January 30, 2015

Back from DevX hackfest

I’m now back from a week in Cambridge at the developer experience hackfest. This was a great event, it was a lot of fun to meet people again, and we got a lot of things done. I spent a lot of time talking to people about things related to xdg-app and sandboxed applications, both spreading information and actually implementing features.

I spent some time with Emmanuele, Ryan and Lars working on glib stuff, which resulted in the G_DECLARE_*_TYPE macros finally being merged. Additionally I reviewed the new list model abstraction which I hope we can land soon, and Ryan and I worked out a new fancy __attribute__(cleanup) approach that we hope to merge into glib soon.

We also worked a bit on Gtk+ OpenGL support. Based on feedback from early users we’re doing some changes in how GL contexts are created to allow you to configure them in more detail. We also decided that we want to completely drop support for legacy OpenGL contexts, as these had issues cooperating with Core 3.2 contexts, and because we don’t live in the 90s anymore. Carlos was working on converting GtkPopover to use (override redirect) toplevels on X11, and I gave him moral support and generally hated on ancient crappy X11 behaviour.

Props to Collabora and Philip for arranging a great event!

January 29, 2015

Upgrading to CentOS 7 - Part Three
Samba Yes, I use Samba for file sharing in my home network. Especially since my printer / scanner can scan to network folders directly in PDF/JPG. Samba is quite easy, these days. More or less, I follow the instructions at howtoforge, with one exception: the smbpasswd is not present in my system, so I use the pdbedit command, as suggested in the smb.conf file. Anyway, just for reference:
Offizieller Fedora-Fanshop

Ruth Suehle hat heute auf der Ankündigungsliste des Fedora-Projektes verkündet, das es im Red Hat Cool Stuff Store ab sofort auch einen Bereich für Artikel mit dem Fedora-Banner gibt.

Laut Ruth war die Integration in den Red Hat Shop die schnellste und einfachste Lösung, um ein eigenes Inventar zu verwalten. Momentan ist die Anzahl der Artikel noch recht übersichtlich, aber falls genug Leute sich mit Fan-Artikeln eindecken, werden laut Ruth sicher auch noch weitere Artikel folgen.

Die aktuelle Auswahl ist somit quasi eine Art Test-Ballon, um zu sehen, ob es überhaupt genug Abnehmer für Artikel mit dem Fedora-Logo gibt.

Event report: Design FAD, Westford

We had a fantastic Design team FAD between 16-18 January at Red Hat’s Westford office. For me, it turned out to be an opportunity to (finally!) meet in person with my mentor Emily, and Mo, two people I’ve been in touch with over IRC/email like forever. Among others physically present were Marie, Sirko, Suchakra, Chris, Prima, Zach, Samuel, Langdon, Paul, Luya and Ryan. Kushal showed up remotely albeit the odd hours in India.

Mo on the whiteboard

Mo did a great job outlining topics we needed to discuss on the whiteboard the first day. At first it looked like a lot to me and honestly I felt like we’d never get to half of them. At the end of the day, to my (pleasant) surprise, we had covered most, if not all of the planned topics. We spent quality time evaluating what the team’s goals are and prioritizing them. We revised our ticket flow into a more structured and well-defined one. We discussed newbie management and how to deal with design assets.

Random discussions

Suchakra, Zach and I worked on redesigning askfedora. What was supposed to be a low-fidelity mockup winded up being pretty hi-fi, since I wanted to take Inkscape lessons from Suchakra and we dug into the details. Suchakra has blogged twice about it, so if you’d like to learn more, find the first one here and the second here.

Askfedora mockup - photo courtesy Suchakra's blog

If we manage to squeeze in time, we’d like to work on the redesign in the weekends. Another group focused on cleaning tickets, so as you’d imagine, lots of trac emails getting tossed around. When I had a look at the design trac after they were done, it seemed like another trac altogether!

Ticket discussions

GlitterGallery was also brought up. What I took back for the GG team from the FAD was that our main priorities are improving the file history view and SparkleShare integration. On my return, I’ve already started work on a new branch.

Quick GG status demo

Emily and I intended to do a GG hackfest once everyone leaves on the final day, but we had transportation issues and couldn’t continue. To make up for that, we held an IRC meeting yesterday to assign tasks to Paul, Emily, Shubham (new kid on the block), and I. I’m excited about how the repo is active again!

Productive FAD for everyone :) Thanks to the local organizers and Gnokii, super worthwhile.

(Gnokii, sorry I sucked at gaming!)

Gnokii playing Champions of Regnum

(Photos courtesy Prima).

2015 Winter Docs Hackfest

I’m here in lovely Cambridge for the winter GNOME docs hackfest. This time, the docs team is sharing a room with the Developer Experience (DX) hackfest, which provides us with a great opportunity to reach out to GNOME developers for expert’s advice.

Yesterday, Christian Hergert presented a new GNOME IDE in development, called Builder:

Builder comes with a feature-rich text editor that can also be useful for documentation writers who often author documents in XML.

Cosimo Cecchi showed us some of the downstream changes the Endless team made to gnome-user-docs and gnome-getting-started-docs. For me, personally, the most interesting part was their feedback on the GNOME docs style and content. Endless seem to target their product to a slightly different customer, still, they appear to have data on their users that the upstream project lacks. The GNOME help suite, written by different authors and in different style over the course of many years, is actually targeted at multiple audiences, spanning from quite inexperienced desktop end-users to skilled users who need to troubleshoot VMs in GNOME Boxes.

Shaun McCance showcased some of the cool features of Ducktype, a new lightweight syntax for Mallard. Although still a work in progress, this new syntax brings to the world of Mallard docs the flexibility of formats such as AsciiDoc or Markdown, which are now gaining strong popularity in both the developer and technical communication communities.

The docs team focused on squashing the bugs filed against GNOME Help and application help, and on content improvements in different areas of the desktop documentation stack. Jim Campbell worked on changing the structure and layout of Files help. He also worked with Jana Svarova on VPN docs for the GNOME sysadmin guide. Jana went through the docs feedback ML archives, responding to user comments and filing new bugs. Kat worked on application help with Jim and fixed a couple of bugs in gnome-user-docs. I worked on triaging docs bugs, and then on reviewing and updating some parts of GNOME Help and the sysadmin guide.

I would like to thank Collabora for providing the venue and catering, Kat and Philip Withnall for running the hackfests, and the GNOME Foundation for sponsoring me.

It’s been great to see old and new faces from the community, now off to Brussels for FOSDEM, then back to Brno for DevConf!

sponsored-badge-shadow

DNF-PLUGINS-EXTRAS 0.0.3 Released

DNF-PLUGINS-EXTRAS version 0.0.3 provides some bugfixes and new plugins: local, repograph and repoclosure.

More on project release notes.

Lohit Odia 2.91.0 ready for testing under Lohit 2 project
   Started working on this in last month with Shilpa. When initial started working on this script, found it bit difficult. But Odia script is very similar with Devanagari and over the time found comfort with it.

   Shilpa did most of the work and i did verification and fixed few issues. One thing again i noticed during release is using of AFDKO. It is good and we should use AFDKO fully in Lohit project for better quality. Will see if we can do it in long term.

  For now regarding 2.91.0 release. Following are important points:

  • Followed Unicode specifications.
  • Re-writing all GSUB rules.
  • Open type rules are available in .fea file for easy re-usability.
  • Feature file compiled with AFDKO.
  • Supports 'orya' and 'ory2' opentype specifications tag.
  • Developer friendly glyphs names with AGL syntax format.
  • Corrected glyph class for all glyphs. 
  • Improved shape of ka-viramasignodia-taodia.
  • Added Glyph positioning rules for below based matras.
  • Test file available with release tarball.
  • Auto testing support with harfbuzz hb-shape.Tested with Harfbuzz and Uniscribe (W8 and XP)
   Update Lohit project page for information regarding download. During release i found few issues which are noted in TODO file. Will fix them before next release. If you find any issue do report on github. Also note TTF file available on my fedorapeople page.

   I remember in FUEL conference i got some improvement suggestions. Couple of them were related to adding Latin to Odia fonts. Presently dont have resource for same but looking forward to solve it in future.

  
Update firefox !!!

Firefox New upstream – 35.0.1 Enabled click-to-play for flash by default due to live and exploited 0-day flash vulnerability. (Bug fixed)


Firefox 35 (32 bits)
sudo yum -y install https://kojipkgs.fedoraproject.org//packages/firefox/35.0.1/3.fc21/i686/firefox-35.0.1-3.fc21.i686.rpm

Firefox 35 (64 bits)
https://kojipkgs.fedoraproject.org//packages/firefox/35.0.1/3.fc21/x86_64/firefox-35.0.1-3.fc21.x86_64.rpm


Bugzilla Report https://bugzilla.redhat.com/show_bug.cgi?id=1185241

Thanks stransky


Actualización de Firefox

Últimamente firefox venía presentado algunos problemas con “flash-plugin” , ya que este plugin venía “medio” desactivado a la hora de reproducir algún contenido multimedia por lo que había que hacerle click al vídeo si queríamos verlo. Bueno ayer se envío una actualización a “Bodhi” que soluciona este problema, así que si quieren instalarlo sólo tienes que escribir lo siguiente:


Firefox 35 (32 bits)
sudo yum -y install https://kojipkgs.fedoraproject.org//packages/firefox/35.0.1/3.fc21/i686/firefox-35.0.1-3.fc21.i686.rpm

Firefox 35 (64 bits)
https://kojipkgs.fedoraproject.org//packages/firefox/35.0.1/3.fc21/x86_64/firefox-35.0.1-3.fc21.x86_64.rpm


Eso  es todo :)

Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1185241

Gracias a stransky for la actualización :)


Lenovos X1 Carbon 3rd touchpad woes

Lenovo released a new set of laptops for 2015 with a new (old) feature: the trackpoint device has the physical buttons back. Last year's experiment apparently didn't work out so well.

What do we do in Linux with the last generation's touchpads? The kernel marks them with INPUT_PROP_TOPBUTTONPAD based on the PNPID [1]. In the X.Org synaptics driver and libinput we take that property and emulate top software buttons based on it. That took us a while to get sorted and feed into the myriad of Linux distributions out there but at some point last year the delicate balance of nature was restored and the touchpad-related rage dropped to the usual background noise.

Slow-forward to 2015 and Lenovo introduces the new series. In the absence of unnecessary creativity they are called the X1 Carbon 3rd, T450, T550, X250, W550, L450, etc. Lenovo did away with the un(der)-appreciated top software buttons and re-introduced physical buttons for the trackpoint. Now, that's bound to make everyone happy again. However, as we learned from Agent Smith, happiness is not the default state of humans so Lenovo made sure the harvest is safe.

What we expected to happen was that the trackpoint device has BTN_LEFT, BTN_MIDDLE, BTN_RIGHT and the touchpad has BTN_LEFT and is marked with INPUT_PROP_BUTTONPAD (i.e. it is a Clickpad). That is the case on the x220 generation and the T440 generation. Though the latter doesn't actually have trackpoint buttons and we emulated them in software.

On the X1 Carbon 3rd, the trackpoint has BTN_LEFT, BTN_MIDDLE, BTN_RIGHT but they never send events. The touchpad has BTN_LEFT and BTN_0, BTN_1 and BTN_2 [2]. Clicking the left button on the trackpoint generates BTN_0 on the touchpad device, clicking the right button generates BTN_1 on the touchpad device. So in short, Lenovo has decided to wire the newly re-introduced trackpoint buttons to the touchpad, not the trackpoint. [3] The middle button is currently dead, which is a kernel bug. Meanwhile we think of it as security feature - never accidentally paste your password into your IRC session again!

What does this mean for us? Neither synaptics nor evdev nor libinput currently support this so we've been busy aipodae and writing patches like crazy. The patch goes into the kernel and udev.... The two patches needed go into the kernel and udev, and libinput. No, the three patches needed go into the kernel, udev and libinput, and synaptics. The four patches, no, wait. Amongst the projects needing patches are the kernel, udev, libinput and synaptics. I'll try again:

With those put together, things pretty much work as they're supposed to. libinput handles middle button scrolling as well this way but synaptics won't, much for the same reason it didn't work in the previous generation: synaptics can't talk to evdev and vice versa. And given that synaptics is on life support or in pallative care, depending how you look at it, I recommend not holding your breath for a fix. Otherwise you may join it quickly.

Note that all the patches are fresh off the presses and there may be a few bits changing before they are done. If you absolutely can't live without the trackpoint's buttons you can work around it by disabling the synaptics kernel driver until the patches have trickled down to your distribution.

The tracking bug for all this is Bug 88609. Feel free to CC yourself on it. Bring popcorn.

Final note: I haven't seen logs from the T450, T550, ... devices yet yet so this is so far only confirmed on the X1 Carbon so far. Given the hardware is essentially identical I expect it to be true for the rest of the series though.

[1] We also apply quirks for the 2013 generation because the firmware was buggy - a problem Synaptics Inc. has since fixed (but currently gives us slight headaches).
[2] It is also marked with INPUT_PROP_TOPBUTTONPAD which is a bug. It uses a new PNPID but one that was in the range we previously believed was for pads without trackpoint buttons. That's an an easy thing to fix.
[3] The reason for that seems to be HW design: this way they can keep the same case/keyboard and just swap the touchpad bits.
[4] synaptics is old enough to support dedicated scroll buttons. Buttons that used to send BTN_0 and BTN_1 and are thus interpreted as scroll up/down event.

An atomic upgrade process for OpenStack compute nodes

I have been working with container technology since September 2014, sorting out how they are useful in the context of OpenStack.  This led to my involvement in the Kolla project, a project to containerize OpenStack as well as Magnum, a project to provide containers as a service.  Containers are super useful as  an upgrade tool for OpenStack, and the main topic of this blog post.

Kolla began life as a project with dependencies on docker and kubernetes.  I wasn’t always certain the kubernetes dependency was necessary to provide container deployments in OpenStack, but I went with it.  Over time, we found kubernetes has a lot to offer OpenStack deployments.  But it lacks a few features which make it unsuitable to deploy “super privileged containers”.

A super privileged container is a container where one or more of the following are true:

  • The container’s processes wants to utilize the host network namespace – specifically –net=host flag.
  • The container’s processes wants to utilize bind mounting – that is mounting a directory from the host fle-system inside the container and share it.
  • The container’s processes wants to utilize the host pid namespace – specifically the –pid=host flag.

Kubernetes could be modified to allow super-privileged containers, but until that day comes, Kubernetes won’t be suitable for  running super-privileged containers.  There is no way to do these things with existing Kubernetes pod files, however, because they have runtime and privilege considerations – essentially they assume the operator trusts the application running in super-privileged mode with the possibility of rooting their entire datacenter.  The kubernetes maintainers have been unwilling to make these options available I suspect because of this concern.

I have spent several weeks researching upgrade of the compute node in nova-networking mode, which consists of a nova-network, nova-compute, and nova-libvirt process.  I started by borrowing the Kolla containers for nova-network and nova-compute and cloned them into a new compute-upgrade repo:

[root@bigiron docker]# ls -l nova-compute
drwxrwxr-x 2 sdake sdake 4096 Jan 28 13:32 nova-compute
drwxrwxr-x 2 sdake sdake 4096 Jan 28 13:27 nova-libvirt
drwxrwxr-x 2 sdake sdake 4096 Jan 21 17:59 nova-network

Each directory contains a container for example nova-compute contains:

[root@bigiron docker]# ls -l nova-compute/nova-compute
total 12
lrwxrwxrwx 1 sdake sdake  33 Jan 21 08:40 build -> ../../../tools/build-docker-image
-rwxrwxr-x 1 sdake sdake 394 Jan 21 08:40 config-nova-compute.sh
-rw-rw-r-- 1 sdake sdake 365 Jan 28 13:06 Dockerfile
-rwxrwxr-x 1 sdake sdake  83 Jan 28 13:32 start.sh
[root@bigiron docker]# 

Most of the hard work of this project was building the containers. Half way to victory using the cp command :) Next I sorted out a run command that would run the various containers. I merged the 3 run commands into a script called start-compute.

First, a few directories must be shared for nova-libvirt:

  • /sys: To allow libvirt to communicate with systemd in the host process
  • /sys/fs/cgroup: To allow libvirt to share cgroup changes with the host process
  • /var/lib/libvirt: To allow libvirt and nova to share persistent data
  • /var/lib/nova: To allow libvirt and nova to share persistent data

Second, libvirt must be able to reparent processes to the init (pid=1) systemd process during an upgrade.  If it can’t do that operation, the libvirt qemu processes will have no parent during an upgrade.  Who would be their parent during an upgrade process, where libvirt had been killed? The answer lies in a brand-new docker feature allowing host namespace PID sharing.  In order to gain this super-privilege, the –pid=host flag must be used.

Third, nova-network, nova-libvirt, and nova-compute must share the host network namespace.  To obtain access to this super-privilege, the docker –host=pid operation must be used.

Finally some non-privileged environment variables must be passed to the container using the -e fag. A combination of these flags results in the following launch command:

sudo docker run -d --privileged -e "KEYSTONE_ADMIN_TOKEN=$PASSWORD" -e "NOVA_DB_PASSWORD=$PASSWORD" -e "RABBIT_PASSWORD=$PASSWORD" -e "RABBIT_USERID=stackrabbit" -e NETWORK_MANAGER="nova" -e "GLANCE_API_SERVICE_HOST=$SERVICE_HOST" -e "KEYSTONE_PUBLIC_SERVICE_HOST=$SERVICE_HOST" -e "RABBITMQ_SERVICE_HOST=$SERVICE_HOST" -e "NOVA_KEYSTONE_PASSWORD=$PASSWORD" -v /sys/fs/cgroup:/sys/fs/cgroup -v /var/lib/nova:/var/lib/nova --pid=host --net=host sdake/fedora-rdo-nova-libvirt

My testbed is a two node Fedora 21 cluster. One node runs devstack in nova-network mode. The remaining node simulates a compute node by running the containers produced in this repository with minimal other operating system services running. Note ebtables must be modprobed on the compute node in the host OS and libvirt must be disabled.

I can start the compute node by running start-compute:

[root@minime tools]# ./start-compute
c80b0c9b38efa146200338ad3d781a8ed7a782821abb904493ce14770c6e91c3
1365e60a79715b8ed38b172219666a12a60abae602aba74cf61f99d3be79f2f7
08a20c05607842a27a01e16f3010904785905ccff41173b7e25443a753a5c792
[root@minime tools]# docker ps
CONTAINER ID        IMAGE                                  COMMAND             CREATED             STATUS              PORTS               NAMES
08a20c056078        sdake/fedora-rdo-nova-compute:latest   "/start.sh"         5 seconds ago       Up 3 seconds                            insane_leakey          
1365e60a7971        sdake/fedora-rdo-nova-libvirt:latest   "/start.sh"         12 seconds ago      Up 10 seconds                           desperate_bell         
c80b0c9b38ef        sdake/fedora-rdo-nova-network:latest   "/start.sh"         14 seconds ago      Up 12 seconds                           desperate_mcclintock   

No QEMU processes are running:

[root@minime tools]# machinectl
MACHINE                          CONTAINER SERVICE         

0 machines listed.

After running nova boot on the controller node:

[sdake@bigiron devstack]$ nova boot steaktwo --flavor m1.medium --image Fedora-x86_64-20-20140618-sda

One machine is found via machinectl. I’ll spare you the output of ps, but it is also present.

root@minime tools]# machinectl
MACHINE                          CONTAINER SERVICE         
qemu-instance-00000001           vm        libvirt-qemu    

1 machines listed.

Now stopping the libvirt container:

[root@minime tools]# docker stop 1365e60a7971
[root@minime tools]# docker ps
CONTAINER ID        IMAGE                                  COMMAND             CREATED             STATUS              PORTS               NAMES
08a20c056078        sdake/fedora-rdo-nova-compute:latest   "/start.sh"         7 minutes ago       Up 7 minutes                            insane_leakey          
c80b0c9b38ef        sdake/fedora-rdo-nova-network:latest   "/start.sh"         7

Now starting the ibvirt container:

c8368083989e0fa727663447a58d94ffeb6c581479fc501f4bc07e06bf176d22
docker ps[root@minime tools]# docker ps
CONTAINER ID        IMAGE                                  COMMAND             CREATED             STATUS              PORTS               NAMES
c8368083989e        sdake/fedora-rdo-nova-libvirt:latest   "/start.sh"         7 seconds ago       Up 5 seconds                            compassionate_fermat   
08a20c056078        sdake/fedora-rdo-nova-compute:latest   "/start.sh"         9 minutes ago       Up 9 minutes                            insane_leakey          
c80b0c9b38ef        sdake/fedora-rdo-nova-network:latest   "/start.sh"         9 minutes ago       Up 9 minutes                            desperate_mcclintock

Now the compute VM can be terminated via nova after an upgrade:

[sdake@bigiron devstack]$ nova stop steaktwo

And the VM process disappears:

[root@minime tools]# machinectl
MACHINE                          CONTAINER SERVICE         

0 machines listed.

Ok, so you just showed stopping and starting a container? where is the atomic part? Any container of OpenStack compute can be atomically upgraded as follows:

  • docker pull (to obtain new image)
  • docker stop
  • docker start

From the compute infrastructure, it looks like an atomic upgrade. No messy upgrades of a hundreds of RPM or DEB packages. Just replace a running image with a new image.

It is highly likely I will re-integrate this work into Kolla, since Kolla is the home for R&D related to launching OpenStack within containers. Unfortunately until kubernetes grows the required features, it is unsuitable for a deployment system for OpenStack compute nodes.


The Travelling Saxophone

The Saxophone is a harsh mistress. She demands attention every day. A musician friend once quoted to me: “Skip a day and you know. Skip two days and your friends know. Skip three days and everyone knows.” That quote keeps me practising nightly.

Playing Sax by the Seine

By the Seine: Photo by Jamie Lennox

My work on OpenStack has me travelling a bit more than I have had to for other software projects. While companies have been willing to send me to conferences in the past, only OpenStack has had me travelling four times a year: two for the Summit and two for mid-cycle meetups of the Keystone team. Keeping on a practice schedule while travelling is tough, sometimes impossible. But the nature of the places where I am visiting makes me want to bring along my horn and play there.

The Kilo OpenStack summit was in Paris in November. The thought of playing in Paris took residence in my imagination and wouldn’t leave. I brought the horn along, but had trouble finding a place and a time to play. The third night, I decided that I would skip the scheduled fun and go play in the middle of the Arc de Triomphe, a couple blocks away from my hotel. There is a walkway under the traffic circle with stairs that lead up to the plaza. However, a couple of police stationed at the foot of the stairs made me wonder if playing there would be an issue, and I continued on. As I approached the far end of the walkway, I heard an accordion.

The accordion player spoke no English. I spoke less French. However, his manner indicated he was overjoyed to let me play along with him.

I shut my case to indicate that tips would still be going in his box. I was certainly not playing for the money.

He struck up a tune, and I followed long, improvising. It worked. He next said the single word “Tango” and I kicked started one off with a growl. Another tune, and then he suggested “La Vie en Rouge” and I shrugged. He seemed astounded that I didn’t really know the tune. This would be the equivalent of being in New Orleans and not knowing “When the Saint’s Go Marching In.” I faked it, but I think his enthusiasm waned, and I packed up afterwards and headed back to the hotel.

I got one other chance to play on that trip. Saturday, prior to heading to the airport, Jamie Lennox and I toured a portion of the city, near the Eiffel tower. Again, I wasn’t playing for the money, and I didn’t want to gather crowds. So we headed down to the banks of the Seine and I played near a bridge, enjoying the acoustics of the stone.

The Keystone midcycle happened in January, and I brought my Sax again. This time, I played each night, usually in the courtyard of the hotel or down along the Riverwalk. The Keystone gang joined me one night, after dinner, and it was gratifying to play for people I knew. On the walk back to the Hotel, Dolph and Dave Stanek (maybe others) were overly interested in their cell phones. It turned out they were setting up ww.opensax.com.

Playing by the Riverwalk

Playing by the Riverwalk: Photo by Dolph Matthews

January 28, 2015

FESCo Elections Interview with Debarshi Ray (rishi)

This is a part of FESCo Elections interviews series.

Voting is open to all Fedora contributors. The elections started on January 26th and closes promptly at 23:59 UTC on February 3rd.

Please read the responses from candidates and make your choices carefully.

Feel free to ask questions of the candidates here or elsewhere!

Interview with Debarshi Ray (rishi)

rishi

What is your background in Fedora? What have you worked on and what are you doing now?

You can find a summary at http://fedoraproject.org/wiki/User:Rishi

If you want details about my GNOME activity, then I work on our online accounts stack – its various underpinnings and the applications involved (includes nautilus, gvfs, gnome-documents, gnome-control-center, etc.). I also work on gnome-terminal and tracker.

Do you think Fedora should be time based or more feature driven distribution? Or compromise?

Time-based. Having a predictable release schedule is very important in
my opinion.

What are the most pressing issues facing Fedora today (from engineering POV)? What should we do about them?

I think that the way we push updates to our users needs to be improved, and there are a few relatively simple things that we can do in this area. We spend a lot of effort making sure that our releases are of the highest quality, but then we barely do anything to ensure the quality of the updates being pushed out to a stable releases. This often leads to surprises (or regressions) and annoyances (too many updates).

We should stop the practice of pushing out updates asynchronously, unless they have security implications. We should push them out monthly or fortnightly to updates-testing so that testers get a chance to QA a well defined combination of packages, instead of a constantly moving set, which is the case now. This is not different from the system of

freezes that are used to QA our releases.

We should have a few people auditing updates, and a strict set of guidelines on what is allowed in a stable release. I believe this is the case in Debian and Ubuntu. Fedora releases are already short-lived (as compared to RHEL or CentOS) to begin with so there is no need to introduce significant UI or code changes and lead to the problems mentioned in the previous paragraph.

A more intrusive improvement would be the ability to roll back updates.

Finally, we should start looking at sandboxing and application bundles that GNOME has been working on. A well-packaged distribution will always have its strengths, but sandboxing and bundles solve an important problem. We should explore how we can leverage them to our advantage.

Care to share a screenshot of your Fedora desktop?

fedora-22

What are your interests and experience outside of Fedora? What of those things will help you in this role?

Outside Fedora I am a GNOME developer working on our online accounts story. Recently GNOME has been playing a pioneering role in the way we look at GNU/Linux desktop applications

I believe this gives me a good background to improve Fedora Workstation as an end-user facing (or client-side) operating system.

How can FESCo do a better job communicating with the rest of the Fedora community, or do you feel that FESCo is already doing well here?

Historically, the people behind Fedora’s desktop spin had felt a certain amount of disconnect with FESCo. This was fueled by lack of communication between people on both sides of the divide, and something that we should avoid.

I would expect FESCo members to reach out to the various technical stakeholders in the project (eg., WGs, spins, feature owners) to better understand what they are trying to achieve. This can happen on public mailing lists and IRC, or via private conversations over email and hallway tracks at conferences.

Committee members can shape the overall direction of the project by blogging and presenting at conferences on matters that they think are of strategic importance to Fedora.

What can you accomplish as part of FESCo that you couldn’t accomplish as a contributor to Fedora without sitting on FESCo?

Sitting on FESCo would help me guide Fedora, and particularly Workstation, towards a better application and updates story. While I can contribute towards the same objectives as an individual, some aspects require broad project wide changes and being a FESCo member would help in realizing them.

What degree of leeway do you feel that the Working Groups should have to diverge from one another in establishing their own identity?

The Working Groups are the ones who should be in charge of defining their product and be allowed to diverge from one another as long as it is not to the disadvantage of another product or WG.

How would you define the set of criteria for promoting a spin to a product? What about the reverse?

Products define the project. Each of them should be focused on a broad area that is strategic to the project. Currently our products are Workstation, Server and Cloud, which means that Fedora is focused on building operating systems for laptops / desktops, servers and cloud deployments.
For a spin to be promoted:

  1.  It should be sufficiently different from an existing product. Different enough that its objectives and needs are not and can not be addressed by one of the existing products. eg., entirely different target audience, different release schedules, different installation or release medium, , etc..
  2. Should be able to have a strong identity of its own, without hampering any of the existing products. Also see (1).
  3. A group behind it with a proven track record.

Similarly, I would demote a product if it no longer makes sense to have it as one of the flagships of the project:

  1. Fall in quality of what is being delivered.
  2. Target area is no longer strategic for the project. eg., if people stop using client-side operating systems, it will not make sense to have Workstation as a product.

With the advent of Fedora Council now, what do you see as the significance of FESCO in Fedora project?

FESCo is about overseeing the technical issues faced by the project, while the Council is more strategic. It is responsible for Fedora’s governance, budget and outreach. This is quite obvious from looking at the current composition of the Council. It has people with background in outreach, engineering, program management, and our fearless leader.

Therefore I don’t see any conflict of interest here.

How “closely” do you, as a member of FESCO, follow the devel mailing list before voting on FESCO meetings? In other words, apart from your own technical qualifications, what is your typical process in arriving at decisions?

I have never been on FESCo before, so I can not say how I voted in previous FESCo meetings. If I am elected, I would try to inform myself by not only following devel@lists.fp.o, but more importantly, talking to the individual stake holders and understanding the technical issues being voted upon. Attending conferences and making myself accessible to people would help in this area.

FESCo Elections Interview with Parag Nemade (paragan)

This is a part of FESCo Elections interviews series.

Voting is open to all Fedora contributors. The elections started on January 26th and closes promptly at 23:59 UTC on February 3rd.

Please read the responses from candidates and make your choices carefully.

Feel free to ask questions of the candidates here or elsewhere!

Interview with Parag Nemade (paragan)

Parag Nemade

What is your background in Fedora? What have you worked on and what are you doing now?

I am using Fedora since its first release Fedora Core 1. I joined Fedora as a contributor in Fedora Core 6 development cycle. I have contributed many Internationalization(i18n) packages and sponsored some people in Fedora. I have done more than 1600 package reviews in Fedora. I am also a provenpackager and helped in fixing packages in mass-rebuilds. I also contributed to few packaging guidelines draft.

Currently I do package reviews, sponsor people in packager group, add new style, new language script fonts in Fedora, maintain some i18n packages. Other than that I like Fedora Applications. Whenever there is any new Fedora Application(like tagger, pkgdb2, fmn) is available or any of its new release, I used to test it and if found any issues, report it upstream. I also test packages in updates-testing and provide feedback in bodhi.

Do you think Fedora should be time based or more feature driven distribution? Or compromise?

It should be compromise. Accept Changes that will be ready to be tested by Alpha release and follow the release schedule deadlines.

What are the most pressing issues facing Fedora today (from engineering POV)? What should we do about them?

We need to have more testing for Fedora Products and resolve any issues in
them. I see we still have some installer, package selection, using dnf instead
yum, migration to python3, installing non-default groups in any product issues
going on. For some of these issues users need to be aware of these changes in
advance by providing them some examples on how the changes will affect them and how can they will fix them otherwise their packages remain incompatible in the current development cycle. Everytime such big change comes we end up with filing mass bugs, fixing most of the release blockers but not fully resolve all such bugs. Over the last few releases I saw such leftover bugs remained still open.
We should make sure to fix them all.

If we look the development happened in last few releases we can see we got many
features/changes development happened in Fedora but all this is not getting properly documented on Fedora wiki. We also need more test cases to be submitted with each Change proposal that people can test on test days. Translations is another thing. Every release we see some translations missed by some packages in Fedora. Sometimes anaconda installer too miss to pull translations. We need developers to also make sure that they will check translation coverage to be 100% for the packages getting tagged in final releases. We need more QA, automation to avoid any last minute schedule slip.

We also occasionally find new contributors asking questions about packager sponsorship. We have been regularly amending the sponsorship guidelines but still
there are some questions not answered in guidelines and left to individual sponsor
to define. Lack of sponsor for new contributors or lack of response from submitter
is one problem. The merge-reviews is another problem that could have easily solved by asking that package group/SIG members to finish those reviews in any
Fedora release cycle. But no particular decision on this happened yet.

Care to share a screenshot of your Fedora desktop?

I use Gnome as my primary desktop environment.

MyDesktop

What are your interests and experience outside of Fedora? What of those things will help you in this role?

In the free time I read about mobile technology related articles. I do testing of custom Android ROM’s for my old mobile and provide feedback to its developers. I don’t think this will help me in my FESCo role.

How can FESCo do a better job communicating with the rest of the Fedora community, or do you feel that FESCo is already doing well here?

FESCo is definitely doing good work. Its weekly meeting logs are always posted on devel list so that contributors can know what is happening in FESCo meetings. But the tickets getting reported to FESCo are not getting lower and the queue is always filled with good number of tickets for each meeting and for future meetings. We need more hands to help FESCo in their work. That does not mean more seats to FESCo but more volunteers to either participate in FESCo meetings to share their views on tickets or on mailing list.

What can you accomplish as part of FESCo that you couldn’t accomplish as a contributor to Fedora without sitting on FESCo?

As a contributor to Fedora I can always provide my views on topics in FESCo meetings but as part of FESCo I will try to have Fedora development going forward in the required right direction by providing my vote.

What degree of leeway do you feel that the Working Groups should have to diverge from one another in establishing their own identity?

The different Working Groups should use the same existing infrastructure, packages in Fedora. However they can diverge by using certain required features that is necessary for establishing their own identity. I think the per-product configuration will be helpful on how this divergence can be implemented.

How would you define the set of criteria for promoting a spin to a product? What about the reverse?

I think spins should continue to stay like we have them currently and I don’t think we need to increase our products also. If possible we should work on integrating some spins in our products. The current 3 products are good. The Workstation product uses Gnome desktop environment. The other desktop environment spins can use the similar PRD to promote them as a product. But, we need to find names for those products then. I don’t think we need to go reverse now for already defined products.

With the advent of Fedora Council now, what do you see as the significance of FESCO in Fedora project?

I think it’s significance will remain the same. FESCo has been looking into the Working Group’s discussions then the issues like Change discussions, some package development problems, non-responsive maintainers and provenpackager requests. The Fedora Council is not supposed to this work and is a high level decision making governance body.

How “closely” do you, as a member of FESCO, follow the devel mailing list before voting on FESCO meetings? In other words, apart from your own technical qualifications, what is your typical process in arriving at decisions?

Sometimes the discussion on some topic receives many replies on the devel list within a day which takes some time to read and understand what users have to say. But, I will make sure I get enough information about the topic on which voting is going to happen. Before FESCo meeting, I will read the tickets given in agenda, try to reproduce the problem and if I can find some information related to that ticket then I will collect it. Based on this information I can decide to vote.

Anything else voters should know?

I work for Red Hat Internationalization team. All other information is already
covered in other answers.

FESCo Elections Interview with Tomas Hozza (thozza)

This is a part of FESCo Elections interviews series.

Voting is open to all Fedora contributors. The elections started on January 26th and closes promptly at 23:59 UTC on February 3rd.

Please read the responses from candidates and make your choices carefully.

Feel free to ask questions of the candidates here or elsewhere!

Interview with Tomas Hozza (thozza)

Tomas Hozza

What is your background in Fedora? What have you worked on and what are you doing now?

Proud daily user of Fedora!
Fedora contributor and package maintainer since 2012. Working mainly on network related daemons and clients. Most notably BIND, ISC DHCP (in the past), wget, dnsmasq… Currently focused on DNSSEC and DNS related things.

Do you think Fedora should be time based or more feature driven distribution? Or compromise?

I think it should be a compromise. Since Fedora is a cutting edge distribution it should have some latest features in each new release. On the other hand there has to be some schedule for the release, because without it it would be just chaos. I think the compromise should be outcome of the plans for the next release and fedora community discussions.

What are the most pressing issues facing Fedora today (from engineering POV)? What should we do about them?

Automated tests coverage for Fedora updates and rawhide especially. Detecting issues causing breakage of compose building early enough before release freezes. Way how to efficiently mass-rebuild packages for some System-Wide Changes.

Care to share a screenshot of your Fedora desktop?

Sure… Not much to see though;-).

Screenshot of desktop

What are your interests and experience outside of Fedora? What of those things will help you in this role?

Working with different upstream communities. It helps to accept other people opinions if they are better. Also helping to understand how to work with people to towards some compromise/agreement.

Other than that I like to play with Arduino hardware. Since I’m using Fedora for that I helps to see the missing pieces in the distro to be even more attractive for Arduino developers.

How can FESCo do a better job communicating with the rest of the Fedora community, or do you feel that FESCo is already doing well here?

I think that the community may feel like FESCo is not communicating that well. However I think that every time some information is missing or some important thing is discussed, it is forwarded to devel list (or some other more appropriate list) for discussion before any decision is made.

FESCo doesn’t want to make non-informed decisions and want the community to be well informed. In the end FESCo is representing the community in the decision making process.

There is one thing that could be done better. I think the FESCo meetings could be advertised in a way, that community members should definitely attend them and express their reasons/motivation/point of view when needed. Though, it is already being done in some way.

What can you accomplish as part of FESCo that you couldn’t accomplish as a contributor to Fedora without sitting on FESCo?

Contribute to the decision making process. Otherwise I think any contributor has the same possibilities as a FESCo member has, like attend FESCo meetings, contribute to the discussion, make FESCo aware of things it should be and was not, etc.

What degree of leeway do you feel that the Working Groups should have to diverge from one another in establishing their own identity?

To the point of not affecting another WG/Product in a negative way. I think it is important to expect and grant some freedom to WGs, since each one of them is trying to fulfill different users expectations.

How would you define the set of criteria for promoting a spin to a product? What about the reverse?

The ability to drive all the changes specific to the spin in time to comply with the release schedule should be one of the criteria. Also the ability to prove that the target audience is large enough (may be hard to define) for the spin to be a full product. Also the community behind such initiative should be large enough, so it can continue also if some individual contributor decides to stop working on it.

With the advent of Fedora Council now, what do you see as the significance of FESCO in Fedora project?

I think FESCo’s role is to discuss and make decisions on day-to-day engineering questions and issues.

How “closely” do you, as a member of FESCO, follow the devel mailing list before voting on FESCO meetings? In other words, apart from your own technical qualifications, what is your typical process in arriving at decisions?

I’m going through the devel list daily and I’m trying to follow the discussion as much as possible. I think that the member’s technical background is not enough to make decisions.

My typical work-flow is to go through the planned FESCo tickets discussion (in the ticket itself) before the meeting, while keeping track of the discussion every day (in the ticket and on the devel
list). However with some controversial changes/issues it is sometimes hard to follow the discussion due to giant load of emails.

I think that the involved parties should be invited to the FESCo meeting, when discussing something they are interested in, to clarify things if needed.

Anything else voters should know?

I’m not aware of any, but don’t be afraid to ask;-).

FESCo Elections Interview with David King (amigadave)

This is a part of FESCo Elections interviews series.

Voting is open to all Fedora contributors. The elections started on January 26th and closes promptly at 23:59 UTC on February 3rd.

Please read the responses from candidates and make your choices carefully.

Feel free to ask questions of the candidates here or elsewhere!

Interview with David King (amigadave)

What is your background in Fedora? What have you worked on and what are you doing now?

I work for Red Hat on Fedora Workstation, and maintain several packages in Fedora, as well as several MinGW packages in my spare time.

Do you think Fedora should be time based or more feature driven distribution? Or compromise?

Fedora is already a compromise of time- and feature-based releasing, with the regular slippage around scheduled releases. It would be nice if the slippage was less common, but with so many people and moving parts, it is a challenge.

What are the most pressing issues facing Fedora today (from engineering POV)? What should we do about them?

The product split which happened recently is still in progress, and each product will likely test the limits of what level of differentiation is possible.

Care to share a screenshot of your Fedora desktop?

There are some good screenshots of GNOME on http://www.gnome.org/

What are your interests and experience outside of Fedora? What of those things will help you in this role?

I contribute to GNOME, maintaining several modules including Cheese and Logs. I also maintain EasyTAG, as well as helping out in the GNOME documentation team. In terms of technical experience, I think that I have a broad enough experience to make useful contributions to FESCo.

How can FESCo do a better job communicating with the rest of the Fedora community, or do you feel that FESCo is already doing well here?

There is already the meetings, the minutes of those and the members are also active on IRC, so I think that FESCo does quite well already.

What can you accomplish as part of FESCo that you couldn’t accomplish as a contributor to Fedora without sitting on FESCo?

Voting at FESCo meetings on matters of interest to FESCo, which can broadly be summarised as “steering the technical direction of Fedora”.

What degree of leeway do you feel that the Working Groups should have to diverge from one another in establishing their own identity?

I think that the Working Groups have made some reasonable decisions on diverging configurations so far, such as for firewalld configuration in Workstation. If there is a question about a specific engineering
decision regarding divergence, that is something that FESCo could answer, if necessary.

How would you define the set of criteria for promoting a spin to a product? What about the reverse?

What makes a Fedora product was defined by the Fedora Board in 2014:
https://fedoraproject.org/<wbr></wbr>wiki/Fedora.next#What_makes_a_<wbr></wbr>.22product.22.3F

A spin would have to fulfil those criteria if it wanted to be promoted to a product (and stop fulfilling them for the reverse to happen).

With the advent of Fedora Council now, what do you see as the significance of FESCO in Fedora project?

FESCo was and is responsible for steering the technical direction of the project, which has not changed with the advent of the Fedora Council.

How “closely” do you, as a member of FESCO, follow the devel mailing list before voting on FESCO meetings? In other words, apart from your own technical qualifications, what is your typical process in arriving at decisions?

I am not a member of FESCo, but I am subscribed to devel, and read the mailing list. I would guess that it is fairly typical that FESCo members try to understand the topics on the meeting agenda by reading up on the topic beforehand, as well as discussing with the involved parties.

FESCo Elections Interview with Kevin Fenzi (nirik)

This is a part of FESCo Elections interviews series.

Voting is open to all Fedora contributors. The elections started on January 26th and closes promptly at 23:59 UTC on February 3rd.

Please read the responses from candidates and make your choices carefully.

Feel free to ask questions of the candidates here or elsewhere!

Interview with Kevin Fenzi (nirik)

What is your background in Fedora? What have you worked on and what are you doing now?

I started out in 2005 maintaining the Xfce desktop packages for Fedora Extras, then served on the Fedora Extras Steering Committee, then FESCo after Fedora Core and Extras Merged. I’ve been active in contributing to Fedora Infrastructure for many years, and now am employed by Red Hat to lead Fedora Infrastructure. I also contribute to Release Engineering and maintain a bunch of packages.

Do you think Fedora should be time based or more feature driven distribution? Or compromise?

I am in general in favor of time based with some fudge factor for features. Scheduling a slightly longer cycle when we know there’s big features trying to land shouldn’t be a problem, but if they cause the cycle to be too long, we should really push them to the next release.

What are the most pressing issues facing Fedora today (from engineering POV)? What should we do about them?

I think we need to work on our sponsorship/on-boarding process for new packagers, it’s frustrating for some new contributors. Of course we shouldn’t sacrifice quality, nor do I think we need to.

I think we need a better way to make mass changes accross our collection of packages (ie, for some spec change). This would take people willing to create tools and data.

Care to share a screenshot of your Fedora desktop?

I always find it a bit puzzling why people like screenshots. I use both Gnome and Xfce here (usually alternating at each boot or so), and with both of them my usual setup calls for most everything to be maximized. So, a screen shot would show you… my hexchat window, or my claws-mail window, or my midori window. It’s not really very exciting. :)
That said, here’s a shot of my xfce desktop with a terminal:

Screenshot

What are your interests and experience outside of Fedora? What of those things will help you in this role?

I brew beer and mead. That helps you take time and carefully measure and handle ingredients. I think that sort of thing is important in Fedora too. Take your time and do things right.

How can FESCo do a better job communicating with the rest of the Fedora community, or do you feel that FESCo is already doing well here?

One thing that leaps to mind is if we had someone like mizmo to do blog posts for each of our meetings. That would make them more accessible to everyone than a dry irc log.

Also, I think currently we kind of do a poor job of expressing our opinions on the devel list on topics before meetings. I can understand reasons why, (lack of time, someone else already stated the position we agree with so why add a me too, proposal has been mention 100 times and shot down before so why reply now, etc), but it might still be good to try and post more about reasoning to the devel list.

What can you accomplish as part of FESCo that you couldn’t accomplish as a contributor to Fedora without sitting on FESCo?

Guide Fedora to the right decisions based on past history and doing things right.

What degree of leeway do you feel that the Working Groups should have to diverge from one another in establishing their own identity?

I’m happy trusting the working groups to make sensible decisions and have leeway, but it’s really hard to answer this without more concrete information.

For example, I am strongly against creating multiple Fedora distributions, so I would object to working groups doing that.

How would you define the set of criteria for promoting a spin to a product? What about the reverse?

I’m not sure there’s a direct hierarchical relationship between spins and products.

Any new product I would like to see: serves some area no existing product does, has a vibrant upstream and Fedora communities working on it, and is in line with our other values.

With the advent of Fedora Council now, what do you see as the significance of FESCO in Fedora project?

FESCo I see continuing to guide the technical day to day workings of Fedora, the package collection, etc.

I expect the Council to try and work on longer term goals, etc.

How “closely” do you, as a member of FESCO, follow the devel mailing list before voting on FESCO meetings?

As the only real active moderator of the devel list, I read every single post. Of course some posts could come in while I am busy or during the meeting, but I am always caught up the day of the meetings.

In other words, apart from your own technical qualifications, what is your typical process in arriving at decisions?

I think my approach is likely very similar to any other logical person: I try and gather as much information as I can from stakeholders, I look at the code or other technical data and come to a conclusion based on all that. I’ve surely been wrong in the past, and I am sure I will be again, but we are each only human and do the best we can. :)

Anything else voters should know?

Make sure you vote! Even if you don’t wish to vote for me, or even if you want to vote against me, make your voice heard. :)

Plasma 5.2 arrives to Fedora

It’s here! Plasma 5.2 has been released just yesterday and you don’t have to wait a single minute longer to update your beloved Fedora boxes :-)

I won’t go into detail here about all the new awesome things that are waiting for you in Plasma 5.2, but I totally recommend that you go and read Plasma 5.2: The Quintessential Breakdown by Ken Vermette while you are waiting for your package manager to wade through the update. You can also read the official Plasma 5.2 release announcement, it has fancy animated screenshots ;).

And there’s other news related to Plasma 5.2 and Fedora: Fedora rawhide has bee updated to Plasma 5.2 too. This means that KDE SIG will ship Plasma 5 in Fedora 22! Of course we will still maintain the Copr repository for our Fedora 20 and Fedora 21 users.

So, how to get Plasma 5.2 on Fedora?

On rawhide, just do dnf update. On Fedora 20 and Fedora 21, if you are already running Plasma 5.1.2 from dvratil/plasma-5 Copr, then all you need to do is to run dnf update. If you are running Plasma 5.1.95 (aka Plasma 5.2 beta) from dvratil/plasma-5-beta Copr, then it’s time to switch back to stable:

dnf copr disable dvratil/plasma-5-beta
dnf copr enable dvratil/plasma-5
dnf update

If you are still running KDE 4 and you want to update to Plasma 5.2, just follow the instructions on dvratil/plasma-5 Copr page.

And if you don’t feel like installing Plasma 5 on your production box right away and would like to just try it out, there’s a live ISO for you. This time I did not forget to add Anaconda, so once you decide that Plasma 5 is good enough for you, you can just install it right from the ISO ;-)

EDIT: I might have included Anaconda, but did not add grub2 to the ISO, so the installer would fail anyway. This has been fixed and updated images are available now on the same link. If you are planning to install from the live ISO, please download the updated images (29-Jan-2015 00:42)

 

Oh, and if anyone is around in Brno next week for DevConf, let us know and we can informally meet for ceremonious consumption of beer to celebrate the Plasma release ;)

mozilla-requestpolicy extension and IceCat

RequestPolicy is an extension for Mozilla browsers that requestpolicyincreases your browsing privacy, security, and speed by giving you control over cross-site requests.

Its development is continued by volunteers in a new website requetpolicycontinued.github.io; even though there are still some compatibility issues compared to the old 0.5 version, you can downgrade at any time.

What are cross-site requests?

Cross-site requests are requests that your browser is told to make by a website you are visiting to a completely different website. Though usually legitimate requests, they often result in advertising companies and other websites knowing your browsing habits, including specific pages you view throughout the day.

Cross-site requests are also used in attacks on users who are browsing the web. Among the attacks that cross-site requests are used in, they are particularly dangerous with Cross-Site Request Forgery (CSRF) attacks where your browser is told to make a request to another website and that other website thinks you (the person) meant to make the request.

Every informations and FAQs are reported on requetpolicycontinued.github.io.

Originally, RequestPolicy extension was provided in IceCat source archive, then replaced by SpyBlock, together with Https-Everywhere and LibreJS.

IceCat 31* packaging in Fedora excludes Https-Everywhere since it’s already available separately, while new mozilla-RequestPolicy (1.0) has just been packaged and diffused by Fedora repositories.

You can install it (F20,F21,EPEL6,EPEL7) with

yum install mozilla-requestpolicy --enablerepo=updates-testing

Filed under: English, EPEL, FedoraPlanet, IceCat, Packaging, RPM, Sistema Tagged: browsing, extension, mozilla, security
The GNOME Infrastructure Apprentice Program

Many times it happened seeing someone joining the #sysadmin IRC channel requesting participation to the team after having spent around 5 minutes trying to explain what the skills and the knowledge were and why this person felt it was the right figure for the position. And it was always very disappointing for me having to reject all these requests as we just didn’t have the infrastructure in place to let new people join the rest of the team with limited privileges.

With the introduction of FreeIPA, more fine-grained ACLs (and hiera-eyaml-gpg for securing tokens, secrets, passwords out of Puppet itself) we are so glad to announce the launch of the “GNOME Infrastructure Apprentice Program” (from now till the end of the post just “Program”). If you are familiar with the Fedora Infrastructure and how it works you might know what this is about already. If you don’t please read further ahead.

The Program will allow apprentices to join the Sysadmin Team with a limited set of privileges which mainly consist in being able to access the Puppet repository and all the stored configuration files that run the machines powering the GNOME Infrastructure every day. Once approved to the Program apprentices will be able to submit patches for review to the team and finally see their work merged on the production environment if the proposed changes matched the expectations and addressed comments.

While the Program is open to everyone to join, we have some prerequisites in place. The interested person should be:

  1. Part of an existing FOSS community
  2. Familiar with how a FOSS Project works behind the scenes
  3. Familiar with popular tools like Puppet, Git
  4. Familiar with RHEL as the OS of choice
  5. Familiar with popular Sysadmin tools, softwares and procedures
  6. Eager to learn new things, make constructive discussions with a team, provide feedback and new ideas

If you feel like having all the needed prerequisites and would be willing to join follow these steps:

  1. Subscribe to the gnome-infrastructure and infrastructure-announce mailing lists
  2. Join the #sysadmin IRC channel on irc.gnome.org
  3. Send a presentation e-mail to the gnome-infrastructure mailing list stating who you are, what your past experiences and plans are as an Apprentice
  4. Once the presentation has been sent an existing Sysadmin Team member will evaluate your application and follow-up with you introducing you to the Program

More information about the Program is available here.

Conferences! (FOSDEM, DevConf, SCALE, Flock 2015, FUDCon), updates bug, and the Fedora start page

Fedora is a big project, and it’s hard to keep up with everything that goes on. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Here are the five things for January 28th, 2014:

February Conferences: FOSDEM 2015, DevConf.cz, SCALE 13x

There are several conferences with a big Fedora presence in the next month.

First up, FOSDEM, on January 31st and February 1st. Originally, the name stood for Free and Open Source Developers’ European Meeting, but as far as far as I can tell it’s really just stand-alone word, now — although the conference does have a strong developer audience. I’ll be speaking on Sunday in the distributions devroom (filling in for Stephen Gallagher, who couldn’t make the trip this year). There will also be a Fedora booth — I’ll see many of you there!

The following week, it’s DevConf.cz, a free conference organized by Red Hat Czech Republic. Sunday (February 8) is dedicated to Fedora and CentOS — check the schedule and join us (and about 1000 other sysadmins and developers) if you’re in the area. (Brno is easy to get to from Vienna or Prague.)

And then, almost halfway around the world, SCALE 13x in Los Angeles, California, from February 19-22. On Thursday, there will be a general Fedora Activity Day, and another one focused on Project Atomic and Fedora Cloud on Sunday. There are many talks from Fedora contributors: maker extraordinaire Ruth Suehle will be presenting the Sunday keynote, Brockmeier has a talk about solving packaging, or making it worse, Tom Callaway will explain FOSS licenses for non-lawyers, Ian McLeod gets into release engineering (or how the distribution sausage is made), and at the very end of it all I’ve got a talk on Fedora.next (so, save some energy and don’t take off too early)! Let me know if I’ve missed anyone’s talk — it’s a huge schedule with a lot to do, and looks to be a great conference overall.

Offline Updates Bug

If you’ve been experiencing problems installing updates via GNOME Software, or with Apper in KDE, please read this guide to solving the F21 software update glitch. Unfortunately for GUI-only users, it requires a few manual steps at the command line, but it’s not very complicated and you should be back to having a securely-updated system in no time.

Flock Dates!

Every year, we hold a big contributor-oriented conference, Flock. This alternates between Europe and North America, and this year, it will be in Rochester, New York. More details to come, but we have the dates and venue: August 12-15 at the Hyatt Regency Rochester. Hope to see you there!

FUDCon Pune

In addition to Flock, we also run several other Fedora premiere events, including FUDCons — that is, Fedora Users and Developers Conferences — in Asia/Pacific and Latan America (or, APAC and LATAM). While Flock focuses on project development and planning, FUDCon is a more general showcase for both contributors and end-users hoping to learn more. We’ve just announced the location of this year’s APAC FUDCon — Pune, India in June.

New Start Page

If you’re reading this on Fedora Magazine, you may have come here from the new Fedora Start Page, and in the past week you may have noticed a nice new look for that. Thanks to the Fedora Websites team and particularly to Robert Mayr (a.k.a. “robyduck”) for work on this.

Meanwhile, though, as people’s use of the Internet and web sites evolves, browser designers have deemphasized the idea of a portal-like “home page”. One of my focuses as Fedora Project Leader is increasing connectivity and communication across the project — that’s a reason I write 5tFTW, for example. This start page, common to most of the web browsers we ship as a default for new users, is one of the few ways we have for bringing everyone together to a common online space. The mailing lists are another, of course (with devel, test, and users serving as the biggest “hubs”), but not everyone likes to subscribe to lists, and no one has time to keep up with all that. And for very active contributors, IRC is a constant connection — but for most users and casual contributors, we don’t really have much else.

So, as this evolves to the next version, where start pages will be less and less prominent, how can we bring useful, dynamic news, features, and help to our whole community without being out-of-sight, out-of-mind — or overly pushy — all with a shoestring budget? What are your ideas?

Postscript

Sorry about missing 5tFTW last week. I’d planned to wrap it up on Friday, and then my kid brought home a very dramatic stomach bug, and I spent the day… let’s just say… graphically indisposed. Better now, and mostly dug out from the blizzard….

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="375" src="https://www.youtube.com/embed/FPmqbpPC48w?feature=oembed" width="500"></iframe>

 

5tftw-large

Security improvements in Red Hat Enterprise Linux 7

Each new release of Red Hat® Enterprise Linux® is not only built on top of the previous version, but a large number of its components incorporate development from the Fedora distribution. For Red Hat Enterprise Linux 7, most components are aligned with Fedora 19, and with select components coming from Fedora 20. This means that users benefit from new development in Fedora, such as firewalld which is described below. While preparing the next release of Red Hat Enterprise Linux, we review components for their readiness for an enterprise-class distribution. We also make sure that we address known vulnerabilities before the initial release. And we review new components to check that they meet our standards regarding security and general suitability for enterprise use.

One of the first things� th�at happens is a review of the material going into a new version of Red Hat Enterprise Linux. Each release includes new packages that Red Hat has never shipped before and anything that has never been shipped in a Red Hat product receives a security review. We look for various problems – from security bugs in the actual software to packaging issues. It’s even possible that some packages won’t make the cut if they prove to have issues that cannot be resolved in a manner we decide is acceptable. It’s also possible that a package was once included as a dependency or feature that is no longer planned for the release. Rather than leave those in the release, we do our best to remove the unneeded packages as they could result in security problems later down the road.

Previously fixed security issues are also reviewed to ensure nothing has been missed since the last version. While uncommon, it is possible that a security fix didn’t make it upstream, or was somehow dropped from a package at some point during the move between major releases. We spend time reviewing these to ensure nothing important was missed that could create problems later.

Red Hat Product Security also adds several new security features in order to better protect the system.

Before its 2011 revision, the C++ language definition was ambiguous as to what should happen if an integer overflow occurs during the size computation of an array allocation. The C++ compiler in Red Hat Enterprise Linux 7 will perform a size check (and throw std::bad_alloc on failure) if the size (in bytes) of the allocated array exceeds the width of a register, even in C++98 mode. This change affects the code generated by the compiler–it is not a library-level correction. Consequently, we compiled all of Red Hat Enterprise Linux 7 with a compiler version that performs this additional check.

When we compiled Red Hat Enterprise Linux 7, we also tuned the compiler to add “stack protector” instrumentation to additional functions. The GCC compiler in Red Hat Enterprise Linux 6 used heuristics to determine whether a function warrants “stack protector” instrumentation. In contrast, the compiler in Red Hat Enterprise Linux 7 uses precise rules that add the instrumentation to only those functions that need it. This allowed us to instrument additional functions with minimal performance impact, extending this probabilistic defense against stack-based buffer overflows to an even larger part of the code base.

Red Hat Enterprise Linux 7 also includes firewalld. firewalld allows for centralized firewall management using high-level concepts, such as zones. It also extends spoofing protection based on reverse path filters to IPv6, where previous Red Hat Enterprise Linux versions only applied anti-spoofing filter rules to IPv4 network traffic.

Every version of Red Hat Enterprise Linux is the result of countless hours of work from many individuals. Above we highlighted a few of the efforts that the Red Hat Product Security team assisted with in the release of Red Hat Enterprise Linux 7. We also worked with a number of other individuals to see these changes become reality. Our job doesn’t stop there, though. Once Red Hat Enterprise Linux 7 was released, we immediately began tracking new security issues and deciding how to fix them. We’ll further explain that process in an upcoming blog post about fixing security issues in Red Hat Enterprise Linux 7.

Detecting fake flash

I’ve been using F3 to check my flash drives, and this is how I discovered my drives were counterfeit. It seems to me this kind of feature needs to be built inside gnome-multi-writer itself to avoid sending fake flash out to customers. Last night I wrote a simple tool called gnome-multi-writer-probe which does the following few things:

* Reads the existing data from the drive in 32kb chunks every 32Mbish into RAM
* Writes random blocks of 32kb every 32MBish, and also stores in RAM
* Resets the drive
* Reads all the 32k blocks from slightly different addresses and sizes and compares them to the random data in RAM
* Writes all the saved data back to the drive.

I only takes a few seconds on most drives. It also tries to be paranoid, and saves the data back to the drive the best it can when it encounters an error. That said, please don’t use this tool on any drives that have important data on them; assume you’ll have to reformat them after using this tool. Also, it’s probably a really good idea to unmount any drives before you try this.

If you’ve got access to gnome-multi-writer from git (either from jhbuild, or from my repo) then please could you try this:

sudo gnome-multi-writer-probe /dev/sdX

Where sdX is the USB drive you want to test. I’d be interested of the output, and especially interested if you have any fake flash media you can test this with. Either leave a comment here, grab me on IRC or send me an email. Thanks.

Compiling Lohit fonts feature file with Adobe Font Development Kit
This first came to notice with issue "OTM error #13". Everything was working perfectly with fontforge, creating feature file and importing feature file back :)

But certainly above issue open up number of issues with this process. Font designers were not able to import .fea file due to this issue.

Thanks to Dave and Frank for pointing to issue and directing me towards Adobe Font Development Kit (AFDKO). Adobe is the one created specification for .fea file and provided nice tools to compile it.  Most of the information already available AT http://www.adobe.com/devnet/opentype/afdko/topic_overview.html 

 This blog is specifically to update how i am using AFDKO in Lohit project.

Steps:
1. Write open type tables for Lohit fonts in Fontforge.
2. Export .fea file
3. Generate .ttf by importing .fea file to it using following commands.
4. makeotf -f Lohit-Tamil.ttf -ff Lohit-Tamil.fea

Makeotf is python wrapper over makeotfexe. makeotfexe can not process .ttf generated from fontforge. 
In first step makeotf convert .ttf provided to unix Type1 font.

It fails with error but it generates unix Type1 font required for makeotfexe.

What errors :)

  makeotf command pass following arguments to makeotfexe

  "makeotfexe "-f" "Lohit-Tamil.ttf.tmp" "-o" "Lohit-Tamil.ttf.temp_cff" -ff "Lohit-Tamil.fea" -ga -gf "Lohit-Tamil.ttf.temp.GOADB" -mf "FontMenuNameDB" -shw"

In above argument  "-ga -gf "Lohit-Tamil.ttf.temp.GOADB"  are not required but somehow automatically gets added by makeotf.

* We should replace -ga with -nga for not using GlyphOrderAndAliasDB. GlyphOrderAndAliasDB file is provided for ease of writing feature file.

* User can write feature file with user friendly names and use GlyphOrderAndAliasDB for adding name required as per standard.

* If one not using  GlyphOrderAndAliasDB, he should remove "-ga -gf "Lohit-Tamil.ttf.temp.GOADB"  and put -nga instead.

But makeotf done one good job of converting source font 'Lohit-Tamil.ttf' to temporary Unix Type1 font file 'Lohit-Tamil.ttf.tmp'

You will requires FontMenuDB file. Its content should be as per fonts. Font Lohit
[psatpute@dhcp201-194 bengali]$ cat FontMenuNameDB
[Lohit-Devanagari]
    f=Lohit Devanagari
    s=Regular
    l=Lohit Devanagari

5. run makeotfexe removing problem cuasing arguments.
 makeotfexe "-f" "Lohit-Tamil.ttf.tmp" "-o" "Lohit.ttf" -ff "Lohit-Tamil.fea" -nga -mf "FontMenuNameDB" -shw

And here get you Lohit.ttf build by adding .fea file with AFDKO.

Hope so it will help to some others as well.

I specifically found this very useful for finding issues in Lohit-Devanagari.fea files.
Two Wallpapers for Fedora :)

“Feel free and share “

Mockingbird-stripes-3-mo-jef_feb15
Download


rect5399
Download



All systems go
New status good: Everything seems to be working. for services: Fedora Wiki, Fedora People, Zodbot IRC bot, The Koji Buildsystem, Darkserver, Tagger, Package Database, Fedora pastebin service, Blockerbugs, Badges, FedoraHosted.org Services, Mirror Manager, FedOAuth, Mirror List, Package maintainers git repositories, Account System, Fedora websites, Documentation website, COPR Build System, Package Updates Manager, Ask Fedora, Fedora Packages App, FreeMedia, Fedora Messaging Bus, Fedora elections, Mailing Lists, Fedora Calendar
Worried about GHOST? Don’t be, on supported Fedora versions.

There’s a quite serious security vulnerability making the news today (ZDNet, Ars Technica), CVE-2015-0235, nicknamed “GHOST”. It happens that this flaw was fixed in glibc-2.18 (but quietly, and the full implications don’t seem to have been widely noticed). That means that Fedora 20 and Fedora 21 are not vulnerable to this problem, because they shipped with newer versions than that — but note that Fedora 19 and before are. If you are running an old release, and haven’t yet gotten around to updating, this is an excellent time to do so.

(If you’re running one of our downstream distributions, or are just curious, see Red Hat’s security advisory for CVE-2015-0235 for RHEL.)

January 27, 2015

Major service disruption
New status major: rebooting servers for services: Fedora Wiki, Fedora People, Zodbot IRC bot, The Koji Buildsystem, Darkserver, Tagger, Package Database, Fedora pastebin service, Blockerbugs, Badges, FedoraHosted.org Services, Mirror Manager, FedOAuth, Mirror List, Package maintainers git repositories, Account System, Fedora websites, Documentation website, COPR Build System, Package Updates Manager, Ask Fedora, Fedora Packages App, FreeMedia, Fedora Messaging Bus, Fedora elections, Mailing Lists, Fedora Calendar
Setting up NginX, MariaDB and PHP with EL6

I decided to port this over from one of my Previous posts to give myself some content worth reading. Its a guide I wrote that walks you through the process of setting up MariaDB, NginX and PHP on CentOS 6. This is now the default “lamp” (I suppose its now LNMP) stack of EL7.

 

Pre-Requisites :

An EL6 Server (A VPS Will do)
15-20 Minutes of Spare Time

Initial Setup

First we need to install the EPEL Package source.

# rpm -Uivh http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

PHP and php-fpm

What is php-fpm?
PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.

To install via yum you can simply do

# yum -y install php php-fpm php-mysql

MariaDB

What is MariaDB?
MariaDB is a drop in replacement for mySQL (i.e its entirely compatible with mySQL)

To install it you need to add a file called mariadb.repo to /etc/yum/repos.d the file should contain

# MariaDB 10.0 CentOS repository list - created 2014-04-28 00:16 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Once you have this simply install with

# yum -y install MariaDB-* --skip-broken --exclude=MariaDB-Galera-server

The above will install all you need unless you wish to setup a MariaDB Cluster (Stay Tuned for another tut)

You can access the MariaDB Console from

# mysql

NginX

Nginx (pronounced engine-x) is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Igor Sysoev started development of Nginx in 2002, with the first public release in 2004. Nginx now hosts nearly 12.18% (22.2M) of active sites across all domains. Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

Installing NginX is pretty simple its just

# yum -y install nginx

Setting up your vhost
Create a file in /etc/nginx/conf.d called example.com

The file should contain the following (I have commented)

server {
    listen       80; # Use port 80 as listening port
    server_name  example.com www.example.com; # Serve both www.example.com and example.com
    root /var/www/example/; # Absolute Path to webroot
    index index.php index.htm index.html; # index file names

    # This block denies access to common config files
    location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|store) {
        deny all;
        return 403;
    }

    # Cache configuration for image files
    location ~* \.(gif|jpe?g|png|css)$ {
        expires   30d;
    }

    # Handle PHP File
    location ~ \.php$ {
        try_files $uri =404; # If the file does not exist return a 404 error
        fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock; # Use a unix socket for fast-cgi
        fastcgi_index  index.php; # Indec files for fast_cgi
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name; # Fast CGI Script Location
        include fastcgi_params;  # Include Fast CGI Defaults
    }
}

Starting Up

# service php-fpm start
# chkconfig php-fpm on
# service nginx start
# chkconfig nginx on
# service mysqld start  # NOTE: MariaDB uses mysqld as daemon name
# chkconfig mysqld on
A Blog Refresh!

Recently I had a Multi-Disk failure in a RAID6 Array. I didn’t expect that to happen but I suppose it did.

Instead of restoring a backup I have decided to start my blog from scratch. I loose a few posts but I suppose that happens.

Its not all bad news though, This allowed me to rebuild my infrastructure and have a play around with oVirt and I must say I genuinely love it.

I will be posting a guide in the near future on how to setup and configure your own oVirt Virtualisation Platform on CentOS and Fedora!

All systems go
Service 'Mirror List' now has status: good: Everything seems to be working.
Major service disruption
Service 'Mirror List' now has status: major: Mirrorlist servers down, being worked on
Server SIG Weekly Meeting Minutes (2014-01-27)

<html> <head> <meta content="text/html;charset=UTF-8" http-equiv="Content-type"/>
<style type="text/css"> /* This is for the .html in the HTML2 writer */ body { font-family: Helvetica, sans-serif; font-size:14px; } h1 { text-align: center; } a { color:navy; text-decoration: none; border-bottom:1px dotted navy; } a:hover { text-decoration:none; border-bottom: 0; color:#0000B9; } hr { border: 1px solid #ccc; } /* The (nick, time) item pairs, and other body text things. */ .details { font-size: 12px; font-weight:bold; } /* The 'AGREED:', 'IDEA', etc, prefix to lines. */ .itemtype { font-style: normal; /* un-italics it */ font-weight: bold; } /* Example: change single item types. Capitalized command name. /* .TOPIC { color:navy; } */ /* .AGREED { color:lime; } */ </style>

</head> <body>

#fedora-meeting-1: Server SIG Weekly Meeting (2014-01-27)

Meeting started by sgallagh at 16:01:45 UTC (full logs).

Meeting summary

  1. roll call (sgallagh, 16:01:51)
  2. Fedora 22 progress (sgallagh, 16:09:41)
    1. The anaconda team has added new hooks in Fedora 22, so we can simplify the branding needs as well as altering the defaults for things like partitioning. This is going to make it easier to generate the product-specific install media. (sgallagh, 16:11:33)
    2. I’ve got a proof-of-concept of the Database Server Role in progress on my github clone of the rolekit repo. It’s about 50% complete at this point. (sgallagh, 16:14:44)
    3. I’ve worked with the Cockpit upstream designer and we have a visual design ready for the Domain Controller support. However, I have nonexistent JavaScript skills and am looking for a volunteer to help with implementation. (sgallagh, 16:16:45)
    4. Anyone with some JavaScript skills and an interest in Fedora Server is invited to help with adding the Domain Controller Role to Cockpit. (sgallagh, 16:19:57)

  3. Open Floor (sgallagh, 16:26:52)
    1. ACTION: Corey84 volunteers for testing Server features. (sgallagh, 16:31:12)

Meeting ended at 16:35:14 UTC (full logs).

Action items

  1. Corey84 volunteers for testing Server features.

Action items, by person

  1. Corey84
    1. Corey84 volunteers for testing Server features.

People present (lines said)

  1. sgallagh (38)
  2. Corey84 (13)
  3. danofsatx (8)
  4. simo (6)
  5. zodbot (5)
  6. nirik (3)
  7. corey84– (3)
  8. jsmith (2)
  9. adamw (0)
  10. mitr (0)
  11. stefw (0)
  12. tuanta (0)
  13. mizmo (0)

Generated by MeetBot 0.1.4. </body></html>

Crear un lanzador (Acceso Directo) en Fedora 21

En muchas ocaciones descargamos una aplicación para Linux, la desempaquetamos, buscamos el ejecutable y la usamos, pero queda aún mejor si creamos un lanzador o acceso directo para no estar buscando entre un mar de directorios que pueda existir en nuestro disco.

1. Descargue la aplicación. Para nuestro caso será Aptana Studio.

Screenshot-Downloads

2. Copiar al irectorio Documents y descomprimir el paquete.

descom

3. Ingrese hasta la siguiente directorio.

#/usr/share/applications

4. Crear un fichero con el nombre AptanaStudio.desktop e ingresar el siguiente contenido.

  • Name=NombredelPrograma
  • Comment=Comentario a cerca del programa
  • Exec=Ruta del ejecutable
  • Icon=Ruta donde se encuetra un icono referencial al programa.
  • Categories=En que categoría según tu entorno gráfico se ubicara el lanzador.

Screenshot-bernardoha@localhost:-usr-share-applications

5. Buscar el programa y ejecutar.

ver_prog


Gained new power

Today Dennis Gilmore asked me on #fedora-arm “Are you a packager in Fedora?” so I answered that I am in “packager” group but do not own a package in Fedora and do not have plans to change it.

It turned out that the question was part of thinking that maybe I should get membership in the secondary arch group which would allow me to commit my fixes directly. Normally I prefer to grab maintainer’s attention with new reported bug or even IRC discussion about an issue. But sometimes there is no response and fix is aarch64 related without any changes for primary architectures.

So now I can commit fixes to Fedora packages directly to git repositories. Will not overuse this privilege and make it only when it is really required.


All rights reserved © Marcin Juszkiewicz
Gained new power was originally posted on Marcin Juszkiewicz website

Fedora kernel position
As you might have seen Paul blog about, Red Hat has an immediate opening for a Fedora kernel maintainer position on my team. This is actually a fairly rare thing, as we don't have a lot of churn in our department and most of the engineering positions we hire for are primarily RHEL roles. If you have kernel experience and love working on fast-paced and frequently updated kernels, then this might be a good role for you.

The job writeup is accurate in terms of what we expect, but it is also kind of broad. That is primarily because the role is too. Yesterday davej wrote a bit about how working on a Fedora kernel is like getting a 10,000ft view of everything. It's actually a really good analogy, and Dave would know as he did it longer than anyone. We deal with a lot of varied issues, on an even more varied set of hardware. This isn't a traditional development job. Being curious and willing to learn is key to enjoying a distro kernel maintainer role.

That being said, we're also looking at ways to make a bigger impact both upstream and in Fedora itself. Filling this position is a key part of that and I'm excited to see how it plays out. If you're interested in it, please don't hesitate to send me questions via email or on IRC. Also be sure to apply via the online job posting here:

http://jobs.redhat.com/jobs/descriptions/fedora-kernel-engineer-westford-massachusetts-job-1-5076703
Scammers at promo-newa.com

tl;dr Don’t use promo-newa.com, they are scammers that sell fake flash.

Longer version: For the ColorHug project we buy a lot of the custom parts direct from China at a fraction of the price available to us in the UK, even with import tax considered. It would be impossible to produce such a low cost device and still make enough money to make it worth giving up our evenings and weekends. This often means sending thousands of dollars to sketchy-looking companies willing to take on small (to them!) custom orders of a few thousand parts.

So far we’ve been very lucky, until last week. I ordered 1000 customized 1GB flash drives to use as a LiveUSB image rather than using a LiveCD. I checked out the company as usual, and ordered a sample. The sample came back good quality, with 1GB of fast flash. Payment in full was sent, which isn’t unusual for my other suppliers in China.

Fast forward a few weeks. 1000 USB drives arrived, which look great. Great, until you start using them with GNOME MultiWriter, which kept throwing validation warnings. Using the awesome F3 and a few remove-insert cylces later, the f3probe tool told me the flash chip was fake, reporting the capacity to be 1GB, when it was actually 96Mb looped around 10 times.

Taking the drives apart you could also see the chip itself was different from the sample, and the plastic molding and metal retaining tray was a lower quality. I contacted the seller, who said he would speak to the factory later that day. The seller got back to me today, and told me that the factory has produced “B quality drives” and basically, that I got what I paid for. For another 1600USD they would send me the 1GB ICs, which I would have to switch in the USB units. Fool me once, shame on you; fool me twice, shame on me.

I suppose people can use the tiny flash drives to get the .icc profile off the LiveCD image, which was always a stumbling block for some people, but basically the drives are worthless to me as LiveUSB devices. I’m still undecided whether to include them in the ColorHug box; i.e. is a free 96Mb drive better than them all going into landfill?

As this is China, I understand all my money is gone. The company listing is gone from Alibaba, so there’s not a lot I can do there. So other people can hopefully avoid this same mistake, I’ve listed all the details here, which hopefully will become googleable:

Promo-Newa Electronic Limited(Shenzhen)
Wei and Ping Group Limited(Hongkong)  

Office: Building A, HuaQiang Garden, North HuaQiang Road, Futian district, Shenzhen China, 0755-3631 4600
Factory: Building 4, DengXinKeng Industrial Zone, JiHua Road,LongGang District, Shenzhen, China
Registered Address: 15/B—15/F Cheuk Nang Plaza 250 Hennessy Road, HongKong
Email: sales@promo-newa.com
Skype: promonewa
India Calling – Namaste FUDCon APAC 2015

I am extremely pleased to announce that the FUDCon APAC 2015 will be hosted in Pune, India. There was a bid from Pune, India and PhnomPenh, Cambodia. After a lot of discussion, Pune, India has been given an opportunity to be the host for FUDCon APAC 2015.

For the curious homosapiens, FUDCon is the Fedora Users and Developers Conference: a major free & open source software event held  in various regions around the world, twice annually.  FUDCon is a great combination of sessions, talks, workshops, and hackfests and it is always free to attend for anyone in the world.

For the FUDCon Pune, we are expecting varied and interesting talks and presence of large numbers of contributors. Like last year, 2015 will also be a great year of events for the Fedora Community. We expect FUDCon Pune to be a productive event for the local and global community.

As we all know, the price of success is hard work, so our organizing committee in Pune is already working sedulously and going the extra mile to make the event successful.

So Fedorians , get ready to be part of one of the largest and most productive events of Fedora. I will post CFP dates and link soon. Stay tuned.. :)

Here is important & useful information for FUDCon Pune,2015 India:
Time: 26 – 28 June 2015
Venue: MIT College of Engineering , Pune, India
Details: https://fedoraproject.org/wiki/FUDCon:Bid_for_Pune_2015
MOM: http://piratepad.net/FUDConPune2015

India Calling – Namaskar FUDCon APAC 2015

I am extremely pleased to announce that the FUDCon APAC 2015 will be hosted in Pune, India. There  was a bid from Pune, India and PhnomPenh, Cambodia And after  a lot of discussions, meetings – Pune, India has been given an opportunity to be the  host for FUDCon APAC 2015.

For the curious homosapiens, FUDCon is the Fedora Users and Developers Conference. A major free & open source software event held  in various regions around the world, annually twice.  FUDCon is a great combination of sessions, talks, workshops, and hackfests and it is always free to attend for anyone in the world.

For the FUDCon Pune, We are expecting, there will be varied and interesting list of proposed talks and presence of large number of contributors. Like last year, 2015 will also be a great year of events for the Fedora Community. We expect FUDCon Pune, India to be a productive event for the local and global community.

But as we all know that the price of success is hard work, so our organizing committee in Pune, is already working sedulously and going the extra mile to make the event successful.

So fedorians , get ready to be part of one of the largest and productive event of Fedora. I will post CFP dates and link soon. Stay tuned.. :)

Here is important & useful information for FUDCon Pune,2015 India ::
Time: 26 – 28 June 2015
Venue: MIT College of Engineering , Pune, India
Details: https://fedoraproject.org/wiki/FUDCon:Bid_for_Pune_2015
MOM: http://piratepad.net/FUDConPune2015


First FUDCon India Planning Meeting
This is our first FUDCon planning meeting after bidding confirmation[0]. We sent invite through fedora-india mailing list[1] about volunteering job. We created  a pirate-pad[2] for same and put out tasks which need to take care of by volunteer team. We segregated tasks into News/Announcement, CFP, Travel, Accommodation,  Website, Design, Marketing and Swag. We also created small groups[3] for different tasks and planned to have weekly sync up with progress. Most of volunteer are currently Pune locale since a lot of physical presence need for most of these tasks but there will be more calls for volunteer in future for specific tasks.

So far so good, we got a volunteer team and also first draft of our plan.

[0] https://lists.fedoraproject.org/pipermail/famsco/2015-January/001666.html
[1] https://lists.fedoraproject.org/pipermail/india/2015-January/005691.html
[2] http://piratepad.net/FUDConPune2015
[3] https://www.piratepad.ca/p/FUDConPunePlanning-27-Jan-2015
quick audit rules for sanity check

Most of the time when I really want to figure out what is going on deep within a piece of software I break out strace and capture all the gory detail. Unfortunately it isn't always that easy to manipulate and run something from the command line but I have found that some simple uses of the audit daemon can give you great insight without having to dig too deep.

Example Problem

I have a script, switch.py, I want to call via a bound key sequence from i3 window manager. However, I notice that nothing happens when I press the key sequence. Is the script failing or is the script not getting called at all? auditd and auditctl can help us figure this out.

Using audit

To take advantage of system auditing the daemon must be up and running:

# systemctl status auditd.service | grep active
       Active: active (running) since Sun 2015-01-25 13:56:27 EST; 1 day 9h ago

You can then add a watch for read/write/execute/attribute accesses on the file:

# auditctl -w /home/dustymabe/.i3/switch.py -p rwxa -k 'switchtest'
# auditctl -l
-w /home/dustymabe/.i3/switch.py -p rwxa -k switchtest

Notice the usage of the -k option to add a key to the rule. This means any events that match the rule will be tagged with this key and can be easily found. Any accesses will be logged and can be viewed later by using ausearch and aureport. After putting the rules in place in another terminal I accessed the file as a normal user:

$ pwd
/home/dustymabe
$ cat  .i3/switch.py
... contents of file ...
$ ls .i3/switch.py
.i3/switch.py

Then I was able to use a combination of ausearch and aureport to easily see who accessed the file and how it was accessed:

# ausearch -k switchtest --raw | aureport --file

File Report
===============================================
# date time file syscall success exe auid event
===============================================
1. 01/26/15 22:59:26 .i3/switch.py 2 yes /usr/bin/cat 1000 1299
2. 01/26/15 23:00:19 .i3/switch.py 191 no /usr/bin/ls 1000 1300

Awesome.. So with auditing working now all I have to do is press the key sequence to see if my script is getting called?? Turns out it was being called:

# ausearch -k switchtest --raw | aureport --file

File Report
===============================================
# date time file syscall success exe auid event
===============================================
1. 01/26/15 22:59:26 .i3/switch.py 2 yes /usr/bin/cat 1000 1299
2. 01/26/15 23:00:19 .i3/switch.py 191 no /usr/bin/ls 1000 1300
10. 01/26/15 23:38:15 /home/dustymabe/.i3/switch.py 59 yes /usr/bin/python2.7 1000 1326
11. 01/26/15 23:38:15 /home/dustymabe/.i3/switch.py 89 no /usr/bin/python2.7 1000 1327
12. 01/26/15 23:38:15 /home/dustymabe/.i3/switch.py 2 yes /usr/bin/python2.7 1000 1328
13. 01/26/15 23:38:15 /home/dustymabe/.i3/switch.py 2 yes /usr/bin/python2.7 1000 1329
14. 01/26/15 23:38:15 /home/dustymabe/.i3/switch.py 2 yes /usr/bin/python2.7 1000 1330
15. 01/26/15 23:38:15 /home/dustymabe/.i3/switch.py 2 yes /usr/bin/python2.7 1000 1331

So that enabled me to concentrate on my script and find the bug that was lurking within :)

Have fun auditing!
Dusty

Fedora 21 Spin Cinnamon ( Thank’s Dan Book)

Fedora 21 Spin Cinnamon

  • anaconda-21.48.21-1
  • firefox-35.0-3
  • thunderbird-31.4.0-1
  • cinnamon-2.4.5
  • libreoffice-core-4.3.5.2-11
  • kernel-3.18.3-201
  • mas…

Additional Information

https://fedoraproject.org/wiki/Cinnamon_Spin


Download Fedora 21 Cinnamon Spin

Fedora 21 cinnamon 32 bits
Fedora 21 cinnamon 64 bits


Screenshot from 2015-01-26 22:57:09


Fedora 21 Spin Cinnamon ( gracias Dan Book)

Fedora 21 Spin Cinnamon

  • anaconda-21.48.21-1
  • firefox-35.0-3
  • thunderbird-31.4.0-1
  • cinnamon-2.4.5
  • libreoffice-core-4.3.5.2-11
  • kernel-3.18.3-201
  • mas…

Información adicional

https://fedoraproject.org/wiki/Cinnamon_Spin


Links de Descargas

Fedora 21 cinnamon 32 bits
Fedora 21 cinnamon 64 bits


Screenshot from 2015-01-26 22:57:09


January 26, 2015

Bugs related to GTK+ 3.15.4: White text in Firefox, shrinking GNOME Terminals

A major GTK+ 3 update landed in Rawhide recently, and there are at least a couple of fairly prominent bugs related to it. Lots of text in the Firefox interface – on tab titles, menus, buttons, and things – is now white on grey, which is ugly-to-borderline-unreadable. Also, GNOME terminal windows are now extremely prone to shrinking when focused or unfocused, or when you create and close tabs.

Both bugs have been reported and should be addressed soon:

* Firefox white text bug
* GNOME Terminal shrink bug

so you may want to copy yourself on those bug reports to follow progress. In the meantime, you might want to drop back to GTK+ 3.15.3, or perhaps just switch to a different Terminal app and live with the white text in Firefox.


State of the Fedimg AMI

If you use Fedora Cloud through Amazon EC2, chances are, you’re using AMIs that were generated with Fedimg. Today marks the release of version 0.4 of this software, and I’m long overdue for a blog update.

Three changes you should know about:

  • Fedora Cloud base AMIs are now made available as both paravirtual and HVM. Atomic AMIs remain available in HVM only, as atomic does not support paravirtual. At the moment, I don’t think the base HVM AMIs are linked to on Fedora’s official site, but you can find a signed list of their IDs on my mailing list post.

  • Default volume size has been reduced from 12 GB to our minimum of 3 GB. The smaller volume size reduces instance costs. Also, volume size options have been added to Fedimg’s configuration file.

  • The upload process is now multithreaded. This will speed up the entire Fedimg process, especially in the future, when Fedimg is uploading to many different services.

Detailed changes can be seen in the changelog.

For this release, there won’t be any change to the end users’ workflow. Fedimg has been updated to 0.4 in both staging and production, and you should continue to see Fedimg fedmsgs close behind any “completed image build” fedmsgs. These fedmsgs include an extra dict that will contain an id string that is the AMI ID, so you can know the exact AMI that each Fedimg fedmsg is associated with.

Fedimg’s EC2 service has matured quite nicely, and I’m confident that it will be quite helpful as we get closer to the Fedora 22 release date. Still, there’s more to do. After speaking with gholms in #fedora-cloud, I’ve realized that there will need to be at least six different AMI types created for each image. These six types can be seen in this section in the docs. This was a big reason for all the refactoring I did to the EC2 service for this new release — I needed to pave the way for registering each image as many different kinds of AMIs. The added multithreading will help with that, too. Because of the important role of EC2, adding support for these AMI types is probably higher priority than finally adding OpenStack support (a task I’ve been holding off on for some time now).

If you’d like to play with Fedimg yourself, you can install it on your own machine and then use the tests/bin/uploadtest.py script I’ve committed to the repo to trigger a full upload process. You can replace the URL in that script with the URL of any raw.xz image file. Of course, you’ll need to provide your own AWS credentials in the config file. If you change the URL to the raw.xz file to another image, you may need to alter additional config options as necessary.

As always, feel free to file issues and submit changes on GitHub.

Get your Nagios issues as an iCalendar feed

The other day I demonstrated how to get your Github issues/bugs as an iCalendar feed.

I'm planning to take this concept further and I just whipped up another Python script, exposing Nagios issues as an iCalendar feed.

The script is nagios-icalendar. Usage is explained concisely in the README file, it takes just minutes to get up and running.

One interesting feature is that you can append a contact name to the URL and just get the issues for that contact, e.g.:

http://nagios-server.example.org:5001?contact=daniel

Screenshots

Here I demonstrate using Mozilla Lightning / Iceowl-extension to aggregate issues from Nagios, the Fedora instance of Bugzilla and Lumicall's Github issues into a single to-do list.

gimp-paint-studio addon soon on Gnome Software Center
Image speaks itself. gimp-paint-studio package just got an metainfo needed for Gnome Software Center as add-on for Gimp based on related Richard Hughes' blog. The updated package will be shortly available in Rawhide and also in Fedora 21 updates-testing repository. It will not be included for Fedora 20 due  to the preview release of Gnome Software lacking addons support. Next step will be contacting upstream adding that metainfo.  Hopefully other add-ons maintainers for applications such as Inkscape and Blender will do the same to bring a richful experiences to users.
KDE Frameworks 5 based apps available in copr

I have built RPM packages of some KDE applications frameworks branch, such as Konsole, Dolphin which are available in my copr. It is based on the Plasma-5.2 beta copr from Dan Vratil, you’d need to enable it first to pull dependencies. Packages are available for Fedora 20 and 21, i386 and x86_64 architectures.

Dolphin-Plasma-5.2-beta


Tagged: fedora, kde, rpm
Thanks for all the applications

Jobs at Red Hat
So I got a LOT of responses to my blog post about the open positions we have here at Red Hat working on Fedora and the Desktop. In fact I got so many it will probably take a bit of time before we can work through them all. So you might have to wait a little bit before getting a response from us. Anyway, thanks you to everyone who sent me their CV, much appreciated and looking forward to working with those of you we end up hiring!

Builder campaign closes in 13 hours
I want to make one last pitch for everyone to contribute to the Builder crowdfunding campaign. It has just passed 47 000 USD as I write this, which means we just need another 3000 USD to reach
the graphical debugger stretch goal. Don’t miss out on this opportunity to help this exciting open source project!

Fiesta de liberación de Fedora 21 en Managua

El sábado 17 celebramos la fiesta de lanzamiento de Fedora 21 en Mansión Teodolinda, Managua. Llegaron más o menos 25 personas al evento. Había tanto gente nueva que nunca había asistido a un evento de software libre antes y tuve la oportunidad de conocer como las viejas caras conocidas, por supuesto. Este fue el primer evento de la comunidad GULNI del año.

Se repartieron discos de F21 y calcomanísas. Yo di los últimos pines que me quedaban de los que Itamar me había dado para compartir.

En la agenda habían tres charlas, en una de las cuales yo iba a participar. Primero habló William sobre cockpit, la nueva herramienta de administración de servidores desarrollada por Red Hat.

Luego seguía yo con William de nuevo, Esta vez sobre el equipo de QA que quedó pendiente en el FUDCon. Los participantes participaron activamente de la charla lo que demuestra el interés en la misma.

Y al final de la charla tuve la oportunidad de comer pizza…

Al final, Neville dio su charla interesante sobre el proyecto Icaro.

El evento estuvo bastante bien. Viejos amigos se reecontraron y tuvimos la asistencia que esperábamos. En general todos la pasamos bien. Me gustaría agradecer a Neville por facilitarnos el local para el evento.