the future. We do this by docker commit command.

#  docker commit -m "with dnf" -a "Kushal Das" 3e5de622ac00 kushaldas/dnfimage

After this the only thing left to start a container with this newly created image and mounted directory from host machine.

# docker run -t -i -v /opt/dnf:/opt/dnf kushaldas/dnfimage /bin/bash

This command assumes the code is already in the /opt/dnf of the host system. Even if I managed to do something bad in that container, my actual host is safe. I just have to get out of the container and start a new one.

Linux Container Security
First, read these slides. Done? Good.

Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1].

Does this mean containers provide reduced security? That's an arguable point. In the event of a new kernel vulnerability, container-based deployments merely need to upgrade the kernel on the host and restart all the containers. Full VMs need to upgrade the kernel in each individual image, which takes longer and may be delayed due to the additional disruption. In the event of a flaw in some remotely accessible code running in your image, an attacker's ability to cause further damage may be restricted by the existing seccomp and capabilities configuration in a container. They may be able to escalate to a more privileged user in a full VM.

I'm not really compelled by either of these arguments. Both argue that the security of your container is improved, but in almost all cases exploiting these vulnerabilities would require that an attacker already be able to run arbitrary code in your container. Many container deployments are task-specific rather than running a full system, and in that case your attacker is already able to compromise pretty much everything within the container. The argument's stronger in the Virtual Private Server case, but there you're trading that off against losing some other security features - sure, you're deploying seccomp, but you can't use selinux inside your container, because the policy isn't per-namespace[2].

So that seems like kind of a wash - there's maybe marginal increases in practical security for certain kinds of deployment, and perhaps marginal decreases for others. We end up coming back to the attack surface, and it seems inevitable that that's always going to be larger in container environments. The question is, does it matter? If the larger attack surface still only results in one more vulnerability per thousand years, you probably don't care. The aim isn't to get containers to the same level of security as hypervisors, it's to get them close enough that the difference doesn't matter.

I don't think we're there yet. Searching the kernel for bugs triggered by Trinity shows plenty of cases where the kernel screws up from unprivileged input[3]. A sufficiently strong seccomp policy plus tight restrictions on the ability of a container to touch /proc, /sys and /dev helps a lot here, but it's not full coverage. The presentation I linked to at the top of this post suggests using the grsec patches - these will tend to mitigate several (but not all) kernel vulnerabilities, but there's tradeoffs in (a) ease of management (having to build your own kernels) and (b) performance (several of the grsec options reduce performance).

But this isn't intended as a complaint. Or, rather, it is, just not about security. I suspect containers can be made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:

  • Strong auditing and aggressive fuzzing of containers under realistic configurations
  • Support for meaningful nesting of Linux Security Modules in namespaces
  • Introspection of container state and (more difficult) the host OS itself in order to identify compromises

These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two" tradeoff. That's not a winning strategy.

[1] Companies using hypervisors! Audit your qemu setup to ensure that you're not providing more emulated hardware than necessary to your guests. If you're using KVM, ensure that you're using sVirt (either selinux or apparmor backed) in order to restrict qemu's privileges.
[2] There's apparently some support for loading per-namespace Apparmor policies, but that means that the process is no longer confined by the sVirt policy
[3] To be fair, last time I ran Trinity under Docker under a VM, it ended up killing my host. Glass houses, etc.

comment count unavailable comments
Contributing to the Fedora Project

Once of the many things I do for the Fedora Project is Tagging, it’s something any one can do and it’s a quick/easy way to give back to Fedora.

First go here

https://apps.fedoraproject.org/tagger/

blog1

 

You’ll need to login with your FAS credentials.

blog2You’ll then be taken to this page

blog3

 

From this page, you have two choices, you can like an existing tag, or you can make suggestions for additional ones, just click the RIGHT triangle to move to the next page if you don’t want to do anything on the current package.  Now like most of us, I don’t really know what all packages do, so how am I going to be able to suggest new tags?

Well I personally go here

blog4

http://rpms.famillecollet.com/rpmphp/zoom.php?rpm=libcomps

You can search for the app you’re looking for, read it’s description etc, and then add a tag, in the example above, you could of added, library or XML, which has already been suggested, well I was going to add those, so I’ll like them.

For each TAG/Like you do, it will increase your score, you can see your current score at the top right of the page,

blog5

One of the cool things about doing this is you get badges.

blog6

See the bottom three, they are package tagging badges, now people know I helped out, the more tags you add, tages you like, the more badges you get.

A nice easy way of giving back to the project you so dearly love.

 

 

The post Contributing to the Fedora Project appeared first on Paul Mellors [DOT] NET.

flattr this!

Real money with browser game.
So I tested the markerglory game into my browsers ( Chrome and Firefox) .
MarketGlory is a strategy game, economic, political, social and military strategy game.
Working with all curency , let you to use the virtual money in your benefit.
All users have one referal into the game. This will give some goals by the game.
You can working one time / day and this will give money and experience points.
Also when you grow you can build your companies for workers and sell your products to local or global market. It's very simple and you can try it.
I think this help me to buy my Fedora dvd :), or maybe to make a Fedora Organization to help others.

What do you think about this game versus another games?
An early view of GTK+ 3.16

A number of new features have landed in GTK+ recently. These are now available in the 3.15.0 release. Here is a quick look at some of them.

Overlay scrolling

We’ve had long-standing feature requests to turn scrollbars into overlayed indicators, for touch systems. An implementation of this idea has been merged now. We show traditional scrollbars when a mouse is detected, otherwise we fade in narrow, translucent indicators. The indicators are rendered on top of the content and don’t take up extra space. When you move the pointer over the indicator, it turns into a full-width scrollbar that can be used as such.

<video class="wp-video-shortcode" controls="controls" height="267" id="video-1295-1" preload="metadata" width="474"><source src="http://blogs.gnome.org/mclasen/files/2014/10/overlay-scroll2.webm?_=1" type="video/webm">http://blogs.gnome.org/mclasen/files/2014/10/overlay-scroll2.webm</video>

Other new scrolling-related features are support for synchronized scrolling of multiple scrolled windows with a shared scrollbar (like in the meld side-by-side view), and an ::edge-overshot signal that is generated when the user ‘overshoots’ the scrolling at either end.

OpenGL support

This is another very old request – GtkGLExt and GtkGLArea have been around for more than a decade.  In 3.16, GTK+ will come with a GtkGLArea widget.

<video class="wp-video-shortcode" controls="controls" height="267" id="video-1295-2" preload="metadata" width="474"><source src="http://blogs.gnome.org/mclasen/files/2014/10/opengl.webm?_=2" type="video/webm">http://blogs.gnome.org/mclasen/files/2014/10/opengl.webm</video>

Alex’ commit message explains all the details, but the high-level summary is that we now render with OpenGL when we have to, and we can  fully control the stacking of pieces that are rendered with OpenGL or with cairo: You can have a translucent popup over a 3D scene, or mix buttons into your 3D views.

While it is nice to have a GLArea widget, the real purpose is to prepare GDK for Emmanuele’s scene graph work, GSK.

A Sidebar widget

Ikey Doherty contributed the GtkSidebar widget. It is a nice and clean widget to turn the pages of a GtkStack.

sidebar
IPP Printing

The GTK+ print dialog can now handle IPP printers which don’t provide a PPD to describe their capabilities.

Pure CSS theming

For the last few years, we’ve implemented more and more CSS functionality in the GTK+ style code. In 3.14, we were able to turn Adwaita into a pure CSS theme. Since CSS has clear semantics that don’t include ‘call out to arbitrary drawing code’, we are not loading and using theme engines anymore.

We’ve landed this change early in 3.15 to give theme authors enough time to convert their themes to CSS.

More to come

With these features, we are about halfway through our plans for 3.16. You can look at the GTK+ roadmap to see what else we hope to achieve in the next few months.

Trinity and pages of random data.

Something trinity uses a lot, are pages of random data. They get passed around to syscalls, ioctls, whatever. 5 years ago, before I’d even added multiple children to trinity, this was done using ‘page_rand’. A single page allocated on startup, that was passed around, and scribbled over by anyone who needed something to scribble over.

After the VM work I did earlier this year, where we recycle successful calls to mmap, and inherit them across children, quite a few places started passing around map structs instead. This was good, because it started shaking out the many many kernel bugs that we had lingering in huge page support.

It kind of sucked that we had two sets of routines for doing things like “get a page”, “dirty a page” etc which were fundamentally the same operations, except one set worked on a pointer, and one on a struct. It also sucked that the page_rand code was actually buggy in a number of ways, which showed up as overruns.

Over time, I’ve been trying to move all the code that used page_rand to using mappings instead. Today I finished that work, and ripped out the last vestiges of page_rand support. The only real remnants of the supporting code was some of the dirtying code. We used to have separate ‘dirty page_rand’ and ‘dirty an mmap’ routines. After todays work, there’s now a single set of functions for mappings. There’s still a bunch more consolidation and cleanup to do, which I’ll get fixed up and merged over the next week.

The only feature that’s now missing is periodic dirtying of mappings. We did this every 100 syscalls for page_rand. Right now we only dirty mmap’s after a mmap() call succeeds, or on an mremap(). I plan on getting this done tomorrow.

The motivation for ripping out all this code, and unifying a lot of the support code is that a lot of code paths get simpler, and more importantly, the code in place now takes ‘len’ arguments, so we’re in a better position to make sure we’re not passing buffers that are too small when we do random syscalls.

In other news: while I was happy to report a few days ago that 3.18rc1 fixed up the btrfs bug that had been bothering me for a while, I’ve now managed to discover two new btrfs bugs [1]. [2]. Grumble.

Trinity and pages of random data. is a post from: codemonkey.org.uk

October 22, 2014

Testing Evolution’s git master and GNOME continuous

I’ve wanted a feature in Evolution for a while. It was formally requested in 2002, and it just recently got fixed in git master. I only started publicly groaning about this missing feature in 2013, and mcrha finally patched it. I tested the feature and found a small bug, mcrha patched that too, and I finally re-tested it. Now I’m blogging about this process so that you can get involved too!

Why Evolution?

  • Evolution supports GPG (Geary doesn’t, Gmail doesn’t)
  • Evolution has a beautiful composer (Gmail’s sucks, just try to reply inline)
  • Evolution is Open Source and Free Software (Gmail is proprietary)
  • Evolution integrates with GNOME (Gmail doesn’t)
  • Evolution has lots of fancy, mature features (Geary doesn’t)
  • Evolution cares about your privacy (Gmail doesn’t)

The feature:

I’d like to be able to select a bunch of messages and click an archive action to move them to a specific folder. Gmail popularized this idea in 2004, two years after it was proposed for Evolution. It has finally landed.

In your account editor, you can select the “Archive Folder” that you want messages move to:

evolution-account-archive-folder

This will let you have a different folder set per account.

Archive like Gmail does:

If you use Evolution with a Gmail account, and you want the same functionality as the Gmail archive button, you can accomplish this by setting the Evolution archive folder to point to the Gmail “All Mail” folder, which will cause the Evolution archive action to behave as Gmail’s does.

To use this functionality (with or without Gmail), simply select the messages you want to move, and click the “Archive…” button:

evolution-context-menu-archive

This is also available via the “Message” menu. You can also activate with the Control-Alt-a shortcut. For more information, please read the description from mcrha.

GNOME Continuous:

Once the feature was patched in git master, I wanted to try it out right away! The easiest way for me to do this, was to use the GNOME Continuous project that walters started. This GNOME project automatically kicks off integration builds of multiple git master trees for the most common GNOME applications.

If you follow the Gnome Continuous instructions, it is fairly easy to download an image, and then import it with virt-manager or boxes. Once it had booted up, I logged into the machine, and was able to test Evolution’s git master.

Digging deep into the app:

If you want to tweak the app for debugging purposes, it is quite easy to do this with GTKInspector. Launch it with Control-Shift-i or Control-Shift-d, and you’ll soon be poking around the app’s internals. You can change the properties you want in real-time, and then you’ll know which corresponding changes in the upstream source are necessary.

Finding a bug and re-testing:

I did find one small bug with the Evolution patches. I’m glad I found it now, instead of having to wait six months for a new Fedora version. The maintainer fixed it quickly, and all that was left to do was to re-test the new git master. To do this, I updated my GNOME Continuous image.

  1. Click on Control-Alt-F2 from the virt-manager “Send Key” menu.
  2. Log in as root (no password)
  3. Set the password to something by running the passwd command.
  4. Click on Control-Alt-F1 to return to your GNOME session.
  5. Open a terminal and run: pkexec bash.
  6. Enter your root password.
  7. Run ostree admin upgrade.
  8. Once it has finished downloading the updates, reboot the vm.

You’ll now be able to test the newest git master. Please note that it takes a bit of time for it to build, so it is not instant, but it’s pretty quick.

Taking screenshots:

I took a few screenshots from inside the VM to show to you in this blog post. Extracting them was a bit trickier because I couldn’t get SSHD running. To do so, I installed the guestfs browser on my host OS. It was very straight forward to use it to read the VM image, browse to the ~/Pictures/ directory, and then download the images to my host. Thanks rwmjones!

Conclusion:

Hopefully this will motivate you to contribute to GNOME early and often! There are lots of great tools available, and lots of applications that need some love.

Happy Hacking,

James


Creating a jigsaw puzzle with Inkscape and GIMP

Here is a neat tutorial that uses both Inkscape and GIMP to create a bunch of puzzle pieces from a single image. The tutorial also uses an extension that is not included in Inkscape by default, so to do this tutorial, you will also learn how to install extensions for Inkscape.

title step_3

Using FreeIPA as a backend for DHCP
 

Yeah, this…

Disclaimer: This is not an official guide and in no way represents best practices for FreeIPA. It is ugly and involves the digital equivalent of bashing on screws with a hammer. Having said that, when nobody has invented the right screwdriver yet, sometimes you just have to hammer away.

First, some history. We’ve been running separate DHCP, DNS and LDAP servers since we switched from static IP addresses and a Windows NT domain somewhere around ten years ago. The DHCP server was loosely connected with the DNS server, and I had written this beautifully complex (read: messily unreadable) script that would allow you to quickly add a system to both DHCP and DNS. A few months ago, we migrated all of our users over to FreeIPA, and I started the process of migrating our DNS database over. Unfortunately, this meant that our DHCP fixed addresses were being configured separately from our DNS entries.

Last week I investigated what it would take to integrate our DHCP leases into FreeIPA. First I checked on the web to see if something like this had already been written, but the closest thing I could find was a link to a design page for a feature that’s due to appear in FreeIPA 4.x.

So here’s my (admittedly hacky) contribution:

  1. sync_dhcp – A bash script (put in /srv, chmod +x)that constantly checks whether the DNS zone’s serial number has changed, and, if it has, runs…
  2. generate_dhcp.py – A python script (put in /srv, chmod +x) that regenerates a list of fixed-addresses in /etc/dhcp/hosts.conf
  3. dhcpd.conf – A sample dhcpd.conf (put in /etc/dhcp) that uses the list generated by generate_dhcp.py
  4. sync-dhcp.service – A systemd service (put in /etc/systemd/system) to run sync_dhcp on bootup
  5. make_dns – A script (chmod +x) that allows the sysadmin to easily add new dns entries with a mac address

sync_dhcp does need to know your domain so it knows which DNS zone serial to check, but other than that, the first four files should work with little or no modification. You will need to create a dnsserver user in FreeIPA, give the user read access to DNS entries, and put its password in /etc/dhcp/dnspasswd (readable only by root).

make_dns makes a number of assumptions that are true of our network, but may not be true of yours. It first assumes that you’re using a 10.10.0.0/16 network (yes, I know that’s not right; it’s long story) and that 10.10.9.x and 10.10.10.x IPs are for unrecognized systems. It also requires that you’ve installed freeipa-admintools and run kinit for a user with permissions to change DNS entries, as it’s just basically a fancy wrapper around the IPA cli tools.

Bent Screw Hole Backyard Metal Macros by Steven Depolo used under a CC BY 2.0 license


GStreamer Conference 2014 talks online

For those of you who like me missed this years GStreamer Conference the recorded talks are now available online thanks to Ubicast. Ubicats has been a tremendous partner for GStreamer over the years making sure we have high quality talk recordings online shortly after the conference ends. So be sure to check out this years batch of great GStreamer talks.

Btw, I also done a minor release of Transmageddon today, which mostly includes a couple of bugfixes and a few less deprecated widgets :)

LISA14 – Simplified Remote Management of Linux Servers

I am giving a talk on Simplified Remote Management of Linux Servers at the upcoming LISA14 conference in Seattle, which runs from November 9-14. My talk is 9:45-10:30am on Friday, November 14. LISA is Large Installation System Administration SIG of Usenix.

If you are attending LISA I would enjoy meeting you and discussing anything around system administration, security, and open source in general! Drop me a line and let’s see about scheduling some time.

Abstract:

How do you manage a hundred or a thousand Linux servers? With practice! Managing Linux systems is typically done by an experienced system administrator using a patchwork of standalone tools and custom scripts running on each system. There is a better way to work – to manage more systems in less time with less work – and without learning an entirely new way of working.

OpenLMI (the Linux Management Infrastructure program) delivers remote management of production servers – ranging from high end enterprise servers with complex network and storage configurations to virtual guests. Designed to support bare metal servers and to directly manipulate storage, network and system hardware, it is equally capable of managing and monitoring virtual machine guests.

In this session we will show how a system administrator can use the new tools to function more effectively, focusing on how they extend and improve existing management workflows and expertise.


Fedora @ LinuxCon Europe 2014

The 4th edition of LinuxCon Europe took place in Düsseldorf, Germany, last week and Fedora was there again like at the first three editions. It was the first time the Linux Foundation asked us to pay a fee. In the past, we got a booth and 4 passes for free. This time, we had to pay $750 for the booth and 3 tickets (we could get 4, but only 3 people signed up for the booth duty) which I think is still a good deal because the standard ticket to get to the event is $600. And I also think it’s an amount that is worth paying to have Fedora at the event.

LinuxCon Europe differs from other Linux and open source conferences. The audience is very different. It’s mostly (upstream) developers, devops, an consultants. So you’re not “selling” Fedora to average users who have little or zero experience with Linux. At LinuxCon, you’re selling it to very experienced users. One would say you don’t have to introduce Fedora to such users. But the opposite is true. Not many people can keep their fingers on the pulse of the industry and know about everything that is going on in the world of Linux. And if we want more corporate users of Fedora, and perhaps corporate contributors eventually, we need to promote Fedora to them.

People were more interested in Fedora Server which is different from most events where people are mostly interested in Workstation, but it’s not surprising considering the audience. It really helps to advertise a specialized product because you can clearly say: if you’re interested in server OSes, this is what we have for you and it has these interesting features. That’s why I’m glad we have Fedora Server. From the marketing point of view, it’s much more appealing to have a solution (server product) than just a lego to build it. Quite a few people were interested in Fedora as a future of enterprise Linux because what they work with and care about is Red Hat Enterprise Linux.

We had two demo computers at the booth. One was showcasing Fedora Workstation with GNOME on Wayland and the other one had Fedora Server running with Cockpit, so that people could check out one of the main features of Fedora 21 Server. We also had a plenty of swag (stickers, case badges, badges, DVDs, fliers,…). A lot of Fedora users stopped by to grab a sticker for their computer. Some of them use Fedora on servers or cloud in production, some use it on developer machines.

LinuxCon is also great for networking. You can meet people from all kind of open source projects, from companies where they use Linux heavily, you can learn how they use it, what their needs and expectations are etc. We were lucky that our booth was on a very visible place and Fedora was the only community distribution which had a booth there. So we were getting quite a lot of people at the booth and I brought a handful of business cards of interesting contacts.

I would like to thank the Fedora Project for paying the booth fee and covering lodging for me. I’d also like to thank Christoph Wickert for doing the booth duty with me and Felix Kaechele for not only doing the booth duty, but also for being a local organizer (accommodation, driving, contact for shipping, evening program,…).

Hope to see you at LinuxCon Europe 2015. Where? It hasn’t been announced yet AFAIK.

Our booth (©Linux Foundation)


UEFI y Stella Linux 6.5
Stella Linux, logo oficial
Stella Linux es un 'remix' del famoso sistema operativo CentOS que nos provee una fusión entre entorno de trabajo servidor/escritorio perfectamente funcional. Sin tener que lidiar con el típico problema a la hora de instalar paquetes tan revolucionarios como VLC, OpenShot, Audacious, Skype... a nivel de repositorios. 
Además de que el mantenedor de Stella Linux (supongo que tiene como seudónimo nux) tiene sus propios repositorios llamados SL base, y 'Nux-desktop', 'Nux-misc' además de los propios de CentOS y EPEL proveen software que no se incluyen en los repositorios anteriores.

Nota adicional: En caso de que utilices CentOS, puedes añadir los repositorios de Nux a través de la siguiente página.

Para quién no sepa qué es CentOS. Es una de las mejores distribuciones de Linux orientadas al universo de los servidores además de ser un proyecto comunitario. Es internacionalmente y ampliamente reconocida en este séctor. CentOS básicamente es un clon del sistema operativo de Red Hat llamado RHEL (Red Hat Enterprise Linux) el cuál utiliza multitud de negocios, comercios y sobre todo bolsas de mercado como la NYSE por su gran calidad, robustez, estabilidad y servicio.

Logo de CentOS

El siguiente problema que me encontré cuando intenté utilizarlo en entorno UEFI habilitado, el resultado que obtenía era básicamente el que no podía arrancar. Sin embargo, en modo normal arranca sin problemas.


La solución la encontré visualizando la estructura de directorios que se encontraban en EFI. Resulta que en la opción para arrancar Stella aparece como 'boot' en vez de 'BOOT'. Para solucionarlo, deberemos editar la entrada del gestor de arranque ('GRUB') nada más arrancar el LiveCD/USB... pulsando la tecla de tabulación antes de que inicie el sistema y posteriormente la tecla 'e' en las dos líneas.
Para salvar el cambio temporal es con Enter.

Y cambiar boot por BOOT como en la siguiente imagen:


 Una vez editemos la línea de 'kernel' y 'initrd' pulsamos 'b'.


¡Y ya lo podremos instalar, o usar!

Referencias

Configuring FreeBSD as a FreeIPA client

A recent thread on the freeipa-users mailing list highlighted one user’s experience with setting up FreeBSD as a FreeIPA client, complete with SSSD and Sudo integration. GNU+Linux systems have ipa-client-install, but the lack of an equivalent on FreeBSD means that much of the configuration must be done manually. There is a lot of room for error, and this user encountered several "gotchas" and caveats.

Services that require manual configuration include PAM, NSS, Kerberos and SSSD. Certain features may require even more services to be configured, such as sshd, for known_hosts management. Most of the steps have been outlined in a post on the FreeBSD forums.

But before one can even begin configuring all these services, SSSD, Sudo and related software and dependencies must be installed.

Unfortunately, as also outlined in the forum post, non-default port options and a certain make.conf variable must be set in order to build the software such that the system can be used as a FreeIPA client. Similarly, the official binary package repositories do not provide the packages in a suitable configuration.

Custom package repository

poudriere is a tool for creating binary package repositories compatible with FreeBSD’s next-generation pkg(8) package manager (also known as "pkgng".) The official package repositories are built using poudriere, but anyone can use it to build their own package repositories. Repositories are built in isolated jails (an OS-level virtualisation technology similar to LXC or Docker) and can build packages from a list of ports (or the entire ports tree) with customised options. A customised make.conf file can also be supplied for each jail.

Providing a custom repository with FreeIPA-compatible packages is a practical way to help people wanting to use FreeBSD with FreeIPA. It means fewer steps in preparing a system as a FreeIPA client (fewer opportunities to make mistakes), and also saves a substantial amount of time since the administrator doesn’t need to build any ports. The BSD Now podcast has a detailed poudriere tutorial; all the detail on how to use poudriere is included there, so I will just list the FreeIPA-specific configuration for the FreeIPA repository:

  • security/sudo is built with the SSSD option set
  • WANT_OPENLDAP_SASL=yes appears in the jail’s make.conf

The commands to enable the custom repository and install the required packages on a FreeBSD host appear below. Note that these are Bourne shell commands; this script will not work in the FreeBSD default shell csh.

# mkdir -p /usr/local/etc/pkg/repos
# cat >/usr/local/etc/pkg/repos/FreeIPA.conf <<"EOF"
FreeIPA: {
  url: "https://frase.id.au/pkg/${ABI}_FreeIPA",
  signature_type: "pubkey",
  pubkey: "/usr/share/keys/pkg/FreeIPA.pem",
  enabled: yes
}
EOF
# pkg install -y ca_root_nss
# ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem
# cat >/usr/share/keys/pkg/FreeIPA.pem <<EOF
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAopt0Lubb0ur+L+VzsP9k
i4QrvQb/4gVlmr/d59lUsTr9cz5B5OtNLi+WMVcNh4EmmNIiWoVuQY4Wqjm2d1IA
VCXw+OqeAuj9nUW4jSvI/lDLyErFBXezNM5yggeesiV2ii+uO41zOjUxnSkupFzh
zOWr+Oj4kJI/iNU++3RpzyrBSmSGK9TN9k3afhyDMNlJi5SqK/wOrSjqAMfaufHE
MkJqBibDL/+xx48SbtInhtD4LIneHoOGxVtkLIcTSS5EpnIsDWZgXX6jBatv9LJe
u2UeQsKLKcCgrhT3VX+pc/aDsUFS4ZqOonLRt9mcFVxC4NDNMKsfXTCd760HQXYU
enVLydNavvGtGYQpbUWx5IT3IphaNxWANACpWrcvTawgPyGkGTPd347Nqhm5YV2c
YRf4rVX/S7U0QOzMPxHKN4siZVCspiedY+O4P6qe2R2cTyxntjLVGZcTBlXAdQJ8
UfQuuX97FX47xghxR6wyWfkXGCes2kVdVo0fF0vkYe1652SGJsfWjc5ojR9KFKkD
DN3x3Wu6kW0koZMF3Tf0rtSLDmbZEBddIPFrXo8QHiyqFtU3DLrYWGmbLRkYKnYR
KvG3XCJ6EmvMlfr8GjDIaEiGo7E7IyLusZXXzbIW2EKQdwa6p4N8wrW/30Ov53jp
rO+Bwn10+9DZTupQ3c04lsUCAwEAAQ==
-----END PUBLIC KEY-----
EOF
# pkg update
# pkg install -r FreeIPA cyrus-sasl-gssapi sssd

Once the packages are installed from the custom repository, configuration can continue as indicated in the forum post. At the moment, I am only maintaining one version of the custom repository, for FreeBSD 10.0. 10.1 is not far away; once it is released, I will build it for 10.1 instead. If anyone out there would like it built for 9.3, I can do that too – just let me know!

Future efforts

There is more that can be done to make it easier to integrate non-GNU+Linux systems with FreeIPA. I will conclude this post with some ideas along this trajectory.

Recent versions of FreeIPA include the ipa-advise tool, which explains how various legacy systems can be configured to some extent as FreeIPA clients. ipa-advise config-freebsd-nss-pam-ldapd shows advice on how to configure a FreeBSD system, but the information is out of date in many respects – it references the old binary package tools (which have now been completely removed) and has no information about SSSD. This information should be updated. I have had this task on a sticky-note for a little while now, but if someone else beats me to it, that would be no bad thing.

The latest major version of SSSD is 1.12, but the FreeBSD port is back at 1.9. The 1.9 release is a long-term maintenance (LTM) release, but any efforts to bring 1.12 to FreeBSD alongside 1.9 would undoubtedly be appreciated by the port maintainer and users.

A longer term goal should be a port of (or an equivalent to) ipa-client-install for FreeBSD. Most of the software needed for FreeIPA integration on FreeBSD is similar or identical to that used on GNU+Linux, but there are some differences. It would be a time consuming task – lots of trial runs and testing – but probably not particularly difficult.

In regards to the package repository, work is underway to add support for package flavours to the FreeBSD packaging infrastructure. When this feature is ready, a small effort should be undertaken to add a FreeIPA flavour to the ports tree, and ensure that the resultant packages are made available in the official package repository. Once this is achieved, neither manual port builds nor the custom package repository will be required -everything needed to configure FreeBSD as a FreeIPA client will be available to all FreeBSD users by default.

Cassandra Keyspace case-sensitiveness WTF

cqlsh> DESCRIBE KEYSPACES;
foo   bar  OpsCenter

cqlsh> use opscenter;
Bad Request: Keyspace 'opscenter' does not exist

cqlsh> use OpsCenter;
Bad Request: Keyspace 'opscenter' does not exist

cqlsh> USE "OpsCenter";
cqlsh:OpsCenter>

Seriously this is the way Cassandra handle case-sensitiveness ???

FUDCon Managua - No seas tonto: Fortifica tu servidor con SELinux (Slides)
For the interested, here are my slides for the topic (in Spanish): No seas tonto: Fortifica tu servidor con SELinux.
 
Download it as PDF from this URL: http://goo.gl/n9ybN9

October 21, 2014

New badge: Let's have a party (Fedora 21) !
Let You organized a party for the release of Fedora 21
[GNU IceCat] 31.1.1 released

GNU Icecat is now available on Fedora repositories.

We’ve packaged latest release 31.1.1 based on Firefox 31 ESR. The 08th October, it has been announced by IceCat’s new maintainer, Rubén Rodríguez:

After many small changes and improvements I managed to produce a new
release for IceCat, available (by now) here:
http://gnuzilla.gnu.org/releases/31.1.1/

I'd like to get some testing and feedback before doing the official
release, also to get time to update the documentation.

Some notes:

- It is based on Firefox 31 ESR. I decided to stick to the ESR upstream
releases (https://www.mozilla.org/en-US/firefox/organizations/faq/)
because they provide security updates over a stable base. This way we
won't have to fight with changes in the APIs we base our features on.
That will also eventually allow to port privacy features from
TorBrowser, which is being upgraded to follow v31 ESR too.

- To filter privacy trackers I modified Adblock Plus to allow filter
subscriptions to be optionally enabled during Private Browsing mode. I
did some other small changes, along with removing the "acceptable ads"
pseudofeature. Because of all this I decided to rebrand the extension to
"Spyblock", to avoid confusion with the upstream project.
I also set custom lists at http://gnuzilla.gnu.org/filters/ and I made a
point of preserving self-served advertisement, as the goal is not to
block ads but to preserve privacy. That's another reason for rebranding.

- I compiled binary packages for GNU/Linux using Trisquel 6, both for 32
and 64 bit. Those binaries should work in most recent distros. These are
the ones I'm more certain that should work: Trisquel 6 and 7, Ubuntu
Precise or newer, Debian Wheezy, testing and sid. Please test in other
distros and send reports of success and any bugs you find.

- Video in h264 format (youtube, vimeo...) only shows a black screen in
my machines, but so do the precompiled Firefox bundles, so I guess they
need to be compiled in a less "portable" way for that feature to work.
It seems to work when packaged for Trisquel.

- Packagers are welcome! We want to get the package in other distros and
also compiled for MacOS and Windows.

Happy testing!

 

 

icecatOriginally, it’s released including some free-addons:

* LibreJS (6.0.1)
GNU LibreJS aims to address the JavaScript problem described in Richard
Stallman’s article The JavaScript Trap.

* SpyBlock (2.6.3.0)
Blocks privacy trackers while in normal browsing mode, and all third party
requests when in private browsing mode. Based on Adblock Plus.

* AboutIceCat
Adds a custom “about:icecat” homepage with links to information about the
free software and privacy features in IceCat, and check-boxes to enable
and disable the ones more prone to break websites.

HTTPS-Everywhere is already packaged in Fedora. Request Policy is NOT included in Icecat but package separately.
I don’t exclude the packaging of additional free addons in future.

Installation

If you have enabled Icecat copr project previously, disable it before to install Icecat by Fedora repositories:

# dnf copr disable sagitter/Icecat
# yum install icecat --enablerepo=updates-testing

Testing

If you’re interested, please, install IceCat by yum or dnf from Fedora updates-testing repositories and leave a positive/negative karma or open a bug report if something is wrong.


Filed under: Articoli, English, FedoraPlanet, Fedoraproject, GNU, IceCat, Packaging, RPM, Software
HEADS-UP: mod_qos Update

I've pushed mod_qos-11.5 into testing, I didn't want to keep 10.x because it does not support IPv6 properly.

If you happen to use mod_qos, I'd really appreciate your feedback either in Bugzilla, Bodhi, email or irc

EDIT: EPEL7 package

Server WG Weekly Meeting Minutes (2014-10-21)

<html> <head> <meta content="text/html;charset=UTF-8" http-equiv="Content-type"/>
<style type="text/css"> /* This is for the .html in the HTML2 writer */ body { font-family: Helvetica, sans-serif; font-size:14px; } h1 { text-align: center; } a { color:navy; text-decoration: none; border-bottom:1px dotted navy; } a:hover { text-decoration:none; border-bottom: 0; color:#0000B9; } hr { border: 1px solid #ccc; } /* The (nick, time) item pairs, and other body text things. */ .details { font-size: 12px; font-weight:bold; } /* The 'AGREED:', 'IDEA', etc, prefix to lines. */ .itemtype { font-style: normal; /* un-italics it */ font-weight: bold; } /* Example: change single item types. Capitalized command name. /* .TOPIC { color:navy; } */ /* .AGREED { color:lime; } */ </style>

</head> <body>

#fedora-meeting-1: Server Working Group Weekly Meeting (2014-10-21)

Meeting started by sgallagh at 15:00:33 UTC (full logs).

Meeting summary

  1. roll call (sgallagh, 15:00:33)
  2. Agenda (sgallagh, 15:06:12)
    1. Agenda Item: Fedora 21 Install Media (sgallagh, 15:06:33)
    2. Agenda Item: Fedora 21 Beta Status (sgallagh, 15:06:33)

  3. Fedora 21 Install Media (sgallagh, 15:08:37)
    1. AGREED: Server WG finds it acceptable that all netinstalls be universal and select Server as the default installation environment in interactive Anaconda. (+8, 0, -0) (sgallagh, 15:21:43)

  4. Fedora 21 Beta Status (sgallagh, 15:22:26)
    1. https://www.happyassassin.net/testcase_stats/21/Server.html (adamw, 15:25:26)
    2. danofsatx has been running tests against the Domain Controller Role. Is encountering an issue with named. (sgallagh, 15:26:50)
    3. ACTION: junland to jump right in with TC testing (sgallagh, 15:27:40)
    4. ACTION: danofsatx to file a bug against FreeIPA for the named start failure (sgallagh, 15:28:43)
    5. we really need to run those tests against Beta TC4/RC1 (sgallagh, 15:29:23)
    6. https://fedoraproject.org/wiki/Test_Results:Fedora_21_Beta_TC4_Server (sgallagh, 15:29:35)
    7. https://fedoraproject.org/wiki/Fedora_21_Beta_Release_Criteria#Server_Product_requirements (sgallagh, 15:30:19)
    8. for anyone who doesn’t know, you can nominate blocker bugs at https://qa.fedoraproject.org/blockerbugs/propose_bug , or just mark them as blocking the bug ‘BetaBlocker’ and explain why in a comment. (sgallagh, 15:32:01)
    9. Go/No-Go Meeting is Thursday, which means we hopefully don’t have any blockers but if there are any we need to know *today* to have any chance of avoiding slippage. (sgallagh, 15:35:25)
    10. It would be appreciated if anyone with spare cycles spends some time testing Beta TC4 today. (sgallagh, 15:36:03)

  5. Open Floor (sgallagh, 15:40:57)
    1. Product GUI install media still doesn’t have the Product Logo (sgallagh, 15:46:34)
    2. No risk to Beta release due to branding/logo (sgallagh, 15:48:28)

  6. Server WG Test Day (sgallagh, 15:50:06)
    1. ACTION: junland to look into scheduling a Fedora Server Test Day (sgallagh, 15:57:26)

Meeting ended at 16:02:18 UTC (full logs).

Action items

  1. junland to jump right in with TC testing
  2. danofsatx to file a bug against FreeIPA for the named start failure
  3. junland to look into scheduling a Fedora Server Test Day

Action items, by person

  1. danofsatx
    1. danofsatx to file a bug against FreeIPA for the named start failure
  2. junland
    1. junland to jump right in with TC testing
    2. junland to look into scheduling a Fedora Server Test Day

People present (lines said)

  1. sgallagh (108)
  2. adamw (37)
  3. simo (35)
  4. junland (26)
  5. nirik (13)
  6. danofsatx (13)
  7. zodbot (9)
  8. tuanta (5)
  9. mitr (3)
  10. davidstrauss (2)
  11. stefw (0)
  12. mizmo (0)

Generated by MeetBot 0.1.4. </body></html>

Toma, te comparto mi tema :)

Hoy, hoy les comparto mi tema :) Clearlook custom  + Flattr custom

Acerca los colores (android holo theme),estos están en mi github, sobre los iconos son los famosos Flattr pero los estoy modificando ya que algunos se ven mal ( sobre todo cuando le das a alt + tab) así que si te gusta como se ven , vamos te animo a descargarlos :)

Descargar tema desde GitHub

ClearLook

Window Background                    #DCD9DD

Window Text                                 #1A1A1A

Input Boxes Background            #D0D0D0

Input Boxes Text                         #1A1A1A

Selected Items Background    #56B8D8

Selected Items Text                  #F0F0F0

Tooltips Background                 #F0F0F0

Tooltips Text                              #1A1A1A


Quedando así

Screenshot-2


Screenshot-4


n0oir.

 


Malayalam opentype specification – part 1

This post is a promised followup from last November documenting intricacies of opentype specification for Indic languages, specifically for Malayalam. There is an initiative to document similar details in the IndicFontbook, this series might make its way into it. A Malayalam unicode font supporting traditional orthography is required to correctly display most of the examples described in this article, some can be obtained from here.

Malayalam has a complex script, which in general means the shape and position of glyphs are determined in relation with other surrounding glyphs, for example a single glyph can be formed out of a combination of independent glyphs in a specific sequence forming a conjunct. Take an example: ക + ്‌ ‌+ ത + ്‌ + ര => ക്ത്ര in traditional orthography. Note that in almost all the cases glyph shaping and positioning change such as this example is due to the involvement of Virama diacritic ” ്‌ “. The important rules on glyph forming are:

  1. When Virama is used to combine two Consonants, it usually forms a Conjunct, such as ക + ്‌ ‌+ ത => ക്ത. This is known as C₁ conjoining as a half form of first consonant is joined with second consonant.
  2. The notable exceptions to point 1 are when the followed Consonants are either of യ, ര, ല, വ. In those cases, they form the ‘Mark’ shapes of യ, ര, ല, വ =>  ്യ, ്ര,  ്ല,  ്വ. This is known as C₂ conjoining as a modified form of second consonant is attached to the first consonant.
  3. When Virama is used to combine a Consonant with Vowel, the Vowel forms a Vowel Mark => such as ാ, ി, ീ.

Opentype organizes these glyph forming and shaping logic by a sequence of ‘Lookup tables (or rules)’ to be defined in the font. The first part gives an overview of the relevant lookup rules used for glyph processing by shaping engine such as Harfbuzz or Uniscribe.

Only those opentype features applicable for Malayalam are discussed. The features (or lookups) are applied in the following order:

  1. akhn (Akhand – used for conjuncts like ക്ക, ക്ഷ, ല്ക്ക, യ്യ, വ്വ, ല്ല etc)
  2. pref (Pre-base form – used for pre base form of Ra –  ്‌ + ര =   ്ര)
  3. blwf (Below base form – used for below base form of La – virama+La – ്‌ + ല =  ്ല)
  4. half (Half form – Not used in mlm2 spec by Rachana and Meera, but used in mlym spec and might be useful later. For now, ignore)
  5. pstf (Post base form – used for post base forms of Ya and Va – ്‌ +യ =  ്യ, ്‌ + വ = ്വ. Note that  യ്യ & വ്വ are under akhn rule)
  6. pres (Pre-base substitution – mostly used for ligatures involving pref Ra – like ക്ര, പ്ര, ക്ത്ര, ഗ്ദ്ധ്ര  etc)
  7. blws (Below base substitution – used for ligatures involving blwf La – like ക്ല, പ്ല, ത്സ്ല etc. Note that  ല്ല is under akhn rule)
  8. psts (Post base substitution – used for ligatures involving post base Matras – like കു, ക്കൂ, മൃ etc)
  9. abvm (Above base Mark  positioning – used for dot Reph – ൎ)

Last 3 forms (pres, blws, psts) are presentation forms, they have lower priority in the glyph formation. They usually form the large number of secondary glyphs. The final one (abvm) is not a GSUB (glyph substitution lookup) but a GPOS (glyph position lookup) – this is used to position dotreph correctly above the glyphs.

  • akhn: Use this for conjuncts (കൂട്ടക്ഷരങ്ങള്‍) like ക്ക, ട്ട, ണ്ണ, ക്ഷ, യ്യ, വ്വ, ല്ല, മ്പ. This rule has the highest priority, so akhn glyphs won’t be broken by the shaping engine.
  • pref: Used only for pre-base form of Ra ര –  ്ര
  • blwf: Used only for below base form of La ല –  ്ല
  • pstf: Used for the post base forms of Ya, Va യ, വ – ്യ, ്വ
  • pres: One of the presentation forms, mostly used for ligatures/glyphs with pref Ra ര – like ക്ര, പ്ര, ക്ത്ര, ഗ്ദ്ധ്ര etc. This could also used together with the ‘half’ forms in certain situations, but that is for later.
  • blws: Used for ligatures/glyphs with blwf La ല – like ക്ല, പ്ല, ത്സ്ല etc.
  • psts: Used by a large number of ligatures/glyphs due to the post base Matras (ു,ൂ,ൃ etc) – like  കു, ക്കൂ, മൃ etc. Other Matras (ാ,ി,ീ,േ,ൈ,ൈ,ൊ,ോ,ൌ,ൗ) are implicitly handled by the shaping engine based on their Unicode properties (pre-base, post-base etc) as they don’t form a different glyph together with a consonant – there is no need to define lookup rules for those matras in the font.

I will discuss these lookup rules and how they fit in the glyph shaping sequence with detailed examples in next episodes.

(P.S: WordPress tells me I started this blog 7 years ago on this day. How time flies.)


Tagged: fonts, opentype
A GNOME Kernel wishlist
GNOME has long had relationships with Linux kernel development, in that we would have some developers do our bidding, helping us solve hard problems. Features like inotify, memfd and kdbus were all originally driven by the desktop.

I've posted a wishlist of kernel features we'd like to see implemented on the GNOME Wiki, and referenced it on the kernel mailing-list.

I hope it sparks healthy discussions about alternative (and possibly existing) features, allowing us to make instant progress.
Software Collections: new look and documentation

SoftwareCollections.org website has been given a new fresh look to make your browsing experience a bit better. We have also integrated the full documentation into the website to make it more accessible. Questions? Ask them directly on the web.

Software Collections website

What are Software Collections?

Software Collections allow you to use multiple versions of software on the same system. And it doesn’t affect the system packages which are already installed.

In traditional packaging it’s up to the distribution to choose what packages in which versions they want to include. And a life cycle of the packages is often chosen to fit the distribution’s release cycle.

Software Collections allow you to go the opposite way. Developers can package their software in a version of their choice for the distributions they like. That means it’s the developer who decides about new releases. Life cycle of their packages is independent of the distribution.

Available for Fedora, RHEL and CentOS.

October 20, 2014

Conferencia Internacional de Software Libre 2014

Last week I attended CISL. The event was good, several people came to our stand to talk about Fedora and ARM (I brought a HummingBoard and a Raspberry Pi).
I had the pleasure of meeting with Jon “maddog” Hall, director of Linux International. We took a picture together and then he told me about the community effort of translating assembler code into C or ASM compatible with ARMv8+ (aarch64).

2014-10-14 12.50.08

Two candidates to the ambssadors team also came to talk and learn more about FOSS events.

2014-10-14 10.21.22 2014-10-14 10.23.00 2014-10-14 12.50.08 2014-10-14 10.32.48 2014-10-14 17.20.42 2014-10-14 17.19.45 2014-10-14 13.25.55 2014-10-14 13.07.36
Create a simple button in inkscape in 3 steps

Here is a awesome tutorial on creating a simple button for your next user interface in Inkscape. The author assumes that you have a basic grasp of Inkscape before using this tutorial, there are no screenshots of which buttons to press. It is simply a explanation of the workflow used to make this button.

inkscape-button

Latinoware2014 - oVirt Report
Last week I have participated of Latinoware conference from 15th to 17th Oct in Foz do Iguacu/Brazil with 4.532 attendees. We (as Red Hat) went with a huge number of Red Hatters and Fedora people to promote the Open Source. As I went there to promote oVirt project, below my view of talks.

oVirt Overview


Amador gave a talk explaining the oVirt components and architecture, from oVirt Node until the new features available in 3.5 version. The crowd made general questions and as usual how to migrate their datacenter from Vmware to oVirt. Congrats Amador!

Slides: http://www.ovirt.org/images/e/eb/Ovirt-overview-latinoware2014.odp

virt-v2v professional uncomplicated migration


Laercio works at Itaipu Technological Park (PTI) where creation and sharing of knowledge are the standouts. Established in 2003 by Itaipu Binacional – world's largest hydroelectric generation plant in energy generation - the PTI's position as a science and technology hub in Brazil and Paraguay is consolidated. He demonstrated how they migrated from libvirt/kvm to oVirt and encourage people to do the same. We had cases from crowed asking how to migrate from Xen using the same tool, pretty cool talk.

Slides (in pt_BR): http://www.ovirt.org/images/0/00/Virt-v2v-latinoware2014.odp

oVirt and Spice as VDI Solution


Candido Raphael is a consultant which showed in his talk how he used oVirt and Spice in two customers as VDI solution. One of customers was software house which had issues with their employees not creating virtual machines centralized and the other solution was to a car reseller. Well done!

Slides: http://www.ovirt.org/images/a/a2/OVirt-Spice_Protocol_V01.pdf

oVirt Node Project


Despite of few months working officially as oVirt Node engineer, I have been contributing with several patches which made me brave enough (wearing my hat) to talk about it. I have shared what's the ovirt-node project, how to install/update, how to contribute with it and even showed hosted-engine feature which is available in 3.5 version. During the talk I was interrupted several times for questions, which was good and in the end I had a student looking for help in his final work at college.

Slides: http://www.ovirt.org/images/a/af/Ovirt-node-latinoware2014.odp

Thanks


Besides the oVirt team we also had many other Red Hatters attending the conference and presenting talks, such as Amador Pahim (oVirt), Leonardo Vaz (XFS and Gluster), Daniel Bristot (Realtime), Marcelo Leitner and Flavio Leitner (OpenVSwitch), Herton (Kernel), Carlos Maiolino (XFS), Ricardo Martinelli (OpenShift), Mauricio Leal, Pedro Ganen. I would like to thank them for their presence. Finally, I would like to thank Fedora folks and specially the Latinoware organization team for making the greatest FOSS conference in Latin America.
[slic3r] Created branch polyclipping620
Alt + f2 en Mate-Desktop

Hola a todos :) , hoy veremos un pequeño tip ( no, no lo es ) bueno el asunto era el siguiente: o yo era demaciado noob o mate-desktop había borrado el atajo (alt+f2), bueno leyendo por ahí los usuarios de cinnamon y mint reclaman el mismo detalle . Si bien una opción era editar y compilar un módulo (paso), otra opción era instalar un paquete llamado “grun” no disponible en RPM (paso otra vez), bueno ya casi cuando había dado por perdido el atajo , metí mano a compiz y logré solucionarlo ( si es que eso es un problema, no lo sé), así que aquí van los pasos:

aclaro que uso compiz como decorador, vale ?

1. vayan al control center > configuración de compizmanager

Screenshot


2. Dentro del menú habiliten la compatibilidad con Mate y luego entren ahí

Screenshot-1


3. Donde dice “Run Dialog” dejénlo tal cual, o elijan la combinación que quieran

Screenshot-2


4. Ahora presionan alt + f2 y listo :)

Screenshot-3


5. Nota mental “Cambiar configuración por defecto jajajajaja”

 

Saludos a todos :)

 

 

 


Re-enable disabled NetworkManager notifications ..
By mistake I've disabled all network notification .. I'm especially interested in my VPN notification cos I tend to mistype my password. Here's a quick trick how to re-enable all disabled notifications


gsettings set org.gnome.nm-applet disable-connected-notifications false
gsettings set org.gnome.nm-applet disable-disconnected-notifications false
gsettings set org.gnome.nm-applet disable-vpn-notifications false
Can SSL 3.0 be fixed? An analysis of the POODLE attack.

SSL and TLS are cryptographic protocols which allow users to securely communicate over the Internet. Their development history is no different from other standards on the Internet. Security flaws were found with older versions and other improvements were required as technology progressed (for example elliptic curve cryptography or ECC), which led to the creation of newer versions of the protocol.

It is easier to write newer standards, and maybe even implement them in code, than to adapt existing ones while maintaining backward compatibility. The widespread use of SSL/TLS to secure traffic on the Internet makes a uniform update difficult. This is especially true for hardware and embedded devices such as routers and consumer electronics which may receive infrequent updates from their vendors.

The fact that legacy systems and protocols need to be supported, even though more secure options are available, has lead to the inclusion of a version negotiation mechanism in SSL/TLS protocols. This mechanism allows a client and a server to communicate even if the highest SSL/TLS version they support is not identical. The client indicates the highest version it supports in its ClientHello handshake message, then the server picks the highest version supported by both the client and the server, then communicates this version back to the client in its ServerHello handshake message. The SSL/TLS protocols implement protections to prevent a man-in-the-middle (MITM) attacker from being able to tamper with handshake messages that force the use of a protocol version lower than the highest version supported by both the client and the server.

Most popular browsers implement a different out-of-band mechanism for fallback to earlier protocol versions. Some SSL/TLS implementations do not correctly handle cases when a connecting client supports a newer TLS protocol version than supported by the server, or when certain TLS extensions are used. Instead of negotiating the highest TLS version supported by the server the connection attempt may fail. As a workaround, the web browser may attempt to re-connect with certain protocol versions disabled. For example, the browser may initially connect claiming TLS 1.2 as the highest supported version, and subsequently reconnect claiming only TLS 1.1, TLS 1.0, or eventually SSL 3.0 as the highest supported version until the connection attempt succeeds. This can trivially allow a MITM attacker to cause a protocol downgrade and make the client/server use SSL 3.0. This fallback behavior is not seen in non HTTPS clients.

The issue related to the POODLE flaw is an attack against the “authenticate-then-encrypt” constructions used by block ciphers in their cipher block chaining (CBC) mode, as used in SSL and TLS. By using SSL 3.0, at most 256 connections are required to reliably decrypt one byte of ciphertext. Known flaws already affect RC4 and non block-ciphers and their use is discouraged.

Several cryptographic library vendors have issued patches which introduce the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) support to their libraries. This is essentially a fallback mechanism in which clients indicate to the server that they can speak a newer SSL/TLS versions than the one they are proposing. If TLS_FALLBACK_SCSV was included in the ClientHello and the highest protocol version supported by the server is higher than the version indicated by the client, the server aborts the connection, because it means that the client is trying to fallback to a older version even though it can speak the newer version.

Before applying this fix, there are several things that need to be understood:

  • As discussed before, only web browsers perform an out-of-band protocol fallback. Not all web browsers currently support TLS_FALLBACK_SCSV in their released version. Even if the patch is applied on the server, the connection may still be unsafe if the browser is able to negotiate SSL 3.0
  • Clients which do not implement out-of-protocol TLS version downgrades (generally anything which does not speak HTTPS) do not need to be changed. Adding TLS_FALLBACK_SCSV is unnecessary (and even impossible) if there is no downgrade logic in the client application.
  • Thunderbird shares a lot of its code with the Firefox web browser, including the connection setup code for IMAPS and SMTPS. This means that Thunderbird will perform an insecure protocol downgrade, just like Firefox. However, the plaintext recovery attack described in the POODLE paper does not apply to IMAPS or SMTPS, and the web browser in Thunderbird has Javascript disabled, and is usually not used to access sites which require authentication, so the impact on Thunderbird is very limited.
  • The TLS/SSL server needs to be patched to support the SCSV extension – though, as opposed to the client, the server does not have to be rebuilt with source changes applied. Just installing an upgrade TLS library is sufficient. Due to the current lack of browser support, this server-side change does not have any positive security impact as of this writing. It only prepares for a future where a significant share of browsers implement TLS_FALLBACK_SCSV.
  • If both the server and the client are patched and one of them only supports SSL 3.0, SSL 3.0 will be used directly, which results in a connection with reduced security (compared to currently recommended practices). However, the alternative is a total connection failure or, in some situations, an unencrypted connection which does nothing to protect from an MITM attack. SSL 3.0 is still better than an unencrypted connection.
  • As a stop-gap measure against attacks based on SSL 3.0, disabling support for this aging protocol can be performed on the server and the client. Advice on disabling SSL 3.0 in various Red Hat products and components is available on the Knowledge Base.

Information about (the lack of ongoing) attacks may help with a decision. Protocol downgrades are not covert attacks, in particular in this case. It is possible to log SSL/TLS protocol versions negotiated with clients and compare these versions with expected version numbers (as derived from user profiles or the HTTP user agent header). Even after a forced downgrade to SSL 3.0, HTTPS protects against tampering. The plaintext recovery attack described in the POODLE paper (Bodo Möller, Thai Duong, Krzysztof Kotowicz, This POODLE Bites: Exploiting The SSL 3.0 Fallback, September 2014) can be detected by the server and just the number of requests generated by it could be noticeable.

Red Hat has done additional research regarding the downgrade attack in question. We have not found any clients that can be forcibly downgraded by an attacker other than clients that speak HTTPS. Due to this fact, disabling SSL 3.0 on services which are not used by HTTPS clients does not affect the level of security offered. A client that supports a higher protocol version and cannot be downgraded is not at issue as it will always use the higher protocol version.

SSL 3.0 cannot be repaired at this point because what constitutes the SSL 3.0 protocol is set in stone by its specification. However, starting in 1999, successor protocols to SSL 3.0 were developed called TLS 1.0, 1.1, and 1.2 (which is currently the most recent version). Because of the built-in protocol upgrade mechanisms, these successor protocols will be used whenever possible. In this sense, SSL 3.0 has indeed been fixed – an update to SSL 3.0 should be seen as being TLS 1.0, 1.1, and 1.2. Implementing TLS_FALLBACK_SCSV handling in servers makes sure that attackers cannot circumvent the fixes in later protocol versions.

Rejuvenate your Fedora desktop with Moka

GNOME is cool and beautiful, and the default Adwaita theme has matured greatly since it was introduced in GNOME 3.0. In fact, the Adwaita theme in Fedora 21 is now looking better than ever. However, I have used it for a long time, and I kinda feel like using a different theme — After all, who doesn’t like to have a change once in a while? So, I decided to put new life into my desktop, and my search ended with the great moka project.

Moka GTK Theme

Moka GTK Theme

Moka started as a single Linux desktop icon theme, but over time it has gradually evolved into an entire project & brand identity that provides quality designs to people. Moka is about personalization and its goal is to provide an assortment of style options to allow you to customize your experience.

mokaproject.com

Good design speaks for itself, right? Here it goes:

Moka Icon Set Moka Gnome Shell Theme Moka GTK Theme

Prerequisites

Due to the emphasis on simplicity, GNOME 3 doesn’t provide a GUI tool to configure settings like changing the GTK theme, GNOME Shell theme, or icon theme. However, Gnome Tweak Tool, created by John Stowers, does provide these functionalities. We also need a gnome shell extension named User Themes to load shell themes. Install both using the following command:

$ sudo yum install gnome-tweak-tool gnome-shell-extension-user-theme -y

Now open up Gnome Tweak Tool. Make sure that “user themes” is switched on in the extensions tab.

Enable User Theme Extension

Enable User Theme Extension

Installation

To install moka, first you need to add it’s repository to your system. It can be done with the following command.

$ sudo yum-config-manager --add-repo http://mokaproject.com/packages/rpm/moka-stable.repo

Lets see what are the packages provided by the Moka project and how can you use them to theme GNOME:

Window & GTK+ Themes: The window theme is applied to the top bar with the application title and controls such as minimize, maximize and close. The GTK+ theme controls other aspects of the window such as the backgrounds for windows and tabs, how an application will look when it is active vs. inactive, buttons, check-boxes, etc. The Orchis GTK Theme is created for this and you can install it using:

$ sudo yum install orchis-gtk-theme -y

Gnome Shell Theme: GNOME Shell provides core user interface functions for GNOME, like switching to windows and launching applications. User interface elements provided by GNOME Shell include the Panel at the top of the screen, the Activities Overview, and Message Tray at the bottom of the screen. All these can be styled using a Gnome Shell theme and we use Moka Gnome Shell Theme here:

$ sudo yum install moka-gnome-shell-theme -y

Icon Theme: It is a set of icons that share a common look and feel and all apps use icons from the currently selected theme. Moka Project provides two icon themes named Moka Icon Theme and Faba Icon Theme. Install them using:

$ sudo yum install faba-icon-theme faba-mono-icons moka-icon-theme -y

Once you installed above packages, you can change the themes using Gnome Tweak Tool. Open up Gnome Tweak Tool, go to the appearance tab and set the above themes. You can use the screenshot as a reference.

Appreance Settings

Appreance Settings

If you are interested, some beautiful wallpapers are also provided by moka project. You can download it from mokaproject.com/wallpapers/.

The Brains

Moka wouldn’t exist without the dedication of Sam Hewitt who, as Moka’s benevolent dictator (for life), solely designs, develops & maintains the entire project.

Sam consumes (too much) coffee & spends countless hours on Moka’s products –obsessing over Moka’s pixel-perfection & responding to all you lovely people.

mokaproject.com

It seems moka project is named after Moka coffee pot, due to his coffee addiction ;) So, if you like the icon set and the theme, be sure to show him some love. It will help him to keep fresh coffee inside his moka pot.

Introduction to Fedora on Software Freedom Day Phnom Penh

It is the first time that Software Freedom Day will be organized in Phnom Penh on November 1st, 2014 by some folks. They planned to have 100 participants and there will be a few booth as well. In the mean time, I will take this opportunity to give a talk on “Introduction to Fedora”, but we do not have enough resources for placing a booth there, so I decided to give a talk only.

Below is the schedule of the whole event:

Opening

  • 1:45pm – 1:55pm: Opening speech by Dr. Sopheap Seng, President of NIPTICT
  • 1:55pm – 2:15pm: Why Freedom Matters by Frederic Muller, President of Digital Freedom Foundation

Tracks

Technical track

  • 2:15pm – 2:45pm: Google (TBC)
  • 2:45pm – 3:15pm: Mozilla OS for mobile by Arky (TBC)
  • 3:15pm – 3:45pm: Kickstart a JavaScript project with Yeoman, Grunt & Bower (Darren Jensen, Founder of DevBootstrap.com)

  • 3:45pm – 4:45pm: Rebuild servers with GNU/Linux (Leap Sok, Collaborator of OS Cambodia)
  • 4:45pm – 5:15pm: tbc

Users track

  • 2:15pm – 2:45pm: Moodle by NIPTICT
  • 2:45pm – 3:15pm: Fedora by Somvannda Kong
  • 3:15pm – 3:45pm: eCommerce Free software by Jeff Laflamme (TBC)
  • 3:45pm – 4:15pm: Jack from hackerspace (TBC)
  • 4:15pm – 4:45pm: CentOS by NIPTICT
  • 4:45pm – 5:15pm: Migrating to Free Software by Tom Wilkins, OS Cambodia

Closing

  • 5:15pm – 5:30pm: Closing speech by Rapid from NIPTICT / Fred from Digital Freedom Foundation
  • 5:30pm: Group pictures (all volunteers, speakers, exhibitors and audiences)

October 19, 2014

Throughout the day of October 17, last day of eleven edition of LatinoWare, by morning gaved a talk...
Throughout the day of October 17, last day of eleven edition of LatinoWare, by morning gaved a talk about Fedora QA with full room.
Afternoon we finished the distribution of the remaining gifts Fedora and talked with some people interested in joining the Fedora Project.. #fedora #latinoware #linux  

LatinoWare 2014


October 18, 2014

Hacking out an Openshift app

I had an itch to scratch, and I wanted to get a bit more familiar with Openshift. I had used it in the past, but it was time to have another go. The app and the code are now available. Feel free to check out:

https://pdfdoc-purpleidea.rhcloud.com/

This is a simple app that takes the URL of a markdown file on GitHub, and outputs a pandoc converted PDF. I wanted to use pandoc specifically, because it produces PDF’s that were beautifully created with LaTeX. To embed a link in your upstream documentation that points to a PDF, just append the file’s URL to this app’s url, under a /pdf/ path. For example:

https://pdfdoc-purpleidea.rhcloud.com/pdf/https://github.com/purpleidea/puppet-gluster/blob/master/DOCUMENTATION.md

will send you to a PDF of the puppet-gluster documentation. This will make it easier to accept questions as FAQ patches, without needing to have the git embedded binary PDF be constantly updated.

If you want to hear more about what I did, read on…

The setup:

Start by getting a free Openshift account. You’ll also want to install the client tools. Nothing is worse than having to interact with your app via a web interface. Hackers use terminals. Lucky, the Openshift team knows this, and they’ve created a great command line tool called rhc to make it all possible.

I started by following their instructions:

$ sudo yum install rubygem-rhc
$ sudo gem update rhc

Unfortunately, this left with a problem:

$ rhc
/usr/share/rubygems/rubygems/dependency.rb:298:in `to_specs': Could not find 'rhc' (>= 0) among 37 total gem(s) (Gem::LoadError)
    from /usr/share/rubygems/rubygems/dependency.rb:309:in `to_spec'
    from /usr/share/rubygems/rubygems/core_ext/kernel_gem.rb:47:in `gem'
    from /usr/local/bin/rhc:22:in `'

I solved this by running:

$ gem install rhc

Which makes my user rhc to take precedence over the system one. Then run:

$ rhc setup

and the rhc client will take you through some setup steps such as uploading your public ssh key to the Openshift infrastructure. The beauty of this tool is that it will work with the Red Hat hosted infrastructure, or you can use it with your own infrastructure if you want to host your own Openshift servers. This alone means you’ll never get locked in to a third-party providers terms or pricing.

Create a new app:

To get a fresh python 3.3 app going, you can run:

$ rhc create-app <appname> python-3.3

From this point on, it’s fairly straight forward, and you can now hack your way through the app in python. To push a new version of your app into production, it’s just a git commit away:

$ git add -p && git commit -m 'Awesome new commit...' && git push && rhc tail

Creating a new app from existing code:

If you want to push a new app from an existing code base, it’s as easy as:

$ rhc create-app awesomesauce python-3.3 --from-code https://github.com/purpleidea/pdfdoc
Application Options
-------------------
Domain:      purpleidea
Cartridges:  python-3.3
Source Code: https://github.com/purpleidea/pdfdoc
Gear Size:   default
Scaling:     no

Creating application 'awesomesauce' ... done


Waiting for your DNS name to be available ... done

Cloning into 'awesomesauce'...
The authenticity of host 'awesomesauce-purpleidea.rhcloud.com (203.0.113.13)' can't be established.
RSA key fingerprint is 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'awesomesauce-purpleidea.rhcloud.com,203.0.113.13' (RSA) to the list of known hosts.

Your application 'awesomesauce' is now available.

  URL:        http://awesomesauce-purpleidea.rhcloud.com/
  SSH to:     00112233445566778899aabb@awesomesauce-purpleidea.rhcloud.com
  Git remote: ssh://00112233445566778899aabb@awesomesauce-purpleidea.rhcloud.com/~/git/awesomesauce.git/
  Cloned to:  /home/james/code/awesomesauce

Run 'rhc show-app awesomesauce' for more details about your app.

In my case, my app also needs some binaries installed. I haven’t yet automated this process, but I think it can be done be creating a custom cartridge. Help to do this would be appreciated!

Updating your app:

In the case of an app that I already deployed with this method, updating it from the upstream source is quite easy. You just pull down and relevant commits, and then push them up to your app’s git repo:

$ git pull upstream master 
From https://github.com/purpleidea/pdfdoc
 * branch            master     -> FETCH_HEAD
Updating 5ac5577..bdf9601
Fast-forward
 wsgi.py | 2 --
 1 file changed, 2 deletions(-)
$ git push origin master 
Counting objects: 7, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 312 bytes | 0 bytes/s, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: Stopping Python 3.3 cartridge
remote: Waiting for stop to finish
remote: Waiting for stop to finish
remote: Building git ref 'master', commit bdf9601
remote: Activating virtenv
remote: Checking for pip dependency listed in requirements.txt file..
remote: You must give at least one requirement to install (see "pip help install")
remote: Running setup.py script..
remote: running develop
remote: running egg_info
remote: creating pdfdoc.egg-info
remote: writing pdfdoc.egg-info/PKG-INFO
remote: writing dependency_links to pdfdoc.egg-info/dependency_links.txt
remote: writing top-level names to pdfdoc.egg-info/top_level.txt
remote: writing manifest file 'pdfdoc.egg-info/SOURCES.txt'
remote: reading manifest file 'pdfdoc.egg-info/SOURCES.txt'
remote: writing manifest file 'pdfdoc.egg-info/SOURCES.txt'
remote: running build_ext
remote: Creating /var/lib/openshift/00112233445566778899aabb/app-root/runtime/dependencies/python/virtenv/venv/lib/python3.3/site-packages/pdfdoc.egg-link (link to .)
remote: pdfdoc 0.0.1 is already the active version in easy-install.pth
remote: 
remote: Installed /var/lib/openshift/00112233445566778899aabb/app-root/runtime/repo
remote: Processing dependencies for pdfdoc==0.0.1
remote: Finished processing dependencies for pdfdoc==0.0.1
remote: Preparing build for deployment
remote: Deployment id is 9c2ee03c
remote: Activating deployment
remote: Starting Python 3.3 cartridge (Apache+mod_wsgi)
remote: Application directory "/" selected as DocumentRoot
remote: Application "wsgi.py" selected as default WSGI entry point
remote: -------------------------
remote: Git Post-Receive Result: success
remote: Activation status: success
remote: Deployment completed with status: success
To ssh://00112233445566778899aabb@awesomesauce-purpleidea.rhcloud.com/~/git/awesomesauce.git/
   5ac5577..bdf9601  master -> master
$

Final thoughts:

I hope this helped you getting going with Openshift. Feel free to send me patches!

Happy hacking!

James


Trinity updates

Over a month ago, I posted about some pthreads work I was experimenting with in Trinity, and how that wasn’t really working out. After taking a short vacation, I came back with no real epiphanies, and decided to back-burner that work for now, and instead refocus on fixing up some other annoying problems that I’d stumbled across while doing that experimenting. Some of these problems were actually long-standing bugs in trinity. So that’s pretty much all I’ve been working on for the last month, and I’m now pretty happy with how long it runs for (providing you don’t hit a kernel bug first).

The primary motivation was to fix a problem where trinity’s internal data structures would get corrupted. After a series of debugging patches, I found a number of places where a child process would overrun a buffer it had allocated.

First up: the code that takes syscalls arguments and renders them into a human-readable string. In some cases this would write huge strings past the end of the buffer. One example of this was the instance where trinity would generate a random pathname. It would sometimes generate complete garbage, which was fine until it came to printing it out. Fixed by deleting lots of code in the pathname generator. Stressing the negative dentry case was never that interesting anyway. After fixing up a few other cases in the argument generator I looked at the code that performs rendering to buffers. None of this code took length parameters, or took into account the remaining space in the buffers. Fairly quick rewrite took care of that.

After these bugs were fixed trinity would (on a good kernel) run for a really long time without incident. With longer runtimes, a few more obscure corner cases turned up.

There were 2-3 cases where the watchdog process would hang waiting for a condition that would never be met (due to losing track of how many running child processes there were). I’m still not happy that this can even occur but it is at least a little less likely to hang when it happens now. I’ll investigate the actual cause for this later.

Another fun watchdog bug: we keep track of the time stamp a child performed its last syscall at, and check to make sure 1 second later that it has increased by some small amount. To make sure we haven’t corrupted our own state, there’s also a sanity check that we haven’t jumped into the future. But we also have to compensate for the possibility that adjtimex was the random syscall we did. That takes a maximum offset of 2145. The code checked for that but forgot to also add the one second since the last time we checked.

There’s been a bunch of small 1-2 fixes like this lately, but I’m sitting on a larger set of changes that I’ll start to trickle into git next week, which moves towards cleaning up the “create a random page to pass to syscalls” code, which has been another fun source of corruption bugs.

In kernel news: The only interesting bugs this week that Trinity has shown up, have been two ext4 bugs. Diagnosing those has pointed out some more enhancements that are needed to the post-mortem code in trinity. Once I’ve cleared the current backlog of patches, I’ll work on adding better tracking of fd’s in the logging code. In other news, the btrfs bug trinity hit in August is now fixed in 3.17+ git.

Trinity updates is a post from: codemonkey.org.uk

libguestfs 1.28 released

The new stable version of libguestfs — a C library and tools for accessing and modifying virtual machine disk images — has been released.

There is one brand new tool, virt-log. And I rewrote the virt-v2v and virt-p2v tools. These tools convert VMware and Xen guests and physical machines, to run on KVM. They are now much faster and better than before.

As well as that there are hundreds of other improvements and bug fixes. For a full list, see the release notes.

Libguestfs 1.28 will be available shortly in Fedora 21, Debian/experimental, RHEL and CentOS 7, and elsewhere.


Orphaned packages in epel5
Orphaned packages in epel6
Orphaned packages in branched
Orphaned packages in rawhide
Fedora Activity Day – 1 Nov 2014 – theme Security

Hello,

    See -> https://fedoraproject.org/wiki/FAD_Pune_Security_1

On 1’st Nov 2014, we plan to host a Fedora Activity Day(FAD) focused at assessing the state of Security in Fedora distribution. The day would start with a brief introduction to Fedora security and progress towards collective security bug triage and other activities. If you are in Pune(India) or plan to be here on 1st Nov, please feel free to drop in and join the action. Note:- we have limited capacity(=~25) for participants, please do register on the wiki page above.

Not too long ago, the Fedora Security Team came to be with the sole intention to improve the state of security in Fedora distribution. Primary goal was to help triage the security bugs and spread awareness.

    See -> https://lists.fedoraproject.org/pipermail/security/2014-July/001948.html

But in the light of the recent upheavals caused by the deadly and the viral security dynamite of the Heartbleed, the Shellshock, and the POODLE[1] flaws, it is only logical to brace ourselves and work towards greater efforts to make Fedora _secure_ by default. Many distributions have taken focused efforts towards this end for decades now,

    Ex -> http://www.openbsd.org/security.html

Idea is to increase the number of eye balls looking at the Fedora security so that the flaws become shallow. And your poodle’s hearts are saved from bleeding caused by the shocks that are still hidden in the future.

Hope to see you there. :)

[1] http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html


Latinoware 11 Edicion Foz do Iguaçu | PR | Brasil – Dia 3

En este tercer dia, podemos ya decir que fue todo un exito, un poco ya mas cansados pero con mas ganas que los dias anteriores, se entrego todo!!

Dia 2

Monitorando Servidores com Nagios – Daniel Lara

ARM no Fedora  - Marcelo Barbosa

Inclusão Digital com Fedora – Eduardo Lucas Sena

Servidor Bacula com Fedora + Case de sucesso Daniel Lara

Mini Curso  Especial –  Academia Forense Livre – João Eriberto Mota Filho – Ramilton Costa Gomes Junior- Gilberto Sudre – Sandro Melo

Dia 3

Fedora QA – Wolnei Júnior

Fedora Além do Projeto: Spin Fedora Eletronic Labs (FEL) – Davi Souza

Charla Espontanea –> Empaquetamiento – Rino Rondan

Charla Espontanea –> Bacula – Daniel Lara

Charla Espontanea –> ARM – Marcelo Barbosa

Todo el dia –> STAND !!!

 

Y como  todo venia viento en popa… Relajados en el colectivo y en el desayuno del evento..

 

 

 

 

 

 

 

Despues en el stand y por los alrededores todo fue una fiesta :)

 

 

 

 

 

 

 

 

 

 

 

 

Una mini charla espontanea.. para toda la comunidad y gente del evento..

 

Y ya arrimandonos a la tranquera, gracias a todos por TODO!! Fedora demuestra una vez mas que somos mas que una comunidad, somos hermanos , somos una familia!!

 

 

 

 

 

 

 

 

 

Tambien un abrazo enorme a toda la gente de Red Hat, que nos ayudaron con muchas cosas.. (marcadores, monitor, logistica, etc,etc y mas etc )

 

Lo mejor del dia, va de la semana.. fue el super hack de Wolnei, se rumorea que es un paquete que el tuvo que testear …  Entrar a la habitacion luego de un promedio de 45 grados por dia y que la habitacion este en 55grados.. no era muy reconfortante..!!

 

 

 

 

Share

Latinoware 11 Edicion Foz do Iguaçu | PR | Brasil – Dia 2

Como en todos los eventos, el primer dia guarda la adrenalina de la espera, de toda esa preparacion que uno viene acumulando y de repente el dia llega y termina, ahora ya el cuerpo piensa que fue todo, pero llega la noche y ya empieza la maraton fedoriana, muchas charlas, muchas historias, anecdotas, comidas, momentos gratos juntos… Como una gran FAMILIA..

 

 

 

 

Otra vez la gente llegaba con la voracidad a flor de piel, queriendo y preguntando por todo, algunos timidamente, otros sin miedo y algunos pasaban y miraban de reojo como temerosos de contagiarse de tanta hermosura… seguramente estaban tentados por algun soft oscuro…

 

 

 

 

 

 

 

 

 

 

 

 

Otra vez el evento demostro estar muy bien organizado, al menos mi vision desde adentro como representante de Fedora, no vi tampoco nadie quejarse..

Esta vez hay dos fotos del dia!! EL ataque de las chicas Fedorianas!!!

En este caso las chicas que esperan.. esperan en la trinchera por ir al frente de batalla..

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Y en este otro caso, deciden ir al acecho!!

 

 

 

 

 

Share

October 17, 2014

This week in rawhide, the October 17th edition

Hey look, another week, another this week in rawhide. Almost like clockwork. ;)

I mentioned last week that the rawhide kernels had moved on to 3.18 git snapshots and that I wasn’t seeing any problems. Well, I did run into some after that. suspend is completely broken. It’s unclear yet if it’s kernel or systemd or both to blame. I’m going to try and debug it some this weekend and get a bug report filed. Not a big deal, but kind of anoying if you want to suspend and resume.

There’s also a anoying grubby bug that dropped into f21/rawhide the other day: https://bugzilla.redhat.com/show_bug.cgi?id=1153410 This will result in a kernel entry that won’t boot right. It’s easy enough to work around, and expect a fixed rawhide grubby in tomorrow’s compose.

Gnome 3.14.1 landed in rawhide at the sameish time it was built for f21 updates-testing. Hopefully it will get pushed through the freeze and be in the beta release. It’s been pretty smooth so far here in rawhide. Xfce also got a few fixes, in particular the weather plugin had upstreams change API, so weather updates stopped working. Thats fixed up and pushed out to rawhide and all stable releases.

Happy rawhiding!

requestAnimationFrame. - test it and also I make another tutorial.
I test it this great function. Working well and for readers I make a tutorial about how to use it.
See here if you want to use it.
Fedora Council, L10N Zanata, FUDCon LATAM, Taskotron, and Retrace improvements

Fedora is a big project, and it’s hard to keep up with everything that goes on. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Here are the five things for October 17th, 2014:

Introducing the Fedora Council

Last week, the Fedora Project Board unanimously approved its replacement, a new top-level leadership and governance body we’re calling the Fedora Council. Read more about it in John Rose’s announcement message, and our previous Fedora Magazine article about upcoming elections.

This didn’t happen overnight — Christoph Wickert, Toshio Kuratomi, Josh Boyer, and others have been talking about this and working on related proposals for the last couple of years, and Toshio and Haïkel Guémar led a great session at Flock — Fedora’s big annual planning conference — this August. We’ve been thinking about and discussing what to do ever since, and now it’s time to put the result into action!

Translation team switches to Zanata

Fedora’s L10N team — the L-10-N is short for localization, because there are 10 missing letters there — does an amazing job of translating our software to dozens of different languages. (If you’re a Fedora user who speaks a language other than English, this is a great and fun way to get involved, by the way — see the steps to join in the Fedora Localization Guide.)

All of this work is accomplished using some specialized tools. For a long time, Fedora has used Transifex, a project by Dimitris Glezos which actually grew out of Fedora. Unfortunately, recent versions of Transifex are not open source. As a project, we always prefer to work with open source tools whenever possible, and the L10N team started a project to migrate to a different and completely free and open source tool, Zanata.

Last week, all translation teams for different languages discussed and voted whether to move ahead with this, and the result was 19 “Go” votes and none against. With the active contributor community overwhelmingly in favor, it’s an easy decision to go forward, and according to the plan, the new “stage 1″ service should be live any day now.

FUDCon Managua 2014

This year’s FUDCon — that’s Fedora User and Developer Conference — in Latin America will in in Managua, Nicaragua next week. Organizer Neville Cross tipped off 5tFTW with a few particularly interesting notes:

New QA Automation framework goes live

As I’m sure everyone knows by now, the Fedora 21 cycle has been one of the longest ever. We did this on purpose, and one of the primary reasons was to give our Quality Assurance team time to work on tooling and infrastructure rather than just cycling through tests over and over. This has borne fruit, and our new QA automation framework Taskotron has gone live, replacing AutoQA for checks on package updates.

Right now, the effect on end users and developers is very small, but the change will enable many more important features in the near future, including user-submitted tests to run automatically. This will increasingly offload repetitive testing tasks so that humans time can be focused where it’s most valuable, resulting in an even better Fedora going forward.

Upgraded Retrace Server includes CentOS collaboration

This is another infrastructure thing which sounds kind like it might be boring but which also will pay off in a better, more bug-free Fedora. The Retrace/ABRT Server debugging tool which generates useful information from automated crash reports. This has been upgraded with newer hardware, enabling a few changes which directly benefit Fedora developers and users.

First, if a package is updated and the same crash doesn’t occur for two weeks, those issues are automatically closed, reducing bug noise and overload. Second, these reports are now cross-referenced with those from CentOS 7, allowing us to collaborate on debugging and fixing problems And third, it is, of course, much, much faster.


 

5tftw-large