May 27, 2015

Fedora 22 telah dirilis



Fedora 22 telah dirilis kemarin 26 Mei 2015. Akhirnya berhasil menginstal, walaupun sempat mengalami kendala. Install media Fedora 22 sudah lolos verifikasi tapi saat mencoba fresh install selalu crash saat login. Karena komputer sudah ada Fedora 21, aku upgrade langsung dengan FedUp.


Yang baru di Fedora 22 workstation

Sudah menggunakan Kernel 4.0.0



DNF menggantikan YUM, DNF menjadi manajemen paket default. DNF lebih optimal, lebih cepat, lebih baik manajemen dependensi. Bagi sering mengguna aplikasi “Software” mungkin tidak akan mengetahui hal ini.




Notifikasi tidak akan lagi berada dibawah, melainkan akan menyatu dengan kalender dibagian top bar. Dengan begitu, notifikasi tidak akan mengalihkan fokus pada hal yang sedang kita lakukan. Dan juga lebih mudah untuk kita untuk menanggapinya.

Aplikasi Software mengalami pembaruan sehingga memudahkan untuk menginstal dan menghapus aplikasi. Dan bisa menjaga sistem tetap terbarui tanpa merepotkan.




Files, aplikasi manajemen files tampil lebih menarik dan mempunyai thumbnail yang lebih besar. Jika ingin menghapus file tidak perlu lagi pakai Ctrl, cukup pencet tombol Delete.




Image Viewer, menjadi lebih simple dan melihat koleksi gambar/wallpaper menjadi lebih menyenangkan.

Download, Upgrade, Dokumentasi dan Bugs

Download Fedora 22

https://getfedora.org/

Upgrade

http://fedoraproject.org/wiki/Upgrading

https://fedoraproject.org/wiki/FedUp

Dokumentasi
http://docs.fedoraproject.org/

Bugs
http://fedoraproject.org/wiki/Common_F22_bugs
Some more mockups for Tags, People and Badges pages
Tags Page Desktop View Mockups




























Tags Page Mobile View Mockups

























People Page Desktop View Mockups

People Page Mobile View Mockups
























Badges Page Desktop View Mockups

Badges Page Mobile View Mockups


EVENTO DE SOFTWARE LIBRE EN SENATI - LOCAL CENTRAL
El dia 22 y 23 de mayo se realizo el 1er evento de software libre realizado en SENATI - Local Central ubicado en Independencia - Lima. (www.senati.edu.pe). Dicho evento causo mucha expectativa.
En el evento para el dia 22 de mayo, estuvieron presentes algunas personas importantes que siempre apoyan al software libre.
En la foto de izquierda a derecha: Alex Aragon (Comunidad de Blender), Carlos Jara Alva (Embajador de Fedora en el Peru - Organizador del evento), Carlos Ganoza, Sergio Infante y Pedro Muñoz (Presidente de APESOL - Peru)
Cada uno de los ponentes dio una charla segun el cronograma planeado
 El ponente Sergio Infante hablando sobre "Tendencias en el desarrollo de Opensource"

El ponente Alex Aragon explicando el tema "Usando herramientas de diseño con software libre". El dia 23 de Mayo se realizaron los talleres en los laboratorios de Senati - ETI (Escuela de tecnologia de informacion) y Escuela de Administracion Industrial, desde las 10:00am hasta las 12:30pm.


Taller de Seguridad, a cargo de Anthony Mogrovejo(Embajador de Fedora en el Peru), en el laboratorio 109 en la Escuela de ETI. Fue un lleno total

Taller de Diseño en Blender, a cargo de Alex Aragon (Comunidad de Blender), en el laboratorio 205 de la Escuela de Administracion Industrial. No quedo espacio alguno.


Taller de Android, a cargo de Alfredo Nuñez (Comunidad de Fedora). Realizado en el laboratorio 108 de la Escuela de ETI.
Tambien agradecer al jefe de la escuela de ETI, Ing. Julio Paiva y al jefe de la escuela de Industriales, Ing. Job Chanava por el apoyo dado.
Muchas gracias por todos, seguiremos apoyando al software libre y realizando eventos.
Xen 4.5 crashes during boot on Fedora 22

Xen LogoIf you’re currently running a Xen hypervisor on a Fedora release before 22, stay put for now.

There’s a bug in Xen when you compile it with GCC 5 that will cause your system to get an error during bootup. In my case, I’m sometimes getting the crash shortly after the hypervisor to dom0 kernel handoff and sometimes it’s happening later in the boot process closer to when I’d expect a login screen to appear.

Here are some helpful links to follow the progress of the fix:

Michael Young found that Xen 4.5.1-rc1 (which has code very similar to 4.5) will compile and boot if compiled with GCC 4.x in Fedora 21. It’s a decent workaround but it’s certainly not a long term fix.

I’m still doing some additional testing and I’ll update this post as soon as there’s more information available.

The post Xen 4.5 crashes during boot on Fedora 22 appeared first on major.io.

ColorHugALS and Sensor HID

As Bastien hinted in his last blog post, we now have some new test firmware for the ColorHugALS device. The ever-awesome Benjamin Tissoires has been hacking on an alternative device firmware, this time implementing the Sensor HID interface that Microsoft is suggesting vendors use for internal ambient light sensors on tablets and laptops for Windows 8.

Implementing this new interface has several advantages:

  • The sensor should “just work” with Windows 8 without a driver
  • The sensor now works with iio-sensor-proxy without writing any interface code
  • We can test the HID code in the kernel with a device we can hack to do strange things
  • colorhug-als1-large

    So, if you want to test the new GNOME ambient light sensor code, flash your ColorHugALS with this file using colorhug-cmd flash-firmware ColorHugALS-SensorHID.bin — the flash process will appear to fail right at the end, but this is just because we’ve not yet written the HID version of the SetFlashSuccess call that instructs the bootloader to start the firmware automatically when inserted. This isn’t actually such a bad thing for an experimental firmware, but means when you remove then insert your ALS device you’ll have to do colorhug-cmd boot-flash to switch from the flashing red LED bootloader mode into the new firmware mode.

    If it’s too broken for you right now, you can go back to the real firmware using colorhug-cmd when in bootloader mode.

    colorhug-als2-large

    There are still 17 ColorHugALS devices in stock, if you want to buy one for testing. Once they’ve gone, they’re gone, I don’t think I’ll be building another batch unless there’s a lot more demand as right now I’m building them at a loss.

    This is not the UEFI backdoor you are looking for
    This is currently the top story on the Linux subreddit. It links to this Tweet which demonstrates using a System Management Mode backdoor to perform privilege escalation under Linux. This is not a story.

    But first, some background. System Management Mode (SMM) is a feature in most x86 processors since the 386SL back in 1990. It allows for certain events to cause the CPU to stop executing the OS, jump to an area of hidden RAM and execute code there instead, and then hand off back to the OS without the OS knowing what just happened. This allows you to do things like hardware emulation (SMM is used to make USB keyboards look like PS/2 keyboards before the OS loads a USB driver), fan control (SMM will run even if the OS has crashed and lets you avoid the cost of an additional chip to turn the fan on and off) or even more complicated power management (some server vendors use SMM to read performance counters in the CPU and adjust the memory and CPU clocks without the OS interfering).

    In summary, SMM is a way to run a bunch of non-free code that probably does a worse job than your OS does in most cases, but is occasionally helpful (it's how your laptop prevents random userspace from overwriting your firmware, for instance). And since the RAM that contains the SMM code is hidden from the OS, there's no way to audit what it does. Unsurprisingly, it's an interesting vector to insert malware into - you could configure it so that a process can trigger SMM and then have the resulting SMM code find that process's credentials structure and change it so it's running as root.

    And that's what Dmytro has done - he's written code that sits in that hidden area of RAM and can be triggered to modify the state of the running OS. But he's modified his own firmware in order to do that, which isn't something that's possible without finding an existing vulnerability in either the OS or (or more recently, and) the firmware. It's an excellent demonstration that what we knew to be theoretically possible is practically possible, but it's not evidence of such a backdoor being widely deployed.

    What would that evidence look like? It's more difficult to analyse binary code than source, but it would still be possible to trace firmware to observe everything that's dropped into the SMM RAM area and pull it apart. Sufficiently subtle backdoors would still be hard to find, but enough effort would probably uncover them. A PC motherboard vendor managed to leave the source code to their firmware on an open FTP server and copies leaked into the wild - if there's a ubiquitous backdoor, we'd expect to see it there.

    But still, the fact that system firmware is mostly entirely closed is still a problem in engendering trust - the means to inspect large quantities binary code for vulnerabilities is still beyond the vast majority of skilled developers, let alone the average user. Free firmware such as Coreboot gets part way to solving this but still doesn't solve the case of the pre-flashed firmware being backdoored and then installing the backdoor into any new firmware you flash.

    This specific case may be based on a misunderstanding of Dmytro's work, but figuring out ways to make it easier for users to trust that their firmware is tamper free is going to be increasingly important over the next few years. I have some ideas in that area and I hope to have them working in the near future.

    comment count unavailable comments
    Rilis Fedora 22
    Akhirnya Fedora 22 di Rilis Langsung saja download di getfedora.org, pilih versi yang sesuai dengan kebutuhan anda, untuk pengguna rumahan yang dipilih adalah Workstation. Perubahan yang paling terlihat adalah hilangnya YUM dari Fedora 22, digantikan oleh DNF. Untuk upgrade dari Fedora 21 ke Fedora 22 bisa mengikuti langkah-langkah di Upgrading Fedora using yum
    Running Vagrant on Fedora 22

    Fedora 22 comes with a lot of great features and having Vagrant with libvirt support is one of them. Don’t know what Vagrant is good for? Vagrant is a program that enables you to create portable and reproducible development environments easily supporting many hosts and guests operating systems and various features such as synced folders, forwarded ports and support for famous provisioners such as Chef, Puppet or Ansible. And that’s still not everything. You can configure Vagrant to use Linux containers (Docker support is baked in) or famous cloud services so you don’t even have to run your development virtual machine on your computer.

    Installing Vagrant

    To install plain Vagrant package, run:

    # dnf install vagrant
    

    This will install base Vagrant package which is what you want in case you only need to use Vagrant with Docker or provider that is currently not directly supported in Fedora such as VirtualBox. This is esentially a stripped down Vagrant that does not come with any plugins.

    # dnf install vagrant-libvirt
    

    Run the above mentioned command if you wish to use Vagrant with QEMU/KVM virtualization via libvirt (recommended as this is what we can support). It will install base Vagrant package and vagrant-libvirt plugin. If you would also like to avoid typing password everytime you virtualize something from Vagrant, download also vagrant-libvirt-doc sub-package and run the following to allow vagrant group to manage libvirt without authentication:

    # dnf install vagrant-libvirt-doc
    # cp /usr/share/vagrant/gems/doc/vagrant-libvirt-0.0.26/polkit/10-vagrant-libvirt.rules /usr/share/polkit-1/rules.d/
    

    And finally, if you prefer lxc to Docker, you can install vagrant-lxc plugin as well by running:

    # dnf install vagrant-lxc
    

    Vagrant for older Fedoras

    Not running Fedora 22 yet? Packages have been already back-ported to Fedora 21 as well and are available for quite some time in the official repositories. And if you are running RHEL or CentOS, look at my Copr repository that contains a vagrant1 software collection.

    Upstream packages

    We packaged Vagrant as we wanted to see an easier way of installing and using Vagrant in Fedora, especially together with vagrant-libvirt provider. Our packages provide streightforward installation and updates for Vagrant and unlike from the RPMs provided by upstream we do not bundle Vagrant dependencies. This has however one limitation that we are unable to resolve; at the moment we don’t support uploading custom boxes to Atlas (official Vagrant cloud) as we are not shipping an internal Vagrant plugins that provide this functionality. This is due to the fact that upstream decided to use RubyEncoder binaries that we cannot ship in Fedora because of their licensing. Please note that this does not affect downloading images from Atlas. If you need uploading as well, you have to grab and install the upstream package (which is also available as RPM).

    Getting started

    If you don’t know Vagrant yet, you will need to spend a few minutes understanding how to setup your development environment. The first part is to understant what Vagrant boxes and Vagrantfiles are. Boxes are provider-specific images with some metadata and Vagrantfiles are configuration files of your projects. To set up an environment you need to create a Vagrantfile in the root directory of the project. Here is an example of minimal, rather empty, Vagrantfile:

    Vagrant.configure(2) do |config|
      config.vm.box = "fedora-22"
    end
    

    As you can see, Vagrantfile is just a regular Ruby file that let’s you use Vagrant DSL to define your development environment. In our minimal example we set only ‘box’ parameter to define our Vagrant box. With this we can already tell Vagrant to virtualize our new development environment by running vagrant up. Dependending on our default provider (libvirt in Fedora, VirtualBox in upstream), Vagrant will try to create and boot up the virtual machine. It will also configure your environment by few default options like rsyncing your project’s directory to /vagrant on the newly created guest.

    This is of course just the beginning. There is really a lot of options how to further set up your project’s development environment and they are mostly provider specific, so read your provider’s documentation just after going through official one. A good start for defining the environment for your first project will be a default Vagrantfile which will be generated for you after running vagrant init. It contains a lot of commented-out options alongside with their descriptions that should help you to define your configuration quickly.

    Another great way is to study Vagrantfiles for open-source projects; for instance OpenShift origin has one as well as Ruby on Rails upstream.

    Getting a box

    As I mentioned above, you won’t make it far without Vagrant boxes. Luckily, Vagrantfiles can be written in a way that fetching boxes happen automatically. This is either because the box is hosted in Atlas and Vagrant would automatically download the boxes from there by matching the username/box pattern, or by specifying config.vm.box_url option in Vagrantfile that sets the URL to the box. Because of this, new project developers don’t need to do more than installing Vagrant, checking out source code with accompying Vagrantfile and running vagrant up. Not to say that they can invoke the command on any supported platform (including various Linuxes, Mac OS and Windows).

    In case you need to pick a box for your project, you can find one on Atlas, which is the official place for hosting boxes, or you can already try the upcoming official Fedora Cloud boxes. If you need something specific, you can always build your box from scratch. For that you might find veewee a helpful tool.

    Sometimes it’s more convinient to base off your environment on a box with just basic OS installation since it’s easier to get for the others and the maintainence happens only regarding the provisioning process in Vagrantfile, but you can always create a box that is already provisioned and it’s way faster to boot up. For this, vagrant package --output mynew.box command might come in handy, since it can create a new box based on the current, already provisioned, state.

    In our minimal example, Vagrant expects a box named ‘fedora-22′ already added. To do so, we can download the prelease box and add it (boxes come with a .box extension, but that’s not a hard requirement):

    $ vagrant box add Fedora-Cloud-Base-Vagrant-22-20150521.x86_64.vagrant-libvirt.box --name fedora-22
    

    Development process

    Now that we have a minimal Vagrantfile in our project’s directory and box added, we are truly ready to run vagrant up to boot up our machine. Once that finishes, our project’s directory should be available at /vagrant inside our VM. That happened without any configuration, since a few things are default for any Vagrantfile. We are able to change it or add other shared folders later. To log inside we run vagrant ssh to log in as the vagrant user with sudo access (otherwise vagrant ssh-config shows us the IP we need) and we can develop the project as we would normally do on our host.

    One thing that you notice is that our shared folder is not automatically synced. Vagrant sync them using rsync only at start up and when running vagrant rsync. To avoid that we can run vagrant rsync-auto which will do the syncing automatically as long as the command keep running. But if you find rsync somehow cumbersome, you can set up NFS, which is way faster.

    Our example is completely simplified as Vagrant let’s you create a multi-machine envorinment, set up networking between the nodes, forward ports to host, and more.

    Once finished with your changes, just vagrant halt the machine. You can always come back and run vagrant up to bring it back. If you want to remove the VM, run vagrant destroy. Very simple and keeps your host system clean. As it might have crossed your mind, Vagrant VMs are pretty much normal VMs so you can manage them via other software such as virt-manager. That’s true, but Vagrant associates some state with each machine so I suggest to administer them with Vagrant only. You can use virt-manager to open the graphical user interface or remove the domain if you won’t be able to do so using Vagrant though.

    More on Vagrant

    As this article can’t take you through everything there is about Vagrant, here you can find additinal resources to go though:

    And here are people from the Fedora community whose blogs can help you to get up and running with Vagrant on Fedora (please mention yourself in the comments if you blog about Vagrant too):

    May 26, 2015

    Video: Fedora 22 MATE Desktop OpenVZ container on release day

    If you didn't notice, Fedora 22 was released today. Today I refreshed the Fedora 22 OS Template I made for OpenVZ and uploaded it to contrib. For fun, I thought I'd build a MATE Desktop GUI container right in front of your eyes... and then connect to it via x2go. Enjoy!

    <video controls="controls" height="532" poster="/files/vp9/openvz-fedora22-mate-container.png" preload="none" src="/files/vp9/openvz-fedora22-mate-container.webm" width="1024"></video>

    For those with iFrame issues, here's a direct link to the webm video:
    openvz-fedora22-mate-container.webm

    You can pretty much use the same recipe for other desktop environments. The only thing you want to avoid are desktop environments that require accelerated 3D because those won't work over x2go. Which desktops use that? GNOME and Plasma 5... Cinnamon probably... and if you were on Ubuntu, Unity. XFCE, MATE, OpenBox, LXQT, etc work fine... although I haven't tried them all.

    read more

    All systems go
    Service 'COPR Build System' now has status: good: Everything seems to be working.
    Fedora 22 aarch64 virt-builder image

    Fedora 22 was released today for x86, and almost simultaneously for aarch64. I have already built a virt-builder image, so you can install it immediately (either on real hardware or under virtualization on x86):

    $ virt-builder --arch aarch64 fedora-22
    

    To boot this on x86, use a slightly modified version of the instructions from here:

    $ wget http://libguestfs.org/download/builder/fedora-22-aarch64-nvram.xz
    $ unxz fedora-22-aarch64-nvram.xz
    $ qemu-system-aarch64 -nodefconfig -nodefaults -display none \
        -M virt -cpu cortex-a57 -machine accel=tcg \
        -m 2048 \
        -drive if=pflash,format=raw,file=/usr/share/edk2.git/aarch64/QEMU_EFI-pflash.raw,readonly \
        -drive if=pflash,format=raw,file=fedora-22-aarch64-nvram \
        -device virtio-scsi-device,id=scsi \
        -drive file=fedora-22.img,format=raw,if=none,id=hd0 \
        -device scsi-hd,drive=hd0 \
        -netdev user,id=usernet \
        -device virtio-net-device,netdev=usernet \
        -serial stdio
    
    

    Intro to Fedora Hubs

    It’s the first week of my summer internship at Red Hat, and one of the projects I’m working on is creating mockups for a new application called Fedora Hubs. As best as I understand it from my perspective as an extreme newcomer, the idea behind Fedora Hubs is that it will be a sort of social networking site based on the Fedora Account System that will integrate all sorts of sites and applications across the Fedora community, including things such as mailing lists, blog posts, and ticket tracking. The purpose behind the creation of this network is to lower the bar and make it easier for new contributors to get off the ground and start getting involved in Fedora.

    What I’ve been working on so far is taking some interface designs that Mo, the senior interaction designer on the fedora team, has created and adapting them to think about what workflows and interactions might look like from the perspective of an admin creating a new hub.

    When I started thinking about what that process should look like, I was initially kind of confused. I don’t have a super technical background or any experience with any of the applications Fedora Hubs is aiming to integrate, so I didn’t have any ideas of which workflows I could imitate for this design. So I started sketching! The header image above is my whiteboard sketches that led me to the ideas for my mockup, but the full version (with my notes actually readable!) is also included below.

    mockup_sketch

    Once I started writing things out on the whiteboard, I quickly realized that the setup for a complicated object like the hubs easily got cluttered and confusing. Then I started thinking about different ways to make the layout as self-explanatory as possible, and decided to use Mo’s design as a starting point and have the admin hub creation view look as similar to the final product as possible, in an attempt to keep things as simple as possible for everyone. Once I had the whiteboard sketch above, I started transferring my ideas over into Inkscape so that the designs could be a little more legible and usable.mockup_newhubAs you can see from this mockup, I took Mo’s design and simply replaced every widget or display area with an editor. That way, the final layout will be visible in the editor mode, and since most of the widget areas only require a few pieces of information for setup, the design won’t end up overly bloated by the visual layout.

    Starting from the top of the mockup and working my way down, the header area of the hub is customizable by the admin, with a smaller logo, a larger background banner image, and the name of the hub as simply text, reminiscent of the way Facebook/Twitter handles this.

    Below that, the welcome message area would be a description of the hub and an explanation of the sort of work that the group tends to do. This correlates with the library, found at the top of the right sidebar. In the brainstorm meeting on 5/21, one topic that came up was the idea of having “pinned” topics (like might be found on a discussion forum) in addition to, or as part of, the welcome banner area. But one potential issue that was noted was that these pinned posts tend to add up quickly and can clutter the layout of the site, especially for returning or experienced users who may not need to view these posts more than once. Moving the pinned posts to the top of the sidebar was strategized as a method to keep them in a prominent position for new users who need them as a reference without compromising the usability of the hub for other users. I picked out the name ‘library’ since it would simply be a collection of links to posts on various sites.

    As can be seen in each widget area, there’s a small text box in which to  input the necessary information for ‘syncing’ each type of widget. I wasn’t sure about how much information was needed for each widget, but I figured technical details can be refined further along in the design process by working with people who are actually familiar with the system the hubs will be running on. Special cases like syncing a private mailing list will also be considered then.

    There are a few widgets that the admin panel will default to including – an IRC channel, a Hyperkitty mailing list, and probably a few others. The admin can of course remove these widgets as well as adding new ones; below is the basic interaction for adding new widgets to the hub.mockup_newhubwidgetThe idea here is that the dialogue to add a widget will pop up in a modal. The admin can then select the type of widget they wish to add from a dropdown menu, and then advance to the next page, which of course is dependent upon which type of widget was selected in the first page. The widget is then added to the hub layout. There are ‘add a widget’ buttons in both the body of the page and in the sidebar, so layout can be controlled by the admin in this way.

    The final interaction I worked on was the ability to control who else is a hub admin. Since group member status is based on the FAS account, I initially assumed that hub admins would be set in the FAS account as well. But a discussion with Mo led me to realize that since hub admin duties are distinct from group admin duties, and also that there may not always be a one-to-one correlation between both the types of admins and the hubs/groups overall, I needed to think of a design for this case as well.

    mockup_newhubadminI used the idea of the modal for this idea as well. Here, you can remove current admins and add new ones, by searching for users on Fedora Hubs and selecting the correct person. Things that still need to be considered are things such as, if people should be allowed to delete themselves as hub administrators, or how the flow should appear if someone tried to add an admin who was not currently a member of the group.

    Overall, though, these designs are what I’ve been working on for the past few days. I’m very excited to be able to learn more about the project, refine these layouts, and move forward with the project as a whole.


    Actions S900-based 64 bit development board

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="312" src="https://www.youtube.com/embed/hBMJfQZ-liY?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="500"></iframe>

    Never heard of the company or of their 64 bit ARM SoC, but there is a press release here.


    Fedora Workstation 22 is out!

    So we just got the second Fedora Workstation release out the door, and I am quite happy with it, we had quite a few last minute hardware issues pop up, but due to the hard work of the team we where able to get them fixed in time for todays release.

    Every release we do is of course the result of both work we do as part of the Fedora Workstation team, but we also rely on a lot of other people upstream. I would like to especially call out Laurent Pinchart, who is the upstream maintainer of the UVC driver, who fixed a bug we discovered with some built in webcams on newer laptops. So thank you Laurent! So for any users of the Toshiba z20t Portege laptop, your rear camera now works thanks to Laurent :)

    Having a relatively short development cycle this release doesn’t contain huge amounts of major changes, but our team did manage to sneak in a few nice new features. As you can see from this blog entry from Allan Day the notification area re-design that he and Florian worked on landed. It is a huge improvement in my opinion and will let us continue polishing the notification behavior of applications going forward.

    We have a bunch of improvements to the Nautilus file manager thanks to the work of Carlos Soriano. Recommend reading through his blog as there is a quite sizeable collection of smaller fixes and improvements he was able to push through.

    Another thing we got properly resolved for Fedora Workstation 22 is installing it in Boxes. Boxes is our easy to use virtual machine manager which we are putting resources into to make a great developer companion. So while this is a smaller fix for Boxes and Fedora, we have some great Boxes features lining up for the next Fedora release, so stayed tuned for more on that in another blog post.

    Wayland support is also marching forward with this release. The GDM session you get upon installing Fedora Workstation 22 will now default to Wayland, but fall back to X if there is an issue. It is a first step towards migrating the default session to Wayland. We still have some work to do there to get the Wayland session perfect, but we are closing the gap rapidly. Jonas Ådahl and Owen Taylor is pushing that effort forward.

    Related to Wayland we introduce libinput as the backend for both X and Wayland in this release. While we shipped libinput in Fedora 21, when we wrote libinput we did so with Wayland as the primary target, yet at the same time we realized that we didn’t want to maintain two separate input systems going forward, so in this release also X.org uses libinput for input. This means we have one library to work on now that will improve input in both your Wayland session and X sessions.

    This is also the first release featuring the new Adwaita theme for Qt. This release supports Qt4, but we hope to support Qt5 in an upcoming Fedora release and also include a dark variant of the theme for Qt applications. Martin Briza has been leading that effort.

    Another nice little feature addition this release is the notification of long running jobs in the terminal. It was a feature we wanted to do from early on in the Fedora Workstation process, but it took quite some while to figure out the fine details for how we wanted to do it. Basically it means you no longer need to check in with your open terminals to see if a job has completed, instead you are now getting a notification. So you can for instance start a compile and then not have to think about it again until you get the notification. We are still tweaking the notifications a little bit for this one, to make sure we cut down the amount of unhelpful notifications to an absolute minimum, so if you have feedback on how we can improve this feature we be happy to hear it. For example we are thinking about turning off the notification for UI applications launched from a terminal.

    Anyway, we have a lot of features in the pipeline now for Fedora Workstation 23 since quite a few of the items planned for Fedora Workstation 22 didn’t get completed in time, so I am looking forward to writing a blog informing you about those soon.

    You can also read about this release in Fedora Magazine.

    statscache - thoughts on a new Fedora Infrastructure backend service

    We've been working on a new backend service called statscache. It's not even close to done, but it has gotten to the point that it deserves an introduction.

    A little preamble: the Fedora Infrastructure team runs ~40 web services. Community ongoings are channeled through irc meetings (for which we have a bot), wiki pages (which we host), and more. Packages are built in our buildsystem. QA feedback goes through lots of channels, but particularly the updates system. There are lots of systems with many heterogenous interfaces. About three years ago, we started linking them all together with a common message bus on the backend and this has granted us a handful of advantages. One of them is that we now have a common history for all Fedora development activity (and to a lesser extent, community activity).

    There is a web interface to this common history called datagrepper. Here are some example queries to get the feel for it:

    On top of this history API, we can build other things -- the first of which was the release engineering dashboard. It is a pure html/js app -- it has no backend server components of its own (no python) -- it directs your browser to make many different queries to the datagrepper API. It 1) asks for all the recent message types for X, Y, and Z categories, 2) locally filters out the irrelevant ones, and 3) tries to render only the latest events.

    It is arguably useful. QA likes it so they can see what new things are available to test. In the future, perhaps the websites team can use it to get the latest AMIs for images uploaded to amazon, so they can in turn update getfedora.org.

    It is arguably slow. I mean, that thing really crawls when you try to load the page and we've already put some tweaks in place to try to make it incrementally faster. We need a new architecture.

    Enter statscache. The releng dash is pulling raw data from the server to the browser, and then computing some 'latest values' from there to display. Why don't we compute and cache those latest values in a server-side service instead? This way they'll be ready and available for snappy delivery to web clients and we won't have to stress out the master archive DB with all those queries trawling for gems.

    @rtnpro and I have been working on it for the past few months and have a nice basis for the framework. It can currently cache some rudimentary stuff and most of the releng-dash information, but we have big plans. It is pluggable -- so if there's a new "thing you want to know about", you can write a statscache plugin for it, install it, and we'll start tracking that statistics over time. There are all sorts of metrics -- both the well understood kind and the half-baked kind -- that we can track and have available for visualization.

    We can then plug those graphs in as widgets to the larger Fedora Hubs effort we're embarking on (visit the wiki page to learn about it). Imagine user profile pages there with nice d3.js graphs of personal and aggregate community activity. Something in the style of the calendar of contributions graph that GitHub puts on user profile pages would be a perfect fit (but for Fedora activity -- not GitHub activity).

    Check out the code:

    At this point we need:

    • New plugins of all kinds. What kinds of running stats/metrics would be interesting?
    • By writing plugins that will flex the API of the framework, we want to find edge cases that cannot be easily coded. With those we can in turn adjust the framework now -- early -- instead of 6 months from now when we have other code relying on this.
    • A set of example visualizations would be nice. I don't think statscache should host or serve the visualization, but it will help to build a few toy ones in an examples/ directory to make sure the statscache API can be used sanely. We've been doing this with a statscache branch of the releng dash repo.
    • Unit/functional test cases. We have some, but could use more.
    • Stress testing. With a handful of plugins, how much does the backend suffer under load?
    • Plugin discovery. It would be nice to have an API endpoint we can query to find out what plugins are installed and active on the server.
    • Chrome around the web interface? It currently serves only JSON responses, but a nice little documentation page that will introduce a new user to the API would be good (kind of like datagrepper itself).
    • A deployment plan. We're pretty good at doing this now so it shouldn't be problematic.
    Fedora 22 will contain some fc21 packages

    If you update your Fedora 22 install using DNF on the command line, you may notice that some of the packages that are downloaded and installed still have the release label of fc21 in the package name. For example, if you install or update GitPython on Fedora 22, you will get the following package:

    GitPython-0.3.2-0.7.RC1.fc21.noarch.rpm
    

    While some other packages have the fc22 label, like the main git package:

    git-2.4.0-1.fc22.x86_64.rpm
    

    .. and this is perfectly all right. Usually, for a new release, the entire Fedora package set is rebuilt. This time around, however, there wasn’t enough time in the Fedora 22 cycle for this “mass rebuild” as it’s called. These packages from Fedora 21 will not cause any issues in your Fedora 22 installations at all. So, if you do run dnf commands and notice these in the transactions, please do not let them worry you.

    If you do have questions, please ask the community at http://ask.fedoraproject.org!

    Status of ASUS X550ZE laptop
    I updated a status report for aiming a full out of box experience for ASUS X550 family laptop. It is a AMD Kaveri powered laptop featuring Dual Radeon GPU. Known issues are missing functional hotkeys (Fn), broken webcam support and lack of optimized power management.
    Exploration page

    Broken pipeline, an outdated bundler and a worthless ISP had all made their plans to bury me. In spite of everything, I am glad  I was finally able to deploy on openshift. You can check out the latest demo here

    I have been working on the exploration page. I have added sorting options to the page. Now the user has options of sorting them based on most rated, most forked, most followed etc. I wish I could tell you that it was easy to join three tables, group them with project id, order with issue count and comment count, where issue is closed and created at time is less than 10 days. It wasn’t! In case you are wondering what might be the length of the query:

    Project.joins(“LEFT OUTER JOIN comments
    ON comments.polycomment_id = projects.id
    AND comments.polycomment_type=’project’
    LEFT OUTER JOIN issues ON issues.project_id = projects.id
    AND issues.status=1″)
    .where(‘comments.created_at > ?
    OR issues.updated_at > ?’, 10.days.ago, 10.days.ago)
    .group(‘projects.id’)
    .order(‘count(comments.polycomment_id)+4*count(issues.project_id)
    desc’)

    I made a few more improvements like adding image of projects and links to fork, follow and blame. It needs some more work. I have to add testing and possibly fix the layout.

    I am also working on authorization. We decided to go with cancancan.

    Oh did I mention that my contribution is almost 6k lines now? And today is only the second day of the official coding period.


    Color Pallete
    This is the finalized color palette that I am using for the mockups in Inkscape and I will be adhering to this while I start coding the mockups.


    Fedora 22 Design Suite ready
    For artists and designers (i.e. graphics and web), Fedora 22 Design Suite is now available and received a new website located on https://labs.fedoraproject.org/en/design-suite/ . Listed features from the wiki:

    • Now based on Fedora Workstation media.
    • Addition of Sparkleshares, PDF Mod and Shutter applications.
    • Inclusion of plugins for Blender (Lux Render and YaFaRay) and Inkscape (Sozi and Table).
    • Latest versions of Entangle (0.7.0) and Inkscape (0.91)
    • Gimp gained a new G'Mic plugin replacing Greycstation as default.
    • Two shortcut icons for documentation of both Design Suite and Design Team
    • Updated the list of tutorials related to design
    Users preferring installing  Fedora Workstation from network can add Design Suite category from the installer.
    Server SIG Weekly Meeting Minutes (2015-05-26)

    <html> <head> <meta content="text/html;charset=UTF-8" http-equiv="Content-type"/>
    <style type="text/css"> /* This is for the .html in the HTML2 writer */ body { font-family: Helvetica, sans-serif; font-size:14px; } h1 { text-align: center; } a { color:navy; text-decoration: none; border-bottom:1px dotted navy; } a:hover { text-decoration:none; border-bottom: 0; color:#0000B9; } hr { border: 1px solid #ccc; } /* The (nick, time) item pairs, and other body text things. */ .details { font-size: 12px; font-weight:bold; } /* The 'AGREED:', 'IDEA', etc, prefix to lines. */ .itemtype { font-style: normal; /* un-italics it */ font-weight: bold; } /* Example: change single item types. Capitalized command name. /* .TOPIC { color:navy; } */ /* .AGREED { color:lime; } */ </style>

    </head> <body>

    #fedora-meeting-1: Server SIG Weekly Meeting (2015-05-26)

    Meeting started by sgallagh at 15:01:35 UTC (full logs).

    Meeting summary

    1. roll call (sgallagh, 15:01:43)
    2. Agenda (sgallagh, 15:07:17)
      1. Agenda Item: File-sharing Role (sgallagh, 15:07:32)
      2. Agenda Item: Stable API Documentation (sgallagh, 15:07:41)
      3. Agenda Item: Dependency Chain Reduction (sgallagh, 15:07:54)

    3. File-sharing Role (sgallagh, 15:09:31)
      1. Seems like an interesting proposal, but resources to work on it are lacking. Volunteers greatly wanted! (sgallagh, 15:35:05)

    4. Stable API Documentation (sgallagh, 15:35:30)
      1. ACTION: sgallagh to talk with Fedora Docs (sgallagh, 15:40:30)
      2. Volunteers wanted to sort through the dependency chain mess and locate waste. (sgallagh, 15:43:59)

    5. Open Floor (sgallagh, 15:52:51)
      1. Congratulations on the F22 release! (sgallagh, 15:53:15)

    Meeting ended at 15:56:44 UTC (full logs).

    Action items

    1. sgallagh to talk with Fedora Docs

    Action items, by person

    1. sgallagh
      1. sgallagh to talk with Fedora Docs

    People present (lines said)

    1. sgallagh (77)
    2. mitr (8)
    3. stefw (8)
    4. zodbot (6)
    5. andreasn (5)
    6. nirik (1)
    7. tuanta (1)
    8. adamw (0)
    9. danofsatx (0)
    10. simo (0)
    11. mizmo (0)

    Generated by MeetBot 0.1.4. </body></html>

    Sortie de Fedora 22

    En ce mardi 26 mai 2015, le projet Fedora est fier d’annoncer la sortie de la distribution GNU/Linux Fedora 22. Cette version introduit des mises à jour des environnements de bureaux populaires : GNOME 3.16, KDE Plasma 5.3 et Xfce 4.12. Ces versions apportent beaucoup de finitions esthétiques comme des thèmes mieux finis ou les notifications retravaillées.

    Gnome-Shell_bureau.png

    Fedora en profite pour y introduire dans ces programmes la préparation de l'arrivée de Wayland. Rappel, Wayland est un protocole graphique destiné à remplacer X11 pour la gestion des fenêtres et des périphériques. Encore instable, il sera activé par défaut dans le gestionnaire de connexion de Gnome (GDM) et la gestion des souris, claviers, touchpads et autres passera par libinput (lié à Wayland) au lieu de X11. L'objectif est de préparer la mise à disposition de Wayland par défaut dans Fedora 23, avec XWayland de disponible pour les applications non compatibles.

    Sinon deux nouveaux environnements font leur apparition : LXQt et qtile. Le premier se veut être le pendant de LXDE à savoir léger et très minimaliste en utilisant la bibliothèque Qt. Quant au second, c'est un gestionnaire de fenêtre pavant très personnalisable à l'aide du langage Python.

    Un meilleur support des langues non-latines est proposé notamment avec des polices et méthodes de saisis orientés pour certaines langues indiennes. Mais aussi la plupart des langages de programmations améliorent leur support d'Unicode : glibc, Perl 5.20 et Ruby 2.2. Pour les développeurs GCC 5.1 est disponible qui est une version majeure qui rompt la compatibilité de l'ABI C++, Fedora a fait le choix que l'ancienne ABI est utilisée pour cette version par défaut.

    Côté administration système, nous noterons surtout le remplacement de Yum par DNF. DNF en est une réécriture complète qui améliore grandement les performances par l'usage de bibliothèques externes pour la gestion des dépendances et des dépôts. Si les deux programmes se ressemblent, les options divergent quelque peu. Cette page listant les principales différences. L'application Yum redirige vers DNF.

    Un assistant de migration a été ajouté pour aider les personnes à effectuer les mises à jour des programmes et de leur configuration de Fedora 21 à 22 par exemple. Une suite d'utilitaires aide à concevoir une BDD avec PostgreSQL, d'autres rôles similaires à venir seront à prévoir pour simplifier l'usage serveur de la distribution. Le serveur DNS Bind passe en version 9.10 qui améliore grandement les possibilités de sécurité et les performances.

    Pour finir, l'informatique dans les nuages progresse. Au menu l'ajout de Vagrant pour simplifier le déploiement d'images destinées aux tests ou au développement. Puis la mise à disposition de Fedora Atomic Host pour simplifier le déploiement d'applications sécurisées en couplant Docker et SELinux.

    Et bien d'autres nouveautés encore !

    Liens

    Dépêche sous licence CC BY-SA

    Fedora 22 virt-builder image

    Fedora 22 has been released. And there is a virt-builder cloud image available:

    $ virt-builder fedora-22
    $ virt-install --import --name test-f22 \
        --ram 2048 --disk path=fedora-22.img,format=raw \
        --os-variant fedora21
    

    Fedora 22 is out!
    Fedora 22 is out today!!!

    get your new Version of the Fedora Security Lab  here:

    https://labs.fedoraproject.org/de/security/

    Thanks to all who helped to make it happen!
    Fedora 22 released and available now

    We are proud to announce the official release of Fedora 22, the community-driven and community-built operating system now available in Cloud, Server, and Workstation editions.

    If that’s all you need to hear, jump over to Get Fedora to download — or for current users, run the upgrade tool.

    In addition to the latest versions of all your favorite free and open source software, Fedora 22 marks our second release with distinctly-targeted offerings for cloud computing, the server room, and the desktops and laptops of software developers and creators everywhere. Thanks to the hard work of developers, designers, packagers, translators, testers, documentation writers, and everyone else, we’re incredibly confident in saying that this is our best and most polished release yet.

    Also with this release, we return to our traditional six-month cadence — we’ll see you back here sometime around Halloween!

    Highlights in the Fedora 22 release

    Every Fedora release has its own character. If this release had a human analogue, it’d be Fedora 21 after it’d been to college, landed a good job, and kept its New Year’s Resolution to go to the gym on a regular basis. What we’re saying is that Fedora 22 has built on the foundation we laid with Fedora 21 and the work to create distinct editions of Fedora focused on the desktop, server, and cloud (respectively). It’s not radically different, but there are a fair amount of new features coupled with features we’ve already introduced but have improved for Fedora 22.

    Fedora Cloud

    Fedora 22 Cloud edition has a number of interesting updates that should be exciting for users and developers.

    • Updated Docker Images – The Fedora 22 release includes updated Docker images that you can use as the base of your containerized applications.
    • Vagrant Boxes – One of the oft-requested features for Fedora is an “official” Vagrant box that developers can use to spin up images using the popular Vagrant tool for building development environments. With the Fedora 22 release we now offer Vagrant Boxes for libvirt and VirtualBox, so developers on Linux, Mac OS X, and Windows can spin up Fedora-based development environments with ease. Users can choose a Vagrant box for Fedora 22 Atomic Host and Fedora 22 Cloud base edition.
    • Atomic Improvements – Fedora 22 Atomic Host includes a number of interesting improvements, including the Atomic command, updated Docker, Kubernetes, Flannel, and rpm-ostree packages.
    • Dockerfiles – Fedora 22 also includes a fedora-dockerfiles package (and up-to-date git repository) for building applications with the base Fedora 22 Dockerfile and additional packages.

    Fedora Server

    • Database Server Role. The Fedora Server edition focuses on easy of different server roles. Fedora 21 debuted with an Domain Controller Role featuring FreeIPA. For this release, we’ve added a Database Server role, built around PostgreSQL.
    • Default to XFS filesystem. The default file system type for Fedora Server installs will be XFS running atop LVM for all partitions except /boot. The /boot partition will remain a non-LVM, ext4 partition due to technological limitations of the bootloader.
    • Cockpit will be compatible between OS releases. Cockpit is a server manager that makes it easy to administer your GNU/Linux servers via a web browser.
      • Easy to use. Cockpit is perfect for new sysadmins, allowing them to easily perform simple tasks such as storage administration, inspecting journals and starting and stopping services.
      • No interference. Jumping between the terminal and the web tool is no problem. A service started via Cockpit can be stopped via the terminal. Likewise, if an error occurs in the terminal, it can be seen in the Cockpit journal interface.
      • Multi-server. You can monitor and administer several servers at the same time.

    Fedora Workstation

    • Better notifications. Thanks both to work done in GNOME 3.16 and other projects like the Automatic Bug Reporting Tool (ABRT), notifications keep you better informed, but interfere less with your work. They now appear anchored to the center of the top bar, and no longer cover up the bottom of the screen where you are often reading a terminal or browser. An unobtrusive marker appears in the calendar to let you know you have unread notifications. If ABRT detects a serious bug, a friendly notification appears and allows you to report the bug information, but doesn’t overload you with details. And if you’re a serious Terminal user, longer background jobs now notify you when they’re done, so you can get on with other work and pick up the results when you’re ready.
    • Refined themes. The GNOME Shell and other themes and design are refined and improved. Now you can more easily identify information on the screen, adjust window size and placement, and navigate your files and folders. Improved bridging between desktop environment themes allows apps from other environments like KDE to look and feel more like native apps as they’re updated to take advantage of this feature. Standard scrollbars have been replaced by a minimal, overlaid indicator, while a scrollbar trough is shown when needed. This create a cleaner, less distracting view which helps you focus on window content. These “overlay scrollbars” are also better suited to mouse scroll wheels and touchpad scrolling.
    • Application improvements
      • Software. The Software app has more and better data than ever before, and makes it easy for you to find a wide variety of useful free software. It also makes keeping your system up to date a snap. The Software app also can install all sorts of extras such as fonts or media helpers.
      • Files. The updated layout in Files gives a better view of your files and folders, and a new view popover makes it easy to change the zoom level and sort order from a single place. You can also now move files and folders to the trash intuitively using the Delete key, rather than the Ctrl+Delete keyboard combination.
      • Image Viewer. The Image Viewer has been redesigned to reduce the amount of window chrome and give more space to images.
      • Boxes. The user interface for Boxes, the application for virtual and remote machines, has a large number of improvements, including new preferences dialogs, a revamped box creation assistant, a feature to send keyboard shortcuts to a box, and display scaling by default.
      • Vagrant. Developers will appreciate the addition of software development environment software Vagrant into Fedora — it’ll work using our included virtualization technology, with no need to install third-party virtualization (like VirtualBox). Use this to work on top of the Cloud images mentioned above, or launch your own Vagrant boxes.

    Spins, Labs, and ARM

    Spins are alternative desktop environments for Fedora, including KDE, Xfce, LXDE, MATE-Compiz, and SOAS (Sugar on a Stick). We have a new website presenting these at https://spins.fedoraproject.org/. Of particular note for F22:

    Fedora 22 KDE Plasma

    Plasma 5, the successor to KDE Plasma 4, is now the default workspace in the Fedora KDE spin. It has a new theme called Breeze, which has cleaner visuals and better readability, improves certain work-flows and provides overall more consistent and polished interface. Changes under the hood include switch to Qt 5 and KDE Frameworks 5 and migration to a fully hardware-accelerated graphics stack based on OpenGL(ES).

    Fedora 22 Xfce

    The Xfce spin has been updated to Xfce 4.12. This release has an enormous number of improvements, including HiDPI support, improvements to window tiling, support for Gtk3 plugins, and many improvements for multi-monitor support.

    Fedora Labs

    We also have a new site, presenting functional bundles of software which were previously also collected as Spins. Visit https://labs.fedoraproject.org/ for collections focusing on gaming, audio production, robotics, security, and more.

    ARM Architecture

    Previously, images for the ARM architecture were mixed into the Spins page. They now have their own home at https://arm.fedoraproject.org/, with downloads for Fedora Server, Fedora Workstation, and for several Spins as well.

    Other changes of note

    Faster and better dependency management with DNF

    With Fedora 22, we’re introducing a major change under the hood. Specifically, we’re now using DNF and hawkey to manage packages. DNF is much like the Yum software package manager (it’s largely command-line compatible), but re-written and re-engineered to provide optimal performance and (along with Hawkey) provide a strict API definition for plugins and extending projects. DNF also makes use of the libsolv library initially pioneered by the openSUSE Project to provide faster and better dependency management.

    It also boasts a better performance and memory footprint vs. Yum, and is designed to have a cleaner codebase and be easier to maintain.

    If you’re using the Fedora 22 Workstation edition, and managing packages with the Software Application, odds are you won’t notice a difference. Server and Cloud users who fall back on Yum commands will receive a reminder (courtesy of dnf-yum) that Yum is deprecated and DNF is now the default package manager. DNF has been in development for quite some time, so we’re confident it’s ready for prime time. The classic Yum command line tool has been renamed to yum-deprecated as a transitional step for tools still using it. See Read The Docs for compatibility changes from Yum to DNF in detail.

    Elasticsearch

    Elasticsearch is full-featured and very popular self-standing open source indexing server, and now it’s available by with just a yum install elasticsearch — no, wait, make that dnf install elasticsearch!

    GNU Compiler Collection 5

    Fedora 22 comes with GCC 5.1 as the primary compiler suite.

    Downloads, upgrades, documentation, and common bugs

    You can start by downloading Fedora 22:

    https://getfedora.org/

    If you are upgrading from a previous release of Fedora, refer to:

    http://fedoraproject.org/wiki/Upgrading

    Fedora’s FedUp utility enables an easy upgrade to Fedora 22 from previous releases. See the FedUp page on the Fedora wiki for more information:

    https://fedoraproject.org/wiki/FedUp

    Documentation

    Read the full release notes for Fedora 22, guides for several languages, and learn about known bugs and how to report new ones:

    http://docs.fedoraproject.org/

    Fedora 22 common bugs are documented at:

    http://fedoraproject.org/wiki/Common_F22_bugs

    This page includes information on several known non-blocker bugs in Fedora 22. Please be sure to read it before installing!

    Are you getting dac_override AVC message?

    Some time ago, Dan Walsh wrote “Why doesn’t SELinux give me the full path in an error message?” blog related to DAC_OVERRIDE capability.

    “According to SELinux By Example. DAC_OVERRIDE allows a process to ignore Discretionary Access Controls including access lists.”

    In Fedora 22, we have still a quite large number of DAC_OVERRIDE allowed by default. You can check it using

    $ sesearch -A -p dac_override -C |grep -v ^DT |wc -l
    387

    So the question is if they are still needed. Basically most of them have been added because of a bad ownership of files/directories located in /var/lib, /var/log, /var/cache directories. But as you probably realize, we just “mask” bugs in applications and open backdoors in the Fedora SELinux policy.

    For this reason, we want to introduce a new Fedora 23 feature to remove these capabilities where it is possible.

    Let’s test it on the following real example:

    $ sesearch -A -s psad_t -t psad_t -c capability
    Found 1 semantic av rules:
    allow psad_t psad_t : capability { dac_override setgid setuid net_admin net_raw } ;

    $ ls -ldZ /var/lib/psad /var/log/psad /var/run/psad /etc/psad/
    drwxr-xr-x. 3 root root system_u:object_r:psad_etc_t:s0 4096 May 26 12:40 /etc/psad/
    drwxr-xr-x. 2 root root system_u:object_r:psad_var_lib_t:s0 4096 May 26 12:35 /var/lib/psad
    drwxr-xr-x. 4 root root system_u:object_r:psad_var_log_t:s0 4096 May 26 12:47 /var/log/psad
    drwxr-xr-x. 2 root root system_u:object_r:psad_var_run_t:s0 100 May 26 12:44 /var/run/psad

    $ ps -efZ |grep psad
    system_u:system_r:psad_t:s0 root 25461 1 0 12:44 ? 00:00:00 /usr/bin/perl -w /usr/sbin/psad
    system_u:system_r:psad_t:s0 root 25466 1 0 12:44 ? 00:00:00 /usr/sbin/psadwatchd -c /etc/psad/psad.con
    f

    which looks correct. So is dac_override really needed for psad_t? How could I check it?

    On my Fedora 23 system, I run with

    $ cat dacoverride.cil
    (typeattributeset cil_gen_require domain)
    (auditallow domain self (capability (dac_override)))

    policy module which audits all dac_override as granted in /var/log/audit/audit.log if they are needed.

    For example I see

    type=AVC msg=audit(1432639909.704:380132): avc: granted { dac_override } for pid=28878 comm="sudo" capability=1 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tclass=capability

    which is expected. But I don’t see it for psad_t if I try to use it. So this is probably a bug in the policy and dac_override should be removed for psad_t. Also we should ask psad maintainers for their agreement.

    And what happens if you go with the following ownership change

    $ ls -ldZ /var/log/psad/
    drwxr-xr-x. 4 mgrepl mgrepl system_u:object_r:psad_var_log_t:s0 4096 May 26 13:53 /var/log/psad/

    ? You get

    type=AVC msg=audit(1432641212.164:380373): avc: granted { dac_override } for pid=30333 comm="psad" capability=1 scontext=system_u:system_r:psad_t:s0 tcontext=system_u:system_r:psad_t:s0 tclass=capability

     

     


    New websites for Fedora 22

    I’m pretty happy today, not only because we have an awesome Fedora release but also because we published three new websites:

    We started not long time ago, just a few days after F22 Beta release and it was challenging to finish all the work for these websites, collect informations from Spin SIGs, get legal approval, make new translation resources and and and.

    A hard work, and I was happy to have some mockups made by Mairin Duffy (aka mizmo) who helped me a lot from a design POV.  Also, after having set up the websites, Yader Velasquez helped out to add stuff and made some nice sections, this was really helpful and I hope he will continue working on the websites also in the future ;)

    So we have finally a new spins.fedoraproject.org website, the actual one was really bad during the last release and Spins needed a new home. We decided to promote only Desktop Spins on this website and to give end users more “look and feel” of what they get if they install one of these. The result is pretty nice and for now also Spin SIGs seem to appreciate the work.

    Schermata da 2015-05-26 13:15:06

    The other, more functional spins, also have their new website and as many of them are called Labs we decided to make a new labs.fedoraproject.org website. The structure is similar to spins, just a few things are different. I was surprised how many goals we can achieve with these functional spins, and I think now that we show more featured applications for every single spin, users will try them out more than in the past.

    Schermata da 2015-05-26 13:20:36

     

    What about ARM? Yeah, ARM is primary and deserved an own website too, so for all ARM images arm.fedoraproject.org is the place you want to go if you need these Fedora images. A very simple but functional one-pager, and I hope ARM folks will also appreciate it.

    Schermata da 2015-05-26 13:21:06

     

    All websites, same as for getfedora.org and start.fedoraproject.org, now are mobile friendly and should work with all devices. We did some tests, but we have so many images, links, scripts etc. now, I fear there could be something missed. In this case please file a ticket in our websites trac at https://fedorahosted.org/fedora-websites/

    Enjoy the new websites and happy Fedora 22 to all!

    Fedora 22 and missing applications

    Quite a few people are going to be installing Fedora 22 in the coming days, searching for things in the software center and not finding what they want. This is because some applications still don’t ship AppData files, which have become compulsory for this release. So far, over 53% of applications shipped in Fedora ship the required software center metadata, up from the original 12% in Fedora 21. If you don’t like this, you can either use dnf to install the package on the command line, or set gsettings set org.gnome.software require-appdata false. If you want to see your application in the software center in the future, please file a bug either upstream or downstream (I’ve already filed a lot of upstream bugs) or even better write the metadata and get it installed either upstream tarball or downstream in the Fedora package. Most upstream and downstream maintainers have shipped the extra software center information, but some others might need a little reminder about it from users.

    Major service disruption
    Service 'COPR Build System' now has status: major: Network issues in PHX - Copr queue jobs, but is not processing the queue. We are working on this issue.
    All systems go
    Service 'COPR Build System' now has status: good: Everything seems to be working.
    Major service disruption
    Service 'COPR Build System' now has status: major: Network issues in PHX - Copr queue jobs, but is not processing the queue. We are working on this issue.
    Major service disruption
    Service 'COPR Build System' now has status: major: Network issues
    Answer page and Sign in page mockups for Askbot
    Answer Page Desktop View Mockups



































    Answer Page Mobile View Mockups


    Sign in page Desktop view mockups

































    Sign in Page Mobile view mockups


    xfce4-power-manager updated to 1.5.0

    Xfce4-power-manager version 1.5.0 was released today and I have updated that for rawhide and F22. Apart from bug fixes, there are one or two nice UI changes (shown in the screenshots).


























    As always, if you encounter any bugs with this update, please submit a bug report on the bugzilla.

    Cheers.

    May 25, 2015

    impress, right click, insert image




    Added "insert image" to right click context menu in impress.
    A Linux proud history – 15 years ago and the Brazilian ATM

    Some time ago i passed by in one of the bank agencies of a brazilian south bank, called Banrisul, and see a change, the ATM’s are evolving. The ATM’s are changing for modern code, and i don’t know what they are using now, but is the past that is the history itself.

    Most of old Linux guys remember that as one of the firsts bank ATM done in Linux in the world ( or at least the first openly shown ) was made here in this bank, here’s a picture from the wonderful article of John MadDog Hall in this Linux Journal article. ( I hope he will not bother that i’m citing him here ).

     

    The Banrisul

    The Banrisul “Tux” ATM, picture from John MadDog Hall

     

    The history i want to share with you is how that “marble Tux” happens. Yes, it was a production machine that you see in the picture and was running in every place in Brazil for at least 10 years.

    So, a 25 years old boy, in this case me, the guy typing now,  who was working in a ILOG graphical toolkit partner suddenly decide to look for Linux jobs, it was out of university for 1 year, but was already infected for the open source and Linux for more than 3 years, and thought it can be done.

    Lucky me, that there was a company locally in Curitiba, hiring Linux guys, for a short time prototype project in C, and was the chance i foresse to enter in linux job world for good. This company was Conectiva, and then, this prototype end up to be my first job in the company, mostly at this time, was a universe confluence, since all the players involved, the bank through  the manager, Carlos Eduardo Wagner, the corporate development manager from Conectiva, João Luis Barbosa and the PERTO ATM company, moving to Linux, all believing that could be done.

    And then, they need the suicide guys, meaning me and Ruben Trancoso which made the mainframe comm network stack.

    To resume, 3 months, four different ATM’s with their original specific DOS code, one barely new ATM designed to be first time used in this project by PERTO, and that’s it.

    We didn’t had much requisites that time, mostly keep the same original face and make it work. On the verge of everything, we made the base code been ported quickly, but still, was 2000, and linux graphics stack and licensing still not heavily clarified. qt was out of question, Gtk was not suitable for the older environments. Aside other toolkits, i decided go on X11 pure code, which at least took one layer of code bug testing on our side, despite the inherent difficulty and from a guy that get used already on C++ toolkits ( Ilog Views, today now owned by IBM ).

    But worked, it paid the efforts, then one day, comes the day where the manager sit downs on your side and say: “We have a big meeting with bank directors to show the prototype, is it ready ?”. The interface was already exactly the same as the older DOS interfaces, and that’s our initial target.

    The answer from me was a sound yes, from Ruben as well, but i asked if i could “pimp up” the interface a little. Was a demo anyway, and not need to be the final result.  Just don’t told what i will be doing, since i have some idea, but not THE FINAL idea.

    So, i pick up gimp, pick the Conectiva logo, and then put on top right, as a proud developer of his company, and to show that it done by us, here, in Brazil. I know this would be for testing, never would go to production.

    And for some reason as most aesthetically possible for a developer, the lower left corner was visibly empty, unbalanced, could have something else there, but couldn’t be too “loud” in terms of graphics, so i decided that an emboss figure could be ok’ish. And i start to drumming my fingers and i heard someone around the office saying something ..Linux…, and again, …Linux word, so i though that need to be something Linux related, obviously. But there are no Linux text logo, no official at least, the only thing was Tux. Then i placed that embossed Tux, proud myself that at least me, my coleagues and some guys at Banrisul will see what we achieved. Again, i know that was for demo day an in production, the clean face would be back.

    Then the day of demo and approval came. My manager from Banrisul came back, and say everyone was happy with the results, everything worked as expected, with only one single remarks. ( i was expecting already ), the logo need be gone.

    The CONECTIVA logo.

    No one single remark over that embossed shadow Tux there.

    And then again, the machine gone to a bank office to real public test, again, no remark of Tux logo, some people outside even noticed the penguin.

    The rest is history, i left Banrisul after the work and back to Conectiva engineering and KDE  and several other Conectiva staff went there to finish the code that known better than me, polish or remove old DOS tidbits, and 15 years later, still you can see some TUX happily providing money and services for customers.

    I remember the day John MadDog took that picture in one FISL, i remember a crazy Miguel de Icaza jumping over the machine taking pictures as well on FISL. Banrisul was smart in place a machine right aside the stairs of the entrance of FISL where thousands of geek was passing daily in ever conference.

    Never intended, well executed 😀

    May 24, 2015

    Activities from Mon, 18 May 2015 to Sun, 24 May 2015

    Activities

    Activities Amount Diff to previous week
    Badges awarded 722 +02.85%
    Builds 10490 -19.80%
    Copr build completed 2406 -35.18%
    Copr build started 2469 -33.65%
    Edit on the wiki 1262 +127.80%
    FAS user created 99 -09.17%
    Meeting completed 31 +06.90%
    Meeting started 30 +03.45%
    New packages 116 +12.62%
    Posts on the planet 55 +10.00%
    Retired packages 0 NA
    Updates to stable 433 +10.18%
    Updates to testing 517 -10.86%

    Top contributors of the week

    Activites Contributors
    Badges awarded iplavvia (14), rajkrish (7), aysabzevar (6)
    Builds sharkcz (2757), karsten (2703), pbrobinson (2328)
    Copr build completed rhscl (416), asamalik (371), msuchy (145)
    Copr build started rhscl (435), asamalik (387), msuchy (152)
    Edit on the wiki kparal (132), pwhalen (120), pschindl (92)
    Meeting completed sgallagh (11), dgilmore (10), nirik (9)
    Meeting started jreznik (3), banas (2), kushal (2)
    New packages  
    Posts on the planet admin (7), sgallagh (6), atodorov (2)
    Retired packages  
    Updates to stable rdieter (44), remi (23), ralph (19)
    Updates to testing remi (57), jchaloup (22), robert (15)
    Fedora 21 chrooted on an aarch64 Nexus 9

    fedora

    A while back I bought a Nexus 9, mainly because it has a weird processor that emulates a 64 bit ARM (aarch64). Google seem to have abandoned this platform entirely, just 6 months after I got it, so fuck you too Google. Anyway here’s how I installed a Fedora 21 aarch64 chroot on the device, using virt-builder and virt-tar-out and a bunch of unnecessary hassle.

    First I ran virt-builder, which takes under a minute to produce a Fedora 21 aarch64 disk image. I then used virt-tar-out to convert all the files in that disk image into a tar file:

    $ virt-builder --arch aarch64 fedora-21
    $ virt-tar-out -a fedora-21.img / chroot.tar
    

    Copy this file over to the N9, and unpack it. I have rooted my N9, so I can do this as root to preserve all the permissions etc:

    # mkdir root
    # cd root
    # tar -xf /sdcard/Download/chroot.tar
    # cd ..
    

    And how can there not be a tar utility in Android?? I had to build a static ‘tar’ for aarch64 using my existing aarch64 server, to run the above command. And and and how can there be no chroot utility either!? I ended up compiling that myself too yada yada.

    After all that you can do:

    # mount -o bind /dev root/dev
    # mount -o bind /proc root/proc
    # mount -o bind /sys root/sys
    # PATH=/usr/bin:/bin LD_PRELOAD= chroot root /bin/bash
    

    which gives me at least a Fedora 21 shell on Android.

    Edit: A few further notes:

    1. When setting up a non-root user account inside the chroot, give it the same UID, GID and groups as the ordinary non-privileged Android user account. In particular it must be in the inet group, else network access is blocked.
    2. You may need to set up /etc/resolv.conf by hand in the chroot.

    Attention Fedora 22 prerelease users

    Just a note for everyone/anyone who installed Fedora 22 from anything before the Release Candidate (RC) composes: (If you install from the final release on tuesday you are not affected of course):

    Before this point the updates-testing repository was enabled and you very likely installed some things from it if you did any installs or updates after you installed. A fedora-release update came along and disabled this repo now, so you have packages from it installed, but that repo is no longer enabled. This can show up as weird issues around mismatched devel packages or other strange looking dependency issues.

    Please do one of the following if you see any such issues:

    1. You can re-enable updates-testing and help us test updates. See: https://fedoraproject.org/wiki/How_to_test_updates

    or

    2. You can run a ‘dnf distro-sync’ and downgrade your packages to all the correct versions available in updates and the base repo.

    New domain: remirepo.net

    When I open this web site in 2005, I simply use the famillecollet.com domain I own since 2000.

    With the growing success of the repository, I thought it was time to use its own domain: remirepo.net

    So, now:

    Of couse, old addresses are still reachable, without any time limit planed.

    Inkscape Mockups for Askbot
    Askbot User Profile page desktop view mockup


     




































    Askbot User Profile page mobile view mockups


    Askbot Ask Question page desktop view mockups



    Askbot Ask Question page mobile view mockups





    How to quickly migrate mail from Evolution to Thunderbird with Dovecot

    Fedora 22 is just around the corner and while upgrading my machine, I decided to completely ditch Gnome’s Evolution in favor of Mozilla Thunderbird. I had already switched a while back, but still had tons of mail in an old local Evolution account I wanted to migrate.

    Unfortunately all HowTos I found on the web assume Evolution would store mail in the mbox format, while it switched to maildir in version 3.2.0. MozillaZine suggests to first convert maildir to mbox and then import the resulting files with the ImportExportTools extension. Why so cumbersome if there is the excellent Dovecot IMAP server that can read both maildir and mbox?

    Migrating mail with Dovecot is straight forward. Quit Evolution and install dovecot:

    yum install dovecot

    Then set it to use Evolution’s local storage as mail location:

    echo "mail_location = maildir:~/.local/share/evolution/mail/local/" \
     >> /etc/dovecot/conf.d/10-mail.conf
    service dovecot start

    Fire up Thunderbird, configure a new account for your user on localhost and copy over all mail from this account to the “Local folders”. There you go!

    May 23, 2015

    Nvidia driver modeset kernel module

    As part of the latest Nvidia driver update at version 352.09, there is now code supporting a new nvidia-modeset kernel module that should be running on a system and that interfaces with the usual nvidia kernel module.

    Evidence of this is in the kernel module sources and in the nvidia-modprobe command code that is hosted in Github.

    From the nv-modeset-interface.h header in the kernel module “sources”:

    /*
     * This file defines the interface between the nvidia.ko and
     * nvidia-modeset.ko Linux kernel modules.
     *
     * A minor device file from nvidia.ko's pool is dedicated to
     * nvidia-modeset.ko.  nvidia-modeset.ko registers with nvidia.ko by
     * calling nvidia_register_module() and providing its file operation
     * callback functions.
     *
     * Later, nvidia-modeset.ko calls nvidia.ko's nvidia_get_rm_ops()
     * function to get the RMAPI function pointers which it will need.
     */

    Let’s hope that modesetting support in the driver is near and we will not have to wait additional years for it. Also, let’s hope that the firmware images required for the latest hardware on Nouveau will be released soon, without further delays.

    As soon as it will be delivered, I will implement it in the packages according to the driver table in the repository page.

    Steam for CentOS / RHEL 7

    The Steam repository now contains the Steam client package plus the S3 texture compression library for Open Source drivers for CentOS and Red Hat Enterprise Linux 7.

    The CentOS/RHEL repository contains also all the SteamOS session files and binaries for running a Steam-only system, like the Fedora ones. As the Fedora packages, the main client is 32 bit only, so when running on 64 bit systems, make sure to load also your 32 bit libraries if you are running on proprietary drivers or the S3 texture compression library if you are running on a 64 bit system. Work on Valve’s X-Box kernel module for CentOS/RHEL is ongoing; as in its current form there are unresolved symbols.

    As part of the update, also the Fedora X-Box kernel module has additional fixes on top of Valve’s code.

    I will also add the packages to RPMFusion when a CentOS/RHEL 7 branch will eventually be available.

    For full details see the repository page.

    centos-steam2

    centos-steam3

    AskFedora Pages/Flow

    Video: LXD containers vs. KVM

    Since I'm such a big container fan (been using them on Linux since 2005) and I recently blogged about Docker, LXC, and OpenVZ... how could I pass up posting this? Some Canonical guys gave a presentation at the recent OpenStack Summit on "LXD vs. KVM". What is LXD? It is basically a management service for LXC that supposedly adds a lot of the features LXC was missing... and is much easier to use. For a couple of years now Canonical has shown an interest in LXC and has supposedly be doing a lot of development work around them. I wonder what specifically? They almost seem like the only company who is interested in LXC.. or at least they are putting forth a publicly noticeable effort around them.

    Why Should You Care?
    If Canonical can actually deliver on their LXD roadmap it is possible that it will be a suitable substitute for OpenVZ. The main "problem" with OpenVZ is that it is not in the mainline kernel, whereas LXC is. In practice you have to purposefully make an OpenVZ host (currently recommended on RHEL6 or clone) but with LXC/LXD any contemporary Linux system should be able to do full-distro containers... aka containers everywhere for everyone.

    How About a Roadmap
    Where is LXD now? Well, so far it seems to be mostly a technology preview available in Ubuntu 15.04 with the target "usable and production ready" release slated for the next Ubuntu LTS release (16.04)... which if you weren't familiar with their numbering scheme is 2016 April.

    That's about a year away, right... so what do they still have left to do? If you go to about 23:30 in the video you'll get to the "Roadmap" section. They have work to do on storage, networking, resource management and usage reporting, and live migration. A bit of that falls within the OpenStack context... integrating with various OpenStack components so containers will be more in parity with VMs for OpenStack users... but still, that's quite a bit of work.

    The main thing I care about absolutely being there is isolation and resource management which are really the killer features of OpenVZ. So far as I can tell, LXD does not offer read-only base images and layering like Docker... so that would be an area for improvement I would suggest. BTW they are using CRIU for checkpointing and live migration... thanks Parallels/OpenVZ!

    Certainly LXD won't really make it no matter how good it is until it is available in more Linux distributions than just Ubuntu. In a video interview a while back (which I don't have the link handy for at the moment) Mark Shuttleworth stated that he hopes and expects to see LXD in other distributions. One of the first distros I hope to see with LXD is Fedora and that's the reason I tagged this post appropriately.

    Broadening the Echosystem
    Historically I've been a bit of an anti-Canonical person but thinking more about it recently and taking the emotion out of it... I do wish Ubuntu success because we definitely need more FLOSS companies doing well financially in the market... and I think Red Hat (and OpenVZ) will have an incentive to do better. Competition is good, right? Anyway, enjoy the video. BTW, everything they tout as a benefit of LXD over KVM (density, speed of startup, scalability, etc) is also true of OpenVZ for almost a decade now.

    <iframe allowfullscreen="allowfullscreen" frameborder="0" height="480" src="https://www.youtube-nocookie.com/embed/90oxad2r8_E?rel=0" width="853"></iframe>

    For those with iFrame issues, here's the YouTube link: LXD vs. KVM

    Containers Should Contain
    Let's face it, Docker (in its current form) sucks. Why? Well, ok... Docker doesn't totally suck... because it is for applications and not a full system... but if a container doesn't contain, it isn't a container. That's just how language works. If you have an airplane that doesn't fly, it isn't an airplane, right? Docker should really say it is an "Uncontainer" or "Uncontained containers"... or better yet, just use a different word. What word? I'm not sure. Do you have any suggestions? (Email me: dowdle@montanalinux.org)

    What is containment? For me it is really isolation and resource control. If a container doesn't do that well, call it something else. OpenVZ is a container. No, really. It contains. OpenVZ didn't start life using the word container. On day one they were calling them "Virtual Environments" (VEs). Then a year or two later they decided "Virtual Private Server" (VPS) was the preferred term. Some time after switching to VPS, VPS became quite ambiguous and used by hosting companies using hardware virtualization backends like Xen and VMware (KVM wasn't born yet or was still a baby). Then OpenVZ finally settled on the word "container".

    If you want a fairly good history of the birth and growth of OpenVZ over the years, see Kir's recent presentation.

    Hopefully LXD will live up to "container" but we'll have to wait and see.

    read more

    GSoC Update #3
    I had a meeting yesterday (22nd May 2015) at the #fedora-apps IRC channel with mentors Sarup Banskota and Suchakra Sharma. The purpose of the meeting was to revise my timeline and refine what I have included in the timeline into more specific sub tasks.  

    My actions items in this meeting were:

    • Analyse the flow of pages in askbot
    • Set up a staging instance to share work in progress
    • Creating mockups for the askbot pages
    You can see the minutes of the meeting at:
    http://meetbot.fedoraproject.org/fedora-apps/2015-05-22/fedora-apps.2015-05-22-17.10.log.html
    San Francisco Python Meetup Group ...
     ... Python Meetup is putting out a call for speakers:

    Meet other local Python Programming Language enthusiasts! Please join us on the second Wednesday of each month for a Presentation Night of intermediate and advanced Python talks. Please join us on the third Wednesday of each month for a Project Night of Python tutorials, mentors helping new and intermediate Python developers, sprints on Python projects, and developers working on their own projects.

    More about this www.meetup.com- sfpython.

    May 22, 2015

    Fedora 22 is “Go” for May 26!

    That’s right — the bits are heading out the door (and onto our mirror network)! Expect the official announcement around 10am US Eastern time Tuesday morning.

    Quick-Tipp: Man-Pages mit yelp lesen
    Bitte beachtet auch die Anmerkungen zu den HowTos!

    Vielen unbekannt, verfügt Gnome’s Betrachter für Hilfeseiten yelp über die Fähigkeit, man-pages anzuzeigen.

    Sofern yelp bereits geöffnet ist, kann man eine man-page ganz einfach über STRG-L und anschließend in dem Eingabefeld

    man:man-page

    eingeben.

    Alternativ kann man yelp auch direkt mit einer Man-Page aufrufen. Dazu einfach z.B. ALT+F2 drücken und anschließend

    yelp man:man-page

    eingeben.

    In beiden Fällen muss man-page natürlich durch die zu öffnende Man-Page ersetzt werden.