Fedora is a Trademark of Red Hat, Inc, an operating system built by volunteers around the world. This page is provided so that independent volunteers can showcase our contributions to Fedora and Free Software in general. Official Fedora Download page.

We Make Fedora

March 29, 2025

Kevin Fenzi Late March infra bits 2025

Another week, another saturday blog post.

Mass updates/reboots

We did another mass update/reboot cycle. We try and do these every so often, as the fedora release schedule permits. We usually do all our staging hosts on a monday, on tuesday a bunch of hosts that we can reboot without anyone really noticing (ie, we have HA/failover/other paths or the service is just something that we consume, like backups), and finally on wednsday we do everything else (hosts that do cause outages).

Things went pretty smoothly this time, I had several folks helping out this time and thats really nice. I have done them all by myself, but it takes a while. We also fixed a number of minor issues with hosts: serial consoles not working right and nbde not running correctly and also zabbix users being setup correctly locally. There was also a hosted server where reverse dns was wrong, causing ansible to have the wrong fqdn and messing up our update/reboot playbook. Thanks James, Greg and Pedro!

I also used this outage to upgrade our proxies from Fedora 40 to Fedora 41.

After that our distribution of instances is:

number / ansible_distribution_version

252 41

105 9.5

21 8.10

8 40

2 9

1 43

It's interesting that we now have 2.5x as many Fedora instances as RHEL. Although thats mostly the case due to all the builders being Fedora.

The Fedora 40 GA compose breakage

Last week we got very low on space on our main fedora_koji volume. This was mostly caused by the storage folks syncing all the content to the new datacenter, which meant that it kept snapshots as it was syncing.

In an effort to free space (before I found out there was nothing we could do but wait) I removed an old composes/40/ compose. This was the final compose for Fedora 40 before it was released and the reason in the past that we kept it was to allow us to make delta rpms more easily. It's the same content as the base GA stuff, but it's in one place instead of split between fedora and fedora-secondary trees. Unfortunately, there were some other folks using this. Internally they were using it for some things and iot also was using it to make their daily image updates.

Fortunately, I didn't actually fully delete it, I just copied it to an archive volume, so I was able to just point the old location to the archive and everyone should be happy now.

Just goes to show you if you setup something for yourself, often unknown to you others find it helpfull as well, so retiring things is hard. :(

New pagure.io DDoS

For the most part we are handling load ok now on pagure.io. I think this is mostly due to us adding a bunch of resources, tuning things to handle higher load and blocking some larger abusers.

However, on friday we got a new fun one: A number of ip's were crawling an old (large) git repo grabbing git blame on ever rev of every file. This wasn't causing a problem on the webserver or bandwith side, but instead causing problems for the database/git workers. Since they had to query the db on every one of those and get a bunch of old historical data, it saturated the cpus pretty handily. I blocked access to that old repo (thats not even used anymore) and that seemed to be that, but they may come back again doing the same thing. :(

We do have a investigation open for what we want to do long term. We are looking at anubis, rate limiting, mod_qos and other options.

I really suspect these folks are just gathering content which they plan to resell to AI companies for training. Then the AI company can just say they bought it from bobs scraping service and 'openwash' the issues. No proof of course, but just a suspicion.

Final freeze coming up

Finally the final freeze for Fedora 42 starts next tuesday, so we have been trying to land anything last minute. If you're a maintainer or contributor working on Fedora 42, do make sure you get everthing lined up before the freeze!

comments? additions? reactions?

As always, comment on mastodon: https://fosstodon.org/@nirik/114247602988630824

March 28, 2025

Jeremy Cline How artifacts are signed in Fedora

For the last few months, one of the things I’ve been working on in Fedora is adding support for SecureBoot on Arm64. The details of that work will be the subject of a later post, but as part of this work I’ve become somewhat familiar with the signing infrastructure in Fedora and how it works. This post introduces the various pieces of the current infrastructure, and how they fit together.

Signed?

Pretty much anything Fedora produces and distributes is digitally signed so users can verify it did, in fact, come from the Fedora project. Perhaps the most obvious example of this is the RPM packages Fedora produces. However, plenty of other artifacts are also signed, like OSTree commits.

Signing works using public-key cryptography. We have the private key that we need to keep secret, and we distribute the public keys to users so they can verify the artifact.

Robosignatory

Signing is (mostly) an automated process. A service, called robosignatory, connects to an AMQP message broker and subscribes to several message topics. When an artifact is created that needs signing, the creator of the artifact sends a message to the AMQP broker using one of these topics.

Robosignatory does not sign artifacts itself. It collects requests from various other services and submits them to the signing server on behalf of those systems. The signing server is the system that contains and protects the private keys.

Sigul

Sigul is the signing server that holds the private keys and performs signing operations. It is composed of three parts: the client, the bridge, and the server.

The Server

The Sigul server is designed to control access to signing keys and to provide a minimal attack surface. It does not behave like a traditional server in that it does not accept incoming network connections. Instead, it connects to the Sigul bridge, and the bridge forwards requests to it via that connection.

This allows the firewall to be configured to allow outgoing traffic to a single host, and to block all incoming connections. This does mean that the host cannot be managed via normal SSH operations. Instead this is done in Fedora via the host’s out-of-band management console.

Private keys are encrypted on disk. When users are granted access to keys, the key is encrypted for that particular user.

The Bridge

The Sigul bridge acts as a specialized proxy. Both the client and server connect to the bridge, and it forwards requests and responses between them.

Unlike the typical proxy, the Sigul bridge does a few interesting things. Firstly, it requires the client to authenticate via TLS certificates. The client then sends the bridge the request it wishes to make. The bridge forwards that request to the server. The bridge then expects the client and server to send an arbitrary amount of data to each other. This arbitrary data is framed as chunks and it forwards that data back and forth until an end of stream signal is sent by the server and client.

Finally, it forwards the server’s response to the client.

The Client

The client is a command-line interface that sends requests to the server via the bridge. This client can be used to create users and keys, grant and revoke access to keys, and request signatures in various formats. Robosignatory invokes the CLI to sign artifacts.

The client connects to the bridge as described above. After authenticating with the bridge and sending the request, it begins a second TLS connection configured with the Sigul server’s hostname, and sends and receives data on this connection over the TLS connection it has with the Sigul bridge. It relies on this inner TLS connection to send a set of session keys to the server without the bridge being able to intercept them. These session keys are used to sign the Sigul server’s responses so the client can be sure the bridge did not tamper with them.

After it has established a set of secrets with the server, the remainder of the interaction occurs over the TLS connection with the bridge, but since the responses are signed both the client and server can be confident the bridge has not tampered with the conversation.

Conclusion

It’s an interesting setup, and has served Fedora for many years. There is plenty of code in Sigul which dates back to 2009, not long after Python 2.6 was released with exciting new features like the standard library json module. It was likely developed for RHEL 5 which means Python 2.4.

Unfortunately, at least one of the libraries (python-nss) it depends on to work are not maintained and not in Fedora 42, so something will have to be done in the near future. Still, it’s not ready to sign off just yet.
! Avi Alkalay ¡ Modern Minimum Laptop

Now that people have a more independent and cloud-based set of work tools, they can finally consider leaving Windows behind and getting a better and cheaper laptop, like a MacBook Air.

“What? A MacBook Air cheaper than a Windows laptop? Impossible!”

Well, if you look in the Wintel (Windows + Intel) universe for a laptop with the same features as Apple’s entry-level laptop — the MacBook Air — the Wintel version will be more expensive.

A basic laptop today should have a 3K or 4K display (Full HD is already obsolete), solid-state storage, high-quality camera, microphone, and audio, and be thin, lightweight, and stylish. Most importantly, the battery should last all day. This last feature is not possible in Intel-based laptops, where, in practice, the battery lasts no more than 90 minutes. A modern laptop is used like a smartphone: unplugged from the outlet, carried around all day, and recharged while you have lunch or sleep.

So yes, you can find cheaper laptops, but they will have worse features than the minimum standard. They also use lower-quality components (camera, microphone, display) and outdated technology (storage, CPU).

Also on LinkedIn and Facebook.
Fedora Community Blog Infra and RelEng Update – Week 13 2025
This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

Week: 24 Mar – 28 Mar 2025

Infrastructure & Release Engineering

The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
Itâ€™s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
List of planned/in-progress issues

Fedora Infra
- In progress:
- Done:
CentOS Infra including CentOS CI
- In progress:
- Done:
Release Engineering
- In progress:
- Done:
If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

The post Infra and RelEng Update – Week 13 2025 appeared first on Fedora Community Blog.
Remi Collet 🎲 PHP version 8.3.20RC1 and 8.4.6RC1
Release Candidate versions are available in the testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for parallel installation, the perfect solution for such tests, and as base packages.

RPMs of PHP version 8.4.6RC1 are available
- as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
- as SCL in remi-test repository
RPMs of PHP version 8.3.20RC1 are available
- as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
- as SCL in remi-test repository
ℹ️ The packages are available for x86_64 and aarch64.

ℹ️ PHP version 8.2 is now in security mode only, so no more RC will be released.

ℹ️ Installation: follow the wizard instructions.

ℹ️ Announcements:
- PHP 8.4.6RC1 available for testing
- PHP 8.3.20RC1 available for testing
Parallel installation of version 8.4 as Software Collection:
```
yum --enablerepo=remi-test install php84
```
Parallel installation of version 8.3 as Software Collection:
```
yum --enablerepo=remi-test install php83
```
Update of system version 8.4:
```
dnf module switch-to php:remi-8.4
dnf --enablerepo=remi-modular-test update php\*
```
Update of system version 8.3:
```
dnf module switch-to php:remi-8.3
dnf --enablerepo=remi-modular-test update php\*
```
ℹ️ Notice:
- version 8.4.4RC2 is in Fedora rawhide for QA
- EL-10 packages are built using RHEL-10.0-beta and EPEL-10.0
- EL-9 packages are built using RHEL-9.5
- EL-8 packages are built using RHEL-8.10
- oci8 extension uses the RPM of the Oracle Instant Client version 23.7 on x86_64 and aarch64
- intl extension uses libicu 74.2
- RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
- versions 8.3.18 and 8.4.5 are planed for March 13th, in 2 weeks.
Software Collections (php83, php84)

Base packages (php)

March 26, 2025

Richard W.M. Jones Graphical differences between two disk images

I was investigating possible disk corruption when copying a disk image between servers, but needed a way to visualise what might be happening. The disk image is tens of gigabytes, so looking at it in hexdump wasn’t a lot of fun. A little Python to the rescue instead:

#!/usr/bin/python3

from PIL import Image, ImageColor

import nbd
h1 = nbd.NBD()
h2 = nbd.NBD()

original = "original.qcow2";
copied = "copied.qcow2";

blksize = 4096
zero_block = bytearray(blksize)

width = 4096
output = "output.png"
red = ImageColor.getrgb("red")
green = ImageColor.getrgb("green")
blue = ImageColor.getrgb("blue")
white = ImageColor.getrgb("white")
black = ImageColor.getrgb("black")

# Open original disk image.
h1.connect_systemd_socket_activation(["qemu-nbd", "-f", "qcow2", original])

# Open copied disk image.
h2.connect_systemd_socket_activation(["qemu-nbd", "-f", "qcow2", copied])

assert(h1.get_size() <= h2.get_size())

# Open the output visualisation.
height = int(h1.get_size() / blksize / width) + 1
image = Image.new("RGB", (width, height), white)

# Iterate over the blocks of each.
x = 0
y = 0
for i in range(0, h1.get_size(), blksize):
    b1 = h1.pread(blksize, i)
    b2 = h2.pread(blksize, i)
    if b1 == b2:
        # Same
        image.putpixel((x, y), green)
    elif b1 != zero_block and b2 == zero_block:
        # Zeroed
        image.putpixel((x, y), black)
    else:
        # Different but not zeroed
        image.putpixel((x, y), red)
    x = x+1
    if x == width:
        x = 0
        y = y+1
        print("%d/%d\r" % (y, height), end='')

print()
image.save(output)
print("Saved to %s" % output)

h1.close()
h2.close()

The resulting image showed that stretches of the disk were getting zeroed out during the copy (which was definitely not supposed to happen).

March 25, 2025

Peter Czanik Nightly arm64 syslog-ng container builds are now available

Recently we enabled nightly syslog-ng builds and container builds for arm64. It means that from now on, you can run the latest syslog-ng on 64bit ARM platforms.

Before you begin

For this test, I used a Raspberry Pi 3 running the latest Raspberry Pi OS. As I use Podman everywhere else (I am an openSUSE / Fedora guy), I also installed it here for container management.

Running syslog-ng nightly in a container

Support for arm64 was added after the last syslog-ng release, which means that by the time of writing this blog, there is no arm64 syslog-ng package available for the latest release, only for the nightly builds. Make sure that you use the “nightly” tag, otherwise Podman will download an x86 image (well, at least until the next release), and complain about wrong architecture only at the end.

This first command will download the container image from the Docker hub and print some syslog-ng version information. Note that the registry host name is also included, as the Podman package does not come with a pre-configured registry.

root@raspberrypi:~# podman run -ti docker.io/balabit/syslog-ng:nightly -V
Trying to pull docker.io/balabit/syslog-ng:nightly...
Getting image source signatures
Copying blob 52daf8b0f06f done  
[...]
Starting syslog-ng with params: -V
syslog-ng 4 (4.8.1.224.g600b1e8)
Config version: 4.2
Installer-Version: 4.8.1.224.g600b1e8
Revision: 4.8.1.224.g600b1e8-snapshot+20250313T232005
Compile-Date: Mar 13 2025 23:20:05
Module-Directory: /usr/lib/syslog-ng/4.8
Module-Path: /usr/lib/syslog-ng/4.8
Include-Path: /usr/share/syslog-ng/include
Available-Modules: otel,map-value-pairs,afamqp,bigquery,tags-parser,kafka,rate-limit-filter,loki,afsmtp,json-plugin,affile,redis,sdjournal,clickhouse,afsnmp,secure-logging,afstomp,afmongodb,afsocket,mqtt,disk-buffer,mod-python,graphite,kvformat,afsql,timestamp,examples,metrics-probe,geoip2-plugin,linux-kmsg-format,riemann,cryptofuncs,http,cloud_auth,correlation,pacctformat,pseudofile,afuser,tfgetent,confgen,hook-commands,add-contextual-data,basicfuncs,regexp-parser,afprog,stardate,csvparser,azure-auth-header,syslogformat,appmodel,system-source,cef,xml
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Stackdump: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on

The following command starts syslog-ng with the default configuration running in the foreground and printing debug messages on the terminal. Creating a proper syslog-ng configuration and setting up storage is not in the scope of this blog, but using this setup you can still verify that syslog-ng works as expected:

root@raspberrypi:~# podman run -it -p 514:514/udp -p 601:601 --name syslog-ng docker.io/balabit/syslog-ng:nightly -edv

At the end of many lines of debug messages you should see sever lines indicating that syslog-ng is ready to receive network connections. For example:

[2025-03-14T12:33:15.414977] Accepting connections; addr='AF_INET(0.0.0.0:601)'

Port 601 is expecting RFC5424 formatted log messages with octet counting over a TCP connection. You can send a test message using this command from another terminal:

logger -n 127.0.0.1 -P 601 -T --octet-count this is a test

On the terminal, where you run syslog-ng, you should see something similar in the debug logs:

[2025-03-14T12:38:08.805320] Syslog connection accepted; fd='19', client='AF_INET(10.88.0.1:59612)', local='AF_INET(0.0.0.0:601)'
[2025-03-14T12:38:08.806800] Incoming log entry; input='<13>1 2025-03-14T13:38:08.805035+01:00 raspberrypi root - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="319500"] this is a test', msg='0x7f93510000', rcptid='0'
[2025-03-14T12:38:08.806800] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='this is a test', marker='@cee:'
[2025-03-14T12:38:08.806800] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='this is a test', marker='@cim:'
[2025-03-14T12:38:08.831167] Initializing destination file writer; template='/var/log/messages', filename='/var/log/messages', symlink_as='(null)'
[2025-03-14T12:38:08.851750] Initializing destination file writer; template='/var/log/messages-kv.log', filename='/var/log/messages-kv.log', symlink_as='(null)'
[2025-03-14T12:38:08.852912] Syslog connection closed; fd='19', client='AF_INET(10.88.0.1:59612)', local='AF_INET(0.0.0.0:601)'
[2025-03-14T12:38:08.854588] Outgoing message; message='2025-03-14T13:38:08.805+01:00 host .SDATA.timeQuality.isSynced=1 .SDATA.timeQuality.syncAccuracy=319500 .SDATA.timeQuality.tzKnown=1 HOST=host HOST_FROM=host MESSAGE="this is a test" MSGFORMAT=rfc5424 PROGRAM=root SOURCE=s_network TRANSPORT=rfc6587\x0a'
[2025-03-14T12:38:08.854588] Outgoing message; message='Mar 14 13:38:08 host root: this is a test\x0a'

What is next?

As I mentioned earlier, in this blog we only made sure that syslog-ng can start on arm64 in a container and that it can collect log messages over the network. Depending on your environment you will also need to change the configuration and provide some disk space for collected log messages. If you give the nightly arm64 syslog-ng images a try, let us know about your experience!

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

March 24, 2025

Adam Young Diff between Code review versions
Bottom line up front: create a tag with each version of a code review you post, to be able to see changes between versions.

Git commits come in (at least) three flavors.

First is the personal flavor, where you commit to git in order to not lose some quantum of behavior you have just implemented. These commits are small, and may be breaking commits. They are not meant for upstream consumption in the long term.

Second is the upstream commit, a reasonable chunk of a code to review. While the overall patch-series (to use the LKML term) might still be multiple patches, each one is meant to be stand-alone reviewed, and probably should be a non-breaking patch that can be merged as is…provided all the pre-req patches get merges.

The third type of commit is a fix to a code review commit. Say a patch series is 5 patches long, and you are asked to make a change in the first patch in the series. When doing your work, the first thing you do is make that change and make sure it works, and commit it on the top of the stack. Typically that change means you do a git rebase -i HEAD~6 (or comparable) and reorder the patches so that the fix sits just above the original commit you want to fix. At this point, you can squash the original and fixing commits together.

When using gitlab or github, you can update an existing code review request (Merge Request or MR in gitlab, Pull Request or PR in Github) by doing some form of git push with the –force flag. Since both git services use a branch to represent the request, an update to the branch will create an update to the request.

The problem with this process is that the change gets lost. Say that the change was questionable, and you just wanted to try it out. A fellow developer on a different system has no way of reverting to the previous stage…they would need the private information on your system.

Another code review system that does not lose this information is Gerrit. I don’t wish to compare and contrast all of the various merits and drawbacks of Gerrit. Instead, I wish to focus in on the fact that a review is a top level concept in Gerrit, and each version of a review becomes its own branch. A version of a review is visible from the server and you can diff between two versions of a review. I would like to have the option to do something similar, but in gitlab or github.

It turns out that you can, but it requires more work on the part of the developer. After you push each version of a merge request, you tag it and push that tag. They you update the merge request conversation with links to that tag.

Obviously, this requires more effort on the part of the coder, but since you are essentially performing two operations each time you push, you can script it. We can write a script git-pushrev that does the following:
1. pushes the current head to gitlab with –force using the name of the current branch. Make sure you don;t use main or other protected branch.
2. tags the current head. The name of the tag should be related to the name of the branch, with a 3 digit index appended
3. push the current tag to git using git push tag <tagname>
The developer would need to then grab the tag and add it to the code review comments. However, if they forget to do this, the tag already exists and it could be looked up and posted in the future, or merely kept as a reference for later.

To see what work was done in a revision of a review, use git diff. For example, assuming a branch named code-review,
```
git diff code-review-000 code-review-001.
```
I have a project where I deleted a short file. Here is what I get:
```
ayoung@sut05sys-r112:~/testing/packaging$ git tag
plumbum-wip-0
plumbum-wip-1
ayoung@sut05sys-r112:~/testing/packaging$ git diff plumbum-wip-0 plumbum-wip-1
diff --git a/packaging/archive.py b/packaging/archive.py
deleted file mode 100644
index a3b2e94..0000000
--- a/packaging/archive.py
+++ /dev/null
@@ -1,6 +0,0 @@
-# Represents an archive to be built:  tar.gz, rpm, or comparable
-
-class Archive():
-    def __init__(self, kit_name, build_id, branch_tag, base_tag):
-        for key, value in locals().items():
-            setattr(self, key, value)
```
Alejandro Acosta Event report: Fedora @ SCaLE22x

The 22nd edition of the Southern California Linux Expo ,or SCaLE for short, has come to and end and Fedora project had presence as it has happened for most of the editions of this important event. A few months ago I was gathering information on the Fedora participation in SCaLE for the Fedora Contributors conference (Flock to Fedora, check abstract for that talk here)and I was able to collect documentation as far as its 4th edition back in 2006!!

Sounds easy, but that’s 19 out of 22 editions of the largest and most important community-run open source and free software conference in North America. Here’s a slide from my talk at Flock

A slide from my Flock 2024 talk regarding SCaLE

As always, it started months before conference’s day 1 with the not-so-fancy but very important work of planning. From surveying potential participants, create event wiki, estimate budget, contact organizers, requesting and receiving swag all the way to setting up the booth before the expo floor is open to attendees. The previous work itself gives us enough material for a separate article, or probably a grade thesis, maybe someday

The first day starts with co-located events. New and very interesting events where organized along the conference, like Planet Nix, Cloud Native days LA, OpenInfra days, to mention a few. Even when we were not able to have our long desired Fedora Activity Day, we had an opportunity to participate in the Fedora + CentOS classroom with our friends form CentOS and RedHat.

By the end of this day we had to setup our booth, as it needed to be ready for first day of expo on Friday. Having local people participating in the event is very important, not only helps with logistics but also with the little details that sometimes we take them for granted or don’t even notice them at all. Like Perry anticipating that the tablecloth may have come wrinkled due to handling, shipping or just being folded for long time and bringing a steamer from home. Well thought Perry!!

Setting up the booth

By the way, this year we shared or booth space with our CentOS friends. Being both (Fedora and CentOS ) projects with a lot of common ground, it made this year’s experience enriching not only for both projects participants but also for attendees, who had a more clear panoramic on what’s the role of each project.

Friday was over but we didn’t go straight to rest. Even though it was a busy day and we were beat tired, we wouldn’t be honoring our Fedora foundations if we do not invest quality time with our amigos, so we headed to a mediterranean cafÃ© to have dinner with friends from CentOS, RedHat and Fedora. I’m sorry I don’t have compeling -or at least more appealing- evidence but here’s a sample of my food

Talking about amigos, one of things I loved the most in this edition is that I had a re-encounter with my old friend, former Fedora contributor, former SCaLE staff and the person who talked me into attending my first SCaLE, my brother in the other side of the border, Larry Cafiero.

Larry is now a writer for fossforce.com and he asked me for a few words that he could use in one of his articles in my capacity of Fedora contributor and long time SCaLE attende. You may call it an interview, I call it the pleasure of spending time with Larry.

It is now Saturday, the busiest day in the expo hall as it is opened for the longest time and it is the day when most people attend the conference. It was ~~crazy~~ delightful from beginning to end, lots of visitors, increasing spanish speaking attendees, schools, companies, vendors, newbies, oldies, families, nerds, geeks,etc. In short, unique, valuable experiences to talk to people.

Saturday closed with Game Night, a much appreciated opportunity to sit down for a while, grab a sip and continue talking about nerd things while enjoying a game. As a new, this is the first time that I got food spilled on my jeans from an excited player. I guess it comes with the territory

Sunday is short, time for a wrap. Booth was lifted up, expo was closed. Fortunately there are a few other activities after the expo, like the much expected closing keynote. This time it was in charge of the Turing Award winning Leslie Lamport !!! The conference says that they’re always looking to bring these Â«legendsÂ» and they never disappoint. Leslie’s keynote was just delicious, delightful.

I usually don’t include a thank you section because I fear to leave someone out of my mentions, but I’m grateful for all of the people who made this edition a success. Thank you Perry Rivera for co-owning the event and for all the effort you put in the organization, during and after the event. Thank you Scott Williams, Brian Monroe and Ivan Chavero for the time and passion you put in booth duty. Shaun McCance and Carl George, it was a privilege sharing booth space and adventures with you. Thank you Justin and Jason, without your support we wouldn’t be able to make it. And finally, thank you Nick Bebout, we’re sorry you couldn’t finally make it to the event but we’re sure we will continue working on having you there and we appreciate and value your work during the organization.

See you next year at SCaLE !!!
Josef Strzibny Running JavaScript after a Turbo Stream renders
Turbo comes with turbo:before-stream-render but unfortunately doesn’t ship with the equivalent turbo:after-stream-render. Here’s how to run JavaScript after the stream renders.

Why we need this

If you are building your application with Hotwire, your Turbo streams will likely add, remove, and replace some HTML nodes. This mostly works except when you want to add HTML that comes with some JavaScript. Like a file picker, Trix editor, and the like.

Turbo itself won’t do anything about this. It’s a rather simple tool with simple purpose. JavaScript initialization should come with the HTML Turbo is about to add. Hotwire solves this with Stimulus.

The Hotwire way

The Hotwire answer to the problem is Stimulus controllers. Stimulus is build on top of MutationObserver which is a browser API providing the ability to watch for changes being made to the DOM.

When a Stimulus controller appears on the page, its connect method is called automatically. If our HTML doesn’t come with a Stimulus controller, we should create a new controller and put our initialization code inside its connect method:
```
// app/javascript/controllers/my_controller.js
import { Controller } from "@hotwired/stimulus"

export default class extends Controller {
  connect() {
    // Code to initialize something
  }
}
```
Then we simply add the controller to an element inside our Turbo Stream:
```
<turbo-stream>
  <div data-controller="my-controller">
  	Something that needs to be initialize with JavaScript.
  </div>
</turbo-stream>
```
When Stimulus is not an option

Sometimes Stimulus might not be what we want and we would love to have a Turbo Stream event to hook into anyways.

Luckily, Steve shared his little implementation of turbo:after-stream-render in this thread:
```
// application.js
const afterRenderEvent = new Event("turbo:after-stream-render");
addEventListener("turbo:before-stream-render", (event) => {
  const originalRender = event.detail.render

  event.detail.render = function (streamElement) {
    originalRender(streamElement)
    document.dispatchEvent(afterRenderEvent);
  }
})
```
As you can see, the idea is quite simple. We create a new custom Event and add an event listener for turbo:before-stream-render which already exist. We then run our event after we are done with original rendering.

To use it we create an event listener and paste the JavaScript that needs to run after rendering:
```
document.addEventListener("turbo:after-stream-render", () => {
  console.log("I will run after stream render")
});
```

March 22, 2025

Kevin Fenzi Mid Late March infra bits 2025

Fedora 42 Beta released

Fedora 42 Beta was released on tuesday. Thanks to everyone in the Fedora community that worked so hard on it. It looks to be a pretty nice relase, lots of things in it and working pretty reasonably already. Do take it for a spin if you like: https://fedoramagazine.org/announcing-fedora-linux-42-beta/

Of course with the Beta out the door, our infrastructure freeze is lifted and so I merged 11 PR's that were waiting for that on Wed. Also, next week we are going to get in a mass update/reboot cycle before the final freeze the week after.

Ansible galaxy / collections fun

One of the things I wanted to clean up what the ansible collections that were installed on our control host. We have a number that are installed via rpm (from EPEL). Those are fine, we know they are there and what version, etc. Then, we have some that are installed via ansible. We have a requirements.txt file and running the playbook on the control host installs those exact versions of roles/collections from ansible galaxy. Finally we had a few collections installed manually. I wanted to get those moved into ansible so we would always know what we have installed and what version it was. So, simple right? Just put them in requirements.txt. I added them in there and... it said they were just not found.

The problem turned out to be that we had roles in there, but no collections anymore so I had not added a 'collections:' section, and it was trying to find 'roles' with those collection names. The error "not found" was 100% right, but it took me a few to realize why they were not found. :)

More A.I. Scrapers

AI scrapers hitting open source projects is getting a lot of buzz. I hope that some of these scraper folks will realize it's counterproductive to scrape things at a rate that makes them not work, but I'm not holding my breath.

We ran into some very heavy traffic and I had to end up blocking brazil for a while to pagure.io. We also added some CPU's and adjusted things to handle higher load. So far we are handling things ok now and I removed the brazil blockage. But no telling when they will be back. We may well have to look at something like anubis, but I fear the scrapers would just adjust to not be something it can catch. Time will tell.

Thats it for this week folks...

comments? additions? reactions?

As always, comment on mastodon: https://fosstodon.org/@nirik/114207270082200302

March 21, 2025

Michael Catanzaro GNOME 48 Core Apps Update

It has been a year and a half since my previous GNOME core apps update. Last time, for GNOME 45, GNOME Photos was removed from GNOME core without replacement, and Loupe and Snapshot (user-facing names: Image Viewer and Camera) entered, replacing Eye of GNOME and Cheese, respectively. There were no core app changes in GNOME 46 or 47.

Now for GNOME 48, Decibels (Audio Player) enters GNOME core. Decibels is intended to close a longstanding flaw in GNOME’s core app set: ever since Totem (Videos) hid its support for opening audio files, there has been no easy way to open an audio file using GNOME core apps. Totem could technically still do so, but you would have to know to attempt it manually. Decibels fixes this problem. Decibels is a simple app that will play your audio file and do nothing else, so it will complement GNOME Music, the music library application. Decibels is maintained by Shema Angelo Verlain and David Keller (thank you!) and is notably the only GNOME core app that is written in TypeScript.

Looking to the future, the GNOME Incubator project tracks future core apps to ensure there is sufficient consensus among GNOME distributors before an app enters core. Currently Papers (future Document Viewer, replacing Evince) and Showtime (future Videos or possibly Video Player, replacing Totem) are still incubating. Applications in Incubator are not yet approved to enter core, so it’s not a done deal yet, but I would expect to see these apps enter core sooner rather than later, hopefully for GNOME 49. Now is the right time for GNOME distributors to provide feedback on these applications: please don’t delay!

On a personal note, I have recently left the GNOME release team to reduce my workload, so I no longer have any direct role in managing the GNOME core apps or Incubation process. But I think it makes sense to continue my tradition of reporting on core app changes anyway!
Tom Tromey Faster Faster GDB Startup

A while ago, I wrote about my work to speed up GDB’s DWARF reader. I thought I’d write again with a few updates.

Sharding

Back then, I wrote: “maybe GDB could trade memory for performance and shard the resulting index and do separate canonicalizations in each worker thread”.

I did end up doing this. Recall that the canonicalization step goes through all the discovered DWARF entries of interest — basically, all the objects in the program that both have a name and are not in a function scope (except in some languages, there is always an exception with DWARF) — and ensures the names are in a normal form. For Ada, this step includes synthesizing the package hierarchy (something that should probably be done for Go as well, except nobody really works on the Go support in GDB).

As an aside, sometime in the last few years we realized that this canonicalization has to be done for C as well, because in C there are multiple spellings of types like “short”. This is also implemented.

Because GDB already reads DWARF CUs in chunks in separate threads, the sharding idea is that we can speed up canonicalization a bit by doing this separately. Previously, GDB combined all the results before processing. Sharding means that lookups are a little more complicated; but it turns out not to be too hard, because the number of shards is typically low (for reasons I haven’t yet investigated, the reader doesn’t scale past 8 threads or so).

Background Reading

The other major change I made is to do all the DWARF reading in the background. This is a trick to make gdb feel faster to users. The basic idea here is that in many cases, gdb does not immediately need the DWARF from the various files. So, if we push the reading into worker threads, maybe it will be completely read in by the time gdb does need it.

This also somewhat benefits the situation where several shared libraries are loaded at once into the inferior. In this case, gdb already defers breakpoint re-setting until all the DWARF has been read — and with this change, all that work will be done in parallel.

Making this work wasn’t entirely straightforward. The main issue here is that gdb determines the initial language and location for “list” (et al) based on the debug info. The patches arrange to set these things lazily as well. I also had to add some rudimentary thread-safety to BFD.

Now, this can be defeated in a few ways. If you have a .gdbinit that sets a breakpoint, then that will cause the familiar pause, because setting a breakpoint will wait for the workers to complete. Or, if you debug a large executable and type very quickly, you may have to wait for the parsing to finish.

However, when it does work, it feels like gdb starts instantly.
Fedora Community Blog Infra and RelEng Update – Week 12
This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

Week: 17 Mar – 21 Mar 2025

Infrastructure & Release Engineering

The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
Itâ€™s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
List of planned/in-progress issues

Fedora Infra
- In progress:
- Done:
CentOS Infra including CentOS CI
- In progress:
- Done:
Release Engineering
- In progress:
- Done:
If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

The post Infra and RelEng Update – Week 12 appeared first on Fedora Community Blog.
Josef Strzibny Running interactive sessions with Kamal
How to connect to a container on a server managed by Kamal and run an interactive session?

Interactive server actions

Kamal comes with a kamal server exec to execute a single command on the server. If we pass the -i option, we’ll start the interactive session that doesn’t cancel the connection immediatelly.

Similarly, Docker comes with docker exec command with the -it options to run a container process interactively.

If we combine both of these we’ll get what we need. A single command to run something interactively out of a single container:
```
$ kamal server exec -i "docker exec -it [CONTAINER] [COMMAND]"
```
Example

Here’s an example with kamal-proxy:
```
$ kamal server exec -i "docker exec -it kamal-proxy bash"
```
After running the comment we’ll be dropped into the container running Kamal Proxy.

Then we can play with the proxy without running long commands:
```
$ kamal-proxy stop app-web --message=""
$ kamal-proxy resume app-web
```

March 20, 2025

Amit Shah List of Patents I have filed

This is the list of patents Iâ€™ve filed over the years.

US Patent Number	Title	Inventor/s	Assignee
US-12223191-B1	Management of operating system software using read-only multi-attach block volumes	Shah; Amit	Amazon Technologies, Inc.
US-12210875-B2	Security vulnerability mitigation using address space co-execution	Shah; Amit, Schoenherr; Jan Hendrik, Raslan; Karimallah Ahmed Mohammed, Hillenbrand; Marius, Sironi; Filippo	Amazon Technologies, Inc.
US-10496424-B2	Reconfiguring virtual machines	Shah; Amit	Red Hat, Inc.
US-9990217-B2	Hypervisor printer emulation for virtual machines	Shah; Amit	Red Hat, Inc.
US-9880868-B2	Modifying an OS installer to allow for hypervisor-specific adjustment of an OS	Shah; Amit	Red Hat, Inc.
US-9436529-B2	Providing random data to a guest operating system	Shah; Amit	Red Hat, Inc.
US-9323562-B2	Providing seamless copy-paste operations in a virtual machine environment	Shah; Amit	Red Hat, Inc.
US-9280378-B2	Adjustment during migration to a different virtualization environment	Shah; Amit	Red Hat, Inc.
US-8874697-B2	Content download based on hashes	Shah; Amit	Red Hat, Inc.
US-8863114-B2	Managing software packages using a version control system	Shah; Amit	Red Hat, Inc.
US-8806040-B2	Accessing external network via proxy server	Shah; Amit	Red Hat, Inc.
US-8631408-B2	Configuring parameters of a guest operating system based on detected events	Shah; Amit	Red Hat, Inc.
US-8561067-B2	Test suites for virtualized computing environments	Shah; Amit	Red Hat, Inc.
US-8312453-B2	Mechanism for communication in a virtualization system via multiple generic channels of a paravirtualized device	Shah; Amit	Red Hat, Inc.

Fedora Community Blog End of OpenID authentication in Fedora Account System

On the latest Fedora Infrastructure weekly meeting we decided on a date of OpenID authentication sunset. The date is 20th May 2025.

Why the change?

The OpenID is being replaced by OpenIDConnect (OIDC) in most of the modern web and most of the Fedora infrastructure is already using OIDC as the default authentication method. OIDC offers us better security by handling both authentication and authorization. It also allows us to have more control over services that are using Fedora Account System (FAS) for authentication.

What will change for you?

With the End Of Life of OpenID we will switch to OIDC for everything and no longer support authentication with OpenID. If your web or service is already using OIDC for authentication nothing will change for you. If you are still using OpenID open a ticket on Fedora Infrastructure issue tracker and we will help you with migration to OIDC. For users using FAS as authentication option there should be no change at all.

What will happen now?

We will be reaching to services we identified as using OpenID directly, but as we don’t have control over OpenID authentication we can’t identify everyone.

If you are interested in following this work feel free to watch this ticket.

The post End of OpenID authentication in Fedora Account System appeared first on Fedora Community Blog.

March 19, 2025

Daniel Pocock Debian Pregnancy Cluster, when I stopped using IRC

In my last blog, I started to explore the phenomena of a Debian pregnancy cluster that occurred in the lead-up to DebConf13 which was held in Switzerland.

Ana, from Spain, was another case. Around the time that Marga started the conspiratorial emails, Ana started contacting me almost every day on IRC. The plotters saw me as the most open-minded person in Switzerland and hoped that I would be able to exert influence on other members of the local team.

If Ana's employer was a client I would have had to bill an hour per day, approximately five hours per week, for the discussions that appeared on IRC and elsewhere. I eventually stopped using IRC:

Subject: Re: not on IRC
Date: Tue, 27 Nov 2012 13:18:31 +0100
From: Ana Guerrero <ana@debian.org>
To: Daniel Pocock <daniel@pocock.com.au>

On Tue, Nov 27, 2012 at 09:03:49AM +0000, Daniel Pocock wrote:
> 
> 
> 
> Hi Ana,
> 
> I'm on the road for a few more days, so I am not monitoring IRC at all
> and only intermittently accessing email
> 
> Can you please email me if there is any urgent question, etc?
> 
> What do you think of Marga's current direction?  Do you think other
> people may get involved now?
>

Don't worry too much and keep a low profile. We have almost gotten they
postpone the contract signing tomorrow. that's a first step.
I'm serious abotu the low profile thing, they like blaming things on you
and if you're not active, they cann't.

A few months later, the email appeared on debian-private confirming that Ana had been part of the Debian pregnancy cluster. The baby arrived just two months before DebConf13. Now we know the real reason women were pushing to change the venue.

As a senior developer, I felt that IRC did not give me a net benefit for the time I was online. Whether it is on IRC, on social control media or on a self-managed social media/forum like Discourse, there is a tendency for everybody to focus their questions on the senior developers and we get swamped.

Subject: A different kind of release
Date: Sun, 12 May 2013 18:53:56 +0200
From: Aurelien Jarno <aurel32@debian.org>
To: debian-private@lists.debian.org
CC: Ana Guerrero <ana@debian.org>

Hi,

We are happy parents of a son called Manuel, born a few days ago.
Everybody is fine, and we are trying to get used to our new schedule.
Therefore our time to contribute to Debian might vary from day to day.

Ana & Aurelien

[ This message is to be kept private forever ]

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Privacy & Debian hyprocrisy

The email concludes with a footnote, [ This message is to be kept private forever ]. When my father died, rogue Debianists demonstrated utter contempt for the privacy of my family. Yet they impose upon the rest of us to hide their conflicts of interest and the notorious Debian suicide cluster.

It is important to look at the full email and the pressure on DebConf13 and then take a fresh look at the attacks on José Manuel Santamaría Lema ("santa"). Looking at the attacks on Santa, Ana sent the mail to start the lynching just a few weeks before she went on maternity leave.

Then they chose the name Manuel for their new son.

I feel that other people have paid a price for Ana's insecurities during her first pregnancy, yet the pregnancy was hidden from most people, especially from Santa. When they named their son Manuel, did they realize they were borrowing from the name of the volunteer they lynched?

Subject: Removing a non-DD member of the Qt/KDE team
Date: Thu, 28 Mar 2013 10:00:57 +0100
From: Ana Guerrero <ana@debian.org>
To: debian-private@lists.debian.org, nm@debian.org, leader@debian.org

[sorry for the duplicated email if you receive it twice]

Hi,

This email is about the decision of the Qt/KDE team [1] of banning
José Manuel Santamaria Lema, aka santa, from the team. This means removing
him from the pkg-kde alioth group and removing him from all the group
maintained packages.
After that there are only 4 packages maintained only by him, that are KDE
related and you can find plans at [2].
José is also a DM [3], at the moment, he's only allowed to upload a single
package that as seen in [2] will go to the hands of the KDE team. The DD
who authorized him the rights for uploading this package is revoking them.
With this email, we are also asking FD/NM committee to remove him as DM.

First of all, none of us have any doubt of the technical skills of José.
However, he has shown he doesn't know how to work inside a team,
... [ snip defamation ] ...

That is from the woman who didn't tell other team members that she was in the final stages of her first pregnancy.

It looks like Ana and other team members couldn't keep up with the pace at which Santa was working. Ana's availability was changing due to her pregnancy and other team members would have had extra effort because of that. Is it fair that other developers are punished at a time like that?

I fully support the right of women to participate in technical hobbies like Debian. Employers have certain obligations to women during pregnancy. Volunteers collaborating remotely over the Internet often have no idea whether a woman is pregnant and even if we did know, it isn't fair that other volunteers have suffered adverse consequences in that period.

Santa's activity completely stopped, so the Qt/KDE team simultaneously lost two people:

José Manuel Santamaría Lema, Debian, character assassination, vendetta, expulsion, lynching

Resignations followed

Subject: Resignation
Date: Fri, 19 Apr 2013 14:59:27 -0500
From: John Hasler <jhasler@newsguy.com>
Reply-To: John Hasler <john@dhh.gt.org>
Organization: Dancing Horse Hill
To: debian-private@lists.debian.org

I've resigned.  Your resignation procedure says I must announce that
fact to this list. I've sent the requisite message to
keyring@rt.debian.org and orphaned my packages.  Please notify me if
there is anything I've missed.  Otherwise please do not respond.
-- 
John Hasler jhasler@newsguy.com
Elmwood, WI USA

and some people just stepped back for a while:

Subject: [VAC] -> end of April
Date: Sat, 20 Apr 2013 12:04:05 +0200
From: intrigeri <intrigeri@debian.org>
To: debian-private@lists.debian.org

Hi,

I'll be offline until the end of the month. I'll be planting a garden
with vegetable seeds... and more generally trying to take care of
myself and avoid burn-out while it's still possible.

Regarding the Wheezy release, I won't be able to do any further work
on #704754 ("release-notes: [wheezy] mention AppArmor support") that
the release-notes manager will deem required, so what's left to do in
this area will have to be done by someone else, if at all.

Other than that, my packages should be in good enough state for
Wheezy. In any case, most are team-maintained and I'm on the Low
Threshold NMU list.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

Does Debian vendetta culture impact other families?

Subject: [VAC] 14/04-??/04
Date: Sat, 13 Apr 2013 10:44:18 +0530
From: Kartik Mistry <kartik@debian.org>
To: debian-private@lists.debian.org

Hi,

I need to fix,
1. Shifting my home --> new home.
2. Fix health of my wife.
3. Fix myself to get enough motivation.

#3 is not issue, it pops up time to time. #2 is serious and needs urgent
attention and medical advices.

I'm also travelling from tonight till Friday.

So, please feel free to release!

To be kept private forever. Apart from #2, many people outside this list knows
about my this plan/travel.

--
Kartik Mistry | IRC: kart_
{0x1f1f, kartikm}.wordpress.com

How do you recognize a cult?

Public Health England and the UN DRR tell us that you only need two suicides to declare a suicide cluster. There is no similar threshold for a pregnancy cluster but people were keeping score. Christian Perrier tells us two couples had babies but there were at least three in 12 months. It looks like he didn't know about Marga because she was being even more secretive about it.

Subject: Re: A different kind of release
Date: Mon, 13 May 2013 07:14:14 +0200
From: Christian PERRIER <bubulle@debian.org>
To: debian-private@lists.debian.org
CC: Aurelien Jarno <aurel32@debian.org>, Ana Guerrero <ana@debian.org>

Quoting Aurelien Jarno (aurel32@debian.org):
> Hi,
> 
> We are happy parents of a son called Manuel, born a few days ago.
> Everybody is fine, and we are trying to get used to our new schedule.
> Therefore our time to contribute to Debian might vary from day to day.

\o/ to one more future DD....:-)

Good luck in your new life schedule, A&A...things might change a bit
in the upcoming months..

You guys know I like stupid stats, so you won't be surprised to learn
that, so far, and unless I'm missing something, that makes two "2nd
generation DD" we're aware about....

Lynching on the day you give birth

Ana's baby announced on the same day debian-private started the lynching of Josselin Mouette.

Subject: nomination and call for supporters for expulsion of Josselin Mouette
Date: Sun, 12 May 2013 00:15:29 +0300
From: Eugene V. Lyubimkin 
To: da-manager@debian.org

Hello,

[ Josselin and debian-private@ BCC'ed ]

...

Let's not forget that Adrian von Bidder died on our wedding day and it was discussed like a suicide.. As he died in Switzerland, the coroner's report and the official cause of death was kept hidden.

They tried to tell us Adrian von Bidder's death was a heart attack. They never provided a coroner's report for Ray Dassen either but informally they suggested it is a heart attack too. It was right in the middle of the conflicts about DebConf13, Daniel Baumann, Santa & the Debian pregnancy cluster:

Subject: Ray Dassen passed away
Date: Wed, 22 May 2013 13:32:04 +0200
From: Thijs Kinkhorst <thijs@debian.org>
To: debian-private@lists.debian.org

Hi all,

This morning I've received the sad news that long-time Debian Developer, Ray Dassen, died last weekend from a heart attack, just 40 years old.

Ray has been a Debian Developer for an incredible 19 years, joining our project in 1994, and continued to be an active contributor just until recently.

They remembered how it was done for Frans Pop (Debian Day suicide)

They went to great lengths to hush up the Debian Day volunteer suicide. Those tactics were recalled when Ray Dassen died.

Subject: Re: Ray Dassen passed away
Date: Sat, 25 May 2013 11:04:49 -0700
From: Russ Allbery <rra@debian.org>
Organization: The Eyrie
To: debian-private@lists.debian.org

Dmitry Smirnov <onlyjob@debian.org> writes:

> By the way why is this information only in -private?
> I mean when I die please let everybody know so they won't waste their
> time trying to reach me...

Usually the initial coordination of our reaction to an announcement of
this sort is done in private just in case there are privacy concerns from
the family, anything we have to coordinate about how they want to handle
notification, etc.  That way, we can be careful about how we phrase our
first public notice, which has been important for a few instances in the
past.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Not only women get baby brain

OPW is the Outreach Program for Women, now known as Outreachy. A lot of money is spent on recruiting women to the program. No reports have ever been presented about the economic benefit of those expenditures.

Subject: Re: OPW Student in Kingston, Jamaica
Date: Mon, 25 Nov 2013 18:37:36 +0000
From: Joachim Breitner <nomeata@debian.org>
To: debian-private@lists.debian.org

Hi,

Am Montag, den 25.11.2013, 13:18 -0500 schrieb Paul Tagliamonte:
> She's got a PhD, so I think this could also be a good beersigning, if
> she drinks.

not having a PhD yet I wonder what expects me: Will I be a better
drinker after I get the degree? Or a better keysigner? /me is confused.

Greetings,
Joachim

-- 
Joachim "nomeata" Breitner
Debian Developer
  nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: nomeata@joachim-breitner.de | http://people.debian.org/~nomeata

Debian Account Manager bootstrapped the pregnancy cluster

It looks like Marga and Ana got pregnant immediately after Joerg Jaspert (Ganneff) and Pei-Hua Tseng had their baby.

Familiar pattern,

"I first met my wife at the “International Conference on OpenSource” 2009 in Taiwan. So OpenSource, Debian and me being some tiny wheel in the system wasn’t entirely news to her."

That appears to coincide with a trip to the MiniDebConf Taiwan 2009.

Subject: Little Ganneff says: You are all REJECTED
Date: Thu, 03 May 2012 16:38:19 +0200
From: Joerg Jaspert 
Organization: Goliath-BBS
To: debian-private@lists.debian.org

Hi

litte Ganneff, born 2. May, listening to "[redacted]" (sometimes,
I hope), while presenting his mother with the finest set of "You don't
want to have this type of labour"-36hours labour, completly ignoring
that a day earlier his mother would have been in labour during labour
day, showing that he has no sense of humor, just told me, backed with
the full weight of his 3780 grams and the fearful height of 54cm, that I
should use that magic *m* key[fn:1] and reject all of your approaches to
my time, and as such going into a kind of Vacation over the next few
days to weeks, though he left an option that it will be forever,
forbidding me to talk about the evil grin he had while issuing this
order (and yo, I haven't talked about it, so all is fine).

He also turned on a special-for-you-english-natives mode to let me write
extra long and slightly complicated sentences.

But to show his evil overlord graciousness, he allowed me to show you
http://kosh.ganneff.de/~joerg/paste/2012-05-03-Hd8a1JVfC84/[redacted].png
(mind, this is -private).

Footnotes:

[fn:1] In daks process-new it means "Manual reject"

-- 
bye, Joerg
[-private note: All my parts in this post (or citation of them in
		  		another) are forbidden to be made public later.]

Will little Ganneff become a Debian Developer?

When he is old enough, he will have access to the full archives. Some of them have already been leaked anyway.

When DebConf went back to the Balkans in Kosovo, why did local women avoid it?

Subject: Re: Little Ganneff says: You are all REJECTED
Date: Sat, 5 May 2012 12:07:12 +0200
From: Christian PERRIER <bubulle@debian.org>
To: debian-private@lists.debian.org

Quoting martin f krafft (madduck@debian.org):
> also sprach Gerfried Fuchs <rhonda@deb.at> [2012.05.04.1936 +0200]:
> > > It's called "spring" ;)
> > 
> >  I fear you are misguided.  It's called "start of summer break", if you
> > manage to calculate properly.  :P
> 
> "DebConf"


We need to amend the Debconf11 report: "Little Ganneff: yet another
achievement made in Banja Luka"

/me runs far away

Please see the chronological history of how the Debian harassment and abuse culture evolved.

Fedora fans نسخه لینوکس فدورا ۴۲ بتا منتشر شد

پروژه فدورا با خوشحالی انتشار نسخه بتای فدورا لینوکس ۴۲ را اعلام می‌کند! این نسخه پیش‌نمایشی از ویژگی‌ها و تغییرات نسخه نهایی فدورا لینوکس ۴۲ را ارائه می‌دهد. برای دریافت نسخه پیش‌انتشار هر یک از ویرایش‌ها، می‌توانید به وب‌سایت پروژه مراجعه کنید: فدورا ورک‌استیشن ۴۲ بتا فدورا KDE Plasma Desktop ۴۲ بتا فدورا سرور ۴۲ […]
The post نسخه لینوکس فدورا ۴۲ بتا منتشر شد first appeared on طرفداران فدورا.

March 18, 2025

Matthew Garrett Failing upwards: the Twitter encrypted DM failure

Almost two years ago, Twitter launched encrypted direct messages. I wrote about their technical implementation at the time, and to the best of my knowledge nothing has changed. The short story is that the actual encryption primitives used are entirely normal and fine - messages are encrypted using AES, and the AES keys are exchanged via NIST P-256 elliptic curve asymmetric keys. The asymmetric keys are each associated with a specific device or browser owned by a user, so when you send a message to someone you encrypt the AES key with all of their asymmetric keys and then each device or browser can decrypt the message again. As long as the keys are managed appropriately, this is infeasible to break.

But how do you know what a user's keys are? I also wrote about this last year - key distribution is a hard problem. In the Twitter DM case, you ask Twitter's server, and if Twitter wants to intercept your messages they replace your key. The documentation for the feature basically admits this - if people with guns showed up there, they could very much compromise the protection in such a way that all future messages you sent were readable. It's also impossible to prove that they're not already doing this without every user verifying that the public keys Twitter hands out to other users correspond to the private keys they hold, something that Twitter provides no mechanism to do.

This isn't the only weakness in the implementation. Twitter may not be able read the messages, but every encrypted DM is sent through exactly the same infrastructure as the unencrypted ones, so Twitter can see the time a message was sent, who it was sent to, and roughly how big it was. And because pictures and other attachments in Twitter DMs aren't sent in-line but are instead replaced with links, the implementation would encrypt the links but not the attachments - this is "solved" by simply blocking attachments in encrypted DMs. There's no forward secrecy - if a key is compromised it allows access to not only all new messages created with that key, but also all previous messages. If you log out of Twitter the keys are still stored by the browser, so if you can potentially be extracted and used to decrypt your communications. And there's no group chat support at all, which is more a functional restriction than a conceptual one.

To be fair, these are hard problems to solve! Signal solves all of them, but Signal is the product of a large number of highly skilled experts in cryptography, and even so it's taken years to achieve all of this. When Elon announced the launch of encrypted DMs he indicated that new features would be developed quickly - he's since publicly mentioned the feature a grand total of once, in which he mentioned further feature development that just didn't happen. None of the limitations mentioned in the documentation have been addressed in the 22 months since the feature was launched.

Why? Well, it turns out that the feature was developed by a total of two engineers, neither of whom is still employed at Twitter. The tech lead for the feature was Christopher Stanley, who was actually a SpaceX employee at the time. Since then he's ended up at DOGE, where he apparently set off alarms when attempting to install Starlink, and who today is apparently being appointed to the board of Fannie Mae, a government-backed mortgage company.

Anyway. Use Signal.

comments
Charles-Antoine Couret Venez tester si Fedora Linux a trouvé la réponse avec la version 42 Beta
En ce mardi 18 mars, la communauté du Projet Fedora sera ravie d'apprendre la disponibilité de la version Beta de Fedora Linux 42.

Malgré les risques concernant la stabilité d’une version Beta, il est important de la tester ! En rapportant les bogues maintenant, vous découvrirez les nouveautés avant tout le monde, tout en améliorant la qualité de Fedora Linux 42 et réduisant du même coup le risque de retard. Les versions en développement manquent de testeurs et de retours pour mener à bien leurs buts.

La version finale est pour le moment fixée pour le 15 ou le 22 avril.

Expérience utilisateur
- L'environnement de bureau GNOME est proposé dans sa version 48 ;
- L'environnement de bureau Xfce bénéficie de la version 4.20 ;
- L'environnement de bureau LXQt passe à la version 2.1 ;
- Le logiciel d'installation d'Anaconda devient une application Wayland native ;
- Anaconda a enfin une interface web UI pour l'étape du partitionnement ;
- Anaconda en profite pour également être une web UI par défaut pour Fedora Workstation ;
- L'édition KDE Plasma devient une édition à part entière, étant mise au même niveau que Fedora Workstation avec l'environnement GNOME ;
- L'écran de chargement lors du démarrage plymouth utilise simpledrm pour réduire l'attente qu'un GPU soit disponible ;
- L'environnement de bureau COSMIC bénéficie de sa propre édition Spin ;
- Activation de la mise à jour automatique par défaut pour la version atomique de KDE Plasma nommée Kinoite.
Gestion du matériel
- Amélioration de la prise en charge des webcams basées sur le protocole MIPI au lieu de USB dans les ordinateurs portables x86 ;
- L'Intel Compute Runtime, qui prend en charge notamment le fonctionnement de l'API OpenCL pour les processeurs Intel, a été mise à jour vers la version 24.39 qui signifie également une non prise en charge des processeurs d'avant 2020 (à partir de la 12e génération) ;
- Introduction de la pile Intel SGX pour permettre son utilisation dans le futur pour améliorer l'isolation et la protection mémoire en particulier pour les machines virtuelles ;
- Intégration du projet FEX dans les dépôts pour permettre l'exécution des programmes x86 / x86_64 depuis les architectures AArch64 ;
- L'installateur Anaconda utilise la norme GPT par défaut pour la table de partitionnement pour les architectures PPC64LE et s390x, l'architecture x86_64 et Aarch64 ayant déjà sauté le pas avec Fedora Linux 37 ;
- Les versions atomiques n'auront plus d'images compatibles avec l'architecture PPC64LE ;
- Le paquet du logiciel Zezere qui sert à automatiser l'installation et la configurations de systèmes IoT a été retiré des dépôts.
Internationalisation
- Mise à jour de l'entrée de saisie IBus 1.5.32 ;
- Son aide à la saisie pour le chinois ibus-libpinyin est aussi mise à jour à la version 1.16 ;
- Proposition d'une nouvelle aide à la saisie vocale avec Ibus Speech to Text via le paquet ibus-speech-to-text qui permet de faire de la reconnaissance vocale en local.
Administration système
- Les répertoires /usr/bin et /usr/sbin sont fusionnés ;
- DNF5 va proposer à l'utilisateur de supprimer les clés GPG qui ont expiré, ou qui ont été révoquées, de devoir le faire à la main avec la commande rpmkeys --delete ;
- La commande fips-mode-setup a été retirée du paquet crypto-policies qui permet de rendre dynamiquement son système compatible avec les exigences du gouvernement américain concernant les modules cryptographiques. Cette option doit être activée lors de l'installation par d'autres moyens maintenant ;
- Le navigateur de fichiers pour Cockpit cockpit-navigator est remplacé par cockpit-files ;
- Les éditions dérivées de Fedora Workstation auront par défaut le pare-feu configuré avec l'option IPv6_rpfilter=loose, ce qui suit la politique appliquée pour l'IPv4 depuis Fedora 30 ;
- Ajout du paquet bpfman pour le déploiment et la gestion des programmes eBPF dans le système ;
- Réduction du nombre de règles SELinux liées au type unlabeled_t qui mènent à ne pas enregistrer dans le journal d'audit des erreurs détectées ;
- Mise à jour de l'outil de gestion de configuration Ansible à la version 11 ;
- Le serveur de proxy inverse Apache Traffic Server évolue vers sa 10e version ;
- La version de compatibilité PostgreSQL 15 a été retirée, PostgreSQL 16 reste la version par défaut ;
- Les utilitaires liés au projet OpenDMARC ont été mis dans des paquets individuels au lieu du paquet opendmarc qui les fournissait tous ;
- L'agent pam-ssh-agent a été supprimé des dépôts.
Développement
- La chaîne de compilation GNU bénéficie de GCC 15, binutils 2.44, glibc 2.41 et gdb 15 ;
- La chaîne de compilation LLVM progresse à la 20e version ;
- La boîte à outils Python nommée Django utilise la version 5.x ;
- Mise à jour du langage Go vers la version 1.24 ;
- Le langage Ruby brille avec la version 3.4 ;
- Le langage de programmation PHP s'impose de tout son poids à la version 8.4 ;
- Le compilateur du langage fonctionnel Haskell, GHC, passe à la version 9.8 et sa suite de paquets Stackage utilise la version 23 ;
- Le langage de programmation fonctionnel Idris dispose d'une mise à jour majeure vers sa 2e version ;
- Le langage de scripts Tcl/Tk a été mis à jour vers la 9e version ;
- La bibliothèque de calcul scientifique en Python NumPy passe à la version majeure 2 ;
- L'outil de développement de paquets Python Setuptools a été mis à jour vers la version 74 ;
- Mise à jour de la bibliothèque de compression zlib-ng à la version 2.2.x ;
- La bibliothèque graphique SDL utilise la version 3 pour assurer la compatibilité avec sa version 2 dorénavant ;
- Les anciennes versions de OpenJDK pour le langage Java à savoir 8, 11 et 17 ne sont plus fournies par les dépôts de Fedora mais devront être installés via un dépôt tiers tel que Adoptium Temurin dont le paquet adoptium-temurin-java-repository permet son activation ;
- Le paquet de compatibilité Python pour la version 3.8 a été retiré ;
- La bibliothèque Rust zbus version 1 a été supprimée, la version 4 ou supérieure reste proposée dans les dépôts ;
- La bibliothèque de compatibilité entre Rust et Python, PyO3, se voit retirer les anciennes versions 0.19, 0.20, et 0.21 ;
- L'utilitaire d'exécution des tests unitaires en Python python-pytest-runner est déprécié et sera supprimé dans un futur proche ;
- La bibliothèque de compatibilité entre GTK3 et Rust est marquée comme dépréciée et sera supprimée dans une prochaine version.
Projet Fedora
- Fedora Linux proposera des archives permettant d'être installé avec Windows Subsystem for Linux ;
- Les paquets RPM peuvent bénéficier de la fonction systemd sysusers.d pour créer des utilisateurs dédiés lors de l'installation des paquets RPM ;
- Les mises à jour de Fedora CoreOS passent de OSTree à OCI ;
- Les fichiers Kickstart seront distribués également comme des artéfacts OCI ;
- Activation par défaut de composefs pour les images atomiques bureautiques de Fedora Linux ;
- L'utilitaire edk2 est compilé avec des options de sécurité supplémentaires pour améliorer la sécurité des machines virtuelles reposant sur l'UEFI ;
- Les images live de Fedora Linux utilisent le système de fichiers EROFS en lieu et place de SquashFS ;
- Ajout d'un générateur de dépendances pour les extensions de GNOME Shell, permettant de lier la version de l'extension avec celle de gnome-shell à partir du fichier metadata.json de l'extension ;
- Redéfinition des dépendances de nombreux paquets de git vers git-core.
Tester

Durant le développement d'une nouvelle version de Fedora Linux, comme cette version Beta, quasiment chaque semaine le projet propose des journées de tests. Le but est de tester pendant une journée une fonctionnalité précise comme le noyau, Fedora Silverblue, la mise à niveau, GNOME, l’internationalisation, etc. L'équipe d'assurance qualité élabore et propose une série de tests en général simples à exécuter. Suffit de les suivre et indiquer si le résultat est celui attendu. Dans le cas contraire, un rapport de bogue devra être ouvert pour permettre l'élaboration d'un correctif.

C'est très simple à suivre et requiert souvent peu de temps (15 minutes à une heure maximum) si vous avez une Beta exploitable sous la main.

Les tests à effectuer et les rapports sont à faire via la page suivante. J'annonce régulièrement sur mon blog quand une journée de tests est planifiée.

Si l'aventure vous intéresse, les images sont disponibles par Torrent ou via le site officiel.

Si vous avez déjà Fedora Linux 41 ou 40 sur votre machine, vous pouvez faire une mise à niveau vers la Beta. Cela consiste en une grosse mise à jour, vos applications et données sont préservées.

Nous vous recommandons dans les deux cas de procéder à une sauvegarde de vos données au préalable.

En cas de bogue, n'oubliez pas de relire la documentation pour signaler les anomalies sur le BugZilla ou de contribuer à la traduction sur Weblate. N'oubliez pas de consulter les bogues déjà connus pour Fedora 42.

Bons tests à tous !
Peter Czanik Introducing the develop branch of the syslog-ng git repo
For many years, the development of syslog-ng happened on the master branch in Git. However, if you follow that branch, you might have noticed that there has not been much activity on it lately. That is because we introduced a new branch in git called “develop”.

Why? Simply because keeping release code on the master branch and performing actual development on a separate branch makes several internal processes easier.

So, what is the current status? The code for an upcoming bug fix release is already on the master branch. But all other developments are happening in the new develop branch. Most GitHub processes have already been changed to use the new develop branch. This means that:
- The nightly Debian / Ubuntu packages are generated from the new develop branch: https://www.syslog-ng.com/community/b/blog/posts/nightly-syslog-ng-builds-for-debian-and-ubuntu
- The nightly syslog-ng container is generated from the above packages: https://www.syslog-ng.com/community/b/blog/posts/nightly-syslog-ng-container-images
- While not a GitHub action, my weekly unofficial openSUSE / SLES and Fedora / RHEL & compatible packages are now also built from the develop branch: https://www.syslog-ng.com/community/b/blog/posts/rpm-packages-from-syslog-ng-git-head
And what does this mean for developers? It means that from now on, you should prepare your pull requests against the develop branch. The master branch should only contain code merged from the develop branch right before release.

-

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.
Fedora fans نوروز جشن شکفتن امید و آغاز روزهای روشن

بهار از راه می‌رسد و با خود عطر شکوفه‌ها، صدای پرندگان و طراوتی بی‌نظیر را به ارمغان می‌آورد! نوروز، جشن زنده شدن طبیعت و فرصتی طلایی برای ماست تا رویاهای تازه‌ای بسازیم و با انگیزه‌ای نو، به استقبال روزهای درخشان برویم. لحظه تحویل سال، پر از امید و آرزوهای زیباست؛ لحظه‌ای که گذشته را پشت […]
The post نوروز جشن شکفتن امید و آغاز روزهای روشن first appeared on طرفداران فدورا.

March 17, 2025

Tom Tromey DWARF Abbrevs Use Too Much Space

I was curious about DWARF abbrev table efficiency the other day, so I instrumented gdb to record some simple stats about abbrevs: how many are seen, how many duplicates are seen, and how many bytes are used.

Running gdb on itself, I discovered that abbrevs are largely redundant. In particular, removing redundant abbrevs will remove 95% of abbrevs (10238 unique of 230714 total). Similarly the size of the abbrev tables reduces similarly (230714 bytes needed for the de-duplicated abbrevs, compared to 3848152 as seen in the executable).

Something to think about when you consider the effort DWARF puts in to save a single byte in .debug_info, say by using a 1-byte form rather than a uleb.

I was considering having gdb intern abbrevs and pre-reading all abbrevs so that later steps wouldn’t have to re-read these; but interning turns out to be too slow and so re-reading on demand seems like the way to go.
Felipe Borges Flock to Fedora is coming to Prague!

I’m passing by to let you know that Flock to Fedora 2025 is happening from June 5th to 8th in Prague, here in the Czech Republic.

I will be presenting about Flatpaks, Fedora, and the app ecosystem, and would love to meet up with people interested in chatting about all things GNOME, Flatpak, and desktop Linux.

If you’re a GNOME contributor interested in attending Flock, please let me know. If we have enough people, I will organize a GNOME Beers meetup too.

March 16, 2025

Frank Ch. Eigler moment of zen

Fellow human animals, contemplate these two photos. What's going on?

Here's a Tesla, fully self-driving itself on & off of a local highway, working through an intersection, on its way to a friend. The driver hasn't touched the controls since leaving the home driveway. Beneath the car's screen, an ipad mini, streaming a live video of the SpaceX launch of four astronauts to the ISS via Twitter. Since cell phone reception is crappy here, it's using a Starlink mini dish mounted to the ceiling glass of the Tesla to talk to internet satellites and give us an island of wifi.

In other words, an Elon car is driving us, while we are watching an Elon social media video service, with internet traffic coming through Elon satellites, all to watch an Elon rocket go into space. It's Elon all the way down.
Guillaume Kulakowski Nouvelle Version de mes Conteneurs Docker Apache HTTPD et PHP 8.4 pour Nextcloud

Je viens de mettre à disposition une nouvelle version de mes conteneurs Docker Apache HTTPd et PHP 8.4 pour Nextcloud. Ces deux conteneurs incluent désormais une fonctionnalité permettant de définir le PUID et le PGID qui exécuteront à la fois le démon HTTPd et le processus PHP. L’objectif est de pouvoir installer ces conteneurs sur […]

Cet article Nouvelle Version de mes Conteneurs Docker Apache HTTPD et PHP 8.4 pour Nextcloud est apparu en premier sur Guillaume Kulakowski's blog.

March 15, 2025

Kevin Fenzi Mid March infra bits 2025

AI Scraper scourge

The AI scraper (I can only assume thats what they are) scourge continued, and intensified in the last week. This time they were hitting pagure.io really quite hard. We blocked a bunch of subnets, but it's really hard to block everything without inpacting legit users, and indeed, we hit several cases where we blocked legit users. Quickly reverted, but still troublesome. On thursday and friday it got even worse. I happened to notice that most of the subnets/blocks were from .br (Brazil). So, in desperation, I blocked .br entirely and that brought things back to being more responsive. I know thats not a long term solution, so I will lift that block as soon as I see the traffic diminish (which I would think it would once they realize it's not going to work). We definitely need a better solution here. I want to find the time to look into mod_qos where we could at least make sure important networks aren't blocked and other networks get low priority. I also added a bunch more cpus to the pagure.io vm. That also seemed to help some.

F42 Beta on the way

Fedora 43 Beta is going to be released tuesday! Shaping up to be another great release. Do download and test if you wish.

Datacenter Move

The datacenter move we are going to be doing later this year has moved a bit later in the year. Due to some logistics we are moving to a mid June window from the May window. That does give us a bit more time, but it's still going to be a lot of work in a short window. It's also going to be right after flock. We hope to have access to new hardware in a few weeks here so we can start to install and setup things. The actual 'switcharoo' in June will be over 3 or so days, then fixing anything that was broken by the move and hopefully all set before the F43 Mass rebuild.

comments? additions? reactions?

As always, comment on mastodon: https://fosstodon.org/@nirik/114167827757899998

March 14, 2025

Daniel Pocock Margarita Manterola (marga, Google) & Debian DebConf13 Swiss venue intrigue

Today somebody asked me about what went wrong in the DebConf13 venue conflict. As in any technical problem, the best thing to do is find the root cause. In this case, there are a series of super-secret emails that are so private they weren't even shared on the debian-private mailing list.

Margarita Manterola (marga) was working for Google at the time and she started the email thread with a small group of people who would be sympathetic to overriding the work of the DebConf local team and forcing them to change the venue.

DebConf13 had been assigned to a local team in Switzerland. They proposed a remote venue called Le Camp.

There were two women involved in this and both of them had become pregnant at the same time. They didn't want to tell anybody about their pregnancies. It is not even mentioned in the emails but we know it is true in hindsight.

There is a perception, largely true, that women in Debian are the partners of male developers. The pregnancies and the fact these pregnancies started around the same time really underline the fact that female Developers are not really independent members of the community. When they are part of a discussion or when they participate in a vote they are usually lobbying the rest of us in unison with whatever their partner is saying. For outsiders reading the Debian mailing lists, these relationships are not obvious.

When people refer to a cabal in Debian we can't ignore the dangers of the groupthink problem. When people wear the same tartans, when they pretend there is no money to pay for things and when we see a core group of people who have pregnancies at the same time, why was that so embarrassing that they couldn't tell us about it? They are embarrassed to admit groupthink is a typical symptom of a cult.

Forcing people to do things is a common theme in Debian these days.

Marga's email describes the tactics of working as a group to put pressure on the local team and break their will.

The local team agreed to organize the conference as volunteers and people were actively trying to control the volunteers from Google.

Forcing people to do things, the Debian Suicide Cluster, coincidence of course.

Remember, Marga is the same person who didn't even want Carla to share the food at DebConf15 in Africa. But she wanted to have the whole venue change to accommodate her own family planning project.

In 2023, they wanted to force people to contribute money for the day trip and one volunteer who did a lot of work in the local team was Abraham Raji. After all the work he did, including the logo design, Abraham didn't want to pay for the day trip, he was left behind to swim alone and died by drowning.

Marga says a lot in this email but doesn't mention the pregnancies were also a factor in her thinking.

Please see the chronological history of how the Debian harassment and abuse culture evolved.

Subject: Regarding DC13 venue issues
Date: Sun, 25 Nov 2012 00:31:36 +0100
From: Margarita Manterola <marga@debian.org>
To:

Hi,

[Re-sent due to wrong headers on the first try. Please reply to this mail]

This message is long. I'm sorry. I beg you to PLEASE read it anyway.

As most of you know, this has been quite a complicated year for me, I
started a new job, in a new country.  This has kept me away from Debian and
DebConf for most of this year.  I wasn't present in the venue decision for
DC13, and missed DC12.  I very much regretted both things, but have been
looking forward to DC13 all this time.

Now, finally, I'm settling and have a bit more free time, I've been working
on Debian bugs, and I have come back to see what was going on with DC13,
only to find a number of shocking things that I think need urgent action:

The venue is located on a town of 256 inhabitants, 100km from Geneva, 160km
from Basel and 180km from Zurich. No direct train available, bus needed.
The nearest supermarket is 3.7km away (by car).  This basically the
definition of a place in the middle of nowhere.  Something that we've been
trying hard to avoid after DC6, because after it, we learned that the
surroundings are also part of the venue.

Also, it is not cheap.  The current budget is around € 200,000, and we will
get no government help to cover the holes this time. Keep in mind that in
the past years we have raised about € 50,000 (apart from government help).
There has been work done on this front, but we are nowhere near the 200k
mark, and it's extremely unlikely that we'll get that much.

Finally, the accommodation offered is not adequate for what DebConf has
come to be. Only 101 beds in private/semi-private rooms (up to 6 people).
And 169 places to be used with sleeping bags (no private beds).  This could
have been fine 10 years ago, but it's not what the conference is now.

In other intances, people that wanted better rooms have just gone to a
nearby hotel.  In this case this is not possible.  The closest hotel (1.2km
away) is 320 CHF per night.  The rest of the hotels are way too far away,
would require renting a car.

To top everything off, they are requiring us to sign binding contracts to
pay for a certain amount of people that we can't really be sure of, with
money that we haven't yet raised. Plus other contract niceties that some of
you probably know better than me.

All this that I have stated you most like already knew.  I'm just restating
them together, because I suspect that they've been brought up many times,
but as separate issues.  They are one big issue.

My conclusion is that Le Camp is unacceptable as a venue.  However, the
local team is very opposed to a change.  Their reasons vary.  
One of the reasons is that this is the venue that was voted on.  We need to
convince them that this doesn't matter.  The decision meeting is not a
binding contract.

Another reason is that it is not possible to find a better venue in
Switzerland.  I don't believe this. But if this were true, then we should
analyze having DC13 in a different country.  It's not too late to change.

Another reason is that it is "too late".  I understand that for the swiss
it would be late, but I know from my own experience and others' that this
has been done successfully in the past and until we actually sign the
contract, it is NOT too late, so we must act now.

This mail is to try to gather some consensus outside of IRC, with those
that have raised their voices before.  Because discussions on IRC about
this subject have turned nasty and nothing useful was achieved, and I
REALLY want to help making DC13 successful, not just complain and sulk.
The options I see right now are:

1- Convince the local team to find a different venue. [Hard]
2- Find a different venue outside of the local team, and then convince them
   to go for it. [Also hard]
3- Discard Switzerland and find a new location. [Bound to make people
   unhappy, but easier than 1 and 2]
4- ? Any other ideas?

Regarding alternative venues, there's already a proposed venue, but
mentioning it to the local team has created a very unhelpful atmosphere on
IRC, I fail to understand why.  This is something where acting as a group
instead of individual complainers would maybe make a difference.

I'm really interested in hearing options and actions that we might take.
Please do not shrug this off.  I know that this has been discussed many
times, and that I wasn't there before. It saddens me, but this has not been
solved.  We need to solve it.

Please reply with opinions, ideas, ways that we could make this better.

Thank you for your time.

PS: Please do not share this mail with other people yet.

-- 
Love,
Marga

Please see the chronological history of how the Debian harassment and abuse culture evolved.

Margarita Manterola, Debian, DebConf, Google

Photo courtesy of ECI37

Please see the chronological history of how the Debian harassment and abuse culture evolved.

Fedora Community Blog Infra and RelEng Update – Week 11 2025
This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

Week: 10 – 14 March 2025

Infrastructure & Release Engineering

The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
Itâ€™s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
List of planned/in-progress issues

Fedora Infra
- In progress:
- Done:
CentOS Infra including CentOS CI
- In progress:
- Done:
Release Engineering
- In progress:
- Done:
List of new releases of apps maintained by I&R Team
- Patch update of CentOS CI Duffy from 3.4.0rc3 to 3.4.0 on 2025-03-12: https://github.com/CentOS/duffy/compare/v3.4.0rc3…v3.4.0
- Patch update of MD API from 3.1.6 to 3.1.7 on 2025-03-12: https://github.com/fedora-infra/mdapi/releases/tag/3.1.7
- Patch update of CentOS CI Duffy from 3.4.0rc2 to 3.4.0rc3 on 2025-03-11: https://github.com/CentOS/duffy/compare/v3.4.0rc2…v3.4.0rc3
If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

The post Infra and RelEng Update – Week 11 2025 appeared first on Fedora Community Blog.

March 13, 2025

Matěj Cepl Dreaded “Too many arguments” error with cd

When using bash(1) option autocd I get often to the situation that multiple directories is found, and then cd fails to work with the error I begun to dread: “bash: cd: too many arguments”. After brief (half an hour at most) but very passionate discussion with Gemini, we came to this solution:

cd() {
  local result
  local first_arg="$1"

  if [[ -z "$first_arg" ]]; then
    command cd "$HOME"
    return
  fi

  shift

  if [[ "$first_arg" == "--" ]]; then
    first_arg="$1"
    shift
  fi

  local remaining_args=("${@}")

  command cd "$first_arg" 2>&1 >/dev/null
  local cd_result=$?
  if [[ "$cd_result" -ne 0 ]]; then
    if [[ ${#remaining_args[@]} -gt 0 ]]; then
      local selected_arg=$(printf "%s\n" "${remaining_args[@]}" | fzf)
      if [[ -n "$selected_arg" ]]; then
        command cd "$selected_arg"
      fi
    fi
  fi
}

shopt -s autocd
shopt -s expand_aliases

Leaving it here for posterity. Exercise for the reader could be better use of fzf.

Fedora fans چهارشنبه سوری مبارک

چهارشنبه‌سوری، جشن کهن ایرانی، شبی است که آتش، نماد پاکی و روشنایی، در دل تاریکی شب زبانه می‌کشد و گرمای امید را به دل‌ها هدیه می‌دهد. این آیین زیبا که نسل به نسل از نیاکانمان به ما رسیده، فرصتی است برای رهایی از غم‌ها و بدی‌ها و استقبال از سالی پر از شادی و خوشبختی. […]
The post چهارشنبه سوری مبارک first appeared on طرفداران فدورا.
Peter Czanik Testing Elasticsearch 9.0.0 beta1 with syslog-ng

Each time a new major Elasticsearch version is released, someone asks if it works with syslog-ng. So I gave it a quick test and based on that, it works fine. But of course, some terms and conditions apply… :-)

Before you begin

On the syslog-ng side, I used the latest development snapshots for RHEL: https://www.syslog-ng.com/community/b/blog/posts/rpm-packages-from-syslog-ng-git-head For Elasticsearch, I used a tutorial from the Elastic website: https://www.elastic.co/guide/en/elastic-stack/9.0/installing-stack-demo-self.html

Make sure that you use a dedicated test environment. Why? See below… :-)

Operating systems

For most software, when their documentations mention RHEL 8 as a system requirement, said software usually work without any problem on RHEL 9 and even on CentOS Stream 10 as well. However, this does not seem to be the case with Elasticsearch: its tutorial says that “the examples in this guide use RPM packages to install the Elastic Stack components on hosts running Red Hat Enterprise Linux 8”. My initial test was done on RHEL 9, however, and I could not get Elasticsearch 9.0.0-beta1 to work – even the curl test failed. I wanted to check if the issue was a software or an environment problem, so I installed the latest Elasticsearch 8.X release in the VM. But I got the same results – I could not get it to work.

So I went back to RHEL 8 and suddenly, installing Elasticsearch 8 worked perfectly. The curl test worked, just as installing Kibana. I sent logs from syslog-ng and I could browse the results in Kibana immediately.

Fresh install instead of upgrading

I am lazy, so once I had a working 8.X installation, I tried to upgrade it to version 9.0.0-beta1. But I had no luck. Deep in the log file among some long Java error messages, there was a short message that upgrading from 8.X to 9.0 is not supported. So I deleted the Elasticsearch and Kibana packages, along with all the configuration and data directories. I installed Elasticsearch 9.0.0-beta1 again from scratch, then suddenly, everything worked as expected. I have yet to make some measurements, but at first glance, version 9 feels to be faster.

What is next?

If you use RHEL or compatibles and still have an old RHEL 8 (or compatible) system around, you are ready for testing. Everything worked fine in my test environment, but as its name implies, I did not have production logs available. If you have a chance, set up a RHEL 8 (or compatible) box, prepare a fresh Elasticsearch & Kibana 9.0.0 beta installation, then feed it with production logs. Just make sure that your test destination is set up alongside a well-working production destination instead of replacing it. Let us know your experiences!

-

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

March 12, 2025

Peter Czanik The syslog-ng Insider 2025-03: EPEL 10; Elasticsearch; Active Roles
Dear syslog-ng users,

This is the 129th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

NEWS

Test syslog-ng on EPEL 10!

CentOS Stream 10 and EPEL 10 just became available, and as usual, I tried to build syslog-ng as soon as possible. For now it is available in my git snapshot repository, but I am also planning to make it available in EPEL 10 soon.

https://www.syslog-ng.com/community/b/blog/posts/test-syslog-ng-on-epel-10

Collecting Active Roles logs centrally using the syslog-ng Windows Agent

One Identity Active Roles allows you to easily and securely manage Active Directory (AD), Entra ID and M365 Identity objects. While Active Roles stores its log messages into Windows Event Log, most log management and log analytics applications expect to receive log messages over the syslog protocol. This is where syslog-ng Premium Edition (PE) can help you. The syslog-ng Windows Agent can collect and forward Active Roles log messages from Windows Event Log, while the syslog-ng server can collect, process, store and forward Active Roles log messages to multiple destinations.

https://www.syslog-ng.com/community/b/blog/posts/collecting-active-roles-logs-centrally-using-the-syslog-ng-windows-agent

syslog-ng OSE 4.8.1 is now in EPEL 10, quick fix for Elasticsearch

This blog is just a quick announcement that syslog-ng 4.8.1 is now available in EPEL 10, so you do not have to use the testing repository anymore. Thanks everyone for the feedback! However, support for Elasticsearch 7+ is broken in this release, as some of you reported. You can fix this problem as described in https://github.com/syslog-ng/syslog-ng/issues/5207 by removing references to “type”.

https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-ose-4-8-1-is-now-in-epel-10-quick-fix-for-elasticsearch

WEBINARS
- You can learn about upcoming webinars and browse recordings of past webinars at https://www.syslog-ng.com/events/
Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/
Cockpit Project Cockpit 335
Cockpit is the modern Linux admin interface. We release regularly.

Here are the release notes from Cockpit 335 and cockpit-machines 329:

Storage: SMART device health

The Storage page now shows disk device health and can run disk self-check tests on demand.

Machines: Fix remote viewer launching

The “Launch viewer” button in Cockpit Machines now reliably launches “virt-viewer”. The fix adds a generated filename to the application/x-virt-viewer helper file, resolving browser-specific launch issues. The filename also clarifies the file’s purpose in the downloads folder.

Try it out

Cockpit 335 and cockpit-machines 329 are available now:

March 11, 2025

David López Análisis Explicativo del Modelo de Redes Neuronales para Clasificación de Sentimientos en Reseñas…
Análisis Explicativo del Modelo de Redes Neuronales para Clasificación de Sentimientos en Reseñas de Películas
Este artículo es una continuación de un análisis previo en el que se exploró en detalle el modelo Naive Bayes para la clasificación de sentimientos en reseñas de películas (lo puedes encontrar aqui). En aquella ocasión, se destacó su eficiencia y rendimiento en la tarea de predecir si una reseña era positiva o negativa. En esta segunda parte, nos enfocaremos en el desarrollo, implementación y evaluación de un modelo basado en Redes Neuronales (LSTM), y compararemos sus resultados con los obtenidos por el modelo de Naive Bayes. El objetivo es comprender las ventajas y desventajas de cada enfoque, y determinar cuál es más adecuado para esta tarea específica.
A continuación, se presenta un análisis detallado del desarrollo del modelo de Redes Neuronales, seguido de una comparación de los resultados de ambos modelos, destacando al modelo de Naive Bayes como el más eficiente en este contexto.
Desarrollo del Modelo de Redes Neuronales (LSTM)
1. Preprocesamiento de Datos
El primer paso en el desarrollo del modelo de Redes Neuronales fue el preprocesamiento de los datos. Este proceso es crucial para garantizar que los datos estén en un formato adecuado para el entrenamiento del modelo. Las tareas realizadas incluyeron:
Tokenización: Se utilizó la clase Tokenizer de Keras para convertir las reseñas de texto en secuencias de enteros. Cada entero representa un token (palabra) en el vocabulario.
```
tokenizer = Tokenizer(num_words=5000)
tokenizer.fit_on_texts(df_reviews_nn['Processed_Review_Text'])
X_nn = tokenizer.texts_to_sequences(df_reviews_nn['Processed_Review_Text'])
```
Padding: Para garantizar que todas las secuencias tuvieran la misma longitud, se aplicó padding. Esto es esencial porque las Redes Neuronales requieren entradas de tamaño fijo.
```
maxlen = generate_padded_sequences(X_nn)
X_nn = pad_sequences(X_nn, maxlen=maxlen)
```
Codificación de Etiquetas: Las etiquetas (positivas y negativas) se codificaron utilizando One-Hot Encoding para facilitar su procesamiento en el modelo.
```
onehot_encoder = OneHotEncoder(sparse_output=False)
y_nn = onehot_encoder.fit_transform(df_reviews_nn['Category'].values.reshape(-1, 1))
```
2. División de Datos
Los datos se dividieron en conjuntos de entrenamiento y prueba para evaluar el rendimiento del modelo. Esta división permite validar la capacidad del modelo para generalizar a datos no vistos.
```
X_train_nn, X_test_nn, y_train_nn, y_test_nn = train_test_split(X_nn, y_nn, test_size=0.2, random_state=42)
```
3. Creación del Modelo LSTM
Se construyó un modelo de Red Neuronal utilizando la clase Sequential de Keras. El modelo incluyó una capa de Embedding para representar las palabras en un espacio vectorial, una capa LSTM para capturar dependencias temporales en los datos, y una capa densa con activación softmax para la clasificación.
```
model_nn = Sequential([
    Embedding(input_dim=5000, output_dim=128, input_length=maxlen),
    LSTM(units=128, dropout=0.2, recurrent_dropout=0.2),
    Dense(2, activation='softmax')
])
```
4. Compilación y Entrenamiento del Modelo
El modelo se compiló utilizando el optimizador Adam y la función de pérdida categorial_crossentropy, adecuada para problemas de clasificación multiclase. Luego, se entrenó el modelo con los datos de entrenamiento.
```
model_nn.compile(optimizer='adam', loss='categorical_crossentropy', metrics=['accuracy'])
hist = model_nn.fit(X_train_nn, y_train_nn, epochs=5, batch_size=64, validation_data=(X_test_nn, y_test_nn))
```
5. Evaluación del Modelo
Se evaluó el rendimiento del modelo utilizando métricas como precisión, recall, F1-score y el informe de clasificación. Estas métricas proporcionan una visión completa del desempeño del modelo.
```
y_pred_nn = model_nn.predict(X_test_nn)
y_pred_classes_nn = y_pred_nn.argmax(axis=1)
y_test_classes_nn = y_test_nn.argmax(axis=1)

accuracy_nn = accuracy_score(y_test_classes_nn, y_pred_classes_nn)
precision_nn = precision_score(y_test_classes_nn, y_pred_classes_nn, average='weighted')
recall_nn = recall_score(y_test_classes_nn, y_pred_classes_nn, average='weighted')
f1_nn = f1_score(y_test_classes_nn, y_pred_classes_nn, average='weighted')
classification_report_nn = classification_report(y_test_classes_nn, y_pred_classes_nn, target_names=onehot_encoder.categories_[0])

print(f'Accuracy: {accuracy_nn}')
print(f'Precision: {precision_nn}')
print(f'Recall: {recall_nn}')
print(f'F1-score: {f1_nn}')
print(f'Classification Report:\n{classification_report_nn}')
```
6. Resultados de la Evaluación
El modelo de Redes Neuronales mostró un rendimiento sólido, con una precisión y F1-score altos. Sin embargo, la matriz de confusión reveló un mayor número de falsos positivos y falsos negativos en comparación con el modelo Naive Bayes.
7. Visualización de la Curva ROC y AUC
Se calcularon y visualizaron las curvas ROC y los valores de AUC para ambos modelos (Naive Bayes y LSTM) en los conjuntos de entrenamiento y prueba.
```
# Calcular la curva ROC y el AUC para el conjunto de prueba del modelo LSTM
fpr_nn_test, tpr_nn_test, thresholds_nn_test = roc_curve(y_test_nn.argmax(axis=1), model_nn.predict(X_test_nn).argmax(axis=1))
roc_auc_nn_test = auc(fpr_nn_test, tpr_nn_test)

# Subplot para la curva ROC del modelo LSTM
plt.subplot(1, 2, 2)
plt.plot(fpr_nn_train, tpr_nn_train, label=f'Train (AUC = {roc_auc_nn_train:.2f})')
plt.plot(fpr_nn_test, tpr_nn_test, label=f'Test (AUC = {roc_auc_nn_test:.2f})')
plt.plot([0, 1], [0, 1], 'k--')  # Línea diagonal para referencia
plt.xlabel('False Positive Rate')
plt.ylabel('True Positive Rate')
plt.title('ROC Curve - Model 2 (Red Neuronal)')
plt.legend(loc='lower right')

# Mostrar la figura con los gráficos
plt.tight_layout()
plt.show()
```
Comparación de Resultados
Modelo Naive Bayes
- Precisión y Rendimiento: El modelo Naive Bayes demostró ser altamente efectivo, con una precisión y un F1-score superiores. La matriz de confusión mostró un equilibrio óptimo entre verdaderos positivos y verdaderos negativos, con un mínimo de falsos positivos y falsos negativos.
- Tiempo Computacional: Este modelo es computacionalmente eficiente y rápido de entrenar, lo que lo hace ideal para aplicaciones donde el tiempo de procesamiento es crítico.
Modelo de Red Neuronal (LSTM)
- Precisión y Rendimiento: Aunque el modelo de red neuronal mostró un buen rendimiento, con una precisión y F1-score altos, la matriz de confusión indicó un mayor número de errores en comparación con Naive Bayes.
- Tiempo Computacional: El entrenamiento del modelo LSTM es más intensivo en términos de tiempo y recursos computacionales. Aunque su rendimiento es competitivo, el costo computacional es significativamente mayor.
Conclusión
Tras evaluar ambos modelos, se concluye que el modelo Naive Bayes es la mejor opción para la clasificación de sentimientos en reseñas de películas. Su combinación de alta precisión, rendimiento equilibrado y eficiencia computacional lo hace superior al modelo de Redes Neuronales en este contexto específico. Sin embargo, es importante destacar que el modelo LSTM podría mejorar con ajustes adicionales, como la optimización de hiperparámetros, el uso de embeddings preentrenados o técnicas de regularización más avanzadas. Ambos enfoques tienen sus fortalezas, y la elección final dependerá de los requisitos específicos del proyecto, como la disponibilidad de recursos computacionales y la necesidad de precisión.
Resumen del Curso de Procesamiento del Lenguaje Natural
El curso de PLN se estructuró en tres sprints, cada uno diseñado para profundizar en aspectos específicos del procesamiento y análisis de texto. A continuación, se detalla lo que se aprendió en cada uno de ellos:
Sprint 1: Introducción al Procesamiento del Lenguaje Natural
En este sprint, se sentaron las bases teóricas y prácticas del PLN. Los temas cubiertos incluyeron:
- Conceptos Básicos: Se introdujeron los fundamentos del PLN, como la tokenización (división de textos en palabras o frases), la lematización (reducción de palabras a su forma base) y la eliminación de stopwords (palabras comunes que no aportan significado, como “y”, “el”, “de”).
- Preprocesamiento de Texto: Se aprendieron técnicas esenciales para limpiar y preparar textos, como la normalización (convertir texto a minúsculas, eliminar puntuación), la corrección de errores ortográficos y la eliminación de ruido en los datos (por ejemplo, caracteres especiales o HTML).
Este sprint fue fundamental para entender cómo transformar texto crudo en datos estructurados y listos para ser utilizados en modelos de machine learning.
Sprint 2: Modelos Probabilísticos de NLP y Métodos de Aplicación
En el segundo sprint, el enfoque se centró en la recopilación de datos y el uso avanzado de herramientas de PLN. Los aprendizajes clave incluyeron:
- Web Scraping: Esta técnica es esencial para obtener textos de fuentes en línea, como reseñas de películas, noticias o comentarios en redes sociales.
- NLTK (Natural Language Toolkit): Se profundizó en el uso de NLTK para tareas avanzadas de PLN, como la identificación de partes del discurso (POS tagging), el análisis sintáctico (parsing) y la generación de n-gramas (secuencias de palabras).
- spaCy: Se exploró spaCy, una librería moderna y eficiente para PLN, que permite realizar tareas como el reconocimiento de entidades nombradas (NER), la dependencia sintáctica y la comparación de similitudes entre textos.
Este sprint proporcionó las habilidades necesarias para recolectar y procesar grandes volúmenes de texto desde la web, una competencia clave en el ámbito del PLN.
Sprint 3: NLP — Modelos y Algoritmos Avanzados
El tercer sprint se enfocó en técnicas más avanzadas, incluyendo modelos de redes neuronales y métodos modernos de PLN. Los temas cubiertos incluyeron:
- Redes Neuronales para Texto: Se introdujeron arquitecturas como LSTM (Long Short-Term Memory), capaces de capturar dependencias temporales en secuencias de texto. Estas redes son especialmente útiles para tareas que requieren entender el contexto a lo largo de una frase o párrafo.
- Aplicaciones Prácticas: Se implementó un modelo LSTM para clasificación de sentimientos, comparando su rendimiento con el modelo Naive Bayes. Este ejercicio permitió entender las ventajas y desventajas de cada enfoque, así como los casos de uso más adecuados para cada uno.
Este sprint brindó una visión más amplia de las técnicas modernas de PLN, preparando a los estudiantes para abordar problemas más complejos, como la generación de lenguaje natural o la traducción automática.
Conclusión del Curso
El curso proporcionó una formación integral en PLN, desde los conceptos básicos hasta las técnicas más avanzadas. A lo largo de los tres sprints, se adquirieron habilidades prácticas en preprocesamiento de texto, implementación de modelos probabilísticos y redes neuronales, y evaluación de su rendimiento. Además, se exploraron herramientas y librerías esenciales como NLTK, spaCy y Keras, que facilitaron la aplicación de estos conocimientos en proyectos reales.
Uno de los aprendizajes más valiosos fue la importancia de elegir el modelo adecuado para cada tarea. Mientras que Naive Bayes demostró ser una opción rápida y eficiente para clasificación de texto, las Redes Neuronales ofrecen mayor flexibilidad y precisión en tareas más complejas que requieren entender el contexto. Este conocimiento es fundamental para desarrollar soluciones efectivas en el ámbito del PLN y abordar desafíos futuros, como la interpretación de lenguaje natural en tiempo real o la creación de chatbots inteligentes.

Daniel Pocock Crossbow murders: prevention, missed opportunities

The horrific crossbow murders in Bushey occurred relatively close to where I used to reside in St Albans, Hertfordshire. While the suspect was on the run, I rang some friends who live in the area to ask if they had checked all their doors and windows were really locked.

It was risky to publish so much detail about the case while it is still in progress knowing that some new evidence might come along to contradict me. As it turns out, the blog was largely correct with its focus on the relevance of social control media and the toxic culture. At the very end of the trial, prosecutors revealed that Kyle Clifford had been following Andrew Tate, justifying my concerns about the role of social control media.

One key piece of evidence appears to be inconsistent: the date of the crossbow purchase. This is really fundamental to understanding what was going on in Clifford's mind. In some reports, they claim he called his brother in prison on 1 July 2024 to declare he had ordered a crossbow. In reports from the same media organizations, sometimes within the same page, they claim he made the purchases on 3 July, that is, the day that his ex-girlfriend shared a Tweet about women leaving their partners.

Examples of the contradiction:

Daily Mail timeline only mentions the purchase of weapons on 3 July
The Sun timeline mentions both 1 July, conversation with his brother about buying a crossbow and 3 July, buying the crossbow
Sky News live feed from the trial and the sentencing hearings has consecutive posts about both 1 July ("He had a conversation with his brother Bradley, who's serving life in prison for murder, and told him about his crossbow order, the prosecution says.") and 3 July ordering the crossbow

Sometimes journalists do make mistakes with dates. Sometimes lawyers make mistakes with dates. Maybe he had started thinking about the order or started the online shopping cart on 1 July but only made the payment on 3 July. Maybe the conversation with his brother on 1 July was really boasting about something he hadn't actually ordered yet.

The British police themselves have attracted a lot of controversy for their infiltration of environment activist groups and the relationships between undercover police and female activists. Yet when they had this recording of a convicted murderer talking to his brother about the purchase of weapons, they may have had a missed intelligence opportunity.

The news summaries of this horrendous crime only give us the broad brushstrokes. It is very easy to hate this guy. Even the killer's lawyer stood up before the judge and said he was only defending the guy because it was his job to do so but he also thinks it is a particularly despicable crime.

To really deal with the Andrew Tate phenomenon, we need to break it into three phases, which can be easily confirmed using the live feeds from the trial and the "timeline" news articles:

Date(s)	Who	What
23 June	Louise	Begins to communicate the relationship is over
23 June to 2 July	Kyle	Begins plotting, although his only concrete action is to purchase rope and arrange it as a noose for himself in the cemetary.
3 July	Louise	Shares / re-tweets comment about women leaving their partner, gives the break-up a public dimension
3 July, 4 July	Kyle	Buys offensive weapons, crossbow, knife, air gun, petrol cans
9 July	Kyle	Triple murder with crossbow and knife

To understand Clifford's feelings when his ex starts to engage in publicity on social control media, we can take a detour and look at the case of one of the four police officers who committed suicide after the January 6 riot at the US Capitol.

Of particular interest is the case of Officer Kyle DeFreytag. DeFreytag was only deployed to the US Capitol after the rioters had been chased away. He was posted there to enforce the curfew in the empty building where five people had been killed earlier in the day. Despite the fact the riot was over, the officers posted there that night must have felt like they were in a haunted house. Moreover, they may have feared a return of the rioters. After all, the rioters had been egged on by the president himself, Donald Trump, who still had another two weeks in office. Trump had used social media and a speech in ways that appeared to encourage civil disorder. Many officers who served in the days after the riot reported feeling a sense of dread and despair, an ongoing trauma. A few months later, DeFreytag became the fourth January 6 suicide victim.

Whether it is the January 6 mob or the vigilantism when a woman starts a rumor on social control media, the sense of apprehension is much the same. I spoke to another man in a high profile position who was subject to vendettas by a woman. Somebody in a more senior position made the mistake of sharing it too quickly. The victim told me that his first response was to get his wife and children out of the house. The mob mentality that grips people in social control media is very similar to the way people behave out of character when they assemble in a large group at a protest or a football match.

When Elon Musk's Twitter/X platform enticed Louise Hunt to make their break-up into a public story, she may not have intended any harm at all. Clifford, on the other hand, may have feared the worst, including the possibility that her celebrity father may share tweets with his 10,000 followers. Clifford's perception of the potential for a mob may have been based on the worst case scenario, nonetheless, he is not the only man who was taken by this sense of dread. If he saw the break-up becoming a public drama it doesn't justify the extreme violence but it may help us understand the step change in his behavior.

When Clifford's brother was convicted for murder, it brought about an online wave of public hostility against his family. Most of us never experience something like that. Yet for Clifford, when he saw his ex starting to create a negative narrative on Twitter, his previous experience of social media shamings would have compounded his sense of dread about how Twitter might exploit his current break-up.

Social control media clearly seeks to profit from the public fascination with conflict involving young white women. Sadly, a good profile photo and an emotional story goes a lot further than fact-checked evidence. When journalists hacked the mobile phone of 2002 murder victim Milly Dowler, looking for her last voicemail messages, there was public outrage. The rise of social control media has allowed Elon Musk to profit from tapping into the last thoughts of crossbow victim Louise Hunt. The erosion of this couple's privacy may have been a factor in Clifford's turn for the worse.

The fear of vigilantism doesn't justify Clifford's actions but it does suggest why on 3 July there was a step change in his planning on the day the tweet was shared. Before the tweeting, he appeared to be more concerned with ending his own life but after the tweet, his actions were far worse.

The suicide rate for men is four times higher than for women. Shortly before the crossbow murders, somebody submitted this Freedom of Information request asking how many people had taken their own life on the London Underground. The authorities were unable to reply, partly because the transport department is not responsible for classifying the cause of death, that is the job of the coroner. A report on Wikipedia suggests 643 suicide attempts in the period 2000 to 2010, roughly one per week. It is not clear how many of these relate to relationship breakdown.

People widely commented on the fact that Clifford, who is in prison, could refuse to come to the court for the trial and sentencing. Even the Prime Minister's office in Downing Street made public comment on this feature of the trial. Nonetheless, neither Andrew Tate nor Elon Musk attended the trial either. The content they respectively create and propogate is clearly harmful to people at vulnerable times in their lives.

Look at how Jack Dorsey was confirmed to speak at FOSDEM this year but he changed his mind and canceled at the last minute.

Who is the bigger psychopath?

In the victim statement of John Hunt, he stated:

When I challenge myself about how you were able to deceive us all, I simply say that you are a psychopath who, for the duration of your time together with Louise, was able to disguise yourself as an ordinary human being.

We could say similar things for social control media platforms pretending to be like a trusted friend while they are really exploiting people's trust to violate our privacy.

Fact checking: date of the tweet, date of crossbow purchase

Daily Mail tells us that Kyle purchased the crossbow on the same day Louise re-tweeted.

The Sun tells us about the conversation about "buying" the crossbow on 1 July and also on 3 July.

Sky News send live updates during the trial. They appear to be paraphrasing a speech by the prosecutor. Once again, it is not clear whether Kyle Clifford really made the actual purchase on 1 July or 3 July.

Crossbow murders, timeline, Sky News live feed

Louise Hunt's "last tweet" was actually re-tweeting somebody else. Did Kyle Clifford see this and did he only go through with the purchasing of weapons after this impacted him?

Crossbow murders, Louise Hunt, Twitter, X, last tweet

Remembering Dr Jacob Appelbaum

I don't want to suggest Louise Hunt intended to start a mob, she is a victim of social media just as much as anybody else. Social media mobs have a mind of their own.

When social control media vigilantism started to spread rumors about Dr Jacob Appelbaum in 2015, it quickly turned into real-world aggression, as evidenced by the graffiti on Dr Appelbaum's home (below). I checked the debian-private gossip messages and proved that the rumors were falsified for what appears to be a sadistic political motive.

How many men fear similar reprisals when somebody makes their life into a subject for public speculation?

Daniel Pocock Domain password giveaway: NickDelehanty.ie Irish Elections 2024

After the Irish elections, I canceled the auto-renewal for various domain names that look similar to rival candidates. This means that the registrations will lapse at the end of 12 months, in November 2025 and anybody else can then register the same names.

There are five years between general elections in Ireland and these domain names won't be very useful for me in that period.

Why wait for the domain names to lapse in November? I decided to stagger the transfer of the domain names by releasing the passwords publicly. I'm saving the best for last.

Here is the domain transfer password for NickDelehanty.ie:

as4awdybzslmajcO

To take NickDelehanty.ie from me, you can use any domain name registrar who you prefer. It is currently hosted with Gandi. The Irish .IE registry has a full list of registrars that you can choose from.

There is a good chance that other people may have more creative ideas for using some of the domain names. There are many people with the same name as some of the candidates. I don't want to stand in their way.

At the count center, I reached out to some of the other candidates and let them know I'd be happy to gift the domain names for Christmas. Some of them never got back to me.

In a couple of cases, the candidates had previously owned the domain names and failed to renew them. This creates a much higher risk that somebody could acquire their former domain name and deliberately impersonate them. I'll hold back on releasing those domain names for a little bit longer.

The domain names were acquired in good faith but simply letting the former domain name of the justice minister lapse into the hands of a cybersquatter could create a risk for innocent members of the public. Look at how much money the FSFE people have taken by impersonating the FSF. Politics aside, I'd prefer to just give Jim the domain name so that doesn't happen.

Then again, it raises some ethical questions: if I give a domain name to a member of the cabinet, is it a gift? If he owned it before too, and I've helped him get it back with no real benefit to myself, is it still a gift? If it is a gift and if the transfer of the domain is public knowledge, does that neutralize any ethical concerns and comply with disclosure rules?

I hope my acquisition of the domains will encourage some productive ethical discussions about the role of technology in our democracy. While people are distracted by that, cybersquatters are busy buying up domain names that look like future candidates to replace Pope Francis. It's not polite to say that while people are praying for the Pope's recovery from illness but nonetheless, that is the behavior of real cybersquatters.

Each .IE domain name costs about EUR 20 to register. I haven't even asked anybody to reimbourse me for that expense. Every candidate who's vote tally exceeds a quarter of a quota is able to fully recover their expenses, including domain name fees, from public funds.

After somebody takes NickDelehanty.IE off my hands I'll wait a few days and then share the next domain in the list. Please follow my RSS feed to be first to know when the next opportunity appears.

Daniel Pocock is a Debian Developer.

Please see the chronological history of how the Debian harassment and abuse culture evolved.
Kiwi TCMS Kiwi TCMS 14.1
We're happy to announce Kiwi TCMS version 14.1!

IMPORTANT:

This is a minor version release which includes security related updates, several improvements, API changes and new translations.

Recommended upgrade path:
```
14.0 -> 14.1
```
You can explore everything at https://public.tenant.kiwitcms.org!

---
Public container image (x86_64):
```
pub.kiwitcms.eu/kiwitcms/kiwi   latest  203d476fbcdc    674MB
```
IMPORTANT: version tagged and multi-arch container images are available only to subscribers!
Changes since Kiwi TCMS 14.0
Security
- Update Django from 5.1.6 to 5.1.7 addressing a medium severity denial-of-service vulnerability, CVE-2025-26699, which does not appear to affect Kiwi TCMS
Improvements
- Update django-simple-captcha from 0.6.1 to 0.6.2
- Update psycopg from 3.2.4 to 3.2.5
- Update pygithub from 2.5.0 to 2.6.1
- Enable search functionality on Tag Admin page (Jurijs JeÅ¡kins). Fixes Issue #3739
- After cloning a TestCase load its Edit page. (Martin Bodurov)
- Add Search Test Executions item under SEARCH menu in navigation bar
- Display Default tester field on Search Test Cases page
- Display Default tester fields on Execution Dashboard page. Closes Issue #3766
- On TestRun view page display TestExecution history diff only when user accessing the page has the testruns.view_historicaltestexecution permission. Otherwise it will not be shown
- Display Last Bug ID - Status widget for each TestExecution row on TestRun view page. Closes Issue #3748
- Allow user to exclude Product condition on Search Test Cases page
- Update references to Kiwi TCMS container images across our code base, documentation and website as we may change hosting providers soon
- Update performance results documentation
- Document results for parallel user session performance. Closes Issue #721
API
- Method TestExecution.history() is now controlled by the more granular testruns.view_historicaltestexecution permission instead of the generic testruns.view_testexecution
Refactoring and testing
- Update isort from 6.0.0 to 6.0.1
- Update sphinx from 8.1.3 to 8.2.3
- Update node_modules/webpack from 5.97.1 to 5.98.0
- Remove eslint-plugin-promise as a direct dependency
- Remove duplicate field history_change_reason from ORM query
- Refactor code which displays the red bug icon in TestRun view page
Translations
- Updated Albanian translation
- Updated Korean translation
- Updated Portuguese, Brazilian translation
Kiwi TCMS Enterprise v14.1-mt
- Based on Kiwi TCMS v14.1
- Update certbot-* from 3.1.0 to 3.2.0
- Update sentry-sdk from 2.20.0 to 2.22.0
- Update social-auth-app-django from 5.4.2 to 5.4.3
- Add new setting MERMAID_RENDERER_URL
Private container images
```
hub.kiwitcms.eu/kiwitcms/version            14.1 (aarch64)          21e42abe02fc    10 Mar 2025     688MB
hub.kiwitcms.eu/kiwitcms/version            14.1 (x86_64)           f94f7ef3d6cc    10 Mar 2025     674MB
hub.kiwitcms.eu/kiwitcms/enterprise         14.1-mt (aarch64)       181f2ffe0a75    10 Mar 2025     1.08GB
hub.kiwitcms.eu/kiwitcms/enterprise         14.1-mt (x86_64)        12c79af66fc6    10 Mar 2025     1.06GB
```
IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!
How to upgrade

Backup first! Then follow the Upgrading instructions from our documentation.

Happy testing!

---

If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!
- Give â� on GitHub;
- Give ğŸ‘� on GitLab;
- Join our newsletter and follow all project news;
- Become a contributor and an awesome open source hacker;
- Become a subscriber and help us sustain development

March 10, 2025

Adam Young Bogotá
“Get out”

That was my sister, telling me via chat to get out of the cab I had just gotten in to. In her defense, I had screwed up her instructions, which was to go to the Imperial Cab counter at the airport, prepay for a ride to her apartment, and in no case was I to get directly into a cab.
Table of contents
Travel To Colombia

I was sleep deprived. The night before gave me about 2 hours of actual sleep. Anxiety about so many things kep me awake, including the 5 AM wakeup we needed in order to catch a car to Logan to make our flight. It was already cutting in close.

We had exit row seats on the plane. That was great for the extra leg room, but they did not recline, and sleeping was pretty close to impossible. Thus, once we landed and got through customs, I made the mistake of following someone with a sign for Imperial. I thought we were going to the counter, but we ended up outside, with a couple ladies loading our gear into a cab. It turned out fine, the cabbie took me right to my Sister’s building, and accepted payment in US dollars. I was not kidnapped, run all over the city, and forced to empty my bank account.

Bogatá has a reputation for being one of the most dangerous cities in the world, but it is also an amazing city. It has a new-feeling, upscale section around the offices of many of the Banks with Apartment buildings that would fit in any new metropolis in the world. It also aparently has one of the largest mega slums in the world: Ciudad Bolivar. We would not go any further south than the Candalaria district, except for two excursions out of the Bus station on Calle 6.

Sunday Biking

For the first day, though, we planned on taking advantage of the biking culture in the city. We arrived on Sunday, when many of the streets in Bogota had been closed to vehicular traffice, and bikes ruled many roads. Most notably, I was able to grab a tembici Bike less than 3 blocks from Carrera 7. With my sister on her own bike, my son on a borrow3d bike, and me on the admittiedly heavy rental, we took a tour down 7th, but turned off to a cross street before we hit the heavy crowds in the city center.

Sunday Biking in Bogatá

I forgot to track the route on my Garmin watch, but we got a pretty good tour of the safer part of the city, incuding a sight of the Botero Sculpture in the Parque el Renacimiento.

Botero Sculpture of a Bald Man riding a Horse

After our bike ride, my son retired to my sister’s apartment, while we two went out into a market up in the the Usaquen neighborhood. Lunch, coffee, and shopping was mixed with that feeling you get when you are once again mixed into a foreign culture. I have a decent grounding in Spanish, but it has been years since I practiced it regularly, and the accent in Colombia is very different from the Madrilleño accent I had learned when I was 16. Fortunately, I had a wonderful guide in my sister, who had lived in Latin America for 20+ years. She helped me pick out a hammock swing for our front porch that would later prove to make my trip home a bit more difficult.

swing for my front porch

Monserrat

On Monday we did the most touristy of outings: we took the cable car to the summit of Monserate. Bogotoá had been going through a dry spell for most of the previous year, but you would not be able to tell by the weather during our trip. I rained everyday, sometimes in torrents. We carried umbrellas, and, when I remembered, wore my waterproof hiking boots instead of my porous running shoes when out an about in town. The temperature was late summer/ earl fall for the most part, a very pleasant respite from the sub-zero New England winter we had left behind. While we did not get rained on during this outing, the visibility from the top was limited, with only brief breaks in the cloud providing glimpses of the expanse that is Bogotá.

Bogota from the Summit of Monserrat

We attempted then to go to the Gold or Botero museum, but made it down to the Candaleria district around 5, and the museums last allowed entry was at 4 PM. We got a brief tour of the neighborhood and then headed back north.

Gold

The National Museum and the Botero were closed on Tuesdays.Instead, my son and I performed an un-escorted outing, this time to the gold museum. I was expecting a series of demonstrations of how gold mining was perfromed in the countrym from ancient time to the strip mining performed in some unregulated portions of the country today. Instead, it was a huge collection of golden artifacts from indigenous cultures. While many displayes had top-level explanations in English, it was essential to read spanish in order to enuder stand that majority of the descriptions. Even still, most artifacts were unlabeled, at least as far as where they were from and where they had been procured, leading me to wonder how many had been rescued/bought off of treasure hunters. The museum was wonderfully ful of items, and very full of securtiy guards as one might well expect from a museum full of gold.

Gold Arm Ornament from the Gold Museum.

Gold Funeral Mask from the Gold Museum

Did not capture what this was. But it is gold, and in the Gold Museum..

Bogotá has wonderful restaurants. We visited many during the week. Monday night was a French restaurant my sister had wanted to visit. Tuesday nights we had Crepes. Later in the week we visited an Italian restaurant, the favorite of my-soon-to-be-brother-in-law. The food was uniformly excellent, and the prices very acceptable by Boston standards. The coffee was superb, as expected.

Hiking the Bogs above Bogotá

On Wednesday we slipped the bonds of the city. After a car ride to the 6th Street station, we caught the bus to Choachi, accompanied by Carol, a tour guide my sister had worked with before. Halfway to Choachi, we got off the bus, and took a hike in a Hidden Valley.

The Cliffs of the Hidden Valley

Trees of the Cloud Forest

The Pádamo, or High Mountain Bog Biome, Only in Columbia and Scotland

The Old man of the mountains. And a rock face.

Mountain Pond

Waterfall in the Clouds

The Hidden Valley

The National Museum

Thursday, my son and I again took an unescorted museum trip, this time to the national museum.

The building had converted from a prison. That was apparent from this view in the courtyard; ?

I did not take a crazy number of photos, but did capture some of the wood working pieces that caught my attention.

We all enjoyed a dinner out that night.

Journey to the Sacred Laguna

Our flight left just past midnight on Saturday morning, giving us time for one last trip. Again, Carol was our guide, this time from the town of Choachi (or Chiguachi in the language of the native Muiscas) to the sacred lake one town over.

Choachi, the start of our Hike

A Beehive in a Fissure

The Sandstone Walls were quite Squared away

Cactus in Bloom

Vulture

The Author in Repose

The mother embracing La Laguna Sagrado

The trail to la Laguna Sagrada

Return to the States

The rain returned to Bogatá for our trip back to the airport. Despite some flooding and the usual traffic, we made our flight on time and took the red-eye back to Boston.

My Duffel bag was not so lucky. It seemed to want to linger in Colombia, but caught a flight back the next day. According to Tile, it is locked up in an office somewhere in Terminal E of Logan Airport. It has a few things that I would like back. Including the chair.

The Traveling Chair.

Post Script: The Happy Ending

Ready for Summer

The Author Happy at Home in the new swing
The NeuroFedora Blog Next Open NeuroFedora meeting: 10 March 2025 1300 UTC
Photo by William White on Unsplash.

Please join us at the next regular Open NeuroFedora team meeting on Monday 10 March 2025 at 1300 UTC. The meeting is a public meeting, and open for everyone to attend. You can join us in the Fedora meeting channel on chat.fedoraproject.org (our Matrix instance). Note that you can also access this channel from other Matrix home severs, so you do not have to create a Fedora account just to attend the meeting.

You can use this link to convert the meeting time to your local time. Or, you can also use this command in the terminal:
```
$ date -d 'Monday, March 10, 2025 13:00 UTC'
```
The meeting will be chaired by @ankursinha. The agenda for the meeting is:
- New introductions and roll call.
- Tasks from last meeting.
- Open Pagure tickets.
- Package health check.
- Open package reviews check.
- CompNeuro lab compose status check for Fedora 41/rawhide.
- Neuroscience query of the week
- Next meeting day, and chair.
- Open floor.
We hope to see you there!
Josef Strzibny Predownloading embedding models in Rails with Kamal
If you are building AI-powered applications in Ruby on Rails, you might have come across Informers or Transformers.rb gems for transformer inference. Here’s how to improve the production deployment of their models in Kamal setups.

Informers & Transformers.rb

Informers and Transformers.rb are excellent gems for creating document embeddings. These embeddings can then be used to search your documents, build chatbots, and more.

Here’s an example from the README:
```
sentences = ["This is an example sentence", "Each sentence is converted"]

model = Informers.pipeline("embedding", "sentence-transformers/all-MiniLM-L6-v2")
embeddings = model.(sentences)
```
As you can see, you can directly pass a model name you want to the gem. However, these models are quite big and don’t ship with these gems. Conveniently, they will be downloaded on first use.

This auto-download works amazingly well for development but quickly become a major issue in production. If you are using Kamal or other Docker-based deployment you would be constantly downloading these models with every new release.

Production setup

For production, we need to download these models just once to a single location, then point the gems to read the models from there.

The first step is creating a location for them on the server:
```
# run on the server after logging in with SSH
# or ideally make it part of server configuration
mkdir -p /models;
chmod 700 /models;
chown 1000:1000 /models
```
Setting up the ownership for the user 1000 is important since we’ll be downloading them from the Rails containers.

The next step is figure out where they get saved. After a little bit of search on GitHub I found out that both gems construct the cache path using the XDG_CACHE_HOME environment variable.

So we’ll need to set this variable to our location and make sure there are downloaded before we run the application.

Kamal bits

To expose our /models location we’ll add a new volume definition:
```
# config/deploy.yml

service: [SERVICE_NAME]
image: [DOCKER_USERNAME]/[SERVICE_NAME]

volumes:
  - "/storage:/rails/storage"
  - "/models:/rails/models"
```
Now if we read and save from /rails/models inside the application image, we actually read from and save to a permanent location now.

So now we can set XDG_CACHE_HOME env to point to /rails/models:
```
# config/deploy.yml

env:
  clear:
    XDG_CACHE_HOME: "/rails/models"
    ...
```
This way we make sure the downloaded models will get reused, but we should make sure they are available before we run our embedding tasks.

Pre-download

We have a few options on populating the new /models cache.

We can grab the local models and scp them to the expected location (note the full paths with the subdirectory). We can also ‘one off’ a Rails console task with kamal console and make sure they are downloaded or create a Rake task.

We can also make this a firm part of deployment by moving this task into the bin/docker-entrypoint like this:
```
...

if [ "${@: -1:1}" == "solid_queue:start" ]; then
  echo "Caching models into $XDG_CACHE_HOME"

  bundle exec rails runner '
  begin
    model = Informers.pipeline("embedding", "thenlper/gte-base")
    puts "Successfully downloaded thenlper/gte-base model"
  end
  '
fi

echo "Running ${@}"
exec "${@}"
```
Since I run Solid Queue, I used the solid_queue:start as argument. You might need to adjust this to fit your background job processing system.

Note that you need call all of the models you’ll actually use.

March 08, 2025

Daniel Pocock Diana e Adrian von Bidder-Senn, EVP/PEV, Domenica delle Palme e morte di Debian il giorno delle nozze

Adrian von Bidder-Senn è morto il 17 aprile 2011. La data è confermata in numerosi posti. Ho già sottolineato in precedenza che questa morte, che potrebbe essere parte del Debian Suicide Cluster, è avvenuta lo stesso giorno del nostro matrimonio . Che regalo incredibile da parte della " famiglia " Debian.

Un altro fatto fondamentale è che era la domenica delle Palme, la domenica prima di Pasqua. La domenica delle Palme, la Bibbia ci racconta la storia di Gesù Cristo che arriva a Gerusalemme :

Gesù pianse (Giovanni 11:35). Sì, Gesù sapeva che avrebbe resuscitato Lazzaro dai morti, ma questo non gli impedì di provare il dolore della sua morte qui e ora. E gli spettatori riconoscono il significato di questo. Così i Giudei dissero: "Guarda come lo amava!" (Giovanni 11:36)

L'implicazione è che Gesù sapeva che sarebbe morto. Perché non si è semplicemente voltato e non è tornato indietro?

Ma Dio dimostra il suo amore verso di noi in questo: che, mentre eravamo ancora peccatori, Cristo morì per noi. (Romani 5:8)

La vedova di Adrian è Diana von Bidder-Senn che ora ha un ruolo nell'Evangelical People's Party of Switzerland (EVP). In tedesco, il termine Evangelical è equivalente al termine Protestant in inglese. È essenzialmente un partito cristiano-democratico.

Basilea, dove vivevano, è considerata un cantone/città protestante, anche se in pratica il ruolo della religione sta gradualmente diminuendo in Svizzera. Il numero di cattolici a Basilea è quasi alla pari con il numero di protestanti.

Negli ultimi anni, i debianisti canaglia hanno insultato la mia famiglia con ogni genere di voci. Casualmente, il cugino che era nel coro del cardinale Pell era testimone di nozze al nostro matrimonio, ancora una volta, lo stesso giorno in cui morì Adrian von Bidder-Senn, la domenica delle Palme. Dov'ero il giorno in cui morì il cardinale? In Italia . Fu per colpa dei debianisti canaglia, del cardinale o un po' di entrambi?

Si prega di consultare la cronologia di come si è evoluta la cultura delle molestie e degli abusi in Debian .
Swiss JuristGate French woman (frontalière) trafficked to promote unauthorised cross border Swiss insurance

Today, I published a blog on human trafficking and modern slavery. In effect, all forms of exploitation, combined with a voyage of any kind, can be considered as a possible case of human trafficking, even if the voyage is completed using a regular passenger train or flight.

The victim, a French woman had worked seven years in an insurance company in Lyon.

According to the FINMA judgment, the Swiss jurists who were selling the insurance without authorisation were under surveillance since 2021 or earlier.

At the last minute, before FINMA shut down their scam in 2023, the Swiss jurists had created a new company Justiva SA and they employed the cross-border worker (frontalière) to help them.

The victim had acquired various rights due to seven years of service at her previous employer and all those benefits are foregone if a worker quits to change employer. This is especially true if a worker in France quits their job to take a higher salary in Geneva.

The victim started her new job in Geneva in February 2023 and FINMA closed the insurance company in the first week of April 2023. She was still in her probation period when FINMA belatedly shut down this scam.

The FINMA judgment says the rogue firm was immediately shut at the beginning of April. During the probationary period, the victim would have been entitled to one week's pay in lieu of notice. According to the victim's LinkedIn profile, she continued with the new firm Justiva SA for three months until the end of June 2023. We found details of this woman in a backup copy of the Justiva SA web site, the Justicia SA web site and LinkedIn.

Anybody who wants to work in a Swiss insurance company normally needs to complete a three year apprenticeship or diploma in Switzerland. The selection process is normally highly competitive. This woman clearly did not have the Swiss qualifications. When the Swiss jurists offered her a job promoting legal insurance, without any Swiss qualifications, she must have felt she had won the lottery.

The financial regulator went to great lengths to obfuscate the failure of the insurance company run by Swiss jurists. Did they make any effort to prevent former employees talking about the failure?

The outgoing director of FINMA had previously worked for Zurich Insurance. Miraculously, in the same month that Urban Angehrn departed FINMA for health reasons, the woman was given a job at his former employer.

It feels miraculous that Zurich would spontaneously offer this opportunity to somebody who had not passed through the same Swiss training as other employees.

Promoting an unauthorized insurance for cross border workers appears to simultaneously violate laws in both Switzerland and France. If the woman was tricked to leave a stable job in Lyon and do this illegal work then she has been exploited. As the exploitation occurred over an international border, it is a clear clase of human trafficking.

French legal code Art. 225-4-1:

Human trafficking is the act of recruiting a person, transporting them, hosting them or welcoming them for the purposes of exploitation using any of the means following ...

4. for any transaction or payment or another promise of future remuneration or advantage

The exploitation mentioned in the first point can be any of the following ... or to compel the victim to commit any crime or offence

For the purposes of the French law on human trafficking, creating a situation where a cross-border worker is compelled to sell unauthorised insurance is just as bad as using them for sexual slavery. The loss of their previous employment benefits and the terms of the probationary period have the effect of compelling them to continue working for their new master even if they discover it is a scam.

Did FINMA realize that a French woman was human trafficked in violation of modern slavery laws right under their noses in a firm they had been so slow to shut down? Is that the reason the woman appears to have found a new job so conveniently while the clients got nothing?

When I saw this, I remembered my research into the Catholic abuse scandal and the practices used to make secret pay-offs.
Kevin Fenzi Early March infra bits 2025
Here we are saturday morning again. This week was shorter than normal for me work wise, as I took thursday and friday off, but there was still a lot going on.

Atomic desktops / iot / coreos caching issues

I spent a lot of time looking into some odd issues that ostree users were hitting. It was really hard to track down what was broken. No errors on our end, invalidated cloudfront a few times, did a bunch of tweaks to our backend varnish cashes and... the problem was caused by: me.

Turns out we are getting hit really hard all the time by (what I can only assume is crawlers working to fuel LLM's. It's not just us, see for example this excellent lwn article on the problem

We use amazon Cloudfront to serve ostree content to users, since it allows them to hit endpoints in their local region, so it's much faster and reduces load on our primary cache machines. Cloudfront in turn hits our cache machines to get the content it caches.

How does this relate to ostree issues you might ask? Well, I blocked a bunch of IP's that were hitting our kojipkgs servers particularly hard. It turns out some of those IP's were cloudfront, so just _some_ of the cloudfront endpoints didn't have access to the backend so their cache was out of date. I assume cloudfront also has multiple distributions at each region and it was only _some_ of those.

Removing all those blocks got everything working for everyone again (but of course the AI bots are ever present). I also enabled a thing called 'origin shield' which means cloudfront should only pull from one region and sync to the others, reducing load on our caches.

Longer term we probibly need to split up our kojipkgs cache or add more nodes or rearage how things are hit.

I'm deeply sorry about this issue, I know many users were frustrated. I sure was too. Lesson learned to be carefull in blocking bots.

s390x caching problems

And related to that issue, our s390x builders have been having problems pulling packages for builds. They have a local cache that in turn pulls from our primary one. Sometimes, sporadically, it's getting partial downloads or the like. I've still not fully figured out the cause here, but I did make a number of changes to the local cache there that seem to have reduced the problem.

Longer term here we probibly should seperate out this cache to hit a only internal one so the load on the main one doesn't matter.

Coffee machine fun

Friday my coffee machine ( delonghi magnifica ) got stuck in the middle of a cycle. It had gound the beans, but then stopped before the water step. So, I looked around at repair videos and then took it apart. It was actually pretty cool how it was put together, and I was able to basically manually turn a pully to move it down to unlocked, then I could remove the brew group and clean everything up and put it back together. Working great again. Kudos also to the The iFixit pro toolkit that I got a while back. A weird screw? no problem.
Home assistant

Been having a lot of fun tinkering with home assistant.

After looking, decided that zigbee networking is better than bluetooth and less power hungry than wifi, so I picked up a Zigbee gateway and it works just fine. At one point I thought I accidentally flashed it with esp32 builder, but seems it didn't work, so whew.

Got some smart plugs ( Amazon link to smart plugs ) and these little things are great! pair up fine, HA can manage their firmware versions/update them, lots of stats. I put one on the plug my car charges on, another on a plug that has a fridge and a freezer on, one on the plug my main server UPS is on, and kept one for 'roaming'. It's cool to see how much power the car charging takes in a nice graph.

Got some cheap temp sensors ( Amazon link to temp / humidity sensors ) They seem to be working well. I put one in my computer closet, one in our living room, one in the garage and one outside. (The living room seems to have a 4 degree change from day to night)

I had some old deako smart switches along with a gateway for them. They use a bluetooth mesh to talk to each other and an app, but the gateway is needed for them to be on wifi. I never bothered to setup the gateway until now, but HA needs it to talk to the switches. So I tried to set it up, but it would just fail at the last setup step. So, I mailed daeko and... they answered really quickly and explained that the gateway is no longer supported, but they would be happy to send me some of their new smart switches (that have wifi built in and can act as a gateway for the old ones) free of charge! I got those on thursday and set them up and they worked just dandy. But then I tripped over Chestertons Fence. The 3 old smart switches were all controlling the same light. That seemed silly to me. Why not just have one on that light, use two 'dumb' switches for the other two places for that light and then move the other smart ones to other lights? Well, turns out there are several problems with that: The 'dumb' switches have a physical position, so if you did that one could be 'on' with the light off, another 'off', etc But the biggest problem is that the smart switch is needed to route power around. If you turn the light 'off' on a 'dumb' switch you can have the one smart one with no power and it doesn't do anything at all. So, after messing them up I figured out how to factory reset them and re-pair them. For anyone looking the process is:

Resetting:
- plug in and while it 'boots', press and hold the switch.
- it should come up with a 3 2 1 buttons to press.
- press each in turn
Pairing (you have to pair switches that all control the same lights):
- unplug all switches
- plug one in and Press and hold the switch it should come up with a flashing 1
- If nothing happens, try each of the other two in turn. Only one has 'power'
- press 1 on the first switch.
- Repeat on switch 2 and press 2 on the first switch
- Repeat on the last switch and press 3 on the first switch
I could have saved myself a bunch of time if I had just left it the way it was. Oh well.

Finally I got some reolink cameras. We have a small game camera we put out from time to time to make sure the local feral cats are ok, and to tell how many racoons are trying to eat the cats food. It's kind of a pain because you have to go put it outside, wait a few days and then remember to bring it back in, then pull the movies off it's sdcard.

So replacing that with something that HA could manage and we didn't need to mess with sounded like a win. I picked up a bundle with a Home Hub and two Argus Eco Ultra and 2 solar panels for them.

The Home hub is just a small wifi ap with sdcard slots. You plug it in and set it up with an app. Then, you pair the cameras to it and HA talks to the cameras via the hub. There's no external account needed, setup is all local and you can even firewall off reolink if you don't want them to auto uprgade firmware, etc. I've not yet set the cameras up outside, but a few impressions: The cameras like REALLY LOUD AUDIO. When you first power them on they greet you in a bunch of languages and tell you how to set them up. Thats fine, but when I did this people in my house were sleeping. Not cool. Even powering them off causes a chirp that is SUPER lOUD. The cameras have a 'siren' control that I have been afraid to try. :) Anyhow, more on these as I get them setup.

I had 2 UPSes here. One for my main server and critical loads and another one for less important stuff. With all the home assistant stuff I ran out of battery backed plugs, so I picked up a 3rd UPS. The new one was easy to add to nut, but I had a long standing problem with the two I already had: They are exactly the same model and product and don't provide a serial number on the usb port, so nut can't tell them apart. Finally I dug around and figured out that while I was specifying bus, port and device, it wasn't working until I moved one of them to another USB plug (and thus another bus). I then got all 3 of them added to HA. One thing that confused me there is that since all 3 of them are on the same nut server and are using the same upsmon user, how do I add more than 1 of them in HA? Well, it turns out if you go to the nut integration, add device, enter the same host/user/pass it will pop up a screen that asks you which one to add. So you can add each in turn.

So, lots of fun hacking on this stuff.
comments? additions? reactions?

As always, comment on mastodon: https://fosstodon.org/@nirik/114128294620402197

March 07, 2025

Fedora Community Blog Infra and RelEng Update – Week 10
This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

Week: 3rd Mar – 7th Mar 2025

Infrastructure & Release Engineering

The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
Itâ€™s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
List of planned/in-progress issues

Fedora Infra
- In progress:
- Done:
CentOS Infra including CentOS CI
- In progress:
- Done:
Release Engineering
- In progress:
- Done:
If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

The post Infra and RelEng Update – Week 10 appeared first on Fedora Community Blog.

March 06, 2025

Dan Horák Firefox 128.8.0 ESR built for ppc64le

The JIT-enabled Firefox 128.8.0 ESR has been built for Fedora/ppc64le in my Talos COPR repository. The corresponding sources are in my fork of the official Fedora Firefox package and the JIT is coming from Cameron's work.

Currently only Fedora 40 and 41 builds are present, but builds for 42 and Rawhide are in progress and should be available in the repo soon. Seems the WASI SDK version 20 bundled with our Firefox 128 can't be built any more in the recent Fedoras, due new GCC 15 and other changes (too new cmake it seeems and more), so the WASI support for sandboxing had to be disabled there. The Firefox codebase required a little update to be buildable with GCC 15.

March 05, 2025

David López Clasificación de Sentimientos con Aprendizaje Automático en Python utilizando el Dataset…
Clasificación de Sentimientos con Aprendizaje Automático en Python utilizando el Dataset movie_reviews
En el mundo del Procesamiento del Lenguaje Natural (PLN), una de las tareas más comunes y útiles es la clasificación de sentimientos. Esta técnica permite analizar textos, como reseñas de películas, comentarios en redes sociales o críticas de productos, para determinar si expresan una opinión positiva o negativa. En este artículo, exploraremos cómo implementar un sistema de clasificación de sentimientos utilizando aprendizaje automático en Python. Para ello, utilizaremos el dataset movie_reviews del corpus de NLTK, que contiene reseñas de películas etiquetadas como positivas o negativas.
A lo largo de este artículo, describiremos el proceso completo, desde la carga y preprocesamiento de los datos hasta la implementación y evaluación de un modelo de clasificación. Además, analizaremos los resultados obtenidos y discutiremos posibles mejoras para futuras iteraciones. Este proyecto no solo es una excelente introducción al PLN, sino también una demostración práctica de cómo el aprendizaje automático puede aplicarse para resolver problemas del mundo real.
Descripción del Dataset movie_reviews
El dataset movie_reviews, proporcionado por el corpus de NLTK, es un conjunto de datos ampliamente utilizado en tareas de Procesamiento del Lenguaje Natural (PLN). Este dataset contiene reseñas de películas etiquetadas como positivas (pos) o negativas (neg), lo que lo convierte en una herramienta ideal para proyectos de clasificación de texto y análisis de sentimientos. Cada reseña está almacenada en un archivo de texto y categorizada en una de las dos clases mencionadas, lo que permite su uso en tareas de aprendizaje supervisado.
Preprocesamiento de los Datos
El preprocesamiento de datos es una etapa fundamental en cualquier proyecto de PLN, ya que los textos sin procesar suelen contener ruido que puede afectar el rendimiento de los modelos. En este notebook, se implementaron las siguientes etapas de preprocesamiento:
```
# Importamos las librerías necesarias
import pandas as pd
import re
import nltk
import seaborn as sns
import matplotlib.pyplot as plt
from collections import Counter
from nltk.corpus import stopwords
from nltk.tokenize import word_tokenize
from nltk.stem import WordNetLemmatizer
from sklearn.feature_extraction.text import CountVectorizer
from sklearn.model_selection import train_test_split
from sklearn.naive_bayes import MultinomialNB
from sklearn.metrics import accuracy_score, f1_score

nltk.download('wordnet')
nltk.download('omw-1.4')
nltk.download('stopwords')
nltk.download('punkt')
nltk.download('movie_reviews')
```
Carga del Dataset:
Se cargaron las reseñas de películas utilizando el corpus de NLTK. Cada reseña se almacenó en una lista de tuplas, donde cada tupla contiene el texto de la reseña y su categoría correspondiente (positiva o negativa).
```
reviews = [(movie_reviews.raw(fileid), category)
           for category in movie_reviews.categories()
           for fileid in movie_reviews.fileids(category)]
```
Conversión a DataFrame:
Para facilitar la manipulación y el análisis, las reseñas se convirtieron en un DataFrame de pandas. Esta estructura permite trabajar con los datos de manera más eficiente y aplicar operaciones de limpieza y transformación.
```
df_reviews = pd.DataFrame(reviews, columns=['Review', 'Category'])
```
Definición de Stopwords y Lematización:
Se definieron las stopwords en inglés, que son palabras comunes que no aportan significado relevante al texto (por ejemplo, “the”, “and”, “is”). Además, se inicializó el lematizador de WordNet, una herramienta que reduce las palabras a su forma base o raíz (por ejemplo, “running” se convierte en “run”).
```
stop_words = set(stopwords.words('english'))
lemmatizer = WordNetLemmatizer()
```
Función de Preprocesamiento:
Se desarrolló una función para preprocesar cada reseña. Esta función realiza las siguientes operaciones:
- Convierte el texto a minúsculas.
- Elimina puntuación y números.
- Tokeniza el texto (lo divide en palabras individuales).
- Elimina stopwords.
- Aplica lematización.
```
def preprocess_review(review):
    review = review.lower()
    review = re.sub(r'[^\w\s]', '', review)
    review = re.sub(r'\d+', '', review)
    tokens = word_tokenize(review)
    tokens = [lemmatizer.lemmatize(word) for word in tokens if word not in stop_words]
    return tokens
```
Aplicación del Preprocesamiento:
La función de preprocesamiento se aplicó a cada reseña, y los resultados se almacenaron en una nueva columna del DataFrame. Además, se creó una columna adicional que une los tokens preprocesados en un solo texto para facilitar su uso en el modelo.
```
df_reviews['Processed_Review'] = df_reviews['Review'].apply(preprocess_review)
df_reviews['Processed_Review_Text'] = df_reviews['Processed_Review'].apply(lambda x: ' '.join(x))
```
Modelo Utilizado (Naive Bayes) y Resultados Obtenidos
Para la clasificación de las reseñas, se optó por el modelo de Naive Bayes Multinomial, una elección común en tareas de clasificación de texto debido a su simplicidad y eficacia.
Vectorización de las Reseñas:
Se utilizó CountVectorizer para transformar las reseñas preprocesadas en una matriz de características. Este paso convierte el texto en una representación numérica que puede ser procesada por el modelo.
```
vectorizer = CountVectorizer()
X = vectorizer.fit_transform(df_reviews['Processed_Review_Text'])
y = df_reviews['Category']
```
División del Dataset:
Los datos se dividieron en conjuntos de entrenamiento y prueba, utilizando un 80% para entrenamiento y un 20% para evaluación.
```
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)
```
Entrenamiento del Modelo:
Se creó y entrenó el modelo de Naive Bayes Multinomial con los datos de entrenamiento.
```
model = MultinomialNB()
model.fit(X_train, y_train)
```
Predicciones y Evaluación:
Se realizaron predicciones sobre el conjunto de prueba y se evaluó el modelo utilizando métricas como precisión y F1-score.
```
y_pred = model.predict(X_test)
accuracy = accuracy_score(y_test, y_pred)
f1 = f1_score(y_test, y_pred, pos_label='pos', average='binary')
```
Los resultados obtenidos fueron:
- Precisión del 81%:
  Una precisión del 81% es un resultado sólido para un modelo de clasificación de texto, lo que sugiere que el modelo es capaz de identificar correctamente la mayoría de las reseñas como positivas o negativas.
- F1-score de 0.8061:
  El F1-score cercano a la precisión indica que el modelo no solo es preciso, sino que también tiene una buena capacidad para recuperar las reseñas positivas. Esto es especialmente importante en aplicaciones donde tanto la precisión como el recall son críticos.
Graficamos las Palabras más Frecuentes
Para obtener una comprensión más profunda de las características de las reseñas, se generaron gráficos de las palabras más frecuentes en las categorías positiva y negativa.
```
# Obtener las palabras más frecuentes en las reseñas positivas
positive_reviews = df_reviews[df_reviews['Category'] == 'pos']['Processed_Review_Text']
positive_words = ' '.join(positive_reviews).split()
positive_word_freq = Counter(positive_words).most_common(20)

# Obtener las palabras más frecuentes en las reseñas negativas
negative_reviews = df_reviews[df_reviews['Category'] == 'neg']['Processed_Review_Text']
negative_words = ' '.join(negative_reviews).split()
negative_word_freq = Counter(negative_words).most_common(20)

# Crear un DataFrame para las palabras más frecuentes
positive_df = pd.DataFrame(positive_word_freq, columns=['Word', 'Frequency'])
negative_df = pd.DataFrame(negative_word_freq, columns=['Word', 'Frequency'])

# Plotear las palabras más frecuentes en las reseñas positivas
plt.figure(figsize=(12, 6))
sns.barplot(x='Frequency', y='Word', data=positive_df, palette='viridis')
plt.title('Palabras más frecuentes en reseñas positivas')
plt.show()

# Plotear las palabras más frecuentes en las reseñas negativas
plt.figure(figsize=(12, 6))
sns.barplot(x='Frequency', y='Word', data=negative_df, palette='magma')
plt.title('Palabras más frecuentes en reseñas negativas')
plt.show()
```
Los gráficos de palabras más frecuentes proporcionan una visión general de los temas y aspectos que los usuarios destacan en sus reseñas. Por ejemplo, en la gráfica de las reseñas positivas, observamos que las palabras más comunes incluyen términos como “film”, “movie”, “one”, “character”, y “like”. Estas palabras son típicas en reseñas de películas y reflejan aspectos generales y específicos de las películas que los usuarios tienden a mencionar cuando tienen una opinión positiva.
En la gráfica de las reseñas negativas, las palabras más frecuentes también incluyen términos como “film”, “movie”, “one”, “like”, y “character”. Sin embargo, la frecuencia de algunas palabras puede variar en comparación con las reseñas positivas. Esto indica que, aunque los términos utilizados pueden ser similares, el contexto y la connotación en las reseñas negativas son diferentes, reflejando críticas y aspectos negativos de las películas.
Las palabras más frecuentes en ambas categorías de reseñas proporcionan una visión general de los temas y aspectos que los usuarios tienden a destacar en sus opiniones. Estas palabras pueden ser útiles para entender mejor las características que influyen en las percepciones positivas y negativas de las películas.
Conclusión
El desarrollo de esta practica ha demostrado la efectividad de las técnicas de preprocesamiento y el modelo de Naive Bayes Multinomial en la clasificación de reseñas de películas. Con una precisión del 81% y un F1-score de 0.8061, el modelo ha mostrado un rendimiento prometedor, lo que lo convierte en una herramienta útil para aplicaciones prácticas en el análisis de sentimientos.
Sin embargo, siempre hay oportunidades para mejorar. Algunas posibles mejoras incluyen:
- Incorporar técnicas de preprocesamiento más avanzadas, como la eliminación de palabras menos relevantes o el uso de embeddings de palabras.
- Experimentar con modelos más complejos, como redes neuronales o transformers, para capturar relaciones más sofisticadas en el texto.
- Ampliar el dataset o utilizar técnicas de aumento de datos para mejorar la generalización del modelo.
Además, los gráficos de palabras más frecuentes ofrecen una perspectiva valiosa sobre los temas y aspectos que influyen en las opiniones de los usuarios. Esta información no solo enriquece nuestro entendimiento de las reseñas, sino que también puede ser utilizada para guiar futuras investigaciones y aplicaciones en el campo del Procesamiento del Lenguaje Natural (PLN). En resumen, esta práctica nos ha permitido aplicar los conocimientos teóricos adquiridos, consolidando así nuestra comprensión de las técnicas de clasificación de texto. Al mismo tiempo, ha sentado las bases para futuras mejoras y exploraciones en el fascinante y siempre evolutivo mundo del análisis de texto.
Peter Czanik Working with parsed Active Roles logs in syslog-ng
In my previous Active Roles blog, you learned how to forward Active Roles logs to a central syslog-ng server to parse and store the logs. In this blog, I’ll show you how to:

- Work with parsed Active Roles logs.

- Store logs to various document stores.

- Prepare long-term storage.

- Send alerts for some critical events.

Creating a log management layer using syslog-ng PE can save you valuable resources. This is because unlike in environments that use several SIEMs and log analytics software, in case of syslog-ng, you need to collect log messages only once, parse them at the central location, and then forward only relevant logs to each destination. This way, you can save not just valuable network and storage resources, but also licensing costs, as most SIEMs are licensed based on log volume.

Before you begin

If you want to test the configuration described in this blog, you need 2-4 hosts. Installing Active Roles needs 1-3 Windows Server machines, while the syslog-ng PE server requires a supported Linux host. Describing the system requirements or the installation processes are outside the scope of this blog. Contact One Identity at https://www.syslog-ng.com/register/115582/ to receive a trial version of syslog-ng Premium Edition and help to get started. For Active Roles, you can reach One Identity at https://www.oneidentity.com/register/62175/.

Name-value pairs

Name-value pairs (sometimes also called “macros”) are probably one of the most useful parts of syslog-ng. Macros have been a core feature of syslog-ng since the beginning: incoming log messages were parsed by syslog-ng and various fields (priority, facility, date, program, PID and message) were stored into name-value pairs. You could use these to reformat log messages or use these values in file names.

Without additional parsing, the message part of a log message is treated by syslog-ng as one long string. While this might be valid in some use cases, many log messages look like an almost complete English sentence with some variable parts in it. Just think about SSH login messages: they include the user name, the source IP and port, and the login method embedded in a sentence. You might want to create an alert in syslog-ng for such messages (for example, if a root user logs in). However, if the whole MESSAGE is a single string, you cannot do that.

PatternDB can find important information in unstructured log messages, like the above-mentioned SSH login message, and create name-value pairs from the information it finds. There are various parsers for structured log messages as well, like the CSV, JSON and XML parsers. You can also combine these and build some really complex parsers. Sometimes, the syslog header might be missing from log messages, so you need to create a parser for the whole message.

Message parsing and name-value pairs give you a lot more flexibility when it comes to filtering or templating log messages. For example, you can send an alert to Slack when someone logged in as a root user through SSH, or you can forward two important fields from an extremely long log message to save network bandwidth and storage.

Configuring the syslog-ng PE server

In my previous blog, we built a syslog-ng configuration which collected log messages from Windows using the RFC5424 syslog protocol, parsed the messages using the XML parser, and saved the incoming logs both as-is and in JSON format, so that we could see the name-value pairs parsed from XML. We build on that configuration and extend it in several ways by utilizing the name-value pairs parsed from the log messages. Namely, we will add four new destinations:

- An Elasticsearch destination, often used for short-term storage for easy searching and reporting.

- An OpenObserve destination as an example for specifying additional destinations.

- A LogStore destination, providing secure long-term storage for log messages.

- And a Slack destination for alerting when someone deletes an object from AD using Active Roles.

You should append the following configuration to your syslog-ng.conf:
```
# source for Windows clients, RFC5424
source s_win {
  syslog(port(601));
};

# xml parser for Windows XML logs
parser p_xml {
  xml(prefix('winxml.'));
};

# destination for Windows logs
destination d_fromwin {
  file("/var/log/fromwin");
  file("/var/log/fromwin.json" template("$(format-flat-json --scope rfc5424
        --scope dot-nv-pairs --rekey .* --shift 1
        --scope nv-pairs --exclude MESSAGE)\n") );
};

# Elasticsearch destination for easy searching and reporting
destination d_elasticsearch_http {
    elasticsearch-http(
        index("syslog-ng")
        type("")
        user("elastic")
        password("-w35jWfY_syp577m-UfS")
        url("https://localhost:9200/_bulk")
        template("$(format-json –omit-empty-values
        --scope rfc5424 --scope dot-nv-pairs
        --rekey .* --shift 1 --scope nv-pairs
        --exclude DATE --exclude MESSAGE
        --exclude winxml.Event.EventData.*
        @timestamp=${ISODATE})")
        tls(peer-verify(no))
    );
};

# OpenObserve destination
destination d_openobserve_http {
    elasticsearch-http(
        index("syslog-ng")
        type("")
        user("peter@czanik.hu")
        password("-w35jWfY_syp577m-UfS")
        url("http://127.0.0.1:5080/api/default/_bulk")
        template("$(format-json --scope rfc5424 --scope dot-nv-pairs
        --rekey .* --shift 1 --scope nv-pairs
        --exclude DATE --exclude MESSAGE
        --exclude winxml.Event.EventData.*
        --key ISODATE @timestamp=${ISODATE})")
    );
};

# long term storage
destination d_logstore {
  logstore("/var/log/ars.lgs" compress(9) );
};

# alerts to file and Slack
destination d_alerts {
  file("/var/log/alerts.txt");
  slack(
    hook-url("https://hooks.slack.com/services/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")
    template("User ${.SDATA.win@18372.4.EVENT_USERNAME} deleted a ${.SDATA.win@18372.4.EVENT_SID_TYPE} on ${HOST} using ARS")
  );
};

# log path for Windows logs
log {
  source(s_win);
  if ("${PROGRAM}" ne "syslog-ng-agent") {
    parser(p_xml);
  };
  destination(d_fromwin);
  destination(d_elasticsearch_http);
  destination(d_openobserve_http);
  if ("${PROGRAM}" eq "ARAdminSvc") {
    destination(d_logstore);
  };
  if ("${.SDATA.win@18372.4.EVENT_TASK}" eq "ObjectDelete") {
    destination(d_alerts);
  };
};
```
Let’s check this configuration in detail!

The source s_win is a network source using the RFC5424 syslog protocol to collect log messages from syslog-ng Agent for Windows. For simplicity, no TLS is configured in this example. However, for a production environment, using encryption is of course highly recommended for network traffic.

The next building block in the configuration is an XML parser. The syslog-ng Windows Agent is configured to send Windows event logs in XML format, as this way, it is easy to turn log messages into name-value pairs.

The destination called d_fromwin actually includes two file destination drivers. The first one simply writes the incoming log into a file, while the other one writes the name-value pairs parsed from the XML logs into JSON format. You might not need these in the final configuration, but they are very useful while building your syslog-ng configuration. Compared to the previous blog, we did a minor change here: we replaced format-json with format-flat-json. While format-json shows the structure of the log message better, format-flat-json shows the names we can use in the syslog-ng configuration as names of the name-value pairs.

The next building block in the configuration is an Elasticsearch destination. Here, the interesting part is the template. We had an introduction to name-value pairs earlier, so here I want to focus on the format-json template function. Its parameters define which name-value pairs are included in the JSON and how. The –scope option helps to select groups of name-value pairs. We remove the leading dots from the names, as those are normally replaced by underscores by syslog-ng, but that has a special meaning when sent to Elasticsearch. We exclude the date, as we include it in a different format. The original XML message is not included, as it is redundant information. EventData is also excluded, as it might contain information in a format that cannot be ingested by Elasticsearch.

Note that removing the leading dot in the JSON template does not actually change the name of the name-value pairs. It only changes how the name appears in the JSON output. I often forget about this myself and wonder why my template utilizing the name without the leading dot does not work… :-)

The OpenObserve destination is included because it is often asked whether syslog-ng can send logs to multiple destinations at the same time. Yes, it can, and OpenObserve is becoming a popular destination among syslog-ng users.

Logstore is the secure long-term storage format of syslog-ng. In this configuration, we only enable log compression. Depending on the input data and the level of compression, it allows you to drastically reduce the space needed to store your log messages. However, Logstore also allows you to encrypt and time stamp log messages using an external Time Stamping Authority. This way, you can prove that a log message arrived at a specific time and is unmodified.

The next destination in the configuration is for alerts. The file destination was added just for testing and can be safely deleted once everything works as expected. The actual alert that will be used will send the log message to Slack using a template. Names from the flat JSON file came in handy while building this template.

Finally, the log statement is the heart of the configuration. This is what connects the previously described building blocks together, deciding how logs are processed and where they are stored. Logs are collected from the syslog source, and then parsed by the XML parser, unless the application name is syslog-ng-agent.

The next three lines in the log statement make sure that all logs are saved to files, Elasticsearch and OpenObserve. Then, all logs from Active Roles are saved to a logstore. Finally, if someone deletes an object from AD using Active Roles, syslog-ng sends an alert to Slack.

What is next?

Even if this configuration looks complex, it is simplified in many ways. For example, as I already mentioned, you should use encryption in a production environment, but for testing purposes, we simply send messages in clear text in this case. If you looked at the logs in Elasticsearch carefully, you might have also noticed that syslog-ng Agent for Windows messages are empty. We discard the MESSAGE macro in the template, as forwarding it properly would add even more complexity. Of course, you would need to address this for a production environment.

March 01, 2025

Kevin Fenzi Misc bits from late February 2025
Here's another misc bits from Fedora Infra land. I missed last weekend as I was off on some vacation. I've got a few more days coming up that I need to use before they go away. :)

Personal Stuff

We had a big wind storm here on monday. Knocked out power for about 5 hours (which wasn't so bad, since we have a generator, but was anoying). One of our large (150' douglas fir) trees got knocked down by the wind. Luckily it fell away from the house and a fence, and managed to hit a thicket of blackberries I was in the process of trying to remove. Still will need to take care of it, as it's in the way of our path. Also, our dishwasher died (gonna be a few weeks before someone can look at it). It's sad that repairing something takes a few weeks, but I bet I could buy a new one in a few days.
Day of learning on friday

Red Hat does these quarterly "day of learning" days, where everyone is encouraged to go learn something. Work related, not work related, interesting, useful or not. It's really a great thing. This time I decided to play around with Home Assistant some more and figure out how it does things. Adam Williamson mentioned it in a matrix discussion, and I had been meaning to look into it too, so seemed like a great time. I picked up a Home Assistant green (which is basically a small arm box that has home assistant (HA) all installed on it and ready to go. Initial setup was easy, no issues.

Several of my devices are using bluetooth, so I also picked up some little esp32 boards to use as a bluetooth proxy. It's pretty amazing how small these little guys are. I did make one mistake ordering though: I got some with microusb. Had to dig up some old cables. I think I am going to replace them with ones that have usbc. So, I flashed the bluetooth proxy on one, it joined my wifi and... then it didn't work. Took me a while to find out that since my wireless and wired networks are completely seperate, I needed to run a mdns-repeater on my gateway/firewall box to repeat the mdns advertisements. After doing that it saw that just fine, along with a printer that was on wifi.

I connected up my ups server (nut) with no problems, so now I have nice charts and graphs of power usage, battery state, etc.

I have some 'smart' light switches from Deako here too. They connect and work with an adroid app via bluetooth, so I thought they were using bluetooth for HA integration too, but it turns out it requires wifi to connect to them. I do have a old dongle to connect them to wifi, and I tried to set that up, but it seems to just hang at the end when it says it's preparing it. They no longer make that Deako Connect dongle, so I mailed them about it. Perhaps the provisioning for it is even no longer there.

Managed to add my car in with not much trouble. Kinda cool to have all its sensors available easily on the dashboard.

This stuff is a giant rabbit hole. Some things I want to do when time/energy permits:
- There's a way to connect a esp32 device to the serial port on the hot water heater and get all kinds of info from it.
- There's a way supposedly to connect to a internal connector on the heat pumps I have and get a ton of info/control them.
- I'd like to figure a way to monitor my water holding tank. That one is going to be tricky, as the pumphouse is down a hill and not in line of sight of the house. Seems like people do this one of two ways: a pressure sensor dropped in the bottom of the tank, or a distance sensor at the top showing where the water line is.
- After looking I think bluetooth is too much of a mess for things usually, so I order a Zigbee thing for the HA server and some zigbee based power outlets and some temp sensors to try that out.
Lots of fun.
caching issues

So, starting on tuesday there were some issues with out caching setup. First it was s390x builds. They would request some package/repodata from their local cache, it would in turn request it from the main ones and sometimes it would just get a partial read or a incorrect size. I couldn't find anything that seemed wrong. We are in Freeze for beta, so no real changes have been made to infrastructure. So, I was left with trying various things. I updated and rebooted the s390x cache machine. I blocked a bunch of ip's that were hitting the main cache too much. I updated and rebooted the main cache machines. Including a sidetrack where I noticed they were running an old kernel. Turns out 'sdubby' got installed there somehow and it was installing new kernels as efi. The vm wasn't booting efi, so it just kept booting on it's old kernel. After all that it seemed like the issue was gone, or perhaps happening much less often?

After that however, some folks are seeing problems with ostree downloads. All of them I see also don't exist on the cache hosts either, so I am not sure whats happening. I'm very sorry for the issue, as I know it's affecting a number of people. Will keep trying to track it down.

riscv secondary

Managed to mostly sort out builder authentication I think. There's eome limitataions for external builders, but I think we can live with that. Hopefully next week we will start onboarding builders, then will need to import builds, then it will be time to start building!

comments? additions? reactions?

As always, comment on mastodon: https://fosstodon.org/@nirik/114089126937486625

February 28, 2025

Remi Collet 🎲 PHP version 8.3.18RC1 and 8.4.5RC1
Release Candidate versions are available in the testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for a parallel installation, the perfect solution for such tests, and also as base packages.

RPMs of PHP version 8.4.5RC1 are available
- as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
- as SCL in remi-test repository
RPMs of PHP version 8.3.18RC1 are available
- as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
- as SCL in remi-test repository
ℹ️ The packages are available for x86_64 and aarch64.

ℹ️ PHP version 8.2 is now in security mode only, so no more RC will be released.

ℹ️ Installation: follow the wizard instructions.

ℹ️ Announcements:
- PHP 8.4.5RC1 available for testing
- PHP 8.3.18RC1 available for testing
Parallel installation of version 8.4 as Software Collection:
```
yum --enablerepo=remi-test install php84
```
Parallel installation of version 8.3 as Software Collection:
```
yum --enablerepo=remi-test install php83
```
Update of system version 8.4:
```
dnf module switch-to php:remi-8.4
dnf --enablerepo=remi-modular-test update php\*
```
Update of system version 8.3:
```
dnf module switch-to php:remi-8.3
dnf --enablerepo=remi-modular-test update php\*
```
ℹ️ Notice:
- version 8.4.4RC2 is in Fedora rawhide for QA
- EL-10 packages are built using RHEL-10.0-beta and EPEL-10.0
- EL-9 packages are built using RHEL-9.5
- EL-8 packages are built using RHEL-8.10
- oci8 extension uses the RPM of the Oracle Instant Client version 23.7 on x86_64 or 19.25 on aarch64
- intl extension uses libicu 74.2
- RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
- versions 8.3.18 and 8.4.5 are planed for March 13th, in 2 weeks.
Software Collections (php83, php84)

Base packages (php)

February 27, 2025

Felipe Borges GNOME is participating in Google Summer of Code 2025!

The Google Summer of Code 2025 mentoring organizations have just been announced and we are happy that GNOME’s participation has been accepted!

If you are interested in having a internship with GNOME, check gsoc.gnome.org for our project ideas and getting started information.
Cockpit Project Cockpit 334
Cockpit is the modern Linux admin interface. We release regularly.

Here are the release notes from cockpit-files 17:

Files: Apple-compatible keyboard shortcuts

Cockpit Files now properly supports command-based keyboard shortcuts, also known by the âŒ˜ symbol, fitting in better with macOS and portable Apple devices using a paired keyboard.

Try it out

cockpit-files 17 is available now:

February 26, 2025

Swiss JuristGate Urban Angehrn (FINMA director) announced resignation at same moment Parreaux, Thiébaud & Partners decision published

FINMA closed the business of Parreaux, Thiébaud & Partners / Justicia SA in April 2023 but they did not publish their judgment at the same time.

6 September 2023 they announced the resigntion of Urban Angehrn, director of FINMA since 1 November 2021.

Challenges that were successfully overcome under his leadership include, in particular, [ ... snip ... ], the supervision of supplementary health insurance geared towards client protection and the conclusion of complex enforcement proceedings.

19 September 2023 FINMA published the judgment against Parreaux, Thiébaud & Partners / Justicia SA. They suppressed the names and dates in the document.

Mr Angehrn departed on 30 September.

They wrote that Mr Angehrn had closed the business of Parreaux, Thiébaud & Partners / Justicia SA "successfully". But the clients received nothing.

He had shut down just one single scam in almost two years as director of FINMA.

Thanks to the financial accounts for 2023, we found the director's salary CHF 602,000 and the termination payment CHF 581,000.

”Being able to contribute to the sustainable improvement of the quality of the Swiss financial centre as CEO of FINMA was a unique challenge for me, and one that I tackled with all my might. However, the high and permanent stress level had health consequences. I have considered my decision carefully and have now decided to step down,” says Urban Angehrn.

He resigned due to stress and he received CHF 581,000 as a leaving gift. The clients received nothing.

February 25, 2025

Guillaume Kulakowski Problème intermittent dans la résolution de mes DNS avec AdGuard Home (EAI_AGAIN)

Depuis quelque temps, je constatais des erreurs intermittentes lors de la récupération des flux RSS (je sais, j’utilise encore des flux RSS en 2025…) sur mon instance Miniflux, sans pouvoir en identifier la cause. Récemment, j’ai déployé une instance n8n (article en préparation) avec un gestionnaire d’erreurs qui me notifie via ntfy en cas de […]

Cet article Problème intermittent dans la résolution de mes DNS avec AdGuard Home (EAI_AGAIN) est apparu en premier sur Guillaume Kulakowski's blog.

February 24, 2025

Swiss JuristGate Credit Suisse collapse obfuscated Parreaux, Thiébaud & Partners scandal

15 March 2023, the value of shares in Credit Suisse plunged. Four days later UBS announced the purchase of their competitor Credit Suisse.

It was an enormous scandal for Switzerland.

The risk of a scandal had been known for some months. For a few weeks after 15 March 2023, the Swiss media published multiple reports about Credit Suisse each day.

Two weeks later, on 4 April 2023, the trade registry in Canton Geneva received the decision of FINMA for the immediate liquidation of Parreaux, Thièbaud & Partners / Justicia SA.

We looked at the web site of RTS (Swiss public broadcaster) using the Wayback Machine. Below, we publish some screen shots from the week from 3 to 7 April 2023. We didn't find any reports about the closure of Parreaux, Thièbaud & Partners.

20,000 clients had suddenly lost their Swiss legal services insurance. Some of the insured clients were in the middle of trials and other procedures funded by the insurance.

The Swiss media helped the jurists with free publicity in 2018.
But the media said nothing when the jurists were shut down.

According to the judgment of 4 April 2023, FINMA had knowledge of the situation at Parreaux, Thiébaud & Partners since 2021. For two years they looked for a solution. They didn't find a solution but they had the chance to do a cover-up when the Credit Suisse crisis arrived.

Monday, 3 April 2023
2023-04-03: 20min.ch Super CEO of UBS/CS
Tuesday, 4 April 2023
2023-04-04 23:17:28: RTS: CS bonuses to be limited or canceled

and FINMA's decision to liquidate arrived in the trade registry:

Wednesday, 5 April 2023
2023-04-05 09:52:57: Blick: 2.9% fall. Bank shares plunge ahead of Credit Suisse AGM
Fedora fans معرفی Apache NetBeans و نصب آن در فدورا لینوکس

Apache NetBeans یک محیط توسعه‌ی یکپارچه (IDE) متن‌باز است که برای توسعه‌ی برنامه‌های جاوا، PHP، JavaScript، HTML، CSS و بسیاری از زبان‌های دیگر استفاده می‌شود. این IDE امکاناتی مانند ویرایش کد پیشرفته، اشکال‌زدایی (Debugging)، مدیریت پروژه‌ها، و قابلیت‌های توسعه‌ی تحت وب و موبایل را فراهم می‌کند. ویژگی‌های Apache NetBeans پشتیبانی از زبان‌های مختلف: جاوا، […]
The post معرفی Apache NetBeans و نصب آن در فدورا لینوکس first appeared on طرفداران فدورا.
Peter Hutterer libinput and 3-finger dragging

Ready in time for libinput 1.28 [1] and after a number of attempts over the years we now finally have 3-finger dragging in libinput. This is a long-requested feature that allows users to drag by using a 3-finger swipe on the touchpad. Instead of the normal swipe gesture you simply get a button down, pointer motion, button up sequence. Without having to tap or physically click and hold a button, so you might be able to see the appeal right there.

Now, as with any interaction that relies on the mere handful of fingers that are on our average user's hand, we are starting to have usage overlaps. Since the only difference between a swipe gesture and a 3-finger drag is in the intention of the user (and we can't detect that yet, stay tuned), 3-finger swipes are disabled when 3-finger dragging is enabled. Otherwise it does fit in quite nicely with the rest of the features we have though.

There really isn't much more to say about the new feature except: It's configurable to work on 4-finger drag too so if you mentally substitute all the threes with fours in this article before re-reading it that would save me having to write another blog post. Thanks.

[1] "soonish" at the time of writing
Peter Hutterer GNOME 48 and a changed tap-and-drag drag lock behaviour
This is a heads up as mutter PR!4292 got merged in time for GNOME 48. It (subtly) changes the behaviour of drag lock on touchpads, but (IMO) very much so for the better. Note that this feature is currently not exposed in GNOME Settings so users will have to set it via e.g. the gsettings commandline tool. I don't expect this change to affect many users.

This is a feature of a feature of a feature, so let's start at the top.

"Tapping" on touchpads refers to the ability to emulate button presses via short touches ("taps") on the touchpad. When enabled, a single-finger tap corresponds emulates a left mouse button click, a two-finger tap a right button click, etc. Taps are short interactions and to be recognised the finger must be set down and released again within a certain time and not move more than a certain distance. Clicking is useful but it's not everything we do with touchpads.

"Tap-and-drag" refers to the ability to keep the pointer down so it's possible to drag something while the mouse button is logically down. The sequence required to do this is a tap immediately followed by the finger down (and held down). This will press the left mouse button so that any finger movement results in a drag. Releasing the finger releases the button. This is convenient but especially on large monitors or for users with different-than-whatever-we-guessed-is-average dexterity this can make it hard to drag something to it's final position - a user may run out of touchpad space before the pointer reaches the destination. For those, the tap-and-drag "drag lock" is useful.

"Drag lock" refers to the ability of keeping the mouse button pressed until "unlocked", even if the finger moves off the touchpads. It's the same sequence as before: tap followed by the finger down and held down. But releasing the finger will not release the mouse button, instead another tap is required to unlock and release the mouse button. The whole sequence thus becomes tap, down, move.... tap with any number of finger releases in between. Sounds (and is) complicated to explain, is quite easy to try and once you're used to it it will feel quite natural.

The above behaviour is the new behaviour which non-coincidentally also matches the macOS behaviour (if you can find the toggle in the settings, good practice for easter eggs!). The previous behaviour used a timeout instead so the mouse button was released automatically if the finger was up after a certain timeout. This was less predictable and caused issues with users who weren't fast enough. The new "sticky" behaviour resolves this issue and is (alanis morissette-stylue ironically) faster to release (a tap can be performed before the previous timeout would've expired).

Anyway, TLDR, a feature that very few people use has changed defaults subtly. Bring out the pitchforks!

As said above, this is currently only accessible via gsettings and the drag-lock behaviour change only takes effect if tapping, tap-and-drag and drag lock are enabled:
```
  $ gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true
  $ gsettings set org.gnome.desktop.peripherals.touchpad tap-and-drag true
  $ gsettings set org.gnome.desktop.peripherals.touchpad tap-and-drag-lock true
  
```
All features above are actually handled by libinput, this is just about a default change in GNOME.

February 23, 2025

Jon Chiappetta Getting Back Into Elliptic Curve Basics with C and OpenSSL
With this network-wide layer-4 forward-proxy service running a bit better now, I had originally implemented a highly-modified version of the ARC4 symmetric stream cipher with a keyed checksum hashing method to work together. The one part I was missing was an EC asymmetric cipher to help protect a Diffieâ€“Hellman based ephemeral key exchange. It’s been a number of years since I’ve experimented with this but I started an implementation using the C OpenSSL library to use a pre-generated EC key pair to protect a DH key exchange which can be used at the start of the proxy tunnel connection. You can use the openssl command to generate the EC key pair and then use this framework to load them in and perform an encrypted ECDH key exchange. As you can see below, there are a few steps needed to complete this transaction:
- The client generates an ephemeral EC key pair and encrypts the ephemeral public key with the generated public key and sends this to the server
  - The server decrypts the ephemeral public key with the generated private key
- The client creates a secret number to multiply with a generated curve point and encrypts this with the generated public key and sends this to the server
  - The server decrypts the clients key exchange with the generated private key and multiplies it with the server secret number to get a shared secret
- The server creates a secret number to multiply with a generated curve point and encrypts this with the ephemeral public key and sends this to the client
  - The client decrypts the servers key exchange with the ephemeral private key and multiplies it with the client secret number to get a shared secret
- You can see near the end there are two lines labelled “rx …. dhkx:” which contain the same shared X & Y points on the EC curve which were encrypted using the basic scheme above!
Source Code: https://github.com/stoops/eckx/tree/main

~

This is an independent, censorship-resistant site run by volunteers. This site and the blogs of individual volunteers are not officially affiliated with or endorsed by the Fedora Project.

We Make Fedora

March 29, 2025

Mass updates/reboots

The Fedora 40 GA compose breakage

New pagure.io DDoS

Final freeze coming up

comments? additions? reactions?

March 28, 2025

Signed?

Robosignatory

Sigul

The Server

The Bridge

The Client

Conclusion

Infrastructure & Release Engineering

Fedora Infra

CentOS Infra including CentOS CI

Release Engineering

March 26, 2025

March 25, 2025

Before you begin

Running syslog-ng nightly in a container

What is next?

March 24, 2025

Why we need this

The Hotwire way

When Stimulus is not an option

March 22, 2025

Fedora 42 Beta released

Ansible galaxy / collections fun

More A.I. Scrapers

comments? additions? reactions?

March 21, 2025

Infrastructure & Release Engineering

Fedora Infra

CentOS Infra including CentOS CI

Release Engineering

Interactive server actions

Example

March 20, 2025

Why the change?

What will change for you?

What will happen now?

March 19, 2025

Privacy & Debian hyprocrisy

Resignations followed

Does Debian vendetta culture impact other families?

How do you recognize a cult?

Lynching on the day you give birth

They remembered how it was done for Frans Pop (Debian Day suicide)

Not only women get baby brain

Debian Account Manager bootstrapped the pregnancy cluster

Will little Ganneff become a Debian Developer?

March 18, 2025

Expérience utilisateur

Gestion du matériel

Internationalisation

Administration système

Développement

Projet Fedora

Tester

March 17, 2025

March 16, 2025

March 15, 2025

AI Scraper scourge

F42 Beta on the way

Datacenter Move

comments? additions? reactions?

March 14, 2025

Infrastructure & Release Engineering

Fedora Infra

CentOS Infra including CentOS CI

Release Engineering

List of new releases of apps maintained by I&R Team

March 13, 2025

Before you begin

Operating systems

Fresh install instead of upgrading

What is next?