Fedora is a Trademark of Red Hat, Inc, an operating system built by volunteers around the world. This page is provided so that independent volunteers can showcase our contributions to Fedora and Free Software in general. Official Fedora Download page.

RSS Atom

We Make Fedora

February 04, 2026

• Dave Airlie nouveau: a tale of two bugs

  Just to keep up some blogging content, I'll do where did I spend/waste time last couple of weeks.

  I was working on two nouveau kernel bugs in parallel (in between whatever else I was doing).

  Bug 1: Lyude, 2 or 3 weeks ago identified the RTX6000 Ada GPU wasn't resuming from suspend. I plugged in my one and indeed it wasn't. Turned out since we moved to 570 firmware, this has been broken. We started digging down various holes on what changed, sent NVIDIA debug traces to decode for us. NVIDIA identified that suspend was actually failing but the result wasn't getting propogated up. At least the opengpu driver was working properly.

  I started writing patches for all the various differences between nouveau and opengpu in terms of what we send to the firmware, but none of them were making a difference.

  I took a tangent, and decided to try and drop the latest 570.207 firmware into place instead of 570.144. NVIDIA have made attempts to keep the firmware in one stream more ABI stable. 570.207 failed to suspend, but for a different reason.

  It turns out GSP RPC messages have two levels of sequence numbering, one on the command queue, and one on the RPC. We weren't filling in the RPC one, and somewhere in the later 570's someone found a reason to care. Now it turned out whenever we boot on 570 firmware we get a bunch of async msgs from GSP, with the word ASSERT in them with no additional info. Looks like at least some of those messages were due to our missing sequence numbers and fixing that stopped those.

  And then? still didn't suspend/resume. Dug into memory allocations, framebuffer suspend/resume allocations. Until Milos on discord said you did confirm the INTERNAL_FBSR_INIT packet is the same, and indeed it wasn't. There is a flag bEnteringGCOff, which you set if you are entering into graphics off suspend state, however for normal suspend/resume instead of runtime suspend/resume, we shouldn't tell the firmware we are going to gcoff for some reason. Fixing that fixed suspend/resume.

  While I was head down on fixing this, the bug trickled up into a few other places and I had complaints from a laptop vendor and RH internal QA all lined up when I found the fix. The fix is now in drm-misc-fixes.

  Bug 2: A while ago Mary, a nouveau developer, enabled larger pages support in the kernel/mesa for nouveau/nvk. This enables a number of cool things like compression and gives good speedups for games. However Mel, another nvk developer reported random page faults running Vulkan CTS with large pages enabled. Mary produced a workaround which would have violated some locking rules, but showed that there was some race in the page table reference counting. 

  NVIDIA GPUs post pascal, have a concept of a dual page table. At the 64k level you can have two tables, one with 64K entries, and one with 4K entries, and the addresses of both are put in the page directory. The hardware then uses the state of entries in the 64k pages to decide what to do with the 4k entries. nouveau creates these 4k/64k tables dynamically and reference counts them. However the nouveau code was written pre VMBIND, and fully expected the operation ordering to be reference/map/unmap/unreference, and we would always do a complete cycle on 4k before moving to 64k and vice versa. However VMBIND means we delay unrefs to a safe place, which might be after refs happen. Fun things like  ref 4k, map 4k, unmap 4k, ref 64k, map 64k, unref 4k, unmap 64k, unref 64k can happen, and the code just wasn't ready to handle those. Unref on 4k would sometimes overwrite the entry in the 64k table to invalid, even when it was valid. This took a lot of thought and 5 or 6 iterations on ideas before we stopped seeing fails. In the end the main things were to reference count the 4k/64k ref/unref separately, but also the last thing to do a map operation owned the 64k entry, which should conform to how userspace uses this interface.

  The fixes for this are now in drm-misc-next-fixes.

  Thanks to everyone who helped, Lyude/Milos on the suspend/resume, Mary/Mel on the page tables.

   

• Swiss JuristGate JuristGate is for sale: three billion Swiss francs for a domain name

  When the share price of Credit Suisse, one of Switzerland's two top banks, went into its death spiral, the Swiss authorities had some discussions among themselves and the inevitable result of that discussion was the sale of Credit Suisse to their main rival, UBS.

  The public were told that UBS had offered three billion Swiss francs to compensate the shareholders of Credit Suisse for their shares.

  When writing the reports on the JuristGate web site, I've attempted to operate with the highest level of accuracy and integrity. Nonetheless, everybody has their price. If somebody offered me three billion Swiss francs for the domain then I would probably do like Urban Angehrn and Birgit Rutishauser and take a lengthy garden leave.

  In the meantime, to make up for the wayward support from Swiss legal insurance I've started a crowdfunding campaign to resolve one of the disputes relating to Debian. This is vital because we all do a lot of work for Debian and we are all entitled to equal recognition.

  In a previous blog, I looked at the prompt and efficient manner in which Bernice is undertaking enforcement action to protect the public from rogue health practitioners in the State of Victoria.

  Bernice generated a lot of news stories when she banned a social media influencer, Emily Lal, who promoted herself as The Authentic Birthkeeper. Lal had promoted wild birthing. A number of mothers and babies have died around the world when following the advice of social media influencers.

  I don't know how much Bernice gets paid but I found a job vacancy for her deputy. The salary is in the range up to $290,000 per year. That is approximately CHF 160,000 Swiss francs.

  As Bernice is a nurse and keyworkers never get paid what they are really worth I'm guessing her salary is not too much bigger than that.

  The FINMA annual reports reveal the salaries for the CEO and executive team. Urban Angehrn's salary was CHF 602,000. It looks like FINMA pays their CEO three or four times what the State of Victoria pays Bernice.

  We can compare their performance and see how many banning orders each of them has published:

  FINMA (Swiss financial regulator) banning orders: they published 24 bans between 2018 and 2025. Some bans are not reported publicly.

  Health Complaints Commissioner (Victoria) banning orders: Bernice has personally signed over 100 interim or permanent bans since taking office in July 2022.

  This was Urban Angehrn's payout, CHF 581,000, when he resigned at the same time that FINMA published their anonymous decision about Parreaux, Thiebaud & Partners. Clients/victims were offered nothing.

  

   

  Read more of the JuristGate reports.

• Fedora Community Blog Flock CFP Extended to February 8

  The deadline for the Flock 2026 CFP has been extended to February 8.

  We are returning to the heart of Europe (June 14–16) to define the next era of our operating system. Whether you are a kernel hacker, a community organizer, or an emerging local-first AI enthusiast, Flock is where the roadmap for the next year in Fedora gets written.

  If you haven’t submitted yet, here is why you should.

  Why Submit to the Flock 2026 CFP?

  This year isn’t just about maintenance; it is about architecture. As we look toward Fedora Linux 45 and 46, we are also laying the upstream foundation for Enterprise Linux 11. This includes RHEL 11, CentOS Stream 11, EPEL 11, and the downstream rebuilder ecosystem around the projects. The conversations happening in Prague will play a part in the next decade of modern Linux enterprise computing.

  To guide the schedule, we are looking for submissions across our Four Foundations:

  1. Freedom (The Open Frontier)

  How are we pushing the boundaries of what Open Source can do? We are looking for Flock 2026 CFP submissions covering:

  • Open Source AI: PyTorch, vLLM, and the AI supply chain.
  • RISC-V: Enabling Fedora on the next generation of open silicon.
  • Open Hardware: Drivers, firmware, and board support. GPU enablement?

  2. Friends (Our Fedora Story)

  Code is important, but community is critical. We need sessions that focus on the human element:

  • Mentorship: Case studies on moving contributors from “Lurkerâ€� to “Leader.â€�
  • Inclusion: Strategies for building a more globally-inclusive project.
  • Community Ops: The logistics and operations of running a massive global project.

  3. Features (Engineering Core)

  The “Nitty-Gritty� of the distribution. If you work on the tools that build the OS every six months, we want you on stage:

  • Release Engineering: Improvements to Dist-git, packager tools ecosystem, and the build pipeline. Distribution security. Konflux?
  • Quality Assurance: Automated testing and CI/CD workflows.
  • Packaging: Best practices for RPM, Flatpak, and OCI containers.

  4. First (Blueprint for the Future)

  Fedora is “First.� This track is for the visionaries:

  • Strategy: What does Fedora look like in 2028?
  • Downstream Alignment: How upstream changes flow downstream.
  • New Spins: Atomic Desktops, Cloud Native innovations, and new Editions.

  The post Flock CFP Extended to February 8 appeared first on Fedora Community Blog.

• Daniel Pocock Sexism & GNOME: shaming men, hiding women, Sonny Piers update

  On 7 November 2025, I published a blog about how GNOME triple tricked Rosanna Yuen & the community.

  The well known attacks against Sonny Piers started at roughly the same time the men at GNOME decided to employee a second Albanian girl, Anisa Kuci.

  In the November blog, I published this evidence with links to the Wayback machine:

  18 March 2025: Anisa Kuci in the staff list

  28 March 2025: Anisa Kuci hidden from staff list

  Shortly after the November blog published those links, they added Anisa back to the staff list but now they give her the name Anonymous. ( Wayback machine December 2025).

  

   

  Everybody knows who it is.

  

   

  Why do they use the GNOME forum to make a public libel attack against Sonny Piers, a volunteer with 20 years of service but they hide the name of Anisa Kuci from the list of people getting paid?

  Are they trying to hide the fact that an American non-profit organization has sacked all their American staff and replaced them with two Albanian girls?

  Or are they concerned with protecting the identities of lovestruck men in various organizations, including Debian, who gave the same girl a series of highly paid internships and travel opportunities?

  

   

  Read more about the GNOME Foundation descent into scandal.

• Daniel Pocock Behaviour evidence: debian-private cult keyword analysis

  Since the launch of the crowdfunding campaign, various people asked about the real value of debian-private.

  As it is crowdfunding, I can't release the archive until the milestone is reached. People simply have to decide for themselves whether it is worthwhile contributing twenty dollars or fifty euros for a good cause.

  Out of 70,000 debian-private messages, I'm sure most people will see at least one message that makes their contribution worthwhile.

  Nonetheless, to warm up the discussions, I did some frequency analysis on various keywords that appear in the messages. Here it is:

  Keyword	Count
  Jesus	196
  Devil	88
  Hitler	74
  Nazi	337
  Trademark	1091
  RMS	4050
  Stallman	430
  Conspiracy	188
  Snowden	192
  Obama	39
  Trump	282
  Linus	864
  Hacking	296
  Diversity	126
  Google	1007
  Gmail	1052
  Googlemail	18
  IBM	663
  Microsoft	1161
  Military	177
  Langley	4
  GCHQ	9
  MI6	13
  Backdoor	78
  Suicide	36
  Cult	2591
  Sex	582
  Porn	103
  STD	580
  Virgin	142
  Rumour	289
  Rumor	181
  Abuse	1043
  Productivity	70
  Exploitation	81
  Slave	131
  Epstein	???

  Why does MI6 get mentioned more frequently than Langley or GCHQ? Maybe it is the cult of James Bond.

  In the 2006 edition of Casino Royale, Le Chiffre, the villain, is an Albanian.

  Many of the GNOME & Debian scandals in recent years revolve around the funds paid to Albanian women and the Albanian female whistleblowers.

  More blog posts about the lawsuit.

  Please watch the video, share and discuss the crowdfunding campaign to maximize the chance of success.

February 03, 2026

• Stephen Smoogen Generations (take N+1)

   

  Putting some rigour to generations

  Recently a coworker posted that children born this year would be in Generation Beta, and I was like “What? That sounds like too soon…” but then thought “Oh its just that thing when you get older and time flies by.” I saw a couple of articles saying it again, so decided to look at what was on the wikipedia article for generations and saw that yes ‘beta’ was starting.. then I started looking at the lengths of the various generations and went “Hold On”.

  

  Let us break this down in a table:

  Generation	Wikipedia	How Long
  T (lost)	1883-1900	17
  U (greatest)	1901-1927	26
  V (silent)	1928-1945	17
  W (boomer)	1946-1964	18
  X	1965-1980	15
  Y (millenial)	1981-1996	15
  Z	1997-2012	15
  alpha	2013-2025	12
  beta	2026-2039	13
  gamma	2040-???	??

  So it is bad enough that Generation X,Millenials, and Z got shortened from 18 years to 15.. but alpha and beta are now down to 12 and 13? I realize that this is because all of this is a made up construct to make some people born in one age group angry/sad/afraid in another by editors who are needing to sell advertising for things which will solve the feelings of anger, sadness, or fear.. but could you at least be consistent.

  I personally like some order to my starting and ending dates for generations so I am going to update some lists I have put out in the past with newer titles and times. We will use the definiton as outlined at https://en.wikipedia.org/wiki/Generation

  A generation is all of the people born and living at about the same time, regarded collectively.[1] It also is “the average period, generally considered to be about 20–30 years, during which children are born and grow up, become adults, and begin to have children.”

  For the purpose of trying to set eras, I think that the original 18 years for baby boomers makes sense, but the continual shrinkflation of generations after that is pathetic. So here is my proposal for generation ending dates outside. Choose which one you like the best when asked what generation you belong to.

  Generation	Wikipedia	18 Years
  T (lost)	1883-1900	1889-1907
  U (greatest)	1901-1927	1908-1926
  V (silent)	1928-1945	1927-1945
  W (boomer)	1946-1964	1946-1964
  X	1965-1980	1965-1983
  Y (millenial)	1981-1996	1984-2002
  Z	1997-2012	2002-2020
  alpha	2013-2025	2021-2039
  beta	2026-2039	2040-2058
  gamma	2040-???	2059-2077

  (*) I say wikipedia here, but they are basically taking dates from various other sources and putting them together.. which should be seen as more on the statement of social commentators who aren’t good at math.

• Daniel Pocock Collective power: Molly de Blanc, Nicolas Maduro & Debian become defendants in same federal courthouse

  If the open source astroturfing law suit goes to trial, we may see characters like Molly de Blanc arriving on the doorstep of the same US federal courthouse where Venezuala's Nicolas Maduro is about to face trial.

  Remember, it is Molly de Blanc who attended FrOSCon in Germany and told us:

  We can use our collective power to push others

  Reports about the regime of Hugo Chavez and Nicolas Maduro describe a similar philosophy. The Heritage Foundation is one of many organizations to publish some comments on the similarities:

  Maduro and Mamdani: Two Collectivists Check Into Public Housing

  ...

  In the first volume of Capital, first published in 1867, Karl Marx wrote that by acting collectively, individuals would cooperate to create “a new power, namely, the collective power of masses.”

  Only that “new power” just never materializes. Instead, we always get penury and repression. As Marx himself recognized, “All combined labor on a large scale requires, more or less, a directing authority.” That authority is the state, which, because it owns all the means of production, also owns the media and can quash dissent.

  Venezuela itself is Exhibit A of the problems with collectivism and a command economy. It has the world’s largest proven oil reserves, over 300 billion barrels. Its oil production, however, is less than one million barrels a day, about one-fourth what it produced in 1970.

  Controlling the media and quashing dissent is a common theme in rogue open source "communities" today.

  In 2012, Sarah Gail Hunter, University of Georgia, published a masters thesis on the topic "Love and exploitation: personality cults, their characteristics, their creation, and modern examples". She chose three collectivists, Putin (Russia), Castro (Cuba) and Chavez (Venezuala). On Chavez:

  Control of Media

  In order to control his image and his sole claim on the Bolivar myth, Chavez worked to control the Venezuelan media. The power awarded to him, both by the constitution and by his own popularity allowed him to do just that and shut down independent media outlets. An old and very popular television network, RCTV, was closed in May of 2007. Later, another independent station, Globovisión, was closed down. After this, any media outlet that opposed Chavez was either intimidated or closed. Chavez eventually gained a media empire of television networks, radio stations, and newspapers that were used for Chavez propaganda and to discredit the opposition. Chavez now owns a majority share in the one opposition media outlet (Krauze, 2011). Freedom House also rates Venezuela as “Not Free”

  One of the more repugnant talks Molly de Blanc gave us was on the same theme, "Enforcing" the Code of Conduct gaslighting, in other words, shutting down independent media and enforcing groupthink on the population.

  

   

  When Molly de Blanc encouraged the use of "collective power", she gave us a slide with a hand-drawn diagram of three users pushing a developer.

  When three or more people gang up on a small business owner in America, they commit the felony crime of civil disorder. Therefore, it is entirely appropriate for her to explain her plans in federal court.

  

   

  More blog posts about the lawsuit.

  Please watch the video, share and discuss the crowdfunding campaign to maximize the chance of success.

• Daniel Pocock Hacker News (Y-Combinator) censored Google/Debian astroturfing lawsuit

  The crowdfunding campaign and video was only launched a few hours ago and some misfit at Hacker News (Y-Combinator) has already decided it is "dead".

  What an odd comment to make when the lawsuit concerns a volunteer who died on our wedding day. Read the detailed story of the death of Adrian von Bidder-Senn.

  Link to censored article on Hacker News.

  

  If you click now, it is replaced by "dead":

  

  Misfits have gone to great lengths to try and have the topic censored. Therefore, it is vital for people to share it by email and direct messages. Don't rely on social control media platforms because they are compromised now.

  Please share this link:

  https://www.givesendgo.com/censorship-privacy

  More blog posts about the lawsuit.

  Please watch the video, share and discuss the crowdfunding campaign to maximize the chance of success.

• Fedora fans دانلود و راه‌اندازی Psiphon Conduit؛ ابزار قدرتمند ضد سانسور اینترنت

  

  Psiphon Conduit یک پروژه متن‌باز است که توسط شرکت Psiphon Inc توسعه یافته و بر پایه‌ی هسته‌ی تونلینگ Psiphon (psiphon-tunnel-core) ساخته شده است. این پروژه شامل یک کلاینت موبایل و CLI کراس‌پلتفرم برای ایجاد تونل و پروکسی است که با هدف دور‌ زدن سانسور اینترنت و افزایش دسترسی آزاد به اینترنت طراحی شده است. برخی […]

  The post دانلود و راه‌اندازی Psiphon Conduit؛ ابزار قدرتمند ضد سانسور اینترنت first appeared on طرفداران فدورا.

• Daniel Pocock $15 billion lawsuit: Ubuntu, Google & Debian crowdfunding campaign launch

  Chris Lamb finished his term as Debian Project Leader in April 2019 but his attacks on my family and I continue to this day. After numerous legal disputes and resignations, including the fall of the Swiss financial regulator's deputy CEO, ten thousand Swiss francs for our black cats ( harassment judgment in Zurich, Switzerland) and an abuse verdict against IBM Red Hat, the latest lawsuit has something for everybody.

  President Trump sued the New York Times for $15 billion. I felt this was a safe figure to ask from Google and others who have interfered in democracy, starting when the Fellowship elected me in the FSFE.

  Obviously it is too much money for one person. If I was to receive any sizeable sum of compensation then it will be re-invested in high quality open source software projects for the real community, not the fake communities.

  To get there, we need lawyers to conduct depositions and go through the murky financial records of non-profit organizations who systematically distribute defamation about their own volunteers.

  The recent Techrights legal dispute failed because of insufficient funds for the Techrights legal fees. The judge wrote in her judgment that if Techrights had money to pay for lawyers and witnesses they could have provided more evidence and the result may have been different. The truth of this is obvious when you look at all the hidden messages I found where Dr Matthew Garrett used his University of Cambridge email address to libel Dr Jacob Appelbaum with false rape accusations.

  Back to that ridiculous sum of $15 billion. Who would look at that sum and not think it is ridiculous? Being ridiculous is the problem. In a previous blog post, I found the secret email about the first time Debianists used money to recruit a transgender. Now the Zizian mentality is wrecking Debian. Now we rewind to the privacy question that made certain people go nuts in 2018. Was Sonny Piers subject to his lynching in the GNOME "community" for uttering similar comments? Subjecting people to false gossip about abuse for simply asking questions like these is even more ridiculous than a $15 billion law suit.

  Subject: Re: [Outreachy] Outreachy Zulip chat?
  Date: Mon, 22 Jan 2018 22:44:21 +0100
  From: Daniel Pocock <daniel@pocock.pro>
  To: mentors@lists.outreachy.org
  
  
  
  On 22/01/18 22:38, Jim Hall wrote:
  > On Mon, Jan 22, 2018 at 3:03 PM, Daniel Pocock  wrote:
  >>
  >>
  >> On 22/01/18 21:17, Outreachy Organizers wrote:
  >>> On Mon, Jan 22, 2018 at 08:27:27PM +0100, Daniel Pocock wrote:
  >>>>
  >>>>
  >>>> On 22/01/18 19:40, Outreachy Organizers wrote:
  >>>>> On Mon, Jan 22, 2018 at 07:05:18PM +0100, Daniel Pocock wrote:
  >>>>>>
  >>>>>>
  >>>>>> On 22/01/18 18:28, Outreachy Organizers wrote:
  >>>>> Email is problematic because:
  >>>>>
  >>>>> 1. Gmail promotions tab. Seriously. This is the absolute bane of my
  >>>>> existence. Email from the Outreachy mailing list gets filtered into a
  >>>>> tab no one checks or acts on. I constantly have to send individual email
  >>>>> to mentors and coordinators because I know Gmail filters the mail from
  >>>>> the mailing list.
  >>>>>
  >>>>
  >>>> That is a Google defect
  >>>>
  >>>> I've been thinking about configuring my mail server to block all email
  >>>> from gmail users so they have to finally get a serious mail service.
  >>>>
  >>>> For example, it is quite easy to configure a mail server to send an
  >>>> official bounce message that contains the text "the person you are
  >>>> trying to contact hasn't accepted Google's non-privacy policy.  Please
  >>>> try sending the email from a regular email provider"
  >>>>
  >>>> If this cuts 50% of the applications I receive from interns then it will
  >>>> give me more time to focus on the other 50%
  >>>>
  >>>> https://danielpocock.com/unpaid-work-training-googles-spam-filters/
  >>>
  >>> I think you're being particularly harsh on Outreachy applicants. Most
  >>> won't have heard of other email providers than Gmail, let alone have the
  >>> of-pocket-money, volunteer time, server resources, and the stable internet
  >>> required to run their own email server.
  >>>
  >>
  >> They don't need to run a server, we could easily give them links to
  >> three alternatives, or others if people don't feel comfortable with these:
  >>
  >> https://riseup.net/
  >> https://mail.protonmail.com/login
  >> https://tutanota.com/
  >>
  >>
  >>> In the past Outreachy round, 297 out of 381 applicants used Gmail. Of
  >>> the 42 interns who were accepted, 39 interns used Gmail, including two
  >>> out of three of the Debian interns.
  >>>
  >>> If you implemented your filters, you would be working with less than 23%
  >>> of applicants, and you would probably shoot yourself in the foot, since
  >>> 92% of the accepted interns use Gmail.
  >>>
  >>
  >> Thanks for providing these stats.  It doesn't surprise me but stats
  >> aren't everything.
  >>
  >> The person who is able to take a little initiative and change their
  >> email provider may be harder to find but they may also be a good role
  >> model for other people in future.
  >>
  >>> Unfortunately, Gmail is a necessary evil that we have to work with in
  >>> order to reach people from groups under-represented in tech. We can't
  >>> force them to sign up for a new email provider just to apply to an
  >>> internship program.
  > 
  > 
  > This discussion seems to have turned a corner and comments are now
  > increasingly hostile to people who use Gmail. A lot of people use
  > Gmail, and a lot of people use other email providers. You don't like
  > Gmail. Fine. I get it. But this discussion about how Gmail users are
  > unwashed masses isn't a great way to welcome new contributors to open
  > source software projects, including Outreachy.
  > 
  > Can we skip the rest of the Gmail conversation?
  > 
  
  Nobody said anything like that about gmail users, the criticism is aimed
  at gmail / Google and the reason for that is that their filtering is
  having a bad impact on Outreachy communications to interns.  That is
  quite objective.
  
  I assume many people are not using gmail because they are from the
  "unwashed masses" but because they never really thought about it before
  and maybe it was a default with some phone they bought.  Outreachy is a
  great place for them to think about things like that in a supportive
  environment.
  
  Regards,
  
  Daniel
  

  Sage Sharp went completely nuts and started the lynchings even before Google Summer of Code (GSoC) began.

  Notice how I make some comments about the privacy of our interns and helping them migrate away from Googlism. Reactionaries like Sage Sharp and the Zizian mindset take some small comment like that and blow it out of all proportion, accusing me of "contempt" towards Gmail victims, when it is obvious I was only trying to help the Gmail victims.

  Subject: Re: [Outreachy] Outreachy Zulip chat?
  Date: Tue, 23 Jan 2018 17:20:08 +0100
  From: Daniel Pocock <daniel@pocock.pro>
  To: Outreachy Organizers <organizers@outreachy.org>
  CC: mentors@lists.outreachy.org
  
  
  
  On 23/01/18 17:07, Outreachy Organizers wrote:
  
  > Daniel, you have consistently shown contempt towards Gmail users,
  > including threatening to stop working with Outreachy interns who use
  > Gmail. Stop this conversation now.
  >
  
  
  I wish I could say "stop" to all those Google people who show contempt
  for the privacy of their users.
  
  For clarity, I would not pull the plug on communication with gmail users
  in the middle of an internship.
  
  Regards,
  
  Daniel
  

  For saying "stop", or "no", Sage Sharp and the Zizian brigade escalated the dispute. They demand that I be a slave and work, without pay and without speaking:

  Subject: Suspension from the Outreachy mentors mailing list
  Date: Fri, 26 Jan 2018 10:28:58 +0530
  From: Chris Lamb <lamby@debian.org>
  To: daniel@pocock.pro
  CC: Outreachy Organizers <organizers@outreachy.org>, mollydb <deblanc@riseup.net>, Karen Sandler <karen@sfconservancy.org>, Marina Zhurakhinskaya <marinaz@redhat.com>, Cindy Pallares-Quezada <cindy.pallaresq@gmail.com>, Tony Sebro <aksebro@gmail.com>, leader@debian.org
  
  Dear Daniel,
  
  It is with great regret and sadness that I am contacting you on this
  topic.
  
  Over the past six months — and especially over the past week — the
  
  Outreachy organisers have noticed several instances of behaviour that
  are not in line with the program's goals and values.
  
  As a consequence, the Outreachy organisers have banned you from
  participating in the mentors mailing list until 5th March 2018.
  
  You are welcome to continue to mentor Renata until her internship ends
  on 5th March. You also are welcome to communicate directly with Outreachy
  organisers about any concerns you have with Renata's internship and any
  mid-point or final feedback.
  
  All other communication must go through Molly.
  
  [ ... snip the gaslighting ... ]
  

  What does "behaviour" mean? The people who prostitute themselves for Google can make that choice for themselves. Spreading rumours about the behaviour of those who say "stop" is abhorrent.

  The intern I had selected, Renata D'Avila, had also used her blog to tell people she felt uncomfortable with the behaviour of the men at Google. Their behaviour, not my behaviour, is the real problem. They simply disappeared Renata too.

  There are lots of interesting articles online about the importance of your behaviour when you you are being raped. Should you fight your rapist or should you let them have their way with you in the interest of survival?

  Reading the victim impact statement from Stephen Milne's victim, she told the court how she kept saying no but Milne kept pushing. Just like the Googlists imposing themselves through the cruel words of Chris Lamb.

  Lamb spent most of 2018 plotting against my family and finally manipulated the mafiosi Enrico Zini to intimidate and insult me with this message. However, it started when I raised questions about Google Gmail surveillance of our interns.

  Subject: Revoking Debian Developer status
  Date: Thu, 20 Sep 2018 17:44:32 +0200
  From: Enrico Zini <enrico@enricozini.org>
  To: Daniel Pocock <pocock@debian.org>
  CC: da-manager@debian.org
  
  Hello Daniel,
  
  It has been brought to our attention that you have been involved in a
  number of complaints and incidents, related to work you do in your role
  as a Debian Developer.
  
  Both Outreachy and Google have raised concerns about your interactions
  with their communities while representing Debian. You were initially
  reprimanded in October 2017 by Outreachy, and then suspended from the
  mentors mailing list in January 2018 because you did not change the way
  you contributed.
  
  [ ... snip the gaslighting ... ]
  

  I told Google to "stop" and they didn't listen. No means No. Should we fight the rapist or should we roll over for them? The $15 billion lawsuit is a decision to fight the rapist / googlist / zizian behaviour of these bullies.

  More blog posts about the lawsuit.

  Please watch the video, share and discuss the crowdfunding campaign to maximize the chance of success.

February 02, 2026

• Fedora Community Blog Desktop Test Days: A week for KDE and another for GNOME

  Desktop Test Days: A week for KDE and another for GNOME

  Two Test Days are planned for upcoming desktop releases: KDE Plasma 6.6 on 2026-02-02 and GNOME 50 on 2026-02-11.

  Join the KDE Plasma 6.6 Test Day on February 2nd to help us refine the latest Plasma features: https://fedoraproject.org/wiki/Test_Day:2026-02-02_KDE_Plasma_6.6

  Help polish the next generation of the GNOME desktop during the GNOME 50 Test Day on February 11th: https://fedoraproject.org/wiki/Test_Day:2026-02-11_GNOME_50_Desktop

  You can contribute to a stable Fedora release by testing these new environments and reporting your results.

  The post Desktop Test Days: A week for KDE and another for GNOME appeared first on Fedora Community Blog.

January 31, 2026

• Kevin Fenzi misc fedora bits for end of jan 2026

  

  Another busy week for me. There's been less new work coming in, so it's been a great chance to catch up on backlog and get things done.

  rdu2cc to rdu3 datacenter move cleanup

  In december, just before the holidays almost all of our hardware from the old rdu2 community cage was moved to our new rdu3 datacenter. We got everything that was end user visible moved and working before the break, but that still left a number of things to clean up and fully bring back up. So, this last week I tried to focus on that.

  • There were 2 copr builder hypervisors that were moved fine, but their 10GB network cards just didn't work. We tried all kinds of things, but in the end just asked for replacement ones. Those quickly arrived this week and were installed. One of them just worked fine, the other one I had to tweak with settings, but finally got it working too, so both of those are back online and reinstalled with RHEL10.

  • We had a bunch of problems getting into the storinator device that was moved, and in the end the reason why was simple: It was not our storinator at all, but a centos one that was decomissioned. They are moving the right one in a few weeks.

  • There were a few firewall rules to get updated and ansible config to get things all green in that new vlan. That should be all in place now.

  • There is still one puzzling ipv6 routing issue for the copr power9's. Still trying to figure that out. https://forge.fedoraproject.org/infra/tickets/issues/13085

  mass update/reboot cycle

  This week we also did a mass update/reboot cycle over all our machines. Due to the holidays and various scheduling stuff we hadn't done one for almost 2 months, so it was overdue.

  There were a number of minor issues, many of which we knew about and a few we didn't:

  • On RHEL10 hosts, you have to update redhat-release first then the rest of the updates, because the post quantium crypto on new packages needs the keys in redhat-release. ;(

  • docker-distribution 3.0.0 is really really slow in our infra, and also switches to using a unpriv user instead of root. We downgraded back for now.

  • anubis didn't start right on our download servers. Fixed that.

  • A few things that got 'stuck' trying to listen to amqp messages when the rabbitmq cluster was rebooting.

  This time also we applied all the pending firmware updates to all the x86 servers at least. That caused reboots to take ~20min or so on those servers as they applied, causing the outage to be longer and more disruptive than we would like, but it's nice to be fully up to date on firmware again.

  Overall it went pretty smoothly. Thanks to James Anthill for planning and running most all the updates.

  Some homeassistant fun

  I'm a bit behind on posting some reviews of new devices added to my home assistant setup and will try and write those up soon, but as a preview:

  • I got a https://shop.hydrificwater.com/pages/buy-droplet installed in our pumphouse. Pretty nice to see exact flow/usage of all our house water. There's some anoyances tho.

  • I got a continous glucose monitor and set it up with juggluco (open source android app), which writes to health connect on my phone, and the android home assistant app reads it and exposes it as a sensor. So, now I have pretty graphs, and also figured out some nice ways to track related things.

  • I've got a solar install coming in the next few months, will share how managing all that looks in home assistant. Should be pretty nice.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/115991151489074594

• Fedora fans آموزش و معرفی Snowflake Tor برای عبور از محدودیت‌های اینترنت

  

  پروژه Snowflake یک فناوری ضدسانسور از پروژه Tor است که به کاربران کمک می‌کند حتی در کشورها یا شبکه‌هایی که Tor مسدود شده، به اینترنت آزاد و شبکه Tor متصل شوند. چند ویژگی‌ مهم Snowflake: یک Pluggable Transport برای Tor است که ترافیک را طوری پنهان می‌کند که شناسایی و فیلتر آن سخت‌تر شود. ارتباطات […]

  The post آموزش و معرفی Snowflake Tor برای عبور از محدودیت‌های اینترنت first appeared on طرفداران فدورا.

January 30, 2026

• Adam Young Stacking Protocols

  I find myself writing a program in C that is supposed to handle multiple protocols. At its entry point, the protocol is Platform Communication Channel (extended memory, type 3 and type 4). Embedded in that is an Management Component Transport Protocol (MCTP) message, and embedded in that is one of many different protocols.
  
  I might want to swap out the PCC layer in the future for….something else. MCTP can come over many different protocols, so there is a good be that the tool will be more useful if it can assume that the protocol outside of the MCTP layer is something other than MCTP.
  
  One problem I have is that the MCTP header does not have a length field. We do not not know how long the payload is; all it has is version, source, destination, and flags. Thus, if we want to pass a buffer of type MCTP header along, and we want the length, we need to pass it in a separate field. This goes both for incoming (how many bytes to read) and outgoing (how many bytes to write).

  My initial thought on writing this layer is to have a request/response pair for each layer of the protocol. For PCC, I could just do this. For all the other internal ones, I would need to pass length in and length out for each handler. Length in will not change, but length out might, so this needs to be passed as pointer. This leads to functions that look like this:

  void handle_mctp_control_message(struct mctp_hdr * mctp_req,  int req_len,  struct mctp_hdr * mctp_resp,  int *resp_len)
  {
  
  }

  I will also need to be converting from outer protocols to inner protocols. So I will need code like this:

  struct mctp_hdr * mctp_req  = (struct mctp_hdr *)pcc_req->buffer_start;
  int mctp_req_len = pcc_req->length - sizeof(MCTP_SIGNATURE);
  struct mctp_hdr * mctp_rsp  = (struct mctp_hdr *)pcc_rsp->buffer_start;

  The outgoing length would be initialized to 0, and grow as each later of the protocol stack adds its own data. However, I am planning on pre-allocating the buffer, and just passing a pointer to the location where the protocol is supposed to write its data. IN order to confirm we don’t want to write past the end of the function, we will have to pass the overall buffer length in, maybe shortened by the amount we need to reserve for the outer headers.

  If each protocol header had a smart pointer, I could pass those around instead. Something like:

  struct pcc_header_p {
      struct pcc_header * header;
      int buffer_length;
  }
  
  struct mctp_header_p {
      struct mctp_header * header;
      int length;
      int buffer_length;
  }

  Then it would be fairly easy to write a function that, given an *pcc_header_p populates a struct mctp_header_p that points to it.

  void pcc_2_mctp(struct pcc_header_p *pcc, struct mctp_header_p *mctp)
  {
     mctp->header = (struct mctp_header *)pcc->header[sizeof struct pcc_header];
     mctp->len =  pcc->header.length - sizeof(MCTP_SIGNATURE);
     mctp->buffer_length = pcc->buffer->length - sizof(struct pcc_header);
       
  }

  This seems like it would benefit from a set of preprocesser Macros. I know that Qemu does something like this. But for a first pass, I think I can just code it up like this.

• Ankur Sinha "FranciscoD" Building an AI assistant for computational modelling with NeuroML

  Brain models are hard to build

  While experiments remain the primary method by which we neuroscientists gather information on the brain, we still rely on theory and models to combine experimental observations into unified theories. Models allow us to modify and record from all components, and they allow us to simulate various conditions---all of which is quite hard to do in experiments.

  Researchers model the brain at multiple levels of detail depending on what it is they are looking to study. Biologically detailed models, where we include all the biological mechanisms that we know of---detailed neuronal morphologies and ionic conductances---are important for us to understand the mechanisms underlying emergent behaviours.

  These detailed models are complex and difficult to work with. NeuroML, a standard and software ecosystem for computational modelling in Neuroscience, aims to help by making models easier to work with. The standard provides ready-to-use model components and models can be validated before they are simulated. NeuroML is also simulator independent, which allows researchers to create a model and run it using a supported simulation engine of choice.

  

  In spite of NeuroML and other community developed tools, a bottleneck remains. In addition to the biology and biophysics, to build and run models, one also needs to know modelling/simulation and related software development practices. This is a lot, presents quite a steep learning curve and makes modelling less accessible to researchers.

  LLM based assistants provide a possible solution

  LLMs allow users to interact with complex systems using natural language by mapping user queries to relevant concepts and context. This makes it possible to use LLMs as an interface layer where researchers can continue to use their own terminology and domain-specific language, rather than first learning a new tool's vocabulary. They can ask general questions, interactively explore concepts through a chat interface, and slowly build up their knowledge.

  We are currently leveraging LLMs in two ways.

  RAG

  The first way we are using LLMs is to make it easier for people to query information about NeuroML.

  As a first implementation, we queried standard LLMs (ChatGPT/Gemini/Claude) for information. While this seemingly worked well and the responses sounded correct, given that LLMs have a tendency to hallucinate, there was no way to ensure that the generated responses were factually correct.

  This is a well known issue with LLMs, and the current industry solution for building knowledge systems using LLMs with correctness in mind is the RAG system. In a RAG system, instead of the LLM answering a user query using its own trained data, the LLM is provided with curated data from an information store and asked to generate a response strictly based on it. This helps to limit the response to known correct data, and greatly improves the quality of the responses. RAGs can still generate errors, though, since their responses are only as good as the underlying sources and prompts used, but they perform better than off-the-shelf LLMs.

  For NeuroML we use the following sources of verified information:

  • the documentation from https://docs.neuroml.org
  • NeuroML publications
  • other sources, such as well validated models from our Open Source Brain platform

  I have spent the past couple of months creating a RAG for NeuroML. The code lives here on GitHub and a test deployment is here on HuggingFace. It works well, so we consider it stable and ready for use.

  Here is a quick demo screen cast:

  We haven't dedicated too many resources to the HuggingFace instance, though, as it's meant to be a demo only. If you do wish to use it extensively, a more robust way is to run it locally on your computer. If you have the hardware, you can use it completely offline by using locally installed models via Ollama (as I do on my Fedora Linux installation). If not, you can also use any of the standard models, either directly, or via other providers like HuggingFace.

  The package can be installed using pip, and more instructions on installation and configuration is included in the package Readme. Please do use it and provide feedback on how we can improve it.

  Implementation notes (for those interested)

  The RAG system is implemented as a Python package using LangChain/LangGraph. The "LangGraph" for the system is shown below. We use the LLM to generate a search query for the retrieval step, and we also include an evaluator node that checks if the generated response is good enough---whether it uses the context, answers the query, and is complete. If not, we iterate to either get more data from the store, to regenerate a better response, or to generate a new query.

  

  The RAG system exposes a REST API (using FastAPI) and can be used via any clients. A couple are provided---a command line interface and a Streamlit based web interface (shown in the demo video).

  The RAG system is designed to be generic. Using configuration files, one can specify what domains the system is to answer questions about, and provide vector stores for each domain. So, you can also use it for your own, non-NeuroML, purposes.

  Model generation and simulation

  The second way in which we are looking to accelerate modelling using LLMs is by using them to help researchers build and simulate models.

  Unfortunately, off-the-shelf LLMs don't do well when generating NeuroML code, even though they are consistently getting better at generating standard programming language code. In my testing, they tended to write "correct Python", but mixed up lots of different libraries with NeuroML APIs. This is likely because there isn't so much NeuroML Python code out there for LLMs to "learn" from during their training.

  One option is for us to fine tune a model with NeuroML examples, but this is quite an undertaking. We currently don't have access to the infrastructure required to do this, and even if we did, we will still need to generate synthetic NeuroML examples for the fine-tuning. Finally, we would need to publish/host/deploy the model for the community to use.

  An alternative, with function/tool calls becoming the norm in LLMs, is to set up a LLM based agentic code generation workflow.

  Unlike a free-flowing general-purpose programming language like Python, NeuroML has a formally defined schema which models can be validated against. Each model component fits in at a particular place, and each parameter is clearly defined in terms of its units and significance. NeuroML provides multiple levels of validation that give the user specific, detailed feedback when a model component is found to be invalid. Further, the NeuroML libraries already include functions to validate models, read and write them, and to simulate them using different simulation engines.

  These features lend themselves nicely to a workflow in which an LLM iteratively generates small NeuroML components, validates them, and refines them based on structured feedback. This is currently a work in progress in a separate package.

  I plan to write a follow up post on this once I have a working prototype.

  ---

  While being mindful of the hype around LLMs/AI, we do believe that these tools can accelerate science by removing/reducing some common accessibility barriers. They're certainly worth experimenting with, and I am hopeful that the modelling/simulation pipeline will help experimentalists that would like to integrate modelling in their work do so, completing the neuroscience research loop.

• Swiss JuristGate MIT DEDP MicroMasters online learner's blog post about cover-up linked to resignation of Swiss financial regulator

  MIT's DEDP MicroMasters is about Data, Economics and Development Policy. It was recently renamed, Data Economics & Design of Policy although the focus remains on developing countries, not rich countries like Switzerland. From time to time, I've seen people asking what a MicroMasters certificate is really worth. Ironically, that would be a great question for an MIT economist to answer.

  In one of the modules, 14.750x Political Economy, Prof Ben Olken begins by asking the online learners to read papers Hit or Miss? The Effect of Assassinations on Institutions and War and Do leaders matter? National leadership and growth since world war II. The above average rate of assassinations for people with this job category is used to give us insights. There is nothing in the paper about leaders kidnapped by President Trump. Trump himself was nearly assassinated before his own return to office. The paper is available online.

  

   

  In earlier blogs, we were able to prove the anonymous document on the FINMA web site relates to Parreaux, Thiébaud & Partners, Switzerland's "Law Firm X". From there, we were able to prove that FINMA, the regulatory authority knew about it for some years and the Geneva bar association also seemed to know for a long time.

  In the world of abuse, it seems that priests knew some of their colleagues were paedophiles but they have a code of conduct, the Crimen Sollicitationis which prevented priests from warning the public about their own colleagues. The Swiss jurists from the bar association and officials from FINMA appeared to be operating from the same playbook. Those who knew about the scandal didn't tell the clients. They put the reputation of their profession and the privacy of rogue colleagues ahead of the interests of public safety and justice.

  We then went the next step, showing that FINMA participated in a cover-up. Reports on this web site meticulously reverse-engineering their cover-up tactics.

  From the moment the illegal legal insurance launched in 2018, Birgit Rutishauser had been head of FINMA's surveillance of the insurance industry.

  Rutishauser is a graduate of ETH Zurich. Many of the attacks on my family revolve around the death of Adrian von Bidder-Senn on our wedding day. He was also an ETH Zurich graduate like Rutishauser. Just as the priests and the jurists have sought to maintain strict silence about the wrongdoing of colleagues, it seems the ETH Zurich alumni are maintaining silence. After all, Adrian von Bidder-Senn's wife obtained a PhD in cybersecurity from the same institution but looking at the last email she sent to the Debianists, we can see that Dr Diana von Bidder-Senn failed to realize the extent to which her husband was a victim of social engineering. Dr von Bidder-Senn is now the mayor of Basel.

  When Rutishauser was appointed in 2018, FINMA published the following comments about her background:

  The 46-year-old mathematician and actuary has managed the Risk Management section of the Insurance division since June 2016. Prior to joining FINMA, Birgit Rutishauser spent many years working in a variety of management roles within the insurance sector, most recently as Chief Underwriting & Risk Management Officer at Nationale Suisse and, as such, a member of the Group Executive Management Board. Birgit Rutishauser is a Swiss citizen.

  Rutishauser had also worked for Zurich insurance, the same company where Urban Angehrn had worked prior to joining FINMA.

  By comparison, I am a holder of the MIT MicroMasters diploma in Data, Economics & Development Policy (DEDP). Well, I also worked for a few banks too. UBS in Zurich provided a reference letter:

  

   

  Competitors and cyberbullies have spent an enormous amount of effort trying to trick people to believe that I'm a mentally ill person who only pretends to be a developer:

  Subject: Re: Open Letter to Debian election candidates about Debian vendettas
  Date: Sun, 20 Mar 2022 21:00:02 +0900
  From: Hideki Yamane <henrich@iijmio-mail.jp>
  To: Daniel Pocock <daniel@pocock.pro>
  CC: debian-devel@lists.debian.org
  
  Hi,
  
   [ ... snip gaslighting ... ]
  
   Before talking, you should get counseling for a while since it seems that
   you have some cognitive troubles now. You'd be better to hear about your
   opinion and current your mind status from professional 3rd parties, not Debian.
   (If they say you're very healthy and good, then that's good. Don't you think so?)
  
   Without that, we cannot make a constructive conversation.
    As I said in my platform, "Be calm, stay cool, stay safe" - Hope you stay "cool"
   a bit with help from professionals, and you would to be able to a "contributor"
   to floss again.
  
  
   Life is short - to waste our time for fighting. Let's make more values for users.
  
  
  -- 
  Hideki Yamane <henrich@iijmio-mail.jp>
  

  The rumours about mental illness were obviously falsified. Nonetheless, it is important to remember they started falsifying these things at a time when I lost two family members. Is it an example of cybertorture or is it simply an example of how rude these people are after spending too much time in social control media?

  Is it possible that a mentally ill fake developer with a MicroMasters was able to write a blog post that brought down the Deputy CEO of the Swiss financial market regulator?

  Rather than finding me to be insane, Switzerland granted me citizenship in the Canton of Vaud in November 2023:

  

   

  Early 2024, I came across a photo of Switzerland's attorney general visiting his peers at the Parquet National Financier in Paris, France to talk about cross-border crime. The illegal legal insurance was an example of cross-border crime because they recruited people from France to work for them and they promoted the insurance to French residents.

  The meeting and photo has since been removed from the PNF web site but it can be found in the Wayback Machine.

  Rencontre avec M. Stefan Blättler, procureur général de la Confédération helvétique

  Le 13 février, les quatre chefs de juridiction du tribunal judiciaire de Paris ont reçu M. Stefan Blättler, procureur général de la Confédération helvétique.

  Ces échanges stratégiques ont permis d’aborder les questions d’entraide pénale internationale et de lutte contre la criminalité organisée, le terrorisme, les crimes contre l'humanité et la délinquance financière.

  Ils ont été l’occasion de rappeler la détermination commune des autorités judiciaires françaises et helvétiques à lutter contre les formes complexes de criminalité et de réaffirmer le caractère essentiel d'un dialogue soutenu et cordial entre pays voisins, partageant une frontière et une relation longue.

  

   

  I wrote to the PNF and sent them some of the documents. This was their reply:

  

   

  The PNF, like me, suspects that a crime was committed under French law but for technical reasons, they require a French citizen to bring a formal complaint to a local prosecutor first. The law in France would see me as a witness to the crime.

  Later in 2024, I acquired the domain name www.michaelmcgrath.ie, that is the former domain name of Michael McGrath, the EU Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection.

  I used the EU Justice Commissioner's former domain name to publish information about the cross-border crime from the Swiss jurists.

  

   

  The blogs published between January and March 2025 continue to build the case that FINMA not only knew about the illegal legal insurance but they also had a role in the cover-up.

  The blog published on 8 March 2025, International Women's Day, considered the case of a French woman who was tricked to quit the job she had for seven years and come to work for the Swiss jurists in Geneva selling illegal legal insurance.

  On 27 March 2025, I was discussing the case with an expert in Paris at the same time the BBC was interviewing former Archbishop of Canterbury Justin Welby about the cover-up of their jurist John Smyth QC. In the meeting in Paris, I was asked if there was a link between the paedophiles and the jurists. The BBC's report only appeared after the meeting and it prompted me to write a new blog post about the culture of cover-ups.

  When famed whistleblower Trevor Kitchen exposed the Forex scandal, he didn't go as far as comparing anybody to a paedophile, nonetheless, they had him arrested in Portugal and tried to have him extradited back to Switzerland for criminal speech.

  Finance chief who exposed currency scandal fights Swiss extradition bid for criminal defamation

  ...

  Mr Kitchen, who worked as a financial controller for companies including Shell, Castrol and Black and Decker, lost his 700,000 franc pension due to the rigged currency fluctuations.

  ...

  “Because I had specialised in finance all my life understanding policies and procedures in companies, I went and reported this to all the regulators,” he said.

  Toby Cadman, head and co-founder of Guernica 37 International Justice Chambers, who is working pro bono for Mr Kitchen, said: “If he was in the UK, this would not even get past the issuing of a warrant, let alone the extradition process.

  ...

  He was arrested by Portuguese police on January 19 and taken for questioning. “It was all maximum security stuff. Six policemen were around me and took me into a small room and told me to take all my clothes off. They threw me in prison for 48 hours all because of the words I used,” he said.

  The Swiss embassy has been contacted for comment.

  Yet Swiss authorities have made no such move against me. Without admitting or denying any of the allegations on this web site, Birgit Rutishauser's resignation was announced on 1 April 2025, barely two days after the strongest blog post about the complicity of the authorities in the cover-up.

  First of all, FINMA published a notice about Rutishauser's resignation.

  The same day, FINMA published a longer notice about their restructuring. The notice included a paragraph emphasizing that Birgit Rutishauser's departure was not part of the restructuring. In other words, there is some other specific reason she has chosen to tender her resignation and they are not going to give us any more detail about it.

  FINMA adapts its organisation to meet future challenges

  ...

  Independently of the introduction of the new organisational structure, Birgit Rutishauser, member of the Executive Board, Deputy CEO and Head of the Insurance division, has decided to leave FINMA. Vera Carspecken will assume the leadership of the Insurance division on an interim basis from 1 May 2025 (see separate press release of 1 April 2025).

  Somebody with so many years of service would normally be entitled to three months of notice period. The abrupt departure of Martin Senn from Zurich insurance was referred to as a factor in his suicide. However, it is also possible that Rutishauser was placed on an extended period of garden leave to prevent her from immediately being able to use confidential information she has acquired in the course of her duties.

  Rutishauser's LinkedIn profile tells us she is now at StenFo, that is the fund for a Swiss nuclear dump.

  All the waste from five decades of Swiss nuclear programs is currently stored in a temporary facility at Zwilag. If they ever try to build a permanent underground storage facility there will be a referendum to stop it. It just sits in the temporary facility for the time being:

  

   

  

   

  President Putin frequently reminds the world about nuclear punishments. What we see here is the power of nuclear teamwork.

  Fifty percent of Swiss nuclear fuel comes from Russia, twenty five percent from Canada and twenty five percent was mined in Australia, where I was born.

  After leaving her post as second in command at FINMA, head of the insurance division, Rutishauser enrolled at IMD, a well known Swiss business school, where she was awarded a certificate in blockchain.

  

   

  While there are some companies doing completely legitimate projects with blockchain, it is ironic that the scammers who had been allowed to operate for years under FINMA have also pursued a new career path promoting cryptocurrency "investment" to victims in France.

  I started the Software Freedom Institute in May 2021 in the middle of the pandemic. Many people were not working at all. I could have chosen not to work and claimed furlough payments from the government. Instead, by working, I was paying tax and contributing money to the social security system to support the rest of society.

  I purchased and paid for various insurance services to protect the business. Invoices for Parreaux, Thiebaud & Partners legal services. When IBM Red Hat attacked my business, the Swiss legal protection did nothing to help. The ADR Forum legal panel eventually gave a ruling against IBM Red Hat, declaring that I was a victim of harassment from a much larger company/competitor.

  Likewise, after the conviction of Cardinal George Pell, rogue Debianists attacked my family with rumours about abuse and they attacked us again after I founded the Software Freedom Institute. The Swiss jurists did nothing to help. I went to Italy by myself to speak to the Carabinieri and after years of inquiries, the Cardinal died four hours after I filed a report about exploitation. Despite Switzerland's reputation for privacy, the Swiss jurists provided no help whatsoever to protect my family and I from these intrusions.

  Justin Welby had to resign as Archbishop of Canterbury due to his failure to take action against the paedophile jurist John Smyth QC. On 30 March 2025, we published the comparison of Church of England, Crimen Sollicitationis and the cover-up at FINMA and barely two days later, Rutishauser's resignation was announced.

  As it is Switzerland, nobody is holding their breath waiting for authorities to confirm the Deputy CEO of FINMA resigned because of the cover-up disclosed in the JuristGate reports. However, we can now try to answer the question we started with, what is the real value of the DEDP MicroMasters from MIT? Priceless.

  

   

  Read more of the JuristGate reports.

• Fedora Community Blog Community Update – Week 05 2026

  This is a report created by CLE Team, which is a team containing community members working in various Fedora groups for example Infrastructure, Release Engineering, Quality etc. This team is also moving forward some initiatives inside Fedora project.

  Week: 26 – 30 January 2026

  Fedora Infrastructure

  This team is taking care of day to day business regarding Fedora Infrastructure.
  It’s responsible for services running in Fedora infrastructure.
  Ticket tracker

  • Migration of tickets from pagure.io to forge.fedoraproject.org 
  • Dealing with spam on various mailing lists
  • Dealing with hw failures on some machines
  • Fixed IPA backups
  • Fixed retirement script missing some packages
  • Another wave of AI scrapers
  • Quite a few new Zabbix checks for things (ipa backups, apache-status)

  CentOS Infra including CentOS CI

  This team is taking care of day to day business regarding CentOS Infrastructure and CentOS Stream Infrastructure.
  It’s responsible for services running in CentOS Infratrusture and CentOS Stream.
  CentOS ticket tracker
  CentOS Stream ticket tracker

  • Setup BuildRoot for CS10 risc-v
  • New group: sig-automotive-copr
  • Onboard risc-v architecture into infra for bootstrap
  • [Messaging SIG] Messaging tags for CentOS Stream 10 in CBS
  • Access to jenkins-nfs-ganesha – member add request to ocp-cico-nfs-ganesha.
  • Access to jenkins-nfs-ganesha – member add request to ocp-cico-nfs-ganesha
  • Setup for the new Accelerated Infrastructure Enablement SIG
  • [dc move] – reprovision local internal mirror
  • Racking RISC-V machines in rdu3
  • Enable native RISC-V builds in CBS Koji

  Release Engineering

  This team is taking care of day to day business regarding Fedora releases.
  It’s responsible for releases, retirement process of packages and package builds.
  Ticket tracker

  • Fedora Mass Rebuild resulted in merging approx 22K rpms into the F44 Tag

  RISC-V

  This is the summary of the work done regarding the RISC-V architecture in Fedora.

  • Relative good news: Mark Weilaard managed to get a fix for the ‘debugedit’ bug that was blocking Fedora.  We now have a build that has unblocked a few packages. The fix has some rough edges. We’re working on it, but a big blocker is out of the way now.
  • We now have Fedora Copr RISC-V chroots — these are QEMU-emulated running on x86. Still, this should give a bit more breathing room for building kernel RPMs.  (Credit: Miroslav Suchý saw my status report a couple of months ago about builder shortage. He followed up with us to make this happen with his team.)
  • Fabian Arrotin racked a few RISC-V machines for CBS.  We (Andrea Bolognani and Fu Wei) are working on buildroot population

  AI

  This is the summary of the work done regarding AI in Fedora.

  • awilliam used Cursor to summarize several months of upstream changelogs while updating openQA packages (still one of the best use cases so far)

  QE

  This team is taking care of quality of Fedora. Maintaining CI, organizing test days
  and keeping an eye on overall quality of Fedora releases.

  • Forgejo migration continuation and cleanup – we’re now nearly 100% done
  • All generally unhappy about the CSB policy and communication
  • Prepared some upcoming Test Days: KDE Plasma 6.6, Grub OOM 2: Electric Boogaloo
  • Dealt with a couple of issues caused by the mass rebuild merge, but it was much smoother this time 
  • Psklenar signed up for the Code Coverage working group thing
  • Set up sprint planning in Forgejo
  • Added a Server build/install test to openQA to avoid reoccurrences of Server profile-specific issues like https://bugzilla.redhat.com/show_bug.cgi?id=2429501
  • Did some testing on new laptop HW provided by Lenovo

  Forgejo

  This team is working on introduction of https://forge.fedoraproject.org to Fedora
  and migration of repositories from pagure.io.

  • More repo migrations,  creating new Orgs and Teams, creating Org requested runners,  solving reported issues
  • Staging instance of distgit deployed
  • Performance testing of the forge instances, storage increase, maintenance

  UX

  This team is working on improving User experience. Providing artwork, user experience,
  usability, and general design services to the Fedora project

  • Looking for people to vote for F45 Wallpaper Inspiration!
  • Final wallpaper for F44 complete.
  • Wrapping up last design bits for FOSDEM.
  • Fedora Design Team docs revamp starting this sprint.

  If you have any questions or feedback, please respond to this report or contact us on #admin:fedoraproject.org channel on matrix.

  The post Community Update – Week 05 2026 appeared first on Fedora Community Blog.

• Guillaume Kulakowski Pourquoi je suis resté sur n8n ?

  Ça fait maintenant un bon moment que je me pose la question : est-ce que je dois quitter n8n pour une autre solution d’automatisation ? n8n est un excellent outil, je l’utilise depuis longtemps, mais au fil des versions une tendance devient claire : de plus en plus de fonctionnalités sont réservées aux offres Enterprise […]

  Cet article Pourquoi je suis resté sur n8n ? est apparu en premier sur Guillaume Kulakowski's blog.

• Remi Collet 🎲 PHP version 8.4.18RC1 and 8.5.3RC1

  Release Candidate versions are available in the testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for parallel installation, the perfect solution for such tests, and as base packages.

  RPMs of PHP version 8.5.3RC1 are available

  • as base packages in the remi-modular-test for Fedora 41-43 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  RPMs of PHP version 8.4.18RC1 are available

  • as base packages in the remi-modular-test for Fedora 41-43 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  ℹ️ The packages are available for x86_64 and aarch64.

  ℹ️ PHP version 8.3 is now in security mode only, so no more RC will be released.

  ℹ️ Installation: follow the wizard instructions.

  ℹ️ Announcements:

  • PHP 8.5.3RC1 available for testing
  • PHP 8.4.18RC1 available for testing

  Parallel installation of version 8.5 as Software Collection:

  yum --enablerepo=remi-test install php85

  Parallel installation of version 8.4 as Software Collection:

  yum --enablerepo=remi-test install php84

  Update of system version 8.5:

  dnf module switch-to php:remi-8.5
  dnf --enablerepo=remi-modular-test update php\*

  Update of system version 8.4:

  dnf module switch-to php:remi-8.4
  dnf --enablerepo=remi-modular-test update php\*

  ℹ️ Notice:

  • EL-10 packages are built using RHEL-10.1 and EPEL-10.1
  • EL-9 packages are built using RHEL-9.7 and EPEL-9
  • EL-8 packages are built using RHEL-8.10 and EPEL-8
  • oci8 extension uses the RPM of the Oracle Instant Client version 23.9 on x86_64 and aarch64
  • intl extension uses libicu 74.2
  • RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
  • versions 8.4.18 and 8.5.3 are planed for February 12th, in 2 weeks.

  Software Collections (php84, php85)

  

  

  Base packages (php)

  

  

January 29, 2026

• David Cantrell rpminspect-2.1 released

  rpminspect 2.1 is now available. The last release was on September 5, 2024. That was 511 days ago, so a bit longer than I really wanted to make it. Similar to the previous release, this release of rpminspect marks the first post on my blog for 2026. My plan for 2026 is to make more frequent releases even if they just contain one or two fixes. Development and maintenance of rpminspect comes in waves, so I think that will work out better while getting fixes out to people.

  Since it has been 511 days since the last release, I will just paste the changes below. I am having a hard time remembering everything that went in to it, but that’s why we have logs!

  Work on 2.1 has begun. Please file issues and feature requests on the GitHub project page: https://github.com/rpminspect/rpminspect. The changes below are in the 2.1 release:

  General release and build process changes:

  • Remove duplicate AND from License tag
  • Drop utils/find-ninja.sh and update GNUmakefile and README.md
  • Remove explicit requires on libtoml
  • Fix FTBFS errors in the spec file for home.
  • Update the Copr srpm target to sub %autorelease correctly
  • Change the Release value used for Copr builds to 1.1….
  • Add ‘Recommends: system-rpm-config’ to the spec file template

  Config file or data/ file changes:

  • Drop ‘id’ from the example license JSON database

  Changes to the GitHub Actions CI scripts and files:

  • On Fedora rawhide, remove duplicate __debug_package in macros
  • Fix broken Debian Testing and Alpine Linux CI jobs
  • On Fedora stable, remove duplicate __debug_package in macros
  • Remove obsolete Fedora CI job files
  • Uninstall openssl-fips-provider-so in the RHEL UBI9 test environment
  • On Fedora systems, make sure /var/lib/clamav is 0755
  • Add clamav-freshclam to reqs.txt for Fedora
  • Do not run freshcleam on Fedora CI jobs
  • Workaround Gentoo bug with circular dependencies
  • Install ‘gawk’ on fedora and fedora-rawhide CI jobs
  • Default Fedora environment lacks awk now, so install it.
  • Fixes for some failing CI jobs
  • Fix how ‘rc’ compiles on Arch Linux
  • On OpenSUSE Leap builds, explicitly install which before git
  • Drop the modification of /usr/bin/xmlrpc-c-config on Debian testing
  • Fix ‘rc’ build and install Mageia Linux job
  • Recognize newer operating systems in determine-os.sh
  • Set /var/lib/clamav ownership on CentOS 10 CI job
  • Remove Oracle Linux jobs
  • Fix Debian GHA failures
  • Fix the Debian GitHub Action jobs
  • Minor fixes for the OpenSUSE and Ubuntu CI jobs on GitHub
  • Ignore changes in the .github/ and osdeps/ subdirectories
  • Do ‘emerge -uDN world’ in the Gentoo CI job before running
  • Try to reduce the amount of stuff built on Gentoo
  • Increase the timeout for Ubuntu GHA jobs
  • Add additional packages to Debian jobs and install annocheck
  • Upgrade Fedora rawhide test environments
  • Install libatomic.i686 on Fedora stable and rawhide jobs
  • Install lib64xxhash-devel on Mageia jobs
  • Build cc with CFLAGS=-std=gnu99 on Alpine Linux
  • Fix up the Gentoo CI jobs so they don’t fail

  rpminspect(1) changes or improvements related to it:

  • Disable the ‘filesmatch’ inspection for now

  Documentation changes:

  • Update examples in the rpminspect(1) man page

  General bug fix in the library or frontend program:

  • Strip UNPACK_BASE directory in unicode inspection
  • Subpackage changes can cause some peer rpmdeps to be empty
  • Support PatchN specifications with URLs to the upstream patch
  • Make sure unapproved licenses are reported as such.
  • Refactor how remedy strings are handled in librpminspect
  • Correctly handle SPDX special keywords: AND, OR, WITH
  • Match 32-bit x86 RPMs when performing inspections
  • Add extra guards for hardlink handling in extract_rpm()
  • Prevent duplicate SRPMs in file lists when comparing tasks
  • Check if archive exists before closing it
  • Properly handle hard links on RPM payload extraction
  • Continued fixes for the new libxml2 API
  • Correct rebase build comparison in some inspections
  • Download failure does not exit with a error code
  • Memory leak fixes in strtrim()
  • Allow %{load} macros to work when calling rpmSpecParse()
  • Define _specdir in read_spec() for spec files that self-reference
  • Memory leak fixes in read_spec()
  • Retain empty lines when using strsplit()
  • Ignore the tokens within a %verify() expression in %files
  • Do not write untokenized %doc and %license lines to filtered spec
  • Skip debuginfo and debugsource packages in filesmatch
  • s/file->rpm_header/peer->after_hdr/g in filesmatch
  • Ignore .build-id subdirectories in the filesmatch inspection
  • Handle %dir and %files modifiers in %doc & %license lines
  • Invoke annocheck correctly so we do not get incorrect reporting
  • Fix some curl_easy_setop() calls that give warnings on FreeBSD
  • Correctly construct entry paths in extract_rpm()
  • Correct some formerly gcc warnings that are now errors

  librpminspect feature or significant change:

  • Disable file and scan size limits in clamav
  • Honor locally defined ignore list for the ‘unicode’ inspection
  • Favor POSIX basename(3) throughout librpminspect
  • Support SPDX 3.0 expression specification
  • Drop FNM_PATHNAME for path matching from rule files
  • When extracting payloads, if archive_read_extract() fails, error out
  • Change ENODATA to EIO in libarchive read loop
  • Expand the remedy strings for the ‘patches’ inspection
  • Handle newer versions of libxml2 and deprecated struct members
  • Minor memory management cleanups in shellsyntax inspection
  • Make free_string_hash() part of the public API
  • Define PATH_SEP and rename joinpath() to joindelim()
  • Add read_spec() function and use librpm for macro expansion
  • Introduce the ‘filesmatch’ inspection
  • Add filtering ability to the read_spec() function
  • Minor cleanups for the filesmatch inspection
  • Refactor how %doc and %license lines are processed in filesmatch
  • Hook up the actual filesmatch inspection
  • Remove the abandoned ‘filesmatch’ inspection.
  • Ignore expected empty RPM payloads in ‘lostpayload’ (#1518)
  • In runcmd.c, return NOT FOUND for not found commands
  • Account for RPM payloads carrying paths not in the RPM metadata
  • Handle additional annocheck profile name matching

  Test suite commits:

  • Work around a limitation on Arch Linux in test_debuginfo
  • Add a testcase for unicode ignored files
  • Adjust test_kmod to account for EXTRA_CFLAGS removal in 6.15
  • Increase test case timeouts to 5000 from 1500
  • Add —skip-implicit-values to annocheck test jobs
  • In test_elf.py add -Wl,-z,notext for TEXTREL and PIC tests
  • When writing to test rpminspect.yaml file, do not wrap lines

  See https://github.com/rpminspect/rpminspect/releases/tag/v2.1 for more information.

  Where to get this new release?

  Fedora (42, 43, and rawhide), EPEL 8, EPEL 9, and EPEL 10 users can get new builds from the testing updates collection. If you install from the testing update, please consider a thumbs up in Bodhi. Without that it takes a minumum of two weeks for it to appear in the stable repo.

  Copr builds continue to be available in my Copr collection. The Copr repos are updated each time a pull request is merged and testing passes, so it contains the latest build of what will become the next stable release. Often times I ask reporters to try a Copr build to ensure a fix is correct. I do not expect all users to rely on the Copr builds, but do be aware of them if you report a bug or feature requests for rpminspect.

  Lastly, I will be moving the upstream location of this project likely to codeberg.org and off of github.com as GitHub continues to march towards AI in everything. I will update the project page on GitHub when that happens and the repo there will likely go read-only before I eventually archive it or delete it entirely.

• Remi Collet 📦 QElectroTech version 0.100

  RPM of QElectroTech version 0.100, an application to design electric diagrams, are available in remi for Fedora and Enterprise Linux  8 and 9.

  The project has just released a new major version of its electric diagrams editor.

  Official website: see  http://qelectrotech.org/, the version announcement, and the ChangeLog.

  ℹ️ Installation:

  dnf --enablerepo=remi install qelectrotech

  RPMs (version 0.100-1) are available for Fedora ≥ 41 and Enterprise Linux ≥ 8 (RHEL, CentOS, AlmaLinux, RockyLinux...)

  ⚠️ Because of missing dependencies in EPEL-10 (related to QT5), it is not available for Enterprise Linux 10. The next version should be available using QT6.

  Updates are also on the road to official repositories:

  • Fedora 43
  • Fedora 42
  • EPEL 9
  • EPEL 8

  

  ℹ️ Notice: a Copr / Qelectrotech repository also exists, which provides "development" versions (0.101-DEV for now).

• Cockpit Project Cockpit 355

  Cockpit is the modern Linux admin interface. We release regularly.

  Here are the release notes from Cockpit 355:

  Add systemd/polkit-based fallback for administrative privileges if sudo is not available

  There are systems like Ubuntu 25.10 which don’t have sudo, or only the incompatible sudo-rs. Cockpit previously failed to gain administrator rights then. Cockpit 355 now both detects and ignores an incompatible sudo, as well as introduces a fallback authentication method: It starts the root bridge through systemd’s StartTransientUnit() API. This is inspired by systemd’s run0, and uses the exact same underlying mechanism. This is guarded by polkit, so you need to authorize with your user password similar to sudo.

  ws: Remove obsolete pam_cockpit_cert module

  Cockpit version 209 (Dec 2019) introduced a pam_cockpit_cert PAM module in /etc/pam.d/cockpit. Cockpit 248 (Jul 2021) made this module unnecessary, and replaced the module with a stub that did not do anything, plus a warning during package upgrade.

  This version finally removes it. So if you have locally modified /etc/pam.d/cockpit and still have that module in your configuration, you need to manually remove it.

  Try it out

  Cockpit 355 is available now:

  • For your Linux system

  • Cockpit Client

  • Cockpit Source Tarball
  • Cockpit Fedora 43
  • Cockpit Fedora 42

January 28, 2026

• Kiwi TCMS Kiwi TCMS 15.3

  Dear testers, we're happy to announce Kiwi TCMS version 15.3!

  IMPORTANT:

  This is a minor version release which includes updates and improvements, database migrations and many new API methods.

  You can explore everything at https://public.tenant.kiwitcms.org!

  ---

  Public container image (x86_64):

  pub.kiwitcms.eu/kiwitcms/kiwi   latest  bad66695a117   732MB
  

  IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

  Changes since Kiwi TCMS 15.2

  Improvements

  • Update Django from 5.2.9 to 5.2.10
  • Update django-simple-captcha from 0.6.2 to 0.6.3
  • Update django-simple-history from 3.10.1 to 3.11.0
  • Update from 3.10 to 3.10.1
  • Update psycopg[binary] from 3.3.1 to 3.3.2
  • Update python-gitlab from 7.0.0 to 8.0.0
  • Update tzdata from 2025.2 to 2025.3
  • Update node_modules/pdfmake from 0.2.20 to 0.3.3
  • Models Classification, Product, Priority, Component and Version can now be translated in Admin pages (@nichicom-yasutake). Fixes Issue #4193
  • Display categories ordered by name. Fixes Issue #4166
  • Stricter checking for attributes in uploaded files
  • Strip newline characters from email subjects to avoid crashes

  Database

  • Add migration management.0012_alter_classification_options_alter_component_options_and_more
  • Add migration testcases.0023_alter_category_ordering

  API

  • Add Bug.create() API method
  • Add Bug.filter_canonical() API method
  • Add Bug.get_comments() API method
  • Add Bug.add_comment() API method
  • Add Bug.add_attachment() API method
  • Add Bug.list_attachments() API method
  • Add Bug.add_execution() API method
  • Add Group.filter() API method
  • Add Group.permissions() API method
  • Add Group.users() API method
  • Add TestExecution.add_attachment() API method
  • Add TestExecution.list_attachments() API method
  • Add TestExecution.create() API method
  • Add TestExecution.add_property() API method
  • Add TestRun.list_attachments() API method
  • Add TestRun.add_property() API method
  • Add TestRun.get_cc() API method
  • Allow TestCase.create() API method to override TestCase.create_date
  • Allow TestPlan.create() API method to override TestPlan.create_date
  • Allow super-user to override comment author/submission date for TestCase.add_comment() API method
  • Allow super-user to override comment author/submission date for TestExecution.add_comment() API method
  • For BugTracker.filter() API method order results by id field
  • For Category.filter() API method order results by id field
  • For Classification.filter() API method order results by id field
  • For Component.filter() API method order results by id field
  • For Group.filter() API method order results by id field
  • For PlanType.filter() API method order results by id field
  • For Priority.filter() API method order results by id field
  • For Tag.filter() API method order results by id field
  • For Template.filter() API method order results by id field
  • For TestCase.filter() API method order results by id field
  • For TestCaseStatus.filter() API method order results by id field
  • For TestExecution.filter() API method order results by id field
  • For TestExecutionStatus.filter() API method order results by id field
  • For TestRun.filter() API method order results by id field
  • For User.filter() API method order results by id field
  • TestCase.comments() API method changes the following fields in its response:
    • site -> site_id
    • user -> user_id

  Refactoring and testing

  • Update actions/upload-artifact from 5 to 6
  • Update black from 25.11.0 to 25.12.0
  • Update locust from 2.42.6 to 2.43.1
  • Update node_modules/brace-expansion from 1.1.11 to 1.1.12
  • Update node_modules/webpack from 5.103.0 to 5.104.1
  • Update URL to website article
  • Remove redundant code snippet in TestRun.create() API method
  • Add more assertions for TestRun.create() API test scenario

  Changes since Kiwi TCMS Enterprise v15.2-mt

  • Based on Kiwi TCMS v15.3
  • Update certbot from 5.2.1 to 5.2.2
  • Update django-ses from 4.4.0 to 4.6.0
  • Update dj-database-url from 3.0.1 to 3.1.0
  • Update kiwitcms-tenants from 4.3.0 to 4.4.1
  • Update sentry-sdk[django] from 2.47.0 to 2.50.0
  • Update social-auth-app-django from 5.6.0 to 5.7.0
  • Update workaround for .map files b/c of newer pdfmake

  Private container images

  hub.kiwitcms.eu/kiwitcms/version          15.3 (aarch64)          3d15693bb229    28 Jan 2026     749MB
  hub.kiwitcms.eu/kiwitcms/version          15.3 (x86_64)           0718496358e5    28 Jan 2026     732MB
  hub.kiwitcms.eu/kiwitcms/enterprise       15.3-mt (aarch64)       235d645ffdfa    28 Jan 2026     1.02GB
  hub.kiwitcms.eu/kiwitcms/enterprise       15.3-mt (x86_64)        b580a3c04ef3    28 Jan 2026     997MB
  

  IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

  How to upgrade

  Follow the Upgrading instructions from our documentation.

  Happy testing!

  ---

  If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!

  • Give â­� on GitHub;
  • Join our newsletter and follow all news;
  • Become a subscriber and help us sustain development

• Copr Fedora RISC-V 64-bit now available in Copr

  We are happy to announce that Fedora RISC-V 64-bit (riscv64) build targets are now available in Copr! The following chroots have been added to mock-core-configs and enabled in Copr:

  • fedora-42-riscv64
  • fedora-43-riscv64

  Important notes

  We currently do not have native RISC-V hardware in our infrastructure. All riscv64 builds are performed using QEMU emulation on x86_64 machines. Because of this:

  • Expect longer build times compared to native architectures
  • Only userspace calls are possible. If your package needs to make a kernelspace call during the build time or the check phase, then your build will fail. Only a few packages are limited by this.

  If you encounter any issues, please let us know!

January 27, 2026

• Fedora Community Blog Packit as Fedora dist-git CI: final phase

  Hello Fedora Community,

  We are back with the final update on the Packit as Fedora dist-git CI change proposal. Our journey to transition Fedora dist-git CI to a Packit-based solution is entering its concluding stage. This final phase marks the transition of Packit-driven CI from an opt-in feature to the default mechanism for all Fedora packages, officially replacing the legacy Fedora CI and Fedora Zuul Tenant on dist-git pull requests.

  What we have completed

  Over the past several months, we have successfully completed the first three phases of this rollout:

  • Phase 1: Introduced Koji scratch builds.
  • Phase 2: Implemented standard installability checks.
  • Phase 3: Enabled support for user-defined TMT tests via Testing Farm.

  Through the opt-in period, we received invaluable feedback from early adopters, allowing us to refine the reporting interface and ensure that re-triggering jobs via PR comments works seamlessly.

  Users utilising Zuul CI have been already migrated to using Packit. You can find the details regarding this transition in this discussion thread.

  The Final Phase: Transition to Default

  We are now moving into the last phase, where we are preparing to switch to the default. After that, you will no longer need to manually add your project to the allowlist. Packit will automatically handle CI for every Fedora package. The tests themselves aren’t changing – Testing Farm still does the heavy lifting.

  Timeline & Expectations

  Our goal, as previously mentioned, is to complete the switch and enable Packit as the default CI by the end of February 2026. The transition is currently scheduled for February 16, 2026. 

  To ensure a smooth transition, we are currently working on the final configuration of the system. This includes:

  • Opt-out mechanism: While Packit will be the default, an opt-out mechanism will be available for packages with specialised requirements. This will be documented at packit.dev/fedora-ci.
  • Documentation updates: Following the switch, we will also adjust official documentation in other relevant places, such as docs.fedoraproject.org/en-US/ci/, to reflect the new standard.

  We will keep you updated via our usual channels in case the target date shifts. You can also check our tasklist in this issue.

  How to prepare and provide feedback

  You can still opt-in today to test the workflow on your packages and help us catch any edge cases before the final switch.

  While we are currently not aware of any user-facing blockers, we encourage you to let us know if you feel there is something we have missed. Our current priority is to provide a matching feature set to the existing solutions. Further enhancements and new features will be discussed and planned once the switch is successfully completed.

  • Bugs/Feature Requests: Please use our issue tracker.
  • Discussion: Join the conversation on discussion.fedoraproject.org.
  • Chat: Reach out to us in the #packit:fedora.im channel on Matrix.

  We want to thank everyone who has tested the service so far. Your support is what makes this transition possible!

  Best,

  the Packit team

  The post Packit as Fedora dist-git CI: final phase appeared first on Fedora Community Blog.

• Radka Janek Installing Windows games on Linux - Arknights: Endfield

  You can easily run any Windows game on Linux nowadays without too much work. Let’s look at an example - Arknights: Endfield - using only Steam + Proton.

  Proton

  I usually run things through GE-Proton, however this is the rare case when that has disappointed me. While the game installed fine for me and the launcher was semi functionaly, it wouldn’t actually start the game.

  So this time around, it’s gonna be dwproton - installing it is pretty simple, grab ProtonPlus from flathub using your software center of convenience. Then simply run it and find dwproton in the list, hit install and you’re done.

  Make sure to restart Steam if you had it running.

  Steam

  1. If you’re on SteamDeck (or other Steam gamemode session) make sure to switch to Desktop first.
  2. Download the windows installer: https://endfield.gryphline.com/en-us - bottom right corner of the page and I recommend you to immediately mute the tab in your browser ;)
  3. Add it to Steam as a non-steam game (Menu -> Games -> Add a non-steam game to my Library)
  4. Right click the added installer and go to its Properties -> Compatibility -> Force the use of dwproton.
  5. Play -> it should now run the installer, follow the steps to install it, all the defaults are fine. If the launcher automatically starts it at the end, close it.

  We’ve now installed the launcher but we can’t exactly execute it directly just yet. Let’s sort that out:

  1. Right click the installer in steam again, this time we’re gonna change the Target field to "/home/deck/.steam/steam/steamapps/compatdata/<ID>/pfx/drive_c/Program Files/GRYPHLINK/Launcher.exe"
     • You may have noticed the <ID> there - this is a generated ID for your non steam game and it’s probably different from mine. To find out what it is, simply navigate to that location and take a look at which folder was modified last. That’s the correct one.
     • If you’re not on Steam Deck the /home/deck is gonna be different - that’s your home folder and it will be your username.
     • And don’t forget the quotes!
  2. You’re actually done now. It will work with gamescope, mangohud, or any other shenanigans that you’re used to. Probably. Use the Launch options same as with any other Steam game.
  3. Use the SteamGridDB Decky Plugin to change the artwork on Steam, or SDGBoop (flatpak) in combination with steamgriddb.com
  4. Cleanup - you can now delete the installer.

  Enjoy!

  Find me in the Fedora Linux Discord if you have any issues or questions.

  

  Endfield on Fedora Linux

January 26, 2026

• Lennart Poettering Introducing Amutable

  Today, we announce Amutable, our ✨ new ✨ company. We – @blixtra@hachyderm.io, @brauner@mastodon.social, @davidstrauss@mastodon.social, @rodrigo_rata@mastodon.social, @michaelvogt@mastodon.social, @pothos@fosstodon.org, @zbyszek@fosstodon.org, @daandemeyer@mastodon.social @cyphar@mastodon.social, @jrocha@floss.social and yours truly – are building the 🚀 next generation of Linux systems, with integrity, determinism, and verification – every step of the way.

  For more information see → https://amutable.com/blog/introducing-amutable

• Kushal Das replyfast a python module for signal

  replyfast is a Python module to receive and send messages on Signal.

  You can install it via

  python3 -m pip install replyfast

  or

  uv pip install replyfast

  I have to add Windows builds to CI though.

  I have a script to help you to register as a device, and then you can send and receive messages.

  I have a demo bot which shows both sending and rreceiving messages, and also how to schedule work following the crontab syntaxt.

      scheduler.register(
          "*/5 * * * *",
          send_disk_usage,
          args=(client,),
          name="disk-usage",
      )
  

  This is all possible due to the presage library written in Rust.

January 24, 2026

• Kevin Fenzi misc fedora bits for third week of jan 2026

  

  Another week another recap here in longer form. I started to get all caught up from the holidays this week, but then got derailed later in the week sadly.

  Infra tickets migrated to new forejo forge

  On tuesday I migrated our https://pagure.io/fedora-infrastructure (pagure) repo over to https://forge.fedoraproject.org/infra/tickets/ (forgejo).

  Things went mostly smoothly, the migration tool is pretty slick and I borrowed a bunch from the checklist that the quality folks put together ( https://forge.fedoraproject.org/quality/tickets/issues/836 ) Thanks Adam and Kamil!

  There are still a few outstanding things I need to do:

  • We need to update our docs everywhere it mentions the old url, I am working on a pull request for that.

  • I cannot seem to get the fedora-messaging hook working right It might well be something I did wrong, but it is just not working

  • Of course no private issues migrated, hopefully someday (soon!) we will be able to just migrate them over once there's support in forgejo.

  • We could likely tweak the templates a bit more.

  Once I sort out the fedora-messaging hook I should be able to look at moving our ansible repo over, which will be nice. forgejo's pull request reviews are much nicer, and we may be able to leverage lots of other fun features there.

  Mass rebuild finished

  Even thought it started late (was supposed to start last wed, but didn't end up starting really until friday morning) it finished over the weekend pretty easily. There was some cleanup and such and then it was tagged in.

  I updated my laptop and everything just kept working. I would like to shout out that openqa caught a mozjs bug landing (again) that would have broken gdm, so that got untagged and sorted and I never hit it here.

  Scrapers redux

  Wed night I noticed that one of our two network links in the datacenter was topping out (10GB). I looked a bit, but marked it down to the mass rebuild landing and causing everyone to sync all of rawhide.

  Thursday morning there were more reports of issues with the master mirrors being very slow. Network was still saturated on that link (the other 10G link was only doing about 2-3GB/sec).

  On investigation, it turned out that scrapers were now scraping our master mirrors. This was bad because all the BW used downloading every package ever over http and was saturating the link. These seemed to mostly be what I am calling "type 1" scrapers.

  "type 1" are scrapers coming from clouds or known network blocks. These are mostly known in anubis'es list and it can just DENY them without too much trouble. These could also manually be blocked, but you would have to maintain the list(s).

  "type 2" are the worse kind. Those are the browser botnets, where the connections are coming from a vast diverse set of consumer ip's and also since they are just using someone elses computer/browser they don't care too much if they have to do a proof of work challenge. These are much harder to deal with, but if they are hitting specific areas, upping the amount of challenge anubis gives those areas helps if only to slow them down.

  First order of business was to setup anubis in front of them. There's no epel9 package for anubis, so I went with the method we used for pagure (el8) and just set it up using a container. There was a bit of tweaking around to get everything set, but I got it in place by mid morning and it definitely cut the load a great deal there.

  Also, at the same time it seems we had some config on download servers for prefork apache. Which, we have not used in a while. So, I cleaned all that up and updated things so their apache setup could handle lots more connections.

  The BW used was still high though, and a bit later I figured out why. The websites had been updated to point downloads of CHECKSUM files to the master mirrors. This was to make sure they were all coming from a known location, etc. However, accidentially _all_ artifact download links were pointing to the master mirrors. Luckly we could handle the load and also luckily there wasn't a release so it was less people downloading. Switching that back to point to mirrors got things happier.

  So, hopefully scrapers handled again... for now.

  Infra Sprint planning meeting

  So, as many folks may know, our Red Hat teams are all trying to use agile and scrum these days. We have various things in case anyone is interested:

  • We have daily standup notes from each team member in matrix. They submit with a bot and it posts to a team room. You can find them all in #cle-standups:fedora.im space on matrix. This daily is just a quick 'what did you do', 'what do you plan to do' any notes or blockers.

  • We have been doing retro/planning meetings, but those have been in video calls. However, there's no reason they need to be there, so I suggested and we are going to try and just meet on matrix for anyone interested. The first of these will be monday in the #meeting-3:fedoraproject.org room at 15UTC. We will talk about the last 2 weeks and plan for what planned things we want to try and get in the next 2.

  The forge projects boards are much nicer than the pagure boards were, and we can use them more effectively. Here's how it will work:

  Right now the current sprint is in: https://forge.fedoraproject.org/infra/tickets/projects/325 and the next one is in: https://forge.fedoraproject.org/infra/tickets/projects/326

  On monday we will review the first, move everything that wasn't completed over to the second, add/tweak the second one then close the first one, rename the 'next' to 'current' and add a new current one. This will allow us to track what was done in which sprint and be able to populate things for the next one.

  Additionally, we are going to label tickets that come in and are just 'day-to-day' requests that we need to do and add those to the current sprint to track. That should help us get an idea of things that we are doing that we cannot plan for.

  Mass update/reboot outage =========================o

  Next week we are also going to be doing a mass update/reboot cycle with outage on thrusday. This is pretty overdue as we haven't done such since before the holidays.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/115951447954013009

January 23, 2026

• Nazi.Compare Judgment: French army vanquishes German FSFE on Hitler's birthday, Microsoft contract dispute (1716711)

  (1716711, 1804171) Free Software Foundation Europe e.V. vs. Le ministère des armées, Tribunal Administratif de Melun.

  Hitler's birthday, 20 April, was a special occasion every year under the fascist dictatorship, on par with the King's Birthday in the Commonwealth. Incidentally, the British monarchy are really Germans.

  We previously considered the fact that Debianists elected a German leader on Hitler's birthday and then they did exactly the same thing again the following year.

  In 2017, the German FSFE misfits began a legal case against the French military. FSFE misfits disputed the French military's decision to sign a contract with Microsoft.

  The case was eventually resolved in 2021 with a judgment against the Germans / FSFE misfits. For those who failed to notice at the time, the tribunal handed down the judgment on Hitler's birthday:

  

   

  

   

  While the full name of the FSFE is Free Software Foundation Europe, internal statistics and mailing list traffic levels demonstrate that the majority of these people are Germans and they do not represent Europe at large, they only represent themselves.

  Throughout the legal procedure and trial, an employee of the French government, Dr Amandine Jambert from CNIL was part of the internal mailing lists used for discussions at the FSFE. Was this a conflict of interest when the FSFE was taking legal action against her own employer?

  In the email below, Jambert does not state her full name, she only uses the sockpuppet identity "Cryptie" and she does not have any email signature disclosing her position within an agency of the French state.

  The FSFE misfits claim to be a peak body for Free Software activism in Europe. They claim to comply with Transparency International guidelines. As the saying goes, do as we say, not as we do.

  In 2023, when Jambert resigned from the FSFE misfits, she finally admitted she has a conflict of interest, implicitly admitting that she lied about harassment to avoid facing a basic ethical question.

  Subject: 	Re: Fwd: [April - Atelier] Open Bar : Une action en justice dans les tuyaux et DSI des Armées pro-microsoft
  Date: 	Wed, 30 Aug 2017 13:15:58 +0200
  From: 	Cryptie <cryptie@fsfe.org>
  To: 	team@lists.fsfe.org, Hugo Roy <hugo@hugoroy.eu>, france@lists.fsfe.org
  
  
  
  Hi all,
  
  I think it would be a good idea to tell them what we did/ plan to do as, in France, they are those that could help us if we need.
  
  Best,
  Cryptie
  
  Le 30 août 2017 13:12:00 GMT+02:00, Hugo Roy <hugo@hugoroy.eu> a écrit :
  
  
  
      Hi all,
  
      Important info: the company (Nexedi) will be represented by a lawyer
      that I know well, because he sucks.
  
      I think this makes it paramount that FSFE also sues, to ensure that
      things are done right and limit any damage that this guy may do.
  
      Matze: maybe you remember, I talked about this guy and how he miserably
      failed a lawsuit (on a similar topic against Microsoft) last year.
  
  
      On 2017-08-30 12:43, Hugo Roy wrote:
  
          Hi there,
  
          You will find attached an April internal mailing list relating
          to the
          Microsoft - French Ministry of Defense contract, about which
          FSFE sent
          a request for information (in the potentiality of a lawsuit).
  
          A company (Nexedi) is, apparently, going to sue over this too.
  
          Thinking about replying to April that FSFE is also thinking about a
          lawsuit and to keep April updated (and that we are happy to work
          with
          them, as usual). Thoughts?
  
          Best,
          Hugo
  
      ------------------------------------------------------------------------
  
      Team mailing list
      Team@lists.fsfe.org
      https://lists.fsfe.org/mailman/listinfo/team
  
  
  -- 
  Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
  

  Remember, in May 2018, the FSFE staff had an Extraordinary General Meeting without the developers present and they voted to remove the elections from the constitution of the association. They have not had a full election since 2017.

  In July 2018, a few weeks after removing elections from the constitution, the German FSFE misfits went to RMLL in Strasbourg and they recorded a video of Jambert talking about democracy in French.

  

   

  

   

  Read more about Nazi comparisons.

• Swiss JuristGate Judge Richard Oulevey (Grandcour Choeur, Tribunal Vaud) & Debian shaming abuse victims and witnesses

  In 2021, a court in Poland convicted a paedophile and sent him to prison. The paedophile was described as a regional activist for the Civic Platform (PO) political party. When convicting the paedophile, the court made orders that his identity and conviction could not be published as it would compromise the privacy of the victims. The victims were the children of a politician from the same party as the offender.

  Radio Szczecin is a public broadcaster under control of the right-wing party ruling in Poland. In December 2022, Radio Szczecin made a broadcast alleging that a cover-up had taken place. In the broadcast, they informed the audience that the victims were "the children of a well-known lawmaker", the very fact the judge had sought to protect.

  After that, it wasn't long before people were able to identify the victims.

  A few weeks later, one of the victims committed suicide.

  In 2017, when I discovered evidence that diversity funding from open source software organizations had enabled wrongdoing in Albania, I told some of the women that I was watching these matters carefully. To show some empathy, I mentioned to the women the fact one of my cousins had received the choir scholarship at St Kevin's College, Toorak at the same time the late Cardinal Pell was the Archbishop of Melbourne. The choir scholarships are worth approximately three hundred thousand Australian dollars. Like the Outreachy internships, the scholarship has significant financial value and being a part of the St Kevin's community opens doors for people.

  This is the point where the legal and ethical competance diverged significantly.

  Cardinal Pell was convicted on 11 December 2018 and a few days later, on Christmas Eve, rogue Debianists used the debian-private whisper network to spread rumours about abuse. In fact, I've never even specified whether one of my cousins is the same person who made the complaint. There were hundreds of boys in the choir over the years.

  By creating hysteria, they were following in the footsteps of Radio Szczecin. In the case of Debianism, it is even worse. One of the people spreading rumours about abuse, Joerg Jaspert, was elected as a parent representative for Dalbergschule school council in Fulda, Germany. If he is unable to handle private information about children then he is totally unsuitable for that position in a school.

  The hysteria has identified a number of possible abuse victims in open source software communities and as long as they persist, they are forcing people to point to possible evidence that may identify people. They already forced public attention on the sixteen-year-old victims from Albania. Instead of learning from that mistake, they demanded more public shaming. Here is one of their legal documents where they demand a public humiliation of my family:

  

   

  Yet look at the irony. The judge assigned to manage the case, Richard Oulevey, is also the president of a choir. The Grandcour Men's Choir, based in the Canton of Vaud, celebrated their 125th anniversary recently.

  

   

  

   

  After the Pell prosecution, media reports went to great lengths to conceal the identities of choir members. Photos were published with all the faces obfuscated:

  

   

  In Poland, the judge realized that the prosecution could lead to the identification of abuse victims and he ordered total secrecy about the identity of the offender. Exactly the same rules are used to impose secrecy in cases of incest and cases involving small villages, whether they occur in Poland, in Australia or in Switzerland. A recent example was the prosecution of a bakery owner in South Australia. During the 1980s, the baker/father recruited underage girls to live and work in a cult-like arrangement leading to pregnancies. Three babies were born within a period of seven months.

  The case created enormous media interest but none of the news reports are able to publish the name of the village, the name of the business or the names of the people convicted. In other words, they are hiding the name of the paedophile to protect the identities of his thirteen children.

  We have seen echoes of this behaviour in the open source software communities. The cases in Albania were not the only ones.

  Look at how Debianists and the Outreachy program offer financial incentives to young transgender people, even in a voluntary environment where nobody else is allowed to receive payment.

  Its time to hold a mirror up to the rogue Debianists themselves. Look at the case of Pauline Pommeret, who came from an elite high school to be groomed/indoctrinated in the Debian love nest at ENS Cachan / CRANS.

  Pommeret eventually came and asked for Outreachy money, which is approximately double the amount of money offered to an ordinary male intern of the same age and experience level.

  If judges in other jurisdictions have gone to great lengths to protect the privacy of people in proximity to abuse cases, why do the jurists and judges in Switzerland & Debian want to publicly identify and humiliate people?

  Another one of the protagonists in the case is Axel Beckert from the university ETH Zurich university. How can these people be competant to handle private complaints from students when their first reaction is to take out their mobile phone and make a public statement about everything?

  Debianists spent over $120,000 on legal fees to censor blogs like this but getting a gay judge with a transgender sister would be priceless. Or just more conflicts of interest.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

  Please see the rest of the JuristGate reports.

• Swiss JuristGate Did judge with transgender sister & Debian conflict of interest help cover-up a death?

  Most of the correspondance concerning the Debianism vendetta in the canton of Vaud was signed by Judge Richard Oulevey of the PLR Liberal Radical Party.

  Did he have a conflict of interest?

  One of the key issues in the Debianism dispute was the attempt to trick me to mentor Nicolas Dandrimont's partner. It appears that the partner of Dandrimont may be a transgender and the sister of Judge Oulevey is also a transgender, Zoé Frédérique Oulevey. By coincidence, Zoé is head of R&I Intellectual Property at Richemont.

  The presence of multiple transgenders is significant. These people don't simply dress up as women. They want to know what it feels like to live like a woman and for some of them, they crave manipulating the protective instincts in other men. Just as they go to great effort with cosmetic surgery, they also spend a lot of effort practicing the victim routine. There are whole associations and web sites dedicated to the victimhood. They focus on how to be believed rather than how to be honest. It is hard and sometimes impossible to tell when these people are reporting a real case of harassment and when they are just role-playing victimhood.

  One of the cyberbullies who started the legal harassment, which is called "abuse of process" if you'll excuse the pun, is Axel Beckert, who is the gay partner of a former colleague. It appears that Judge Richard Oulevey does not have a spouse. For those who know the extent to which LGBT vendettas have hurt healthy people around Debian, it is a disturbing thought but also quite rude to speculate without any other evidence that Debian somehow spent all that money to get a gay judge. The judge has not revealed anything about his love life or the extent to which all these people are mingling bodily fluids on the Swiss LGBT scene.

  

   

  In Australia, Melbourne newspaper The Age published a detailed report about groups like this who work together to humiliate their victims.

  How a Melbourne seminary became the breeding ground for paedophile rings

  Corpus Christi was where sexually repressed men could “act out” with each other, living double lives, then transfer their attentions to the most innocent in their flocks.

  ...

  Fells alleges that he was the victim of a group of priests who formed part of a network of paedophiles coalescing around Corpus Christi in the mid-1970s. His first abuser was St Peter’s Clayton parish priest Ronald Pickering, who Fells claims molested him after a Sunday mass in the parish presbytery. A known paedophile, Pickering fled to England in 1993 after the Melbourne Archdiocese informed him about a victim’s complaint.

  ...

  “Pickering got me first, then Vears, and then Ryan,” alleges Fells, who tried to take his own life after the seminary incident and still suffers from post-traumatic stress.

  “They got me all right.”

  Amnesty International published a report about the Swiss police using violence to "arrest" and sexually abuse Trevor Kitchen for his reports about financial corruption.

  Trevor Kitchen, a 41-year-old British citizen resident in Switzerland, was arrested by police in Chiasso (canton of Ticino) on the morning of 25 December 1992 in connection with offences of defamation and insults against private individuals. In a letter addressed to the Head of the Federal Department of Justice and Police in Berne and to the Tribunal in Bellinzona (Ticino) on 3 June 1993 he alleged that two police officers arrested him in a bar in Chiasso and, after handcuffing him, accompanied him to their car in the street outside. They then bent him over the car and hit him around the head approximately seven times and carried out a body search during which his testicles were squeezed. He claimed he was then punched hard between the shoulder blades several times. He said he offered no resistance during the arrest.

  He was then taken to a police station in Chiasso where he was questioned in Italian (a language he does not understand) and stated that during the questioning "The same policeman that arrested me came into the office to shout at me and hit me once again around the head. Another policeman forced me to remove all of my clothes. I was afraid that they would use physical force again; they continued to shout at me. The one policeman was pulling at my clothes and took my trouser belt off and removed my shoe laces. Now I stood in the middle of an office completely naked (for 10 minutes) with the door wide open and three policemen staring at me, one of the policemen put on a pair of rubber surgical gloves and instructed me to crouch into a position so that he could insert his fingers into my anus, I refused and they all became angry and started shouting and demonstrating to me the position which they wanted me to take, laughing, all were laughing, these police were having a good time. They pointed at my penis, making jokes, hurling abuse and insults at me, whilst I stood completely still and naked. Finally, when they finished laughing, one of the policemen threw my clothes onto the floor in front of me. I got dressed."

  He was transferred to prison some hours later and in his letter claimed that during the night he started to experience severe pains in his chest, back and arms. He asked a prison guard if he could see a doctor but the request was refused and he claimed the guard kicked him. He was released on 30 December 1993. Medical reports indicated that since his release he had been experiencing recurrent pain in the area of his chest and right shoulder and had been receiving physiotherapy for an injury to the upper thoracic spine and his right shoulder girdle.

  Debianist financial disclosures show they spent over $120,000 on legal fees. One overworked and unpaid volunteer, Abraham Raji, died at DebConf23 when they asked him to contribute his own money to the day trip.

  

   

  Yet their Judge Oulevey, who got some money, admits trying to create an invalid judgment and then having to annul it:

  

   

  Dare we say a group of gays, trannies and greens fathered a non-binary judgment? Or they simply fucked up?

  

   

  Fundamentally, while the LGBT community celebrates Pride, the Debianists celebrate shaming people. Look at their demand to publicly denounce my family after my father died:

  

   

  Adolf Hitler did exactly the same thing. He insisted that every Jew had to wear a star on their chest, like a miniature judgment:

  

   

  One of the groundbreaking reports on this web site was the comparison of Debian and Swiss cover-ups to the barrister John Smyth QC in the Church of England. From a BBC report:

  Smyth was confronted about his conduct after the report compiled by Rev Mark Ruston and Rev David Fletcher.

  It found Smyth identified pupils from leading public schools including Winchester College and took them to his home near Winchester in Hampshire, where he carried out lashings with a garden cane in his shed.

  Now look at the invalid document these German and Swiss nazis created together. 10 November is the anniversary of the Kristallnacht:

  

   

  The report about John Smyth QC goes on:

  Smyth is said to have subjected his victims to traumatic physical, sexual, psychological and spiritual attacks, permanently marking their lives.

  If you look at the way the Debianists attacked my family, they inflicted this on us and sustained these attacks ever since the death of my father. That is a level of intrusion that puts some of the rogue Debianists right up there with the paedophiles.

  By chance, Judge Oulevey's father also died, giving us a list of family members. We can see that Judge Oulevey does not have a wife. As well as having the transgender sister Zoé Frédérique Oulevey, he has a brother, Xavier Oulevey who is also a jurist in the canton of Vaud. Clearly, conflicts of interest will arise every time his brother brings a case to the tribunal.

  

   

  On 1 November 2023, I was granted citizenship of Switzerland in the Canton of Vaud. When I look at these dirty men attacking my family after my father died, I see the behaviour of animals, not humans. It makes me question what it means to be a citizen of Switzerland, because I can't lower myself to be an animal like these men.

  

   

  Why do these dirty men go to all this trouble to humiliate my family and I? Adrian von Bidder-Senn died on our wedding day. They don't want my presence to remind them that they may have some responsibility for those deaths. They couldn't care less about pushing more people to suicide if that is the price of covering up the last suicides.

  The Bishop Accountability web site has a page about the experiences of Catholic whistleblowers and it is remarkably similar to what we see in free software "family" cults today:

  Many of the individuals profiled below have experienced retaliation and grief in some form – defamation, job loss, career derailment, ostracization, pressure by superiors to admit to mental illness, and in at least one case, suicide.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

  Please see the rest of the JuristGate reports.

• Caolán McNamara Firefox & Linux in 2025

  

  
  Last year brought a wealth of new features and fixes to Firefox on Linux. Besides numerous improvements and bug fixes, I want to highlight some major achievements: HDR video playback support, reworked rendering for fractionally scaled displays, and asynchronous rendering implementation. All this progress was enabled by advances in the Wayland compositor ecosystem, with new features implemented by Mutter and KWin.

  HDR

  The most significant news on the Wayland scene is HDR support, tracked by Bug 1642854. It’s disabled by default but can be enabled in recent Wayland compositors using the gfx.wayland.hdr preference at about:config (or by gfx.wayland.hdr.force-enabled if you don’t have an HDR display).

  HDR mode uses a completely different rendering path, similar to the rendering used on Windows and macOS. It’s called native rendering or composited rendering, and it places specific application layers directly into the Wayland compositor as subsurfaces.

  The first implementation was done by Robert Mader (presented at FOSDEM), and I unified the implementation for HDR and non-HDR rendering paths as new WaylandSurface object.

  The Firefox application window is actually composited from multiple subsurfaces layered together. This design allows HDR content like video frames to be sent directly to the screen while the rest of the application (controls and HTML page) remains in SDR mode. It also enables power-efficient rendering when video frames are decoded on the graphics card and sent directly to the screen (zero-copy playback). In fullscreen mode, this rendering is similar to mpv or mplayer playback and uses minimal power resources.

  I also received valuable feedback from AMD engineers who suggested various improvements to HDR playback. We removed unnecessary texture creation over decoded video frames (they’re now displayed directly as wl_buffers without any GL operations) and implemented wl_buffer recycling as mpv does.

  For HDR itself (since composited rendering is available for any video playback), Firefox on Wayland uses the color-management-v1 protocol to display HDR content on screen, along with BT.2020 video color space and PQ color transfer function. It uses 10-bit color vectors, so you need VP9 version 2 to decode it in hardware. Firefox also implements software decoding and direct upload to dmabuf frames as a fallback.

  The basic HDR rendering implementation is complete, and we’re now in the testing and bug-fixing phase. Layered rendering is quite tricky as it involves rapid wl_surface mapping/unmapping and quick wl_buffer switches, which are difficult to handle properly. HDR rendering of scaled surfaces is still missing—we need fractional-scale-v2 for this (see below), which allows positioning scaled subsurfaces directly in device pixels. We also need to test composited/layered rendering for regular web page rendering to ensure it doesn’t drain your battery. You’re very welcome to test it and report any bugs you find.

  Fractional scale

  

  The next major work was done for fractional scale rendering, which shipped in Firefox 147.0. We updated the rendering pipeline and widget sizing to support fractionally scaled displays (scales like 125%, etc.). This required reworking the widget size code to strictly upscale window/surface sizes and coordinates and never downscale them, as downscaling introduces rounding errors.

  Another step was identifying the correct rounding algorithm for Wayland subsurfaces and implementing it. Wayland doesn’t define rounding for it, only for toplevel windows, so we’re in a gray area here. I was directed to Stable rounding by Michel Daenzer. It’s used by Mutter and Sway so Firefox implements it for those two compositors while using a different implementation for KWin. This may be updated to use the fractional-scale-v2 protocol when it becomes available.

  Fractional scaling is enabled by default, and you should see crisp and clear output regardless of your desktop environment or screen scale.

  Asynchronous rendering

  Historically, Firefox disabled and re-enabled the rendering pipeline for scale changes, window create/destroy events, and hide/show sequences. This stems from Wayland’s architecture, where a Wayland surface is deleted when a window becomes invisible or is submitted to the compositor with mismatched size/scale (e.g., 111 pixels wide at 200% scale).

  Such rendering disruptions cause issues with multi-threaded rendering—they need to be synchronized among threads, and we must ensure surfaces with the wrong scale aren’t sent to the screen, as this leads to application crashes due to protocol errors.

  Firefox 149.0 (recent nightly) has a reworked Wayland painting pipeline (Bug 1739232) for both EGL and software rendering. Scale management was moved from wl_buffer fixed scale to wp_viewport, which doesn’t cause protocol errors when size/scale doesn’t match (producing only blurred output instead of crashes).

  We also use a clever technique: the rendering wl_surface / wl_buffer / EGLWindow is created right after window creation and before it’s shown, allowing us to paint to it offscreen. When a window becomes visible, we only attach the wl_surface as a subsurface (making it visible) and remove the attachment when it’s hidden. This allows us to keep painting and updating the backbuffer regardless of the actual window status, and the synchronized calls can be removed.

  This brings speed improvements when windows are opened and closed, and Linux rendering is now synchronized with the Windows and macOS implementations.

  … and more

  Other improvements include a screen lock update for audio playback, which allows the screen to dim but prevents sleep when audio is playing. We also added asynchronous Wayland object management to ensure we cleanly remove Wayland objects without pending callbacks, along with various stability fixes.

  And there are even more challenges waiting for us Firefox Linux hackers:

  • Wayland session restore (session-restore-v1) to restore Firefox windows to the correct workspace and position.
  • Implement drag and drop for the Firefox main window, and possibly add a custom Wayland drag and drop handler to avoid Gtk3 limitations and race conditions.
  • Utilize the fractional-scale-v2 protocol when it becomes available.
  • Investigate using xdg-positioner directly instead of Gtk3 widget positioning to better handle popups.
  • Vulkan video support via the ffmpeg decoder to enable hardware decoding on NVIDIA hardware.

  And of course, we should plan properly before we even start. Ready, Scrum, Go!

• Remi Collet 📝 Redis version 8.6 🎲

  RPMs of Redis version 8.6 are available in the remi-modular repository for Fedora ≥ 42 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  ⚠️ Warning: this is a pre-release version not ready for production usage.

  1. Installation

  Packages are available in the redis:remi-8.6 module stream.

  1.1. Using dnf4 on Enterprise Linux

  # dnf install https://rpms.remirepo.net/enterprise/remi-release-<ver>.rpm
  # dnf module switch-to redis:remi-8.6/common

  1.2. Using dnf5 on Fedora

  # dnf install https://rpms.remirepo.net/fedora/remi-release-<ver>.rpm
  # dnf module reset  redis
  # dnf module enable redis:remi-8.6
  # dnf install redis --allowerasing

  You may have to remove the valkey-compat-redis compatibilty package.

  2. Modules

  Some optional modules are also available:

  • RedisBloom as redis-bloom
  • RedisJSON as redis-json
  • RedisTimeSeries as redis-timeseries

  These packages are weak dependencies of Redis, so they are installed by default (if install_weak_deps is not disabled in the dnf configuration).

  The modules are automatically loaded after installation and service (re)start.

  The modules are not available for Enterprise Linux 8.

  3. Future

  Valkey also provides a similar set of modules, requiring some packaging changes already applied in Fedora official repository.

  Redis may be proposed for unretirement and be back in the Fedora official repository, by me if I find enough motivation and energy, or by someone else.

  I may also try to solve packaging issues for other modules (e.g. RediSearch). For now, module packages are very far from Packaging Guidelines, so obviously not ready for a review.

  4. Statistics

  redis
  

  redis-bloom
  

  redis-json
  

  redis-timeseries
  

• Adam Young Install a custom Kernel inside a VM

  When debugging Qemu, it might be helpoful to instrument Linux Kernel to see when interrupts get received, or see data on the other side of a transfer. If you have to modify the Kernel on a regular basis, it can be faster to build it in place than to build a customer RPM/DEB and install inside the VM. Here is how I have been going about updating the kernel.

  Table of contents

  • NFS on the Hypervisor
  • NFS Client in the VM
  • Build the Kernel on The Hypervisor
  • Install the Kernel in the VM

  In order for this to work, your VM and your Hypervisor should be running a compatable version of the Toolchain used to build the kernel. I would suggest using a common Fedora/Ubuntu version for both machines.

  NFS on the Hypervisor

  We are going to use the Network File System (NFS) to share files between the Hypervisor and the Virtual machine. There are many steps to setting up NFS, and I did not record all of the permutations I tried to get it to work. I do know I had to: install RPMS, figure out what directories to export, and make sure the NFS daemon was running.

  I can see that I have these two services running:

  nfs-mountd.service
  nfs-server.service

  I aslo see I have these RPM installed

  rpmquery -a | grep nfs
  libnfsidmap-2.8.3-2.rc3.fc42.aarch64
  sssd-nfs-idmap-2.11.1-1.fc42.aarch64
  libnfs-6.0.2-6.fc42.aarch64
  libnfs-devel-6.0.2-6.fc42.aarch64
  nfs-utils-2.8.3-2.rc3.fc42.aarch64
  qemu-block-nfs-9.2.4-2.fc42.aarch64
  
  

  My file /etc/nfs.conf is unchanged from the default install

  In my install, the exports are in /etc/exports.d/adam.exports and look like this:

  /home/ayoung *(rw,sync,insecure,all_squash,anonuid=6352,anongid=65603)
  /home/grose *(rw,sync,insecure,all_squash,anonuid=1000,anongid=1001)

  NFS Client in the VM

  The IP address is that of the Hypervisor. Adapt to your network settings.

  I keep both the Hypervisor and VM directories consistent
  mount -t nfs4 10.76.112.72:/home/ayoung /home/ayoung
  

  Build the Kernel on The Hypervisor

  Run the following commands inside your Linux directory on your hypervisor. I have mine in /home/ayoung/linux.

  make -j $(nproc) && make -j $(nproc)

  Install the Kernel in the VM

  Since the Linux directory above is mounted in the VM at /home/ayoung/linux, I can complete the install process inside the VM.

  make -j $(nproc) modules_install && make -j $(nproc) install

  reboot

January 22, 2026

• Adam Young Viewing the Flattened Device Tree from Qemu

  The Qemu implementation uses a Flattened Device Tree (FTD) to manage the virtual implementation of the physical devices in a machine. I need to create a FTD entry for the MCTP-PCC implementation I am writing in Qemu. Since this is new to me, and I am working (as I most often do) via Ttrial and error, I want to see the FTD entry after I write it. Here is how I am dumping it.

  In my script to run the virtual machine, I modify the machine entry from:

  -machine virt \

  to

  -machine virt,dumpdtb=/tmp/qemu_virt.dtb \

  And run the VM. It does not run for very long, and I get this output instead:

  [2026-01-22T18:40:07Z INFO virtiofsd] Client disconnected, shutting down

  However, I have now created a file at /tmp/qemu_virt.dtb. In order to view the contents of this file, I use the Device Tree Compiler (DTC) like this:

  dtc -I dtb -O dts -o /tmp/qemu_dtb.txt /tmp/qemu_virt.dtb

  The -I option says the input format is device tree binary, the -O says that the output format is human readable domain-specific-language, and the -o option says where to put the output file. The final parameter is the input file, which has no flag.

  If I then look at the txt file I can see the following block:

          mctp_pcc@a008000 {
                  interrupts = <0x00 0x50 0x04 0x00 0x51 0x04>;
                  reg = <0x00 0xa008000 0x00 0x8000>;
                  compatible = "mctp-pcc";
          };
  

January 21, 2026

• Adam Young Debugging Qemu with gdb

  When developing Linux Kernel code, I have found myself wanting to have a test fixture inside the Firmware that lets me inspect the values communicated out of and into the Linux Kernel. I am currently writing one such fixture in Qemu. And I have an interrupt that is not getting handled by the Linux Kernel, I think because it is not getting delivered.

  I have found it quite valuable to run this Qemu process in the Gnu Debugger. Here is how I (with help) got to the bottom of the mystery.

  One prep step is to disable some reporting in GDB. WHen GDB starts, it offers to load in debug info, but I do not need or want that. By default, GDB will break one each signal of SIGUSR1, and there are too many of them. GDB also it prints output each time a thread ends, and I don;t care about that. Add the following line to ~/.gdbinit

  set debuginfod enabled off
  handle SIGUSR1 noprint nostop
  set print thread-events off
  

  (Or you can type these into the gdb command prompt.)

  Here is how I am running the VM. Note that the first line points to a version of Qemu that I have built myself.

  gdb --args ../qemu/build/qemu-system-aarch64 \
          -machine virt \
          -enable-kvm \
          -m 16G \
          -cpu host \
          -smp 16 \
          -nographic \
          -bios /usr/share/edk2/aarch64/QEMU_EFI.fd \
          -drive if=none,file=../virt/my_vm.qcow2,id=hd0 \
          -device virtio-blk-device,drive=hd0,bootindex=0 \
          -drive file=../virt/Fedora_Server_dvd_aarch64_42_1.1.iso,id=cdrom,if=none,media=cdrom \
          -object memory-backend-file,id=mem,size=16G,mem-path=/dev/shm,share=on \
          -numa node,memdev=mem  \
          -chardev socket,id=char0,path=/tmp/virtiofs_socket  \
          -virtfs local,path=/root/adam/linux,mount_tag=mylinux,security_model=passthrough,id=fs0 \
          -device virtio-scsi-device \
          2>&1 | tee /tmp/qemu.log
  

  While there is a -gdb flag that you can include in the qemu command line, I found it did not work for me. Additionally, I may take the gdb –args string into an env var, and use that to switch whether or not to debug.

  The –args flag passes on the command line arguments into gdb to be used when the program is run. Thus, once we are on the gdb command prompt, we can set a break point like this:

  break pcc_timer_callback

  And then simply call run without any parameters.

  Since this VM is launching the Linux Kernel, there will be points in the process where the command prompt returns and you can type. For example, during grub, you can hit return to speed through the timer and launch the selected kernel: or change the selected kernel if you want. For my workflow, I need to log in to console, and then run a test script. It is this test script that triggers the break point I set above.

  One benefit to gdb is that it tells what functions are really assigned to the function pointers. For example, in the raise_irq call chain, there is a call to

  irq->handler(irq->opaque, irq->n, level);

  And stepping through, I can see that it steps into

  kvm_arm_gic_set_irq(s->num_irq, irq, level);

  And thus I can inspect the irq number:

  (gdb) print irq
  $1 = 80

  This IS the number I assigned. However…later on I see this code is executed (hw/intc/arm_gic_kvm.c starting at line 57):

   if (irq < (num_irq - GIC_INTERNAL)) {
          /* External interrupt. The kernel numbers these like the GIC
           * hardware, with external interrupt IDs starting after the
           * internal ones.
           */
          irqtype = KVM_ARM_IRQ_TYPE_SPI;
          cpu = 0;
          irq += GIC_INTERNAL;
      } 
  
  

  At first I didn’t think much of it, but, later on, a coworker and I started looking inside the Linux kernel at /proc/interrupts I see these pair of lines.

  12: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 GICv3 80 Level pcc-mbox
  13: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 GICv3 81 Level pcc-mbox
  14: 37 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 GICv3 33 Level uart-pl011

  So the interrupt handler is registered, but no interrupts have been delivered. THe 80 and 81 are the interrupt numbers. My coworker suggested I look at the next line. The UART has an interrupt of 33, but inside the Qemu code, I see this:

  static const int a15irqmap[] = {
      [VIRT_UART0] = 1,
  

  And looking for that specific UART create code:

  int irq = vms->irqmap[uart];
  ...
      qemu_fdt_setprop_cells(ms->fdt, nodename, "interrupts",
                                 GIC_FDT_IRQ_TYPE_SPI, irq,
                                 GIC_FDT_IRQ_FLAGS_LEVEL_HI);
  
  

  The UART is registered as Interrupt 33 inside the Linux Kernel, but Interrupt 1 inside Qemu. Lets go look at the value for GIC_INTERNAL

  #define GIC_INTERNAL 32

  What happens if we add 32 to the interrupt value in the code that reports the interrupt ID to the Kernel? My test runs. I can’t right now look at the interrupt delivery, as I have an infinite loop, and that is not a surprise as this code is still under development.

January 20, 2026

• Andreas Schneider Some 🌳💞 for RPM Spec

  Two years ago, I started to look into writing a tree-sitter parser as part of the “Day of Learning” at my employer. As I write and edit many RPM Spec files (also at work), I wanted better highlighting in my text editor, which is Neovim.

  I had attempted to start the project the year before but was lost. The next year, the tree-sitter documentation improved, and I finally understood the basics and began developing tree-sitter-rpmspec.

  RPM Spec is challenging (horrible) to parse. RPM spec files are parsed in multiple stages, roughly following these phases:

  Phase 1. Macro expansion pass

  • Macros (%{name}, %{version}, %define, %global, etc.) are expanded
  • This happens before the spec is interpreted as instructions
  • Macros can be nested and are expanded recursively

  Phase 2. Conditional evaluation

  •  %if, %ifarch, %ifos, %endif blocks are evaluated
  •  This determines which sections of the spec are active

  Phase 3. Section parsing and execution

  • The preamble (Name, Version, Release, etc.) is parsed first
  • Then each section (%description, %prep, %build, %install, %files, etc.) is parsed
  • Some sections like %files have their own sub-parsing for file attributes
  • Once parsed it will start executing different scriptlets to build and install the package.

  As soon as BuildArch is involved, the RPM parser needs to be able to re-read the spec file. This is one reason why it can’t read spec files from stdin, see e.g. here.

  Writing a tree-sitter parser for spec files is not straightforward. There are many pitfalls and edge cases. The two most difficult challenges are figuring out when a section ends. There is no marker or indentation. It ends when the next section starts. However right before the next section could be an %if. Does that %if belong to the section before or is it a top-level if like #ifdef in C.

  If you’re interested in the details, there is a DESIGN.md explaining some design decisions. In short, the parser.c was reaching 64MB and -Woverflow was triggered. This led to implementing an external scanner, which reduced the size to ~20MB. I rewrote the scanner.c at least 5 times from scratch. In the last rewrite, I started with the most simplest approach and built on from there, focusing on balanced parenthesis parsing for %{expand: string}.

  Yesterday, I hit the breakthrough. I successfully parsed parametric macros correctly. With this milestone, I was able write injection queries to run tree-sitter-bash on the scriptlets shell code! This means we can highlight the bash parts now!

  

  https://gitlab.com/cryptomilk/tree-sitter-rpmspec

• Fedora Community Blog 2 Weeks Left: The Flock 2026 CFP Ends Feb 2

  Prague is calling! The deadline for the Flock 2026 CFP (Call for Proposals) is fast approaching. You have until Monday, February 2nd to submit your session ideas for Fedora’s premier contributor conference.

  We are returning to the heart of Europe (June 14–16) to define the next era of our operating system. Whether you are a kernel hacker, a community organizer, or an emerging local-first AI enthusiast, Flock is where the roadmap for the next year in Fedora gets written.

  If you haven’t submitted yet, here is why you should.

  Why Submit to the Flock 2026 CFP?

  This year isn’t just about maintenance; it is about architecture. As we look toward Fedora Linux 45 and 46, we are also laying the upstream foundation for Enterprise Linux 11. This includes RHEL 11, CentOS Stream 11, EPEL 11, and the downstream rebuilder ecosystem around the projects. The conversations happening in Prague will play a part in the next decade of modern Linux enterprise computing.

  To guide the schedule, we are looking for submissions across our Four Foundations:

  1. Freedom (The Open Frontier)

  How are we pushing the boundaries of what Open Source can do? We are looking for Flock 2026 CFP submissions covering:

  • Open Source AI: PyTorch, vLLM, and the AI supply chain.
  • RISC-V: Enabling Fedora on the next generation of open silicon.
  • Open Hardware: Drivers, firmware, and board support. GPU enablement?

  2. Friends (Our Fedora Story)

  Code is important, but community is critical. We need sessions that focus on the human element:

  • Mentorship: Case studies on moving contributors from “Lurker” to “Leader.”
  • Inclusion: Strategies for building a more globally-inclusive project.
  • Community Ops: The logistics and operations of running a massive global project.

  3. Features (Engineering Core)

  The “Nitty-Gritty” of the distribution. If you work on the tools that build the OS every six months, we want you on stage:

  • Release Engineering: Improvements to Dist-git, packager tools ecosystem, and the build pipeline. Distribution security. Konflux?
  • Quality Assurance: Automated testing and CI/CD workflows.
  • Packaging: Best practices for RPM, Flatpak, and OCI containers.

  4. First (Blueprint for the Future)

  Fedora is “First.” This track is for the visionaries:

  • Strategy: What does Fedora look like in 2028?
  • Downstream Alignment: How upstream changes flow downstream.
  • New Spins: Atomic Desktops, Cloud Native innovations, and new Editions.

  Important Dates & Travel Info

  • CFP Deadline: Monday, February 2, 2026 (23:59 UTC)
  • Travel Assistance Deadline: March 8, 2026
  • Event Dates: June 14–16, 2026
  • Location: OREA Hotel Andel’s

  If you require financial support to attend, please remember that the Flock 2026 CFP submission is separate from the Travel Subsidy application, but speakers are prioritized. Make sure to apply for the Travel Subsidy by March 8.

  How to Submit to Flock 2026 CFP

  Don’t let the deadline slip past you. Head over to our CFP platform and draft your proposal today.

  Submit to the Flock 2026 CFP

  See you in Prague!

  ---

  Note: AI (Google Gemini) edited human-generated content first written by me, the author, to write this article. I, the author, edited the AI-generated output before making this Community Blog article. If you notice mistakes, please provide a correction as a reply to this topic.

  The post 2 Weeks Left: The Flock 2026 CFP Ends Feb 2 appeared first on Fedora Community Blog.

January 19, 2026

• Adam Williamson CI and LLM review on Fedora Forge with Forgejo Actions

  Hi folks! Over the last couple of weeks, we have migrated nearly all the quality team's repositories from Pagure (the old Fedora forge) to the new, Forgejo-based Fedora Forge. As part of this, I've figured out a process for doing CI with Forgejo Actions. I also came up with a way to do automated LLM pull request reviews, for those interested in that.

  For the impatient, you can just look at / copy the two workflows in python-wikitcms, but you'll at least need to read the stuff about runners below.

  Forgejo Actions works very similarly to GitHub Actions, by design. You create a .forgejo/workflows directory in your project and define workflows in it. The syntax is almost entirely compatible with GitHub Actions, but with several missing features.

  Some very commonly-used shared actions, like actions/checkout, are ported to Forgejo so you can use them directly. Other shared and third-party actions can be used by giving a full URL to them - e.g. uses: https://github.com/actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0 - but whether a given action will work or not depends on whether it's written to assume it's running on public GitHub, and whether Forgejo has all the features it needs.

  Probably the most noticeable difference with using GitHub Actions is runner availability and environment. If you have a public GitHub project you can define workflows with something like runs-on: ubuntu-latest; behind the scenes, GitHub maintains a farm of runners with various labels, of which ubuntu-latest is one, and your jobs will run on any available runner with that label. The available environments for public GitHub repos are a handful of Ubuntu, Windows and macOS versions.

  The staging instance of Fedora Forge has a few universal runners you can use like this. Currently each has only one, unique, label, so you can't specify workflows with a label like fedora and have them run on any available runner; you have to just pick one of the labels, and your jobs will always run on that runner. Maybe this will get changed at some point. But the runners are available to all repos in the staging instance, so you can just define a workflow and get it run.

  Currently the production instance has no universal runners like this; runners are limited to specific organizations. The releng and infra organizations have runners, and now I requested one, the quality organization has one too. If you want to run workflows for projects in a different organization, the first thing you'll need to do is file a ticket to request runner(s) for that organization. If you have admin access to an organization, you can see whether it has runners, and what labels they have, by visiting https://forge.fedoraproject.org/org/<organization>/settings/actions/runners.

  Once your org has at least one runner, you can define workflows and they'll run, as long as you set the runs-on value to a label that at least one of the runners has.

  However, you might be surprised by the default environment: it's currently Debian Bookworm. Until that gets fixed, you may be interested in the container directive for workflows, which lets you define any arbitrary container image to be used:

      container:
        image: quay.io/fedora/fedora:latest
  

  There is one little gotcha with this, though. Many GitHub actions, including checkout, are written in Node, but Fedora's stock container images don't have Node installed. So you have to install it before running checkout or anything else that uses Node.

  Put it all together, and here's the workflow I've defined for doing CI on Python projects with Tox:

  name: CI via Tox
  on:
    pull_request:
      types: [opened, synchronize]
  
  jobs:
    tox:
      runs-on: fedora
      container:
        image: quay.io/fedora/fedora:latest
      steps:
        - name: Install required packages
          run: dnf -y install nodejs tox git
        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
          with:
            fetch-depth: 0
        - name: Install Python interpreters
          run: for py in 3.6 3.9 3.10 3.11 3.12 3.13; do dnf -y install python$py; done
        - name: Test with tox
          run: tox
  

  That runs whenever a pull request is opened or pushed (the on section). It expects a runner with the fedora label (the runs-on setting). It uses the fedora:latest container image from quay.io (the container setting). From that image, we install packages we're going to need - including nodejs (the first step). Then we run actions/checkout to check out the PR (the second step, the uses one). Then we install all the Python interpreters we need, and run tox (the final two steps). Of course, if your project isn't Python or doesn't use Tox, you'll have to tweak this a bit, but hopefully you get the general idea.

  If you're security-minded, you might notice there's no permissions setting in this workflow. That's because Forgejo currently does not support fine-grained permissions in the automatically-generated workflow tokens. In Forgejo, the automatically-generated token always has full read/write privileges unless it's operating on a pull request from a fork, in which case it has only read permissions. Nothing finer-grained is possible at present. If you need something finer-grained, you have to generate a token manually, save it as a repository secret, and adjust your workflow (somehow) to use that and hide the automatically-generated token as far as is practically possible (that's outside the scope of this post).

  So that's CI! What about LLM pull request review? Well, if you dislike or are not interested in that, stop reading now. If you are interested, here's a recipe:

  name: AI Code Review
  on:
    pull_request_target:
      types: [labeled]
  
  jobs:
    ai-review:
      if: forgejo.event.label.name == 'ai-review-please'
      runs-on: fedora
      container:
        image: registry.gitlab.com/redhat/edge/ci-cd/ai-code-review:v2.3.0
      steps:
        - name: Run AI Review
          env:
            AI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
          run: ai-code-review --platform forgejo --pr-number ${{ forgejo.event.pull_request.number }} --post
  
    # this has to be a separate job because ai-code-review container does not have nodejs in it
    # also note this does not work for PRs from forks because of a forgejo bug
    # https://codeberg.org/forgejo/forgejo/issues/10733
    remove-label:
      runs-on: fedora
      steps:
        - uses: https://github.com/actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
          with:
            labels: ai-review-please
  

  That will cause the ai-code-review tool to review the pull request and post its analysis as a comment.

  Just a couple of things to note here. I decided to have the LLM review happen only when a pull request is given a special label. LLM reviews are relatively expensive, and also quite verbose; you don't necessarily want one cluttering up the ticket any time a pull request is created or edited, and you may not want to make it possible for someone to charge some LLM usage to your account as often as they like just by creating or editing a pull request.

  So, to use this recipe you have to create a label called ai-review-please in your repository. You can do this by going to "Issues", then clicking "Labels", then "New label". Give it whatever color and description you like. Any time you add that label to a PR, the review process will be triggered. Before adding the label to a PR you should probably make sure the PR is well-intentioned and not attempting any kind of prompt injection to get ai-code-review to disclose a secret or mess with the repository.

  The other thing is you need an AI provider API key. In this recipe we have a Gemini API key saved as a repository secret called GEMINI_API_KEY. To create repository secrets, go to repository "Settings", then "Actions", then "Secrets", and click "Add secret". In the workflow, we make the repository secret called GEMINI_API_KEY (secrets.GEMINI_API_KEY) available in the container as the environment variable AI_API_KEY; ai-code-review reads it in from there. Gemini is the default LLM provider for ai-code-review. You can also use OpenAI or Anthropic by adding an --ai-provider argument to the ai-code-review call in the workflow (obviously, then, the secret you export as AI_API_KEY must be a valid key for that provider). I'm hoping that in the not-too-distant future, we'll have an LLM model provider in Fedora infra, running open source models, that we can use for this purpose; for now, unfortunately, we have to use the hyperscaler ones.

  Finally, as noted in the comment, the workflow is intended to remove the ai-review-please label when it runs (so you don't have to remove it manually, then add it again, if you want another review later), but this does not currently work for pull requests from forks due to a Forgejo bug (because we're using pull_request_target the workflow token should have write permissions even for a fork PR, but it doesn't). If you use it on a fork PR, you'll have to remove the label manually once the workflow has triggered.

  You can, of course, change the on block to be the same as the CI recipe if you want to have LLM review run automatically whenever a PR is created or edited - but do make sure whoever's paying the bills for the API key is OK with that, and monitor the repo to make sure nobody starts creating hundreds of PRs to try and blow your budget...and hope/pray nobody manages a successful prompt injection attack. On the whole I'd stick with the label (only repository admins can label PRs, so a non-admin attacker can't apply the label themselves to trigger the review).

• Tomas Tomecek Ambient Code followup: PR merged

  This is a followup to my previous post about how I tried Ambient Code.

  TL;DR: I opened a PR (#specfile/508) and had to take over in the end.

  

  Where did we end?

  Claude Code proposed a solid implementation plan to us, Stella (the staff engineer agent) approved it.

January 18, 2026

• Matěj Cepl My experience with AI tools (as of today)

  “The principal virtues of a programmer are Laziness, Impatience, and Hubris.”

  -- Lary Wall, of course, in the perl(1) manpage

  I would like to record my current experience (and I cannot emphasize the timeliness of this post enough; it was written in mid-January 2026 and will likely be obsolete in just a few months).

  I don’t want to get into the exhausting culture war of “AI will kill us” vs. “AI will make all flowers flourish while we sip drinks with small umbrellas.” I don’t think we have a clue yet, and the truth is likely neither in the middle nor where we expect. Instead, I’ll simply describe my own experience over the last few months through a few case studies.

  epy … a terminal EPub reader

  The first case was epy, a terminal EPub reader written in Python. It’s by @wustho, who has a unique development style: rather than long-term maintenance, he often throws a quickly written program onto GitHub and abandons it after a few hundred commits. This is his second terminal EPub reader (his third is already dead after just 76 commits). Years ago, I wrote a tiny patch for it to support TTS. It was merged, but the upstream is now truly dead; the author ignores all requests, which is, of course, his right.

  I was missing command history for the search box. This is especially frustrating when using regular expressions, which the tool supports. I thought hacking in readline would be simple—it is part of the standard library, after all—but nothing I tried worked. After searching the author’s issue tracker in vain, I gave up.

  After I suffered for a couple of months without the command history, I finally, in desperation, took the Python file, where I know the key handling was, and ask some LLM (I am actually not sure which one it was) via chat to add readline support to it. And I was then explained (and somebody was laughing at me how silly I was) that it is just not possible: apparently when one wants detailed support for each key press from libcurses, it is not possible to use readline, which otherwise have tendency to take over. However, LLM didn’t stop there, and in a couple of hours or so of dialogue with it, I had support for command history (storing to the readline-compatible file), radically improved working with colours, simplified pyproject.toml, and removed a couple of bugs.

  When it was all done [1], I was sitting in front of my computer completely in shock. I haven’t experienced something like that for a long time. It truly felt like a fabled pair programming, which I have never experienced in reality, it felt like chatting with a colleague who (contrary to me) actually read and grokked whole libncurses documentation. I probably just shouldn’t let him go on freely on his own, because then he messes it up, but we together could certainly do much I myself.

  After this what I consider to be spectacular success, I decided to use newly found superpower to move a couple of projects I left on a back burner (or stashed in the back of a cupboard, because I haven’t even pretended I would ever fix them) and try to move them. First one was

  Bugseverywhere

  I have always cared for distributed storage of data and offline computing (both for privacy and offline access). Years ago I was thinking a lot about the possibility of independent issue tracking (e.g., I run Bugzilla on my own server for a long time), and after trying for a long time I came to the conclusion that distributed issue tracking together with a web interface for “normies” would be the ideal solution. Unfortunately, such projects had a horrible tendency to be abandoned, unfinished, and altogether broken (2010). Then the best distributed issue tracker was Bugseverywhere [2], but it was later abandoned anyway, and I was probably one of the last users I know about.

  I had several git repositories with BE issue tracking data, but I missed the moment when the BE bit-rotted to the state I was not able to export it to some neutral format (last, but not least, BE was Python 2). Therefore, I have tried to port BE to Python 3 manually, but I got lost in the incredible combination of Python 2 emulated decorators with very wild recursion and str/bytes mess.

  I asked Opencode with the Big Pickle model to port whole project to Python 3 and an afternoon of our dialogue (and very sharp control over what AI was suggesting, which was often nonsense) it really did so at least to the level, that AI was able to use that converted code to generate a script to convert BE database to the git-bug one.

  Is the generated code a precious gem worthy of the special ACM presentation? No, it isn’t. Is it at least good enough that it could be meant as a continuation of the project? Actually no. Perhaps, if somebody really dives in and analyses it, and fix all those bugs which were left there by the LLM, I hope this work help them to do the most boring work (like dealing with str/bytes distinctions), but it is certainly not safe to use as a web server on the public Internet (BE in the default version doesn’t have Web UI, there is completely broken branch about that; it has API available over the Internet, but I hope nobody would use it, and … it is broken as well). So, why did I do it?[3]

  !!! hint "AI can be helpful for you" I don’t know if it will ever change, but currently I don’t think AI alone can replace a good (or an average, like myself) programmer for general-purpose programming. However, it can produce a really mediocre programmer for non-programmers (and that’s awesome), it can be a very cheap mediocre programmer for tasks which nobody would bother to do otherwise, or it can be a good pair programmer. In this situation it was something in between the last two ones.

  git-bug

  That is to say, the last project standing these days is git-bug, which seems to combine all desired functionality with continuing development and some other really useful things like R/W bridges to classical issue silos (GitHub, GitLab, Jira, and Launchpad). I think these bridges are a great way to overcome one of the common problems of the distributed issue tracking, which is need for the read/write interface for regular users, who are not interested in using terminal commands. While having

  Opencode with Big Pickle happily generated PR for todo.sr.ht and generated plan for impersonating others (required for moving issue tracker to other bridge).

  !!! hint "Make plan most of the time!" That's actually another lesson from in my experience: Whenever starting some slightly more complicated task, always switch the agent to Plan mode and don’t let the agent write anything to the disc until you agree with it in a dialogue on the detailed plan what to do, and until it won’t write the plan to a file on disk (you would have to switch it to the R/W mode for that last step). This separation of planning and implementing significantly improves quality of results. Make sure to have plenty of comments and ask before you approve of the plan!

  Trello board conversion

  For a long time we have used Trello board for coordination of larger tasks inside the Python development team including our very nice community volunteers. We were using a free tier of Trello, which was very limited (least but not last in number of users), and with the switch to Gitea for our other work, it was obvious we need to switch.

  While watching something on YouTube and chatting with somebody, I have just randomly run gemini-cli and wrote to it (in the planning mode): “Write me a plan to convert this Trello board (URL and JSON dump in this file) to Gitea.” I didn’t think it would work, or that I would have to spend a lot of effort to polish the script to the useful state. It wasn’t just that one question, I have to chat with Gemini for some time and then I was testing the resulting script rather intensely, but it wasn’t more than an hour or two, and I had that Trello board converted.

  !!! hint "AI can help with many tasks generating one-shoot scripts" I don’t think it is a general tool for everybody to use, I am not even certain that it is perfect, but it did the job far faster and with a way less pain than what I expected before I asked that question. Also, I was completely floored by how the literal vibe coding (just repeating tests until the script succeeded) can lead to functional solution.

  Porting the patch for CVE-2007-4559 to Python 3.4

  CVE-2007-4559 was originally put aside as too big effort for avoiding too little danger (which is why it has that old year in the CVE ID) and it stayed on the back burner for a long time. However, after many complaints (and one security firm opening 65+k PRs pretending to fix this!) Victor Steiner started in March 2023 effort to hugely modify tarfile (and zipfile and other related) package(s) in order to make it much more robust against abuse, especially by introducing extraction filters, which can harden extraction of files significantly. After a couple of modifications and significant bug fixes it is what is in the current Python.

  Given that the original PR was created in time when even Python 3.7 was still officially supported, I didn’t have that many problems to backport the patch to Python 3.6, and then subsequent modifications and bugfixes were not that enormous. Well, “not that many problems” was like a week work, but it was doable. When I tried to port that patch to Python 3.4 (which is the basic /usr/bin/python3 in SLE-12) I got completely lost. There were significant changes in the general files treatment between 3.4 and 3.6, and I just wasn’t able to make the test suite passing. After I wasted two weeks of work, and I have not got anywhere (even asking Gemini for help, but it was only the web chat dialogue then, and it certainly wasn’t where we are now), I just gave up and asked for (and was granted) WONTFIX on Python 3.4 bug. I put the whole project on the deep back burner and hoped that I would eventually find a time and found some magic to make it work.

  Then before the Christmas, one of our clients came with the strong request that they want this bug to be fixed, and so I with some hesitancy promised to have a look at it. Then some other things piled up, and I got to it only after the New Year. After the above-mentioned experiences with other projects, I pulled out gemini-cli (and I have actually tried even opencode with free models, but they obviously hit their limits there) and started digging. It wasn’t simple, it took me another week or so to get through all idiosyncrasies of that code, Gemini needed a lot of coaching and pushing out of the dead alleys it was throwing ourselves into, but in the end we were successful. Again, the experience was much more fruitful when using the Plan mode more (otherwise, all models have tendency to just try random things without really deeply thinking about it), or sometimes even taking individual issues to the web chat mode, where LLM is completely reduced only to the thinking, not doing anything.

  !!! hint "Pair programming is the best model from the experience" I watched all those happy videos, when a programmer asked AI to “make things more beautiful” and it did. I don’t know, in which world these people live in; perhaps, in the more unified world of the simple web apps it is possible, but certainly it wasn’t possible with my Python interpreter experience. I had to get deep into the details and dirty. When fighting failing tests, there was nothing remotely like vibe coding involved.

  ---

• Bodhi 25.11.3

  Released on 2026-01-18.
  This is a bugfix release which also brings some minor feature enhancements.

  Features

  • client: when downloading packages use the --fallback-unsigned option to tell Koji to fall back to getting unsigned packages if it can't get signed ones (#6039).
  • server: allow retrieving a (Fedora) release by searching for rawhide (#6061).
  • server: added an X-Bodhi-Agent header to emails sent on update comments (#6065).
  • server: don't send a comment email notification to the comment author (#6066).

  Bug fixes

  • server: avoid manually setting TestGatingStatus.waiting on Update before calling update_test_gating_status() (#6044).
  • server: builds with too long NVR (>100 chars) are now ignored by the automatic updates consumer (#6063).

  Contributors

  The following developers contributed to this release of Bodhi:

  • Adam Williamson
  • Mattia Verga

January 17, 2026

• Kevin Fenzi misc fedora bits for second week of jan 2026

  

  Greetings everyone. Happy new year!

  This last week was the first full week I was back at it after the holidays.

  Holidays

  So, how did that go? It was pretty good. I did manage to finish my december of docs with only missing one day. Closed about 40 tickets, made about 30 pr's for infra docs. Good progress. I might try and resume doing them, it is kind of nice to chip away at them over time.

  I got a number of home projects done that I kept not having time for:

  • Migrated all my bespoke firewall rules to nftables

  • Fixed up my email setup to block more junk

  • setup fail2ban finally when the ssh and dovecot and postfix brute forcers were making my logs hard to read. I wasn't worried about any of them getting in, but no reason not to just block them all.

  Also did a bunch of learning about solar and home backups and batteries. I'm likely to pull the trigger on a solar system before too long.

  Sadly, the world in 2026 is pretty horrible, but I will do my best to do what I can to help others and hope we can all collectively return the world to some sanity.

  FESCo

  fesco elections completed and I was elected again. Thanks so much everyone who voted for me. I will try and do my best (as always). If you have some concern or issue for fesco, feel free to let me know.

  I think the slate of candidates were all excellent and I look forward to working with the new members to make fedora better.

  Catchup

  I tried to keep an eye out on things during the holidays, so catching up wasn't as bad as if I ignored everything, but still a lot to process through. I have now I think mostly done so, so if you asked me something or sent me a message looking for a reply and haven't seen it yet, please do check with me again.

  mass rebuild

  The f44 mass rebuild started, all be it a few days late. There was a large boost update and then some last minute tools builds that had to get in, but it's finally going now since yesterday. Typically these take a few days to rebuild most everything, then there's a few stragglers. I am not sure if it will be done by monday, but it shouldn't be too far off that. Then, we will merge things in and start getting ready for branching in a few weeks.

  forge move

  Next tuesday ( 2026-01-20 at 21UTC) I plan to migrate the fedora infra ticket tracker ( https://pagure.io/fedora-infrastructure ) to the new forge ( https://forge.fedoraproject.org/infra/tickets ). I sent out an announcement and will try and make things as smooth as possible.

  If you do interact with infra you may want to login to forge and set your notifications as you like. Right now email notifications are not on by default, so if you want emails you need to enable them in your prefs.

  I'm really looking forward to having this moved. We will likely look at moving our ansible repo after this and a few others. Our docs repo was already moved before the holidays.

  Upcoming

  I have a few things I really want to get to soon:

  • I want to FINALLY land the pesign changes to sign secure boot via sigul. I have a pr I made last year, need to fix it up some, deploy and test.

  • I want to look into the 502's people have been seeing and try and figure out where in the proxy stack thats happening and hopefully fix it up.

  • We got over 100 tickets pending last week. I processed/fixed a number, but we are still up to 92 as of today. I'd like to fight those down again.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/115911910269440220

January 16, 2026

• Swiss JuristGate Luzern Lion Monument, Albanian Female Whistleblowers: Swiss jurists were cowards

  In a previous post, we looked at how Debianists wanted to use Swiss police to find and arrest whisteblowers who use Proton Mail. As it turns out, the Swiss police had already arrested the Albanian female whisteblowers at Zurich airport in 2017.

  After being released from custody, the whistleblowers visited the famous Lion monument in the city of Luzern.

  This is Anisa Kuci and Kristi Progri from the famous Open Labs hackerspace in Albania, now working for GNOME Foundation:

  

   

  In medieval times, Swiss guards were mercenaries who bravely offered protection to kings and queens in all the royal courts of Europe. Their role was similar to that of the Cuban guards assigned to protect the president of Venezuela.

  Today, the only remaining Swiss guard unit protects the Pope in the Vatican. The other units were all disbanded.

  The Lion monument honors 760 guards who lost their lives in the service of the French royal court. They were overrun by a much larger force, they held their ground only to be massacred during the French Revolution in 1792.

  While the Swiss guards were commended for their bravery, Swiss jurists, such as those we examine on the JuristGate web site have been nothing but despicable cowards.

  When the Software Freedom Institute was founded in 2021, IBM Red Hat was terrified and sent lawyerists to harass the Institute. The Institute had purchased Swiss legal protection insurance and immediately asks the Swiss jurists to help defend the Institute from IBM Red Hat. The Jurists were terrified and made up excuses, running away to hide behind the skirts of mother Helvetica:

  Subject: 	Re: Fwd: Red Hat, Inc. v. Daniel Pocock / Software Freedom Institute SA - FA2201001980642 - Commencement - E-mail 3/3
  Date: 	Fri, 18 Feb 2022 14:18:22 -0800
  From: 	PT Partners <info@ptpartners.ch>
  To: 	daniel@softwarefreedom.institute
  
  Chère cliente, cher client, cher partenaire,
  
  Votre message a bien été réceptionné. Nous vous répondrons aussi vite que possible. Suite à l'envoi de votre courriel, merci de ne pas écrire de mails supplémentaires jusqu'à la prise de contact de l'un de nos collaborateurs.
  
  En raison des féries judiciaires, nos délais de réponse minimums sont suspendus. Nous vous reviendrons cependant au plus vite.
  
  Cordialement,
  
  -- 
  Mathieu Parreaux
  Associé
  
       Parreaux, Thiébaud & Partners
       Département juridique
       Avenue des Grandes Communes 8
       1213 Petit-Lancy
       022 342 38 94
  
  

  Second response, four days later...

  Subject: 	Re: Fwd: Red Hat, Inc. v. Daniel Pocock / Software Freedom Institute SA - FA2201001980642 - Commencement - E-mail 3/3
  Date: 	Tue, 22 Feb 2022 06:39:55 -0800
  From: 	Mathieu Parreaux <m.parreaux@ptpartners.ch>
  To: 	daniel@softwarefreedom.institute
  
  Bonjour,
  
  Merci pour votre courriel. Je le traiterai aussi rapidement que possible. Mes délais de réponse sont de 1 à 3 jours ouvrables. Si vous êtes un client Platinum et que le cas est urgent, vous pouvez me joindre sur mon portable personnel.
  
  Cordialement,
  
  -- 
  /     [L’excellence au travers des actes]/
  /
  /__ /    Mathieu Parreaux
  
        Managing Partner
        https://www.ptpartners.ch/
  
        Siège de Genève____
        Av. des Grandes-Communes 8
        1213 Petit-Lancy
        022 342 38 94
  
  

  A skeleton response was prepared by the Institute and sent to the jurists to help them get started:

  Subject: 	Re: Fwd: Red Hat, Inc. v. Daniel Pocock / Software Freedom Institute SA - FA2201001980642 - Commencement - E-mail 3/3
  Date: 	Tue, 22 Feb 2022 16:01:54 +0100
  From: 	Luc Zimmermann <l.zimmermann@ptpartners.ch>
  To: 	Daniel Pocock <daniel@softwarefreedom.institute>
  CC: 	PT Partners <info@ptpartners.ch>, Mathieu Parreaux <m.parreaux@ptpartners.ch>
  
  Cher Monsieur,
  
  Merci de votre message et ses annexes.
  
  J'ai répondu audit message ce jour sur la chaîne d'e-mails principale/pertinente.
  
  Avec mes sentiments dévoués,
  
  /
  /
  /__ /    Luc Zimmermann
  
        Titulaire du brevet d'avocat
        https://www.ptpartners.ch/
  
        Siège de Genève____
        Avenue des Grandes-Communes 8
        1213 Petit-Lancy
        022 342 38 94
  
  Le mar. 22 févr. 2022 à 15:39, Daniel Pocock  a écrit :
  
  
      Bonjour
  
      Ils demandent un réponse ce semaine, jusqu'à 28.02.2022
  
      J'ai trouvé quelque preuves et j'ai ecrit un skeleton du réponse,
      ci-joint
  
      Daniel
  
  

  The following morning, Luc Zimmermann sends an excuse about not helping victims of UDRP harassment in Switzerland.

  Subject: 	Re: Fwd: Red Hat, Inc. v. Daniel Pocock / Software Freedom Institute SA - FA2201001980642 - Commencement - E-mail 3/3
  Date: 	Wed, 23 Feb 2022 09:32:52 +0100
  From: 	Luc Zimmermann <l.zimmermann@ptpartners.ch>
  To: 	Daniel Pocock <daniel@softwarefreedom.institute>
  CC: 	PT Partners <info@ptpartners.ch>, Mathieu Parreaux <m.parreaux@ptpartners.ch>
  
  Cher Monsieur,
  
  Merci de votre retour.
  
  Je prends bonne note qu'il ne s'agit pas du même cas que celui pour lequel je vous ai adressé un e-mail séparé de réponse le 22.02.22 (à 16h01).
  
  Nous prenons en charge des cas qui relèvent du droit suisse, p. ex. un litige à l'étranger qui a un for en Suisse et a pour droit applicable le droit suisse, de sorte que, comme dit, ici, nous ne pouvons entrer en matière.
  
  Vous remerciant de votre compréhension, je vous prie d'agréer, cher Monsieur, mes salutations distinguées,
  
  /
  /
  
  /__ /    Luc Zimmermann
  
        Titulaire du brevet d'avocat
        https://www.ptpartners.ch/
  
        Siège de Genève____
        Avenue des Grandes-Communes 8
        1213 Petit-Lancy
        022 342 38 94
  

  The jurist who sent these excuses, Luc Zimmermann, is also a member of Le Centre (The Center) political party and he has a prominent role in the Geneva Municipal Council. The same political party has been linked to conflicts of interest in the prosecution of the Crans-Montana tragedy.

  The Institute's director had to spend a whole Sunday preparing the response to the UDRP harassment on his own.

  The legal panel ruled that the UDRP case was created for the purpose of harassing the Institute and it was an abuse of the administrative procedure.

  In these circumstances, why were the Swiss jurists so cowardly?

  In their marketing, they claim that no case is ever rejected.

  Consider the irony: the cowardly jurists were unwilling to defend the UDRP case even though the Institute was on the right side of the law. Yet it was the jurists themselves who were usurping the reputation of the legendary Tissot boss Francois Thiébaud.

• Tomasz Torcz Apple knows better (how big it is)

  Last year, I've spent few months exchanging emails and packet dumps with Zoom's support. They provide videoconferencing software which gave me connectivity problems . Specifically, Zoom client, on my work Macbook, when connected to my home network, failed. To make reporting harded, Zoom's webpage did not open in Chrome on that laptop neither.

  Perplexingly, my private Fedora laptop, on the same network, had no problems whatsoever. I'll spare the details of weeks-long investigation (no, it wasn't DNS' fault; nor Cloudflare's).

  The problem source…

  MacOS X DHCP client ignores Maximum Transfer Unit (option 26) from DHCP server!

  I couldn't believe it, but there are tons of similar reports over the net. Apparently, Apple deems MTU information not trustworthy. Well, thank you �, there went weeks of my time.

  Why do I even have non-standard MTU in my network?

  Since my ISP was acquired, I had to deal with blast-from-the-past networking. Plain, reliable Ethernet connection was replaced with PPPoE, lowering the MTU to 1492 bytes, bringing distaste and headaches.

  Why other webpages and software continued working?

  Most communications use TCP/IP protocol, which knows how to deal with decreased MTU. Modern pages (and Zoom) try to use QUIC protocol. It works over UDP. UDP has no mechanisms of Path MTU discovery and too big packets are just dropped. PMPTU for QUIC is still at a draft stage.

  Why it started to happening recently?

  Due to other circuimstances, I had disabled IPv6 connectivity for my work laptop around summer last year. I didn't noticed at the time, but before that, Zoom worked fine over IPv6. MTU information from RA is good enough for Apple, whereas from DHCP is a no-no.

  Kudos to Zoom Support, for spotting the MTU problem in the end.

  030/100 of #100DaysToOffload

• Remi Collet ⚙️ PHP version 8.3.30, 8.4.17, and 8.5.2

  RPMs of PHP version 8.5.2 are available in the remi-modular repository for Fedora ≥ 41 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  RPMs of PHP version 8.4.17 are available in the remi-modular repository for Fedora ≥ 41 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  RPMs of PHP version 8.3.30 are available in the remi-modular repository for Fedora ≥ 41 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  ℹ� These versions are also available as Software Collections in the remi-safe repository.

  ℹ� The packages are available for x86_64 and aarch64.

  ℹ� There is no security fix this month, so no update for version 8.2.30.

  Version announcements:

  • PHP 8.5.21 Release Annoucement
  • PHP 8.4.17 Release Annoucement
  • PHP 8.3.30 Release Annoucement

  ℹ� Installation: Use the Configuration Wizard and choose your version and installation mode.

  Replacement of default PHP by version 8.5 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.5/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.5
  dnf update
  

  Parallel installation of version 8.5 as Software Collection

  yum install php85

  Replacement of default PHP by version 8.4 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.4/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.4
  dnf update
  

  Parallel installation of version 8.4 as Software Collection

  yum install php84

  Replacement of default PHP by version 8.3 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.3/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.3
  dnf update
  

  Parallel installation of version 8.3 as Software Collection

  yum install php83

  And soon in the official updates:

  • Fedora Rawhide now has PHP version 8.5.2
  • Fedora 43 - PHP 8.4.17
  • Fedora 42 - PHP 8.4.17

  ⚠� To be noticed :

  • EL-10 RPMs are built using RHEL-10.1
  • EL-9 RPMs are built using RHEL-9.7
  • EL-8 RPMs are built using RHEL-8.10
  • intl extension now uses libicu74 (version 74.2)
  • mbstring extension (EL builds) now uses oniguruma5php (version 6.9.10, instead of the outdated system library)
  • oci8 extension now uses the RPM of Oracle Instant Client version 23.9 on x86_64 and aarch64
  • A lot of extensions are also available; see the PHP extensions RPM status (from PECL and other sources) page

  ℹ� Information:

  • Migrating from PHP 8.2.x to PHP 8.3.x
  • Migrating from PHP 8.3.x to PHP 8.4.x
  • Migrating from PHP 8.4.x to PHP 8.5.x

  Base packages (php)

  

  

  

  Software Collections (php83 / php84 / php85)

  

  

  

January 15, 2026

• Matěj Cepl Rant about the current state of OpenSSL

  Somebody on the SUSE internal chat mentiond the blog post of PyCA maintainers on the current state of OpenSSL, and I felt the need to add my €0.02 from the M2Crypto maintainer’s point of view.

  1. I completely agree. When I read “Network Security with OpenSSL” by Viega, Messier, and Chandra, I had some idea what they are talking about (modulo some threading chapters which made my brain hurt, but multiprocessing does that to me every time). Since 3.0 I have no idea. I have been promised by Tomáš Mráz (then still my colleague in Red Hat) that changes in the first post-HeartBleed release (1.1.1?) will make API stable. Then they completely rewritten it in 3.0 again. It never got stable. Every minor release without one exception everybody has to port their software to new API.

  2. Documentation is atrocious. For such high-profile security library it is crazy how poor their documentation is and it is getting worse. I really believe their manpages were much better, but given that their API is completely out of control no wonder they are not able to document it. I spent days of my time trying to fix https://todo.sr.ht/~mcepl/m2crypto/9 and in the end creation of new X509 extension is such magic, that I had to look through the source code, because some aspects of it are just not documented at all, and the in the end the fix severely limits what can be done, because I have never managed to achieve all what I wanted.

  3. However, and that’s the most crucial point for me. M2Crypto is not PyCA: it is not an universal cryptography library for Python programmers, but it is nothing more and nothing less than legacy Python bindings for OpenSSL for legacy applications, so I will never abandon it. If somebody proposes LibreSSL/etc. patch, I am willing to take it, but switching from OpenSSL would be loosing raison d'être of it.

  4. One point aside: I remember too much, so I do remember when PyCA was originally created, that it was not meant to be OpenSSL Python bindings even as much as it is now. It was meant to have multiple changeable backends (there were even some drafts I believe of Windows CryptoAPI and Apple API ,either CDSA and CSSM or Security Framework, not sure). Perhaps they could return to that idea.

January 14, 2026

• Charles-Antoine Couret N'utilisez plus Fedora Linux 41 qui n'est plus maintenu

  C'était le mardi 15 décembre 2025 que la maintenance de Fedora Linux 41 a pris fin.

  Qu'est-ce que c'est ?

  Un mois après la sortie d'une version de Fedora n, ici Fedora Linux 43, la version n-2 (donc Fedora Linux 41) n'est plus maintenue.

  Ce mois sert à donner du temps aux utilisateurs pour faire la mise à niveau. Ce qui fait qu'en moyenne une version est officiellement maintenue pendant 13 mois.

  En effet, la fin de vie d'une version signifie qu'elle n'aura plus de mises à jour et plus aucun bogue ne sera corrigé. Pour des questions de sécurité, avec des failles non corrigées, il est vivement conseillé aux utilisateurs de Fedora Linux 41 et antérieurs d'effectuer la mise à niveau vers Fedora Linux 43 ou 42.

  Que faire ?

  Si vous êtes concernés, il est nécessaire de faire la mise à niveau de vos systèmes. Vous pouvez télécharger des images CD ou USB plus récentes.

  Il est également possible de faire la mise à niveau sans réinstaller via DNF ou GNOME Logiciels.

  GNOME Logiciels a également dû vous prévenir par une pop-up de la disponibilité de Fedora Linux 43 ou 42. N'hésitez pas à lancer la mise à niveau par ce biais.

• Charles-Antoine Couret Revue de presse de Fedora Linux 43

  Cela fait depuis Fedora 19 que je publie sur la liste de diffusion de Fedora-fr une revue de presse de chaque sortie d'une nouvelle version. Récapituler quels sites en parle et comment. Maintenant, place à Fedora Linux 43.

  Bien entendu je passe sous silence mon blog et le forum de fedora-fr.

  Sites web d'actualité

  • Linuxfr ;
  • Next ;
  • GinjFo ;
  • GoodTech

  Soit 4 sites.

  Les vidéos

  • Linuxtricks.

  Soit 1 vidéos.

  Bilan

  Le nombre de sites parlant de Fedora Linux 43 est en légère baisse.

  Les deux semaines après sa sortie, nous avons eu globalement une augmentation de visites par rapport à la semaine d'avant de cet ordre là :

  • Forums : hausse de 19% (près de 600 visites en plus)
  • Documentation : données non interprétables à cause d'une masse de visiteurs chinois (bots ?) sur cette section depuis septembre 2025
  • Le site Fedora-fr : hausse de 5% (soit 20 visites en plus)

  Si vous avez connaissance d'un autre lien, n'hésitez pas à partager !

  Rendez-vous pour Fedora Linux 44.

January 12, 2026

• Tomas Tomecek Ambient Code: first impressions

  Ambient Code is a platform (not covered here) and a collection of AI coding agents and workflows designed to help with software development. I decided to give it a shot and see how well their agents can analyze and contribute to one of our projects in Packit org. The first tool we are going to use is called agentready. It checks how well a project is maintained and suited for AI-assisted development.

• Guillaume Kulakowski Comment j’organise mon NAS et mes services auto-hébergés

  Cela fait maintenant un bon moment que je possède un NAS, et je n’avais encore jamais pris le temps de décrire réellement ma stack ni les applications que j’y héberge. Cet article est donc l’occasion de corriger cela. Références et inspiration S’il ne fallait citer qu’une seule référence incontournable dans le monde du self-hosted, ce […]

  Cet article Comment j’organise mon NAS et mes services auto-hébergés est apparu en premier sur Guillaume Kulakowski's blog.

January 11, 2026

• Jamie Nguyen Curious things I discovered about Ansible in Advent of Code

  In December, I did my first Advent of Code (opens in new tab). I used Ansible, which is a terrible choice for programming challenges but that’s part of the fun!

  Note

  I gave myself these rules:

January 09, 2026

• Kushal Das Introducing EktuPy

  Py (daughter) is now 11 years old, and she spends a lot of time on Scratch, makes beautiful and fun things. But, she thinks she is not a programmer as she is moving blocks and not typing code like us. I had questions for long time about how to move this Scratch generation into programming in general via Python. EktuPy is my probable solution.

  

  In simple words, we have an editor to write code in the left, and a Canvas/stage on the left. You can do all the similar things you do on scratch here, I have a list of examples in the editor.

  

  We use PyScript and thanks to Astral we have both Ruff and ty for LSP/linting support in the editor (using webassembly). The whole code is executing on the browser of the user.

  

  

  

  Yesterday I took part in the monthly PyScript Fun call because Nicholas reminded me, had fun to demonstrate it there and watched what others are building.

  

  The first time Py pocked around for 1:30 hours, she gave me 11 bugs, and next for 5 minutes and asked me to get tutorials, she did not want to read the documentation. So, for every example in the editor we have tutorials, not too detailed yet, but good enough to start.

  

  You can create an account and save your programs. You can share them as public from your dashboard, then others can find those in the explorepage and run the code or remix if they want.

  

  I am super nostalgic about one implementation :)

  Oh, because I think kids may not have to learn about async programming in this platform, calls like wait() or ask() or play_sound_until_done() or wait_until() are all synchronous for the edtior, and then some AST transformer adds the async/await as needed.

  Feel free to try this out, share the link to your kid or teachers/parents you know. Let me know how to improve. I will publish the codebase, a Django application with proper license and hopefully we can make it even better togather.

  This project was not possible without all the work done before, including Scratch, or CodeMirror for the edtior, PyScript / PyOdide, the bigger Python community and Claude/Opus4.5 for incredicable TypeScript/Javascript help :)

January 08, 2026

• Remi Collet 🪦 PHP 8.1 is retired

  Two year afters PHP 8.0, and as announced, PHP version 8.1.34 was the last official release of PHP 8.1

  To keep a secure installation, the upgrade to a maintained version is strongly recommended:

  • PHP 8.2 has security only support and will be maintained until December 2026.
  • PHP 8.3 has security only support and will be maintained until December 2027.
  • PHP 8.4 has active support and will be maintained until December 2026 (2028 for security).
  • PHP 8.5 has active support and will be maintained until November 2027 (2029 for security).

  Read :

  • PHP Supported versions
  • Migration guide from PHP 8.1.x to PHP 8.2.x
  • Migration guide from PHP 8.2.x to PHP 8.3.x
  • Migration guide from PHP 8.3.x to PHP 8.4.x
  • Migration guide from PHP 8.4.x to PHP 8.5.x

  ℹ️ However, given the very important number of downloads by the users of my repository the version is still available in remi repository for Enterprise Linux (RHEL, CentOS, Alma, Rocky...) and Fedora and will include the latest security fixes.

  ⚠️ This is a best effort action, depending on my spare time, without any warranty, only to give users more time to migrate. This can only be temporary, and upgrade must be the priority.

  You can also watch the sources repository on github.

January 07, 2026

• Jon Chiappetta Google Cancels Gmailify! :O :(

  Link: https://support.google.com/mail/answer/16604719?hl=en

  First, Yahoo cancels simple mail forwarding. Then I try to use the Google gmailify feature to get my email as well as be able to send mail on behalf of my domain name. Next, Google cancels gmailify so now I have recently switched everything over to Fastmail, which offers both of these features plus the label organization and filtering capabilities — but for a price of course. Anyway, I’ve been using Gmail for many many years since it was Beta as my default mail client but now that time has come to an end sadly…

  

• Nikos Roussos 39c3 notes

  

  This is a quick notes post about the recent Chaos Computer Congress. It was nice to participate again after two years.

  Talks

  • All Sorted by Machines of Loving Grace? "AI", Cybernetics, and Fascism and how to Intervene
    The talk explores the roots of today's tech fascism and its love for tech. Full of nice rants.

  • A post-American, enshittification-resistant internet
    A very condensed talk, in the usual style of Cory Doctorow. A bit optimistic, but the whole analysis definitely worths it. I loved the phrase "Time to seize the means of computation!".

  • AI Agent, AI Spy
    Based on a Signal Foundation research. How AI compromises the trust we usually have on operating systems. Very critical when you are relying on end-to-end encryption, making the assumption that you can trust both ends.

  • Coding Dissent: Art, Technology, and Tactical Media
    Artistic practices that engage with sociotechnical systems through tactical interventions. Showcasing certain Art/Tech projects with political impact.

  • Suing spyware in Europe: news from the front!
    The current status of the legal action against European governments using spyware (like Pegasus and Predator) to spy on people.

  Self-organized sessions

  • Repressions and Surveillance of Pro-Palestine Speech in Germany
    An overview of how German authorities have engaged in systematic repression of Pro-Palestine speech. With a reference to a new Berlin law that allows police to physically compromoise devices by intruding into private homes.

  • Running a NGO on FreeSoftware
    Fascillitated by FSFE to showcase what kind software is being used for day to day operations. Many other tech people from other NGOs participated in the discussion. Common struggles on getting away from big tech companies.

  • Tales of apartheid
    Stories of a Palestinian Israeli citizen on what Apartheid actually looks like.

  Projects

  Some quick links on projects and ideas captured in my notes based on discussions during the Congress.

  • AI War Cloud αn interactive database exploring the connection of tech companies with military operations and warfare. This was set up as an interactive installation during the Congress.
  • I was reminded again about Tor Snowflake proxy project. Something we could fairly easily set up on LibreOps.
  • plaintext, yet another chat project. This one aims on being a decentralized social network that uses plain text files over HTTP.
  • Solarpunk missions, that run through out the Congress but can be an inspiration for future projects.
  • Anubis AI firewall. If your website is suffering from excessive AI bots scraping.
  • Congress Checklist could be handy for the next one ;)

• Daiki Ueno GNOME.Asia Summit 2025

  Last month, I attended the GNOME.Asia Summit 2025 held at the IIJ office in Tokyo. This was my fourth time attending the summit, following previous events in Taipei (2010), Beijing (2015), and Delhi (2016).

  As I live near Tokyo, this year’s conference was a unique experience for me: an opportunity to welcome the international GNOME community to my home city rather than traveling abroad. Reconnecting with the community after several years provided a helpful perspective on how our ecosystem has evolved.

  Addressing the post-quantum transition

  During the summit, I delivered a keynote address regarding post-quantum cryptography (PQC) and desktop. The core of my presentation focused on the “Harvest Now, Decrypt Later” (HNDL) type of threats, where encrypted data is collected today with the intent of decrypting it once quantum computing matures. The talk was followed by the history and the current status of PQC support in crypto libraries including OpenSSL, GnuTLS, and NSS, and concluded with the next steps recommended for the users and developers.

  It is important to recognize that classical public key cryptography, which is vulnerable to quantum attacks, is integrated into nearly every aspect of the modern desktop: from secure web browsing and apps using libsoup (Maps, Weather, etc.) to the underlying verification of system updates. Given that major government timelines (such as NIST and the NSA’s CNSA 2.0) are pushing for a full migration to quantum-resistant algorithms between 2027 and 2035, the GNU/Linux desktop should prioritize “crypto-agility” to remain secure in the coming decade.

  From discussion to implementation: Crypto Usage Analyzer

  One of the tools I discussed during my talk was crypto-auditing, a project designed to help developers identify and update the legacy cryptography usage. At the time of the summit, the tool was limited to a command-line interface, which I noted was a barrier to wider adoption.

  Inspired by the energy of the summit, I spent part of the recent holiday break developing a GUI for crypto-auditing. By utilizing AI-assisted development tools, I was able to rapidly prototype an application, which I call “Crypto Usage Analyzer”, that makes the auditing data more accessible.

  

  Conclusion

  The summit in Tokyo had a relatively small audience, which resulted in a cozy and professional atmosphere. This smaller scale proved beneficial for technical exchange, as it allowed for focused discussions on desktop-related topics than is often possible at larger conferences.

  Attending GNOME.Asia 2025 was a reminder of the steady work required to keep the desktop secure and relevant. I appreciate the efforts of the organizing committee in bringing the summit to Tokyo, and I look forward to continuing my work on making security libraries and tools more accessible for our users and developers.

January 06, 2026

• Tomasz Torcz I Voted, F43 edition

  I've cast my votes in Fedora Engineering Steering Comittee. The voting closes tomorrow.

  As usual, I've read interview with the candidates, and then decided on my preferences. Red Hat employees get a minus, new faces get plus. There are exceptions, it's not a hard rule!

  That's one of the way I contribute to Fedora. Sometimes I blog about elections. I've also been a Fedora packages for almost 18 years!

  

  028/100 of #100DaysToOffload

• Kushal Das 2025 blog review

  After 2005 again in 2025 I wrote only 8 blog posts. The year was difficult in many different ways. But, from September things became a bit better. I could not do a lot of things which I thought I would do, or rather I promised to do.

  I hoping to catch up on those promises in the coming months. That not only includes blog posts on vairous things I am writing/building, but also I have a huge backlog of photos to work on and publish.