Fedora is a Trademark of Red Hat, Inc, an operating system built by volunteers around the world. This page is provided so that independent volunteers can showcase our contributions to Fedora and Free Software in general. Official Fedora Download page.

RSS Atom

We Make Fedora

April 01, 2025

• Peter Czanik Installing nightly syslog-ng arm64 packages on a Raspberry Pi

  Last week, I posted about running nightly syslog-ng container images on arm64. However, you can also install syslog-ng directly on the host (in my case, a Raspberry Pi 3), running the latest Raspberry OS.

  Before you begin

  Right now, syslog-ng nightly arm64 packages are only available for Debian Bookworm. A 64-bit Raspberry Pi board with the latest Raspberry OS installed is probably the easiest way to test these packages. However, any arm64 machine running Debian Bookworm should do the job.

  Installing syslog-ng

  Before installing syslog-ng, you should add the GPG key:

  wget -qO - https://ose-repo.syslog-ng.com/apt/syslog-ng-ose-pub.asc | sudo apt-key add -

  After that, you can add the repository:

  echo "deb [arch=arm64] https://ose-repo.syslog-ng.com/apt/ nightly debian-bookworm-arm64" | sudo tee -a /etc/apt/sources.list.d/syslog-ng-ose.list

  The syslog-ng package is modular. The core syslog-ng package has minimal dependencies and is called syslog-ng-core. The syslog-ng package itself is an umbrella package installing all syslog-ng modules together with their dependencies. Depending on what you have already installed, it can be a huge download. You can list syslog-ng modules using the “apt-cache search syslog-ng” command. I tend to install the syslog-ng-mod-http package, as it pulls in the core package and dependencies, provides support for Elasticsearch and compatible services, and for many cloud-based destinations as well, like Slack. The following command installs syslog-ng with http destination support:

  apt-get install syslog-ng-mod-http

  Testing

  The default configuration stores most log messages to /var/log/messages. You can test it using the logger command and if you are fast enough, this message should be the last one in the file:

  logger bla
  tail -1 /var/log/messages
  Mar 18 08:24:18 raspberrypi root[12504]: bla

  What is next?

  In this blog, we used the default syslog-ng configuration for log collection. However, the possibilities are endless. In some of my previous blogs, I have already shown how to use syslog-ng for collecting temperature and humidity data, or how to collect log messages centrally on a Raspberry Pi. While syslog-ng is best known for its extreme performance, most syslog-ng users collect less than a hundred messages a second. Depending on the hardware and software configurations, syslog-ng can collect over 60,000 messages a second on a Raspberry Pi… :-)

  -

  If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

March 30, 2025

• Swiss JuristGate Link between institutional abuse, Swiss jurists, Debianism and FSFE

  Friday, an expert in the subject of persecution asked me a question: is there a link between the paedophiles and the Swiss jurists?

  I reflected on the subject and I found several links between the cultural problems.

  At the same time, the BBC published a report on Justin Welby, former head of the Anglican church. He resigned because of the John Smyth QC scandal. John Smyth was a powerful lawyer who had also been a judge for six years. Smyth simultaneously had the role of Reader in the church.

  I wrote several blogs about the links between the Code of Conduct gaslighting and the document Crimen Sollicitationis.

  The pope sent the Crimen Sollicitationis to each diocese in 1962. It was a secret document. Article 70 insists on total secrecy about abuse:

  70. All these official communications shall always be made under the secret of the Holy Office; and, since they are of the utmost importance for the common good of the Church, the precept to make them is binding under pain of grave [sin].

  Moreover, we are not even supposed to discuss the existance of the document:

  TO BE KEPT CAREFULLY IN THE SECRET ARCHIVE OF THE CURIA FOR INTERNAL USE.

  Gerhard Ulrich was a human rights activist. He published a list of judges, their mistakes and their conflicts of interest. In Switzerland, the conflicts of interest are a private subject under article 173(3) of the Swiss criminal code:

  The accused is not permitted to lead evidence in support of and is criminally liable for statements that are made or disseminated with the primary intention of accusing someone of disreputable conduct without there being any public interest or any other justified cause, and particularly where such statements refer to a person’s private or family life.

  In 2001, the secret document became widely known.

  When FINMA published a jugement against the Swiss jurists in 2023, they redacted the names, they redacted the dates and even worse, they redacted most of the paragraphs.

  

   

  A little bit like Crimen Sollicitationis, certainly.

  We find the same problems in the case of John Smyth, Anglican church and Justin Welby:

  From 2013, the Church of England knew “at the highest level” about the abuse, the report says, but failed to refer it either to the police or to the relevant authorities in South Africa, where Smyth died while under investigation by the police.

  The Swiss authorities, the bar association of Geneva and FINMA had knowledge of Parreaux, Thiébaud & Partners since 2021 or earlier. Why did they redact the majority of paragraphs from the judgment? They wanted to hide their pre-existing knowledge of the scandal.

  Why did the church authorities or Swiss authorities protect people like John Smyth and Mathieu Parreaux? Men like that have knowledge of all the scandals and institutional failings throughout their career. We discussed the same question in the (leaked) debian-private mailing list. Each time somebody is bullied and punished by the overlords, there is a risk that they will publish a full copy of debian-private.

  We have filled in the secrets in the JuristGate web site.

  When I acquired Swiss citizenship, I had to take an oath. ( la promesse solennelle vaudois, Loi sur le droit de cité vaudois 2018).

  You promise to be true to the federal constitution and the constitution of the Canton of Vaud. You promise to maintain and defend on every occasion and with all your powers the rights, freedoms and independence of your new country, to develop and advance her reputation and wealth and equally to avoid all that could cause her loss or damage.

  There is a problem: after the death of my father, racist Swiss women started writing gossip. The rudeness of selfish and arrogant people who impose upon my family at a time of grief outweighs the seriousness of the oath.

  Swiss authorities closed the legal protection insurance. The director of FINMA resigned with a payout of 581,000 Swiss francs, but he did not provide replacement lawyers for the clients.

  At the same time, the racist Swiss women demanded a publication.

  FSFE uses the trademark of the FSF without authorisation. They received a bequest of EUR 150,000. They declared the bequest a secret subject.

  The Swiss citizenship oath implies that we have to find a private solution to the Debian crisis, but the racist Swiss women wanted a publication of lies after the death of my father.

  

   

  The truth is clear, my father died.

  In 2018, the intern Renata D'Avila published a blog about the risks of location tracking services. She chose a quote from the French philosopher Pierre-Joseph Proudhon:

  To be GOVERNED is to be watched, inspected, spied upon, directed, ... then, at the slightest resistance, the first word of complaint, to be repressed, fined, vilified, harassed, hunted down, abused, clubbed, disarmed, bound, choked, imprisoned, judged, condemned, shot, deported, sacrificed, sold, betrayed; and to crown all, mocked, ridiculed, derided, outraged, dishonored.

  In Australia, Lilie James rejected her boyfriend's demand for location services on her phone and she was clubbed to death. My intern had predicted the crime with her use of the quote alongside her description of problems with Google.

  According to the Debian Social Contract, point 3:

  We won't hide problems.

  but the Debianists threatened my intern by sending her secret emails:

  Debian "Community Team" (political police) to Renata, private email of 13 June 2018: Reinforcing positive attitudes and steps that you see in Debian towards women inclusion can also motivate yourself, the other Debian contributors, and possible newcomers, to go on working in that strategy and foster diversity in Debian. This does not mean to avoid criticism or hiding problems, but providing a more accurate vision of how the Brazilian Debian community works towards our common goals.

  The threat:

  Finally, we would like to say a word about the participation in Debian events that is financed (at least in part) by Debian. We believe that a matching fund, (Mini)DebConf bursary or any other financial help to attend a Debian event is a big endorsement from Debian to the person who receives it, and we believe that your behaviour in MiniDebConf Curitiba 2018 did not match the excellence that we expect for a bursary applicant. Thus, we are considering requesting a rejection of your application to the bursaries team.

  Renata did not come back to any Debian events.

  In Australia's Royal Commission into Institutional Abuse, we find the same thing:

  Culture of secrecy

  We are satisfied that there was a prevailing culture within the Archdiocese, led by Archbishop Little, of dealing with complaints internally and confidentially to avoid scandal to the Church.

  and again between the priests and their victims:

  He said that, on both occasions, Father Daniel encouraged BTH to remain silent by reference to the seal of confession.

  The seal of confession is like the Code of Conduct gaslighting in the free software projects. If the victim doesn't maintain the silence, they will be blocked from becoming a priest or a developer.

  Frans Pop published his suicide note the night before the Debian Day anniversary. When colleagues discussed his death outside the secret debian-private mailing list, they suffered immediate reprisals.

  Unfortunately we also had the misfortune to read information on twitter that, to our current knowledge, must have been gathered from this -private list. We think this a very unfortunate event that is missing every kind of common sense and decency, and therefore saw forced to suspend the accounts of the people leaked from membership on this list.

  Pascal/Lia Daobing: You both are no longer subscribed to debian-private, for the next 4 weeks. The one and only reason this list exists is to have a place where we can share information that is not immediately leaked into the public. Twitter is not -private. Please, in the future, respect the rules of the environment you are in, especially in such a special case like this.

  The next death was Adrian von Bidder. It was Palm Sunday, the same day as the marriage between Carla and I. Adrian von Bidder died in Switzerland the official report has not been published. Yet.

  Switzerland and the Catholic Church both openly promote their culture of secrecy. Debianists have claimed to be committed to transparency so the imposition of secrecy in Debian demonstrates an even greater lack of integrity.

  Joerg Jaspert wrote about Frans Pop:

  He has done a lot of work for the project, invested a lot of his time and appearently (read the statement of his parents) the Debian project was a very important part of his life.

  The last words in the last email of Frans Pop, sent the night before Debian Day:

  All mails I ever sent to d-private (and mails quoting them) shall remain private.

  

March 29, 2025

• Kevin Fenzi Late March infra bits 2025

  

  Another week, another saturday blog post.

  Mass updates/reboots

  We did another mass update/reboot cycle. We try and do these every so often, as the fedora release schedule permits. We usually do all our staging hosts on a monday, on tuesday a bunch of hosts that we can reboot without anyone really noticing (ie, we have HA/failover/other paths or the service is just something that we consume, like backups), and finally on wednsday we do everything else (hosts that do cause outages).

  Things went pretty smoothly this time, I had several folks helping out this time and thats really nice. I have done them all by myself, but it takes a while. We also fixed a number of minor issues with hosts: serial consoles not working right and nbde not running correctly and also zabbix users being setup correctly locally. There was also a hosted server where reverse dns was wrong, causing ansible to have the wrong fqdn and messing up our update/reboot playbook. Thanks James, Greg and Pedro!

  I also used this outage to upgrade our proxies from Fedora 40 to Fedora 41.

  After that our distribution of instances is:

  number / ansible_distribution_version

  252 41

  105 9.5

  21 8.10

  8 40

  2 9

  1 43

  It's interesting that we now have 2.5x as many Fedora instances as RHEL. Although thats mostly the case due to all the builders being Fedora.

  The Fedora 40 GA compose breakage

  Last week we got very low on space on our main fedora_koji volume. This was mostly caused by the storage folks syncing all the content to the new datacenter, which meant that it kept snapshots as it was syncing.

  In an effort to free space (before I found out there was nothing we could do but wait) I removed an old composes/40/ compose. This was the final compose for Fedora 40 before it was released and the reason in the past that we kept it was to allow us to make delta rpms more easily. It's the same content as the base GA stuff, but it's in one place instead of split between fedora and fedora-secondary trees. Unfortunately, there were some other folks using this. Internally they were using it for some things and iot also was using it to make their daily image updates.

  Fortunately, I didn't actually fully delete it, I just copied it to an archive volume, so I was able to just point the old location to the archive and everyone should be happy now.

  Just goes to show you if you setup something for yourself, often unknown to you others find it helpfull as well, so retiring things is hard. :(

  New pagure.io DDoS

  For the most part we are handling load ok now on pagure.io. I think this is mostly due to us adding a bunch of resources, tuning things to handle higher load and blocking some larger abusers.

  However, on friday we got a new fun one: A number of ip's were crawling an old (large) git repo grabbing git blame on ever rev of every file. This wasn't causing a problem on the webserver or bandwith side, but instead causing problems for the database/git workers. Since they had to query the db on every one of those and get a bunch of old historical data, it saturated the cpus pretty handily. I blocked access to that old repo (thats not even used anymore) and that seemed to be that, but they may come back again doing the same thing. :(

  We do have a investigation open for what we want to do long term. We are looking at anubis, rate limiting, mod_qos and other options.

  I really suspect these folks are just gathering content which they plan to resell to AI companies for training. Then the AI company can just say they bought it from bobs scraping service and 'openwash' the issues. No proof of course, but just a suspicion.

  Final freeze coming up

  Finally the final freeze for Fedora 42 starts next tuesday, so we have been trying to land anything last minute. If you're a maintainer or contributor working on Fedora 42, do make sure you get everthing lined up before the freeze!

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114247602988630824

March 28, 2025

• Jeremy Cline How artifacts are signed in Fedora

  For the last few months, one of the things I’ve been working on in Fedora is adding support for SecureBoot on Arm64. The details of that work will be the subject of a later post, but as part of this work I’ve become somewhat familiar with the signing infrastructure in Fedora and how it works. This post introduces the various pieces of the current infrastructure, and how they fit together.

  Signed?

  Pretty much anything Fedora produces and distributes is digitally signed so users can verify it did, in fact, come from the Fedora project. Perhaps the most obvious example of this is the RPM packages Fedora produces. However, plenty of other artifacts are also signed, like OSTree commits.

  Signing works using public-key cryptography. We have the private key that we need to keep secret, and we distribute the public keys to users so they can verify the artifact.

  Robosignatory

  Signing is (mostly) an automated process. A service, called robosignatory, connects to an AMQP message broker and subscribes to several message topics. When an artifact is created that needs signing, the creator of the artifact sends a message to the AMQP broker using one of these topics.

  Robosignatory does not sign artifacts itself. It collects requests from various other services and submits them to the signing server on behalf of those systems. The signing server is the system that contains and protects the private keys.

  Sigul

  Sigul is the signing server that holds the private keys and performs signing operations. It is composed of three parts: the client, the bridge, and the server.

  The Server

  The Sigul server is designed to control access to signing keys and to provide a minimal attack surface. It does not behave like a traditional server in that it does not accept incoming network connections. Instead, it connects to the Sigul bridge, and the bridge forwards requests to it via that connection.

  This allows the firewall to be configured to allow outgoing traffic to a single host, and to block all incoming connections. This does mean that the host cannot be managed via normal SSH operations. Instead this is done in Fedora via the host’s out-of-band management console.

  Private keys are encrypted on disk. When users are granted access to keys, the key is encrypted for that particular user.

  The Bridge

  The Sigul bridge acts as a specialized proxy. Both the client and server connect to the bridge, and it forwards requests and responses between them.

  Unlike the typical proxy, the Sigul bridge does a few interesting things. Firstly, it requires the client to authenticate via TLS certificates. The client then sends the bridge the request it wishes to make. The bridge forwards that request to the server. The bridge then expects the client and server to send an arbitrary amount of data to each other. This arbitrary data is framed as chunks and it forwards that data back and forth until an end of stream signal is sent by the server and client.

  Finally, it forwards the server’s response to the client.

  The Client

  The client is a command-line interface that sends requests to the server via the bridge. This client can be used to create users and keys, grant and revoke access to keys, and request signatures in various formats. Robosignatory invokes the CLI to sign artifacts.

  The client connects to the bridge as described above. After authenticating with the bridge and sending the request, it begins a second TLS connection configured with the Sigul server’s hostname, and sends and receives data on this connection over the TLS connection it has with the Sigul bridge. It relies on this inner TLS connection to send a set of session keys to the server without the bridge being able to intercept them. These session keys are used to sign the Sigul server’s responses so the client can be sure the bridge did not tamper with them.

  After it has established a set of secrets with the server, the remainder of the interaction occurs over the TLS connection with the bridge, but since the responses are signed both the client and server can be confident the bridge has not tampered with the conversation.

  Conclusion

  It’s an interesting setup, and has served Fedora for many years. There is plenty of code in Sigul which dates back to 2009, not long after Python 2.6 was released with exciting new features like the standard library json module. It was likely developed for RHEL 5 which means Python 2.4.

  Unfortunately, at least one of the libraries (python-nss) it depends on to work are not maintained and not in Fedora 42, so something will have to be done in the near future. Still, it’s not ready to sign off just yet.

• ! Avi Alkalay ¡ Modern Minimum Laptop

  Now that people have a more independent and cloud-based set of work tools, they can finally consider leaving Windows behind and getting a better and cheaper laptop, like a MacBook Air.

  “What? A MacBook Air cheaper than a Windows laptop? Impossible!”

  Well, if you look in the Wintel (Windows + Intel) universe for a laptop with the same features as Apple’s entry-level laptop — the MacBook Air — the Wintel version will be more expensive.

  A basic laptop today should have a 3K or 4K display (Full HD is already obsolete), solid-state storage, high-quality camera, microphone, and audio, and be thin, lightweight, and stylish. Most importantly, the battery should last all day. This last feature is not possible in Intel-based laptops, where, in practice, the battery lasts no more than 90 minutes. A modern laptop is used like a smartphone: unplugged from the outlet, carried around all day, and recharged while you have lunch or sleep.

  So yes, you can find cheaper laptops, but they will have worse features than the minimum standard. They also use lower-quality components (camera, microphone, display) and outdated technology (storage, CPU).

  Also on LinkedIn and Facebook.

• Fedora Community Blog Infra and RelEng Update – Week 13 2025

  This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

  Week: 24 Mar – 28 Mar 2025

  

  Infrastructure & Release Engineering

  The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
  It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
  List of planned/in-progress issues

  Fedora Infra

  • In progress:
    • Planned Outage – update/reboots – 2025-03-26 21:00 UTC
    • Disable self-serve project creation on pagure.io
    • OTP locked me out of my account
    • Link in staging distgit instance leads to prod auth
    • re-add datagrepper nagios checks (and add to zabbix?)
    • Fix logrotate on kojipkgs01/02
    • 2025 datacenter move (IAD2->RDU3)
    • Broken link for STG IPA CA certificate, needed for staging CentOS Koji cert
    • [CommOps] Open Data Hub on Communishift
    • retire easyfix
    • Add StartInstanceRefresh permission for fedora-ci-testing-farm user in AWS
    • Deploy Element Server Suite operator in staging
    • Pagure returns error 500 trying to open a PR on https://src.fedoraproject.org/rpms/python-setuptools-gettext
    • Create a POC integration in Konflux for fedora-infra/webhook-to-fedora-messaging
    • maubot-meetings bot multi line paste is cut
    • setup ipa02.stg and ipa03.stg again as replicas
    • Manage our new testing.farm domain via AWS Route53
    • Add support for creating RDS instances under testing-farm- prefix
    • Move OpenShift apps from deploymentconfig to deployment
    • The process to update the OpenH264 repos is broken
    • httpd 2.4.61 causing issue in fedora infrastructure
    • Support allocation dedicated hosts for Testing Farm
    • EPEL minor version archive repos in MirrorManager
    • vmhost-x86-copr01.rdu-cc.fedoraproject.org DOWN
    • Add yselkowitz to list to notify when ELN builds fail
    • Cleaning script for communishift
    • move resultsdb-ci-listener deployment pipeline
    • Setup RISC-V builder(s) VM in Fedora Infrastructure
    • Move from iptables to firewalld
    • Help me move my discourse bots to production?
    • rhel9 adoption
    • Replace Nagios with Zabbix in Fedora Infrastructure
    • Migration of registry.fedoraproject.org to quay.io
  • Done:
    • I try to run the Fedora Wiki localy with vagrant
    • Please add sponsors to the @vespa project.
    • Spam comment from new user account
    • Change kde.fedoraproject.org to point to fedoraproject.org/kde/
    • join.fp.o is a broken redirect
    • Blocked access to Fedora repositories
    • Network connectivity issues on koji builders (partial downloads, etc.)
    • Google Cloud Engine credentials for fedora-image-uploader

  CentOS Infra including CentOS CI

  • In progress:
    • Add kiwi to CentOS Stream Koji
    • Replace some Infrastructure servers (out of warranty)
    • Increase Storage capacity for koji built artifacts
    • Testing Jenkins – c10s x86_64 metal doesn’t provision
    • Release Improvements
    • hardware raid controller issue on sponsored node
    • Ensuring ansible automation in place can manage/control el10 nodes
    • Retire Public CI SIG
    • [spike] : investigating ppc64le kvm host option with el9/el10 (for Power10)
    • [spike] : investigating needed deps (poetry) for duffy on el9
    • Onboarding new infra SIG member
    • Migrate main backup storage pool to different hardware
    • [spike] : investigating options/alternatives for the upcoming DC move
  • Done:
    • New tags needed for Sama v4.22 in Storage SIG for CentOS Stream 9
    • Drop options from virt9s-ovirt-45-el9s-build
    • Please update rpm-specs-latest.tar.xz
    • New Mirror
    • Creating a prometheus resource in cloud-softwarefactory namespace hangs
    • Setup for the new Proposed Updates SIG
    • Making CentOS Stream CoreOS available

  Release Engineering

  • In progress:
    • Accidentally created a branch in rust-tonic-types
    • Mass retirement of packages with uninitialized rawhide branch
    • Please send openh264-2.6.0 to Cisco
    • 300+ F42FTBFS bugzillas block the F41FTBFS tracker
    • Packages that have not been rebuilt in a while or ever
    • Send compose reports to a to-be-created separate ML
    • .sqlite metadata missing in f41-updates and f41-updates-testing repositories
    • Could we have fedoraproject-updates-archive.fedoraproject.org for Rawhide?
    • Investigate and untag packages that failed gating but were merged in via mass rebuild
    • a few mass rebuild bumps failed to git push – script should retry or error
    • Package retirements are broken in rawhide
    • Implement checks on package retirements
    • Untag containers-common-0.57.1-6.fc40
    • Provide stable names for images
    • Packages that fail to build SRPM are not reported during the mass rebuild bugzillas
    • When orphaning packages, keep the original owner as co-maintainer
    • Create an ansible playbook to do the mass-branching
    • RFE: Integration of Anitya to Packager Workflow
    • Fix tokens for ftbfs_weekly_reminder. script
    • Update bootloader components assignee to “Bootloader Engineering Team”for Improved collaboration
  • Done:
    • Stalled EPEL package: python-slugify
    • Stalled EPEL package request: python-rfc3986-validator
    • Stalled EPEL package request: python-w3lib
    • Stalled EPEL package request: python-uvloop & python-fqdn
    • Stalled EPEL package request: python-json-logger
    • Stalled EPEL package request: python-strict-rfc3339
    • stalled EPEL request: python-aiounittest
    • Unretire python-eventlet
    • Stalled EPEL package: python-numcodecs
    • Unretire screengrab
    • Stalled EPEL package: python-httptools
    • Unretirement request: mactel-boot
    • Unable to create update from side tag
    • Create detached signatures for the ignition 2.21.0 release
    • untag cmake-4.x.x builds from f43/rawhide
    • Unretirement request: rust-elasticlunr-rs
    • Unorphan workrave
    • Please install isomd5sum package on secondary01.fedoraproject.org
    • Unretire datanommer-commands and python-datanommer-models packages
    • Create image-builder-build koji build group

  If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

  The post Infra and RelEng Update – Week 13 2025 appeared first on Fedora Community Blog.

• Remi Collet 🎲 PHP version 8.3.20RC1 and 8.4.6RC1

  Release Candidate versions are available in the testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for parallel installation, the perfect solution for such tests, and as base packages.

  RPMs of PHP version 8.4.6RC1 are available

  • as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  RPMs of PHP version 8.3.20RC1 are available

  • as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  ℹ️ The packages are available for x86_64 and aarch64.

  ℹ️ PHP version 8.2 is now in security mode only, so no more RC will be released.

  ℹ️ Installation: follow the wizard instructions.

  ℹ️ Announcements:

  • PHP 8.4.6RC1 available for testing
  • PHP 8.3.20RC1 available for testing

  Parallel installation of version 8.4 as Software Collection:

  yum --enablerepo=remi-test install php84

  Parallel installation of version 8.3 as Software Collection:

  yum --enablerepo=remi-test install php83

  Update of system version 8.4:

  dnf module switch-to php:remi-8.4
  dnf --enablerepo=remi-modular-test update php\*

  Update of system version 8.3:

  dnf module switch-to php:remi-8.3
  dnf --enablerepo=remi-modular-test update php\*

  ℹ️ Notice:

  • version 8.4.4RC2 is in Fedora rawhide for QA
  • EL-10 packages are built using RHEL-10.0-beta and EPEL-10.0
  • EL-9 packages are built using RHEL-9.5
  • EL-8 packages are built using RHEL-8.10
  • oci8 extension uses the RPM of the Oracle Instant Client version 23.7 on x86_64 and aarch64
  • intl extension uses libicu 74.2
  • RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
  • versions 8.3.18 and 8.4.5 are planed for March 13th, in 2 weeks.

  Software Collections (php83, php84)

  

  

  Base packages (php)

  

  

March 26, 2025

• Richard W.M. Jones Graphical differences between two disk images

  I was investigating possible disk corruption when copying a disk image between servers, but needed a way to visualise what might be happening. The disk image is tens of gigabytes, so looking at it in hexdump wasn’t a lot of fun. A little Python to the rescue instead:

  #!/usr/bin/python3
  
  from PIL import Image, ImageColor
  
  import nbd
  h1 = nbd.NBD()
  h2 = nbd.NBD()
  
  original = "original.qcow2";
  copied = "copied.qcow2";
  
  blksize = 4096
  zero_block = bytearray(blksize)
  
  width = 4096
  output = "output.png"
  red = ImageColor.getrgb("red")
  green = ImageColor.getrgb("green")
  blue = ImageColor.getrgb("blue")
  white = ImageColor.getrgb("white")
  black = ImageColor.getrgb("black")
  
  # Open original disk image.
  h1.connect_systemd_socket_activation(["qemu-nbd", "-f", "qcow2", original])
  
  # Open copied disk image.
  h2.connect_systemd_socket_activation(["qemu-nbd", "-f", "qcow2", copied])
  
  assert(h1.get_size() <= h2.get_size())
  
  # Open the output visualisation.
  height = int(h1.get_size() / blksize / width) + 1
  image = Image.new("RGB", (width, height), white)
  
  # Iterate over the blocks of each.
  x = 0
  y = 0
  for i in range(0, h1.get_size(), blksize):
      b1 = h1.pread(blksize, i)
      b2 = h2.pread(blksize, i)
      if b1 == b2:
          # Same
          image.putpixel((x, y), green)
      elif b1 != zero_block and b2 == zero_block:
          # Zeroed
          image.putpixel((x, y), black)
      else:
          # Different but not zeroed
          image.putpixel((x, y), red)
      x = x+1
      if x == width:
          x = 0
          y = y+1
          print("%d/%d\r" % (y, height), end='')
  
  print()
  image.save(output)
  print("Saved to %s" % output)
  
  h1.close()
  h2.close()
  

  The resulting image showed that stretches of the disk were getting zeroed out during the copy (which was definitely not supposed to happen).

  

March 25, 2025

• Peter Czanik Nightly arm64 syslog-ng container builds are now available

  Recently we enabled nightly syslog-ng builds and container builds for arm64. It means that from now on, you can run the latest syslog-ng on 64bit ARM platforms.

  Before you begin

  For this test, I used a Raspberry Pi 3 running the latest Raspberry Pi OS. As I use Podman everywhere else (I am an openSUSE / Fedora guy), I also installed it here for container management.

  Running syslog-ng nightly in a container

  Support for arm64 was added after the last syslog-ng release, which means that by the time of writing this blog, there is no arm64 syslog-ng package available for the latest release, only for the nightly builds. Make sure that you use the “nightly” tag, otherwise Podman will download an x86 image (well, at least until the next release), and complain about wrong architecture only at the end.

  This first command will download the container image from the Docker hub and print some syslog-ng version information. Note that the registry host name is also included, as the Podman package does not come with a pre-configured registry.

  root@raspberrypi:~# podman run -ti docker.io/balabit/syslog-ng:nightly -V
  Trying to pull docker.io/balabit/syslog-ng:nightly...
  Getting image source signatures
  Copying blob 52daf8b0f06f done  
  [...]
  Starting syslog-ng with params: -V
  syslog-ng 4 (4.8.1.224.g600b1e8)
  Config version: 4.2
  Installer-Version: 4.8.1.224.g600b1e8
  Revision: 4.8.1.224.g600b1e8-snapshot+20250313T232005
  Compile-Date: Mar 13 2025 23:20:05
  Module-Directory: /usr/lib/syslog-ng/4.8
  Module-Path: /usr/lib/syslog-ng/4.8
  Include-Path: /usr/share/syslog-ng/include
  Available-Modules: otel,map-value-pairs,afamqp,bigquery,tags-parser,kafka,rate-limit-filter,loki,afsmtp,json-plugin,affile,redis,sdjournal,clickhouse,afsnmp,secure-logging,afstomp,afmongodb,afsocket,mqtt,disk-buffer,mod-python,graphite,kvformat,afsql,timestamp,examples,metrics-probe,geoip2-plugin,linux-kmsg-format,riemann,cryptofuncs,http,cloud_auth,correlation,pacctformat,pseudofile,afuser,tfgetent,confgen,hook-commands,add-contextual-data,basicfuncs,regexp-parser,afprog,stardate,csvparser,azure-auth-header,syslogformat,appmodel,system-source,cef,xml
  Enable-Debug: off
  Enable-GProf: off
  Enable-Memtrace: off
  Enable-Stackdump: off
  Enable-IPv6: on
  Enable-Spoof-Source: on
  Enable-TCP-Wrapper: on
  Enable-Linux-Caps: on
  Enable-Systemd: on

  The following command starts syslog-ng with the default configuration running in the foreground and printing debug messages on the terminal. Creating a proper syslog-ng configuration and setting up storage is not in the scope of this blog, but using this setup you can still verify that syslog-ng works as expected:

  root@raspberrypi:~# podman run -it -p 514:514/udp -p 601:601 --name syslog-ng docker.io/balabit/syslog-ng:nightly -edv

  At the end of many lines of debug messages you should see sever lines indicating that syslog-ng is ready to receive network connections. For example:

  [2025-03-14T12:33:15.414977] Accepting connections; addr='AF_INET(0.0.0.0:601)'

  Port 601 is expecting RFC5424 formatted log messages with octet counting over a TCP connection. You can send a test message using this command from another terminal:

  logger -n 127.0.0.1 -P 601 -T --octet-count this is a test

  On the terminal, where you run syslog-ng, you should see something similar in the debug logs:

  [2025-03-14T12:38:08.805320] Syslog connection accepted; fd='19', client='AF_INET(10.88.0.1:59612)', local='AF_INET(0.0.0.0:601)'
  [2025-03-14T12:38:08.806800] Incoming log entry; input='<13>1 2025-03-14T13:38:08.805035+01:00 raspberrypi root - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="319500"] this is a test', msg='0x7f93510000', rcptid='0'
  [2025-03-14T12:38:08.806800] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='this is a test', marker='@cee:'
  [2025-03-14T12:38:08.806800] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='this is a test', marker='@cim:'
  [2025-03-14T12:38:08.831167] Initializing destination file writer; template='/var/log/messages', filename='/var/log/messages', symlink_as='(null)'
  [2025-03-14T12:38:08.851750] Initializing destination file writer; template='/var/log/messages-kv.log', filename='/var/log/messages-kv.log', symlink_as='(null)'
  [2025-03-14T12:38:08.852912] Syslog connection closed; fd='19', client='AF_INET(10.88.0.1:59612)', local='AF_INET(0.0.0.0:601)'
  [2025-03-14T12:38:08.854588] Outgoing message; message='2025-03-14T13:38:08.805+01:00 host .SDATA.timeQuality.isSynced=1 .SDATA.timeQuality.syncAccuracy=319500 .SDATA.timeQuality.tzKnown=1 HOST=host HOST_FROM=host MESSAGE="this is a test" MSGFORMAT=rfc5424 PROGRAM=root SOURCE=s_network TRANSPORT=rfc6587\x0a'
  [2025-03-14T12:38:08.854588] Outgoing message; message='Mar 14 13:38:08 host root: this is a test\x0a'

  What is next?

  As I mentioned earlier, in this blog we only made sure that syslog-ng can start on arm64 in a container and that it can collect log messages over the network. Depending on your environment you will also need to change the configuration and provide some disk space for collected log messages. If you give the nightly arm64 syslog-ng images a try, let us know about your experience!

  -

  If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

March 24, 2025

• Adam Young Diff between Code review versions

  Bottom line up front: create a tag with each version of a code review you post, to be able to see changes between versions.

  Git commits come in (at least) three flavors.
  
  First is the personal flavor, where you commit to git in order to not lose some quantum of behavior you have just implemented. These commits are small, and may be breaking commits. They are not meant for upstream consumption in the long term.

  
  Second is the upstream commit, a reasonable chunk of a code to review. While the overall patch-series (to use the LKML term) might still be multiple patches, each one is meant to be stand-alone reviewed, and probably should be a non-breaking patch that can be merged as is…provided all the pre-req patches get merges.
  
  The third type of commit is a fix to a code review commit. Say a patch series is 5 patches long, and you are asked to make a change in the first patch in the series. When doing your work, the first thing you do is make that change and make sure it works, and commit it on the top of the stack. Typically that change means you do a git rebase -i HEAD~6 (or comparable) and reorder the patches so that the fix sits just above the original commit you want to fix. At this point, you can squash the original and fixing commits together.
  
  When using gitlab or github, you can update an existing code review request (Merge Request or MR in gitlab, Pull Request or PR in Github) by doing some form of git push with the –force flag. Since both git services use a branch to represent the request, an update to the branch will create an update to the request.
  
  The problem with this process is that the change gets lost. Say that the change was questionable, and you just wanted to try it out. A fellow developer on a different system has no way of reverting to the previous stage…they would need the private information on your system.
  
  Another code review system that does not lose this information is Gerrit. I don’t wish to compare and contrast all of the various merits and drawbacks of Gerrit. Instead, I wish to focus in on the fact that a review is a top level concept in Gerrit, and each version of a review becomes its own branch. A version of a review is visible from the server and you can diff between two versions of a review. I would like to have the option to do something similar, but in gitlab or github.
  
  It turns out that you can, but it requires more work on the part of the developer. After you push each version of a merge request, you tag it and push that tag. They you update the merge request conversation with links to that tag.

  Obviously, this requires more effort on the part of the coder, but since you are essentially performing two operations each time you push, you can script it. We can write a script git-pushrev that does the following:

  1. pushes the current head to gitlab with –force using the name of the current branch. Make sure you don;t use main or other protected branch.
  2. tags the current head. The name of the tag should be related to the name of the branch, with a 3 digit index appended
  3. push the current tag to git using git push tag <tagname>

  The developer would need to then grab the tag and add it to the code review comments. However, if they forget to do this, the tag already exists and it could be looked up and posted in the future, or merely kept as a reference for later.

  To see what work was done in a revision of a review, use git diff. For example, assuming a branch named code-review,

  git diff code-review-000 code-review-001.

  I have a project where I deleted a short file. Here is what I get:

  ayoung@sut05sys-r112:~/testing/packaging$ git tag
  plumbum-wip-0
  plumbum-wip-1
  ayoung@sut05sys-r112:~/testing/packaging$ git diff plumbum-wip-0 plumbum-wip-1
  diff --git a/packaging/archive.py b/packaging/archive.py
  deleted file mode 100644
  index a3b2e94..0000000
  --- a/packaging/archive.py
  +++ /dev/null
  @@ -1,6 +0,0 @@
  -# Represents an archive to be built:  tar.gz, rpm, or comparable
  -
  -class Archive():
  -    def __init__(self, kit_name, build_id, branch_tag, base_tag):
  -        for key, value in locals().items():
  -            setattr(self, key, value)
  

• Alejandro Acosta Event report: Fedora @ SCaLE22x

  The 22nd edition of the Southern California Linux Expo ,or SCaLE for short, has come to and end and Fedora project had presence as it has happened for most of the editions of this important event. A few months ago I was gathering information on the Fedora participation in SCaLE for the Fedora Contributors conference (Flock to Fedora, check abstract for that talk here)and I was able to collect documentation as far as its 4th edition back in 2006!!

  Sounds easy, but that’s 19 out of 22 editions of the largest and most important community-run open source and free software conference in North America. Here’s a slide from my talk at Flock

  

  As always, it started months before conference’s day 1 with the not-so-fancy but very important work of planning. From surveying potential participants, create event wiki, estimate budget, contact organizers, requesting and receiving swag all the way to setting up the booth before the expo floor is open to attendees. The previous work itself gives us enough material for a separate article, or probably a grade thesis, maybe someday

  The first day starts with co-located events. New and very interesting events where organized along the conference, like Planet Nix, Cloud Native days LA, OpenInfra days, to mention a few. Even when we were not able to have our long desired Fedora Activity Day, we had an opportunity to participate in the Fedora + CentOS classroom with our friends form CentOS and RedHat.

  

  By the end of this day we had to setup our booth, as it needed to be ready for first day of expo on Friday. Having local people participating in the event is very important, not only helps with logistics but also with the little details that sometimes we take them for granted or don’t even notice them at all. Like Perry anticipating that the tablecloth may have come wrinkled due to handling, shipping or just being folded for long time and bringing a steamer from home. Well thought Perry!!

  

  By the way, this year we shared or booth space with our CentOS friends. Being both (Fedora and CentOS ) projects with a lot of common ground, it made this year’s experience enriching not only for both projects participants but also for attendees, who had a more clear panoramic on what’s the role of each project.

  

  Friday was over but we didn’t go straight to rest. Even though it was a busy day and we were beat tired, we wouldn’t be honoring our Fedora foundations if we do not invest quality time with our amigos, so we headed to a mediterranean café to have dinner with friends from CentOS, RedHat and Fedora. I’m sorry I don’t have compeling -or at least more appealing- evidence but here’s a sample of my food

  

  Talking about amigos, one of things I loved the most in this edition is that I had a re-encounter with my old friend, former Fedora contributor, former SCaLE staff and the person who talked me into attending my first SCaLE, my brother in the other side of the border, Larry Cafiero.

  Larry is now a writer for fossforce.com and he asked me for a few words that he could use in one of his articles in my capacity of Fedora contributor and long time SCaLE attende. You may call it an interview, I call it the pleasure of spending time with Larry.

  

  It is now Saturday, the busiest day in the expo hall as it is opened for the longest time and it is the day when most people attend the conference. It was crazy delightful from beginning to end, lots of visitors, increasing spanish speaking attendees, schools, companies, vendors, newbies, oldies, families, nerds, geeks,etc. In short, unique, valuable experiences to talk to people.

  Saturday closed with Game Night, a much appreciated opportunity to sit down for a while, grab a sip and continue talking about nerd things while enjoying a game. As a new, this is the first time that I got food spilled on my jeans from an excited player. I guess it comes with the territory

  Sunday is short, time for a wrap. Booth was lifted up, expo was closed. Fortunately there are a few other activities after the expo, like the much expected closing keynote. This time it was in charge of the Turing Award winning Leslie Lamport !!! The conference says that they’re always looking to bring these «legends» and they never disappoint. Leslie’s keynote was just delicious, delightful.

  

  I usually don’t include a thank you section because I fear to leave someone out of my mentions, but I’m grateful for all of the people who made this edition a success. Thank you Perry Rivera for co-owning the event and for all the effort you put in the organization, during and after the event. Thank you Scott Williams, Brian Monroe and Ivan Chavero for the time and passion you put in booth duty. Shaun McCance and Carl George, it was a privilege sharing booth space and adventures with you. Thank you Justin and Jason, without your support we wouldn’t be able to make it. And finally, thank you Nick Bebout, we’re sorry you couldn’t finally make it to the event but we’re sure we will continue working on having you there and we appreciate and value your work during the organization.

  See you next year at SCaLE !!!

• Josef Strzibny Running JavaScript after a Turbo Stream renders

  Turbo comes with turbo:before-stream-render but unfortunately doesn’t ship with the equivalent turbo:after-stream-render. Here’s how to run JavaScript after the stream renders.

  Why we need this

  If you are building your application with Hotwire, your Turbo streams will likely add, remove, and replace some HTML nodes. This mostly works except when you want to add HTML that comes with some JavaScript. Like a file picker, Trix editor, and the like.

  Turbo itself won’t do anything about this. It’s a rather simple tool with simple purpose. JavaScript initialization should come with the HTML Turbo is about to add. Hotwire solves this with Stimulus.

  The Hotwire way

  The Hotwire answer to the problem is Stimulus controllers. Stimulus is build on top of MutationObserver which is a browser API providing the ability to watch for changes being made to the DOM.

  When a Stimulus controller appears on the page, its connect method is called automatically. If our HTML doesn’t come with a Stimulus controller, we should create a new controller and put our initialization code inside its connect method:

  // app/javascript/controllers/my_controller.js
  import { Controller } from "@hotwired/stimulus"
  
  export default class extends Controller {
    connect() {
      // Code to initialize something
    }
  }
  

  Then we simply add the controller to an element inside our Turbo Stream:

  <turbo-stream>
    <div data-controller="my-controller">
    	Something that needs to be initialize with JavaScript.
    </div>
  </turbo-stream>
  

  When Stimulus is not an option

  Sometimes Stimulus might not be what we want and we would love to have a Turbo Stream event to hook into anyways.

  Luckily, Steve shared his little implementation of turbo:after-stream-render in this thread:

  // application.js
  const afterRenderEvent = new Event("turbo:after-stream-render");
  addEventListener("turbo:before-stream-render", (event) => {
    const originalRender = event.detail.render
  
    event.detail.render = function (streamElement) {
      originalRender(streamElement)
      document.dispatchEvent(afterRenderEvent);
    }
  })
  

  As you can see, the idea is quite simple. We create a new custom Event and add an event listener for turbo:before-stream-render which already exist. We then run our event after we are done with original rendering.

  To use it we create an event listener and paste the JavaScript that needs to run after rendering:

  document.addEventListener("turbo:after-stream-render", () => {
    console.log("I will run after stream render")
  });
  

March 22, 2025

• Kevin Fenzi Mid Late March infra bits 2025

  

  Fedora 42 Beta released

  Fedora 42 Beta was released on tuesday. Thanks to everyone in the Fedora community that worked so hard on it. It looks to be a pretty nice relase, lots of things in it and working pretty reasonably already. Do take it for a spin if you like: https://fedoramagazine.org/announcing-fedora-linux-42-beta/

  Of course with the Beta out the door, our infrastructure freeze is lifted and so I merged 11 PR's that were waiting for that on Wed. Also, next week we are going to get in a mass update/reboot cycle before the final freeze the week after.

  Ansible galaxy / collections fun

  One of the things I wanted to clean up what the ansible collections that were installed on our control host. We have a number that are installed via rpm (from EPEL). Those are fine, we know they are there and what version, etc. Then, we have some that are installed via ansible. We have a requirements.txt file and running the playbook on the control host installs those exact versions of roles/collections from ansible galaxy. Finally we had a few collections installed manually. I wanted to get those moved into ansible so we would always know what we have installed and what version it was. So, simple right? Just put them in requirements.txt. I added them in there and... it said they were just not found.

  The problem turned out to be that we had roles in there, but no collections anymore so I had not added a 'collections:' section, and it was trying to find 'roles' with those collection names. The error "not found" was 100% right, but it took me a few to realize why they were not found. :)

  More A.I. Scrapers

  AI scrapers hitting open source projects is getting a lot of buzz. I hope that some of these scraper folks will realize it's counterproductive to scrape things at a rate that makes them not work, but I'm not holding my breath.

  We ran into some very heavy traffic and I had to end up blocking brazil for a while to pagure.io. We also added some CPU's and adjusted things to handle higher load. So far we are handling things ok now and I removed the brazil blockage. But no telling when they will be back. We may well have to look at something like anubis, but I fear the scrapers would just adjust to not be something it can catch. Time will tell.

  Thats it for this week folks...

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114207270082200302

March 21, 2025

• Michael Catanzaro GNOME 48 Core Apps Update

  It has been a year and a half since my previous GNOME core apps update. Last time, for GNOME 45, GNOME Photos was removed from GNOME core without replacement, and Loupe and Snapshot (user-facing names: Image Viewer and Camera) entered, replacing Eye of GNOME and Cheese, respectively. There were no core app changes in GNOME 46 or 47.

  Now for GNOME 48, Decibels (Audio Player) enters GNOME core. Decibels is intended to close a longstanding flaw in GNOME’s core app set: ever since Totem (Videos) hid its support for opening audio files, there has been no easy way to open an audio file using GNOME core apps. Totem could technically still do so, but you would have to know to attempt it manually. Decibels fixes this problem. Decibels is a simple app that will play your audio file and do nothing else, so it will complement GNOME Music, the music library application. Decibels is maintained by Shema Angelo Verlain and David Keller (thank you!) and is notably the only GNOME core app that is written in TypeScript.

  Looking to the future, the GNOME Incubator project tracks future core apps to ensure there is sufficient consensus among GNOME distributors before an app enters core. Currently Papers (future Document Viewer, replacing Evince) and Showtime (future Videos or possibly Video Player, replacing Totem) are still incubating. Applications in Incubator are not yet approved to enter core, so it’s not a done deal yet, but I would expect to see these apps enter core sooner rather than later, hopefully for GNOME 49. Now is the right time for GNOME distributors to provide feedback on these applications: please don’t delay!

  On a personal note, I have recently left the GNOME release team to reduce my workload, so I no longer have any direct role in managing the GNOME core apps or Incubation process. But I think it makes sense to continue my tradition of reporting on core app changes anyway!

• Tom Tromey Faster Faster GDB Startup

  A while ago, I wrote about my work to speed up GDB’s DWARF reader. I thought I’d write again with a few updates.

  Sharding

  Back then, I wrote: “maybe GDB could trade memory for performance and shard the resulting index and do separate canonicalizations in each worker thread”.

  I did end up doing this. Recall that the canonicalization step goes through all the discovered DWARF entries of interest — basically, all the objects in the program that both have a name and are not in a function scope (except in some languages, there is always an exception with DWARF) — and ensures the names are in a normal form. For Ada, this step includes synthesizing the package hierarchy (something that should probably be done for Go as well, except nobody really works on the Go support in GDB).

  As an aside, sometime in the last few years we realized that this canonicalization has to be done for C as well, because in C there are multiple spellings of types like “short”. This is also implemented.

  Because GDB already reads DWARF CUs in chunks in separate threads, the sharding idea is that we can speed up canonicalization a bit by doing this separately. Previously, GDB combined all the results before processing. Sharding means that lookups are a little more complicated; but it turns out not to be too hard, because the number of shards is typically low (for reasons I haven’t yet investigated, the reader doesn’t scale past 8 threads or so).

  Background Reading

  The other major change I made is to do all the DWARF reading in the background. This is a trick to make gdb feel faster to users. The basic idea here is that in many cases, gdb does not immediately need the DWARF from the various files. So, if we push the reading into worker threads, maybe it will be completely read in by the time gdb does need it.

  This also somewhat benefits the situation where several shared libraries are loaded at once into the inferior. In this case, gdb already defers breakpoint re-setting until all the DWARF has been read — and with this change, all that work will be done in parallel.

  Making this work wasn’t entirely straightforward. The main issue here is that gdb determines the initial language and location for “list” (et al) based on the debug info. The patches arrange to set these things lazily as well. I also had to add some rudimentary thread-safety to BFD.

  Now, this can be defeated in a few ways. If you have a .gdbinit that sets a breakpoint, then that will cause the familiar pause, because setting a breakpoint will wait for the workers to complete. Or, if you debug a large executable and type very quickly, you may have to wait for the parsing to finish.

  However, when it does work, it feels like gdb starts instantly.

• Fedora Community Blog Infra and RelEng Update – Week 12

  This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

  Week: 17 Mar – 21 Mar 2025

  

  Infrastructure & Release Engineering

  The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
  It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
  List of planned/in-progress issues

  Fedora Infra

  • In progress:
    • Disable self-serve project creation on pagure.io
    • Blocked access to Fedora repositories
    • OTP locked me out of my account
    • Network connectivity issues on koji builders (partial downloads, etc.)
    • re-add datagrepper nagios checks (and add to zabbix?)
    • Fix logrotate on kojipkgs01/02
    • 2025 datacenter move (IAD2->RDU3)
    • Broken link for STG IPA CA certificate, needed for staging CentOS Koji cert
    • [CommOps] Open Data Hub on Communishift
    • retire easyfix
    • Add StartInstanceRefresh permission for fedora-ci-testing-farm user in AWS
    • Deploy Element Server Suite operator in staging
    • Pagure returns error 500 trying to open a PR on https://src.fedoraproject.org/rpms/python-setuptools-gettext
    • Create a POC integration in Konflux for fedora-infra/webhook-to-fedora-messaging
    • maubot-meetings bot multi line paste is cut
    • setup ipa02.stg and ipa03.stg again as replicas
    • Manage our new testing.farm domain via AWS Route53
    • Add support for creating RDS instances under `testing-farm-` prefix
    • Move OpenShift apps from deploymentconfig to deployment
    • The process to update the OpenH264 repos is broken
    • httpd 2.4.61 causing issue in fedora infrastructure
    • Support allocation dedicated hosts for Testing Farm
    • EPEL minor version archive repos in MirrorManager
    • vmhost-x86-copr01.rdu-cc.fedoraproject.org DOWN
    • Add yselkowitz to list to notify when ELN builds fail
    • Cleaning script for communishift
    • Setup RISC-V builder(s) VM in Fedora Infrastructure
    • Move from iptables to firewalld
    • Help me move my discourse bots to production?
    • rhel9 adoption
    • Replace Nagios with Zabbix in Fedora Infrastructure
    • Migration of registry.fedoraproject.org to quay.io
  • Done:
    • Staging Ipsilon broken
    • Unable to login in FF
    • Rename #centos-kmods:fedora.im to #centos-kmods:fedoraproject.org
    • packager dashboard not syncing koschei FTBFS status?
    • Splunk syslog address change
    • Visited links in wiki are now black, same as regular text
    • a real domain name for konflux

  CentOS Infra including CentOS CI

  • In progress:
    • Ensuring ansible automation in place can manage/control el10 nodes
    • Creating a prometheus resource in cloud-softwarefactory namespace hangs
    • Retire Public CI SIG
    • [spike] : investigating ppc64le kvm host option with el9/el10 (for Power10)
    • Setup for the new Proposed Updates SIG
    • [spike] : investigating needed deps (poetry) for duffy on el9
    • Onboarding new infra SIG member
    • Migrate main backup storage pool to different hardware
    • [spike] : investigating options/alternatives for the upcoming DC move
    • Add kiwi to CentOS Stream Koji
    • Replace some Infrastructure servers (out of warranty)
    • Increase Storage capacity for koji built artifacts
    • Testing Jenkins – c10s x86_64 metal doesn’t provision
    • Release Improvements
  • Done:
    • [CloudSIG] Create distgit repos for some new Cloud SIG packages
    • grant sf-service-account namespace-scoped access to monitoring.coreos.com’s scrapeconfigs
    • [spike] : investigating zabbix 6.0.x build for el10/Stream 10
    • [CloudSIG] Create distgit repo for python-pyasyncore
    • upgrade mailman3 stack for django 4.x

  Release Engineering

  • In progress:
    • Unorphan workrave
    • Mass retirement of packages with uninitialized rawhide branch
    • Please send openh264-2.6.0 to Cisco
    • Unretire datanommer-commands and python-datanommer-models packages
    • Create `image-builder-build` koji build group
    • 300+ F42FTBFS bugzillas block the F41FTBFS tracker
    • Packages that have not been rebuilt in a while or ever
    • Send compose reports to a to-be-created separate ML
    • .sqlite metadata missing in f41-updates and f41-updates-testing repositories
    • Could we have fedoraproject-updates-archive.fedoraproject.org for Rawhide?
    • Investigate and untag packages that failed gating but were merged in via mass rebuild
    • a few mass rebuild bumps failed to git push – script should retry or error
    • Package retirements are broken in rawhide
    • Implement checks on package retirements
    • Untag containers-common-0.57.1-6.fc40
    • Provide stable names for images
    • Packages that fail to build SRPM are not reported during the mass rebuild bugzillas
    • When orphaning packages, keep the original owner as co-maintainer
    • Create an ansible playbook to do the mass-branching
    • RFE: Integration of Anitya to Packager Workflow
    • Fix tokens for ftbfs_weekly_reminder. script
    • Update bootloader components assignee to “Bootloader Engineering Team”for Improved collaboration
  • Done:
    • new package missing from koji
    • [URGENT] drop openh264 packages from Fedora updates-testing repos
    • close fedora-scm-requests for modules automatically (where is the code?)
    • Stalled epel requests: python-pytest-trio / python-cmarkgfm / python-readme-renderer
    • Stalled EPEL package: python-hatch-requirements-txt
    • rust-hidpipe didn’t get retired properly
    • Create Fedora 42 Beta candidates
    • Fedora 42 Mass Rebuild Tracker
    • orphan-all-packages.py should remove bugzilla_contact entries from fedora-scm-requests as well

  If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

  The post Infra and RelEng Update – Week 12 appeared first on Fedora Community Blog.

• Josef Strzibny Running interactive sessions with Kamal

  How to connect to a container on a server managed by Kamal and run an interactive session?

  Interactive server actions

  Kamal comes with a kamal server exec to execute a single command on the server. If we pass the -i option, we’ll start the interactive session that doesn’t cancel the connection immediatelly.

  Similarly, Docker comes with docker exec command with the -it options to run a container process interactively.

  If we combine both of these we’ll get what we need. A single command to run something interactively out of a single container:

  $ kamal server exec -i "docker exec -it [CONTAINER] [COMMAND]"
  

  Example

  Here’s an example with kamal-proxy:

  $ kamal server exec -i "docker exec -it kamal-proxy bash"
  

  After running the comment we’ll be dropped into the container running Kamal Proxy.

  Then we can play with the proxy without running long commands:

  $ kamal-proxy stop app-web --message=""
  $ kamal-proxy resume app-web
  

March 20, 2025

• Amit Shah List of Patents I have filed

  This is the list of patents I’ve filed over the years.

  US Patent Number	Title	Inventor/s	Assignee
  US-12223191-B1	Management of operating system software using read-only multi-attach block volumes	Shah; Amit	Amazon Technologies, Inc.
  US-12210875-B2	Security vulnerability mitigation using address space co-execution	Shah; Amit, Schoenherr; Jan Hendrik, Raslan; Karimallah Ahmed Mohammed, Hillenbrand; Marius, Sironi; Filippo	Amazon Technologies, Inc.
  US-10496424-B2	Reconfiguring virtual machines	Shah; Amit	Red Hat, Inc.
  US-9990217-B2	Hypervisor printer emulation for virtual machines	Shah; Amit	Red Hat, Inc.
  US-9880868-B2	Modifying an OS installer to allow for hypervisor-specific adjustment of an OS	Shah; Amit	Red Hat, Inc.
  US-9436529-B2	Providing random data to a guest operating system	Shah; Amit	Red Hat, Inc.
  US-9323562-B2	Providing seamless copy-paste operations in a virtual machine environment	Shah; Amit	Red Hat, Inc.
  US-9280378-B2	Adjustment during migration to a different virtualization environment	Shah; Amit	Red Hat, Inc.
  US-8874697-B2	Content download based on hashes	Shah; Amit	Red Hat, Inc.
  US-8863114-B2	Managing software packages using a version control system	Shah; Amit	Red Hat, Inc.
  US-8806040-B2	Accessing external network via proxy server	Shah; Amit	Red Hat, Inc.
  US-8631408-B2	Configuring parameters of a guest operating system based on detected events	Shah; Amit	Red Hat, Inc.
  US-8561067-B2	Test suites for virtualized computing environments	Shah; Amit	Red Hat, Inc.
  US-8312453-B2	Mechanism for communication in a virtualization system via multiple generic channels of a paravirtualized device	Shah; Amit	Red Hat, Inc.

• Fedora Community Blog End of OpenID authentication in Fedora Account System

  On the latest Fedora Infrastructure weekly meeting we decided on a date of OpenID authentication sunset. The date is 20th May 2025.

  Why the change?

  The OpenID is being replaced by OpenIDConnect (OIDC) in most of the modern web and most of the Fedora infrastructure is already using OIDC as the default authentication method. OIDC offers us better security by handling both authentication and authorization. It also allows us to have more control over services that are using Fedora Account System (FAS) for authentication.

  What will change for you?

  With the End Of Life of OpenID we will switch to OIDC for everything and no longer support authentication with OpenID. If your web or service is already using OIDC for authentication nothing will change for you. If you are still using OpenID open a ticket on Fedora Infrastructure issue tracker and we will help you with migration to OIDC. For users using FAS as authentication option there should be no change at all.

  What will happen now?

  We will be reaching to services we identified as using OpenID directly, but as we don’t have control over OpenID authentication we can’t identify everyone.

  If you are interested in following this work feel free to watch this ticket.

  The post End of OpenID authentication in Fedora Account System appeared first on Fedora Community Blog.

March 19, 2025

• Daniel Pocock Debian Pregnancy Cluster, when I stopped using IRC

  In my last blog, I started to explore the phenomena of a Debian pregnancy cluster that occurred in the lead-up to DebConf13 which was held in Switzerland.

  Ana, from Spain, was another case. Around the time that Marga started the conspiratorial emails, Ana started contacting me almost every day on IRC. The plotters saw me as the most open-minded person in Switzerland and hoped that I would be able to exert influence on other members of the local team.

  If Ana's employer was a client I would have had to bill an hour per day, approximately five hours per week, for the discussions that appeared on IRC and elsewhere. I eventually stopped using IRC:

  Subject: Re: not on IRC
  Date: Tue, 27 Nov 2012 13:18:31 +0100
  From: Ana Guerrero <ana@debian.org>
  To: Daniel Pocock <daniel@pocock.com.au>
  
  On Tue, Nov 27, 2012 at 09:03:49AM +0000, Daniel Pocock wrote:
  > 
  > 
  > 
  > Hi Ana,
  > 
  > I'm on the road for a few more days, so I am not monitoring IRC at all
  > and only intermittently accessing email
  > 
  > Can you please email me if there is any urgent question, etc?
  > 
  > What do you think of Marga's current direction?  Do you think other
  > people may get involved now?
  >
  
  Don't worry too much and keep a low profile. We have almost gotten they
  postpone the contract signing tomorrow. that's a first step.
  I'm serious abotu the low profile thing, they like blaming things on you
  and if you're not active, they cann't.
  

  A few months later, the email appeared on debian-private confirming that Ana had been part of the Debian pregnancy cluster. The baby arrived just two months before DebConf13. Now we know the real reason women were pushing to change the venue.

  As a senior developer, I felt that IRC did not give me a net benefit for the time I was online. Whether it is on IRC, on social control media or on a self-managed social media/forum like Discourse, there is a tendency for everybody to focus their questions on the senior developers and we get swamped.

  Subject: A different kind of release
  Date: Sun, 12 May 2013 18:53:56 +0200
  From: Aurelien Jarno <aurel32@debian.org>
  To: debian-private@lists.debian.org
  CC: Ana Guerrero <ana@debian.org>
  
  Hi,
  
  We are happy parents of a son called Manuel, born a few days ago.
  Everybody is fine, and we are trying to get used to our new schedule.
  Therefore our time to contribute to Debian might vary from day to day.
  
  Ana & Aurelien
  
  [ This message is to be kept private forever ]
  
  -- 
  Aurelien Jarno	                        GPG: 1024D/F1BCDB73
  aurelien@aurel32.net                 http://www.aurel32.net
  

  Privacy & Debian hyprocrisy

  The email concludes with a footnote, [ This message is to be kept private forever ]. When my father died, rogue Debianists demonstrated utter contempt for the privacy of my family. Yet they impose upon the rest of us to hide their conflicts of interest and the notorious Debian suicide cluster.

  It is important to look at the full email and the pressure on DebConf13 and then take a fresh look at the attacks on José Manuel Santamaría Lema ("santa"). Looking at the attacks on Santa, Ana sent the mail to start the lynching just a few weeks before she went on maternity leave.

  Then they chose the name Manuel for their new son.

  I feel that other people have paid a price for Ana's insecurities during her first pregnancy, yet the pregnancy was hidden from most people, especially from Santa. When they named their son Manuel, did they realize they were borrowing from the name of the volunteer they lynched?

  Subject: Removing a non-DD member of the Qt/KDE team
  Date: Thu, 28 Mar 2013 10:00:57 +0100
  From: Ana Guerrero <ana@debian.org>
  To: debian-private@lists.debian.org, nm@debian.org, leader@debian.org
  
  [sorry for the duplicated email if you receive it twice]
  
  Hi,
  
  This email is about the decision of the Qt/KDE team [1] of banning
  José Manuel Santamaria Lema, aka santa, from the team. This means removing
  him from the pkg-kde alioth group and removing him from all the group
  maintained packages.
  After that there are only 4 packages maintained only by him, that are KDE
  related and you can find plans at [2].
  José is also a DM [3], at the moment, he's only allowed to upload a single
  package that as seen in [2] will go to the hands of the KDE team. The DD
  who authorized him the rights for uploading this package is revoking them.
  With this email, we are also asking FD/NM committee to remove him as DM.
  
  First of all, none of us have any doubt of the technical skills of José.
  However, he has shown he doesn't know how to work inside a team,
  ... [ snip defamation ] ...
  

  That is from the woman who didn't tell other team members that she was in the final stages of her first pregnancy.

  It looks like Ana and other team members couldn't keep up with the pace at which Santa was working. Ana's availability was changing due to her pregnancy and other team members would have had extra effort because of that. Is it fair that other developers are punished at a time like that?

  I fully support the right of women to participate in technical hobbies like Debian. Employers have certain obligations to women during pregnancy. Volunteers collaborating remotely over the Internet often have no idea whether a woman is pregnant and even if we did know, it isn't fair that other volunteers have suffered adverse consequences in that period.

  Santa's activity completely stopped, so the Qt/KDE team simultaneously lost two people:

  

  Resignations followed

  Subject: Resignation
  Date: Fri, 19 Apr 2013 14:59:27 -0500
  From: John Hasler <jhasler@newsguy.com>
  Reply-To: John Hasler <john@dhh.gt.org>
  Organization: Dancing Horse Hill
  To: debian-private@lists.debian.org
  
  I've resigned.  Your resignation procedure says I must announce that
  fact to this list. I've sent the requisite message to
  keyring@rt.debian.org and orphaned my packages.  Please notify me if
  there is anything I've missed.  Otherwise please do not respond.
  -- 
  John Hasler jhasler@newsguy.com
  Elmwood, WI USA
  

  and some people just stepped back for a while:

  Subject: [VAC] -> end of April
  Date: Sat, 20 Apr 2013 12:04:05 +0200
  From: intrigeri <intrigeri@debian.org>
  To: debian-private@lists.debian.org
  
  Hi,
  
  I'll be offline until the end of the month. I'll be planting a garden
  with vegetable seeds... and more generally trying to take care of
  myself and avoid burn-out while it's still possible.
  
  Regarding the Wheezy release, I won't be able to do any further work
  on #704754 ("release-notes: [wheezy] mention AppArmor support") that
  the release-notes manager will deem required, so what's left to do in
  this area will have to be done by someone else, if at all.
  
  Other than that, my packages should be in good enough state for
  Wheezy. In any case, most are team-maintained and I'm on the Low
  Threshold NMU list.
  
  Cheers,
  -- 
    intrigeri
    | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
    | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
  

  Does Debian vendetta culture impact other families?

  Subject: [VAC] 14/04-??/04
  Date: Sat, 13 Apr 2013 10:44:18 +0530
  From: Kartik Mistry <kartik@debian.org>
  To: debian-private@lists.debian.org
  
  Hi,
  
  I need to fix,
  1. Shifting my home --> new home.
  2. Fix health of my wife.
  3. Fix myself to get enough motivation.
  
  #3 is not issue, it pops up time to time. #2 is serious and needs urgent
  attention and medical advices.
  
  I'm also travelling from tonight till Friday.
  
  So, please feel free to release!
  
  To be kept private forever. Apart from #2, many people outside this list knows
  about my this plan/travel.
  
  --
  Kartik Mistry | IRC: kart_
  {0x1f1f, kartikm}.wordpress.com
  

  How do you recognize a cult?

  Public Health England and the UN DRR tell us that you only need two suicides to declare a suicide cluster. There is no similar threshold for a pregnancy cluster but people were keeping score. Christian Perrier tells us two couples had babies but there were at least three in 12 months. It looks like he didn't know about Marga because she was being even more secretive about it.

  Subject: Re: A different kind of release
  Date: Mon, 13 May 2013 07:14:14 +0200
  From: Christian PERRIER <bubulle@debian.org>
  To: debian-private@lists.debian.org
  CC: Aurelien Jarno <aurel32@debian.org>, Ana Guerrero <ana@debian.org>
  
  Quoting Aurelien Jarno (aurel32@debian.org):
  > Hi,
  > 
  > We are happy parents of a son called Manuel, born a few days ago.
  > Everybody is fine, and we are trying to get used to our new schedule.
  > Therefore our time to contribute to Debian might vary from day to day.
  
  \o/ to one more future DD....:-)
  
  Good luck in your new life schedule, A&A...things might change a bit
  in the upcoming months..
  
  You guys know I like stupid stats, so you won't be surprised to learn
  that, so far, and unless I'm missing something, that makes two "2nd
  generation DD" we're aware about....
  

  Lynching on the day you give birth

  Ana's baby announced on the same day debian-private started the lynching of Josselin Mouette.

  Subject: nomination and call for supporters for expulsion of Josselin Mouette
  Date: Sun, 12 May 2013 00:15:29 +0300
  From: Eugene V. Lyubimkin 
  To: da-manager@debian.org
  
  Hello,
  
  [ Josselin and debian-private@ BCC'ed ]
  
  ...
  

  Let's not forget that Adrian von Bidder died on our wedding day and it was discussed like a suicide.. As he died in Switzerland, the coroner's report and the official cause of death was kept hidden.

  They tried to tell us Adrian von Bidder's death was a heart attack. They never provided a coroner's report for Ray Dassen either but informally they suggested it is a heart attack too. It was right in the middle of the conflicts about DebConf13, Daniel Baumann, Santa & the Debian pregnancy cluster:

  Subject: Ray Dassen passed away
  Date: Wed, 22 May 2013 13:32:04 +0200
  From: Thijs Kinkhorst <thijs@debian.org>
  To: debian-private@lists.debian.org
  
  Hi all,
  
  This morning I've received the sad news that long-time Debian Developer, Ray Dassen, died last weekend from a heart attack, just 40 years old.
  
  Ray has been a Debian Developer for an incredible 19 years, joining our project in 1994, and continued to be an active contributor just until recently.
  

  They remembered how it was done for Frans Pop (Debian Day suicide)

  They went to great lengths to hush up the Debian Day volunteer suicide. Those tactics were recalled when Ray Dassen died.

  Subject: Re: Ray Dassen passed away
  Date: Sat, 25 May 2013 11:04:49 -0700
  From: Russ Allbery <rra@debian.org>
  Organization: The Eyrie
  To: debian-private@lists.debian.org
  
  Dmitry Smirnov <onlyjob@debian.org> writes:
  
  > By the way why is this information only in -private?
  > I mean when I die please let everybody know so they won't waste their
  > time trying to reach me...
  
  Usually the initial coordination of our reaction to an announcement of
  this sort is done in private just in case there are privacy concerns from
  the family, anything we have to coordinate about how they want to handle
  notification, etc.  That way, we can be careful about how we phrase our
  first public notice, which has been important for a few instances in the
  past.
  
  -- 
  Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
  

  Not only women get baby brain

  OPW is the Outreach Program for Women, now known as Outreachy. A lot of money is spent on recruiting women to the program. No reports have ever been presented about the economic benefit of those expenditures.

  Subject: Re: OPW Student in Kingston, Jamaica
  Date: Mon, 25 Nov 2013 18:37:36 +0000
  From: Joachim Breitner <nomeata@debian.org>
  To: debian-private@lists.debian.org
  
  Hi,
  
  Am Montag, den 25.11.2013, 13:18 -0500 schrieb Paul Tagliamonte:
  > She's got a PhD, so I think this could also be a good beersigning, if
  > she drinks.
  
  not having a PhD yet I wonder what expects me: Will I be a better
  drinker after I get the degree? Or a better keysigner? /me is confused.
  
  Greetings,
  Joachim
  
  -- 
  Joachim "nomeata" Breitner
  Debian Developer
    nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
    JID: nomeata@joachim-breitner.de | http://people.debian.org/~nomeata
  

  Debian Account Manager bootstrapped the pregnancy cluster

  It looks like Marga and Ana got pregnant immediately after Joerg Jaspert (Ganneff) and Pei-Hua Tseng had their baby.

  Familiar pattern,

  "I first met my wife at the “International Conference on OpenSource” 2009 in Taiwan. So OpenSource, Debian and me being some tiny wheel in the system wasn’t entirely news to her."

  That appears to coincide with a trip to the MiniDebConf Taiwan 2009.

  Subject: Little Ganneff says: You are all REJECTED
  Date: Thu, 03 May 2012 16:38:19 +0200
  From: Joerg Jaspert 
  Organization: Goliath-BBS
  To: debian-private@lists.debian.org
  
  Hi
  
  litte Ganneff, born 2. May, listening to "[redacted]" (sometimes,
  I hope), while presenting his mother with the finest set of "You don't
  want to have this type of labour"-36hours labour, completly ignoring
  that a day earlier his mother would have been in labour during labour
  day, showing that he has no sense of humor, just told me, backed with
  the full weight of his 3780 grams and the fearful height of 54cm, that I
  should use that magic *m* key[fn:1] and reject all of your approaches to
  my time, and as such going into a kind of Vacation over the next few
  days to weeks, though he left an option that it will be forever,
  forbidding me to talk about the evil grin he had while issuing this
  order (and yo, I haven't talked about it, so all is fine).
  
  He also turned on a special-for-you-english-natives mode to let me write
  extra long and slightly complicated sentences.
  
  But to show his evil overlord graciousness, he allowed me to show you
  http://kosh.ganneff.de/~joerg/paste/2012-05-03-Hd8a1JVfC84/[redacted].png
  (mind, this is -private).
  
  Footnotes:
  
  [fn:1] In daks process-new it means "Manual reject"
  
  -- 
  bye, Joerg
  [-private note: All my parts in this post (or citation of them in
  		  		another) are forbidden to be made public later.]
  

  Will little Ganneff become a Debian Developer?

  When he is old enough, he will have access to the full archives. Some of them have already been leaked anyway.

  When DebConf went back to the Balkans in Kosovo, why did local women avoid it?

  Subject: Re: Little Ganneff says: You are all REJECTED
  Date: Sat, 5 May 2012 12:07:12 +0200
  From: Christian PERRIER <bubulle@debian.org>
  To: debian-private@lists.debian.org
  
  Quoting martin f krafft (madduck@debian.org):
  > also sprach Gerfried Fuchs <rhonda@deb.at> [2012.05.04.1936 +0200]:
  > > > It's called "spring" ;)
  > > 
  > >  I fear you are misguided.  It's called "start of summer break", if you
  > > manage to calculate properly.  :P
  > 
  > "DebConf"
  
  
  We need to amend the Debconf11 report: "Little Ganneff: yet another
  achievement made in Banja Luka"
  
  /me runs far away
  

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

• Fedora fans نسخه لینوکس فدورا ۴۲ بتا منتشر شد

  

  پروژه فدورا با خوشحالی انتشار نسخه بتای فدورا لینوکس ۴۲ را اعلام می‌کند! این نسخه پیش‌نمایشی از ویژگی‌ها و تغییرات نسخه نهایی فدورا لینوکس ۴۲ را ارائه می‌دهد. برای دریافت نسخه پیش‌انتشار هر یک از ویرایش‌ها، می‌توانید به وب‌سایت پروژه مراجعه کنید: فدورا ورک‌استیشن ۴۲ بتا فدورا KDE Plasma Desktop ۴۲ بتا فدورا سرور ۴۲ […]

  The post نسخه لینوکس فدورا ۴۲ بتا منتشر شد first appeared on طرفداران فدورا.

March 18, 2025

• Matthew Garrett Failing upwards: the Twitter encrypted DM failure

  Almost two years ago, Twitter launched encrypted direct messages. I wrote about their technical implementation at the time, and to the best of my knowledge nothing has changed. The short story is that the actual encryption primitives used are entirely normal and fine - messages are encrypted using AES, and the AES keys are exchanged via NIST P-256 elliptic curve asymmetric keys. The asymmetric keys are each associated with a specific device or browser owned by a user, so when you send a message to someone you encrypt the AES key with all of their asymmetric keys and then each device or browser can decrypt the message again. As long as the keys are managed appropriately, this is infeasible to break.
  
  But how do you know what a user's keys are? I also wrote about this last year - key distribution is a hard problem. In the Twitter DM case, you ask Twitter's server, and if Twitter wants to intercept your messages they replace your key. The documentation for the feature basically admits this - if people with guns showed up there, they could very much compromise the protection in such a way that all future messages you sent were readable. It's also impossible to prove that they're not already doing this without every user verifying that the public keys Twitter hands out to other users correspond to the private keys they hold, something that Twitter provides no mechanism to do.
  
  This isn't the only weakness in the implementation. Twitter may not be able read the messages, but every encrypted DM is sent through exactly the same infrastructure as the unencrypted ones, so Twitter can see the time a message was sent, who it was sent to, and roughly how big it was. And because pictures and other attachments in Twitter DMs aren't sent in-line but are instead replaced with links, the implementation would encrypt the links but not the attachments - this is "solved" by simply blocking attachments in encrypted DMs. There's no forward secrecy - if a key is compromised it allows access to not only all new messages created with that key, but also all previous messages. If you log out of Twitter the keys are still stored by the browser, so if you can potentially be extracted and used to decrypt your communications. And there's no group chat support at all, which is more a functional restriction than a conceptual one.
  
  To be fair, these are hard problems to solve! Signal solves all of them, but Signal is the product of a large number of highly skilled experts in cryptography, and even so it's taken years to achieve all of this. When Elon announced the launch of encrypted DMs he indicated that new features would be developed quickly - he's since publicly mentioned the feature a grand total of once, in which he mentioned further feature development that just didn't happen. None of the limitations mentioned in the documentation have been addressed in the 22 months since the feature was launched.
  
  Why? Well, it turns out that the feature was developed by a total of two engineers, neither of whom is still employed at Twitter. The tech lead for the feature was Christopher Stanley, who was actually a SpaceX employee at the time. Since then he's ended up at DOGE, where he apparently set off alarms when attempting to install Starlink, and who today is apparently being appointed to the board of Fannie Mae, a government-backed mortgage company.
  
  Anyway. Use Signal.
  
  comments

• Charles-Antoine Couret Venez tester si Fedora Linux a trouvé la réponse avec la version 42 Beta

  En ce mardi 18 mars, la communauté du Projet Fedora sera ravie d'apprendre la disponibilité de la version Beta de Fedora Linux 42.

  Malgré les risques concernant la stabilité d’une version Beta, il est important de la tester ! En rapportant les bogues maintenant, vous découvrirez les nouveautés avant tout le monde, tout en améliorant la qualité de Fedora Linux 42 et réduisant du même coup le risque de retard. Les versions en développement manquent de testeurs et de retours pour mener à bien leurs buts.

  La version finale est pour le moment fixée pour le 15 ou le 22 avril.

  Expérience utilisateur

  • L'environnement de bureau GNOME est proposé dans sa version 48 ;
  • L'environnement de bureau Xfce bénéficie de la version 4.20 ;
  • L'environnement de bureau LXQt passe à la version 2.1 ;
  • Le logiciel d'installation d'Anaconda devient une application Wayland native ;
  • Anaconda a enfin une interface web UI pour l'étape du partitionnement ;
  • Anaconda en profite pour également être une web UI par défaut pour Fedora Workstation ;
  • L'édition KDE Plasma devient une édition à part entière, étant mise au même niveau que Fedora Workstation avec l'environnement GNOME ;
  • L'écran de chargement lors du démarrage plymouth utilise simpledrm pour réduire l'attente qu'un GPU soit disponible ;
  • L'environnement de bureau COSMIC bénéficie de sa propre édition Spin ;
  • Activation de la mise à jour automatique par défaut pour la version atomique de KDE Plasma nommée Kinoite.

  Gestion du matériel

  • Amélioration de la prise en charge des webcams basées sur le protocole MIPI au lieu de USB dans les ordinateurs portables x86 ;
  • L'Intel Compute Runtime, qui prend en charge notamment le fonctionnement de l'API OpenCL pour les processeurs Intel, a été mise à jour vers la version 24.39 qui signifie également une non prise en charge des processeurs d'avant 2020 (à partir de la 12e génération) ;
  • Introduction de la pile Intel SGX pour permettre son utilisation dans le futur pour améliorer l'isolation et la protection mémoire en particulier pour les machines virtuelles ;
  • Intégration du projet FEX dans les dépôts pour permettre l'exécution des programmes x86 / x86_64 depuis les architectures AArch64 ;
  • L'installateur Anaconda utilise la norme GPT par défaut pour la table de partitionnement pour les architectures PPC64LE et s390x, l'architecture x86_64 et Aarch64 ayant déjà sauté le pas avec Fedora Linux 37 ;
  • Les versions atomiques n'auront plus d'images compatibles avec l'architecture PPC64LE ;
  • Le paquet du logiciel Zezere qui sert à automatiser l'installation et la configurations de systèmes IoT a été retiré des dépôts.

  Internationalisation

  • Mise à jour de l'entrée de saisie IBus 1.5.32 ;
  • Son aide à la saisie pour le chinois ibus-libpinyin est aussi mise à jour à la version 1.16 ;
  • Proposition d'une nouvelle aide à la saisie vocale avec Ibus Speech to Text via le paquet ibus-speech-to-text qui permet de faire de la reconnaissance vocale en local.

  Administration système

  • Les répertoires /usr/bin et /usr/sbin sont fusionnés ;
  • DNF5 va proposer à l'utilisateur de supprimer les clés GPG qui ont expiré, ou qui ont été révoquées, de devoir le faire à la main avec la commande rpmkeys --delete ;
  • La commande fips-mode-setup a été retirée du paquet crypto-policies qui permet de rendre dynamiquement son système compatible avec les exigences du gouvernement américain concernant les modules cryptographiques. Cette option doit être activée lors de l'installation par d'autres moyens maintenant ;
  • Le navigateur de fichiers pour Cockpit cockpit-navigator est remplacé par cockpit-files ;
  • Les éditions dérivées de Fedora Workstation auront par défaut le pare-feu configuré avec l'option IPv6_rpfilter=loose, ce qui suit la politique appliquée pour l'IPv4 depuis Fedora 30 ;
  • Ajout du paquet bpfman pour le déploiment et la gestion des programmes eBPF dans le système ;
  • Réduction du nombre de règles SELinux liées au type unlabeled_t qui mènent à ne pas enregistrer dans le journal d'audit des erreurs détectées ;
  • Mise à jour de l'outil de gestion de configuration Ansible à la version 11 ;
  • Le serveur de proxy inverse Apache Traffic Server évolue vers sa 10e version ;
  • La version de compatibilité PostgreSQL 15 a été retirée, PostgreSQL 16 reste la version par défaut ;
  • Les utilitaires liés au projet OpenDMARC ont été mis dans des paquets individuels au lieu du paquet opendmarc qui les fournissait tous ;
  • L'agent pam-ssh-agent a été supprimé des dépôts.

  Développement

  • La chaîne de compilation GNU bénéficie de GCC 15, binutils 2.44, glibc 2.41 et gdb 15 ;
  • La chaîne de compilation LLVM progresse à la 20e version ;
  • La boîte à outils Python nommée Django utilise la version 5.x ;
  • Mise à jour du langage Go vers la version 1.24 ;
  • Le langage Ruby brille avec la version 3.4 ;
  • Le langage de programmation PHP s'impose de tout son poids à la version 8.4 ;
  • Le compilateur du langage fonctionnel Haskell, GHC, passe à la version 9.8 et sa suite de paquets Stackage utilise la version 23 ;
  • Le langage de programmation fonctionnel Idris dispose d'une mise à jour majeure vers sa 2e version ;
  • Le langage de scripts Tcl/Tk a été mis à jour vers la 9e version ;
  • La bibliothèque de calcul scientifique en Python NumPy passe à la version majeure 2 ;
  • L'outil de développement de paquets Python Setuptools a été mis à jour vers la version 74 ;
  • Mise à jour de la bibliothèque de compression zlib-ng à la version 2.2.x ;
  • La bibliothèque graphique SDL utilise la version 3 pour assurer la compatibilité avec sa version 2 dorénavant ;
  • Les anciennes versions de OpenJDK pour le langage Java à savoir 8, 11 et 17 ne sont plus fournies par les dépôts de Fedora mais devront être installés via un dépôt tiers tel que Adoptium Temurin dont le paquet adoptium-temurin-java-repository permet son activation ;
  • Le paquet de compatibilité Python pour la version 3.8 a été retiré ;
  • La bibliothèque Rust zbus version 1 a été supprimée, la version 4 ou supérieure reste proposée dans les dépôts ;
  • La bibliothèque de compatibilité entre Rust et Python, PyO3, se voit retirer les anciennes versions 0.19, 0.20, et 0.21 ;
  • L'utilitaire d'exécution des tests unitaires en Python python-pytest-runner est déprécié et sera supprimé dans un futur proche ;
  • La bibliothèque de compatibilité entre GTK3 et Rust est marquée comme dépréciée et sera supprimée dans une prochaine version.

  Projet Fedora

  • Fedora Linux proposera des archives permettant d'être installé avec Windows Subsystem for Linux ;
  • Les paquets RPM peuvent bénéficier de la fonction systemd sysusers.d pour créer des utilisateurs dédiés lors de l'installation des paquets RPM ;
  • Les mises à jour de Fedora CoreOS passent de OSTree à OCI ;
  • Les fichiers Kickstart seront distribués également comme des artéfacts OCI ;
  • Activation par défaut de composefs pour les images atomiques bureautiques de Fedora Linux ;
  • L'utilitaire edk2 est compilé avec des options de sécurité supplémentaires pour améliorer la sécurité des machines virtuelles reposant sur l'UEFI ;
  • Les images live de Fedora Linux utilisent le système de fichiers EROFS en lieu et place de SquashFS ;
  • Ajout d'un générateur de dépendances pour les extensions de GNOME Shell, permettant de lier la version de l'extension avec celle de gnome-shell à partir du fichier metadata.json de l'extension ;
  • Redéfinition des dépendances de nombreux paquets de git vers git-core.

  Tester

  Durant le développement d'une nouvelle version de Fedora Linux, comme cette version Beta, quasiment chaque semaine le projet propose des journées de tests. Le but est de tester pendant une journée une fonctionnalité précise comme le noyau, Fedora Silverblue, la mise à niveau, GNOME, l’internationalisation, etc. L'équipe d'assurance qualité élabore et propose une série de tests en général simples à exécuter. Suffit de les suivre et indiquer si le résultat est celui attendu. Dans le cas contraire, un rapport de bogue devra être ouvert pour permettre l'élaboration d'un correctif.

  C'est très simple à suivre et requiert souvent peu de temps (15 minutes à une heure maximum) si vous avez une Beta exploitable sous la main.

  Les tests à effectuer et les rapports sont à faire via la page suivante. J'annonce régulièrement sur mon blog quand une journée de tests est planifiée.

  Si l'aventure vous intéresse, les images sont disponibles par Torrent ou via le site officiel.

  Si vous avez déjà Fedora Linux 41 ou 40 sur votre machine, vous pouvez faire une mise à niveau vers la Beta. Cela consiste en une grosse mise à jour, vos applications et données sont préservées.

  Nous vous recommandons dans les deux cas de procéder à une sauvegarde de vos données au préalable.

  En cas de bogue, n'oubliez pas de relire la documentation pour signaler les anomalies sur le BugZilla ou de contribuer à la traduction sur Weblate. N'oubliez pas de consulter les bogues déjà connus pour Fedora 42.

  Bons tests à tous !

• Peter Czanik Introducing the develop branch of the syslog-ng git repo

  For many years, the development of syslog-ng happened on the master branch in Git. However, if you follow that branch, you might have noticed that there has not been much activity on it lately. That is because we introduced a new branch in git called “develop”.

  Why? Simply because keeping release code on the master branch and performing actual development on a separate branch makes several internal processes easier.

  So, what is the current status? The code for an upcoming bug fix release is already on the master branch. But all other developments are happening in the new develop branch. Most GitHub processes have already been changed to use the new develop branch. This means that:

  • The nightly Debian / Ubuntu packages are generated from the new develop branch: https://www.syslog-ng.com/community/b/blog/posts/nightly-syslog-ng-builds-for-debian-and-ubuntu

  • The nightly syslog-ng container is generated from the above packages: https://www.syslog-ng.com/community/b/blog/posts/nightly-syslog-ng-container-images

  • While not a GitHub action, my weekly unofficial openSUSE / SLES and Fedora / RHEL & compatible packages are now also built from the develop branch: https://www.syslog-ng.com/community/b/blog/posts/rpm-packages-from-syslog-ng-git-head

  And what does this mean for developers? It means that from now on, you should prepare your pull requests against the develop branch. The master branch should only contain code merged from the develop branch right before release.

  -

  If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

• Fedora fans نوروز جشن شکفتن امید و آغاز روزهای روشن

  

  بهار از راه می‌رسد و با خود عطر شکوفه‌ها، صدای پرندگان و طراوتی بی‌نظیر را به ارمغان می‌آورد! نوروز، جشن زنده شدن طبیعت و فرصتی طلایی برای ماست تا رویاهای تازه‌ای بسازیم و با انگیزه‌ای نو، به استقبال روزهای درخشان برویم. لحظه تحویل سال، پر از امید و آرزوهای زیباست؛ لحظه‌ای که گذشته را پشت […]

  The post نوروز جشن شکفتن امید و آغاز روزهای روشن first appeared on طرفداران فدورا.

March 17, 2025

• Tom Tromey DWARF Abbrevs Use Too Much Space

  I was curious about DWARF abbrev table efficiency the other day, so I instrumented gdb to record some simple stats about abbrevs: how many are seen, how many duplicates are seen, and how many bytes are used.

  Running gdb on itself, I discovered that abbrevs are largely redundant. In particular, removing redundant abbrevs will remove 95% of abbrevs (10238 unique of 230714 total). Similarly the size of the abbrev tables reduces similarly (230714 bytes needed for the de-duplicated abbrevs, compared to 3848152 as seen in the executable).

  Something to think about when you consider the effort DWARF puts in to save a single byte in .debug_info, say by using a 1-byte form rather than a uleb.

  I was considering having gdb intern abbrevs and pre-reading all abbrevs so that later steps wouldn’t have to re-read these; but interning turns out to be too slow and so re-reading on demand seems like the way to go.

• Felipe Borges Flock to Fedora is coming to Prague!

  I’m passing by to let you know that Flock to Fedora 2025 is happening from June 5th to 8th in Prague, here in the Czech Republic.

  I will be presenting about Flatpaks, Fedora, and the app ecosystem, and would love to meet up with people interested in chatting about all things GNOME, Flatpak, and desktop Linux.

  If you’re a GNOME contributor interested in attending Flock, please let me know. If we have enough people, I will organize a GNOME Beers meetup too.

March 16, 2025

• Frank Ch. Eigler moment of zen

  Fellow human animals, contemplate these two photos. What's going on?

  

  Here's a Tesla, fully self-driving itself on & off of a local highway, working through an intersection, on its way to a friend. The driver hasn't touched the controls since leaving the home driveway. Beneath the car's screen, an ipad mini, streaming a live video of the SpaceX launch of four astronauts to the ISS via Twitter. Since cell phone reception is crappy here, it's using a Starlink mini dish mounted to the ceiling glass of the Tesla to talk to internet satellites and give us an island of wifi.

  In other words, an Elon car is driving us, while we are watching an Elon social media video service, with internet traffic coming through Elon satellites, all to watch an Elon rocket go into space. It's Elon all the way down.

• Guillaume Kulakowski Nouvelle Version de mes Conteneurs Docker Apache HTTPD et PHP 8.4 pour Nextcloud

  Je viens de mettre à disposition une nouvelle version de mes conteneurs Docker Apache HTTPd et PHP 8.4 pour Nextcloud. Ces deux conteneurs incluent désormais une fonctionnalité permettant de définir le PUID et le PGID qui exécuteront à la fois le démon HTTPd et le processus PHP. L’objectif est de pouvoir installer ces conteneurs sur […]

  Cet article Nouvelle Version de mes Conteneurs Docker Apache HTTPD et PHP 8.4 pour Nextcloud est apparu en premier sur Guillaume Kulakowski's blog.

March 15, 2025

• Kevin Fenzi Mid March infra bits 2025

  

  AI Scraper scourge

  The AI scraper (I can only assume thats what they are) scourge continued, and intensified in the last week. This time they were hitting pagure.io really quite hard. We blocked a bunch of subnets, but it's really hard to block everything without inpacting legit users, and indeed, we hit several cases where we blocked legit users. Quickly reverted, but still troublesome. On thursday and friday it got even worse. I happened to notice that most of the subnets/blocks were from .br (Brazil). So, in desperation, I blocked .br entirely and that brought things back to being more responsive. I know thats not a long term solution, so I will lift that block as soon as I see the traffic diminish (which I would think it would once they realize it's not going to work). We definitely need a better solution here. I want to find the time to look into mod_qos where we could at least make sure important networks aren't blocked and other networks get low priority. I also added a bunch more cpus to the pagure.io vm. That also seemed to help some.

  F42 Beta on the way

  Fedora 43 Beta is going to be released tuesday! Shaping up to be another great release. Do download and test if you wish.

  Datacenter Move

  The datacenter move we are going to be doing later this year has moved a bit later in the year. Due to some logistics we are moving to a mid June window from the May window. That does give us a bit more time, but it's still going to be a lot of work in a short window. It's also going to be right after flock. We hope to have access to new hardware in a few weeks here so we can start to install and setup things. The actual 'switcharoo' in June will be over 3 or so days, then fixing anything that was broken by the move and hopefully all set before the F43 Mass rebuild.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114167827757899998

March 14, 2025

• Daniel Pocock Margarita Manterola (marga, Google) & Debian DebConf13 Swiss venue intrigue

  Today somebody asked me about what went wrong in the DebConf13 venue conflict. As in any technical problem, the best thing to do is find the root cause. In this case, there are a series of super-secret emails that are so private they weren't even shared on the debian-private mailing list.

  Margarita Manterola (marga) was working for Google at the time and she started the email thread with a small group of people who would be sympathetic to overriding the work of the DebConf local team and forcing them to change the venue.

  DebConf13 had been assigned to a local team in Switzerland. They proposed a remote venue called Le Camp.

  There were two women involved in this and both of them had become pregnant at the same time. They didn't want to tell anybody about their pregnancies. It is not even mentioned in the emails but we know it is true in hindsight.

  There is a perception, largely true, that women in Debian are the partners of male developers. The pregnancies and the fact these pregnancies started around the same time really underline the fact that female Developers are not really independent members of the community. When they are part of a discussion or when they participate in a vote they are usually lobbying the rest of us in unison with whatever their partner is saying. For outsiders reading the Debian mailing lists, these relationships are not obvious.

  When people refer to a cabal in Debian we can't ignore the dangers of the groupthink problem. When people wear the same tartans, when they pretend there is no money to pay for things and when we see a core group of people who have pregnancies at the same time, why was that so embarrassing that they couldn't tell us about it? They are embarrassed to admit groupthink is a typical symptom of a cult.

  Forcing people to do things is a common theme in Debian these days.

  Marga's email describes the tactics of working as a group to put pressure on the local team and break their will.

  The local team agreed to organize the conference as volunteers and people were actively trying to control the volunteers from Google.

  Forcing people to do things, the Debian Suicide Cluster, coincidence of course.

  Remember, Marga is the same person who didn't even want Carla to share the food at DebConf15 in Africa. But she wanted to have the whole venue change to accommodate her own family planning project.

  In 2023, they wanted to force people to contribute money for the day trip and one volunteer who did a lot of work in the local team was Abraham Raji. After all the work he did, including the logo design, Abraham didn't want to pay for the day trip, he was left behind to swim alone and died by drowning.

  Marga says a lot in this email but doesn't mention the pregnancies were also a factor in her thinking.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

  Subject: Regarding DC13 venue issues
  Date: Sun, 25 Nov 2012 00:31:36 +0100
  From: Margarita Manterola <marga@debian.org>
  To:
  
  Hi,
  
  [Re-sent due to wrong headers on the first try. Please reply to this mail]
  
  This message is long. I'm sorry. I beg you to PLEASE read it anyway.
  
  As most of you know, this has been quite a complicated year for me, I
  started a new job, in a new country.  This has kept me away from Debian and
  DebConf for most of this year.  I wasn't present in the venue decision for
  DC13, and missed DC12.  I very much regretted both things, but have been
  looking forward to DC13 all this time.
  
  Now, finally, I'm settling and have a bit more free time, I've been working
  on Debian bugs, and I have come back to see what was going on with DC13,
  only to find a number of shocking things that I think need urgent action:
  
  The venue is located on a town of 256 inhabitants, 100km from Geneva, 160km
  from Basel and 180km from Zurich. No direct train available, bus needed.
  The nearest supermarket is 3.7km away (by car).  This basically the
  definition of a place in the middle of nowhere.  Something that we've been
  trying hard to avoid after DC6, because after it, we learned that the
  surroundings are also part of the venue.
  
  Also, it is not cheap.  The current budget is around € 200,000, and we will
  get no government help to cover the holes this time. Keep in mind that in
  the past years we have raised about € 50,000 (apart from government help).
  There has been work done on this front, but we are nowhere near the 200k
  mark, and it's extremely unlikely that we'll get that much.
  
  Finally, the accommodation offered is not adequate for what DebConf has
  come to be. Only 101 beds in private/semi-private rooms (up to 6 people).
  And 169 places to be used with sleeping bags (no private beds).  This could
  have been fine 10 years ago, but it's not what the conference is now.
  
  In other intances, people that wanted better rooms have just gone to a
  nearby hotel.  In this case this is not possible.  The closest hotel (1.2km
  away) is 320 CHF per night.  The rest of the hotels are way too far away,
  would require renting a car.
  
  To top everything off, they are requiring us to sign binding contracts to
  pay for a certain amount of people that we can't really be sure of, with
  money that we haven't yet raised. Plus other contract niceties that some of
  you probably know better than me.
  
  All this that I have stated you most like already knew.  I'm just restating
  them together, because I suspect that they've been brought up many times,
  but as separate issues.  They are one big issue.
  
  My conclusion is that Le Camp is unacceptable as a venue.  However, the
  local team is very opposed to a change.  Their reasons vary.  
  One of the reasons is that this is the venue that was voted on.  We need to
  convince them that this doesn't matter.  The decision meeting is not a
  binding contract.
  
  Another reason is that it is not possible to find a better venue in
  Switzerland.  I don't believe this. But if this were true, then we should
  analyze having DC13 in a different country.  It's not too late to change.
  
  Another reason is that it is "too late".  I understand that for the swiss
  it would be late, but I know from my own experience and others' that this
  has been done successfully in the past and until we actually sign the
  contract, it is NOT too late, so we must act now.
  
  This mail is to try to gather some consensus outside of IRC, with those
  that have raised their voices before.  Because discussions on IRC about
  this subject have turned nasty and nothing useful was achieved, and I
  REALLY want to help making DC13 successful, not just complain and sulk.
  The options I see right now are:
  
  1- Convince the local team to find a different venue. [Hard]
  2- Find a different venue outside of the local team, and then convince them
     to go for it. [Also hard]
  3- Discard Switzerland and find a new location. [Bound to make people
     unhappy, but easier than 1 and 2]
  4- ? Any other ideas?
  
  Regarding alternative venues, there's already a proposed venue, but
  mentioning it to the local team has created a very unhelpful atmosphere on
  IRC, I fail to understand why.  This is something where acting as a group
  instead of individual complainers would maybe make a difference.
  
  I'm really interested in hearing options and actions that we might take.
  Please do not shrug this off.  I know that this has been discussed many
  times, and that I wasn't there before. It saddens me, but this has not been
  solved.  We need to solve it.
  
  Please reply with opinions, ideas, ways that we could make this better.
  
  Thank you for your time.
  
  PS: Please do not share this mail with other people yet.
  
  -- 
  Love,
  Marga
  

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

  

   

  Photo courtesy of ECI37

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

• Fedora Community Blog Infra and RelEng Update – Week 11 2025

  This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

  Week: 10 – 14 March 2025

  

  Infrastructure & Release Engineering

  The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
  It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
  List of planned/in-progress issues

  Fedora Infra

  • In progress:
    • Blocked access to Fedora repositories
    • OTP locked me out of my account
    • Retire the Summer Coding mailing lists
    • Network connectivity issues on koji builders (partial downloads, etc.)
    • re-add datagrepper nagios checks (and add to zabbix?)
    • Fix logrotate on kojipkgs01/02
    • 2025 datacenter move (IAD2->RDU3)
    • Broken link for STG IPA CA certificate, needed for staging CentOS Koji cert
    • [CommOps] Open Data Hub on Communishift
    • retire easyfix
    • Add StartInstanceRefresh permission for fedora-ci-testing-farm user in AWS
    • Deploy Element Server Suite operator in staging
    • Pagure returns error 500 trying to open a PR on https://src.fedoraproject.org/rpms/python-setuptools-gettext
    • a real domain name for konflux
    • Create a POC integration in Konflux for fedora-infra/webhook-to-fedora-messaging
    • maubot-meetings bot multi line paste is cut
    • setup ipa02.stg and ipa03.stg again as replicas
    • Manage our new testing.farm domain via AWS Route53
    • Add support for creating RDS instances under `testing-farm-` prefix
    • Move OpenShift apps from deploymentconfig to deployment
    • The process to update the OpenH264 repos is broken
    • httpd 2.4.61 causing issue in fedora infrastructure
    • Support allocation dedicated hosts for Testing Farm
    • EPEL minor version archive repos in MirrorManager
    • vmhost-x86-copr01.rdu-cc.fedoraproject.org DOWN
    • Add yselkowitz to list to notify when ELN builds fail
    • Cleaning script for communishift
    • Setup RISC-V builder(s) VM in Fedora Infrastructure
    • Move from iptables to firewalld
    • Help me move my discourse bots to production?
    • rhel9 adoption
    • Replace Nagios with Zabbix in Fedora Infrastructure
    • Migration of registry.fedoraproject.org to quay.io
  • Done:
    • Inactive provenpackagers for the F42 cycle
    • Server returns HTTP 502 when trying to rollback Fedora Silverblue
    • Fedora account interface returns HTTP error 500 when trying to link Red Hat Bugzilla account
    • bvmhost-p09-03 ends in emergency mode
    • Login to Bugzilla via FAS fails with “400 – Bad Request”
    • Need to delete user account in FAS that has been already deleted in Discourse (discussion.fedoraproject.org) due to violations (spam, AI, etc.)

  CentOS Infra including CentOS CI

  • In progress:
    • Increase Storage capacity for koji built artifacts
    • Testing Jenkins – c10s x86_64 metal doesn’t provision
    • Release Improvements
    • upgrade mailman3 stack for django 4.x
    • [spike] : investigating needed deps (poetry) for duffy on el9
    • Onboarding new infra SIG member
    • Migrate main backup storage pool to different hardware
    • [spike] : investigating options/alternatives for the upcoming DC move
  • Done:
    • cannot connect to ganesha jenkins in centos CI
    • [Cloud SIG] Create OpenStack Flamingo tags for CentOS Stream 9 in CBS
    • New mirror Unix-Solutions
    • new package repo request: git.centos.org/rpms/tree-sitter

  Release Engineering

  • In progress:
    • Create Fedora 42 Beta candidates
    • Please send openh264-2.6.0 to Cisco
    • Unretire datanommer-commands and python-datanommer-models packages
    • Create `image-builder-build` koji build group
    • 300+ F42FTBFS bugzillas block the F41FTBFS tracker
    • Packages that have not been rebuilt in a while or ever
    • Fedora 42 Mass Rebuild Tracker
    • Send compose reports to a to-be-created separate ML
    • .sqlite metadata missing in f41-updates and f41-updates-testing repositories
    • Could we have fedoraproject-updates-archive.fedoraproject.org for Rawhide?
    • Investigate and untag packages that failed gating but were merged in via mass rebuild
    • a few mass rebuild bumps failed to git push – script should retry or error
    • Package retirements are broken in rawhide
    • Implement checks on package retirements
    • Untag containers-common-0.57.1-6.fc40
    • orphan-all-packages.py should remove bugzilla_contact entries from fedora-scm-requests as well
    • Packages that fail to build SRPM are not reported during the mass rebuild bugzillas
    • When orphaning packages, keep the original owner as co-maintainer
    • Create an ansible playbook to do the mass-branching
    • RFE: Integration of Anitya to Packager Workflow
    • Fix tokens for ftbfs_weekly_reminder. script
    • Update bootloader components assignee to “Bootloader Engineering Team”for Improved collaboration
  • Done:
    • Stalled EPEL package: perl-LockFile-Simple
    • Stalled EPEL package: gcsfs
    • epel8 branch not created successfully for cmrc
    • Deprecating the gold linker
    • Stalled epel package request: python-hamcrest
    • F42 stable push requests
    • Rawhide netinstall broken.
    • Retirements broken in Rawhide
    • Please untag tinysparql-3.8~rc-3.fc42
    • Fedora 42 Mass Branching Tracker

  List of new releases of apps maintained by I&R Team

  • Patch update of CentOS CI Duffy from 3.4.0rc3 to 3.4.0 on 2025-03-12: https://github.com/CentOS/duffy/compare/v3.4.0rc3…v3.4.0
  • Patch update of MD API from 3.1.6 to 3.1.7 on 2025-03-12: https://github.com/fedora-infra/mdapi/releases/tag/3.1.7
  • Patch update of CentOS CI Duffy from 3.4.0rc2 to 3.4.0rc3 on 2025-03-11: https://github.com/CentOS/duffy/compare/v3.4.0rc2…v3.4.0rc3

  If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

  The post Infra and RelEng Update – Week 11 2025 appeared first on Fedora Community Blog.

March 13, 2025

• Matěj Cepl Dreaded “Too many arguments” error with cd

  When using bash(1) option autocd I get often to the situation that multiple directories is found, and then cd fails to work with the error I begun to dread: “bash: cd: too many arguments”. After brief (half an hour at most) but very passionate discussion with Gemini, we came to this solution:

  cd() {
    local result
    local first_arg="$1"
  
    if [[ -z "$first_arg" ]]; then
      command cd "$HOME"
      return
    fi
  
    shift
  
    if [[ "$first_arg" == "--" ]]; then
      first_arg="$1"
      shift
    fi
  
    local remaining_args=("${@}")
  
    command cd "$first_arg" 2>&1 >/dev/null
    local cd_result=$?
    if [[ "$cd_result" -ne 0 ]]; then
      if [[ ${#remaining_args[@]} -gt 0 ]]; then
        local selected_arg=$(printf "%s\n" "${remaining_args[@]}" | fzf)
        if [[ -n "$selected_arg" ]]; then
          command cd "$selected_arg"
        fi
      fi
    fi
  }
  
  shopt -s autocd
  shopt -s expand_aliases
  

  Leaving it here for posterity. Exercise for the reader could be better use of fzf.

• Fedora fans چهارشنبه سوری مبارک

  

  چهارشنبه‌سوری، جشن کهن ایرانی، شبی است که آتش، نماد پاکی و روشنایی، در دل تاریکی شب زبانه می‌کشد و گرمای امید را به دل‌ها هدیه می‌دهد. این آیین زیبا که نسل به نسل از نیاکانمان به ما رسیده، فرصتی است برای رهایی از غم‌ها و بدی‌ها و استقبال از سالی پر از شادی و خوشبختی. […]

  The post چهارشنبه سوری مبارک first appeared on طرفداران فدورا.

• Peter Czanik Testing Elasticsearch 9.0.0 beta1 with syslog-ng

  Each time a new major Elasticsearch version is released, someone asks if it works with syslog-ng. So I gave it a quick test and based on that, it works fine. But of course, some terms and conditions apply… :-)

  Before you begin

  On the syslog-ng side, I used the latest development snapshots for RHEL: https://www.syslog-ng.com/community/b/blog/posts/rpm-packages-from-syslog-ng-git-head For Elasticsearch, I used a tutorial from the Elastic website: https://www.elastic.co/guide/en/elastic-stack/9.0/installing-stack-demo-self.html

  Make sure that you use a dedicated test environment. Why? See below… :-)

  Operating systems

  For most software, when their documentations mention RHEL 8 as a system requirement, said software usually work without any problem on RHEL 9 and even on CentOS Stream 10 as well. However, this does not seem to be the case with Elasticsearch: its tutorial says that “the examples in this guide use RPM packages to install the Elastic Stack components on hosts running Red Hat Enterprise Linux 8”. My initial test was done on RHEL 9, however, and I could not get Elasticsearch 9.0.0-beta1 to work – even the curl test failed. I wanted to check if the issue was a software or an environment problem, so I installed the latest Elasticsearch 8.X release in the VM. But I got the same results – I could not get it to work.

  So I went back to RHEL 8 and suddenly, installing Elasticsearch 8 worked perfectly. The curl test worked, just as installing Kibana. I sent logs from syslog-ng and I could browse the results in Kibana immediately.

  Fresh install instead of upgrading

  I am lazy, so once I had a working 8.X installation, I tried to upgrade it to version 9.0.0-beta1. But I had no luck. Deep in the log file among some long Java error messages, there was a short message that upgrading from 8.X to 9.0 is not supported. So I deleted the Elasticsearch and Kibana packages, along with all the configuration and data directories. I installed Elasticsearch 9.0.0-beta1 again from scratch, then suddenly, everything worked as expected. I have yet to make some measurements, but at first glance, version 9 feels to be faster.

  What is next?

  If you use RHEL or compatibles and still have an old RHEL 8 (or compatible) system around, you are ready for testing. Everything worked fine in my test environment, but as its name implies, I did not have production logs available. If you have a chance, set up a RHEL 8 (or compatible) box, prepare a fresh Elasticsearch & Kibana 9.0.0 beta installation, then feed it with production logs. Just make sure that your test destination is set up alongside a well-working production destination instead of replacing it. Let us know your experiences!

  -

  If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

March 12, 2025

• Peter Czanik The syslog-ng Insider 2025-03: EPEL 10; Elasticsearch; Active Roles

  Dear syslog-ng users,

  
  

  This is the 129th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

  
  

  NEWS

  Test syslog-ng on EPEL 10!

  CentOS Stream 10 and EPEL 10 just became available, and as usual, I tried to build syslog-ng as soon as possible. For now it is available in my git snapshot repository, but I am also planning to make it available in EPEL 10 soon.

  https://www.syslog-ng.com/community/b/blog/posts/test-syslog-ng-on-epel-10

  Collecting Active Roles logs centrally using the syslog-ng Windows Agent

  One Identity Active Roles allows you to easily and securely manage Active Directory (AD), Entra ID and M365 Identity objects. While Active Roles stores its log messages into Windows Event Log, most log management and log analytics applications expect to receive log messages over the syslog protocol. This is where syslog-ng Premium Edition (PE) can help you. The syslog-ng Windows Agent can collect and forward Active Roles log messages from Windows Event Log, while the syslog-ng server can collect, process, store and forward Active Roles log messages to multiple destinations.

  https://www.syslog-ng.com/community/b/blog/posts/collecting-active-roles-logs-centrally-using-the-syslog-ng-windows-agent

  syslog-ng OSE 4.8.1 is now in EPEL 10, quick fix for Elasticsearch

  This blog is just a quick announcement that syslog-ng 4.8.1 is now available in EPEL 10, so you do not have to use the testing repository anymore. Thanks everyone for the feedback! However, support for Elasticsearch 7+ is broken in this release, as some of you reported. You can fix this problem as described in https://github.com/syslog-ng/syslog-ng/issues/5207 by removing references to “type”.

  https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-ose-4-8-1-is-now-in-epel-10-quick-fix-for-elasticsearch

  WEBINARS

  • You can learn about upcoming webinars and browse recordings of past webinars at https://www.syslog-ng.com/events/

  
  

  Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/

• Cockpit Project Cockpit 335

  Cockpit is the modern Linux admin interface. We release regularly.

  Here are the release notes from Cockpit 335 and cockpit-machines 329:

  Storage: SMART device health

  The Storage page now shows disk device health and can run disk self-check tests on demand.

  

  

  Machines: Fix remote viewer launching

  The “Launch viewer” button in Cockpit Machines now reliably launches “virt-viewer”. The fix adds a generated filename to the application/x-virt-viewer helper file, resolving browser-specific launch issues. The filename also clarifies the file’s purpose in the downloads folder.

  Try it out

  Cockpit 335 and cockpit-machines 329 are available now:

  • For your Linux system

  • Cockpit Client

  • Cockpit Source Tarball
  • Cockpit Fedora 42
  • Cockpit Fedora 41
  • cockpit-machines Source Tarball
  • cockpit-machines Fedora 42
  • cockpit-machines Fedora 41

March 11, 2025

• David López Análisis Explicativo del Modelo de Redes Neuronales para Clasificación de Sentimientos en Reseñas…

  Análisis Explicativo del Modelo de Redes Neuronales para Clasificación de Sentimientos en Reseñas de Películas

  Este artículo es una continuación de un análisis previo en el que se exploró en detalle el modelo Naive Bayes para la clasificación de sentimientos en reseñas de películas (lo puedes encontrar aqui). En aquella ocasión, se destacó su eficiencia y rendimiento en la tarea de predecir si una reseña era positiva o negativa. En esta segunda parte, nos enfocaremos en el desarrollo, implementación y evaluación de un modelo basado en Redes Neuronales (LSTM), y compararemos sus resultados con los obtenidos por el modelo de Naive Bayes. El objetivo es comprender las ventajas y desventajas de cada enfoque, y determinar cuál es más adecuado para esta tarea específica.

  A continuación, se presenta un análisis detallado del desarrollo del modelo de Redes Neuronales, seguido de una comparación de los resultados de ambos modelos, destacando al modelo de Naive Bayes como el más eficiente en este contexto.

  Desarrollo del Modelo de Redes Neuronales (LSTM)

  1. Preprocesamiento de Datos

  El primer paso en el desarrollo del modelo de Redes Neuronales fue el preprocesamiento de los datos. Este proceso es crucial para garantizar que los datos estén en un formato adecuado para el entrenamiento del modelo. Las tareas realizadas incluyeron:

  Tokenización: Se utilizó la clase Tokenizer de Keras para convertir las reseñas de texto en secuencias de enteros. Cada entero representa un token (palabra) en el vocabulario.

  tokenizer = Tokenizer(num_words=5000)
  tokenizer.fit_on_texts(df_reviews_nn['Processed_Review_Text'])
  X_nn = tokenizer.texts_to_sequences(df_reviews_nn['Processed_Review_Text'])

  Padding: Para garantizar que todas las secuencias tuvieran la misma longitud, se aplicó padding. Esto es esencial porque las Redes Neuronales requieren entradas de tamaño fijo.

  maxlen = generate_padded_sequences(X_nn)
  X_nn = pad_sequences(X_nn, maxlen=maxlen)

  Codificación de Etiquetas: Las etiquetas (positivas y negativas) se codificaron utilizando One-Hot Encoding para facilitar su procesamiento en el modelo.

  onehot_encoder = OneHotEncoder(sparse_output=False)
  y_nn = onehot_encoder.fit_transform(df_reviews_nn['Category'].values.reshape(-1, 1))

  2. División de Datos

  Los datos se dividieron en conjuntos de entrenamiento y prueba para evaluar el rendimiento del modelo. Esta división permite validar la capacidad del modelo para generalizar a datos no vistos.

  X_train_nn, X_test_nn, y_train_nn, y_test_nn = train_test_split(X_nn, y_nn, test_size=0.2, random_state=42)

  3. Creación del Modelo LSTM

  Se construyó un modelo de Red Neuronal utilizando la clase Sequential de Keras. El modelo incluyó una capa de Embedding para representar las palabras en un espacio vectorial, una capa LSTM para capturar dependencias temporales en los datos, y una capa densa con activación softmax para la clasificación.

  model_nn = Sequential([
      Embedding(input_dim=5000, output_dim=128, input_length=maxlen),
      LSTM(units=128, dropout=0.2, recurrent_dropout=0.2),
      Dense(2, activation='softmax')
  ])

  4. Compilación y Entrenamiento del Modelo

  El modelo se compiló utilizando el optimizador Adam y la función de pérdida categorial_crossentropy, adecuada para problemas de clasificación multiclase. Luego, se entrenó el modelo con los datos de entrenamiento.

  model_nn.compile(optimizer='adam', loss='categorical_crossentropy', metrics=['accuracy'])
  hist = model_nn.fit(X_train_nn, y_train_nn, epochs=5, batch_size=64, validation_data=(X_test_nn, y_test_nn))

  5. Evaluación del Modelo

  Se evaluó el rendimiento del modelo utilizando métricas como precisión, recall, F1-score y el informe de clasificación. Estas métricas proporcionan una visión completa del desempeño del modelo.

  y_pred_nn = model_nn.predict(X_test_nn)
  y_pred_classes_nn = y_pred_nn.argmax(axis=1)
  y_test_classes_nn = y_test_nn.argmax(axis=1)
  
  accuracy_nn = accuracy_score(y_test_classes_nn, y_pred_classes_nn)
  precision_nn = precision_score(y_test_classes_nn, y_pred_classes_nn, average='weighted')
  recall_nn = recall_score(y_test_classes_nn, y_pred_classes_nn, average='weighted')
  f1_nn = f1_score(y_test_classes_nn, y_pred_classes_nn, average='weighted')
  classification_report_nn = classification_report(y_test_classes_nn, y_pred_classes_nn, target_names=onehot_encoder.categories_[0])
  
  print(f'Accuracy: {accuracy_nn}')
  print(f'Precision: {precision_nn}')
  print(f'Recall: {recall_nn}')
  print(f'F1-score: {f1_nn}')
  print(f'Classification Report:\n{classification_report_nn}')

  6. Resultados de la Evaluación

  El modelo de Redes Neuronales mostró un rendimiento sólido, con una precisión y F1-score altos. Sin embargo, la matriz de confusión reveló un mayor número de falsos positivos y falsos negativos en comparación con el modelo Naive Bayes.

  7. Visualización de la Curva ROC y AUC

  Se calcularon y visualizaron las curvas ROC y los valores de AUC para ambos modelos (Naive Bayes y LSTM) en los conjuntos de entrenamiento y prueba.

  # Calcular la curva ROC y el AUC para el conjunto de prueba del modelo LSTM
  fpr_nn_test, tpr_nn_test, thresholds_nn_test = roc_curve(y_test_nn.argmax(axis=1), model_nn.predict(X_test_nn).argmax(axis=1))
  roc_auc_nn_test = auc(fpr_nn_test, tpr_nn_test)
  
  # Subplot para la curva ROC del modelo LSTM
  plt.subplot(1, 2, 2)
  plt.plot(fpr_nn_train, tpr_nn_train, label=f'Train (AUC = {roc_auc_nn_train:.2f})')
  plt.plot(fpr_nn_test, tpr_nn_test, label=f'Test (AUC = {roc_auc_nn_test:.2f})')
  plt.plot([0, 1], [0, 1], 'k--')  # Línea diagonal para referencia
  plt.xlabel('False Positive Rate')
  plt.ylabel('True Positive Rate')
  plt.title('ROC Curve - Model 2 (Red Neuronal)')
  plt.legend(loc='lower right')
  
  # Mostrar la figura con los gráficos
  plt.tight_layout()
  plt.show()

  Comparación de Resultados

  Modelo Naive Bayes

  • Precisión y Rendimiento: El modelo Naive Bayes demostró ser altamente efectivo, con una precisión y un F1-score superiores. La matriz de confusión mostró un equilibrio óptimo entre verdaderos positivos y verdaderos negativos, con un mínimo de falsos positivos y falsos negativos.
  • Tiempo Computacional: Este modelo es computacionalmente eficiente y rápido de entrenar, lo que lo hace ideal para aplicaciones donde el tiempo de procesamiento es crítico.

  Modelo de Red Neuronal (LSTM)

  • Precisión y Rendimiento: Aunque el modelo de red neuronal mostró un buen rendimiento, con una precisión y F1-score altos, la matriz de confusión indicó un mayor número de errores en comparación con Naive Bayes.
  • Tiempo Computacional: El entrenamiento del modelo LSTM es más intensivo en términos de tiempo y recursos computacionales. Aunque su rendimiento es competitivo, el costo computacional es significativamente mayor.

  Conclusión

  Tras evaluar ambos modelos, se concluye que el modelo Naive Bayes es la mejor opción para la clasificación de sentimientos en reseñas de películas. Su combinación de alta precisión, rendimiento equilibrado y eficiencia computacional lo hace superior al modelo de Redes Neuronales en este contexto específico. Sin embargo, es importante destacar que el modelo LSTM podría mejorar con ajustes adicionales, como la optimización de hiperparámetros, el uso de embeddings preentrenados o técnicas de regularización más avanzadas. Ambos enfoques tienen sus fortalezas, y la elección final dependerá de los requisitos específicos del proyecto, como la disponibilidad de recursos computacionales y la necesidad de precisión.

  Resumen del Curso de Procesamiento del Lenguaje Natural

  El curso de PLN se estructuró en tres sprints, cada uno diseñado para profundizar en aspectos específicos del procesamiento y análisis de texto. A continuación, se detalla lo que se aprendió en cada uno de ellos:

  Sprint 1: Introducción al Procesamiento del Lenguaje Natural

  En este sprint, se sentaron las bases teóricas y prácticas del PLN. Los temas cubiertos incluyeron:

  • Conceptos Básicos: Se introdujeron los fundamentos del PLN, como la tokenización (división de textos en palabras o frases), la lematización (reducción de palabras a su forma base) y la eliminación de stopwords (palabras comunes que no aportan significado, como “y”, “el”, “de”).
  • Preprocesamiento de Texto: Se aprendieron técnicas esenciales para limpiar y preparar textos, como la normalización (convertir texto a minúsculas, eliminar puntuación), la corrección de errores ortográficos y la eliminación de ruido en los datos (por ejemplo, caracteres especiales o HTML).

  Este sprint fue fundamental para entender cómo transformar texto crudo en datos estructurados y listos para ser utilizados en modelos de machine learning.

  Sprint 2: Modelos Probabilísticos de NLP y Métodos de Aplicación

  En el segundo sprint, el enfoque se centró en la recopilación de datos y el uso avanzado de herramientas de PLN. Los aprendizajes clave incluyeron:

  • Web Scraping: Esta técnica es esencial para obtener textos de fuentes en línea, como reseñas de películas, noticias o comentarios en redes sociales.
  • NLTK (Natural Language Toolkit): Se profundizó en el uso de NLTK para tareas avanzadas de PLN, como la identificación de partes del discurso (POS tagging), el análisis sintáctico (parsing) y la generación de n-gramas (secuencias de palabras).
  • spaCy: Se exploró spaCy, una librería moderna y eficiente para PLN, que permite realizar tareas como el reconocimiento de entidades nombradas (NER), la dependencia sintáctica y la comparación de similitudes entre textos.

  Este sprint proporcionó las habilidades necesarias para recolectar y procesar grandes volúmenes de texto desde la web, una competencia clave en el ámbito del PLN.

  Sprint 3: NLP — Modelos y Algoritmos Avanzados

  El tercer sprint se enfocó en técnicas más avanzadas, incluyendo modelos de redes neuronales y métodos modernos de PLN. Los temas cubiertos incluyeron:

  • Redes Neuronales para Texto: Se introdujeron arquitecturas como LSTM (Long Short-Term Memory), capaces de capturar dependencias temporales en secuencias de texto. Estas redes son especialmente útiles para tareas que requieren entender el contexto a lo largo de una frase o párrafo.
  • Aplicaciones Prácticas: Se implementó un modelo LSTM para clasificación de sentimientos, comparando su rendimiento con el modelo Naive Bayes. Este ejercicio permitió entender las ventajas y desventajas de cada enfoque, así como los casos de uso más adecuados para cada uno.

  Este sprint brindó una visión más amplia de las técnicas modernas de PLN, preparando a los estudiantes para abordar problemas más complejos, como la generación de lenguaje natural o la traducción automática.

  Conclusión del Curso

  El curso proporcionó una formación integral en PLN, desde los conceptos básicos hasta las técnicas más avanzadas. A lo largo de los tres sprints, se adquirieron habilidades prácticas en preprocesamiento de texto, implementación de modelos probabilísticos y redes neuronales, y evaluación de su rendimiento. Además, se exploraron herramientas y librerías esenciales como NLTK, spaCy y Keras, que facilitaron la aplicación de estos conocimientos en proyectos reales.

  Uno de los aprendizajes más valiosos fue la importancia de elegir el modelo adecuado para cada tarea. Mientras que Naive Bayes demostró ser una opción rápida y eficiente para clasificación de texto, las Redes Neuronales ofrecen mayor flexibilidad y precisión en tareas más complejas que requieren entender el contexto. Este conocimiento es fundamental para desarrollar soluciones efectivas en el ámbito del PLN y abordar desafíos futuros, como la interpretación de lenguaje natural en tiempo real o la creación de chatbots inteligentes.

  

• Daniel Pocock Crossbow murders: prevention, missed opportunities

  The horrific crossbow murders in Bushey occurred relatively close to where I used to reside in St Albans, Hertfordshire. While the suspect was on the run, I rang some friends who live in the area to ask if they had checked all their doors and windows were really locked.

  It was risky to publish so much detail about the case while it is still in progress knowing that some new evidence might come along to contradict me. As it turns out, the blog was largely correct with its focus on the relevance of social control media and the toxic culture. At the very end of the trial, prosecutors revealed that Kyle Clifford had been following Andrew Tate, justifying my concerns about the role of social control media.

  One key piece of evidence appears to be inconsistent: the date of the crossbow purchase. This is really fundamental to understanding what was going on in Clifford's mind. In some reports, they claim he called his brother in prison on 1 July 2024 to declare he had ordered a crossbow. In reports from the same media organizations, sometimes within the same page, they claim he made the purchases on 3 July, that is, the day that his ex-girlfriend shared a Tweet about women leaving their partners.

  Examples of the contradiction:

  • Daily Mail timeline only mentions the purchase of weapons on 3 July
  • The Sun timeline mentions both 1 July, conversation with his brother about buying a crossbow and 3 July, buying the crossbow
  • Sky News live feed from the trial and the sentencing hearings has consecutive posts about both 1 July ("He had a conversation with his brother Bradley, who's serving life in prison for murder, and told him about his crossbow order, the prosecution says.") and 3 July ordering the crossbow

  Sometimes journalists do make mistakes with dates. Sometimes lawyers make mistakes with dates. Maybe he had started thinking about the order or started the online shopping cart on 1 July but only made the payment on 3 July. Maybe the conversation with his brother on 1 July was really boasting about something he hadn't actually ordered yet.

  The British police themselves have attracted a lot of controversy for their infiltration of environment activist groups and the relationships between undercover police and female activists. Yet when they had this recording of a convicted murderer talking to his brother about the purchase of weapons, they may have had a missed intelligence opportunity.

  The news summaries of this horrendous crime only give us the broad brushstrokes. It is very easy to hate this guy. Even the killer's lawyer stood up before the judge and said he was only defending the guy because it was his job to do so but he also thinks it is a particularly despicable crime.

  To really deal with the Andrew Tate phenomenon, we need to break it into three phases, which can be easily confirmed using the live feeds from the trial and the "timeline" news articles:

  Date(s)	Who	What
  23 June	Louise	Begins to communicate the relationship is over
  23 June to 2 July	Kyle	Begins plotting, although his only concrete action is to purchase rope and arrange it as a noose for himself in the cemetary.
  3 July	Louise	Shares / re-tweets comment about women leaving their partner, gives the break-up a public dimension
  3 July, 4 July	Kyle	Buys offensive weapons, crossbow, knife, air gun, petrol cans
  9 July	Kyle	Triple murder with crossbow and knife

   

  To understand Clifford's feelings when his ex starts to engage in publicity on social control media, we can take a detour and look at the case of one of the four police officers who committed suicide after the January 6 riot at the US Capitol.

  Of particular interest is the case of Officer Kyle DeFreytag. DeFreytag was only deployed to the US Capitol after the rioters had been chased away. He was posted there to enforce the curfew in the empty building where five people had been killed earlier in the day. Despite the fact the riot was over, the officers posted there that night must have felt like they were in a haunted house. Moreover, they may have feared a return of the rioters. After all, the rioters had been egged on by the president himself, Donald Trump, who still had another two weeks in office. Trump had used social media and a speech in ways that appeared to encourage civil disorder. Many officers who served in the days after the riot reported feeling a sense of dread and despair, an ongoing trauma. A few months later, DeFreytag became the fourth January 6 suicide victim.

  Whether it is the January 6 mob or the vigilantism when a woman starts a rumor on social control media, the sense of apprehension is much the same. I spoke to another man in a high profile position who was subject to vendettas by a woman. Somebody in a more senior position made the mistake of sharing it too quickly. The victim told me that his first response was to get his wife and children out of the house. The mob mentality that grips people in social control media is very similar to the way people behave out of character when they assemble in a large group at a protest or a football match.

  When Elon Musk's Twitter/X platform enticed Louise Hunt to make their break-up into a public story, she may not have intended any harm at all. Clifford, on the other hand, may have feared the worst, including the possibility that her celebrity father may share tweets with his 10,000 followers. Clifford's perception of the potential for a mob may have been based on the worst case scenario, nonetheless, he is not the only man who was taken by this sense of dread. If he saw the break-up becoming a public drama it doesn't justify the extreme violence but it may help us understand the step change in his behavior.

  When Clifford's brother was convicted for murder, it brought about an online wave of public hostility against his family. Most of us never experience something like that. Yet for Clifford, when he saw his ex starting to create a negative narrative on Twitter, his previous experience of social media shamings would have compounded his sense of dread about how Twitter might exploit his current break-up.

  Social control media clearly seeks to profit from the public fascination with conflict involving young white women. Sadly, a good profile photo and an emotional story goes a lot further than fact-checked evidence. When journalists hacked the mobile phone of 2002 murder victim Milly Dowler, looking for her last voicemail messages, there was public outrage. The rise of social control media has allowed Elon Musk to profit from tapping into the last thoughts of crossbow victim Louise Hunt. The erosion of this couple's privacy may have been a factor in Clifford's turn for the worse.

  The fear of vigilantism doesn't justify Clifford's actions but it does suggest why on 3 July there was a step change in his planning on the day the tweet was shared. Before the tweeting, he appeared to be more concerned with ending his own life but after the tweet, his actions were far worse.

  The suicide rate for men is four times higher than for women. Shortly before the crossbow murders, somebody submitted this Freedom of Information request asking how many people had taken their own life on the London Underground. The authorities were unable to reply, partly because the transport department is not responsible for classifying the cause of death, that is the job of the coroner. A report on Wikipedia suggests 643 suicide attempts in the period 2000 to 2010, roughly one per week. It is not clear how many of these relate to relationship breakdown.

  People widely commented on the fact that Clifford, who is in prison, could refuse to come to the court for the trial and sentencing. Even the Prime Minister's office in Downing Street made public comment on this feature of the trial. Nonetheless, neither Andrew Tate nor Elon Musk attended the trial either. The content they respectively create and propogate is clearly harmful to people at vulnerable times in their lives.

  Look at how Jack Dorsey was confirmed to speak at FOSDEM this year but he changed his mind and canceled at the last minute.

  Who is the bigger psychopath?

  In the victim statement of John Hunt, he stated:

  When I challenge myself about how you were able to deceive us all, I simply say that you are a psychopath who, for the duration of your time together with Louise, was able to disguise yourself as an ordinary human being.

  We could say similar things for social control media platforms pretending to be like a trusted friend while they are really exploiting people's trust to violate our privacy.

  Fact checking: date of the tweet, date of crossbow purchase

  Daily Mail tells us that Kyle purchased the crossbow on the same day Louise re-tweeted.

  

   

  The Sun tells us about the conversation about "buying" the crossbow on 1 July and also on 3 July.

  

   

  Sky News send live updates during the trial. They appear to be paraphrasing a speech by the prosecutor. Once again, it is not clear whether Kyle Clifford really made the actual purchase on 1 July or 3 July.

  

   

  Louise Hunt's "last tweet" was actually re-tweeting somebody else. Did Kyle Clifford see this and did he only go through with the purchasing of weapons after this impacted him?

  

  Remembering Dr Jacob Appelbaum

  I don't want to suggest Louise Hunt intended to start a mob, she is a victim of social media just as much as anybody else. Social media mobs have a mind of their own.

  When social control media vigilantism started to spread rumors about Dr Jacob Appelbaum in 2015, it quickly turned into real-world aggression, as evidenced by the graffiti on Dr Appelbaum's home (below). I checked the debian-private gossip messages and proved that the rumors were falsified for what appears to be a sadistic political motive.

  How many men fear similar reprisals when somebody makes their life into a subject for public speculation?

  

• Daniel Pocock Domain password giveaway: NickDelehanty.ie Irish Elections 2024

  After the Irish elections, I canceled the auto-renewal for various domain names that look similar to rival candidates. This means that the registrations will lapse at the end of 12 months, in November 2025 and anybody else can then register the same names.

  There are five years between general elections in Ireland and these domain names won't be very useful for me in that period.

  Why wait for the domain names to lapse in November? I decided to stagger the transfer of the domain names by releasing the passwords publicly. I'm saving the best for last.

  Here is the domain transfer password for NickDelehanty.ie:

  as4awdybzslmajcO

  To take NickDelehanty.ie from me, you can use any domain name registrar who you prefer. It is currently hosted with Gandi. The Irish .IE registry has a full list of registrars that you can choose from.

  There is a good chance that other people may have more creative ideas for using some of the domain names. There are many people with the same name as some of the candidates. I don't want to stand in their way.

  At the count center, I reached out to some of the other candidates and let them know I'd be happy to gift the domain names for Christmas. Some of them never got back to me.

  In a couple of cases, the candidates had previously owned the domain names and failed to renew them. This creates a much higher risk that somebody could acquire their former domain name and deliberately impersonate them. I'll hold back on releasing those domain names for a little bit longer.

  The domain names were acquired in good faith but simply letting the former domain name of the justice minister lapse into the hands of a cybersquatter could create a risk for innocent members of the public. Look at how much money the FSFE people have taken by impersonating the FSF. Politics aside, I'd prefer to just give Jim the domain name so that doesn't happen.

  Then again, it raises some ethical questions: if I give a domain name to a member of the cabinet, is it a gift? If he owned it before too, and I've helped him get it back with no real benefit to myself, is it still a gift? If it is a gift and if the transfer of the domain is public knowledge, does that neutralize any ethical concerns and comply with disclosure rules?

  I hope my acquisition of the domains will encourage some productive ethical discussions about the role of technology in our democracy. While people are distracted by that, cybersquatters are busy buying up domain names that look like future candidates to replace Pope Francis. It's not polite to say that while people are praying for the Pope's recovery from illness but nonetheless, that is the behavior of real cybersquatters.

  Each .IE domain name costs about EUR 20 to register. I haven't even asked anybody to reimbourse me for that expense. Every candidate who's vote tally exceeds a quarter of a quota is able to fully recover their expenses, including domain name fees, from public funds.

  After somebody takes NickDelehanty.IE off my hands I'll wait a few days and then share the next domain in the list. Please follow my RSS feed to be first to know when the next opportunity appears.

  

   

  Daniel Pocock is a Debian Developer.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

• Kiwi TCMS Kiwi TCMS 14.1

  We're happy to announce Kiwi TCMS version 14.1!

  IMPORTANT:

  This is a minor version release which includes security related updates, several improvements, API changes and new translations.

  Recommended upgrade path:

  14.0 -> 14.1
  

  You can explore everything at https://public.tenant.kiwitcms.org!

  ---

  Public container image (x86_64):

  pub.kiwitcms.eu/kiwitcms/kiwi   latest  203d476fbcdc    674MB
  

  IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

  Changes since Kiwi TCMS 14.0

  Security

  • Update Django from 5.1.6 to 5.1.7 addressing a medium severity denial-of-service vulnerability, CVE-2025-26699, which does not appear to affect Kiwi TCMS

  Improvements

  • Update django-simple-captcha from 0.6.1 to 0.6.2
  • Update psycopg from 3.2.4 to 3.2.5
  • Update pygithub from 2.5.0 to 2.6.1
  • Enable search functionality on Tag Admin page (Jurijs JeÅ¡kins). Fixes Issue #3739
  • After cloning a TestCase load its Edit page. (Martin Bodurov)
  • Add Search Test Executions item under SEARCH menu in navigation bar
  • Display Default tester field on Search Test Cases page
  • Display Default tester fields on Execution Dashboard page. Closes Issue #3766
  • On TestRun view page display TestExecution history diff only when user accessing the page has the testruns.view_historicaltestexecution permission. Otherwise it will not be shown
  • Display Last Bug ID - Status widget for each TestExecution row on TestRun view page. Closes Issue #3748
  • Allow user to exclude Product condition on Search Test Cases page
  • Update references to Kiwi TCMS container images across our code base, documentation and website as we may change hosting providers soon
  • Update performance results documentation
  • Document results for parallel user session performance. Closes Issue #721

  API

  • Method TestExecution.history() is now controlled by the more granular testruns.view_historicaltestexecution permission instead of the generic testruns.view_testexecution

  Refactoring and testing

  • Update isort from 6.0.0 to 6.0.1
  • Update sphinx from 8.1.3 to 8.2.3
  • Update node_modules/webpack from 5.97.1 to 5.98.0
  • Remove eslint-plugin-promise as a direct dependency
  • Remove duplicate field history_change_reason from ORM query
  • Refactor code which displays the red bug icon in TestRun view page

  Translations

  • Updated Albanian translation
  • Updated Korean translation
  • Updated Portuguese, Brazilian translation

  Kiwi TCMS Enterprise v14.1-mt

  • Based on Kiwi TCMS v14.1
  • Update certbot-* from 3.1.0 to 3.2.0
  • Update sentry-sdk from 2.20.0 to 2.22.0
  • Update social-auth-app-django from 5.4.2 to 5.4.3
  • Add new setting MERMAID_RENDERER_URL

  Private container images

  hub.kiwitcms.eu/kiwitcms/version            14.1 (aarch64)          21e42abe02fc    10 Mar 2025     688MB
  hub.kiwitcms.eu/kiwitcms/version            14.1 (x86_64)           f94f7ef3d6cc    10 Mar 2025     674MB
  hub.kiwitcms.eu/kiwitcms/enterprise         14.1-mt (aarch64)       181f2ffe0a75    10 Mar 2025     1.08GB
  hub.kiwitcms.eu/kiwitcms/enterprise         14.1-mt (x86_64)        12c79af66fc6    10 Mar 2025     1.06GB
  

  IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

  How to upgrade

  Backup first! Then follow the Upgrading instructions from our documentation.

  Happy testing!

  ---

  If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!

  • Give â­� on GitHub;
  • Give ğŸ‘� on GitLab;
  • Join our newsletter and follow all project news;
  • Become a contributor and an awesome open source hacker;
  • Become a subscriber and help us sustain development

March 10, 2025

• Adam Young Bogotá

  “Get out”

  
  That was my sister, telling me via chat to get out of the cab I had just gotten in to. In her defense, I had screwed up her instructions, which was to go to the Imperial Cab counter at the airport, prepay for a ride to her apartment, and in no case was I to get directly into a cab.

  Table of contents

  • Travel To Colombia
  • Sunday Biking
  • Monserrat
  • Gold
  • Hiking the Bogs above Bogotá
  • The National Museum
  • Journey to the Sacred Laguna
  • Return to the States
  • Post Script: The Happy Ending

  Travel To Colombia

  
  I was sleep deprived. The night before gave me about 2 hours of actual sleep. Anxiety about so many things kep me awake, including the 5 AM wakeup we needed in order to catch a car to Logan to make our flight. It was already cutting in close.
  
  We had exit row seats on the plane. That was great for the extra leg room, but they did not recline, and sleeping was pretty close to impossible. Thus, once we landed and got through customs, I made the mistake of following someone with a sign for Imperial. I thought we were going to the counter, but we ended up outside, with a couple ladies loading our gear into a cab. It turned out fine, the cabbie took me right to my Sister’s building, and accepted payment in US dollars. I was not kidnapped, run all over the city, and forced to empty my bank account.
  
  Bogatá has a reputation for being one of the most dangerous cities in the world, but it is also an amazing city. It has a new-feeling, upscale section around the offices of many of the Banks with Apartment buildings that would fit in any new metropolis in the world. It also aparently has one of the largest mega slums in the world: Ciudad Bolivar. We would not go any further south than the Candalaria district, except for two excursions out of the Bus station on Calle 6.

  
  
  Sunday Biking

  For the first day, though, we planned on taking advantage of the biking culture in the city. We arrived on Sunday, when many of the streets in Bogota had been closed to vehicular traffice, and bikes ruled many roads. Most notably, I was able to grab a tembici Bike less than 3 blocks from Carrera 7. With my sister on her own bike, my son on a borrow3d bike, and me on the admittiedly heavy rental, we took a tour down 7th, but turned off to a cross street before we hit the heavy crowds in the city center.

  

  I forgot to track the route on my Garmin watch, but we got a pretty good tour of the safer part of the city, incuding a sight of the Botero Sculpture in the Parque el Renacimiento.

  

  
  After our bike ride, my son retired to my sister’s apartment, while we two went out into a market up in the the Usaquen neighborhood. Lunch, coffee, and shopping was mixed with that feeling you get when you are once again mixed into a foreign culture. I have a decent grounding in Spanish, but it has been years since I practiced it regularly, and the accent in Colombia is very different from the Madrilleño accent I had learned when I was 16. Fortunately, I had a wonderful guide in my sister, who had lived in Latin America for 20+ years. She helped me pick out a hammock swing for our front porch that would later prove to make my trip home a bit more difficult.

  

  Monserrat

  On Monday we did the most touristy of outings: we took the cable car to the summit of Monserate. Bogotoá had been going through a dry spell for most of the previous year, but you would not be able to tell by the weather during our trip. I rained everyday, sometimes in torrents. We carried umbrellas, and, when I remembered, wore my waterproof hiking boots instead of my porous running shoes when out an about in town. The temperature was late summer/ earl fall for the most part, a very pleasant respite from the sub-zero New England winter we had left behind. While we did not get rained on during this outing, the visibility from the top was limited, with only brief breaks in the cloud providing glimpses of the expanse that is Bogotá.

  

  We attempted then to go to the Gold or Botero museum, but made it down to the Candaleria district around 5, and the museums last allowed entry was at 4 PM. We got a brief tour of the neighborhood and then headed back north.

  Gold

  The National Museum and the Botero were closed on Tuesdays.Instead, my son and I performed an un-escorted outing, this time to the gold museum. I was expecting a series of demonstrations of how gold mining was perfromed in the countrym from ancient time to the strip mining performed in some unregulated portions of the country today. Instead, it was a huge collection of golden artifacts from indigenous cultures. While many displayes had top-level explanations in English, it was essential to read spanish in order to enuder stand that majority of the descriptions. Even still, most artifacts were unlabeled, at least as far as where they were from and where they had been procured, leading me to wonder how many had been rescued/bought off of treasure hunters. The museum was wonderfully ful of items, and very full of securtiy guards as one might well expect from a museum full of gold.

  

  

  

  Bogotá has wonderful restaurants. We visited many during the week. Monday night was a French restaurant my sister had wanted to visit. Tuesday nights we had Crepes. Later in the week we visited an Italian restaurant, the favorite of my-soon-to-be-brother-in-law. The food was uniformly excellent, and the prices very acceptable by Boston standards. The coffee was superb, as expected.

  Hiking the Bogs above Bogotá

  On Wednesday we slipped the bonds of the city. After a car ride to the 6th Street station, we caught the bus to Choachi, accompanied by Carol, a tour guide my sister had worked with before. Halfway to Choachi, we got off the bus, and took a hike in a Hidden Valley.

  

  

  

  

  

  

  

  The National Museum

  Thursday, my son and I again took an unescorted museum trip, this time to the national museum.

  

  I did not take a crazy number of photos, but did capture some of the wood working pieces that caught my attention.

  

  

  We all enjoyed a dinner out that night.

  Journey to the Sacred Laguna

  Our flight left just past midnight on Saturday morning, giving us time for one last trip. Again, Carol was our guide, this time from the town of Choachi (or Chiguachi in the language of the native Muiscas) to the sacred lake one town over.

  

  

  

  

  

  

  

  

  Return to the States

  The rain returned to Bogatá for our trip back to the airport. Despite some flooding and the usual traffic, we made our flight on time and took the red-eye back to Boston.

  My Duffel bag was not so lucky. It seemed to want to linger in Colombia, but caught a flight back the next day. According to Tile, it is locked up in an office somewhere in Terminal E of Logan Airport. It has a few things that I would like back. Including the chair.

  

  Post Script: The Happy Ending

  

  

• The NeuroFedora Blog Next Open NeuroFedora meeting: 10 March 2025 1300 UTC

  

  Photo by William White on Unsplash.

  
  

  Please join us at the next regular Open NeuroFedora team meeting on Monday 10 March 2025 at 1300 UTC. The meeting is a public meeting, and open for everyone to attend. You can join us in the Fedora meeting channel on chat.fedoraproject.org (our Matrix instance). Note that you can also access this channel from other Matrix home severs, so you do not have to create a Fedora account just to attend the meeting.

  You can use this link to convert the meeting time to your local time. Or, you can also use this command in the terminal:

  $ date -d 'Monday, March 10, 2025 13:00 UTC'
  

  The meeting will be chaired by @ankursinha. The agenda for the meeting is:

  • New introductions and roll call.
  • Tasks from last meeting.
  • Open Pagure tickets.
  • Package health check.
  • Open package reviews check.
  • CompNeuro lab compose status check for Fedora 41/rawhide.
  • Neuroscience query of the week
  • Next meeting day, and chair.
  • Open floor.

  We hope to see you there!

• Josef Strzibny Predownloading embedding models in Rails with Kamal

  If you are building AI-powered applications in Ruby on Rails, you might have come across Informers or Transformers.rb gems for transformer inference. Here’s how to improve the production deployment of their models in Kamal setups.

  Informers & Transformers.rb

  Informers and Transformers.rb are excellent gems for creating document embeddings. These embeddings can then be used to search your documents, build chatbots, and more.

  Here’s an example from the README:

  sentences = ["This is an example sentence", "Each sentence is converted"]
  
  model = Informers.pipeline("embedding", "sentence-transformers/all-MiniLM-L6-v2")
  embeddings = model.(sentences)
  

  As you can see, you can directly pass a model name you want to the gem. However, these models are quite big and don’t ship with these gems. Conveniently, they will be downloaded on first use.

  This auto-download works amazingly well for development but quickly become a major issue in production. If you are using Kamal or other Docker-based deployment you would be constantly downloading these models with every new release.

  Production setup

  For production, we need to download these models just once to a single location, then point the gems to read the models from there.

  The first step is creating a location for them on the server:

  # run on the server after logging in with SSH
  # or ideally make it part of server configuration
  mkdir -p /models;
  chmod 700 /models;
  chown 1000:1000 /models
  

  Setting up the ownership for the user 1000 is important since we’ll be downloading them from the Rails containers.

  The next step is figure out where they get saved. After a little bit of search on GitHub I found out that both gems construct the cache path using the XDG_CACHE_HOME environment variable.

  So we’ll need to set this variable to our location and make sure there are downloaded before we run the application.

  Kamal bits

  To expose our /models location we’ll add a new volume definition:

  # config/deploy.yml
  
  service: [SERVICE_NAME]
  image: [DOCKER_USERNAME]/[SERVICE_NAME]
  
  volumes:
    - "/storage:/rails/storage"
    - "/models:/rails/models"
  

  Now if we read and save from /rails/models inside the application image, we actually read from and save to a permanent location now.

  So now we can set XDG_CACHE_HOME env to point to /rails/models:

  # config/deploy.yml
  
  env:
    clear:
      XDG_CACHE_HOME: "/rails/models"
      ...
  

  This way we make sure the downloaded models will get reused, but we should make sure they are available before we run our embedding tasks.

  Pre-download

  We have a few options on populating the new /models cache.

  We can grab the local models and scp them to the expected location (note the full paths with the subdirectory). We can also ‘one off’ a Rails console task with kamal console and make sure they are downloaded or create a Rake task.

  We can also make this a firm part of deployment by moving this task into the bin/docker-entrypoint like this:

  ...
  
  if [ "${@: -1:1}" == "solid_queue:start" ]; then
    echo "Caching models into $XDG_CACHE_HOME"
  
    bundle exec rails runner '
    begin
      model = Informers.pipeline("embedding", "thenlper/gte-base")
      puts "Successfully downloaded thenlper/gte-base model"
    end
    '
  fi
  
  echo "Running ${@}"
  exec "${@}"
  

  Since I run Solid Queue, I used the solid_queue:start as argument. You might need to adjust this to fit your background job processing system.

  Note that you need call all of the models you’ll actually use.

March 08, 2025

• Daniel Pocock Diana e Adrian von Bidder-Senn, EVP/PEV, Domenica delle Palme e morte di Debian il giorno delle nozze

  Adrian von Bidder-Senn è morto il 17 aprile 2011. La data è confermata in numerosi posti. Ho già sottolineato in precedenza che questa morte, che potrebbe essere parte del Debian Suicide Cluster, è avvenuta lo stesso giorno del nostro matrimonio . Che regalo incredibile da parte della " famiglia " Debian.

  Un altro fatto fondamentale è che era la domenica delle Palme, la domenica prima di Pasqua. La domenica delle Palme, la Bibbia ci racconta la storia di Gesù Cristo che arriva a Gerusalemme :

  Gesù pianse (Giovanni 11:35). Sì, Gesù sapeva che avrebbe resuscitato Lazzaro dai morti, ma questo non gli impedì di provare il dolore della sua morte qui e ora. E gli spettatori riconoscono il significato di questo. Così i Giudei dissero: "Guarda come lo amava!" (Giovanni 11:36)

  L'implicazione è che Gesù sapeva che sarebbe morto. Perché non si è semplicemente voltato e non è tornato indietro?

  Ma Dio dimostra il suo amore verso di noi in questo: che, mentre eravamo ancora peccatori, Cristo morì per noi. (Romani 5:8)

  La vedova di Adrian è Diana von Bidder-Senn che ora ha un ruolo nell'Evangelical People's Party of Switzerland (EVP). In tedesco, il termine Evangelical è equivalente al termine Protestant in inglese. È essenzialmente un partito cristiano-democratico.

  Basilea, dove vivevano, è considerata un cantone/città protestante, anche se in pratica il ruolo della religione sta gradualmente diminuendo in Svizzera. Il numero di cattolici a Basilea è quasi alla pari con il numero di protestanti.

  Negli ultimi anni, i debianisti canaglia hanno insultato la mia famiglia con ogni genere di voci. Casualmente, il cugino che era nel coro del cardinale Pell era testimone di nozze al nostro matrimonio, ancora una volta, lo stesso giorno in cui morì Adrian von Bidder-Senn, la domenica delle Palme. Dov'ero il giorno in cui morì il cardinale? In Italia . Fu per colpa dei debianisti canaglia, del cardinale o un po' di entrambi?

  Si prega di consultare la cronologia di come si è evoluta la cultura delle molestie e degli abusi in Debian .

• Swiss JuristGate French woman (frontalière) trafficked to promote unauthorised cross border Swiss insurance

  Today, I published a blog on human trafficking and modern slavery. In effect, all forms of exploitation, combined with a voyage of any kind, can be considered as a possible case of human trafficking, even if the voyage is completed using a regular passenger train or flight.

  The victim, a French woman had worked seven years in an insurance company in Lyon.

  According to the FINMA judgment, the Swiss jurists who were selling the insurance without authorisation were under surveillance since 2021 or earlier.

  At the last minute, before FINMA shut down their scam in 2023, the Swiss jurists had created a new company Justiva SA and they employed the cross-border worker (frontalière) to help them.

  The victim had acquired various rights due to seven years of service at her previous employer and all those benefits are foregone if a worker quits to change employer. This is especially true if a worker in France quits their job to take a higher salary in Geneva.

  The victim started her new job in Geneva in February 2023 and FINMA closed the insurance company in the first week of April 2023. She was still in her probation period when FINMA belatedly shut down this scam.

  The FINMA judgment says the rogue firm was immediately shut at the beginning of April. During the probationary period, the victim would have been entitled to one week's pay in lieu of notice. According to the victim's LinkedIn profile, she continued with the new firm Justiva SA for three months until the end of June 2023. We found details of this woman in a backup copy of the Justiva SA web site, the Justicia SA web site and LinkedIn.

  Anybody who wants to work in a Swiss insurance company normally needs to complete a three year apprenticeship or diploma in Switzerland. The selection process is normally highly competitive. This woman clearly did not have the Swiss qualifications. When the Swiss jurists offered her a job promoting legal insurance, without any Swiss qualifications, she must have felt she had won the lottery.

  The financial regulator went to great lengths to obfuscate the failure of the insurance company run by Swiss jurists. Did they make any effort to prevent former employees talking about the failure?

  The outgoing director of FINMA had previously worked for Zurich Insurance. Miraculously, in the same month that Urban Angehrn departed FINMA for health reasons, the woman was given a job at his former employer.

  It feels miraculous that Zurich would spontaneously offer this opportunity to somebody who had not passed through the same Swiss training as other employees.

  Promoting an unauthorized insurance for cross border workers appears to simultaneously violate laws in both Switzerland and France. If the woman was tricked to leave a stable job in Lyon and do this illegal work then she has been exploited. As the exploitation occurred over an international border, it is a clear clase of human trafficking.

  French legal code Art. 225-4-1:

  Human trafficking is the act of recruiting a person, transporting them, hosting them or welcoming them for the purposes of exploitation using any of the means following ...

  4. for any transaction or payment or another promise of future remuneration or advantage

  The exploitation mentioned in the first point can be any of the following ... or to compel the victim to commit any crime or offence

  For the purposes of the French law on human trafficking, creating a situation where a cross-border worker is compelled to sell unauthorised insurance is just as bad as using them for sexual slavery. The loss of their previous employment benefits and the terms of the probationary period have the effect of compelling them to continue working for their new master even if they discover it is a scam.

  Did FINMA realize that a French woman was human trafficked in violation of modern slavery laws right under their noses in a firm they had been so slow to shut down? Is that the reason the woman appears to have found a new job so conveniently while the clients got nothing?

  When I saw this, I remembered my research into the Catholic abuse scandal and the practices used to make secret pay-offs.

  

• Kevin Fenzi Early March infra bits 2025

  

  Here we are saturday morning again. This week was shorter than normal for me work wise, as I took thursday and friday off, but there was still a lot going on.

  Atomic desktops / iot / coreos caching issues

  I spent a lot of time looking into some odd issues that ostree users were hitting. It was really hard to track down what was broken. No errors on our end, invalidated cloudfront a few times, did a bunch of tweaks to our backend varnish cashes and... the problem was caused by: me.

  Turns out we are getting hit really hard all the time by (what I can only assume is crawlers working to fuel LLM's. It's not just us, see for example this excellent lwn article on the problem

  We use amazon Cloudfront to serve ostree content to users, since it allows them to hit endpoints in their local region, so it's much faster and reduces load on our primary cache machines. Cloudfront in turn hits our cache machines to get the content it caches.

  How does this relate to ostree issues you might ask? Well, I blocked a bunch of IP's that were hitting our kojipkgs servers particularly hard. It turns out some of those IP's were cloudfront, so just _some_ of the cloudfront endpoints didn't have access to the backend so their cache was out of date. I assume cloudfront also has multiple distributions at each region and it was only _some_ of those.

  Removing all those blocks got everything working for everyone again (but of course the AI bots are ever present). I also enabled a thing called 'origin shield' which means cloudfront should only pull from one region and sync to the others, reducing load on our caches.

  Longer term we probibly need to split up our kojipkgs cache or add more nodes or rearage how things are hit.

  I'm deeply sorry about this issue, I know many users were frustrated. I sure was too. Lesson learned to be carefull in blocking bots.

  s390x caching problems

  And related to that issue, our s390x builders have been having problems pulling packages for builds. They have a local cache that in turn pulls from our primary one. Sometimes, sporadically, it's getting partial downloads or the like. I've still not fully figured out the cause here, but I did make a number of changes to the local cache there that seem to have reduced the problem.

  Longer term here we probibly should seperate out this cache to hit a only internal one so the load on the main one doesn't matter.

  Coffee machine fun

  Friday my coffee machine ( delonghi magnifica ) got stuck in the middle of a cycle. It had gound the beans, but then stopped before the water step. So, I looked around at repair videos and then took it apart. It was actually pretty cool how it was put together, and I was able to basically manually turn a pully to move it down to unlocked, then I could remove the brew group and clean everything up and put it back together. Working great again. Kudos also to the The iFixit pro toolkit that I got a while back. A weird screw? no problem.

  Home assistant

  Been having a lot of fun tinkering with home assistant.

  After looking, decided that zigbee networking is better than bluetooth and less power hungry than wifi, so I picked up a Zigbee gateway and it works just fine. At one point I thought I accidentally flashed it with esp32 builder, but seems it didn't work, so whew.

  Got some smart plugs ( Amazon link to smart plugs ) and these little things are great! pair up fine, HA can manage their firmware versions/update them, lots of stats. I put one on the plug my car charges on, another on a plug that has a fridge and a freezer on, one on the plug my main server UPS is on, and kept one for 'roaming'. It's cool to see how much power the car charging takes in a nice graph.

  Got some cheap temp sensors ( Amazon link to temp / humidity sensors ) They seem to be working well. I put one in my computer closet, one in our living room, one in the garage and one outside. (The living room seems to have a 4 degree change from day to night)

  I had some old deako smart switches along with a gateway for them. They use a bluetooth mesh to talk to each other and an app, but the gateway is needed for them to be on wifi. I never bothered to setup the gateway until now, but HA needs it to talk to the switches. So I tried to set it up, but it would just fail at the last setup step. So, I mailed daeko and... they answered really quickly and explained that the gateway is no longer supported, but they would be happy to send me some of their new smart switches (that have wifi built in and can act as a gateway for the old ones) free of charge! I got those on thursday and set them up and they worked just dandy. But then I tripped over Chestertons Fence. The 3 old smart switches were all controlling the same light. That seemed silly to me. Why not just have one on that light, use two 'dumb' switches for the other two places for that light and then move the other smart ones to other lights? Well, turns out there are several problems with that: The 'dumb' switches have a physical position, so if you did that one could be 'on' with the light off, another 'off', etc But the biggest problem is that the smart switch is needed to route power around. If you turn the light 'off' on a 'dumb' switch you can have the one smart one with no power and it doesn't do anything at all. So, after messing them up I figured out how to factory reset them and re-pair them. For anyone looking the process is:

  Resetting:

  • plug in and while it 'boots', press and hold the switch.

  • it should come up with a 3 2 1 buttons to press.

  • press each in turn

  Pairing (you have to pair switches that all control the same lights):

  • unplug all switches

  • plug one in and Press and hold the switch it should come up with a flashing 1

  • If nothing happens, try each of the other two in turn. Only one has 'power'

  • press 1 on the first switch.

  • Repeat on switch 2 and press 2 on the first switch

  • Repeat on the last switch and press 3 on the first switch

  I could have saved myself a bunch of time if I had just left it the way it was. Oh well.

  Finally I got some reolink cameras. We have a small game camera we put out from time to time to make sure the local feral cats are ok, and to tell how many racoons are trying to eat the cats food. It's kind of a pain because you have to go put it outside, wait a few days and then remember to bring it back in, then pull the movies off it's sdcard.

  So replacing that with something that HA could manage and we didn't need to mess with sounded like a win. I picked up a bundle with a Home Hub and two Argus Eco Ultra and 2 solar panels for them.

  The Home hub is just a small wifi ap with sdcard slots. You plug it in and set it up with an app. Then, you pair the cameras to it and HA talks to the cameras via the hub. There's no external account needed, setup is all local and you can even firewall off reolink if you don't want them to auto uprgade firmware, etc. I've not yet set the cameras up outside, but a few impressions: The cameras like REALLY LOUD AUDIO. When you first power them on they greet you in a bunch of languages and tell you how to set them up. Thats fine, but when I did this people in my house were sleeping. Not cool. Even powering them off causes a chirp that is SUPER lOUD. The cameras have a 'siren' control that I have been afraid to try. :) Anyhow, more on these as I get them setup.

  I had 2 UPSes here. One for my main server and critical loads and another one for less important stuff. With all the home assistant stuff I ran out of battery backed plugs, so I picked up a 3rd UPS. The new one was easy to add to nut, but I had a long standing problem with the two I already had: They are exactly the same model and product and don't provide a serial number on the usb port, so nut can't tell them apart. Finally I dug around and figured out that while I was specifying bus, port and device, it wasn't working until I moved one of them to another USB plug (and thus another bus). I then got all 3 of them added to HA. One thing that confused me there is that since all 3 of them are on the same nut server and are using the same upsmon user, how do I add more than 1 of them in HA? Well, it turns out if you go to the nut integration, add device, enter the same host/user/pass it will pop up a screen that asks you which one to add. So you can add each in turn.

  So, lots of fun hacking on this stuff.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114128294620402197

March 07, 2025

• Fedora Community Blog Infra and RelEng Update – Week 10

  This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

  Week: 3rd Mar – 7th Mar 2025

  

  Infrastructure & Release Engineering

  The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
  It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
  List of planned/in-progress issues

  Fedora Infra

  • In progress:
    • re-add datagrepper nagios checks (and add to zabbix?)
    • Fix logrotate on kojipkgs01/02
    • 2025 datacenter move (IAD2->RDU3)
    • [CommOps] Open Data Hub on Communishift
    • retire easyfix
    • Add StartInstanceRefresh permission for fedora-ci-testing-farm user in AWS
    • Deploy Element Server Suite operator in staging
    • Pagure returns error 500 trying to open a PR on https://src.fedoraproject.org/rpms/python-setuptools-gettext
    • a real domain name for konflux
    • Create a POC integration in Konflux for fedora-infra/webhook-to-fedora-messaging
    • maubot-meetings bot multi line paste is cut
    • setup ipa02.stg and ipa03.stg again as replicas
    • Manage our new testing.farm domain via AWS Route53
    • Add support for creating RDS instances under `testing-farm-` prefix
    • Move OpenShift apps from deploymentconfig to deployment
    • The process to update the OpenH264 repos is broken
    • httpd 2.4.61 causing issue in fedora infrastructure
    • Support allocation dedicated hosts for Testing Farm
    • EPEL minor version archive repos in MirrorManager
    • vmhost-x86-copr01.rdu-cc.fedoraproject.org DOWN
    • Add yselkowitz to list to notify when ELN builds fail
    • Cleaning script for communishift
    • Setup RISC-V builder(s) VM in Fedora Infrastructure
    • Move from iptables to firewalld
    • Help me move my discourse bots to production?
    • rhel9 adoption
    • Replace Nagios with Zabbix in Fedora Infrastructure
    • Migration of registry.fedoraproject.org to quay.io
  • Done:
    • Automatically invited ChanServ channel is unjoinable.
    • “Fatal Error” when uploading image.
    • FAS account: Accept the user agreement with registration
    • [koji, s390x] GenericError: Downloaded file … doesn’t match expected size (… vs …)
    • s390x Koji builders: Librepo error: Cannot download toplink/packages/librsvg2/2.59.2/1.fc41/s390x/librsvg2-2.59.2-1.fc41.s390x.rpm: All mirrors were tried
    • ca.mirrors.cicku.me seems to be outdated, should be taken out of the mirror list
    • Request for Asahi calendar owned by asahi-sig
    • Redeploy WCIDFF to production after the changes in source
    • Please provide commit acces for nikromen to fedora-infra/ansible
    • Create a token for anaconda team for the purpose of automated test result reporting to Wiki
    • RISC-V Koji Administration
    • Create CentOS calendar

  CentOS Infra including CentOS CI

  • In progress:
    • Increase Storage capacity for koji built artifacts
    • Testing Jenkins – c10s x86_64 metal doesn’t provision
    • Release Improvements
    • [spike] : investigating needed deps (poetry) for duffy on el9
    • Onboarding new infra SIG member
    • Migrate main backup storage pool to different hardware
    • [spike] : investigating options/alternatives for the upcoming DC move
  • Done:
    • grant sf-service-account namespace-scoped access to monitoring.coreos.com API on cloud-softwarefactory
    • Adding Theory7.net Centos-stream mirror
    • http 503 when accessing https://cloud.centos.org/centos/9-stream/x86_64/images
    • Scope operator installations in cloud-softwarefactory namespace
    • Move cloud.centos.org to its new CDN setup
    • Redesign mirror network due to Equinix stopping OSS sponsorship
    • New NL/Amsterdam Mirror – low latency!

  Release Engineering

  • In progress:
    • Stalled epel package request: python-hamcrest
    • Please send openh264-2.6.0 to Cisco
    • Unretire datanommer-commands and python-datanommer-models packages
    • Create `image-builder-build` koji build group
    • Please untag tinysparql-3.8~rc-3.fc42
    • 300+ F42FTBFS bugzillas block the F41FTBFS tracker
    • Packages that have not been rebuilt in a while or ever
    • Fedora 42 Mass Rebuild Tracker
    • Send compose reports to a to-be-created separate ML
    • .sqlite metadata missing in f41-updates and f41-updates-testing repositories
    • Could we have fedoraproject-updates-archive.fedoraproject.org for Rawhide?
    • Investigate and untag packages that failed gating but were merged in via mass rebuild
    • a few mass rebuild bumps failed to git push – script should retry or error
    • Package retirements are broken in rawhide
    • Implement checks on package retirements
    • Untag containers-common-0.57.1-6.fc40
    • orphan-all-packages.py should remove bugzilla_contact entries from fedora-scm-requests as well
    • Packages that fail to build SRPM are not reported during the mass rebuild bugzillas
    • When orphaning packages, keep the original owner as co-maintainer
    • Create an ansible playbook to do the mass-branching
    • RFE: Integration of Anitya to Packager Workflow
    • Fix tokens for ftbfs_weekly_reminder. script
    • Update bootloader components assignee to “Bootloader Engineering Team”for Improved collaboration
  • Done:
    • Stalled EPEL package: xclip
    • New repo stuck in inconsistent state: rpms/rust-tree-sitter-julia
    • kiwi-10.2.11-1.fc43 isn’t used in Rawhide/f43 image builds
    • Allow macro _with_bootstrap for f43 sidetags
    • Deletion of accidently created branch
    • Stalled EPEL package: python-qt5
    • Stalled EPEL package: python-msgpack
    • Migrate to lastlog2
    • Branch cleanup: please remove the ‘rawhi’ branch of rust-tree-sitter-bash
    • F42 stable push requests
    • Please update openh264 to 2.6.0 in rawhide and F42
    • Please update `openh264`to 2.5.0 in F41
    • please create epel10 based el10-openjdk tag
    • Please send openh264-2.4.1-1.el10_0 to Cisco
    • RFE: data store and/or messages and/or server for release cycle information

  If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

  The post Infra and RelEng Update – Week 10 appeared first on Fedora Community Blog.

March 06, 2025

• Dan Horák Firefox 128.8.0 ESR built for ppc64le

  The JIT-enabled Firefox 128.8.0 ESR has been built for Fedora/ppc64le in my Talos COPR repository. The corresponding sources are in my fork of the official Fedora Firefox package and the JIT is coming from Cameron's work.
  
  Currently only Fedora 40 and 41 builds are present, but builds for 42 and Rawhide are in progress and should be available in the repo soon. Seems the WASI SDK version 20 bundled with our Firefox 128 can't be built any more in the recent Fedoras, due new GCC 15 and other changes (too new cmake it seeems and more), so the WASI support for sandboxing had to be disabled there. The Firefox codebase required a little update to be buildable with GCC 15.

March 05, 2025

• David López Clasificación de Sentimientos con Aprendizaje Automático en Python utilizando el Dataset…

  Clasificación de Sentimientos con Aprendizaje Automático en Python utilizando el Dataset movie_reviews

  En el mundo del Procesamiento del Lenguaje Natural (PLN), una de las tareas más comunes y útiles es la clasificación de sentimientos. Esta técnica permite analizar textos, como reseñas de películas, comentarios en redes sociales o críticas de productos, para determinar si expresan una opinión positiva o negativa. En este artículo, exploraremos cómo implementar un sistema de clasificación de sentimientos utilizando aprendizaje automático en Python. Para ello, utilizaremos el dataset movie_reviews del corpus de NLTK, que contiene reseñas de películas etiquetadas como positivas o negativas.

  A lo largo de este artículo, describiremos el proceso completo, desde la carga y preprocesamiento de los datos hasta la implementación y evaluación de un modelo de clasificación. Además, analizaremos los resultados obtenidos y discutiremos posibles mejoras para futuras iteraciones. Este proyecto no solo es una excelente introducción al PLN, sino también una demostración práctica de cómo el aprendizaje automático puede aplicarse para resolver problemas del mundo real.

  Descripción del Dataset movie_reviews

  El dataset movie_reviews, proporcionado por el corpus de NLTK, es un conjunto de datos ampliamente utilizado en tareas de Procesamiento del Lenguaje Natural (PLN). Este dataset contiene reseñas de películas etiquetadas como positivas (pos) o negativas (neg), lo que lo convierte en una herramienta ideal para proyectos de clasificación de texto y análisis de sentimientos. Cada reseña está almacenada en un archivo de texto y categorizada en una de las dos clases mencionadas, lo que permite su uso en tareas de aprendizaje supervisado.

  Preprocesamiento de los Datos

  El preprocesamiento de datos es una etapa fundamental en cualquier proyecto de PLN, ya que los textos sin procesar suelen contener ruido que puede afectar el rendimiento de los modelos. En este notebook, se implementaron las siguientes etapas de preprocesamiento:

  # Importamos las librerías necesarias
  import pandas as pd
  import re
  import nltk
  import seaborn as sns
  import matplotlib.pyplot as plt
  from collections import Counter
  from nltk.corpus import stopwords
  from nltk.tokenize import word_tokenize
  from nltk.stem import WordNetLemmatizer
  from sklearn.feature_extraction.text import CountVectorizer
  from sklearn.model_selection import train_test_split
  from sklearn.naive_bayes import MultinomialNB
  from sklearn.metrics import accuracy_score, f1_score
  
  nltk.download('wordnet')
  nltk.download('omw-1.4')
  nltk.download('stopwords')
  nltk.download('punkt')
  nltk.download('movie_reviews')
  

  Carga del Dataset:
  Se cargaron las reseñas de películas utilizando el corpus de NLTK. Cada reseña se almacenó en una lista de tuplas, donde cada tupla contiene el texto de la reseña y su categoría correspondiente (positiva o negativa).

  reviews = [(movie_reviews.raw(fileid), category)
             for category in movie_reviews.categories()
             for fileid in movie_reviews.fileids(category)]

  Conversión a DataFrame:
  Para facilitar la manipulación y el análisis, las reseñas se convirtieron en un DataFrame de pandas. Esta estructura permite trabajar con los datos de manera más eficiente y aplicar operaciones de limpieza y transformación.

  df_reviews = pd.DataFrame(reviews, columns=['Review', 'Category'])

  Definición de Stopwords y Lematización:
  Se definieron las stopwords en inglés, que son palabras comunes que no aportan significado relevante al texto (por ejemplo, “the”, “and”, “is”). Además, se inicializó el lematizador de WordNet, una herramienta que reduce las palabras a su forma base o raíz (por ejemplo, “running” se convierte en “run”).

  stop_words = set(stopwords.words('english'))
  lemmatizer = WordNetLemmatizer()

  Función de Preprocesamiento:
  Se desarrolló una función para preprocesar cada reseña. Esta función realiza las siguientes operaciones:

  • Convierte el texto a minúsculas.
  • Elimina puntuación y números.
  • Tokeniza el texto (lo divide en palabras individuales).
  • Elimina stopwords.
  • Aplica lematización.

  def preprocess_review(review):
      review = review.lower()
      review = re.sub(r'[^\w\s]', '', review)
      review = re.sub(r'\d+', '', review)
      tokens = word_tokenize(review)
      tokens = [lemmatizer.lemmatize(word) for word in tokens if word not in stop_words]
      return tokens

  Aplicación del Preprocesamiento:
  La función de preprocesamiento se aplicó a cada reseña, y los resultados se almacenaron en una nueva columna del DataFrame. Además, se creó una columna adicional que une los tokens preprocesados en un solo texto para facilitar su uso en el modelo.

  df_reviews['Processed_Review'] = df_reviews['Review'].apply(preprocess_review)
  df_reviews['Processed_Review_Text'] = df_reviews['Processed_Review'].apply(lambda x: ' '.join(x))

  Modelo Utilizado (Naive Bayes) y Resultados Obtenidos

  Para la clasificación de las reseñas, se optó por el modelo de Naive Bayes Multinomial, una elección común en tareas de clasificación de texto debido a su simplicidad y eficacia.

  Vectorización de las Reseñas:
  Se utilizó CountVectorizer para transformar las reseñas preprocesadas en una matriz de características. Este paso convierte el texto en una representación numérica que puede ser procesada por el modelo.

  vectorizer = CountVectorizer()
  X = vectorizer.fit_transform(df_reviews['Processed_Review_Text'])
  y = df_reviews['Category']

  División del Dataset:
  Los datos se dividieron en conjuntos de entrenamiento y prueba, utilizando un 80% para entrenamiento y un 20% para evaluación.

  X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)

  Entrenamiento del Modelo:
  Se creó y entrenó el modelo de Naive Bayes Multinomial con los datos de entrenamiento.

  model = MultinomialNB()
  model.fit(X_train, y_train)

  Predicciones y Evaluación:
  Se realizaron predicciones sobre el conjunto de prueba y se evaluó el modelo utilizando métricas como precisión y F1-score.

  y_pred = model.predict(X_test)
  accuracy = accuracy_score(y_test, y_pred)
  f1 = f1_score(y_test, y_pred, pos_label='pos', average='binary')

  Los resultados obtenidos fueron:

  • Precisión del 81%:
    Una precisión del 81% es un resultado sólido para un modelo de clasificación de texto, lo que sugiere que el modelo es capaz de identificar correctamente la mayoría de las reseñas como positivas o negativas.
  • F1-score de 0.8061:
    El F1-score cercano a la precisión indica que el modelo no solo es preciso, sino que también tiene una buena capacidad para recuperar las reseñas positivas. Esto es especialmente importante en aplicaciones donde tanto la precisión como el recall son críticos.

  Graficamos las Palabras más Frecuentes

  Para obtener una comprensión más profunda de las características de las reseñas, se generaron gráficos de las palabras más frecuentes en las categorías positiva y negativa.

  # Obtener las palabras más frecuentes en las reseñas positivas
  positive_reviews = df_reviews[df_reviews['Category'] == 'pos']['Processed_Review_Text']
  positive_words = ' '.join(positive_reviews).split()
  positive_word_freq = Counter(positive_words).most_common(20)
  
  # Obtener las palabras más frecuentes en las reseñas negativas
  negative_reviews = df_reviews[df_reviews['Category'] == 'neg']['Processed_Review_Text']
  negative_words = ' '.join(negative_reviews).split()
  negative_word_freq = Counter(negative_words).most_common(20)
  
  # Crear un DataFrame para las palabras más frecuentes
  positive_df = pd.DataFrame(positive_word_freq, columns=['Word', 'Frequency'])
  negative_df = pd.DataFrame(negative_word_freq, columns=['Word', 'Frequency'])
  
  # Plotear las palabras más frecuentes en las reseñas positivas
  plt.figure(figsize=(12, 6))
  sns.barplot(x='Frequency', y='Word', data=positive_df, palette='viridis')
  plt.title('Palabras más frecuentes en reseñas positivas')
  plt.show()
  
  # Plotear las palabras más frecuentes en las reseñas negativas
  plt.figure(figsize=(12, 6))
  sns.barplot(x='Frequency', y='Word', data=negative_df, palette='magma')
  plt.title('Palabras más frecuentes en reseñas negativas')
  plt.show()

  

  

  Los gráficos de palabras más frecuentes proporcionan una visión general de los temas y aspectos que los usuarios destacan en sus reseñas. Por ejemplo, en la gráfica de las reseñas positivas, observamos que las palabras más comunes incluyen términos como “film”, “movie”, “one”, “character”, y “like”. Estas palabras son típicas en reseñas de películas y reflejan aspectos generales y específicos de las películas que los usuarios tienden a mencionar cuando tienen una opinión positiva.

  En la gráfica de las reseñas negativas, las palabras más frecuentes también incluyen términos como “film”, “movie”, “one”, “like”, y “character”. Sin embargo, la frecuencia de algunas palabras puede variar en comparación con las reseñas positivas. Esto indica que, aunque los términos utilizados pueden ser similares, el contexto y la connotación en las reseñas negativas son diferentes, reflejando críticas y aspectos negativos de las películas.

  Las palabras más frecuentes en ambas categorías de reseñas proporcionan una visión general de los temas y aspectos que los usuarios tienden a destacar en sus opiniones. Estas palabras pueden ser útiles para entender mejor las características que influyen en las percepciones positivas y negativas de las películas.

  Conclusión

  El desarrollo de esta practica ha demostrado la efectividad de las técnicas de preprocesamiento y el modelo de Naive Bayes Multinomial en la clasificación de reseñas de películas. Con una precisión del 81% y un F1-score de 0.8061, el modelo ha mostrado un rendimiento prometedor, lo que lo convierte en una herramienta útil para aplicaciones prácticas en el análisis de sentimientos.

  Sin embargo, siempre hay oportunidades para mejorar. Algunas posibles mejoras incluyen:

  • Incorporar técnicas de preprocesamiento más avanzadas, como la eliminación de palabras menos relevantes o el uso de embeddings de palabras.
  • Experimentar con modelos más complejos, como redes neuronales o transformers, para capturar relaciones más sofisticadas en el texto.
  • Ampliar el dataset o utilizar técnicas de aumento de datos para mejorar la generalización del modelo.

  Además, los gráficos de palabras más frecuentes ofrecen una perspectiva valiosa sobre los temas y aspectos que influyen en las opiniones de los usuarios. Esta información no solo enriquece nuestro entendimiento de las reseñas, sino que también puede ser utilizada para guiar futuras investigaciones y aplicaciones en el campo del Procesamiento del Lenguaje Natural (PLN). En resumen, esta práctica nos ha permitido aplicar los conocimientos teóricos adquiridos, consolidando así nuestra comprensión de las técnicas de clasificación de texto. Al mismo tiempo, ha sentado las bases para futuras mejoras y exploraciones en el fascinante y siempre evolutivo mundo del análisis de texto.

  

March 01, 2025

• Kevin Fenzi Misc bits from late February 2025

  

  Here's another misc bits from Fedora Infra land. I missed last weekend as I was off on some vacation. I've got a few more days coming up that I need to use before they go away. :)

  Personal Stuff

  We had a big wind storm here on monday. Knocked out power for about 5 hours (which wasn't so bad, since we have a generator, but was anoying). One of our large (150' douglas fir) trees got knocked down by the wind. Luckily it fell away from the house and a fence, and managed to hit a thicket of blackberries I was in the process of trying to remove. Still will need to take care of it, as it's in the way of our path. Also, our dishwasher died (gonna be a few weeks before someone can look at it). It's sad that repairing something takes a few weeks, but I bet I could buy a new one in a few days.

  Day of learning on friday

  Red Hat does these quarterly "day of learning" days, where everyone is encouraged to go learn something. Work related, not work related, interesting, useful or not. It's really a great thing. This time I decided to play around with Home Assistant some more and figure out how it does things. Adam Williamson mentioned it in a matrix discussion, and I had been meaning to look into it too, so seemed like a great time. I picked up a Home Assistant green (which is basically a small arm box that has home assistant (HA) all installed on it and ready to go. Initial setup was easy, no issues.

  Several of my devices are using bluetooth, so I also picked up some little esp32 boards to use as a bluetooth proxy. It's pretty amazing how small these little guys are. I did make one mistake ordering though: I got some with microusb. Had to dig up some old cables. I think I am going to replace them with ones that have usbc. So, I flashed the bluetooth proxy on one, it joined my wifi and... then it didn't work. Took me a while to find out that since my wireless and wired networks are completely seperate, I needed to run a mdns-repeater on my gateway/firewall box to repeat the mdns advertisements. After doing that it saw that just fine, along with a printer that was on wifi.

  I connected up my ups server (nut) with no problems, so now I have nice charts and graphs of power usage, battery state, etc.

  I have some 'smart' light switches from Deako here too. They connect and work with an adroid app via bluetooth, so I thought they were using bluetooth for HA integration too, but it turns out it requires wifi to connect to them. I do have a old dongle to connect them to wifi, and I tried to set that up, but it seems to just hang at the end when it says it's preparing it. They no longer make that Deako Connect dongle, so I mailed them about it. Perhaps the provisioning for it is even no longer there.

  Managed to add my car in with not much trouble. Kinda cool to have all its sensors available easily on the dashboard.

  This stuff is a giant rabbit hole. Some things I want to do when time/energy permits:

  • There's a way to connect a esp32 device to the serial port on the hot water heater and get all kinds of info from it.

  • There's a way supposedly to connect to a internal connector on the heat pumps I have and get a ton of info/control them.

  • I'd like to figure a way to monitor my water holding tank. That one is going to be tricky, as the pumphouse is down a hill and not in line of sight of the house. Seems like people do this one of two ways: a pressure sensor dropped in the bottom of the tank, or a distance sensor at the top showing where the water line is.

  • After looking I think bluetooth is too much of a mess for things usually, so I order a Zigbee thing for the HA server and some zigbee based power outlets and some temp sensors to try that out.

  Lots of fun.

  caching issues

  So, starting on tuesday there were some issues with out caching setup. First it was s390x builds. They would request some package/repodata from their local cache, it would in turn request it from the main ones and sometimes it would just get a partial read or a incorrect size. I couldn't find anything that seemed wrong. We are in Freeze for beta, so no real changes have been made to infrastructure. So, I was left with trying various things. I updated and rebooted the s390x cache machine. I blocked a bunch of ip's that were hitting the main cache too much. I updated and rebooted the main cache machines. Including a sidetrack where I noticed they were running an old kernel. Turns out 'sdubby' got installed there somehow and it was installing new kernels as efi. The vm wasn't booting efi, so it just kept booting on it's old kernel. After all that it seemed like the issue was gone, or perhaps happening much less often?

  After that however, some folks are seeing problems with ostree downloads. All of them I see also don't exist on the cache hosts either, so I am not sure whats happening. I'm very sorry for the issue, as I know it's affecting a number of people. Will keep trying to track it down.

  riscv secondary

  Managed to mostly sort out builder authentication I think. There's eome limitataions for external builders, but I think we can live with that. Hopefully next week we will start onboarding builders, then will need to import builds, then it will be time to start building!

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114089126937486625

February 28, 2025

• Remi Collet 🎲 PHP version 8.3.18RC1 and 8.4.5RC1

  Release Candidate versions are available in the testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for a parallel installation, the perfect solution for such tests, and also as base packages.

  RPMs of PHP version 8.4.5RC1 are available

  • as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  RPMs of PHP version 8.3.18RC1 are available

  • as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  ℹ️ The packages are available for x86_64 and aarch64.

  ℹ️ PHP version 8.2 is now in security mode only, so no more RC will be released.

  ℹ️ Installation: follow the wizard instructions.

  ℹ️ Announcements:

  • PHP 8.4.5RC1 available for testing
  • PHP 8.3.18RC1 available for testing

  Parallel installation of version 8.4 as Software Collection:

  yum --enablerepo=remi-test install php84

  Parallel installation of version 8.3 as Software Collection:

  yum --enablerepo=remi-test install php83

  Update of system version 8.4:

  dnf module switch-to php:remi-8.4
  dnf --enablerepo=remi-modular-test update php\*

  Update of system version 8.3:

  dnf module switch-to php:remi-8.3
  dnf --enablerepo=remi-modular-test update php\*

  ℹ️ Notice:

  • version 8.4.4RC2 is in Fedora rawhide for QA
  • EL-10 packages are built using RHEL-10.0-beta and EPEL-10.0
  • EL-9 packages are built using RHEL-9.5
  • EL-8 packages are built using RHEL-8.10
  • oci8 extension uses the RPM of the Oracle Instant Client version 23.7 on x86_64 or 19.25 on aarch64
  • intl extension uses libicu 74.2
  • RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
  • versions 8.3.18 and 8.4.5 are planed for March 13th, in 2 weeks.

  Software Collections (php83, php84)

  

  

  Base packages (php)

  

  

February 27, 2025

• Felipe Borges GNOME is participating in Google Summer of Code 2025!

  The Google Summer of Code 2025 mentoring organizations have just been announced and we are happy that GNOME’s participation has been accepted!

  If you are interested in having a internship with GNOME, check gsoc.gnome.org for our project ideas and getting started information.

• Cockpit Project Cockpit 334

  Cockpit is the modern Linux admin interface. We release regularly.

  Here are the release notes from cockpit-files 17:

  Files: Apple-compatible keyboard shortcuts

  Cockpit Files now properly supports command-based keyboard shortcuts, also known by the ⌘ symbol, fitting in better with macOS and portable Apple devices using a paired keyboard.

  

  Try it out

  cockpit-files 17 is available now:

  • For your Linux system

  • Cockpit Client

  • cockpit-files Source Tarball
  • cockpit-files Fedora 42
  • cockpit-files Fedora 41

February 26, 2025

• Swiss JuristGate Urban Angehrn (FINMA director) announced resignation at same moment Parreaux, Thiébaud & Partners decision published

  FINMA closed the business of Parreaux, Thiébaud & Partners / Justicia SA in April 2023 but they did not publish their judgment at the same time.

  6 September 2023 they announced the resigntion of Urban Angehrn, director of FINMA since 1 November 2021.

  Challenges that were successfully overcome under his leadership include, in particular, [ ... snip ... ], the supervision of supplementary health insurance geared towards client protection and the conclusion of complex enforcement proceedings.

  19 September 2023 FINMA published the judgment against Parreaux, Thiébaud & Partners / Justicia SA. They suppressed the names and dates in the document.

  Mr Angehrn departed on 30 September.

  They wrote that Mr Angehrn had closed the business of Parreaux, Thiébaud & Partners / Justicia SA "successfully". But the clients received nothing.

  He had shut down just one single scam in almost two years as director of FINMA.

  Thanks to the financial accounts for 2023, we found the director's salary CHF 602,000 and the termination payment CHF 581,000.

  ”Being able to contribute to the sustainable improvement of the quality of the Swiss financial centre as CEO of FINMA was a unique challenge for me, and one that I tackled with all my might. However, the high and permanent stress level had health consequences. I have considered my decision carefully and have now decided to step down,” says Urban Angehrn.

  He resigned due to stress and he received CHF 581,000 as a leaving gift. The clients received nothing.

February 25, 2025

• Guillaume Kulakowski Problème intermittent dans la résolution de mes DNS avec AdGuard Home (EAI_AGAIN)

  Depuis quelque temps, je constatais des erreurs intermittentes lors de la récupération des flux RSS (je sais, j’utilise encore des flux RSS en 2025…) sur mon instance Miniflux, sans pouvoir en identifier la cause. Récemment, j’ai déployé une instance n8n (article en préparation) avec un gestionnaire d’erreurs qui me notifie via ntfy en cas de […]

  Cet article Problème intermittent dans la résolution de mes DNS avec AdGuard Home (EAI_AGAIN) est apparu en premier sur Guillaume Kulakowski's blog.

February 24, 2025

• Swiss JuristGate Credit Suisse collapse obfuscated Parreaux, Thiébaud & Partners scandal

  15 March 2023, the value of shares in Credit Suisse plunged. Four days later UBS announced the purchase of their competitor Credit Suisse.

  It was an enormous scandal for Switzerland.

  The risk of a scandal had been known for some months. For a few weeks after 15 March 2023, the Swiss media published multiple reports about Credit Suisse each day.

  Two weeks later, on 4 April 2023, the trade registry in Canton Geneva received the decision of FINMA for the immediate liquidation of Parreaux, Thièbaud & Partners / Justicia SA.

  We looked at the web site of RTS (Swiss public broadcaster) using the Wayback Machine. Below, we publish some screen shots from the week from 3 to 7 April 2023. We didn't find any reports about the closure of Parreaux, Thièbaud & Partners.

  20,000 clients had suddenly lost their Swiss legal services insurance. Some of the insured clients were in the middle of trials and other procedures funded by the insurance.

  The Swiss media helped the jurists with free publicity in 2018.

  But the media said nothing when the jurists were shut down.

  According to the judgment of 4 April 2023, FINMA had knowledge of the situation at Parreaux, Thiébaud & Partners since 2021. For two years they looked for a solution. They didn't find a solution but they had the chance to do a cover-up when the Credit Suisse crisis arrived.

  Monday, 3 April 2023

  2023-04-03: 20min.ch Super CEO of UBS/CS

  Tuesday, 4 April 2023

  2023-04-04 23:17:28: RTS: CS bonuses to be limited or canceled

   

  and FINMA's decision to liquidate arrived in the trade registry:

  

  Wednesday, 5 April 2023

  2023-04-05 09:52:57: Blick: 2.9% fall. Bank shares plunge ahead of Credit Suisse AGM

• Fedora fans معرفی Apache NetBeans و نصب آن در فدورا لینوکس

  

  Apache NetBeans یک محیط توسعه‌ی یکپارچه (IDE) متن‌باز است که برای توسعه‌ی برنامه‌های جاوا، PHP، JavaScript، HTML، CSS و بسیاری از زبان‌های دیگر استفاده می‌شود. این IDE امکاناتی مانند ویرایش کد پیشرفته، اشکال‌زدایی (Debugging)، مدیریت پروژه‌ها، و قابلیت‌های توسعه‌ی تحت وب و موبایل را فراهم می‌کند.   ویژگی‌های Apache NetBeans پشتیبانی از زبان‌های مختلف: جاوا، […]

  The post معرفی Apache NetBeans و نصب آن در فدورا لینوکس first appeared on طرفداران فدورا.

• Peter Hutterer libinput and 3-finger dragging

  Ready in time for libinput 1.28 [1] and after a number of attempts over the years we now finally have 3-finger dragging in libinput. This is a long-requested feature that allows users to drag by using a 3-finger swipe on the touchpad. Instead of the normal swipe gesture you simply get a button down, pointer motion, button up sequence. Without having to tap or physically click and hold a button, so you might be able to see the appeal right there.

  Now, as with any interaction that relies on the mere handful of fingers that are on our average user's hand, we are starting to have usage overlaps. Since the only difference between a swipe gesture and a 3-finger drag is in the intention of the user (and we can't detect that yet, stay tuned), 3-finger swipes are disabled when 3-finger dragging is enabled. Otherwise it does fit in quite nicely with the rest of the features we have though.

  There really isn't much more to say about the new feature except: It's configurable to work on 4-finger drag too so if you mentally substitute all the threes with fours in this article before re-reading it that would save me having to write another blog post. Thanks.

  [1] "soonish" at the time of writing
  

• Peter Hutterer GNOME 48 and a changed tap-and-drag drag lock behaviour

  This is a heads up as mutter PR!4292 got merged in time for GNOME 48. It (subtly) changes the behaviour of drag lock on touchpads, but (IMO) very much so for the better. Note that this feature is currently not exposed in GNOME Settings so users will have to set it via e.g. the gsettings commandline tool. I don't expect this change to affect many users.

  This is a feature of a feature of a feature, so let's start at the top.

  "Tapping" on touchpads refers to the ability to emulate button presses via short touches ("taps") on the touchpad. When enabled, a single-finger tap corresponds emulates a left mouse button click, a two-finger tap a right button click, etc. Taps are short interactions and to be recognised the finger must be set down and released again within a certain time and not move more than a certain distance. Clicking is useful but it's not everything we do with touchpads.

  "Tap-and-drag" refers to the ability to keep the pointer down so it's possible to drag something while the mouse button is logically down. The sequence required to do this is a tap immediately followed by the finger down (and held down). This will press the left mouse button so that any finger movement results in a drag. Releasing the finger releases the button. This is convenient but especially on large monitors or for users with different-than-whatever-we-guessed-is-average dexterity this can make it hard to drag something to it's final position - a user may run out of touchpad space before the pointer reaches the destination. For those, the tap-and-drag "drag lock" is useful.

  "Drag lock" refers to the ability of keeping the mouse button pressed until "unlocked", even if the finger moves off the touchpads. It's the same sequence as before: tap followed by the finger down and held down. But releasing the finger will not release the mouse button, instead another tap is required to unlock and release the mouse button. The whole sequence thus becomes tap, down, move.... tap with any number of finger releases in between. Sounds (and is) complicated to explain, is quite easy to try and once you're used to it it will feel quite natural.

  The above behaviour is the new behaviour which non-coincidentally also matches the macOS behaviour (if you can find the toggle in the settings, good practice for easter eggs!). The previous behaviour used a timeout instead so the mouse button was released automatically if the finger was up after a certain timeout. This was less predictable and caused issues with users who weren't fast enough. The new "sticky" behaviour resolves this issue and is (alanis morissette-stylue ironically) faster to release (a tap can be performed before the previous timeout would've expired).

  Anyway, TLDR, a feature that very few people use has changed defaults subtly. Bring out the pitchforks!

  As said above, this is currently only accessible via gsettings and the drag-lock behaviour change only takes effect if tapping, tap-and-drag and drag lock are enabled:

    $ gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true
    $ gsettings set org.gnome.desktop.peripherals.touchpad tap-and-drag true
    $ gsettings set org.gnome.desktop.peripherals.touchpad tap-and-drag-lock true
    

  All features above are actually handled by libinput, this is just about a default change in GNOME.