Fedora is a Trademark of Red Hat, Inc, an operating system built by volunteers around the world. This page is provided so that independent volunteers can showcase our contributions to Fedora and Free Software in general. Official Fedora Download page.

RSS Atom

We Make Fedora

April 26, 2025

• Kevin Fenzi Late April infra bits 2025

  

  Another week has gone by. It was a pretty quiet one for me, but it had a lot of 'calm before the storm' vibes. The storm being of course that may will be very busy setting up the new datacenter to try and migrate to it in june.

  Datacenter Move

  Still don't have access to our new hardware, but I'm hoping early next week I will. I did find out a good deal more about networking there and setup our dhcp server already with all the mac addresses and ip's for the management interfaces. As soon as that comes up they should just get the right addresses and be ready to work on.

  Next week then would be spent setting firmware the way we want it, testing a few install paramaters to make sure how we want to install the hosts, then move on to installing all the machines.

  Then on to bootstrapping things up (we need a dns server, a tftp server, etc) and then installing openshift clusters and virthosts.

  So, we are still on track for the move in June as long as the management access comes in next week as planned.

  nftables in production

  We rolled out our switch from iptables to nftables in production on thursday. Big shout out to James Antill for all the scripting work and getting things so they could migrate without downtime.

  The switch did take a bit longer than we would have liked, and there were a few small hiccups, but overall it went pretty well.

  There are still some few openqa worker machines we are going to migrate next week, but otherwise we are all switched.

  Staging koji synced

  To allow for some testing, I did a sync of our production koji data over to the staging instance. This takes a long long time because it loads the prod db in, vacuums it, then modifies it for staging.

  There was a bit of breakage at the end (I needed to change some sequences) but otherwise it went fine and now staging has all the same tags/etc as production does.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114405223201008788

April 25, 2025

• Daniel Pocock In defence of JD Vance, death of Pope Francis

  When the sad news appeared about the death of Pope Francis on Easter Monday, people were quick to politicize the tragedy with references to his last official duty, a meeting with US Vice President JD Vance.

  What about that dossier on abuse that changed hands on Good Friday? It fits an awkward pattern of dossiers and deaths.

  Obituaries and commentaries have appeared far and wide. Many of them begin by praising the late Pope's work on climate and the poor and then they go on to politely but firmly express concern that he could have done more for victims of abuse. We need to look at the other Francis.

  Walter Francis Pocock

  Walter Francis Pocock was born on 28 February 1938. He went to the former St Patrick's college in East Melbourne and then became a Catholic school teacher. He rose through the ranks of schoolteachers to become a headmaster and then he went on to work in administration at the Catholic Education Office (CEO), part of the Archdiocese of Melbourne.

  On 28 February 1998, Pope Francis had become Archbishop of Buenos Aires, on the birthday of Walter Francis Pocock. On 28 February 2013, Pope Benedict XVI resigned, creating the opportunity for Pope Francis to become Pope.

  The brother of Walter Francis Pocock is my father, who attended Xavier College, one of Australia's most prominent Jesuit schools. Pope Francis was the first Jesuit pope. Dad and his brother both worked at the Catholic Eduction Office.

  My uncle died in 2011. One of the most visible parts of his legacy is the work of his daughters. Bernice became a nurse back in the 1990s. She has worked her way up to the top of her profession, becoming the Health Complaints Commissioner for the State of Victoria.

  In that role, she personally signs each of the prohibition orders.

  Australia's Royal Commission into Institutional Abuse published a huge archive of internal documents from the Catholic Church. Looking through those documents, we can see that the church removed fewer abusers in fifty years than Bernice has removed in just two years.

  The connections don't stop there of course. Pope Francis had a special relationship with the State of Victoria, having invited Cardinal George Pell, who started his career in Ballarat, to be the treasurer of the Vatican.

  Let's have a fresh look at the history and how it intersects with deaths of both Cardinal Pell and Pope Francis.

  17 April 2011, the day that Adrian von Bidder died, was both the day that Carla and I married and it was Palm Sunday, the beginning of Holy Week.

  In December 2018, Cardinal Pell was convicted of abuse, although he was subsequently acquitted on appeal. On one of the most important Christian holidays, the night before Christmas, the Debianists went nuts spreading rumors about my family and abuse. Some of them are still nuts today. Sadly, more of these people have died.

  In my last call with Dad, he was clearly disturbed about the Pell situation and the proximity of our family to these matters.

  On 17 April 2019, which was Holy Wednesday, the current Archbishop of Melbourne put out a public statement about the grief many people felt throughout the Archdiocese. This was particularly profound for those who worked for the church. People like my father and his brother would see Cardinal Pell in the office from time to time when he was Archbishop of Melbourne. It would have been even more inconvenient for my father as this statement came out on our wedding anniversary.

  Dad died on 20 April 2019, which was Easter Saturday.

  Pope Benedict died on 31 December 2022, once again, in the Christmas season. Cardinal Pell appeared in news reports and that prompted me to have a fresh look at the evidence and see if I had missed anything.

  By pure coincidence, I found myself in the office of the Carabinieri on 10 January 2023, as a witness and survivor talking about the blackmail in Debianism and the similarities to what I observed in the wider context of institutional abuse. I handed over a dossier of approximately 90 pages. Cardinal Pell's name was mentioned somewhere on the first page. I didn't know that the Cardinal was having surgery in the same hour. He died later that evening.

  I created a further dossier, a similar size, containing emails from debian-private suggesting that some of the Debian suicides and accidental deaths may have been avoidable. That dossier was sent to the Cambridgeshire coroner on 9 September 2023, the first day of DebConf23. In the middle of the conference, Abraham Raji died in an avoidable accident. I had mentioned Cardinal Pell's name in the email to the coroner and it appears again inside the dossier.

  This year, in March 2025, I published a blog pointing out the connection between Adrian von Bidder's death and Palm Sunday. The anniversary of the death was Holy Thursday, the day that Judas betrayed Jesus at the last supper. I previously wrote a blog about that phenomena too.

  At the same time as publishing the blog about Palm Sunday, I had been preparing a new dossier about the intersection of the abuse crisis with the health system. It dealt with the cases I'm familiar with, mental health patients, the military, a priest using my name and the remarkable similarities that have emerged in modern-day cults like Debianism.

  Pope Francis is featured on the final page, along with the Swiss Guard. The name of Cardinal Pell was repeated forty seven times in this dossier. I included a couple of pictures of the late Cardinal Pell, in one of them he is holding a galero and in another he is wearing his zucchetto and staring at Shadow Man.

  

   

  The draft was handed over to an expert in the French health system on Good Friday, the day that Jesus was crucified.

  Three dossiers, three deaths.

  Like my father, I also graduated from the Jesuit school Xavier College.

  Some of the dossier is confidential so I'm only going to share the pages with the conclusion. Even that had to be redacted. Nonetheless, it is telling that I used a quote from Ian Lawther about his Fair dinkum letter to the Pope. The letter is published on the web site of the Parliament of Victoria. The letter was dated 24 April 2008 and it appears to have been sent two days later, 26 April 2008. 26 April 2025 is the funeral of Pope Francis.

  Ian Lawther's letter is a chilling indictment on the culture of many institutions, this is not only about the crisis in the Catholic Church. Reading this paragraph:

  You were not the one who had to take your son to hospital at 2.30 in the morning, because he had broken three bones in his hand, in a fit of anger and guilt, because his mind had been so poisoned, that the priest was able to convince him everything was his fault.

  I couldn't help thinking about the way people are being brainwashed in groups like Debian and GNOME. For example, look at how Dr Norbert Preining was brainwashed to write a self-deprecating public confession. Look at the discussions around GNOME this week, for example, Tobias Bernard writes nobody involved is against Codes of Conduct, in other words, victims can't see that amateur-hour Codes of Conduct are nothing more than a tool for denouncing, dividing and silencing people. When people put these amateur hour Codes of Conduct on a pedestal, the victims end up tying themselves in nots. There have been a number of unexplained suicides in the open source software ecosystem and I can't help wondering if some of those people had been shamed with Code of Conduct gaslighting. Look at the horrible message they sent to my last Outreachy intern, it took three months before she told me what they were doing to her.

  Read the final pages of the dossier that changed hands on Good Friday.

  Can we say JD Vance is off the hook?

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

  

  Fact check

  • 2023-01-10 (Cardinal Pell's surgery): receipt from Carabinieri from first dossier about working conditions
  • 2023-09-09 (DebConf23): email to Cambridgeshire coroner with dossier about avoidable deaths
  • 2025-04-18 (Good Friday): final pages of dossier about the similarities in the cultures and some known incidents

  Did the Debianists graffiti Dr Jacob Appelbaum's home when they were falsifying abuse accusations against him?

  Compare the graffiti to the signature on real abuse cases: the prohibition orders.

  When Debianists and social media addicts make stuff up, it makes it harder to believe real victims.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

   

   

  

• Fedora Community Blog Infra and RelEng Update – Week 17

  This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

  Week: 21st – 25th April 2025

  

  Infrastructure & Release Engineering

  The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
  It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
  List of planned/in-progress issues

  Fedora Infra

  • In progress:
    • FedoraQA – Testdays – OIDC setup
    • Find old docs content on proxies and remove it
    • redeploy aws proxies
    • Disable self-serve project creation on pagure.io
    • Link in staging distgit instance leads to prod auth
    • re-add datagrepper nagios checks (and add to zabbix?)
    • Fix logrotate on kojipkgs01/02
    • 2025 datacenter move (IAD2->RDU3)
    • Broken link for STG IPA CA certificate, needed for staging CentOS Koji cert
    • [CommOps] Open Data Hub on Communishift
    • retire easyfix
    • Deploy Element Server Suite operator in staging
    • Pagure returns error 500 trying to open a PR on https://src.fedoraproject.org/rpms/python-setuptools-gettext
    • Create a POC integration in Konflux for fedora-infra/webhook-to-fedora-messaging
    • maubot-meetings bot multi line paste is cut
    • setup ipa02.stg and ipa03.stg again as replicas
    • Move OpenShift apps from deploymentconfig to deployment
    • The process to update the OpenH264 repos is broken
    • httpd 2.4.61 causing issue in fedora infrastructure
    • Support allocation dedicated hosts for Testing Farm
    • EPEL minor version archive repos in MirrorManager
    • Add fedora-l10n pagure group as an admin to the fedora-l10n-docs namespace projects
    • vmhost-x86-copr01.rdu-cc.fedoraproject.org DOWN
    • Add yselkowitz to list to notify when ELN builds fail
    • Cleaning script for communishift
    • Move from iptables to firewalld
    • Port apps to OIDC
    • Help me move my discourse bots to production?
    • Replace Nagios with Zabbix in Fedora Infrastructure
    • Migration of registry.fedoraproject.org to quay.io
  • Done:
    • Fedora + EPEL Mirror Request – mirror.maeen.sa
    • Inat Box APP
    • upgrade to Fedora 42 can use wifi
    • DNS BL spam.dnsbl.anonmails.de has bastion on it’s blacklist
    • heavy load on koji Sat, 19 Apr 2025 16:12:01 +0200
    • Please add new clients + queues to RabbitMQ for osci.
    • Secrets storage: Blockerbugs stg bz api key
    • Fork failed
    • Status code: 403 for https://fedoraproject-updates-archive.fedoraproject.org
    • koji build that is in a bad signing state
    • Manage our new testing.farm domain via AWS Route53
    • Setup RISC-V builder(s) VM in Fedora Infrastructure
    • rhel9 adoption

  CentOS Infra including CentOS CI

  • In progress:
    • Release Improvements
    • Reconcile duffy DB and AWS EC2 instance
    • Write a script to cleanup Duffy DB after retiring a pool
    • Please upgrade CBS Koji to 1.35+ for kiwi plugin enhancements
    • Add proposed-updates c9s and c10s tags to hyperscale9s and hyperscale10s tags
    • Missing s390x extras/extras-common repo
    • Ensuring ansible automation in place can manage/control el10 nodes
    • [spike] : investigating ppc64le kvm host option with el9/el10 (for Power10)
    • (Cloud SIG) OKDerator CI/CD space
    • [spike] : investigating needed deps (poetry) for duffy on el9
    • Decommission ppc64le duffy nodes in CI infra/env
    • [spike] : investigating options/alternatives for the upcoming DC move
  • Done:
    • RHEL 9 builders for Image Builder images
    • Create sig-council FAS group
    • Fedora-messaging usage inventory (Fedora infra change)
    • [CI] no available machines in Duffy pool
    • Add 46.102.157.26 and 2a0d:f302:99:0:e207:1bff:fe6a:e7b1 to ACL for mirror.alwyzon.net
    • Upgrade cbs.stg koji env to el9

  Release Engineering

  • In progress:
    • Unretire gtranslator
    • F42 Post Release Cleanup
    • Fix OpenH264 tagging issues
    • Turn EPEL minor branching scripts into playbooks
    • Mass retirement of packages with uninitialized rawhide branch
    • Please send openh264-2.6.0 to Cisco
    • 300+ F42FTBFS bugzillas block the F41FTBFS tracker
    • Packages that have not been rebuilt in a while or ever
    • Send compose reports to a to-be-created separate ML
    • Could we have fedoraproject-updates-archive.fedoraproject.org for Rawhide?
    • Investigate and untag packages that failed gating but were merged in via mass rebuild
    • a few mass rebuild bumps failed to git push – script should retry or error
    • Package retirements are broken in rawhide
    • Update pungi filters
    • Implement checks on package retirements
    • Untag containers-common-0.57.1-6.fc40
    • Provide stable names for images
    • Packages that fail to build SRPM are not reported during the mass rebuild bugzillas
    • When orphaning packages, keep the original owner as co-maintainer
    • Create an ansible playbook to do the mass-branching
    • RFE: Integration of Anitya to Packager Workflow
    • Fix tokens for ftbfs_weekly_reminder. script
    • Update bootloader components assignee to “Bootloader Engineering Team”for Improved collaboration
  • Done:
    • Request for permissions to access bodhi server
    • Stalled EPEL package: a2jmidid
    • Fedora WSL images for F42 are being composed with F43 content
    • Orphan kdissert, flowcanvas
    • Remove manually created f41/f42 branches from getmail6 repository
    • Remove v4.3.0 and versionbump branches from pgcli repository
    • Unretire vim-awesome-colorschemes
    • Please rescue partially-initialized repo rpms/tlfloat from releng-bot
    • Remove the files for getmail
    • Unretire rust-arraydeque
    • Unretire rust-migrations_internals
    • Missing ostree stable ref for Kinoite 42 on aarch64
    • Stalled EPEL package: python-text-unidecode
    • Stalled EPEL package: python-grpcio-gcp
    • Stalled EPEL package: python-google-api-core
    • Unretire rust-ar
    • Stalled EPEL package: python-respx
    • Stalled EPEL package: python-graphql-core
    • Stalled EPEL package: python-parse
    • Unorphan getmail
    • Unretire rpms/drawing
    • Accidentally created a branch in `rust-tonic-types`
    • fedora-toolbox missing f42 tag, and testing still points to f38
    • .sqlite metadata missing in f41-updates and f41-updates-testing repositories
    • F42 Self-Contained Change: Fedora COSMIC spin

  List of new releases of apps maintained by I&R Team

  • Patch update of Sigul from sigul-0.100 to sigul-0.100 on 2025-04-22
  • Patch update of Fedora Messaging from 3.7.0 to 3.7.1 on 2025-04-22
  • Patch update of Sigul from sigul-0.100 to sigul-0.100 on 2025-04-21

  If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

  The post Infra and RelEng Update – Week 17 appeared first on Fedora Community Blog.

April 24, 2025

• Fedora fans آموزش آپگرید لینوکس فدورا ۴۱ به فدورا ۴۲

  

  با توجه به انتشار نسخه نهایی Linux Fedora 42 پیشنهاد می شود تا کاربرانی که از نسخه های پایین تر استفاده می کنند، سیستم خود را به آخرین نسخه ی پایدار ارتقاء دهند. به همین خاطر در این مطلب قصد داریم تا لینوکس فدورا ۴۱ را به فدورا ۴۲ آپگرید کنیم. قبل از انجام آپگرید […]

  The post آموزش آپگرید لینوکس فدورا ۴۱ به فدورا ۴۲ first appeared on طرفداران فدورا.

• Adam Young My math was wrong

  In my last article, I posted a function for calculating one partition of a larger matrix. THe function looked like this

  void partial(k, i, g, M, f){ 
          for (m=0; m < n; m++){ 
              j = m * k;
              g[i] = g[i] + M[i][j] * f[i];
          }
  }

  This is actually wrong. Lets look where I messed up. It was all the way back in the equation.

  The equation I had looked something like this (not going to use inkscape to do the math this time)

  g[i] = sum m=1..n of A[i,j]f[j]
       

  When I divided it up, I fell victim to the 1-based array that I had and simply calculated j by multiplying m*k. This is wrong. If we think of it as a base 4 number, we want k to be the 4’s column (and larger) and m to be the ones column. In function form:

  j=k*4+m
  

  However, this implies that m goes from 0 to (n-1)/4.

  Thus the partial function should look like this:

  void partial(k, i, g, M, f){ 
          for (m=0; m < n; m++){ 
              j = k * n + m;
              g[i] = g[i] + M[i][j] * f[i];
          }
  }

  With that corrected, we can try to implement it in ARM64 assembly.

• Fedora Community Blog Fedora Elections Nominations Period Now Open!

  Now that we are enjoying Fedora Linux 42, it’s time to hold an election…or four! The nominations period is now open for some seats across some of the Fedora Governance groups. Read on for more information.

  Below are the open seats in the Fedora Council, Mindshare Committee, FESCo and EPEL Steering Committee this cycle.

  Fedora Council – 2 seats

  Fedora Engineering Steering Committee (FESCo) – 4 seats

  Fedora Mindshare Committee – 4 seats

  EPEL Steering Committee – 3 seats

  The nominations period is now open and will close on May 8, as per the schedule. If you would like to nominate yourself or someone you know for one or more of these positions, please add your or their name to the nominations table on the respective nominations page. You do not need to complete an interview at this time. Please make sure you have the express permission of the person you are nominating before you submit their name.

  The elected seats on Fedora Council, FESCo and two of the elected Mindshare seats are for a two-release term (usually about 12 months, ish). The other two elected seats on Mindshare will be for a 6-month term, and the EPEL Steering Committee seats are for a two year term. For more information on these governance groups, please visit their docs pages:

  • EPEL
  • Fedora Council
  • FESCo
  • Fedora Mindshare Committee

  The post Fedora Elections Nominations Period Now Open! appeared first on Fedora Community Blog.

• Fedora Community Blog 2025 Fedora Datacenter move update

  In January this year, we let the community know that we were going to be moving datacenters ( see https://communityblog.fedoraproject.org/fedora-datacenter-move-later-this-year-2025-version/ ). Some things have changed a little, so here’s some updates on the progress of this move and some more detailed plans.

  Back in that initial post, we were targeting May to switch to the new datacenter, but due to various issues beyond our control, the current plan is now to switch to the new datacenter the week of June 16th. This is the week after DevConf.cz, and two weeks after Flock.

  We already have new hardware in the new datacenter and should be getting access to it in the coming weeks. Then, we will build out a copy of our existing infrastructure there. Anything that can be setup and prepped for the move will be. After that, in May we hope to move a few things that are somewhat isolated from the rest of our infrastructure (OpenQA, Fedora CoreOS, and possibly more).

  Then, the week of June 16th we will migrate applications and data to the new datacenter.

  Fedora Project users should not notice much during this change. Mirrorlists, mirrors, docs, and other user facing applications should continue working as always. Updates pushes may be delayed a few days while the switch happens. Our goal is to keep any end user impact to a minimum.

  For Fedora Contributors, Monday and Tuesday we plan to “move” the bulk of applications and services. Contributors should avoiding doing much on those days as services may be moving around or syncing in various ways. Starting Wednesday, we will make sure everything is switched and fix problems or issues as they are found. Thursday and Friday will continue stabilization work.

  It’s worth noting that some things are not included in this move:

  • pagure.io is not moving now (It will likely move later in the year, details on that later!), so it should be available the entire time of the switch.
  • discussion.fedoraproject.org is not affected.
  • mirrorlists and all static content like docs, fedoraproject.org download site, etc.

  The following week the newest of the old hardware in our old datacenter will be powered off and shipped to the new datacenter. This hardware will add additional capacity to some systems like openqa and builders.

  Finally after that we will rebuild our staging setup. Some of that work may be done in advance, but we will be focusing on the production setup.

  This move will get us moved to new (faster!) hardware, increase capacity in various of our systems, add ipv6 connectivity, move to power10, and leave us room to grow and add more as needed later. Thanks in advance for your patience with this move.

  The post 2025 Fedora Datacenter move update appeared first on Fedora Community Blog.

April 23, 2025

• Kiwi TCMS Kiwi TCMS 14.2

  We're happy to announce Kiwi TCMS version 14.2!

  IMPORTANT:

  This is a minor version release which includes security related updates, several improvements and new translations.

  Recommended upgrade path:

  14.1 -> 14.2
  

  You can explore everything at https://public.tenant.kiwitcms.org!

  ---

  Public container image (x86_64):

  pub.kiwitcms.eu/kiwitcms/kiwi   latest  141ce95a4323    677MB
  

  IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

  Changes since Kiwi TCMS 14.1

  Security

  • Update Django from 5.1.7 to 5.1.8 addressing a moderate severity denial-of-service vulnerability, CVE-2025-27556, which may be affecting Kiwi TCMS instances running natively on Windows

  Improvements

  • Update django-attachments from 1.11 to 1.12
  • Update django-colorfield from 0.12.0 to 0.13.0
  • Update django-extensions from 3.2.3 to 4.1
  • Update markdown from 3.7 to 3.8
  • Update psycopg from 3.2.5 to 3.2.6
  • Update tzdata from 2025.1 to 2025.2
  • Update uwsgi from 2.0.28 to 2.0.29
  • On Execution Dashboard page add Product & Components columns (Oskar Hurst, USACE)
  • Remove duplicate IDs to minimize size of SQL WHERE clause for API calls on Execution Dashboard page
  • Remove code which was generating /Kiwi/uploads/installation-id. This file was never used and is not needed

  Refactoring and testing

  • Update node_modules/webpack from 5.98.0 to 5.99.6
  • Update fedora from 41 to 42 in tests/bugzilla/Dockerfile
  • Pin the version of Locust to avoid accidental failures
  • Replace custom function with django.utils

  Translations

  • Updated Korean translation
  • Updates Ukrainian translation

  Kiwi TCMS Enterprise v14.2-mt

  • Based on Kiwi TCMS v14.2
  • Update certbot-* from 3.2.0 to 4.0.0
  • Update kiwitcms-github-app from 2.0.1 to 2.1.0
  • Update kiwitcms-tenants from 4.0.0 to 4.1.0
  • Update sentry-sdk from 2.22.0 to 2.26.1
  • Add django-storages[s3] as a dependency
  • Add psycopg-pool as a dependency
  • Add a show_version command for manage.py
  • Allow additional script-src for Content-Security-Policy header to be specified via the NGX_CSP_SCRIPT_SRC environment variable
  • Workaround missing wheel packages for xmlsec v1.3.15, see https://github.com/xmlsec/python-xmlsec/issues/344
  • Pin xmlsec to v1.3.14

  Private container images

  hub.kiwitcms.eu/kiwitcms/version            14.2 (aarch64)          77cd9ccde9f6    23 Apr 2025     692MB
  hub.kiwitcms.eu/kiwitcms/version            14.2 (x86_64)           24c27dafcd26    23 Apr 2025     677MB
  hub.kiwitcms.eu/kiwitcms/enterprise         14.2-mt (aarch64)       fd7113a910c1    23 Apr 2025     1.06GB
  hub.kiwitcms.eu/kiwitcms/enterprise         14.2-mt (x86_64)        e3f1f25186de    23 Apr 2025     1.04GB
  

  IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

  How to upgrade

  Backup first! Then follow the Upgrading instructions from our documentation.

  Happy testing!

  ---

  If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!

  • Give â­� on GitHub;
  • Give ğŸ‘� on GitLab;
  • Join our newsletter and follow all project news;
  • Become a contributor and an awesome open source hacker;
  • Become a subscriber and help us sustain development

• Charles-Antoine Couret 20 ans de Fedora-fr : troisième entretien avec Emmanuel, ancien président de Borsalinux-fr

  Introduction

  Dans le cadre des 20 ans de Fedora-fr (et du Projet Fedora en lui-même), Charles-Antoine Couret (Renault) et Nicolas Berrehouc (Nicosss) avons souhaité poser des questions à des contributeurs francophones du Projet Fedora et de Fedora-fr.

  Grâce à la diversité des profils, cela permet de voir le fonctionnement du Projet Fedora sous différents angles pour voir le projet au delà de la distribution mais aussi comment il est organisé et conçu. Notons que sur certains points, certaines remarques restent d'application pour d'autres distributions.

  N'oublions pas que le Projet Fedora reste un projet mondial et un travail d'équipe ce que ces entretiens ne permettent pas forcément de refléter. Mais la communauté francophone a de la chance d'avoir suffisamment de contributeurs de qualité pour permettre d'avoir un aperçu de beaucoup de sous projets de la distribution.

  Chaque semaine un nouvel entretien sera publié sur le forum Fedora-fr.org, linuxfr.org et mon blog ici même.

  Entretien

  Bonjour Emmanuel, peux-tu présenter brièvement ton parcours ?

  J'ai découvert Linux pendant mes études à l'EFREI, l'École FRançaise d’Électronique et d’Informatique. Ma première distribution était une Red Hat Linux 4.2 que j'ai installé sur mon PC en 1997.

  En finissant mes études, je savais que je voulais travailler avec du Logiciel Libre et j'ai commencé un travail d'administrateur système et réseaux chez un hébergeur web dont les serveurs étaient sous Red Hat Linux.

  Quand Red Hat a annoncé la fin de Red Hat Linux et le lancement de Fedora, je suis passé d'une distribution à l'autre. Quelques années plus tard, j'ai eu l'occasion de devenir packager (on devait en être à la Fedora 8) et, encore aujourd'hui, je continue à maintenir des paquets.

  Ces jours-ci, je fais partie d'une équipe de gestion d'identité dans une entreprise qui fait de l'assurance-crédit. Je gère la partie Unix (essentiellement des serveurs OpenLDAP sous Linux) alors que mes collègues gèrent la partie Active Directory.

  Peux-tu présenter brièvement tes contributions au Projet Fedora ?

  Maintenir mes paquets reste l'essentiel de mes contributions. Je gère plusieurs centaines de paquets, quasiment tous des modules Perl ou des applications écrites en Perl.

  Depuis, je fais partie du SIG Server ou j'essaie de contribuer en y apportant mon expérience dans ce domaine.

  Qu'est-ce qui fait que tu es venu sur Fedora et que tu y es resté ?

  J'utilisais déjà Red Hat Linux à la fois au boulot et chez moi donc ça a été un enchainement logique de passer sur Fedora Core 1. Je voyais d'un très bon œil de passer sur un système plus communautaire.

  Pourquoi contribuer à Fedora en particulier ?

  En prenant exemple sur FreshRPMS, un dépôt logiciel pour Red Hat Linux géré par Matthias Saou, j'avais commencé à faire des paquets des logiciels que j'utilisais qui ne se trouvaient pas dans Fedora, des modules Perl pour la plupart. L'étape suivante la plus logique était de maintenir ces paquets au sein du projet Fedora et je suis donc devenu contributeur Fedora.

  Contribues-tu à d'autres Logiciels Libres ? Si oui, lesquels et comment ?

  À un moment donné, je me suis retrouvé à maintenir une instance de Bugzilla et j'ai commencé à remonter des bogues puis soumettre des correctifs. Au bout d'un moment, les développeurs ont jugé mes contributions suffisamment importantes pour me nommer contributeur.

  De temps en temps, je reviens sur le gestionnaire de bogues du projet pour voir.

  Utilises-tu Fedora dans un contexte professionnel ? Et pourquoi ?

  Au niveau professionnel, j'utilise Red Hat Entreprise Linux et il m'arrive régulièrement d'ajouter certains de mes paquets à Fedora EPEL pour pouvoir les utiliser au boulot.

  Est-ce que tes contributions à Fedora sont un atout direct ou indirect dans ta vie professionnelle ? Si oui, de quelle façon ?

  Professionnellement, j'utilise Red Hat Entreprise Linux et mon utilisation de Fedora me permet de mieux comprendre le fonctionnement de RHEL. Il m'est déjà arrivé de mettre des paquets que je maintiens dans mon temps libre dans EPEL pour que je puisse m'en servir au boulot.

  Tu es actif au sein du SIG Perl, peux-tu expliquer le rôle de cette SIG et de ton activité dans ce groupe de travail ?

  Il y a pas mal d'interdépendances entre modules Perl et c'est utile d'avoir un canal Matrix dans lequel il y a tous les packageurs concernés pour qu'on discute ensemble lorsque quelqu'un tombe sur un problème.

  Ceci dit, le SIG Perl est relativement informel et c'est compliqué de parler d'une activité de groupe avec des rôles bien définis.

  Qu'est-ce qui t'a poussé à travailler sur les paquets de Perl ?

  Je connais relativement bien le langage, ce qui facilite le débogage et la création de correctifs.

  Tu es par ailleurs membre de l'association les Mongueurs de Perl, quel est ton rôle dans cette association ? Y a-t-il un lien ou une synergie entre le SIG Perl et cette association d'une quelconque façon ?

  Je suis le président de l'association depuis plusieurs années.

  Il m'arrive de parler de Fedora au sein des Mongueurs. En particulier, je vante le fait que Fedora contient toujours une version de Perl qui est très à jour et qu'on peut donc utiliser toutes les nouveautés du langage.

  Quand je vois que l'une des associations fait quelque chose de bien, j'incite l'autre à en faire autant. C'est pour cette raison que les Mongueurs de Perl publient maintenant un article sur chaque nouvelle version de Perl sur LinuxFR.

  Tu as été aussi président de Borsalinux-fr pendant quelques années, de 2011 à 2015, peux-tu expliquer en quoi consiste ce rôle ?

  J'étais déjà en relation avec les gens de Fedora-fr parce que j'étais président de Parinux, le LUG de Paris, et qu'il nous était arrivés de planifier des évènements ensemble. Après avoir passé la main, j'ai pu trouver le temps pour participer aux activités de Borsalinux-fr et j'ai adhéré à l'association.

  Je suis arrivé dans l'association à un moment ou les relations avec Red Hat n'étaient pas au beau fixe. Red Hat ne souhaitait pas que l'association utilise 'Fedora' dans son nom car c'est une marque déposée. En plus de ça, les personnes à la tête de l'association étaient là depuis plusieurs années et commençaient à fatiguer.

  À un moment donné, l'association s'est retrouvé sans président et, lors de l'assemblée générale suivante, je me suis proposé pour le poste. Pendant mon premier mandat, j'ai surtout fait de l'administratif (changement de nom de l'association, changement de siège social, partenariat avec Red Hat, ...). Le suivant m'a permis d'inciter les adhérents à contribuer et d'aller présenter la distribution sur des évènements inédits pour nous.

  En dehors de cela tu as également participé activement à la vie de l'association, peux-tu revenir sur quelques unes de tes activités ?

  Après avoir été président de l'association pendant 4 ans, j'ai voulu passer la main (je ne trouve pas sain qu'une même personne reste à la tête d'une organisation). Renault a accepté de prendre le poste mais on se retrouvait alors sans secrétaire. Pour combler le manque, j'ai pris le poste et je suis resté secrétaire pendant 4 ans.

  À côté de ça, je gère les goodies de l'association. De temps en temps, nous créons des goodies Fedora en plus des goodies que nous donne le Projet Fedora. Je centralise tout ça chez moi et j'envoie des goodies à chaque fois que quelqu'un représente l'association sur un évènement.

  Tu as également été président de Parinux, quels liens il y avait entre cette activité et tes contributions au sein de Fedora et de Fedora-fr ?

  En tant que président de Parinux, je gérais le village associatif de Solutions Linux. J'ai été contacté par quelqu'un (Thomas Canniot ?) qui voulait un stand pour l'association. De mémoire, les fondateurs de l'association comptaient utiliser le salon pour se rencontrer pour la première fois et signer les statuts de l'association. C'est comme ça que j'ai appris l'existence de l'association et du site web.

  Un peu plus tard, Parinux a décidé de faire des install partys spécifique à une distribution. Pour celle de Fedora, j'ai donc contacté Fedora-Fr et une bonne partie de l'association a débarqué à la Cité des Sciences pour nous aider. De mémoire, nous avons pu faire ce genre d'évènement plusieurs fois.

  Tu contribues également au dépôt externe RPMFusion, peux-tu expliquer la nature de tes contributions et ce qui t'intéresse dans ce projet ?

  Contribuer à RPMFusion, c'est beaucoup dire... J'ai pu apporter mon aide de deux manières différentes. Je n'ai plus les dates en tête donc je vais donner ça dans le désordre.

  RPMFusion avait besoin d'un paquet de Bugzilla pour CentOS. J'ai donc mis bugzilla dans EPEL et RPMFusion a pu mettre à jour sa version pour ne plus avoir a mettre à jour Bugzilla à la main.

  À un autre moment (je me souviens que c'était lors d'un FOSDEM), les admins de RPMFusion cherchaient un bugmaster, quelqu'un pour gérer leur instance de Bugzilla. Étant donné que j'avais une certaine expérience, ils m'ont proposé le poste et j'ai accepté.

  Qu'est-ce qui te motive à participer aux activités locales ? Tu nous as représenté sur de nombreux salons en France, qu'est-ce qui te plaît ou qui ne te plaît pas dans ces événements ? Lesquels apprécies-tu le plus et pourquoi ? Quels intérêts trouves-tu à y aller ?

  Ça permet de rencontrer des gens et de discuter avec eux, ce qui me fait toujours plaisir. Comme on retrouve toujours un peu les mêmes gens sur les villages associatifs, ça permet aussi de passer plusieurs jours en compagnie de gens qui me sont chers. Et, honnêtement, je ne sais pas ce que je ferais de mes jours de RTT si je ne les utilisais pas pour mes activités associatives.

  Pour ce qui est du choix des salons, j'ai un faible pour Capitole du Libre, le salon Toulousain, qui a un côté communautaire qui me plaît beaucoup.

  Si tu avais la possibilité de changer quelque chose dans la distribution Fedora ou dans sa manière de fonctionner, qu'est-ce que ce serait ?

  J'aimerais beaucoup qu'on soit plus nombreux à faire la distribution, que ça soit au niveau des SIGs, des tests, ... J'aimerais beaucoup qu'on facilite le fait de passer d'utilisateur de la distribution à contributeur.

  À l'inverse, est-ce qu'il y a quelque chose que tu souhaiterais conserver à tout prix dans la distribution ou le projet en lui même ?

  Je suis très attaché à la nature libre de la distribution.

  Que penses-tu de la communauté Fedora-fr que ce soit son évolution et sa situation actuelle ? Qu'est-ce que tu améliorerais si tu en avais la possibilité ?

  Je participe assez peu à la communauté francophone. Je dois avouer que j'aimerais un moyen de lire le forum qui puisse se faire depuis un terminal mais je doute que les efforts qu'il faudrait faire puissent se justifier.

  Tu participes peu à la communauté francophone mais tu as conservé une certaine présence au sein de l'Association Borsalinux-fr comme les relations pour les goodies avec le Projet Fedora ainsi qu'avec EVL et bien sûr ta présence sur certains évènements francophones pour nous représenter. Considères-tu tout ceci comme une symbiose entre le travail du Projet Fedora et l'Association Borsalinux-fr ?

  C'est surtout du Borsalinux-fr. En vérité, je gère les goodies essentiellement parce que je vais sur les salons (j'en ai donc besoin) et que les gens qui gèrent EVL sont des amis qui habitent eux aussi dans la région parisienne. Et soyons honnêtes, c'est loin d'être chronophage.

  Arrives-tu à détecter ou motiver des personnes à devenir des contributeurs lors de ces évènements ?

  J'essaie surtout de convaincre les gens de faire des petits pas et passer au niveau suivant. Si quelqu'un est utilisateur, je vais l'encourager à rapporter des bogues au projet. S'il le fait déjà, je vais lui proposer de tester les versions béta de la distribution... S'il participe à l'animation du stand Borsalinux-fr sur un salon, je vais lui demander s'il ne veut pas, en plus, animer un stand sur un autre salon.

  Quelque chose à ajouter ?

  Je trouve que ça fait déjà beaucoup...

  Merci pour ta contribution !

  Conclusion

  Nous espérons que cet entretien vous a permis d'en découvrir un peu plus sur le site Fedora-fr.

  Si vous avez des questions ou que vous souhaitez participer au Projet Fedora ou Fedora-fr, ou simplement l'utiliser et l'installer sur votre machine, n'hésitez pas à en discuter avec nous en commentaire ou sur le forum Fedora-fr.

  À dans 10 jours pour un entretien avec Timothée Ravier, contributeur au Projet Fedora en particulier concernant les systèmes dits immuables et l'environnement KDE Plasma.

• Peter Czanik A call for testing the upcoming syslog-ng releases

  While no dates are set to stone yet, we expect a couple of syslog-ng releases in the near future. As version 4.8.1 is used in major Linux distributions and has a couple of known bugs, we will release 4.8.2 to address those. However, we are also working on 4.9.0, which will bring many changes.

  Before you begin

  For testing, you need an up-to-date build of syslog-ng. You have many options:

  • If you have ARM64 or x86_64 systems, you can use the nightly syslog-ng container images: https://www.syslog-ng.com/community/b/blog/posts/nightly-arm64-syslog-ng-container-builds-are-now-available

  • Nightly packages for Debian / Ubuntu are available for x86_64: https://www.syslog-ng.com/community/b/blog/posts/nightly-syslog-ng-builds-for-debian-and-ubuntu

  • Weekly git snapshot builds are available for openSUSE / SLES & Fedora / RHEL & compatibles: https://www.syslog-ng.com/community/b/blog/posts/rpm-packages-from-syslog-ng-git-head/

  • https://github.com/czanik/freebsd/tree/master/syslog-ng4-devel has up-to-date FreeBSD ports. However, you have to build the syslog-ng source tgz yourself and place it under /usr/ports/distfiles.

  All these contain the very latest syslog-ng code, in preparation for 4.9.0. If you want to test what is coming to syslog-ng 4.8.2, you can do that on Fedora / RHEL & compatibles by installing syslog-ng-4.8.1.90.g63cdee6 from the abovementioned repository:

  dnf install syslog-ng-http-4.8.1.90.g63cdee6

  Just make sure that you always use this version, otherwise dnf will install the latest available syslog-ng version.

  Another option is to compile syslog-ng from source. In this case, you can download the syslog-ng source code from https://github.com/syslog-ng/syslog-ng/. The default git branch now is “develop”, containing the latest syslog-ng code and what you can expect to see in 4.9.0 as of today. If you want the source code for 4.8.2, switch to the “master” branch. Note that in the future, this branch will only contain released code, as we are in a transition period right now.

  What to test?

  Version 4.8.2 will contain two major bug fixes (and several smaller changes):

  • The 4.8.1 release brought in some incompatible changes to the format-json() template function to fix a crash. However, it broke several SCL-based drivers, which were not updated accordingly, including elasticsearch-http(). This is now fixed and debugging was also made easier. Elasticsearch, Opensearch, and others should work again.

  • The S3 destination driver had some message loss problems, which were addressed in a refactor. But along the way, we also made some major performance improvements as well. You can read more about the changes at: https://github.com/syslog-ng/syslog-ng/pull/5257

  Version 4.9.0 will contain many new features and under the hood changes. Some are not easy to test, unless you compile syslog-ng yourself, as they require using the slightly-modified bundled ivykis library (https://github.com/syslog-ng/syslog-ng/pull/5312). Most packaging in Linux distributions and in FreeBSD use the latest official ivykis release, as the use of bundled libraries is not allowed (and not recommended).

  • Formatting the output of the syslog-ng-ctl stats and syslog-ng-ctl query commands is unified. You can learn more about how to use the new --format option at https://github.com/syslog-ng/syslog-ng/pull/5248

  • Added inotify-based regular file change detection to the wildcard-file() source using the existing inotify-based directory monitor. This improves efficiency on OSes like Linux, where only polling was available before, significantly reducing CPU usage while also enhancing change detection accuracy. You can learn how to configure it at https://github.com/syslog-ng/syslog-ng/pull/5315

  What is next?

  Please provide your feedback! Obviously, we need testing and bug reports to make sure that all bugs are fixed, and no new bugs are introduced before the new release. Post these at https://github.com/syslog-ng/syslog-ng/issues However, besides bug reports, any kind of feedback is very welcome, such as knowing whether your old config works with the new release, or whether you experience any syslog-ng performance improvements. You can post these at https://github.com/syslog-ng/syslog-ng/discussions or on the mailing list.

  -

  If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

April 21, 2025

• Michael Catanzaro Safety on Matrix

  Hello Matrix users, please review the following:

  • Update from Matrix Trust & Safety team regarding attacks on the Matrix network
  • GNOME’s new Matrix safety guidelines

  Be cautious with unexpected private message invites. Do not accept private message invites from users you do not recognize. If you want to talk to somebody who has rejected your invite, contact them in a public room first.

  Fractal users: Fractal 11.rc will block media preview by default in public rooms, and can be configured to additionally block media preview in private rooms if desired.

  Matrix server administrators: please review the Matrix.org Foundation announcement Introducing Policy Servers.

April 20, 2025

• Kevin Fenzi Later April infra bits 2025

  

  Another busy week gone by, and I'm a day late with this blog post, but still trying to keep up with it. :)

  Fedora 42 out! Get it now!

  Fedora 42 was released on tuesday. The "early" milestone even. There was a last minute bug found ( see: https://discussion.fedoraproject.org/t/merely-booting-fedora-42-live-media-adds-a-fedora-entry-to-the-uefi-boot-menu/148774 ) Basically booting almost any Fedora 42 live media on a UEFI install results in it adding the "Fedora" Live media to your boot manager list. This is just booting, not installing or doing anything else. On the face of it this is really not good. We don't want live media to affect installs without installing or choosing to do so. However, in this case the added entry is pretty harmless. It will result in the live media booting again after install if you leave it attached, and if not, almost all UEFI firmware will just see that the live media isn't attached and ignore that entry.

  In the end we decided not to try and stop the release at the last minute for this, and I think it was the right call. It's not great, but it's not all that harmfull either.

  Datacenter Move news

  Networking got delayed and the new date we hope to be able to start setting things up is this coming friday. Sure hope that pans out as our window to setup everything for the move is shrinking.

  There was some more planning ongoing, but will be great to actually start digging in and getting things all setup.

  AI Scraper news

  The scrapers seem to have moved on from pagure.io. It's been basically unloaded for the last week or more. Sadly, they seem to have discovered koji now. I had to block a few endpoints on the web frontend to stop them. Unfortunately there was a short outage of the hub caused by this, and there were 2 builds that were corrupted as a result. Pretty aggravating.

  Nftables

  Worked with James to roll out our iptables->nftables switch to production. All the builders are now using nftables. Hopefully we will roll out more next week.

  Thats it for this week, catch everyone next week!

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114371722035321670

• Nazi.Compare Deja vu: Hitler's Birthday, Andreas Tille elected Debian Project Leader again

  Adolf Hitler was born on 20 April 1889 in Austria. Today would be the Fuhrer's 136th birthday.

  In 2025, just as in 2024, the Debian Project Leader (DPL) election finished on Hitler's birthday.

  In 2025, just as in 2024, the Debian Project Leader (DPL) election winner is the German, Andreas Tille.

  History repeating itself? Iti is a common theme in the world today. Let's hope not.

  We reprint the original comments about this anniversary from 2024.

  In 1939, shortly after Hitler annexed Austria, the Nazi command in Berlin had a big celebration for the 50th birthday of Adolf Hitler. It was such a big occasion that it has its own Wikipedia entry.

  One of the quotes in Wikipedia comes from British historian Ian Kershaw:

  an astonishing extravaganza of the Führer cult. The lavish outpourings of adulation and sycophancy surpassed those of any previous Führer Birthdays

  For the first time ever, the Debian Project Leader election has finished just after 2am (Germany, Central European Summer Time) on the birthday of Hitler and the winning candidate is Andreas Tille from Germany.

  Hitler's time of birth was 18:30, much later in the day.

  Tille appears to be the first German to win this position in Debian.

  We don't want to jinx Tille's first day on the job so we went to look at how each of the candidates voted in the 2021 lynching of Dr Richard Stallman.

  This blog previously explored the question of whether Dr Stallman, who is an atheist, would be subject to anti-semitism during the Holocaust years because of his Jewish ancestry. We concluded that RMS would have definitely been on Hitler's list of targets.

  Here we trim the voting tally sheet to show how Andreas Tille and Sruthi Chandran voted on the question of lynching Dr Stallman:

         Tally Sheet for the votes cast. 
   
     The format is:
         "V: vote 	Login	Name"
   The vote block represents the ranking given to each of the 
   candidates by the voter. 
   -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  
       Option 1--------->: Call for the FSF board removal, as in rms-open-letter.github.io
     /  Option 2-------->: Call for Stallman's resignation from all FSF bodies
     |/  Option 3------->: Discourage collaboration with the FSF while Stallman is in a leading position
     ||/  Option 4------>: Call on the FSF to further its governance processes
     |||/  Option 5----->: Support Stallman's reinstatement, as in rms-support-letter.github.io
     ||||/  Option 6---->: Denounce the witch-hunt against RMS and the FSF
     |||||/  Option 7--->: Debian will not issue a public statement on this issue
     ||||||/  Option 8-->: Further Discussion
     |||||||/
  V: 88888817	          tille	Andreas Tille
  V: 21338885	           srud	Sruthi Chandran
  

  We can see that Tille voted for option 7: he did not want Debian's name used in the attacks on Dr Stallman. However, he did not want Debian to denounce the witch hunt either. This is scary. A lot of Germans were willing to stand back and do nothing while Dr Stallman's Jewish ancestors were being dragged off to concentration camps.

  The only thing necessary for the triumph of evil is that good men do nothing.

  On the other hand, Sruthi Chandran appears to be far closer to the anti-semitic spirit. She put her first and second vote preferences next to the options that involved defaming and banishing Dr Stallman.

  Will the new DPL be willing to stop the current vendettas against a volunteer and his family? Or will Tille continue using resources for stalking a volunteer in the same way that Nazis stalked the Jews?

  Adolf Hitler famously died by suicide, a lot like the founder of Debian, Ian Murdock, who was born in Konstanz, Germany.

  Will Tille address the questions of the Debian suicide cluster or will he waste more money on legal fees to try and cover it up?

April 18, 2025

• Fedora Community Blog Infra and RelEng Update – Week 16 2025

  This is a weekly report from the I&R (Infrastructure & Release Engineering) Team. We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

  Week: 14 Apr – 18 Apr 2025

  

  Infrastructure & Release Engineering

  The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
  It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
  List of planned/in-progress issues

  Fedora Infra

  • In progress:
    • FedoraQA – Testdays – OIDC setup
    • Create COPR group
    • Find old docs content on proxies and remove it
    • redeploy aws proxies
    • Disable self-serve project creation on pagure.io
    • Link in staging distgit instance leads to prod auth
    • re-add datagrepper nagios checks (and add to zabbix?)
    • Fix logrotate on kojipkgs01/02
    • 2025 datacenter move (IAD2->RDU3)
    • Broken link for STG IPA CA certificate, needed for staging CentOS Koji cert
    • [CommOps] Open Data Hub on Communishift
    • retire easyfix
    • Deploy Element Server Suite operator in staging
    • Pagure returns error 500 trying to open a PR on https://src.fedoraproject.org/rpms/python-setuptools-gettext
    • Create a POC integration in Konflux for fedora-infra/webhook-to-fedora-messaging
    • maubot-meetings bot multi line paste is cut
    • setup ipa02.stg and ipa03.stg again as replicas
    • Manage our new testing.farm domain via AWS Route53
    • Move OpenShift apps from deploymentconfig to deployment
    • The process to update the OpenH264 repos is broken
    • httpd 2.4.61 causing issue in fedora infrastructure
    • Support allocation dedicated hosts for Testing Farm
    • EPEL minor version archive repos in MirrorManager
    • Add fedora-l10n pagure group as an admin to the fedora-l10n-docs namespace projects
    • vmhost-x86-copr01.rdu-cc.fedoraproject.org DOWN
    • Add yselkowitz to list to notify when ELN builds fail
    • Cleaning script for communishift
    • Setup RISC-V builder(s) VM in Fedora Infrastructure
    • Move from iptables to firewalld
    • Port apps to OIDC
    • Help me move my discourse bots to production?
    • rhel9 adoption
    • Replace Nagios with Zabbix in Fedora Infrastructure
    • Migration of registry.fedoraproject.org to quay.io
  • Done:
    • COPR not running building when Webhook in GitLab or GitHub is triggered by push events
    • RFE: improvement to blockerbugs app
    • [freeze break request] Reinstallation of AWS Proxies
    • https://src.fedoraproject.org/user/salimma gives “Gateway Timeout”
    • Koji builds are failing because of autospec
    • Still with OpenID
    • Add StartInstanceRefresh permission for fedora-ci-testing-farm user in AWS
    • Add support for creating RDS instances under testing-farm- prefix

  CentOS Infra including CentOS CI

  • In progress:
    • Release Improvements
    • Upgrade cbs.stg koji env to el9
    • Add proposed-updates c9s and c10s tags to hyperscale9s and hyperscale10s tags
    • Missing s390x extras/extras-common repo
    • Ensuring ansible automation in place can manage/control el10 nodes
    • [spike] : investigating ppc64le kvm host option with el9/el10 (for Power10)
    • (Cloud SIG) OKDerator CI/CD space
    • [spike] : investigating needed deps (poetry) for duffy on el9
    • [spike] : investigating options/alternatives for the upcoming DC move
  • Done:
    • ppc64le needs more memory per CPU for CS Koji builds
    • Document – impact of datacentre move on Testing Jenkins
    • Add kiwi to CentOS Stream Koji
    • Replace some Infrastructure servers (out of warranty)
    • Access to mail server for cloud-softwarefactory application mails
    • mirror request : mirror.navercorp.com
    • Decommission old https://koji.mbox.centos.org/koji/ instance
    • Retire Public CI SIG
    • Onboarding new infra SIG member
    • Migrate main backup storage pool to different hardware

  Release Engineering

  • In progress:
    • Fix OpenH264 tagging issues
    • Unretire rpms/drawing
    • Turn EPEL minor branching scripts into playbooks
    • Accidentally created a branch in rust-tonic-types
    • Mass retirement of packages with uninitialized rawhide branch
    • Please send openh264-2.6.0 to Cisco
    • 300+ F42FTBFS bugzillas block the F41FTBFS tracker
    • Packages that have not been rebuilt in a while or ever
    • Send compose reports to a to-be-created separate ML
    • .sqlite metadata missing in f41-updates and f41-updates-testing repositories
    • Could we have fedoraproject-updates-archive.fedoraproject.org for Rawhide?
    • Investigate and untag packages that failed gating but were merged in via mass rebuild
    • a few mass rebuild bumps failed to git push – script should retry or error
    • Package retirements are broken in rawhide
    • Update pungi filters
    • Implement checks on package retirements
    • Untag containers-common-0.57.1-6.fc40
    • Provide stable names for images
    • Packages that fail to build SRPM are not reported during the mass rebuild bugzillas
    • When orphaning packages, keep the original owner as co-maintainer
    • Create an ansible playbook to do the mass-branching
    • RFE: Integration of Anitya to Packager Workflow
    • Fix tokens for ftbfs_weekly_reminder. script
    • Update bootloader components assignee to “Bootloader Engineering Team”for Improved collaboration
  • Done:
    • KDE & Cosmic-Atomic variants are missing from the release
    • kdsingleapplication package missing in EPEL component lists?
    • Errors during downloading metadata for repository ‘epel’:
    • Create Fedora 42 Final candidates
    • inconsistent package list on epel10.1-openh264 tag
    • Adjust torrent SOP/process to use correct checksum for KDE edition
    • F42 stable push requests

  If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on matrix.

  The post Infra and RelEng Update – Week 16 2025 appeared first on Fedora Community Blog.

April 17, 2025

• Fedora Community Blog Fedora Ops Architect Report

  Hello friends, I hope you are enjoying the latest release of Fedora Linux – 42, the answer to life, the universe and everything! Before I log off for a long weekend, I wanted to give a quick report on all the happenings around the Fedora Project in the last few weeks. Read on!

  Fedora Linux 42 is Released!

  If you have not already heard, we released F42 on Tuesday, April 16. Read about our latest release, plus a special note from the Fedora Project Leader, Matthew Miller in the release article. You can get your new version directly from our webpage, or by upgrading from an existing version. There is lots of great features and updates in our latest release, and for specific newness, check out some of the specialized articles on Fedora Magazine:

  • Fedora Workstation
  • Fedora KDE Plasma Desktop
  • Fedora Atomic Desktops
  • Fedora Asahi Remix

  A huge thank you to everyone who contributed to this release!

  Fedora Linux 43 Development

  Fedora Linux 43

  When one release is a GO, another is in development F43 is well underway with some changes proposed, and some accepted already. Below are the changes currently up for discussion in our community:

  • Announced Change Proposals
    • CMake drop install vars
    • CMake ninja default
    • CMake4.0
    • ConfidentialVirtHostIntelTDX
    • CoreOSStopPublishingOSTree
    • FlatpaksNoPpc64le
    • Use COLR for Noto Color Emoji

  Our Change Set page has a list of the currently accepted changes, and below are a list of some key date from the F43 schedule:

  • June 26 – Changes requiring infrastructure changes
  • July 1 – Changes requiring mass rebuild
  • July 1 – System Wide changes
  • July 22 – Self Contained changes
  • July 23 – Mass rebuild
  • August 12 – Changes need to be Testable
  • August 12 – Branching
  • August 26 – Changes need to be Complete

  Our Fedora Linux 44 schedule is now live also for all you very early planners, and F45 & F46 schedules will be available by the end of this month.

  Hot Topics

  Flock to Fedora

  Flock to Fedora is just under 7 weeks, or 180-odd sleeps away! This year Flock is being held from June 5 – 8 at Vienna House by Wyndham Andel’s Prague. You can register for your ticket now through Eventbrite, and also avail of a self-paid add on ticket for our organized social activity day on June 9. More details about the social day will be released soon once details have been finalized. Our schedule is now live too, with some changes expected to be made over the next few weeks as we confirm our speakers and content. The link to the schedule will be updated soon. If you are looking for a place to stay close to the event hotel, other hotels within walking distance that may be of interest are the Ibis Praha Mala Strana, Orea Hotel Angelo Praha or the NH Prague City. Currently our room block at the event hotel is full. Speakers were given the booking link for priority bookings. Should any more rooms become available to book on the room block, we will update you all with a booking link. We also have a pretty active matrix room, #flock-to-fedora, where most of the news is announced in real time, so come join the conversation there too!

  Elections

  The Mindshare Committee has undergone a little revamp lately. You can read the updated scope of the committee in their docs page, and keep an eye out on more communication about this from our FCA, Justin Wheeler in the next few days ahead of the elections cycle for more context on the changes. An important thing to take note of is that there is a change to the seat structure of the committee, and are four seats opening for nominations in the F42 elections from April 24. If you would like to be part of this reformation, or know someone who would be a great fit, please nominate yourself or that person (with their express permission) when the nominations period opens.

  Speaking of elections, there is also seats opening in Fedora Council (x2), FESCo (x4) and the EPEL Steering Committee (x3). Nominations for these seats will also open on April 24.

  Other Important News

  We have RISc-V images for Fedora! Check out this post by Kashyap Chamarthy for more details of the work.

  Will you be at Flock? Would you like to take part in a Mentor/Mentee lunch? If so, please engage with Akashdeep Dhar on his recent post about organizing this great event during Flock to Fedora.

  If you haven’t already heard, we are getting a new FPL! Read about Jef Spaleta, our incoming Fedora Project Leader in this post.

  Final call for our F42 Release Party Feedback Poll! Please have your say about what kind of event you would like us to have to celebrate the release of Fedora Linux 42 by voting in this poll. It closes April 18, and please be aware that the dates specified are likely to change based on speaker availability, but we will try keep it as close to Towel day as possible

  As always, help is wanted and appreciated to find owners for orphaned packages. Take a read of this report by gotmax23 and if you can, take a package (or few!).

  That’s all for now folks. I wish you a lovely weekend and see you all around the project soon!

  The post Fedora Ops Architect Report appeared first on Fedora Community Blog.

• Adam Young Decomposing Vector X Matrix

  If we want to distribute the mathematical processing of a matrix multiplication we need an algorithm that can be split and performed in parallel. Looking at the algorithm I alluded to in the last article, I think I can see how to do that. Here’s my thinking.

  To multiple a Matrix M with a Vector f use the top equation.

  The second equation is for a single element in the solution vector g.

  The third equation is a rewrite of the second equation broken into two stages. I have explicitly made these sub-functions of size 4, although the approach should be generalizable.

  

  in code

  int DIM = 4;

  for (int i = 0; i < DIM; i++){
      g[i] = 0;
      for int (j = 0; j < DIM; j++){
          g[i] = g[i] + M[i][j] * f[i];
      }
  }
  What should be clear is that the body of the outer loop could be executed in parallel.  However, that still has us working on a complete vectors worth of math at a time, and we are going to want to chunk up that vector.
  Lets use n as to mean the number of elements in the vector, which is also the number of elements in one dimension of the matrix.

  int DIM = 4;
  
  int n = 2;
  
  for (int i = 0; i < DIM; i++){
      g[i] = 0;
  
      for int (k = 0; k < DIM/n; k++){
          for (m=0; m < n; m++){ 
              j = m * k;
              g[i] = g[i] + M[i][j] * f[i];
          }
      }
  }
  
  

  It should be fairly clear that these are performing the same operations. What is different is the mechanism by which the loop counters are incremented.

  Lets step through it. I am going to use a 2X2 matrix to start

  g[1] = bh + gh

  M = [ [a,b][c,d]]    f= [g,h]
  
  DIM = 2
  
  n = 1
  
  i = 0;
  
  g[i] = 0
  
  j =0
  
  // g[i] = 0 + M[i,j] * f[i]   
  
  //       = 0 + M [0,0] = f[0]
  
  g[0] = ag
  
  i=0, j=1
  
  g[0] = ag + bg
  
  i=1
  
  g[1] = 0
  
  i=1; j =0 
  
  g[1] = 0 + bh
  
  i=1; j =1

  Thus our final vector = [[ag + bg, bh + gh]]

  It should be fairly clear that the only difference between the algorithms should be the increment of the k and m variables and their summation into j.

  what we then want to do is to be able to call a function that executes just the innermost loop:

  void partial(k, i, g, M, f){ 
          for (m=0; m < n; m++){ 
              j = m * k;
              g[i] = g[i] + M[i][j] * f[i];
          }
  }

  Or a comparable function that calculates the same values. More on this in an future article.

• Cockpit Project Cockpit 337

  Cockpit is the modern Linux admin interface. We release regularly.

  Here are the release notes from Cockpit 337, cockpit-podman 104, cockpit-files 19, cockpit-machines 330, and cockpit-ostree 208:

  A fresh new style, upgraded to PatternFly 6

  Cockpit features a refreshed style, thanks to the latest major version of PatternFly. This update replaces the previous “industrial” look with a more modern “airy” design, featuring even more rounded corners, fewer borders, and improved visual consistency. This release also includes numerous UI-related bug fixes.

  The visual changes apply to the core Cockpit interface and all official plugins (including cockpit-files, cockpit-machines, cockpit-podman, and cockpit-ostree). We have tested the new look in both light and dark styles, verified accessibility, and confirmed compatibility with right-to-left (RTL) languages. We are happy with the state of the migration and are ready to share it with everyone.

  If you do encounter any issue, please file a bug report to let us know!

  For plugin developers: We wrote a guide for upgrading to PatternFly 6.

  

  Software updates: Support dnf needs-restarting

  On CentOS Stream and Red Hat Enterprise Linux 10, the Software Updates page uses dnf needs-restarting to check if updates only need service restarts or require a full reboot. This replaces the tracer tool previously used in version 9.

  Podman: Link service containers to service pages

  Containers managed by systemd link to the Services page, where these containers can be stopped or restarted.

  

  Podman: Connect to other accounts with containers

  Administrators sometimes run services as unprivileged containers on other system user accounts, for isolation purposes. These system users typically don’t have a password and thus one cannot log into Cockpit as a system user.

  When starting, Cockpit Podman scans the system for other accounts with running containers and provides a means to connect to Podman services on other accounts.

  Note that you can only connect to one account at a time, to avoid breaking isolation.

  

  Files: Symbolic link creation

  Create symbolic links (symlinks) for files and directories by right-clicking and selecting the Create link menu entry. Both relative and absolute path symlinks are supported.

  

  Try it out

  Cockpit 337, cockpit-podman 104, cockpit-files 19, cockpit-machines 330, and cockpit-ostree 208 are available now:

  • For your Linux system

  • Cockpit Client

  • Cockpit Source Tarball
  • Cockpit Fedora 42
  • Cockpit Fedora 41
  • cockpit-podman Source Tarball
  • cockpit-podman Fedora 42
  • cockpit-podman Fedora 41
  • cockpit-files Source Tarball
  • cockpit-files Fedora 42
  • cockpit-files Fedora 41
  • cockpit-machines Source Tarball
  • cockpit-machines Fedora 42
  • cockpit-machines Fedora 41
  • cockpit-ostree Source Tarball
  • cockpit-ostree Fedora 42
  • cockpit-ostree Fedora 41

April 16, 2025

• Rajeesh K Nambiar Results of RIT-KaChaTaThaPa-Sayahna open font competition 2025

  In first of a kind movement to develop free and open source fonts for traditional Malayalam scripts, the Rachana Institute of Technology, KaChaTaThaPa Foundation and Sayahna Foundation had previously announced font design competition in May 2024.

  Many participants registered from all over India and shared their initial design of a few selected characters. Ten submissions were shortlisted, and the selected participants were invited for a two-day in person workshop conducted at River Valley campus, Trivandrum. The workshop was lead by the jury members — Dr. KH Hussain who designed notably Rachana and Meera fonts (among many other); eminent calligrapher and designer of Sundar, Ezhuthu, Karuna & Chingam fonts, Narayana Bhattathiri; type designer and multi-scripts expert Vaishnavi Murthy; and yours truly. High quality sessions & feedback from the speakers and lively interactive sessions enlightened both experienced and non-technical designers about the intricacies of typeface design.

  

  Refinement

  To manage the glyph submissions for collaborative font projects, a friend of mine and I built a web service. The designers just need to create each character in SVG format and upload into their font project. This helped to abstract away from the designers all the technical complexities, such as assigning correct Unicode codepoint, correct naming convention, OpenType layout & shaping etc.

  There was mid-term evaluation of the completed glyph set in October 2024; and a couple of online sessions where the jury pointed out necessary corrections and improvements required for each font.

  The final submissions were done near the end of December 2024; and further refinements ensued. All the participants were very receptive to the constructive feedback and enthusiastic to improve the fonts. The technical work for final font production was handled by your humble correspondent.

  Results

  In March 2024, the jury made a final evaluation and adjudged the winners of the competition. All the six fonts completed are published as open source, and they can be downloaded from Rachana website. See the report for the winning entries, font specimens & posters, prize money, and all other details.

  RIT Thaara (താര), calligraphic style, named after Sabdatharavali.

  

  RIT Lekha (ലേഖ), body text font.

  

  RIT Lasya (ലാസ്യ). The Latin glyphs were drawn independently based on Akaya Kannada font, as suggested by a jury member.

  

  RIT Ala (അല).

  

  RIT Keram Bold (കേരം).

  

  RIT Indira Bold (ഇന്ദിര).

  

  I am very happy to have the chance to collaborate over the course of a year with designers from various backgrounds to develop beautiful traditional Malayalam orthography fonts and make them all available under free license. I would like to thank the jury members who did exemplary work in evaluating the designs and providing constructive feedback & guidance multiple times that helped to refine the fonts; CVR for the work to create web pages on Rachana website; and the three Foundations for the initiative and funding to make this all possible. Full disclosure: all the jury members worked in volunteer capacity.

  Next competition

  RIT-KaChaTaThaPa-Sayahna foundations have already announced plans for next open font design competition! This time the focus is on body text fonts.

  • Competition details in English (or https://rachana.org.in/fcomp-2026-ann.html)
  • Competition details in Malayalam
  • Register here.

• Charles-Antoine Couret Sortie de Fedora Linux 42, la réponse à la grande question sur le Libre, Linux et tout le reste ?

  En ce mardi 15 avril, les utilisateurs du Projet Fedora seront ravis d'apprendre la disponibilité de la version Fedora Linux 42.

  Fedora Linux est une distribution communautaire développée par le projet Fedora et sponsorisée par Red Hat, qui lui fournit des développeurs ainsi que des moyens financiers et logistiques. Fedora Linux peut être vue comme une sorte de vitrine technologique pour le monde du logiciel libre, c’est pourquoi elle est prompte à inclure des nouveautés.

  

  Expérience utilisateur

  L'environnement de bureau GNOME est proposé dans sa version 48. Cette version apporte comme toujours son petit lot de nouveautés. Tout d'abord les notifications sont regroupées par application par défaut ce qui permet d'éviter de rapidement saturer la liste dans le menu idoine. Il reste possible de les déplier manuellement si on souhaite voir le détail pour une application en particulier.

  Au sein de l'interface, une nouvelle police fait son apparition par défaut. Dénommée Adwaita, elle remplace l'illustre Cantarell qui remplissait ce rôle jusqu'alors. Elle est basée sur la police Inter qui permet une prise en charge plus complète des langues, une meilleure lisibilité sur les écrans à haute densité de pixels tout en étant accessible et lisible dont pour le terminal. En parlant d'affichage, la prise en charge de la technologie HDR a été introduite pour permette une meilleure qualité d'affichage avec les appareils compatibles.

  De manière globale, il est possible de changer les raccourcis clavier de l'interface et le placement des nouvelles fenêtres par défaut est centré.

  Comme de nombreux systèmes, GNOME propose des paramètres liés au bien-être. Il permet de rapporter le temps d'écran jour par jour au cours d'une semaine. Par ailleurs on peut lui demander de nous notifier régulièrement de faire une pause visuelle en regardant ailleurs ou en faisant quelques mouvements pendant quelques secondes. Il est également possible de définir une limite d'écran qui transforme l'interface en noir et blanc quand le temps limite est atteint. Au sein des options, pour ceux avec un matériel compatible, il est possible de configurer un pourcentage de charge maximale pour la batterie afin de la préserver dans le temps.

  Au niveau applicatif, un nouveau lecteur audio très minimaliste fait son apparition : Decibels. Destiné à remplacer le lecteur vidéo Totem pour jouer un morceau individuel depuis le navigateur de fichiers. Côté visionneur d'images, ce dernier bénéficie d'améliorations pour proposer une édition légère des images affichées. La rotation, le changement de ratio ou le découpage de l'image ce qui permet de faire ces opérations simples et courantes sans utiliser un logiciel d'édition complet qui est beaucoup plus lourd. Ensuite il propose un bouton pour revenir au niveau de zoom d'origine à la demande. Enfin, les images au format RAW peuvent être affichées. Concernant le calendrier, il est possible de renseigner le fuseau horaire pour le début ou la fin d'une activité afin de simplifier l'organisation notamment de réunions internationales. Les performances de l'application sont également améliorées.

  Sous le capot, un effort a été fait pour améliorer les performances de l'interface et du système. Par exemple le moteur JavaScript de GNOME consomme moins de mémoire et de processeur. En utilisant ffmpeg au lieu de gstreamer, l'indexation des gros fichiers et des métadonnées multimédia est aussi plus rapide et moins gourmand en mémoire. Les utilisateurs connectant leur écran à une carte graphique dédiée verront aussi leurs performances et la stabilité s'améliorer tandis que redimensionner ou créer de nouvelles fenêtres sera plus rapide.

  L'environnement de bureau Xfce bénéficie de la version 4.20. Si cette version introduit un support expérimental du protocole d'affichage Wayland, il n'est pas encore fonctionnel et des améliorations futures devront encore être fournies à ce sujet. Mais concernant l'affichage, la prise en charge des écrans à haute résolution a été améliorée ce qui devrait réduire les flous dans l'interface ou de certaines icônes pour de tels écrans.

  Dans le navigateur de fichiers Thunar, les points de montage adoptent une icône spécifique alors que les montages distants IPv6 sont désormais possibles. La barre d'outils s'enrichie avec un menu hamburger quand la barre de menu est masquée. Il permet aussi d'ouvrir facilement un nouvel onglet ou de changer la vue d'affichage du dossier en cours. Pour gagner de la place en hauteur, la décoration côté client est prise en charge ce qui permet de mettre le menu au même niveau que les touches d'actions pour réduire ou fermer la fenêtre. Des améliorations de performances sont également fournies notamment pour le transfert des fichiers ou pour afficher des dossiers avec de nombreux fichiers.

  De manière globale il est possible de définir un mode d'énergie ou de performance du système dans les propriétés d'alimentation pour choisir l'équilibre souhaité entre la consommation d'énergie et les performances du systèmes. Il y a également l'apparition des profils d'affichage particulièrement utiles quand il y a plusieurs systèmes de multi-écrans à gérer pour passer d'un mode à l'autre en fonction de ses déplacements.

  De nombreuses pages de paramètres ont été remaniées pour être plus simples et plus claires.

  L'environnement de bureau LXQt passe à la version 2.1. C'est la première version à fournir une compatibilité complète avec le protocole d'affichage Wayland qui devrait être activé par défaut dans Fedora. En dehors de cela cette version ne fournie que des changements et correctifs assez mineurs.

  

  Le logiciel d'installation Anaconda en profite pour également être une interface web par défaut pour Fedora Workstation. L'objectif est d'utiliser les technologies React et Cockpit pour définir cette nouvelle interface qui a été entièrement redessinée. Elle abandonne sa vieille approche de choisir les éléments à configurer dans l'ordre de son choix par l'usage d'un assistant de configuration linéaire. Donc après la configuration de la langue qui est basée par défaut sur celle de l'image en cours d'exécution, le choix de la date est ensuite suivie de l'étape de partitionnement qui a également été entièrement refaite avant de procéder à l'installation proprement dite. L'approche linéaire a été jugée plus simple d'utilisation et à maintenir même si cela ne permet pas de sauter des étapes si nécessaire, mais étant donné leur nombre réduit cela n'est pas considéré comme une grande perte.

  L'aide a été remaniée dans l'application pour être affichée de côté et qui peut être plus facilement maintenue et traduite à côté du code de l'application.

  Concernant le partitionnement, auparavant trois méthodes étaient disponibles :

  • Entièrement automatique ;
  • Personnalisé : approche dite top-down en définissant les points de montages avant de définir les détails concernant les partitions et les volumes ;
  • Basé sur l'outil blivet : approche dite bottom-up où on définit les partitions et volumes avant d'y associer les points de montage.

  Cela était complexe pour l'utilisateur et difficile à maintenir même si ça avait l'avantage d'être très flexible. L'objectif est maintenant d'offrir une approche plus guidée avec plusieurs choix plus clairs :

  • Réinstaller entièrement sur les disques ;
  • Installer uniquement dans l'espace libre disponible sur les disques ;
  • Réinstaller sur un Fedora Linux existant ;
  • Utiliser un partitionnement déjà existant ce qui permet à priori de configurer cela avec un autre outil au préalable ;
  • Supprimer manuellement des partitions pour utiliser l'espace résiduel.

  Le tout repose sur l'utilisation de la technologie Cockpit Storage ce qui simplifie la maintenance et permet d'avoir une apparence similaire avec le reste d'Anaconda. Dans le futur une installation distante par HTTPS devrait être possible grâce à cela.

  Pour les autres éditions, Anaconda devient une application Wayland native. Ce changement est utile pour supprimer les dépendances liées à X11 pour les environnements de bureaux qui peuvent s'en passer ce qui réduit la taille de l'image. Par ailleurs cela permet aussi de migrer pour les installations à distance du protocole réseau VNC à RDP qui est plus performant et sécurisé. Cela a été rendu possible par l'usage progressif de systemd-localed par les différents environnements ce qui permettait une meilleure prise en charge de la configuration du clavier dans ce contexte, faute de définition suffisament commune dans le protocole Wayland encore. Autrement le changement de clavier depuis Anaconda ne se reflétait pas sur le bureau et cela pouvait mener à des soucis comme la difficulté de déverrouillage de la machine après installation car la disposition clavier n'est plus celle utilisée lors de l'installation...

  L'édition KDE Plasma devient une édition à part entière, étant mise au même niveau que Fedora Workstation avec l'environnement GNOME. Cela récompense les efforts de longue haleine pour améliorer la qualité de l'intégration de KDE dans Fedora Linux. KDE était cependant déjà un environnement considéré comme assez important pour que son bon fonctionnement conditionne le report ou non d'une sortie de Fedora Linux, donc ce changement de statut n'aura pas d'impact de ce côté là. Elle sera maintenant proposée sur le site principal et mieux mise en avant.

  L'écran de chargement lors du démarrage plymouth utilise simpledrm par défaut pour réduire l'attente qu'une carte graphique soit disponible. Les cartes graphiques sont des composants complexes qui peuvent nécessiter du temps pour s'initialiser. Auparavant, plymouth pouvait attendre jusqu'à 8 secondes avant de basculer dans un affichage par défaut assez disgracieux. Cependant grâce à l'UEFI qui fourni un framebuffer, il est possible d'avoir un affichage plus sympa et plus tôt par l'usage de simpledrm qui peut être exploité à cette fin. Cela n'a pas été fait plus tôt car notamment simpledrm ne fournissait pas d'information concernant la rotation de l'écran et la taille physique de l'affichage.

  Cependant, dans certains cas l'affichage pourrait être plus moche par l'usage d'une résolution plus faible que ce qui est possible car l'heuristique pour définir si l'affichage est à haute définition de pixels peut se tromper. Il reste toujours possible de désactiver ce changement via la commande

  sudo grubby --update-kernel=ALL --args="plymouth.use-simpledrm=0"
  

  Si vous souhaitez changer le facteur d'agrandissement, si vous avez un écran à haute définition de pixels par exemple, vous pouvez utiliser la commande

  sudo grubby --update-kernel=ALL --args="plymouth.force-scale=1"
  

  et changer éventuellement la valeur 1 par 2 selon votre cas.

  L'environnement de bureau COSMIC bénéficie de sa propre édition Spin. Cet environnement est développé en Rust par l'entreprise System76 qui édite Pop! OS. Les progrès récents justifient selon le projet d'avoir sa propre variante, d'autant que Fedora Linux semblait être déjà une distribution recommandée pour tester cet environnement. Cependant COSMIC n'a pas le statut pour bloquer une sortie de Fedora Linux s'il s'avère trop instable.

  Activation de la mise à jour automatique par défaut pour la version atomique de KDE Plasma nommée Kinoite. Ces mises à jour concernent la partie de base du système reposant sur rpm-ostree. Ces mises à jour fonctionnent en arrière plan à intervalle régulier pour être instantanément appliquées lors du prochain redémarrage.

  Il est possible de désactiver la fonctionnalité en remplaçant la valeur du paramètre UseUnattendedUpdates à false dans le fichier /etc/xdg/PlasmaDiscoverUpdates.

  

  Gestion du matériel

  Amélioration de la prise en charge des webcams basées sur le protocole MIPI au lieu de USB dans les ordinateurs portables x86. Le travail entamé avec Fedora Linux 41 doit se poursuivre car ce protocole moins générique nécessite beaucoup d'adaptations spécifiques par modèle d'ordinateur portable sur le marché. Quelques nouveaux modèles doivent être pris en charge même si la route reste encore longue mais la voie est libre !

  L'Intel Compute Runtime, qui prend en charge notamment le fonctionnement de l'API OpenCL pour les processeurs Intel, a été mise à jour vers la version 24.39 qui signifie également une non prise en charge des processeurs d'avant 2020 (à partir de la 12e génération). Ce changement n'a pas d'impact sur l'Intel Media Driver qui permet l'accélération matérielle pour la lecture ou l'encodage de vidéo.

  Fedora restait sur l'ancienne version pour maintenir la compatibilité avec les vieux processeurs, jusqu'à l'architecture Broadwell sortie en 2015. Cependant avec l'évolution du noyau et de la couche graphique cela devenait un problème à maintenir et de l'autre côté Fedora n'était pas en mesure de fournir la compatibilité pour du matériel plus récent et les derniers correctifs qui améliorent notamment les performances.

  Introduction de la pile Intel SGX pour permettre son utilisation dans le futur pour améliorer l'isolation et la protection mémoire en particulier pour les machines virtuelles. Cette protection se fait notamment en chiffrant la mémoire ce qui la rend inaccessible aux autres applications, au noyau et aux différents firmwares de la machine. Les bibliothèques et en-têtes nécessaires pour ces opérations sont fournies dans le répertoire /usr/x86_64-intel-sgx. Aucune application n'est fournie avec de telles possibilités aujourd'hui, uniquement le nécessaire pour créer des applications pouvant en tirer profit.

  Intégration du projet FEX dans les dépôts pour permettre l'exécution des programmes x86 / x86_64 depuis les architectures AArch64. Contrairement à QEMU, il n'émule pas un système complet ce qui est plus performant pour émuler simplement une application non compatible avec cette architecture. Cela peut être nécessaire car de nombreuses applications non fournies par Fedora sont compilées nativement pour l'architecture x86_64 mais pas pour AArch64 alors que l'inverse est moins vrai.

  Pour permettre son fonctionnement sur les Mac avec des processeurs Apple, qui ont une taille de page de 16k au lieu de 4k pour les autres machines, le composant muvm est également fourni avec pour permettre une telle compatibilité.

  FEX est par ailleurs fourni par défaut dans la variante KDE Aarch64 du système.

  L'installateur Anaconda utilise la norme GPT par défaut pour la table de partitionnement pour les architectures PPC64LE et s390x, l'architecture x86_64 et Aarch64 ayant déjà sauté le pas avec Fedora Linux 37. L'objectif est de réduire les différences entre les architectures sur ce point ce qui simplifie les tests et la maintenance de l'ensemble.

  Les versions atomiques n'auront plus d'images compatibles avec l'architecture PPC64LE. D'après les statistiques, aucun utilisateur n'a utilisé de tels systèmes sur cette architecture. Cette suppression permet d'allouer plus de ressources matérielles et humaines pour générer et tester les images destinées pour les autres architectures où les utilisateurs sont plus nombreux de fait. Cela ne concerne pas les images de Fedora basées sur les paquets RPM qui restent disponibles pour cette architecture.

  Le paquet du logiciel Zezere qui sert à automatiser l'installation et la configurations de systèmes IoT a été retiré des dépôts. L'objectif est de remplacer ce composant par systemd-firstboot car Zezere ne fonctionnait pas bien notamment sur les réseaux IPv6, ne fournissait que la possibilité d'envoyer une clé SSH personnalisée et de nombreuses fonctions promises n'ont jamais vu le jour.

  Internationalisation

  Mise à jour de l'entrée de saisie IBus 1.5.32. Cette version apporte principalement la prise en charge du protocole des entrées Wayland version 2 ce qui permet son utilisation dans les bureaux Sway, COSMIC et Hyprland. Il permet également d'afficher la pop-up de suggestions dans les applications XIM ou GTK2 lorsqu'elles sont utilisées dans une session Wayland.

  Son aide à la saisie pour le chinois ibus-libpinyin est aussi mise à jour à la version 1.16. Il permet en outre de fournir des suggestions de ponctuations, de personnaliser la disposition du clavier ou d'afficher les convertisseurs Lua depuis un menu des méthodes d'entrées.

  Proposition d'une nouvelle aide à la saisie vocale avec Ibus Speech to Text via le paquet ibus-speech-to-text qui permet de faire de la reconnaissance vocale en local. Toutes les applications compatibles avec IBus peuvent donc avoir une telle saisie vocale qui exploite le logiciel VOSK pour la reconnaissance vocale. Aucune connexion à Internet n'est requise et il gère plusieurs langues qui peuvent être facilement téléchargées si besoin. Cela permet d'améliorer l’accessibilité du système tout en préservant la vie privée.

  

  Administration système

  Les répertoires /usr/bin et /usr/sbin sont fusionnés. Ainsi /usr/sbin devient un lien symbolique vers le répertoire /usr/bin, de même que /usr/local/sbin vers /usr/local/bin. Cette séparation entre les utilitaires réservés aux superutilisateurs et les autres était artificielle et non exploitée.

  À l'origine, l'objectif de /sbin était d'avoir des binaires liés statiquement qui pouvaient être utilisés dans un système en mode de secours pour dépanner en cas de gros problème au niveau du système. Mais cette méthode n'est plus appliquée depuis longtemps et cette distinction était conservée comme une relique historique. Cela devenait un poids plus qu'autre chose car avec l'avénement des droits d'utilisateurs dynamiques via polkit par exemple, le besoin d'accéder à ces outils nécessitait de donner accès à ces répertoires même pour des utilisateurs sans droits particuliers. Puis, entre les distributions, un utilitaire pouvait être rangé dans un répertoire ou un autre en fonction des choix des empaqueteurs de chaque communauté ce qui rend la portabilité des commandes entre distributions plus difficiles inutilement. D'ailleurs ArchLinux a sauté le pas il y a quelques années déjà.

  Cela est la continuité de la suppression de la distinction entre /bin et /usr/bin qui avait le même genre de justifications qui a eu lieu avec Fedora 17, il y a 13 ans déjà.

  DNF5 va proposer à l'utilisateur de supprimer les clés GPG qui ont expiré, ou qui ont été révoquées, plutôt que de devoir le faire à la main avec la commande rpmkeys --delete. Si la commande est interactive, le choix sera laissé à l'utilisateur de supprimer ou non la dite clé. En mode non interactif via les options -y ou --assumeno, le choix dépendra de l'option choisie pour l'appliquer automatiquement.

  La commande fips-mode-setup a été retirée du paquet crypto-policies qui permet de rendre dynamiquement son système compatible avec les exigences du gouvernement américain concernant les modules cryptographiques. Cette option doit être activée lors de l'installation par d'autres moyens maintenant.

  Il est ainsi possible de le faire en utilisant l'argument noyau fips=1 pour le notifier à Anaconda, si l'image a été générée avec osbuild-composer, l'option fips=true dans la section customizations permet d'obtenir le même effet ou si bootc est utilisé pour une image atomique de passer par cette configuration.

  Le mode FIPS n'améliore pas forcément la sécurité, dans certains cas ça peut en bloquant l'usage des algorithmes obsolètes mais parfois cela peut avoir l'effet inverse en n'autorisant pas d'algorithmes plus récents jugés plus sécurisés, comme l'algorithme de chiffrement Argon2 utilisé par LUKS pour chiffrer le disque dur qui résiste mieux aux attaques effectuées par des cartes graphiques par rapport à l'algorithme PBKDF2 qui est lui autorisé. C'est un mode destiné aux entreprises ou personnes ayant besoin d'être certifiées à ce niveau.

  L'objectif de ce changement est de simplifier la vie des mainteneurs qui n'ont plus à se préoccuper de cet outil et de ce que cela nécessite car de nombreux changements dans le système doivent être mis en place pour activer (ou désactiver) ce mode. Par exemple reconfigurer tous les modules cryptographiques du système tels que OpenSSH, OpenSSL, GnuTLS, NSS, libgcrypt ou le noyau lui même, fournir également un module à l'initramfs pour effectuer une vérification de l'image du noyau au démarrage de la machine et ajouter un argument pour le noyau si jamais /boot est dans une partition dédiée afin d'effectuer cette vérification.

  Mais aussi le changement à la volée est source de problèmes et de confusions pour les utilisateurs. Par exemple installer Fedora Linux avec un chiffrement du disque avec un algorithme non compatible FIPS avant de l'activer après l'installation. De même si des clés de chiffrement sont générées avec OpenSSH ou autres outils avec des algorithmes non autorisés avant d'activer le dit mode. Ces situations hybrides peuvent induire des dysfonctionnement non prévus. L'objectif est de limiter ces cas problématiques en empêchant le changement à chaud.

  Le navigateur de fichiers pour Cockpit cockpit-navigator est remplacé par cockpit-files. Cela suit le changement effectué par le projet qui a entamé cette réécriture et ne maintient de fait plus l'ancien module.

  Les fichiers Kickstart seront distribués également comme des artéfacts OCI. L'objectif est de permettre de charger plus facilement une image de Fedora pour conteneurs qui est démarrable via le réseau. Dans ce cas précis, il était nécessaire pour l'utilisateur de récupérer et de transformer manuellement les différents fichiers depuis les dépôts RPM avec des numéros de versions très mouvants afin d'avoir les images du noyau, de l'initramfs, du chargeur de démarrage, de l'image d'installation et de lancement. Ici l'objectif est de pouvoir les fournir dans un endroit centralisé tel que ce dépôt avec des processus plus faciles à automatiser avec Ansible ou Foreman. Ces fichiers sont également signés avec GPG ce qui permet de facilement vérifier leur conformité.

  Les éditions dérivées de Fedora Workstation auront par défaut le pare-feu configuré avec l'option IPv6_rpfilter=loose, ce qui suit la politique appliquée pour l'IPv4 depuis Fedora 30. En effet, avec l'option IPv6_rpfilter=strict il y avait notamment régulièrement des soucis pour vérifier la connexion à Internet pour des machines ayant plusieurs interfaces connectées au réseau tel qu'un ordinateur portable passant du Wifi au réseau Ethernet pour se connecter à son réseau domestique.

  Ajout du paquet bpfman pour le déploiment et la gestion des programmes eBPF dans le système. Développé en Rust, il permet de fournir une vue d'ensemble des programmes eBPF utilisés dans le système actuellement. Il simplifie aussi leur déploiement dans un cluster Kubernetes par l'utilitaire bpfman-operator tandis que l'outil bpfman-agent exécuté au sein d'un conteneur permet de rapporter si les programmes eBPF sont dans l'état désiré.

  Mise à jour de l'outil de gestion de configuration Ansible à la version 11. Cette version propose d'ajouter des tags aux variables ou valeurs pour par exemple retourner un avertissement si on essaye d'accéder une valeur marquée comme dépréciée. Les boucles de tâches peuvent avoir une instruction d'interruption. Enfin, le module mount_facts prend en charge les périphériques non locaux.

  Le serveur de proxy inverse Apache Traffic Server évolue vers sa 10e version. Une nouvelle API basée sur JSON-RPC est proposée pour permettre des interactions avec des outils extérieurs. Le module traffic_ctl a une commande monitor pour rapporter en continue des métriques à jour. Les règles ip_allow.yaml et remap.config prennent en charge des intervalles d'IP nommées pour simplifier la configuration. La prise en charge du protocole HTTP/2 pour les connexions provenant du serveur d'origine a été ajoutée même si elle est désactivée par défaut. De plus, les plugins doivent être développés en C++20 uniquement au lieu du langage C.

  La version de compatibilité PostgreSQL 15 a été retirée, PostgreSQL 16 reste la version par défaut. Cela fait suite à l'ajout de PostgreSQL 17 dans les dépôts comme version alternative avec postgresql17 comme nom de paquet. Le projet ne souhaite pas maintenir davantage de versions pour réduire la charge de travail tout en permettant de migrer les données d'une version à l'autre. En effet, la migration nécessite le binaire de la version actuellement utilisée pour réaliser un dump avant d'utiliser la nouvelle version pour importer ce dump. Cela signifie que les utilisateurs utilisant PostgreSQL 15 doivent préparer la migration avant la mise à niveau de leur Fedora Linux.

  Les utilitaires liés au projet OpenDMARC ont été mis dans des paquets individuels au lieu du paquet opendmarc qui les fournissait tous. En effet de nombreux utilitaires notamment écrits en Perl étaient fournis avec ce paquet sans être nécessaires pour exécuter le service ce qui entrainait l'installation plus que 80 paquets Perl pour rien dans la plupart des cas. Le paquet opendmarc fourni maintenant les outils opendmarc et opendmarc-check quand le reste est fourni avec le paquet opendmarc-tools.

  L'agent pam-ssh-agent a été supprimé des dépôts. Le développement a été arrêté il y a plus d'un an par le projet OpenSSH et aucun paquet actuellement maintenu n'en dépend.

  

  Développement

  La chaîne de compilation GNU bénéficie de GCC 15, binutils 2.44 et glibc 2.41. Concernant le compilateur GCC, comme d'habitude il fournit de nombreux changements. Il est possible pour l'optimisation de l'édition de lien de le faire de manière incrémentale afin que cette étape soit plus rapide en cas de petits changements dans le code source. Les très gros fichiers de code source sont également plus rapide à compiler et les erreurs les concernant sont mieux gérées. Les erreurs gagnent encore en lisibilité, en particulier pour les templates C++ ou en présentant le chemin d'exécution qui mène à l'erreur détectée.

  Pour la section OpenMP, la prise en charge des normes au dessus de la version 5.0 continue sa progression avec une meilleure gestion des cartes graphiques Nvidia et AMD. Pour le langage C, la norme C23 devient la norme par défaut tandis que le début de prise en charge de la future norme C2Y a été introduit. Pour le C, c'est la prise en charge de la future norme C26 qui progresse et une meilleure gestion des modules introduits dans les normes précédentes.

  Pour les architectures, de nombreuses améliorations pour la prise en charge des microarchitectures x86_64 dont des nouvelles instructions AMX. Côté Aarch64, ce sont les puces d'Apple qui sont prises en charge maintenant.

  Concernant la bibliothèque standard C, il y a quelques changements concernant la résolution DNS. Grâce à la variable d'environnement RES_OPTIONS il est possible d'ignorer des options précisées dans le fichier /etc/resolv.conf. Ainsi utiliser RES_OPTIONS=-no-aaaa permet d'ignorer l'option options no-aaaa. Les fonctions sched_setattr et sched_getattr ont été ajoutées pour permettre de changer les options de la politique d'ordonnancement des processus du noyau, par exemple quand SCHED_DEADLINE est utilisé où certains paramètres peuvent être utilisés. La prise en charge d'Unicode 16.0 a été ajoutée, de même que de nombreuses fonctions mathématiques introduites par la norme C23. Pour l'architecture AArch64, les fonctions mathématiques vectorielles devraient être plus performantes.

  Enfin pour les binutils, les extensions de l'assembleur pour les architectures AArch64, Risc-V et x86 ont été mises à jour. L'éditeur de lien peut mixer des objets avec et sans l'optimisation activée.

  La chaîne de compilation LLVM progresse à la 20e version. Comme pour son concurrent GCC, les dernières normes C et C++ ont bénéficié de nombreuses améliorations pour leur prise en charge. De même, de nombreuses instructions AMX pour l'architecture x86_64 ont été ajoutées. Un nouveau vérificateur TySan fait son apparition pour vérifier les violations d'aliasing de types, donc utiliser un pointeur d'un type particulier pour accéder à des valeurs d'un autre type en mémoire ce qui dégrade les performances ou peut engendrer des bogues. Le module de télémétrie a été extrait du débogueur pour être disponible dans l'ensemble de LLVM afin de pouvoir rapporter différentes mesures et usages de ces outils aux développeurs mais cela reste désactivé par défaut.

  Fedora par ailleurs fournit les outils llvm-bolt, polly, libcxx et mlir dans le paquet llvm au lieu d'être dans des paquets indépendants comme avant. Les binaires, bibliothèques et autres en-têtes sont installées dans le dossier /usr/lib64/llvm$VERSION/ au lieu de /usr, des liens symboliques sont proposés pour garder la compatibilité, l'objectif est de faciliter le passage d'une version à l'autre pour les utilisateurs.

  Le cadriciel web Python nommé Django utilise la version 5.x. Les formulaires peuvent bénéficier de la notion de groupe de champs pour simplifier significativement le code du template en évitant de devoir répéter les mêmes informations pour chaque champ s'ils ont la même structure. Les modèles peuvent également recevoir une valeur par défaut obtenue par la base de données. Il est également possible de générer des colonnes qui sont calculées à partir d'autres champs de la base de données.

  Mise à jour du langage Go vers la version 1.24. Côté langage, il prend en charge les alias de types génériques ce qui permet d'étendre leur champ d'applications et d'améliorer la lisibilité du code. Comme souvent avec Go, les performances sont améliorées, de l'ordre de 2-3% à l'exécution et la structure map est basée sur les tables suisses pour réduire la consommation mémoire pour les petits objets. La bibliothèque standard fournit des mécanismes pour se conformer au standard FIPS 140 concernant la cryptographie comme expliqué plus haut. Une nouvelle instruction du compilateur go:wasmexport permet d'exporter les fonctions du programme à l'hôte en WebAssembly.

  Le langage Ruby brille avec la version 3.4. Le parseur par défaut passe de parse.y à Prism pour améliorer la détection des erreurs, les performances et la portabilité. La bibliothèque de socket dispose du standard Happy Eyeballs Version 2 pour améliorer la résilience et l'efficience des connexions TCP. Le compilateur juste à temps YJIT améliore ses performances pour les architectures x86_64 et Aarch64, il est également plus fiable et réduit un peu sa consommation mémoire tout en ayant la possibilité de définir une limite maximale unifiée. Parser des structures JSON doit être également 1,5 fois plus rapide, de même pour Array#each grâce à une réécriture en Ruby.

  Le langage de programmation PHP s'impose de tout son poids à la version 8.4. Outre d'apporter un compilateur juste à temps basé sur IR Framework et diverses améliorations de performance, le langage propose de nouveaux concepts. Les property hooks permettent de facilement définir des structures basées sur une autre valeur pour les garder synchronisées tout en ayant une quantité de code plus réduites et avec moins de risque de faire des erreurs. Il est possible de définir une visibilité asymétrique, en autorisant la lecture d'une propriété mais pas son écriture publiquement et ce sans passer par des getters / setters. L'attribut #\Deprecated fait son apparition pour signaler à l'utilisateur qu'une méthode ou valeur sera probablement supprimée ultérieurement. Une nouvelle API pour manipuler les objets DOM apparaît et fournit la prise en charge de HTML5. Et d'autres changements encore.

  Le langage de scripts Tcl/Tk a été mis à jour vers la 9e version. Pour des raisons de compatibilité, la version 8 reste distribuée sous le nom de paquet tcl8. Grâce à l'exploitation du 64 bits, il peut maintenant manipuler des données de plus de 2 Gio. La prise en charge d'Unicode et des différentes méthodes d'encodage a été améliorée, en ajoutant d'une part mais aussi en gérant l'ensemble des valeurs existantes. L’interaction avec le système est améliorée avec la possibilité d'envoyer des notifications, d'imprimer ou d'utiliser les icônes de la barre du système. Il y a un début de prise en charge de l'affichage vectoriel permettant d'améliorer le visuel des applications. Les capacités d’interactions tactiles sont améliorées avec la possibilité de gérer des gestes à deux doigts.

  La bibliothèque de calcul scientifique en Python NumPy passe à la version majeure 2. Première version majeure depuis 2006, il fournit de nombreuses améliorations de performance en particulier autour des différents algorithmes de tri de même que la sauvegarde de gros objets. La transformée de Fourrier rapide prend en charge les types float32 et longdouble. Un nouveau type pour les chaînes de caractères de taille variable fait son apparition : StringDType qui doit fournir également de meilleures performances. La séparation entre l'API publique et privée a été aussi clarifiée avec une nouvelle structure des modules. API qui a aussi été nettoyée pour enlever ce qui n'était pas pertinent ce qui simplifie l'apprentissage de la bibliothèque.

  L'outil de développement de paquets Python Setuptools a été mis à jour vers la version 74. La commande setup.py qui était non recommandée depuis plus de 5 ans disparaît, cela a nécessité notamment de changer près de 150 paquets dans le système pour en tenir compte. D'autres changements plus mineurs sont également fournis.

  Mise à jour de la bibliothèque de compression zlib-ng à la version 2.2.x. Parmi les changements, sur l'architecture x86_64 les performances devraient être améliorées de 12% pour la compression avec le niveau par défaut. L'allocation mémoire est également fait en une seule fois ce qui réduit le nombre d'appels systèmes et le risque de fragmentation de la mémoire ce qui améliore également les performances globales. Le risque d'avoir un échec par manque de mémoire s'en retrouve également réduit.

  Le langage Copilot avec sa boîte à outil de vérification de runtime fait son apparition. Développé en Haskell par la NASA, il permet de définir des programmes concis qui peuvent ensuite être transpilés en C99 pour permettre un haut niveau de sécurité tout en étant capable de gérer des contraintes temps réel dures ce qui est important dans de nombreux contextes embarqués. Ce langage est disponible via le paquet ghc-copilot.

  La bibliothèque graphique SDL utilise la version 3 pour assurer la compatibilité avec ses versions 2 et 1.2 dorénavant. Cela passe par le paquet sdl2-compat qui fourni cette compatibilité car SDL 2 n'est plus développé.

  Les anciennes versions de OpenJDK pour le langage Java à savoir 8, 11 et 17 ne sont plus fournies par les dépôts de Fedora mais devront être installées via un dépôt tiers tel que Adoptium Temurin dont le paquet adoptium-temurin-java-repository permet son activation. La maintenance des différentes versions d'OpenJDK a été longtemps une problématique pour Fedora avec leur nombre de versions avec une maintenance officielle qui augmente, cela alourdissait considérablement la charge de travail sans avoir assez de mainteneurs en face. D'autant plus que la plupart des cas d'usage se contentent bien de la dernière version LTS disponible, les versions plus anciennes répondent à des cas plus spécifiques qui peuvent se contenter d'un dépôt externe où les mainteneurs de Fedora travaillent de toute façon ce qui garantie la qualité de l'intégration. Cela diminuera la consommation de ressources pour gérer ces paquets dans Fedora mais aussi l'allégement de la charge de travail permettra de mettre à jour OpenJDK plus rapidement à l'avenir.

  Le paquet de compatibilité Python pour la version 3.8 a été retiré. Cette version n'est plus maintenue par le projet Python et ce serait trop coûteux et peu sûr de poursuivre sa fourniture dans la distribution.

  La bibliothèque Rust zbus version 1 a été supprimée, la version 4 ou supérieure reste proposée dans les dépôts. Une vingtaine de dépendances obsolètes étaient également maintenues pour ce composant ce qui permettra de réduire la charge de travail pour les mainteneurs et la consommation de ressources pour le projet Fedora. La compatibilité avec les dernières versions du compilateur Rust et certains bogues sur certaines architectures rendaient sa maintenance problématique par ailleurs.

  La bibliothèque de compatibilité entre Rust et Python, PyO3, se voit retirer les anciennes versions 0.19, 0.20, et 0.21. Les versions 0.22 et 0.23 restent donc disponibles. Cet abandon devient nécessaire par les changements de l'API et de l'ABI de CPython qui rendent les anciennes versions de plus en plus difficiles à maintenir en état de fonctionnement.

  L'utilitaire d'exécution des tests unitaires en Python python-pytest-runner est déprécié et sera supprimé dans un futur proche. Depuis 2019 il est dans un état d'abandon par le projet source, il faut depuis envisager d'utiliser pytest à la place d'autant plus que les incompatibilités avec l'outil setuptools vont en grandissant.

  La bibliothèque de compatibilité entre GTK3 et Rust est marquée comme dépréciée et sera supprimée dans une prochaine version. En effet les versions récentes de gtk-rs ne le prennent plus en charge ce qui impose un coût de maintenance d'autant qu'il faut maintenir aussi les anciennes versions de compatibilité avec Cairo et GLib pour cela.

  

  Projet Fedora

  Fedora Linux proposera des archives permettant d'être installé avec Windows Subsystem for Linux. Windows a récemment amélioré la prise en charge des installations d'un tel système en dehors du magasin d'applications Microsoft ce qui rend ce changement plus intéressant. Idéalement il faut utiliser WSL 2.4.4 ou supérieur même si une procédure sera fournie pour les versions plus anciennes. Le projet Fedora ne souhaite pas à ce jour accepter les conditions pour permettre une publication directement depuis le magasin d'applications. Cela permet de faciliter l'usage de Fedora dans un tel système.

  Les paquets RPM peuvent bénéficier de la fonction systemd sysusers.d pour créer des utilisateurs ou groupes dédiés lors de l'installation des paquets RPM. L'objectif à terme est de se débarasser des instructions useradd ou groupadd dans les paquets RPM voire l'usage de la macro %sysusers_create_compat. Cela va permettre d'uniformiser à terme la manière de créer de tels utilisateurs et groupes ce qui va également simplifier les scriplets des différents paquets RPM concernés. Comme cela est intégré dans le format RPM, il devient plus facile de retrouver quels utilisateurs et groupes sont créées par un paquet donné et de définir des dépendances basées sur ce critère si c'est pertinent.

  Les mises à jour de Fedora CoreOS passent de OSTree à OCI. Les mises à jour proviennent ainsi du dépôt quay.io/fedora/fedora-coreos. C'est la première étape avant d'être capable de passer à bootc pour gérer la base du système qui permettrait entre autre de faire des mises à jour en miroir en copiant un système existant sur le réseau local ou de laisser l'utilisateur personnaliser facilement ses propres images.

  Activation par défaut de composefs pour les images atomiques bureautiques de Fedora Linux pour les images non basées sur OSTree. Faisant suite à ce qui a été fourni pour les images CoreOS et IoT avec Fedora Linux 41, l'idée est de fournir une vérification d'intégrité des images atomiques lorsque le système tourne et d'avoir un système de fichiers du système réellement en lecture seule.

  En effet, jusqu'ici l'intégrité des fichiers du système n'est vérifiée que lors de la mise à jour ou l'installation d'une nouvelle image mais rien n'empêche d'avoir une altération malveillante par exemple entre temps. Il fallait exécuter ostree fsck à la main pour vérifier manuellement si le système était conforme. De plus le système même s'il est en lecture seule en théorie, en réalité il était monté en lecture/écriture avec la commande chattr +i / ajoutée pour prévenir les modifications accidentelles.

  Avec composefs, qui exploite overlayfs et EROFS, permet de supprimer ces limitations, le système de fichiers sera réellement en lecture seule et la moindre tentative de modification aboutira à une erreur au niveau du noyau Linux en toute circonstance. Les répertoires /etc et /var restent accessibles en lecture/écriture comme avant. L'objectif à terme est de fournir une vraie chaîne de démarrage sécurisée avec la vérification des signatures au niveau du système.

  L'utilitaire edk2 est compilé avec des options de sécurité supplémentaires pour améliorer la sécurité des machines virtuelles reposant sur l'UEFI. Ce composant est une implémentation de l'UEFI qui est notamment utilisée par les machines virtuelles créées avec libvirt. Ce changement passe par l'activation du mode strict pour NX qui empêche l'exécution de code provenant de zone mémoire en lecture/écriture. Les pointeurs NULL sont également capturés pour éviter de déférencer le vecteur d'interruption qui existe à cette adresse ce qui peut mener à des accès mémoires non souhaités. Cela ne sera appliqué que pour les sytèmes invités avec Secure boot activé, pour éviter d'introduire des régressions pour les systèmes invités plus anciens qui seraient non compatibles avec ces options de sécurité dans un environnement où ces protections additionnelles seraient moins pertinentes.

  En effet, cela est une réponse au problème de sécurité liée au composant shim pour les versions inférieures à 15.8 qui a nécessité en 2024 une mise à jour majeure des chargeurs de démarrage et du noyau Linux. Des systèmes invités avec ce problème de sécurité non corrigé entraineront une erreur mémoire prévenant toute exécution.

  Les images live de Fedora Linux utilisent le système de fichiers EROFS en lieu et place de SquashFS. Ce système de fichiers est aussi en lecture seule et est plus activement développé. De fait il peut utiliser des algorithmes de compression plus moderne pour réduire la taille de l'image et a été développé pour avoir de bonnes performances sur les systèmes embarqués ce qui devrait se retrouver aussi sur des machines plus performantes.

  Ajout d'un générateur de dépendances pour les extensions de GNOME Shell, permettant de lier la version de l'extension avec celle de gnome-shell à partir du fichier metadata.json de l'extension. Cela permet de détecter de manière générique et donc plus facilement et automatiquement un soucis de compatibilité entre une extension et la version de GNOME Shell fournie par le projet. Cela devrait permettre de travailler sur ces problèmes de compatibilité dès qu'ils apparaissent plutôt que d'attendre le retour d'utilisateurs qui découvrent une extension non fonctionnelle en pratique.

  Redéfinition des dépendances de nombreux paquets de git vers git-core. Plus de 200 paquets souhaitent utiliser le binaire git et ont une dépendance envers ce paquet éponyme alors qu'il est fourni en réalité par le paquet git-core. Ce qui implique une dépendance excessive envers 60 autres paquets inutiles dans ce contexte. Cela devrait entre autre réduire les ressources nécessaires pour générer certains paquets.

  La communauté francophone

  L'association

  

  Borsalinux-fr est l'association qui gère la promotion de Fedora dans l'espace francophone. Nous constatons depuis quelques années une baisse progressive des membres à jour de cotisation et de volontaires pour prendre en main les activités dévolues à l'association.

  Nous lançons donc un appel à nous rejoindre afin de nous aider.

  L'association est en effet propriétaire du site officiel de la communauté francophone de Fedora, organise des évènements promotionnels comme les Rencontres Fedora régulièrement et participe à l'ensemble des évènements majeurs concernant le libre à travers la France principalement.

  Si vous aimez Fedora, et que vous souhaitez que notre action perdure, vous pouvez :

  • Adhérer à l'association : les cotisations nous aident à produire des goodies, à nous déplacer pour les évènements, à payer le matériel ;
  • Participer sur le forum, les listes de diffusion, à la réfection de la documentation, représenter l'association sur différents évènements francophones ;
  • Concevoir des goodies ;
  • Organiser des évènements type Rencontres Fedora dans votre ville.

  Nous serions ravis de vous accueillir et de vous aider dans vos démarches. Toute contribution, même minime, est appréciée.

  Si vous souhaitez avoir un aperçu de notre activité, vous pouvez participer à nos réunions mensuelles chaque premier lundi soir du mois à 20h30 (heure de Paris). Pour plus de convivialité, nous l'avons mis en place en visioconférence sur Jitsi.

  La documentation

  Depuis juin 2017, un grand travail de nettoyage a été entrepris sur la documentation francophone de Fedora, pour rattraper les 5 années de retard accumulées sur le sujet.

  Le moins que l'on puisse dire, c'est que le travail abattu est important : près de 90 articles corrigés et remis au goût du jour. Un grand merci à Charles-Antoine Couret, Nicolas Berrehouc, Édouard Duliège, Sylvain Réault et les autres contributeurs et relecteurs pour leurs contributions.

  La synchronisation du travail se passe sur le forum.

  Si vous avez des idées d'articles ou de corrections à effectuer, que vous avez une compétence technique à retransmettre, n'hésitez pas à participer.

  Comment se procurer Fedora Linux 42 ?

  

  Si vous avez déjà Fedora Linux 41 ou 40 sur votre machine, vous pouvez faire une mise à niveau vers Fedora Linux 42. Cela consiste en une grosse mise à jour, vos applications et données sont préservées.

  Autrement, pas de panique, vous pouvez télécharger Fedora Linux avant de procéder à son installation. La procédure ne prend que quelques minutes.

  Nous vous recommandons dans les deux cas de procéder à une sauvegarde de vos données au préalable.

  De plus, pour éviter les mauvaises surprises, nous vous recommandons aussi de lire au préalable les bogues importants connus à ce jour pour Fedora Linux 42.

April 15, 2025

• Michael Catanzaro Dangerous Arbitrary File Read Vulnerability in Yelp (CVE-2025-3155)

  I don’t normally blog about particular CVEs, but Yelp CVE-2025-3155 is noteworthy because it is quite severe, public for several weeks now, and not yet fixed upstream. In short, help files can read your filesystem and execute arbitrary JavaScript code, allowing an attacker to exfiltrate any files your Unix user has access to. Thank you to parrot409 for responsibly disclosing this issue and going above and beyond to provide patches.

  • By default, all major browsers allow websites to download files automatically, without user interaction, so installing a malicious help file into your Downloads directory is simple. (If you ever find an unexpected file in your Downloads directory, be careful and maybe don’t open it. Cautious users may wish to configure their browsers to prompt before saving a download.)
  • The malicious website would next attempt to open the special URL ghelp:///proc/self/cwd/Downloads. This relies on the assumption that the web browser runs with your home directory as current working directory, which in practice will generally be true when launched from your desktop environment.
  • Chrome and Firefox prompt the user for permission before launching Yelp. If you grant permission, then Yelp launches and you lose. Don’t grant permission. Beware: both browsers have an “always allow” checkbox, and you won’t be prompted for permission if you’ve ever checked it when opening a ghelp URL in the past.
  • Epiphany does not prompt the user for permission before opening the URL. Minimal user interaction is required for the attacker to win. If you use Epiphany or any other browser that opens links in external programs without user confirmation, you should immediately uninstall Yelp, or at least change your Downloads directory to something nonstandard.

  Timeline:

  • December 25: Bug is reported to GNOME Security.
  • February 24: The reporter proposes these patches to fix the issue.
  • March 26: The 90 day disclosure deadline is reached, so I make the issue report public even though it is not yet fixed. At this point, due to insufficient creativity, I incorrectly assume the issue is likely to be used only in targeted attacks, because it seems to require the attacker to know the path to your downloads directory, which will normally include your Unix username.
  • April 5: The bug reporter posts a detailed write-up including a nice GIF to demonstrate the attack exfiltrating ~/.ssh/id_rsa in Chrome. This attack uses /proc/self/cwd/Downloads, bypassing the requirement to know your Unix username.
  • April 13: GNOME Security is notified of the write-up.

  If you are a Linux operating system vendor, please consider applying the provided patches even though they have not yet been accepted upstream. They’re probably not worse than the status quo!

• Fedora fans نسخه نهایی لینوکس فدورا ۴۲ منتشر شد

  

  در تاریخ ۱۵ آوریل ۲۰۲۵، نسخه نهایی فدورا لینوکس ۴۲ منتشر شد. این نسخه، حاصل تلاش‌های گسترده جامعه متن‌باز است که هزاران توسعه‌دهنده از سراسر جهان در آن مشارکت داشته‌اند. ارتقاء یا نصب تازه ارتقاء از نسخه‌های قبلی: اگر از نسخه‌های قبلی فدورا استفاده می‌کنید، ارتقاء به فدورا ۴۲ آسان است. می‌توانید با مراجعه به […]

  The post نسخه نهایی لینوکس فدورا ۴۲ منتشر شد first appeared on طرفداران فدورا.

• Christian F.K. Schaller Fedora Workstation 42 is upon us!

  We are excited about the Fedora Workstation 42 released today. Having worked on some great features for it.

  Fedora Workstation 42 HDR edition
  I would say that the main feature that landed was HDR or High Dynamic Range. It is a feature we spent years on with many team members involved and a lot of collaboration with various members of the wider community.
  

  

  GNOME Settings menu showing HDR settings

  The fact that we got this over the finish line was especially due to all the work Sebastian Wick put into it in collaboration with Pekka Paalanen around HDR Wayland specification and implementations.
  Another important aspect was tools like libdisplay which was co-created with Simon Ser, with others providing more feedback and assistance in the final stretch of the effort.

  

  HDR setup in Ori and Will of the Wisps

  
  That said a lot of other people at Red Hat and in the community deserve shout outs for this too. Like Xaver Hugl whose work on HDR in Kwin was a very valuable effort that helped us move the GNOME support forward too. Matthias Clasen and Benjamin Otte for their work on HDR support in GTK+, Martin Stransky for his work on HDR support in Firefox, Jonas Aadahl and Olivier Fourdan for their protocol and patch reviews. Jose Exposito for packaging up the Mesa Vulkan support for Fedora 42.

  One area that should benefit from HDR support are games. In the screenshot about you see the game Ori and the Will of the Wisps which is known for great HDR support. Valve will need to update to a Wine version for Proton that supports Wayland natively though before this just works, at the moment you can get it working using gamescope, but hopefully soon it will just work under both Mutter and Kwin.

  Also a special shoutout to the MPV community for quickly jumping on this and releasing a HDR capable video player recently.

  

  MPV video player playing HDR content

  Of course getting Fedora Workstation 42 to out with these features is just the beginning, with the baseline support it now is really the time when application maintainers have a real chance of starting to make use of these features, so I would expect various content creative applications for instance to start having support over the next year.

  For the desktop itself there are also open questions we need to decide on like:

  • Format to use for HDR screenshots
  • Better backlight and brightness handling
  • Better offloading
  • HDR screen recording video format
  • How to handle HDR webcams (seems a lot of them are not really capable of producing HDR output).
  • Version of the binary NVIDIA driver released supporting the VK_EXT_hdr_metadata and VK_COLOR_SPACE_HDR10_ST2084_EXT Vulkan extension on Linux
  • A million smaller issues we will need to iron out

  Accessibility
  Our accessibility team has been hard at work trying to ensure we have a great accessibility story in Fedora Workstation 42. Our accessibility team with Lukas Tyrychtr and Bohdan Milar has been working hard together with others to ensure that Fedora Workstation 42 has the best accessibility support you can get on Linux. One major effort that landed was the new keyboard monitoring interface which is critical for making Orca work well under Wayland. This was a collaboration of between Lukas Tyrychtr, Matthias Clasen and Carlos Garnacho on our team. If you are interested in Accessibility, as a user or a developer or both then make sure to join in by reaching out to the Accessibility Working group

  PipeWire
  PipeWire also keeps going strong with continuous improvements and bugfixes. Thanks to the great work by Jan Grulich the support for PipeWire in Firefox and Chrome is now working great, including for camera handling. It is an area where we want to do an even better job though, so Wim Taymans is currently looking at improving video handling to ensure we are using the best possible video stream the camera can provide and handle conversion between formats transparently. He is currently testing it out using a ffmpeg software backend, but the end goal is to have it all hardware accelerated through directly using Vulkan.

  Another feature Wim Taymans added recently is MIDI2 support. This is the next generation of MIDI with only a limited set of hardware currently supporting it, but on the other hand it feels good that we are now able to be ahead of the curve instead of years behind thanks to the solid foundation we built with Pipewire.

  Wayland
  For a long time the team has been focused on making sure Wayland has all the critical pieces and was functionality wise on the same level as X11. For instance we spent a lot of time and effort on ensuring proper remote desktop support. That work all landed in the previous Fedora release which means that over the last 6 Months the team has had more time to look at things like various proposed Wayland protocols and get them supported in GNOME. Thanks to that we helped ensure the Cursor Shape Protocol and Toplevel Drag protocols got landed in time for this release. We are already looking and what to help land for the next release, so expect a continued acceleration in Wayland protocol adoption going forward.

  First steps into AI
  So an effort we been plugging away at recently is starting to bring AI tooling to Open Source desktop applications. Our first effort in this regard is Granite.code. Granite.code is a extension for Visual Studio Code that sets up a local AI engine on your system to help with various tasks including code generation and chat inside Visual Studio Code. So what is special about this effort is that it relies on downloading and running a copy of the open source AI Granite LLM model to your system instead on relying on it being run in a cloud instance somewhere. That means you can use Granite.code without having to share your data and work with someone else. Granite.code is still very early stage and it requires a NVIDIA or AMD GPU with over 8GB of video ram to use under Linux. (It also runs under Windows and MacOS X). It is still in a pre-release stage, we are waiting for the Granite 3.3 model update to enable some major features for us before we make the first formal release, but for those willing to help us test you can search for Granite in the Visual Studio Code extension marketplace and install it.
  We are hoping though that this will just the starting point where our work can get picked up and used by other IDEs out there too and also we are thinking about how we can offer AI features in other parts of the desktop too.

  

  Granite.code running on Linux

• Peter Czanik Working with Active Roles debug logs in syslog-ng

  From my previous Active Roles blogs, you could learn how to forward regular Active Roles logs from Windows Event Log to a central syslog-ng server, where it parses, filters, stores and forwards the logs. In this blog, I show you how to work with Active Roles debug logs, that is reading them using syslog-ng Agent for Windows and forwarding them to a central syslog-ng server for long(er) term storage.

  Debug logs are typically huge and the Active Roles debug logs are no exceptions, so you must make sure that you collect them only when really necessary. However, there can be situations when you need to collect these logs centrally for easier access or even long-term storage. Active Roles might generate gigabytes of debug logs even in just a few hours, so make sure that you collect these logs separately from the rest of your logs. This way, you can easily discard these logs when they are no longer needed.

  Before you begin

  If you want to test what you read in this blog, you need 2-4 hosts. Installing Active Roles needs 1-3 Windows Server machines, while installing the syslog-ng PE server needs a supported Linux host. Describing the system requirements or the installation processes are outside the scope of this blog. Contact One Identity at https://www.syslog-ng.com/register/115582/ to receive a trial version of syslog-ng Premium Edition and help to get started. A free trial of Active Roles can be found at https://www.oneidentity.com/register/62175/.

  Collecting Active Roles debug logs

  You can enable debug logging from the Active Roles Configuration Center. There are five different debug logs, all disabled by default, as they can quickly produce an insane amount of logs. You can see a list of log sources together with paths and file names. For the purpose of this blog, I chose the first one from the list, which stores logs to the C:\Program Files\One Identity\Active Roles\<active-roles-version>\Service directory, with the ds.log file name.

  Note that on the syslog-ng Agent for Windows side, we extend the configuration we did in the first blog of the series: https://www.syslog-ng.com/community/b/blog/posts/collecting-active-roles-logs-centrally-using-the-syslog-ng-windows-agent As such, we do not discuss here how to add a destination.

  In the syslog-ng Agent for Windows MMC, go to “File Sources”, and make sure that it is set to “Enable”. You can now add a new file source. First, enter the directory name from above (might be slightly different on your host) and the file name. As Active Roles sometimes produces multi-line log messages, we also add a Prefix for the date format. Set “Application” to “Custom”, then enter the following expression:

  \[[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\]
  

  Yes, it is ugly and all Active Roles debug logs have a slightly different format. Having this properly configured makes sure that multi-line log messages are forwarded as a single message. If you are not comfortable enough with writing regular expressions, you should use websites like https://regexr.com/ or similar services to create one.

  Once you have restarted syslog-ng Agent for Windows, your central syslog-ng server is flooded with debug logs from Active Roles.

  Configuring the syslog-ng PE server

  In my previous blog, we built a syslog-ng configuration, which collected log messages from Windows using the RFC5424 syslog protocol, parsed and filtered the logs, and finally stored them to various destinations. We do not explain the various destinations here again, only the changes. You can find the second Active Roles + syslog-ng PE blog at https://www.syslog-ng.com/community/b/blog/posts/working-with-parsed-active-roles-logs-in-syslog-ng for more details.

  You should append this configuration to your syslog-ng.conf:

  # source for Windows clients, RFC5424
  source s_win {
    syslog(port(601));
  };
  
  # xml parser for Windows XML logs
  parser p_xml {
    xml(prefix('winxml.'));
  };
  
  # destination for Windows logs
  destination d_fromwin {
    file("/var/log/fromwin");
    file("/var/log/fromwin.json" template("$(format-flat-json --scope rfc5424 --scope dot-nv-pairs
          --rekey .* --shift 1 --scope nv-pairs --exclude MESSAGE)\n") );
  };
  
  # destination for debug logs
  destination d_fromdebug {
    file("/var/log/fromdebug");
    file("/var/log/fromdebug.json" template("$(format-flat-json --scope rfc5424 --scope dot-nv-pairs
          --rekey .* --shift 1 --scope nv-pairs)\n") );
  };
  
  # destination for syslog-ng Agent for windows internal logs
  destination d_frominternal {
    file("/var/log/frominternal");
    file("/var/log/frominternal.json" template("$(format-flat-json --scope rfc5424 --scope dot-nv-pairs
          --rekey .* --shift 1 --scope nv-pairs)\n") );
  };
  
  
  # Elasticsearch destination for easy searching and reporting
  destination d_elasticsearch_http {
      elasticsearch-http(
          index("syslog-ng")
          type("")
          user("elastic")
          password("-w35jWfY_syp577m-UfS")
          url("https://localhost:9200/_bulk")
          template("$(format-json --omit-empty-values --scope rfc5424 --scope dot-nv-pairs
          --rekey .* --shift 1 --scope nv-pairs
          --exclude DATE --exclude MESSAGE
          --exclude winxml.Event.EventData.*
          @timestamp=${ISODATE})")
          tls(peer-verify(no))
      );
  };
  
  # long term storage for regular Active Roles logs
  destination d_logstore {
    logstore("/var/log/ars.lgs" compress(9) );
  };
  
  # long term storage Active Roles debug logs
  destination d_debugstore {
    logstore("/var/log/arsdebug.lgs" compress(9) );
  };
  
  # alerts to file and Slack
  destination d_alerts {
    file("/var/log/alerts.txt");
    slack(
      hook-url("https://hooks.slack.com/services/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")
      template("User ${.SDATA.win@18372.4.EVENT_USERNAME} deleted a ${.SDATA.win@18372.4.EVENT_SID_TYPE} on ${HOST} using ARS")
    );
  };
  
  # log path for logs from syslog-ng Agent for Windows
  log {
    source(s_win);
  # syslog-ng Agent for Windows and logs read from files come with
  # "syslog-ng-agent" as program name
    if ("${PROGRAM}" eq "syslog-ng-agent") {
  # if there is a file name
      if ("${.SDATA.file@18372.4.name}" ne "") {
        destination(d_fromdebug);
        destination(d_debugstore);
        flags(final);
  # the rest are internal logs
      } else {
        destination(d_frominternal);
      };
    };
  # all other logs come in XML format from the Agent
    parser(p_xml);
    destination(d_fromwin);
    destination(d_elasticsearch_http);
  # regular Active Roles logs are saved to LogStore
    if ("${PROGRAM}" eq "ARAdminSvc") {
      destination(d_logstore);
    };
  # send an alert if someone deletes an object using Active Roles
    if ("${.SDATA.win@18372.4.EVENT_TASK}" eq "ObjectDelete") {
      destination(d_alerts);
    };
  };

  Let’s check this configuration in more detail, focusing on the new elements and changes in the log path.

  There are two new file destinations added. The first one is called “d_fromdebug” and this is where debug logs from Active Roles are stored in plain text and in JSON format. Unlike in “d_fromwin”, the content of the MESSAGE macro is not parsed, so we keep it in the logs as-is. The second one is for internal syslog-ng Agent for Windows log messages, which would be otherwise hard to find if logged together with Active Roles debug logs.

  There is also a new LogStore destination for debug logs, which enables compression.

  The heart of the configuration is the log path. This was rewritten almost from scratch. I tried to include plenty of comments in this part for clarity, but I will also explain it below in more detail.

  The log path starts with a block dedicated to logs where the program name is “syslog-ng-agent”. Why? Because all Active Roles debug logs also belong to this category. The Agent reads the log files and forwards them to the syslog-ng PE server. As there is no application name associated with text files, the Agent uses its own name as PROGRAM. Processing the busiest log source first and storing it with the “final” flag helps to lower the load on the rest of the processing pipeline.

  The rest of the logs from the Agent are parsed with an XML parser and saved to various destinations, as it was done previously.

  What is next?

  Even if this configuration looks complex, it is simplified in many ways. For example, while you should use encryption in a production environment, for the sake of this test, we simply send messages in clear text. Using date macros in file names could also help you delete old debug logs, either by hand or using a script.

  Also, did I mention that debug logs are huge? In my environment, collecting logs just for half an hour resulted in about 10 megabytes of Windows and regular Active Roles logs, and close to half a gigabyte of debug logs. However, the good news is that using the LogStore destination with compression can store the same amount of logs in approximately 20 megabytes.

  -

  If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

April 14, 2025

• Adam Young Javac for Building the PrismLauncher on Ubuntu

  I peridocially fall off the wagon and get drawn back into playing Minecraft. I’ve decided that, in order to make this time not wasted, I need to do something constructive with this urge. Last time I played Minecraft, I found the MultiMC launcher would no longer work. Being a fan of C++ and open source projects, I was not happy with this state. A friend suggested I try the PrismLauncher fork of the code base.
  
  Prism does not seem to have a native Debian based build available, although I admit I did not look very hard. I don’t want to install flatpacks or other binary management software just for one app. So, I figured I would build from sources.

  
  I have cloned the repo and checked out the latest release version. Following the instructions failed fairly quickly with the error:
  
  error: Target option 7 is no longer supported. Use 8 or later.
  
  This was after a long line of Java based commands, I assumed it had to do with the fact that my machine is running Open JDK V 21 and we needed something older: the build instructions say Java -17, which I also have installed.
  
  For this, I had to switch the javac compiler set by default, using the alternatives framework:
  
  For the Java Exe this is
  
  sudo update-alternatives –config java
  There are 3 choices for the alternative java (providing /usr/bin/java).
  
  Selection Path Priority Status
  ————————————————————
  * 0 /usr/lib/jvm/java-21-openjdk-amd64/bin/java 2111 auto mode
  1 /usr/lib/jvm/java-17-openjdk-amd64/bin/java 1711 manual mode
  2 /usr/lib/jvm/java-21-openjdk-amd64/bin/java 2111 manual mode
  3 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 manual mode
  
  
  And for the Javc compiler
  
  sudo update-alternatives –config javac
  There are 2 choices for the alternative javac (providing /usr/bin/javac).
  
  Selection Path Priority Status
  ————————————————————
  * 0 /usr/lib/jvm/java-21-openjdk-amd64/bin/javac 2111 auto mode
  1 /usr/lib/jvm/java-17-openjdk-amd64/bin/javac 1711 manual mode
  2 /usr/lib/jvm/java-21-openjdk-amd64/bin/javac 2111 manual mode
  
  
  I then needed to switch them back in order to run, as Minecraft needs a version later than 17 (suggested 21).
  
  
  
  

April 13, 2025

• Ismael Olea A Wikibase call for action at the Wikimedia Hackathon 2025

  

  This year I have again received a grant from the WMF to attend to the annual Wikimedia Hackathon, this year is in Istanbul. I’m very grateful to them.

  Since 2024 I’m very interested in the Wikibase platform since we are using it at LaOficina and is a main topic for the DHwiki WG. I’m not going into details but, from the very beginning, my first thoughs of involvement in the hackathon are related with Wikibase. Specially the need of «productization» and reduce entry barriers for Wikibase adoption, at least in my personal experience. Lately I’ve been thinking in very specific goals I think could be done in the hackathon:

  • T391815 Wikibase Request for Comment: essential minimalist ontology
  • T391821 Wikibase Request for Comment: an inventory of Wikibase related artifacts
  • T391826 Wikibase Request for Comment: Wikibase Suite full multimedia proof of concept configuration
  • T391828 Wikibase Request for Comment: a method for portable wikibase gadgets

  The point is, I can’t do this alone. I have beend working on most of these things for months, but still are finished. Many different skills needed, lack of experience on some of them, etc.

  So, the goal of this post is to call for action other attendants at the hackathon to join to work on them. The most relevant required skills (from my lack of skills point of view) are about MediaWiki integration, configuration and programming. For T391828, the most important is to be familiar with MediaWiki gadgets and for T391815, some practical experience in setting up ontologies in Wikibase.

  All the practical results will be offered to the Wikibase developers for their consideration.

  If you are interested please reach me in Telegram or at your preference. I also would love to set up a Wikibase zone in the hacking space for people working with Wikibase, with these or other tasks.

  So, I’ll see you soon in Istanbul o/

• Daniel Pocock Influencers: Red Hat, Inc’s IPO, 1999, post-mortem on the directed share offer to open source developer community

  Red Hat, Inc decided to list shares on the stock market for the first time in 1999.

  The plan was announced in June 1999. Around 21 July 1999, Red Hat sent a private email to external developers and volunteers offering them the opportunity to buy the shares at the opening price.

  Subject: A personal invitation from Red Hat
  
  Dear open source community member: In appreciation of your contribution
  to the open source community, Red Hat is pleased to offer you this personal,
  non-transferable, opportunity.
  
  Red Hat couldn't have grown this far without the ongoing help and
  support of the open source community,
  
  ...
  
  Therefore, we have reserved a portion of the stock in our offering for
  distribution online to certain members of the open source community.
  We invite you to participate.
  
  ...
  
  

  It is important to emphasize that Red Hat was not giving the shares away for free. People had to pay for them. They were not stock options either, they were full shares, which meant people had to submit payment for the full price of every share they wanted.

  There were limits on the offer. According to the prospectus filed with the SEC, a total of 800,000 shares were reserved out of the 6 million shares in the IPO.

  At the request of Red Hat, the underwriters have reserved up to 800,000 shares of common stock for sale at the initial public offering price through a directed share program, to directors, officers and employees of Red Hat and to open source software developers and other persons that Red Hat believes have contributed to the success of the open source software community and the growth of Red Hat.

  The IPO took place on 11 August 1999.

  On 17 August 1999, ZDNet published a report, "Linux hackers miss IPO boat". In their report, they tell us that the offer was sent to 3,500 open source developers and approximately 2,000 developers responded. Out of that, approximately 200 developers were rejected and didn't get any stock due to SEC regulations that protect inexperience investors from this type of offer. The report notes that each developer was entitled to buy a minimum of 100 shares and a maximum of 400 shares.

  If all 3,500 recipients had asked for 400 shares each that would have been a demand for 1.4 million shares, well in excess of the 800,000 shares reserved for the program. It appears that the reserved shares were not fully subscribed by volunteers and E*Trade started offering some of them to the rest of their customers.

  In practice, it appears that 1,800 people successfully asked for the shares but we don't know how many each person received. It is in the range from 180,000 to 720,000 shares. The developers were given shares at a price of $14 per share. The share price went up to $50 per share and a few days later it was $85.25 per share at the time of the ZDNet article. 720,000 shares at $85.25 per share means that volunteers had acquired $61.4 million of equity in Red Hat.

  Under SEC rules, management can not publicly promote their company in the three months before an IPO and in the month after the IPO.

  By sending this offer to 3,500 developers Red Hat was able to create an army of influencers who discussed the IPO far and wide.

  Looking at the Slashdot archives, we find approximately a dozen different Slashdot reports about the IPO. Each of those reports has hundreds of comments.

  Some related news reports:

  Wired emphasizes many of the offers were sent to Debian Developers.

  CNet published a report about the negative responses in the community.

  C. Scott Ananian writes about jumping through hoops to get some shares and the pain of being excluded from the offer.

  Sonar published an article looking back at the scheme and they include some fresh quotes from Bob Young.

  Linux World published an article back in the day and then decided to hide it. The article is quoted in this 2018 blog post from Harish Pillay.

  On the debian-private gossip network, of which thousands of messages have already been leaked for the period before the IPO, there was intense discussion about the proposition.

  Subject: Re: RedHat Surprise
  Date: Wed, 21 Jul 1999 09:34:29 -0500 (EST)
  From: chris mckillop <cdmckill@warg.uwaterloo.ca>
  Reply-To: chris mckillop <cdm@debian.org>
  To: Ivan E. Moore II <rkrusty@tdyc.com>
  CC: debian-private@lists.debian.org
  
  On Wed, 21 Jul 1999, Ivan E. Moore II wrote:
  
  > > > Would it be possible for uninterested Debian developers to pool their
  > > > offers towards a common "Debian" buyout?  Perhaps we could end up with
  > > > some kind of shareholder voting power?  (of course, then we'd need
  > > > a new mailing list, debian-redhat-takeover)
  > > > 
  > > 
  > > 	This would be amazing!  Is it legal??
  > 
  > <side note> Now, if Debian wanted to as a whole do this for the sole purpose
  > of an investment and not for some monopolistic control standpoint than that
  > would be a different story. (not saying that's what the intent was, but that's
  > just what I fear).  </sn>
  > 
  
  	I am looking for a way to put say, $300 up into the IPO as
  a Canadian.  With the offer RedHat is making, is it legal for
  someone to do this?
  
  	chris
  
  
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  chris mckillop - cdm@debian.org    "The faster I go, the behinder I get."
  Debian GNU/Linux                     -- Lewis Carroll http://www.debian.org/
  Waterloo Aerial Robotics Group - http://ece.uwaterloo.ca/~warg/
  

  Buying out a company is not so easy. A few months later, in November 1999, Red Hat simply created more shares, diluting the value of existing shares. The new shares were used to acquire a competitor, Cygnus. The cash raised from the IPO gave Red Hat the balance sheet to justify the takeover on terms that were good for Red Hat management.

  The proposition sent to open source volunteers helped Red Hat identify potential recruits without having to go through recruitment agencies.

  In modern times, we see a lot more news reports around the ethical issues facing influencers on social media. In 1999, there were no regulations for influencers. In fact, the term influencer didn't even exist in the sense that we know it today.

  Another way to view this directed share offer: people owning the shares would be more favourable to Red Hat's interests and less likely to be one hundred percent objective in discussions about controversial topics like systemd. We could think of it is a form of social engineering attack.

  We can see the impact in this email where people are asked to be polite to Red Hat:

  Subject: RedHat Surprise
  Date: Wed, 21 Jul 1999 00:09:50 -0500 (EST)
  From: Matthew R. Pavlovich <mpav@purdue.edu>
  To: debian-devel@lists.debian.org, debian-private@lists.debian.org
  
  In light of RedHat's recent offer to many debian developers, I want to
  make a suggestion to those who do not accept RedHat's method of making the
  offer.  
  Do not send back a nasty e-mail message cursing them for spamming.  If you
  feel obligated to tell them your opinion, please consider using your
  non-debian e-mail address.  It is very easy for people to mistaken the
  opinion of one for the opinion of the whole.  EVERY e-mail message you
  send with a debian.org e-mail address reflects Debian as an organization.  
  Redhat did not have to include anyone in their offer.  This is a very
  considerate and thoughtful gesture on their part.  Redhat is good for
  Linux as a whole.  We may have some differences, but IMO they should not
  be viewed as our enemy.  They are going to be investing a lot of money
  into Linux development, which means good paying jobs for open source
  developers.  
  IF YOU READ ONE SECTION, READ THIS:
  -------
  I am not saying anyone is wrong for having an opinion or that they should not express it, the focus of my point is to stress taking into account
  the fact that individual opinions are taken as opinions of the entire
  organization.
  
   Matthew R. Pavlovich
  

  In other words, the organization doesn't have a consistent definition of spam that we are willing to defend.

  FOSDEM recently fell into the same trap, inviting Jack Dorsey for "bring your boss day". FOSDEM used to be an event for developers.

  From time to time, discussions appear on Debian mailing lists about whether everybody should declare their conflicts of interest, that is, their employer, their shareholdings and their romantic partners who participate in the same community.

  By creating these hidden financial relationships that span multiple free software projects, Red Hat was creating the foundation for cult-like behavior. As more and more serious transgressions have occurred over the years, people have routinely covered them up. People focus on protecting reputations over protecting the truth.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

• Guillaume Kulakowski Mon caisson d’imprimante 3D

  Depuis que j’ai mon imprimante 3D, celle-ci reposait sur une table à roulettes un peu bancale. Pas vraiment l’idéal : ça manquait de stabilité, d’esthétique, et surtout d’organisation. J’ai donc décidé de lui construire un caisson sur mesure en partant d’une base connue : les tables IKEA Lack. Choix du caisson Après pas mal de […]

  Cet article Mon caisson d’imprimante 3D est apparu en premier sur Guillaume Kulakowski's blog.

April 12, 2025

• Kevin Fenzi Early Mid April infra bits 2025

  

  Another week has gone by, and here's some more things I'd like to highlight from the last week.

  Datacenter Move

  I wrote up a community blog post draft with updates for the community. Hopefully it will be up early next week and I will also send a devel-announce list post and discussion thread.

  We had a bit of a snafu around network cards. The new aarch64 boxes we got we missed getting 10G nics, so we are working to aquire those soon. The plan in the new datacenter is to have everything on dual 10G nics connected to different switches, so networking folks can update them without causing us any outages.

  Some new power10 machines have arrived. I'm hopeful we might be able to switch to them as part of the move. We will know more about them once we are able to get in and start configuring them.

  Next week I am hoping to get out of band management access to our new hardware in the new datacenter. This should allow us to start configuing firmware and storage and possibly do initial installs to start bootstraping things up.

  Exciting times. I Hope we have enough time to get everything lined up before the june switcharoo date. :)

  Fun with databases

  We have been having a few applications crash/loop and others behave somewhat sluggishly of late. I finally took a good look at our main postgres database server (hereafter called db01). It's always been somewhat busy, as it has a number of things using it, but once I looked at i/o: yikes. (htop's i/o tab or iotop are very handy for this sort of thing). It showed that a mailman process was using vast amounts of i/o and basically causing the machine to be at 100% all the time. A while back I set db01 to log slow queries. So, looking at that log showed that what it was doing was searching the mailman.bounceevents table for all entries were 'processed' was 'f'. That table is 50GB. It has bounce events back 5 or 6 years at least. Searching around I found a 7 year old bug filed by my co-worker Aurélien: https://gitlab.com/mailman/mailman/-/issues/343

  That was fixed! bounces are processed. However, nothing ever cleans up this table at least currently. So, I proposed we just truncate the table. However, others made a good case that the less invasive change (we are in freeze after all) would just be to add a index.

  So, I did some testing in staging and then made the change in production. The queries went from: ~300 seconds to pretty much 0. i/o was now still high but around the 20-30% range most of the time.

  It's amazing what indexes will do.

  Fedora 42 go for next week!

  Amazingly, we made a first rc for fedora 42 and... it was GO! I think we have done this once before in all of fedora history, but it's sure pretty rare. So, look for the new release out tuesday.

  I am a bit sad in that there's a bug/issue around the Xfce spin and initial setup not working. Xfce isn't a blocking deliverable, so we just have to work around it. https://bugzilla.redhat.com/show_bug.cgi?id=2358688 I am not sure whats going on with it, but you can probibly avoid it by making sure to create a user/setup root in the installer.

  I upgraded my machines here at home and... nothing at all broke. I didn't even have anything to look at.

  comments? additions? reactions?

  As always, comment on mastodon: posts/2025/04/12/early-mid-april-infra-bits-2025.rst

April 11, 2025

• Dan Horák EC P-384 curve causing SIGILL in OpenSSL 3.5.0 on Power8 systems

  We have just discovered in Fedora Rawhide that EC P-384 curve is causing SIGILL in OpenSSL 3.5.0 on Power8 based systems as the implementation uses ISA 3.0 (aka Power9) instructions. The symptoms are for example a SIGILL when dnf downloads new repo data. I believe systems with this broken openssl build could be recovered when using rpm directly. See OpenSSL issue 27350 for details.
  
  To recover you will need
  

  
  
  • crypto-policies-20250305-3.gita35b0fa.fc43 or older
  
  
  • openssl-3.2.4-3.fc43
  
  
  • curl-8.13.0~rc2-1.fc43
  
  
  • python-pycurl-7.45.4-2.fc42
    

  
  After downloading the necessary rpms you can downgrade with sudo rpm -Uvh --oldpackage *.rpm

• Gary Benson Python antipattern: Close in finally

  Don’t do this:

  thing = Thing()
  try:
      thing.do_stuff()
  finally:
      thing.close()
  

  Do do this:

  from contextlib import closing
  
  with closing(Thing()) as thing:
      thing.do_stuff()
  

  Why is the second better? Using contextlib.closing() ties closing the item to its creation. These baby examples are about equally easy to reason about, with only a single line in the try block, but consider what happens ifwhen more lines get added in future? In the first example, the close moves away, potentially offscreen, but that doesn’t happen in the second.

April 10, 2025

• Charles-Antoine Couret 20 ans de Fedora-fr : deuxième entretien avec Remi empaqueteurs de paquets RPM

  Introduction

  Dans le cadre des 20 ans de Fedora-fr (et du Projet Fedora en lui-même), Charles-Antoine Couret (Renault) et Nicolas Berrehouc (Nicosss) avons souhaité poser des questions à des contributeurs francophones du Projet Fedora et de Fedora-fr.

  Grâce à la diversité des profils, cela permet de voir le fonctionnement du Projet Fedora sous différents angles pour voir le projet au delà de la distribution mais aussi comment il est organisé et conçu. Notons que sur certains points, certaines remarques restent d'application pour d'autres distributions.

  N'oublions pas que le Projet Fedora reste un projet mondial et un travail d'équipe ce que ces entretiens ne permettent pas forcément de refléter. Mais la communauté francophone a de la chance d'avoir suffisamment de contributeurs de qualité pour permettre d'avoir un aperçu de beaucoup de sous projets de la distribution.

  Chaque semaine un nouvel entretien sera publié sur le forum Fedora-fr.org, linuxfr.org et mon blog ici même.

  L'entretien du jour concerne Remi Collet (pseudo remi), empaqueteur du Projet Fedora en particulier concernant l'écosystème PHP.

  Entretien

  Peux-tu présenter brièvement ton parcours ?

  40 ans, c'est long !

  J'ai découvert l'informatique à une époque préhistorique où l'on travaillait sur des terminaux (texte) connectés à de gros systèmes avec des langages oubliés (Cobol...). Ensuite j'ai eu la chance de voir les choses changer.

  Travaillant pendant 20 ans dans une grande administration française, et parallèlement dans une université à la gestion du matériel pédagogique. J'ai vu arriver les ordinateur personnels, les premiers réseaux locaux, GNU, Linux, Windows, Internet... Rapidement à l'université (veille technologique) et progressivement dans le monde professionnel. Les solutions OpenSource ont toujours été au cœur de mon activité, et la contribution un but personnel.

  Au départ développeur, je suis aussi devenu administrateur système et réseau.

  Je travaille désormais chez Red Hat comme développeur, principalement chargé de PHP.

  Peux-tu présenter brièvement tes contributions au Projet Fedora ?

  Lorsque j'ai migré mon ordinateur personnel sous Linux il y a plus de 20 ans, j'ai passé beaucoup de temps sur les forums, pour apprendre des autres et aider les nouveaux. Cela a été très formateur.

  Ensuite je me suis investi dans la maintenance de paquet RPM pour mes besoins et pour partager. Et je me suis concentré sur le monde PHP.

  Qu'est-ce qui fait que tu es venu sur Fedora et que tu y es resté ?

  J'ai commencé avec Red Hat Linux 5 (1997), qui est devenu Fedora Core, puis Fedora. Au départ c'est le hasard d'un serveur livré avec un CD. Et depuis j'ai toujours été fidèle à l'une des premières distributions majeures.

  Pourquoi contribuer à Fedora en particulier ?

  Parce que c'est "la" distribution où les choses changent.

  Peux-tu préciser les éléments qui confirment cela de ton point de vue ?

  L'exemple le plus marquant est sans doute "systemd" qui a provoqué lors de sa sortie un débat technique très vif, mais qui est désormais sur toutes les distributions (ou presque).

  Contribues-tu à d'autres Logiciels Libres ? Si oui, lesquels et comment ?

  Principalement PHP et de nombreux projets autour (extensions, bibliothèques, applications...).

  Utilises-tu Fedora dans un contexte professionnel ? Et pourquoi ?

  Oui, depuis 1997 avec l'installation d'un serveur d'accès à Internet. Et aujourd'hui sur tous mes serveurs et postes de travail.

  Tu as été recruté par Red Hat alors que tu étais déjà dans la communauté de Fedora, comment cela s'est passé ?

  Depuis la fusion de Fedora Core + extras (2007), j'étais devenu le mainteneur du paquet PHP. Donc quand Red Hat a cherché à recruter un mainteneur spécifique pour PHP (2012), j'étais le mieux placé.

  Ils t'ont contacté ou tu as postulé ?

  Ils m'ont contacté (cooptation), ce qui tombait bien puisque je cherchais un nouvel emploi.

  Est-ce que la contribution à Fedora a été un élément déterminant dans le processus ?

  Clairement oui, ainsi que mon implication dans PHP, en amont.

  Est-ce que tes contributions dans Fedora se font entièrement dans le cadre de ton travail ? Si non, pourquoi ?

  Non. Je contribuais au Projet Fedora avant de rejoindre Red Hat, et si j'ai la chance de pratiquer ma passion (l'OpenSource) dans mon travail, je continue aussi en dehors. Ma position m'a aussi permis d'augmenter mes contributions sur les autres projets.

  Par contre, aujourd'hui je cherche à maintenir un équilibre afin de garder une vie privée et sociale saine.

  Est-ce que être employé Red Hat te donne d'autres droits ou opportunités au sein du Projet Fedora ?

  Non (en dehors du temps), et heureusement. Fedora est avant tout un projet communautaire.

  Tu es actif au sein de SIG PHP, quel est le rôle de cette équipe de travail et de ton activité dans cette équipe ?

  Ce groupe n'a jamais été très actif, et je suis désormais pratiquement seul.

  Tu es également contributeur au sein du projet PHP lui même, quelle est la nature de ton travail pour ce projet ?

  Je contribue régulièrement au code, surtout sur des corrections de défauts rapportés par les utilisateurs de mon dépôt, de Fedora ou de RHEL. Je maintiens aussi quelques extensions (zip, mailparse, rpminfo...). Je participe aussi activement au processus de publication des nouvelles versions (QA avant annonce).

  Quelles bénéficies retires-tu de travailler sur les deux aspects du projet PHP à savoir upstream mais aussi sur la conception de ces paquets ?

  Il me semble indispensable de communiquer entre l'amont (le projet PHP) et l'aval (le Projet Fedora). Être impliqué dans les 2 projets simplifie énormément les choses. Et évidement, il est plus facile de faire évoluer un projet lorsqu'on y contribue activement.

  Quelles simplifications cela comporte plus en détail selon toi ?

  Lorsqu'un utilisateur de Fedora (ou de mon dépôt) signale un bug, il est plus simple de le corriger en étant contributeur, soit directement, soit par le dialogue avec les autres développeurs.

  De même pour les évolutions de la distribution qui peuvent avoir un impact sur PHP (exemple: l'intégration à systemd).

  Et la réciproque est vraie pour les évolutions du projet qui peuvent affecter la distribution (exemple: la suppression d'extension ou l'ajout de nouvelles fonctionnalités nécessitant de nouveaux outils).

  Être actif dans une communauté permet d'être connu et reconnu et donc d'être écouté.

  Tu as aussi l'un des dépôts externes les plus populaires et actifs de Fedora centré sur PHP, pourquoi as-tu crée ce dépôt ? Pourquoi tu continues à l'alimenter alors que le projet Fedora fourni déjà PHP ?

  Ce dépôt existe depuis 2005 et me permettait de partager mon travail avant de contribuer à Fedora.

  Aujourd'hui c'est là que je prépare les évolutions avant qu'elles soient intégrées dans Fedora (puis dans CentOS Stream, puis dans RHEL). Par exemple PHP 8.3 présent dans Fedora 40 était dans mon dépôt depuis presque 1 an (Juin 2023, version 8.3.0alpha1)

  Alors que Fedora fournit une seule version de PHP et une cinquantaine d'extensions, mon dépôt propose 5 versions (même 10 pour EL), ~150 extensions et 2 modes d'installation.

  Pourquoi ne pas utiliser le système de COPR pour ce travail ?

  Copr est très intéressant pour les petits projets. Dans mon cas, ce sont des milliers de paquets. Et Copr n'est pas adapté pour les modules, ni pour les quelques paquets non libres que je maintiens (ex: Oracle).

  Peux-tu expliquer l'importance du mainteneur de paquet dans la distribution ? Quels choix il faut effectuer, les difficultés techniques rencontrées, etc.

  C'est celui qui essai de coordonner les projets amont / aval et les utilisateurs en essayant de satisfaire des besoins parfois incompatibles de stabilité, de compatibilité, d'innovation.

  Les "Modules" de Fedora étaient censés être un pilier de Fedora.next pour fournir différentes versions des piles technologiques, comme PHP, pour une version donnée de Fedora. Maintenant que c'est abandonné, peux-tu expliquer les raisons derrière cet échec ? Pour un empaqueteur, quelles ont été les difficultés derrière ?

  https://blog.remirepo.net/post/2024/03/29/DNF-5-and-Modularity. Je retiendrais que ce projet répondait avant tout à un besoin de distribution entreprise qui n'est pas vraiment utile à Fedora avec un cycle de version très rapide (6 mois).

  La complexité du système de construction a peut-être été une raison de son échec.

  Tu as aussi écrit la documentation française pour faire ses propres paquets RPM et tu as aidé de nombreux francophones à réaliser leur premiers paquets, qu'est-ce qui t'intéresse à guider les débutants dans cette activité ?

  Le partage. Accompagner un débutant est toujours passionnant, humainement et techniquement. Cela permet aussi de répondre à des questions qu'on ne se pose pas forcément, et donc de se remettre en cause.

  Les paquets traditionnels ne sont plus l'unique voie d'avoir un logiciel qui tourne sous Fedora. Avec Flatpak, Snap ou des solutions tels que Docker / Podman cela devient possible de s'en affranchir. Comment vois-tu l'évolution des paquets au sein d'une distribution dans Fedora ? Que penses-tu de ces évolutions ?

  Avant on cherchait à créer une distribution cohérente ou chaque composant était partagé et utilisé par les autres (une sorte de Lego).

  Aujourd'hui, et je le regrette, beaucoup ont abandonné cet objectif et beaucoup de projets préfèrent embarquer tous les composants qu'ils utilisent.

  C'est le cas de PHP avec "composer", de langages comme Rust où la notion de bibliothèques partagées n'existe même plus. Flatpack/snap n'en sont qu'un développement extrême.

  N'est-ce pas aussi parce que cela résout certaines problématiques liées à la rigidité des paquets qui rendent notamment la cohabitation de versions différentes délicates ou de rendre l'environnement de travail plus modulaire ?

  Je pense que cela ne résout rien. On sait parfaitement installer plusieurs versions d'une bibliothèque simultanément.

  Disons que c'est la solution de facilité, on n'essaie même plus de faire propre. Sans parler des projets qui embarquent des copies modifiées, sans que les modifications soient reversées ou discutées.

  Si tu avais la possibilité de changer quelque chose dans la distribution Fedora ou dans sa manière de fonctionner, qu'est-ce que ce serait ?

  La communauté Fedora est composée de gens passionnés. La passion entraine parfois des positions excessives et des discussions sans consensus possible. La communauté des contributeurs a tué de beaux projets, comme les "Softwares Collections" ou les "modules". Je trouve cela dommage.

  Peux-tu expliquer ce que sont les Software collections et pourquoi cela n'a pas abouti ? Quelles différences avec les modules notamment ?

  Les Software Collections permettent une méthode standard d'installation de plusieurs versions d'une application sans conflit espace de nom différent, installation sous /opt et sans risque d'altération du système de base.

  Le projet ayant été développé par Red Hat pour les besoins de sa distribution Entreprise il a provoqué un vif débat technique (ex: non respect de la FHS, ce qui a été corrigé par la suite) et a même provoqué l'épuisement et le départ de 2 membres du FPC.

  La complexité d'utilisation (activation de la SCL) a aussi été des raisons de leur détestation.

  Ce besoin étant quasi inexistant pour Fedora, personne n'a eu la force d'améliorer la solution qui a été abandonnée.

  Les modules permettent de fournir plusieurs versions alternatives d'une application, mais sans permettre une installation simultanée. Fonctionnellement c'est comme si chaque version est disponible dans un dépôt différent qu'il suffit d'activer.

  À l'inverse, est-ce qu'il y a quelque chose que tu souhaiterais conserver à tout prix dans la distribution ou le projet en lui même ?

  La passion justement, qui reste un moteur indispensable. S'il n'y a plus de passion, plus de plaisir, autant arrêter (j'ai abandonné quelques projets pour cela).

  Que penses-tu de la communauté Fedora-fr que ce soit son évolution et sa situation actuelle ? Qu'est-ce que tu améliorerais si tu en avais la possibilité ?

  La communauté Fedora est surtout composée de contributeurs. D'autres distributions ont une communauté d'utilisateurs et sont excellentes pour leur promotion.

  Je n'ai malheureusement pas d'idée magique pour augmenter la communauté Fedora-Fr.

  Je pense aussi que les contributeurs Français sont souvent actif dans la communauté globale (en anglais) plutôt que dans la communauté française.

  Trouves-tu que c'est spécifique à la communauté francophone ?

  Je ne sais pas, je ne connais pas trop les autres communautés, mais je rencontre beaucoup de nationalités différentes dans la communauté anglophone.

  Merci Remi pour ta contribution !

  Conclusion

  Nous espérons que cet entretien vous a permis d'en découvrir un peu plus sur le site Fedora-fr.

  Si vous avez des questions ou que vous souhaitez participer au Projet Fedora ou Fedora-fr, ou simplement l'utiliser et l'installer sur votre machine, n'hésitez pas à en discuter avec nous en commentaire ou sur le forum Fedora-fr.

  À dans 10 jours pour un entretien avec Emmanuel Seyman, ancien président de Borsalinux-fr et actuel empaqueteur dans l'écosystème du langage Perl.

• Peter Czanik The syslog-ng Insider 2025-04: Elasticsearch beta; Active Roles; RHEL UBI

  Dear syslog-ng users,

  
  

  This is the 130th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

  NEWS

  Testing Elasticsearch 9.0.0 beta1 with syslog-ng

  Each time a new major Elasticsearch version is released, someone asks if it works with syslog-ng. So I gave it a quick test and based on that, it works fine. But of course, some terms and conditions apply… :-)

  https://www.syslog-ng.com/community/b/blog/posts/testing-elasticsearch-9-0-0-beta1-with-syslog-ng

  Working with parsed Active Roles logs in syslog-ng

  In my previous Active Roles blog, you learned how to forward Active Roles logs to a central syslog-ng server to parse and store the logs. In this blog, I’ll show you how to:

  • Work with parsed Active Roles logs.

  • Store logs to various document stores.

  • Prepare long-term storage.

  • Send alerts for some critical events.

  https://www.syslog-ng.com/community/b/blog/posts/working-with-parsed-active-roles-logs-in-syslog-ng

  Running syslog-ng PE in RHEL UBI

  Recently I have posted a Dockerfile to run syslog-ng in an Alma Linux container. I got some encouraging feedback, so this week I experimented with syslog-ng Premium Edition (PE) in a RHEL UBI (Universal Base Image) container. While this is not officially supported by One Identity, we are really interested in your feedback.

  https://www.syslog-ng.com/community/b/blog/posts/running-syslog-ng-pe-in-rhel-ubi

  WEBINARS

  • You can learn about upcoming webinars and browse recordings of past webinars at https://www.syslog-ng.com/events/

  
  

  Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/

• Felipe Borges Fedora 42 GNOME 48 Test Week from April 8 to 15

  We are running a Fedora 42 GNOME 48 Desktop and Core Apps Test Week! This helps us find last-minute bugs and integration issues before Fedora 42 is ready for a stable release.

  You can find how to participate in https://fedoraproject.org/wiki/Test_Day:2025-04-08_Fedora_42_GNOME_48_Desktop_and_Core_Apps

April 08, 2025

• Adam Young How big a matrix can we fit?

  Many of the big scientific computing problems can be solved using matrix mathematics. One of my favorite problems to tackle is implementation of vector times matrix = vector. This has utility in many places, one of which is inference in neural networks.
  
  Since an ARM processor has some support for vector and matrix mathematics, I started wondering what were the size limitations we would hit when trying to solve big problems. Here are some notes:

  
  The Basic ARM v8 architecture has 32 Vector-capable registers. Each of these registeres can be broken up to different sizes, from single byte up to 128 values. A common word ize for neural network applications is 32 bit words, and so we are going to work with those. Thus, a single vector can hold 4 words of 32 bits each. If we use one vector for input, one for out, we would expect to have a square 4X4 matrix. This Would use up 6 Vectors. That means we can set up 5 matrixes in memory and take up 30 out of the 32 vector registers.

  We could be slightly more effecient if we do double duty with the input/output vectors. If we only ever had a single input vector and a single output vector, we could have 7 matrices of size 4X4, 2 i/o vectors, and 3 vectors left over for other operations.

  However, we know that the ARM processors can have 2 parallel execution pipelines. Thus we want to be able to have each of these going at the same time: This means we have an overhead of 4 Vectors. This could still work with 7 matrices, assuming we stored after each iteration.

  However, storing the output vectors requires pipeline time as well. If we make the bold assumption that storing a vector and performing the operation take about the same amount of time, we would want to have at least 2 extra output vectors to be able to perform a second operation with the input vectors. So we have an i/o overhead of 6 vectors, meaning we could still have 7 matrices, but we have no vector registers left over for management or calculation.

  It also means that we have to block once we are done with a given input register. Again, we would like to pipeline, so we can load one set of input registers while we calculate with a second, and then swap. This gives and overhead of 8 i/o registers (2 active input, 2 active output, 2 loading input, 2 storing output) at a given time. This cuts us down to 6 Matrices of size 4X4 that we can store in registers.

  This is our building block. If we can decompose a large matrix multiplication problem into a series of smaller ones, our problem them will likely be limited by how many operations we can perform on a single CPU without having to swap out the subset of matrices on that CPU.

  Currently, Ampere machines are at 192 cores, hovering just under the 200 core mark. So we can simplify the math for now and use 200 cores as the basis. If each core can hold 6 matrices, and we can build a single large matrix out of these building blocks, what size matrix do we get? We want a square number less than 192 X 6, or 1152. 32 X 32 = 1024.

  

  Each of the little squares is a 32 bit value. Each 4X4 square with alternating green and red is a matrix. There are 34 of those squares per row and column. Thus each row represents 5 CPUs plus 2/5ths 6th one; 5 Rows of this matrix represent 27 CPUs.

  Check my math. I don’t trust myself on this, but I think it is right.

  A follow on question is how to most efficiently move the data around. But that is a tale for another day.

April 07, 2025

• The NeuroFedora Blog Next Open NeuroFedora meeting: 07 April 2025 1300 UTC

  

  Photo by William White on Unsplash.

  
  

  Please join us at the next regular Open NeuroFedora team meeting on Monday 07 April 2025 at 1300 UTC. The meeting is a public meeting, and open for everyone to attend. You can join us in the Fedora meeting channel on chat.fedoraproject.org (our Matrix instance). Note that you can also access this channel from other Matrix home severs, so you do not have to create a Fedora account just to attend the meeting.

  You can use this link to convert the meeting time to your local time. Or, you can also use this command in the terminal:

  $ date -d 'Monday, April 07, 2025 13:00 UTC'
  

  The meeting will be chaired by @ankursinha. The agenda for the meeting is:

  • New introductions and roll call.
  • Tasks from last meeting.
  • Open Pagure tickets.
  • Package health check.
  • Open package reviews check.
  • CompNeuro lab compose status check for Fedora 41/rawhide.
  • Neuroscience query of the week
  • Next meeting day, and chair.
  • Open floor.

  We hope to see you there!

April 05, 2025

• Kevin Fenzi Early April infra bits 2025

  

  Another week gone by and it's saturday morning again. We are in final freeze for Fedora 42 right now, so things have been a bit quieter as folks (hopefully) are focusing on quashing release blocking bugs, but there was still a lot going on.

  Unsigned packages in images (again)

  We had some rawhide/branched images show up again with unsigned packages. This is due to my upgrading koji packages and dropping a patch we had that tells it to never use the buildroot repo for packages (unsigned) when making images, and to instead use the compose repo for packages.

  I thought this was fixed upstream, but it was not. So, the fix for now was a quick patch and update of koji. I need to talk to koji upstream about a longer term fix, or perhaps the fix is better in pungi. In any case, it should be fixed now.

  Amusing idempotentness issue

  In general, we try and make sure our ansible playbooks are idempotent. That is, that if you run it once, it puts things in the desiired state, and if you run it again (or as many times as you want), it shouldn't change anything at all, as the thing is in the desired state.

  There are all sorts of reasons why this doesn't happen, sometimes easy to fix and sometimes more difficult. We do run a daily ansible-playbook run over all our playbooks with '--check --diff', that is... check what (if anything) changed and what it was.

  I noticed on this report that all our builders were showing a change in the task that installs required packages. On looking more closely, it turns out the playbook was downgrading linux-firmware every run, and dnf-automatic was upgrading it (because the new one was marked as a security update). This was due to us specifying "kernel-firmware" as the package name, but only the older linux-firmware package provided that name, not the new one. Switching that to the new/correct 'linux-firmware' cleared up the problem.

  AI scraper update

  I blocked a ton of networks last week, but then I spent some time to look more closely at what they were scraping. Turns out there were 2 mirrors of projects (one linux kernel and one git ) that the scrapers were really really interested in. Since those mirrors had 0 commits or updates in the last 5 years since they were initially created, I just made those both 403 in apache and... the load is really dramatically better. Almost back to normal. I have no idea why they wanted to crawl those old copies of things already available elsewhere, and I doubt this will last, but for now this gives us a bit of time to explore other options (because I am sure they will be back).

  Datacenter Move

  I'm going to likely be sending out a devel-announce / community blog post next week, but for anyone who is reading this a sneak preview:

  We are hopfully going to gain at least some network on our new hardware around april 16th or so. This will allow us to get in and configure firmware, decide setup plans and start installing enough machines to bootstrap things up.

  The plan currently is still to do the 'switcharoo' (as I am calling it) on the week of June 16th. Thats the week after devconf.cz and two weeks after flock.

  For Fedora linux users, there shouldn't be much to notice. Mirrorlists will all keep working, websites, etc should keep going fine. pagure.io will not be directly affected (it's moving later in the year).

  For Fedora contributors, monday and tuesday we plan to "move" the bulk of applications and services. I would suggest just trying to avoid doing much on those days as services may be moving around or broken in various ways. Starting wed, we hope to make sure everything is switched and fix problems or issues. In some ideal world, we could just relax then, but if not, Thursday and Friday will continue stablization work.

  The following week, the newest of the old machines in our current datacenter will be shipped to the new one. We will bring those up and add capacity on them (many of them will add openqa or builder resources).

  That is at least the plan currently.

  Spam on matrix

  There's been another round of spam on matrix this last week. It's not just Fedora thats being hit, but many other communities that are on Matrix. It's also not like older communications channels (IRC) didn't have spammers on them at times in the past either. The particularly disturbing part on the matrix end is that the spammers post _very_ distirbing images. So, if you happen to look before they get redacted/deleted it's quite shocking (which is of course what the spammer wants). We have (for a long while) a bot in place and it redacts things pretty quickly usually, but then you have sometimes a lag in matrix federation, so folks on some servers still see the images until their server gets the redaction events.

  There are various ideas floated to make this better, but due to the way matrix works, along with wanting to allow new folks to ask questions/interact, there is not any simple answers. It may take some adjustments to the matrix protocol.

  If you are affected by this spam, you may want to set your client to not 'preview' images (so it won't load them until you click on them), and be patient as our bot bans/kicks/redacts offenders.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114286697832557392

• Guillaume Kulakowski Clavier Zuoya GMK87 sous Linux

  Récemment, à cause d’un collège de boulot, je me suis lancé dans la construction d’un clavier custom basé sur le Zuoya GMK87. Alors oui, c’est un clavier chinois, mais trouver un clavier custom avec écran, molette, compatible VIA, et avec cette qualité de fabrication pour environ 50€, c’est plutôt rare. Du coup, j’ai accepté quelques […]

  Cet article Clavier Zuoya GMK87 sous Linux est apparu en premier sur Guillaume Kulakowski's blog.

April 03, 2025

• ! Avi Alkalay ¡ Apple Ambient Music

  The new iOS 18.4 has an unbelievably wonderful, unprecedented — and somewhat hidden — feature.

  Ambient Music!

  

  There are four buttons you can activate in the Control Center that provide endless ambient music in four styles and for four purposes:

  • Relaxation
  • Focus & Productivity
  • Well-being
  • Sleep

  The compositions and arrangements are of high quality and very satisfying. They are purely instrumental, with little melodic variation but rich in textures, sound effects, rhythm, and sound design. If voices appear — rarely — they are only used to add texture, without words.

  I am an avid listener of ambient music and use it to block out external noise, enter my inner world, focus, relax, find inspiration, and fall asleep. Collections like Buddha-Bar, Café del Mar, Le Café Abstrait, and their curators have been in my ears for many years, introducing me to many artists I now love and follow. Unlike Apple’s new Ambient Music, these collections also include more ethnic styles.

  But there’s something obscure and noteworthy about Apple Ambient Music. There are no song titles, no artist credits, no album covers. Music identifiers like Shazam don’t recognize these tracks—I’ve tried multiple times. I haven’t noticed any repeated songs, and they all last around three minutes. It’s as if they were commissioned for this purpose, following specific rules. I also haven’t found any Apple page describing the technology, the source of the collection, or how the curation of the four playlists works.

  This leads me to believe the music is dynamically generated (both composed and performed) by artificial intelligence or some algorithm. The fact that the tracks have little melodic richness — melody being the most valuable, human, and difficult-to-create musical feature — supports this hypothesis. A well-built library of textures and sound effects, combined with fine-tuned algorithms, could make this possible.

  But this raises a very serious ethical question, especially when the feature is made so accessible and mainstream. Could AI replace composers, musicians, and sound engineers in some musical styles? Could this explain why Apple isn’t making a big deal out of this feature, despite it deserving the spotlight?

  Apple Ambient Music is now part of my listening repertoire.
  
  Also in LinkedIn.

• Dan Horák Firefox 128.9.0 ESR built for ppc64le

  The JIT-enabled Firefox 128.9.0 ESR has been built for Fedora/ppc64le in my Talos
  COPR repository. The corresponding sources are in my fork
  of the official Fedora Firefox package and the JIT is coming from Cameron's work.

• Jon Chiappetta I don’t know why but 80s movies are my favourite still to this day – I’m old! :)

April 02, 2025

• Charles-Antoine Couret 20 ans de Fedora-fr : premier entretien avec Guillaume le webmaster de Fedora-fr.org

  Introduction

  Dans le cadre des 20 ans de Fedora-fr (et du Projet Fedora en lui-même), Charles-Antoine Couret (Renault) et Nicolas Berrehouc (Nicosss) avons souhaité poser des questions à des contributeurs francophones du Projet Fedora et de Fedora-fr.

  Grâce à la diversité des profils, cela permet de voir le fonctionnement du Projet Fedora sous différents angles pour voir le projet au delà de la distribution mais aussi comment il est organisé et conçu. Notons que sur certains points, certaines remarques restent d'application pour d'autres distributions.

  N'oublions pas que le Projet Fedora reste un projet mondial et un travail d'équipe ce que ces entretiens ne permettent pas forcément de refléter. Mais la communauté francophone a de la chance d'avoir suffisamment de contributeurs de qualité pour permettre d'avoir un aperçu de beaucoup de sous projets de la distribution.

  Chaque semaine un nouvel entretien sera publié sur le forum Fedora-fr.org, linuxfr.org et mon blog ici même.

  L'entretien du jour concerne Guillaume Kulakowski (pseudo llaumgui), le principal webmaster de Fedora-fr.org.

  Entretien

  Bonjour Guillaume, peux-tu présenter brièvement ton parcours ?

  Guillaume Kulakowski, passionné d'informatique et de sport (trail / ultra-trail). Marié et papa de 2 garçons (7 / 13 ans). J'ai commencé l'informatique au début des années 2000, en même temps que mes études de chimie... Ça m'a permis de me rendre compte que j'aimais bien plus l'informatique que la chimie et de me réorienter. En parallèle, j'ai fait mes premiers pas sous Linux avec Fedora Core 1 (il y avait un "Core" à l'époque) mais en dual boot. Puis avec l’arrivée de Fedora Core 2, je me suis rendu à l’évidence : je ne bootais plus sous Windows. Du coup, j'ai fait une installation propre en simple boot.

  Peux-tu présenter brièvement tes contributions au Projet Fedora ?

  Au niveau du projet Fedora, je suis toujours ambassadeur et autrefois (lorsque j'avais plus de temps disponible) j'ai fait du packaging. Mais à l'époque, si je me suis autant investi dans la communauté francophone, c'était justement pour le "francophone", j'avais des lacunes en anglais (corrigées depuis).

  Qu'est-ce qui fait que tu es venu sur Fedora et que tu y es resté ?

  Au début, j'ai pris un peu Fedora par effet buzz. En effet, c'était la "Red Hat communautaire" et on en parlait beaucoup à ce moment. Puis j'ai quand même testé d'autres distros, mais le côté novateur de Fedora m'a plu. Le fait également de ne pas réinventer la roue et de contribuer aux projets plutôt que de développer ses propres solutions. En fait ce qui me plait dans Fedora c'est les "Four foundations".

  Pourquoi contribuer à Fedora en particulier ?

  Car j’utilisais Fedora. Ça suffit à justifier de contribuer pour moi :). Mais pour être plus précis, pour que la communauté francophone puisse croitre. Le produit est libre et gratuit, la communauté le fait avancer. J'ai commencé l'informatique par le web, améliorer le site de la communauté francophone était assez facile pour le coup. On était à une époque où les design étaient simples et un "simple" développeur pouvait arriver à créer des sites fonctionnels et puissants. Maintenant ça a un peu changé et je dois me faire accompagner de designers pour arriver à faire un truc beau. D'ailleurs, comme certains peuvent le constater sur certaines parties de Fedora-Fr, depuis qu'on a plus de designer ce n'est plus trop ça (le planet et un peu moche :)).

  Contribues-tu à d'autres Logiciels Libres ? Si oui, lesquels et comment ?

  Alors déjà qu'est-ce que contribuer ? Pour moi ouvrir un ticket intelligemment (en filant un max d'infos pour faire aboutir la résolution) c'est déjà contribuer. Donc j'essaie de participer à tout ce que j'utilise et ça me semble juste normal. Le côté libre et communautaire m'intéresse. Par exemple, sur Fedora-Fr, on utilise plusieurs solutions (Flarum, MediaWiki, WordPress), et j'essaie de reverser à la communauté tout ce que l'on a fait en particulier. Par exemple l'extension MediaWiki pour Flarum, des extensions pour eZ Publish (sur Fedora-Fr v5), etc.

  Utilises-tu Fedora dans un contexte professionnel ? Et pourquoi ?

  Dans mon ancienne boite oui. On était une petite start-up et chacun avait la liberté d'installer ce qu'il voulait sur son poste (je pense que vu qu'ils ont grossi ce n'est plus le cas). Mais maintenant je travaille pour une grosse ESN (Entreprise de Service Numérique) et je n’ai pas d’autres choix que d'utiliser Windows☹. Quand j'ai commencé, ça a même été dure de me réhabituer à utiliser Windows, j'avais plus les (mauvais) réflexes. Mais à la maison, je n'ai (presque) que de la Fedora. Sur mon laptop et sur celui de mon fils (qui n'a pas eu le choix :)). J'ai juste 1 Debian pour un NAS sous Open Media Vault (base Debian aussi).

  Est-ce que tes contributions à Fedora sont un atout direct ou indirect dans ta vie professionnelle ? Si oui, de quelle façon ?

  Alors au début assurément. Sur le CV ça a aidé. Je crois même qu'il y a 15 ans, pas mal de boites ont chassé les équipes Fedora-Fr. Entre Red Hat et Linagora, on devait retrouver la plupart des contributeurs Francophone. Après, aujourd'hui, j'ai un poste de directeur, du coup ça y contribue moins.

  Tu fais parti des pionniers de la communauté francophone de Fedora, peux-tu revenir sur les débuts de cette communauté et la naissance du site fedora-fr.org ?

  Déjà rendons à César ce qui est à César, il y a eu des personnes avant moi : Freddy, Julien, Xanax (désolé mais je ne connais pas son vrai nom). Puis des "pionniers" avec moi : Thierry, Thomas, Remi, Johan pour les plus anciens... Après de cette époque, il ne reste que moi. Comme évoqué, je n'étais pas là au départ, je ne suis arrivé que le 3 septembre 2004 alors que les débuts de Fedora-fr sont au 20 mai 2004. Je suis donc arrivé trois mois après.

  Fedora-Fr s'appelait d'ailleurs Fedora-France et les personnes qui l'avaient lancé se trouvaient un peu dépassées par l'attrait de la solution.

  En plus pour ceux qui n'ont pas connu ces temps, c’était plus difficile à installer et utiliser. Je vous parle d'un temps où Fedora n'avait pas 1 DNF mais 2 solutions (dont 1 qui ne marchait pas :)), où l'on s'échangeait des fichiers de configuration de yum à même le forums... On était des sortes de sorciers qui faisaient des trucs qu'aujourd'hui qu'on désignerait comme crade.

  J'ai donc proposé ma contribution pour améliorer le site. De mémoire, il était sur Xoops 1, un CMS de l'époque et j'ai contribué à refaire le design sous Xoops 2 (à l'époque, on n'avait pas encore de vrai designer). Puis j'ai contribué à faire évoluer le site en rajoutant des choses, notamment le forums (décorrélé de Xoops) puis le Wiki qui au début était tenu par Johan, c'était une sorte de rédac’ chef qui veillait à la ligne éditoriale.

  Quels atouts d'avoir une communauté et un site local indépendant ?

  Alors, aujourd'hui, on a un site du Fedora-Project avec une bonne documentation en français et qui parle de comment installer des choses plus ou moins proprio. À l'époque ce n'était pas le cas, non seulement on avait une doc (wiki) en français, mais en fait, on avait une doc tout court ! Et ça c'était déjà énorme. En plus on n’avait pas de contrainte « légale » à donner des liens vers des dépôts tiers proposant des éléments propriétaires. Bien qu’aujourd’hui le Projet Fedora propose une documentation et peut proposer des espaces de discussions non anglophones, le fait d’avoir une identité 100% francophone fait que Fedora-Fr est le premier site d’entraide communautaire autour de Fedora en langue française. Et on participe aussi à la promotion de la distribution en France (et ailleurs) et aussi à la traduction de Fedora en langue française.

  Rapidement l'association Fedora-fr, devenue Borsalinux-fr ensuite, a été crée. Pour quelles raisons ?

  Dans les évolution du site, il y a eu le nom de domaine. On ne savait pas trop qui avait le nom fedora-france, et on a commencé un peu à sortir de la zone France avec des contributeurs belges, suisses, et en dehors de l'Europe comme québécois ou d'Afrique. Du coup ça a été l'occasion de prendre non plus une identité française, mais une identité francophone avec Fedora-Fr. C'est surement à ce moment-là qu'avec MrTom et Johan, on s'est dit que se structurer autour d'une association aurait du bon. Surtout qu'il y avait pas mal de salons auxquels ont participé des partenaires (pour l'hébergement). Avoir une association avec des noms et des vrais personnes, ça apportait du sérieux par rapport à des pseudos sur un forum.

  Tu es le webmaster principal de Fedora-fr.org depuis le début, peux-tu revenir sur les évolutions du site ?

  Oulà, j'ai fait une page pour ça. Après pour les premières versions, j'assume à peu près tout ! Mais gardez à l'idée que : je suis développeur et pas graphiste et qu'à l'époque ce n'était pas si moche :). Mais les grandes évolutions ont été la mise en place d'un vrai forum indépendant du site (sous Xoops) afin d'avoir un vrai espace conviviale, puis la mise en place du wiki pour la contribution. Après en 2024 on souffre d'une érosion des contributions, car finalement Fedora Project a aussi un wiki et que Linux est devenu plus facile à utiliser (heureusement). C'est pour ça que j'ai milité pour devenir moins "élitiste" avec des contributions au wiki possible à partir d'un certain nombre de messages et la fin des mailing lists pour passer sur des trucs plus moderne (un forum).

  Pourquoi penses-tu que la fréquentation du site a baissé depuis 2011 qui est le pic historique d'activité ?

  La multiplication des distros et autre alternatives à Windows : - Fedora la distribution à la pointe. - Ubuntu, la distribution grand publique. - Arch pour ceux qui veulent du rolling release. - Apple pour ceux qui sont près à vendre leur âme (désolé fallait que je le fasse :)).

  Après il ne faut pas oublier aussi qu'on a toujours essayé d'être respectueux des utilisateurs. On n'utilise plus Google Analytics mais Matomo depuis un petit moment. Donc on a moins de visites, car de plus en plus de personnes ne sont plus comptabilisées.

  Le site a subi une grosse refonte technique en 2023, pour quelles raisons cela a été opéré ? Quelles difficultés techniques il y avait dans cette transition ?

  Alors plus une marche forcée qu'une transition. On était avec une vielle RHEL5 qui hébergeait Fedora-Fr et qui nous bloquait sur des versions de MySQL et de PHP obsolètes (en plus de la RHEL obsolète en elle même).

  Du coup en changeant de partenaire d'hébergement (Scaleway) on est reparti sur une version plus moderne de RHEL. fluxBB, notre forum, n'était plus compatible avec les version de PHP (en plus d'être un projet abandonné). On a donc migré sous Flarum. Le site en eZ Publish n'était plus compatible lui aussi et eZ Publish avait subit des migrations importantes. On est donc parti sur un WordPress (même si j'aime pas) pour tenir les délai et tout refaire en 1 mois.

  En quoi consiste la maintenance au jour le jour du site ? Est-ce que cela te prend beaucoup de temps ?

  Alors aujourd'hui, il y a Nicolas qui m'aide beaucoup sur la gestion du serveur. Merci à lui ! Après ni lui ni moi ne sommes designers, donc on est un peu limité sur certaines évolutions. Mais aujourd'hui, on a un deck Nextcloud (une sorte de kanban ou liste de taches) et on fait évoluer les solutions au rythme des alertes de sécurité et des versions de maintenances.

  Si quelqu'un veut t'épauler dans cette tâche, quelles compétences sont nécessaires ?

  Actuellement, on a trois peines : - le design, - quelques blogs et le site de l'asso sous Dotclear à migrer en WordPress, - le Wiki qu'il faut mettre à jour plus souvent.

  Donc avis aux amateurs !

  Si tu avais la possibilité de changer quelque chose dans la distribution Fedora ou dans sa manière de fonctionner, qu'est-ce que ce serait ?

  Un Copr plus accessible ? Actuellement, Flathub se présente à l'alternative aux RPM... Mais ce n'est pas du RPM :).

  À l'inverse, est-ce qu'il y a quelque chose que tu souhaiterais conserver à tout prix dans la distribution ou le projet en lui même ?

  Ce pour quoi j'aime Fedora : La liberté et l'innovation !

  Que penses-tu de la communauté Fedora-fr que ce soit son évolution et sa situation actuelle ? Qu'est-ce que tu améliorerais si tu en avais la possibilité ?

  Je trouve que malheureusement la communauté Fedora subit le sort de bien de communauté : la fragmentation ! Entre les pages Facebook, les canaux discourse, etc... Et les personnes qui arrivent sont peut-être trop dans une approche prendre plus que donner. Mais à nous de faire changer ça.

  Merci Guillaume pour ta contribution !

  Conclusion

  Nous espérons que cet entretien vous a permis d'en découvrir un peu plus sur le site Fedora-fr.

  Si vous avez des questions ou que vous souhaitez participer au Projet Fedora ou Fedora-fr, ou simplement l'utiliser et l'installer sur votre machine, n'hésitez pas à en discuter avec nous en commentaire ou sur le forum Fedora-fr.

  À dans 10 jours pour un entretien avec Remi Collet, empaqueteur du Projet Fedora en particulier concernant l'écosystème PHP.

April 01, 2025

• Peter Czanik Installing nightly syslog-ng arm64 packages on a Raspberry Pi

  Last week, I posted about running nightly syslog-ng container images on arm64. However, you can also install syslog-ng directly on the host (in my case, a Raspberry Pi 3), running the latest Raspberry OS.

  Before you begin

  Right now, syslog-ng nightly arm64 packages are only available for Debian Bookworm. A 64-bit Raspberry Pi board with the latest Raspberry OS installed is probably the easiest way to test these packages. However, any arm64 machine running Debian Bookworm should do the job.

  Installing syslog-ng

  Before installing syslog-ng, you should add the GPG key:

  wget -qO - https://ose-repo.syslog-ng.com/apt/syslog-ng-ose-pub.asc | sudo apt-key add -

  After that, you can add the repository:

  echo "deb [arch=arm64] https://ose-repo.syslog-ng.com/apt/ nightly debian-bookworm-arm64" | sudo tee -a /etc/apt/sources.list.d/syslog-ng-ose.list

  The syslog-ng package is modular. The core syslog-ng package has minimal dependencies and is called syslog-ng-core. The syslog-ng package itself is an umbrella package installing all syslog-ng modules together with their dependencies. Depending on what you have already installed, it can be a huge download. You can list syslog-ng modules using the “apt-cache search syslog-ng” command. I tend to install the syslog-ng-mod-http package, as it pulls in the core package and dependencies, provides support for Elasticsearch and compatible services, and for many cloud-based destinations as well, like Slack. The following command installs syslog-ng with http destination support:

  apt-get install syslog-ng-mod-http

  Testing

  The default configuration stores most log messages to /var/log/messages. You can test it using the logger command and if you are fast enough, this message should be the last one in the file:

  logger bla
  tail -1 /var/log/messages
  Mar 18 08:24:18 raspberrypi root[12504]: bla

  What is next?

  In this blog, we used the default syslog-ng configuration for log collection. However, the possibilities are endless. In some of my previous blogs, I have already shown how to use syslog-ng for collecting temperature and humidity data, or how to collect log messages centrally on a Raspberry Pi. While syslog-ng is best known for its extreme performance, most syslog-ng users collect less than a hundred messages a second. Depending on the hardware and software configurations, syslog-ng can collect over 60,000 messages a second on a Raspberry Pi… :-)

  -

  If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

March 30, 2025

• Swiss JuristGate Link between institutional abuse, Swiss jurists, Debianism and FSFE

  Friday, an expert in the subject of persecution asked me a question: is there a link between the paedophiles and the Swiss jurists?

  I reflected on the subject and I found several links between the cultural problems.

  At the same time, the BBC published a report on Justin Welby, former head of the Anglican church. He resigned because of the John Smyth QC scandal. John Smyth was a powerful lawyer who had also been a judge for six years. Smyth simultaneously had the role of Reader in the church.

  I wrote several blogs about the links between the Code of Conduct gaslighting and the document Crimen Sollicitationis.

  The pope sent the Crimen Sollicitationis to each diocese in 1962. It was a secret document. Article 70 insists on total secrecy about abuse:

  70. All these official communications shall always be made under the secret of the Holy Office; and, since they are of the utmost importance for the common good of the Church, the precept to make them is binding under pain of grave [sin].

  Moreover, we are not even supposed to discuss the existance of the document:

  TO BE KEPT CAREFULLY IN THE SECRET ARCHIVE OF THE CURIA FOR INTERNAL USE.

  Gerhard Ulrich was a human rights activist. He published a list of judges, their mistakes and their conflicts of interest. In Switzerland, the conflicts of interest are a private subject under article 173(3) of the Swiss criminal code:

  The accused is not permitted to lead evidence in support of and is criminally liable for statements that are made or disseminated with the primary intention of accusing someone of disreputable conduct without there being any public interest or any other justified cause, and particularly where such statements refer to a person’s private or family life.

  In 2001, the secret document became widely known.

  When FINMA published a jugement against the Swiss jurists in 2023, they redacted the names, they redacted the dates and even worse, they redacted most of the paragraphs.

  

   

  A little bit like Crimen Sollicitationis, certainly.

  We find the same problems in the case of John Smyth, Anglican church and Justin Welby:

  From 2013, the Church of England knew “at the highest level” about the abuse, the report says, but failed to refer it either to the police or to the relevant authorities in South Africa, where Smyth died while under investigation by the police.

  The Swiss authorities, the bar association of Geneva and FINMA had knowledge of Parreaux, Thiébaud & Partners since 2021 or earlier. Why did they redact the majority of paragraphs from the judgment? They wanted to hide their pre-existing knowledge of the scandal.

  Why did the church authorities or Swiss authorities protect people like John Smyth and Mathieu Parreaux? Men like that have knowledge of all the scandals and institutional failings throughout their career. We discussed the same question in the (leaked) debian-private mailing list. Each time somebody is bullied and punished by the overlords, there is a risk that they will publish a full copy of debian-private.

  We have filled in the secrets in the JuristGate web site.

  When I acquired Swiss citizenship, I had to take an oath. ( la promesse solennelle vaudois, Loi sur le droit de cité vaudois 2018).

  You promise to be true to the federal constitution and the constitution of the Canton of Vaud. You promise to maintain and defend on every occasion and with all your powers the rights, freedoms and independence of your new country, to develop and advance her reputation and wealth and equally to avoid all that could cause her loss or damage.

  There is a problem: after the death of my father, racist Swiss women started writing gossip. The rudeness of selfish and arrogant people who impose upon my family at a time of grief outweighs the seriousness of the oath.

  Swiss authorities closed the legal protection insurance. The director of FINMA resigned with a payout of 581,000 Swiss francs, but he did not provide replacement lawyers for the clients.

  At the same time, the racist Swiss women demanded a publication.

  FSFE uses the trademark of the FSF without authorisation. They received a bequest of EUR 150,000. They declared the bequest a secret subject.

  The Swiss citizenship oath implies that we have to find a private solution to the Debian crisis, but the racist Swiss women wanted a publication of lies after the death of my father.

  

   

  The truth is clear, my father died.

  In 2018, the intern Renata D'Avila published a blog about the risks of location tracking services. She chose a quote from the French philosopher Pierre-Joseph Proudhon:

  To be GOVERNED is to be watched, inspected, spied upon, directed, ... then, at the slightest resistance, the first word of complaint, to be repressed, fined, vilified, harassed, hunted down, abused, clubbed, disarmed, bound, choked, imprisoned, judged, condemned, shot, deported, sacrificed, sold, betrayed; and to crown all, mocked, ridiculed, derided, outraged, dishonored.

  In Australia, Lilie James rejected her boyfriend's demand for location services on her phone and she was clubbed to death. My intern had predicted the crime with her use of the quote alongside her description of problems with Google.

  According to the Debian Social Contract, point 3:

  We won't hide problems.

  but the Debianists threatened my intern by sending her secret emails:

  Debian "Community Team" (political police) to Renata, private email of 13 June 2018: Reinforcing positive attitudes and steps that you see in Debian towards women inclusion can also motivate yourself, the other Debian contributors, and possible newcomers, to go on working in that strategy and foster diversity in Debian. This does not mean to avoid criticism or hiding problems, but providing a more accurate vision of how the Brazilian Debian community works towards our common goals.

  The threat:

  Finally, we would like to say a word about the participation in Debian events that is financed (at least in part) by Debian. We believe that a matching fund, (Mini)DebConf bursary or any other financial help to attend a Debian event is a big endorsement from Debian to the person who receives it, and we believe that your behaviour in MiniDebConf Curitiba 2018 did not match the excellence that we expect for a bursary applicant. Thus, we are considering requesting a rejection of your application to the bursaries team.

  Renata did not come back to any Debian events.

  In Australia's Royal Commission into Institutional Abuse, we find the same thing:

  Culture of secrecy

  We are satisfied that there was a prevailing culture within the Archdiocese, led by Archbishop Little, of dealing with complaints internally and confidentially to avoid scandal to the Church.

  and again between the priests and their victims:

  He said that, on both occasions, Father Daniel encouraged BTH to remain silent by reference to the seal of confession.

  The seal of confession is like the Code of Conduct gaslighting in the free software projects. If the victim doesn't maintain the silence, they will be blocked from becoming a priest or a developer.

  Frans Pop published his suicide note the night before the Debian Day anniversary. When colleagues discussed his death outside the secret debian-private mailing list, they suffered immediate reprisals.

  Unfortunately we also had the misfortune to read information on twitter that, to our current knowledge, must have been gathered from this -private list. We think this a very unfortunate event that is missing every kind of common sense and decency, and therefore saw forced to suspend the accounts of the people leaked from membership on this list.

  Pascal/Lia Daobing: You both are no longer subscribed to debian-private, for the next 4 weeks. The one and only reason this list exists is to have a place where we can share information that is not immediately leaked into the public. Twitter is not -private. Please, in the future, respect the rules of the environment you are in, especially in such a special case like this.

  The next death was Adrian von Bidder. It was Palm Sunday, the same day as the marriage between Carla and I. Adrian von Bidder died in Switzerland the official report has not been published. Yet.

  Switzerland and the Catholic Church both openly promote their culture of secrecy. Debianists have claimed to be committed to transparency so the imposition of secrecy in Debian demonstrates an even greater lack of integrity.

  Joerg Jaspert wrote about Frans Pop:

  He has done a lot of work for the project, invested a lot of his time and appearently (read the statement of his parents) the Debian project was a very important part of his life.

  The last words in the last email of Frans Pop, sent the night before Debian Day:

  All mails I ever sent to d-private (and mails quoting them) shall remain private.

  

March 29, 2025

• Kevin Fenzi Late March infra bits 2025

  

  Another week, another saturday blog post.

  Mass updates/reboots

  We did another mass update/reboot cycle. We try and do these every so often, as the fedora release schedule permits. We usually do all our staging hosts on a monday, on tuesday a bunch of hosts that we can reboot without anyone really noticing (ie, we have HA/failover/other paths or the service is just something that we consume, like backups), and finally on wednsday we do everything else (hosts that do cause outages).

  Things went pretty smoothly this time, I had several folks helping out this time and thats really nice. I have done them all by myself, but it takes a while. We also fixed a number of minor issues with hosts: serial consoles not working right and nbde not running correctly and also zabbix users being setup correctly locally. There was also a hosted server where reverse dns was wrong, causing ansible to have the wrong fqdn and messing up our update/reboot playbook. Thanks James, Greg and Pedro!

  I also used this outage to upgrade our proxies from Fedora 40 to Fedora 41.

  After that our distribution of instances is:

  number / ansible_distribution_version

  252 41

  105 9.5

  21 8.10

  8 40

  2 9

  1 43

  It's interesting that we now have 2.5x as many Fedora instances as RHEL. Although thats mostly the case due to all the builders being Fedora.

  The Fedora 40 GA compose breakage

  Last week we got very low on space on our main fedora_koji volume. This was mostly caused by the storage folks syncing all the content to the new datacenter, which meant that it kept snapshots as it was syncing.

  In an effort to free space (before I found out there was nothing we could do but wait) I removed an old composes/40/ compose. This was the final compose for Fedora 40 before it was released and the reason in the past that we kept it was to allow us to make delta rpms more easily. It's the same content as the base GA stuff, but it's in one place instead of split between fedora and fedora-secondary trees. Unfortunately, there were some other folks using this. Internally they were using it for some things and iot also was using it to make their daily image updates.

  Fortunately, I didn't actually fully delete it, I just copied it to an archive volume, so I was able to just point the old location to the archive and everyone should be happy now.

  Just goes to show you if you setup something for yourself, often unknown to you others find it helpfull as well, so retiring things is hard. :(

  New pagure.io DDoS

  For the most part we are handling load ok now on pagure.io. I think this is mostly due to us adding a bunch of resources, tuning things to handle higher load and blocking some larger abusers.

  However, on friday we got a new fun one: A number of ip's were crawling an old (large) git repo grabbing git blame on ever rev of every file. This wasn't causing a problem on the webserver or bandwith side, but instead causing problems for the database/git workers. Since they had to query the db on every one of those and get a bunch of old historical data, it saturated the cpus pretty handily. I blocked access to that old repo (thats not even used anymore) and that seemed to be that, but they may come back again doing the same thing. :(

  We do have a investigation open for what we want to do long term. We are looking at anubis, rate limiting, mod_qos and other options.

  I really suspect these folks are just gathering content which they plan to resell to AI companies for training. Then the AI company can just say they bought it from bobs scraping service and 'openwash' the issues. No proof of course, but just a suspicion.

  Final freeze coming up

  Finally the final freeze for Fedora 42 starts next tuesday, so we have been trying to land anything last minute. If you're a maintainer or contributor working on Fedora 42, do make sure you get everthing lined up before the freeze!

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/114247602988630824

March 28, 2025

• Jeremy Cline How artifacts are signed in Fedora

  For the last few months, one of the things I’ve been working on in Fedora is adding support for SecureBoot on Arm64. The details of that work will be the subject of a later post, but as part of this work I’ve become somewhat familiar with the signing infrastructure in Fedora and how it works. This post introduces the various pieces of the current infrastructure, and how they fit together.

  Signed?

  Pretty much anything Fedora produces and distributes is digitally signed so users can verify it did, in fact, come from the Fedora project. Perhaps the most obvious example of this is the RPM packages Fedora produces. However, plenty of other artifacts are also signed, like OSTree commits.

  Signing works using public-key cryptography. We have the private key that we need to keep secret, and we distribute the public keys to users so they can verify the artifact.

  Robosignatory

  Signing is (mostly) an automated process. A service, called robosignatory, connects to an AMQP message broker and subscribes to several message topics. When an artifact is created that needs signing, the creator of the artifact sends a message to the AMQP broker using one of these topics.

  Robosignatory does not sign artifacts itself. It collects requests from various other services and submits them to the signing server on behalf of those systems. The signing server is the system that contains and protects the private keys.

  Sigul

  Sigul is the signing server that holds the private keys and performs signing operations. It is composed of three parts: the client, the bridge, and the server.

  The Server

  The Sigul server is designed to control access to signing keys and to provide a minimal attack surface. It does not behave like a traditional server in that it does not accept incoming network connections. Instead, it connects to the Sigul bridge, and the bridge forwards requests to it via that connection.

  This allows the firewall to be configured to allow outgoing traffic to a single host, and to block all incoming connections. This does mean that the host cannot be managed via normal SSH operations. Instead this is done in Fedora via the host’s out-of-band management console.

  Private keys are encrypted on disk. When users are granted access to keys, the key is encrypted for that particular user.

  The Bridge

  The Sigul bridge acts as a specialized proxy. Both the client and server connect to the bridge, and it forwards requests and responses between them.

  Unlike the typical proxy, the Sigul bridge does a few interesting things. Firstly, it requires the client to authenticate via TLS certificates. The client then sends the bridge the request it wishes to make. The bridge forwards that request to the server. The bridge then expects the client and server to send an arbitrary amount of data to each other. This arbitrary data is framed as chunks and it forwards that data back and forth until an end of stream signal is sent by the server and client.

  Finally, it forwards the server’s response to the client.

  The Client

  The client is a command-line interface that sends requests to the server via the bridge. This client can be used to create users and keys, grant and revoke access to keys, and request signatures in various formats. Robosignatory invokes the CLI to sign artifacts.

  The client connects to the bridge as described above. After authenticating with the bridge and sending the request, it begins a second TLS connection configured with the Sigul server’s hostname, and sends and receives data on this connection over the TLS connection it has with the Sigul bridge. It relies on this inner TLS connection to send a set of session keys to the server without the bridge being able to intercept them. These session keys are used to sign the Sigul server’s responses so the client can be sure the bridge did not tamper with them.

  After it has established a set of secrets with the server, the remainder of the interaction occurs over the TLS connection with the bridge, but since the responses are signed both the client and server can be confident the bridge has not tampered with the conversation.

  Conclusion

  It’s an interesting setup, and has served Fedora for many years. There is plenty of code in Sigul which dates back to 2009, not long after Python 2.6 was released with exciting new features like the standard library json module. It was likely developed for RHEL 5 which means Python 2.4.

  Unfortunately, at least one of the libraries (python-nss) it depends on to work are not maintained and not in Fedora 42, so something will have to be done in the near future. Still, it’s not ready to sign off just yet.

• Daniel Pocock Banned evidence: Ars Technica forums censored email predicting DebConf23 death, Abraham Raji & Debian cover-up

  Various blogs have referred to an email predicting the death of Abraham Raji. The email was published for the first time in the Ars Technica forum and then the whole thread was locked and deleted.

  The email is real. I made some inquiries with various coroners who handled previous Debian-related deaths. I wrote back to the Cambridgeshire Coroner's office on 9 September 2023, the first day of DebConf23. I predicted there was a higher risk in this group and three days later Abraham Raji died on the DebConf day trip.

  Why doesn't Ars Technica want anybody to see this email? Quite simply, the email proves once again that I was right about the toxic culture.

  Subject: Re: Inquest Christopher Rutter - Information Request
  Date: Sat, 9 Sep 2023 18:59:26 +0200
  From: Daniel Pocock <daniel@pocock.pro>
  To: Coroners <Coroners@cambridgeshire.gov.uk>
  
  
  Hi [redacted],
  
  I've updated the document with some extra email evidence and two more
  deaths, both of those being under management from a doctoral candidate
  at Cambridge.
  
  Based on my own experience of both Debian culture, the Pell situation
  and the evidence in these emails, I feel that there is an ongoing risk
  to the health of people who engage with this culture.
  
  Please kindly confirm if the coroner can escalate this to the relevant
  people or whether you need somebody to present the document in person.
  
  Regards,
  
  Daniel
  

  The key emails from various web sites, including the suicide discussions, have been placed in a single document that can be forwarded to the relevant police or coroner each time a new victim dies in similar circumstances.

  Employers and families are totally unaware of what some people are doing in the debian-private (leaked) conflict zone. The brother of Frans Pop told me that Debianists came to the funeral but they kept him in the dark. Not any more.

  Ars Technica moderators suggested the conversation with the coroner could be spam.

  It is a creepy coincidence that earlier in the same year, I had been talking to the Carabinieri about the tactics used to silence victims of blackmail and abuse. We were having the conversation in the very same hour that Cardinal George Pell was having his surgery. He died the same day. Pell's name was mentioned again to the Cambridgeshire coroner and Abraham Raji died.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

   

  

   

  Don't forget that this latest discussion only came up after we realized that my former Outreachy intern had predicted the circumstances involved in the death of Lilie James.

   

  

   

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

• ! Avi Alkalay ¡ Modern Minimum Laptop

  Now that people have a more independent and cloud-based set of work tools, they can finally consider leaving Windows behind and getting a better and cheaper laptop, like a MacBook Air.

  “What? A MacBook Air cheaper than a Windows laptop? Impossible!”

  Well, if you look in the Wintel (Windows + Intel) universe for a laptop with the same features as Apple’s entry-level laptop — the MacBook Air — the Wintel version will be more expensive.

  A basic laptop today should have a 3K or 4K display (Full HD is already obsolete), solid-state storage, high-quality camera, microphone, and audio, and be thin, lightweight, and stylish. Most importantly, the battery should last all day. This last feature is not possible in Intel-based laptops, where, in practice, the battery lasts no more than 90 minutes. A modern laptop is used like a smartphone: unplugged from the outlet, carried around all day, and recharged while you have lunch or sleep.

  So yes, you can find cheaper laptops, but they will have worse features than the minimum standard. They also use lower-quality components (camera, microphone, display) and outdated technology (storage, CPU).

  Also on LinkedIn and Facebook.

• Remi Collet 🎲 PHP version 8.3.20RC1 and 8.4.6RC1

  Release Candidate versions are available in the testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for parallel installation, the perfect solution for such tests, and as base packages.

  RPMs of PHP version 8.4.6RC1 are available

  • as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  RPMs of PHP version 8.3.20RC1 are available

  • as base packages in the remi-modular-test for Fedora 40-42 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  ℹ️ The packages are available for x86_64 and aarch64.

  ℹ️ PHP version 8.2 is now in security mode only, so no more RC will be released.

  ℹ️ Installation: follow the wizard instructions.

  ℹ️ Announcements:

  • PHP 8.4.6RC1 available for testing
  • PHP 8.3.20RC1 available for testing

  Parallel installation of version 8.4 as Software Collection:

  yum --enablerepo=remi-test install php84

  Parallel installation of version 8.3 as Software Collection:

  yum --enablerepo=remi-test install php83

  Update of system version 8.4:

  dnf module switch-to php:remi-8.4
  dnf --enablerepo=remi-modular-test update php\*

  Update of system version 8.3:

  dnf module switch-to php:remi-8.3
  dnf --enablerepo=remi-modular-test update php\*

  ℹ️ Notice:

  • version 8.4.4RC2 is in Fedora rawhide for QA
  • EL-10 packages are built using RHEL-10.0-beta and EPEL-10.0
  • EL-9 packages are built using RHEL-9.5
  • EL-8 packages are built using RHEL-8.10
  • oci8 extension uses the RPM of the Oracle Instant Client version 23.7 on x86_64 and aarch64
  • intl extension uses libicu 74.2
  • RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
  • versions 8.3.20 and 8.4.6 are planed for April 10th, in 2 weeks.

  Software Collections (php83, php84)

  

  

  Base packages (php)

  

  

March 26, 2025

• Richard W.M. Jones Graphical differences between two disk images

  I was investigating possible disk corruption when copying a disk image between servers, but needed a way to visualise what might be happening. The disk image is tens of gigabytes, so looking at it in hexdump wasn’t a lot of fun. A little Python to the rescue instead:

  #!/usr/bin/python3
  
  from PIL import Image, ImageColor
  
  import nbd
  h1 = nbd.NBD()
  h2 = nbd.NBD()
  
  original = "original.qcow2";
  copied = "copied.qcow2";
  
  blksize = 4096
  zero_block = bytearray(blksize)
  
  width = 4096
  output = "output.png"
  red = ImageColor.getrgb("red")
  green = ImageColor.getrgb("green")
  blue = ImageColor.getrgb("blue")
  white = ImageColor.getrgb("white")
  black = ImageColor.getrgb("black")
  
  # Open original disk image.
  h1.connect_systemd_socket_activation(["qemu-nbd", "-f", "qcow2", original])
  
  # Open copied disk image.
  h2.connect_systemd_socket_activation(["qemu-nbd", "-f", "qcow2", copied])
  
  assert(h1.get_size() <= h2.get_size())
  
  # Open the output visualisation.
  height = int(h1.get_size() / blksize / width) + 1
  image = Image.new("RGB", (width, height), white)
  
  # Iterate over the blocks of each.
  x = 0
  y = 0
  for i in range(0, h1.get_size(), blksize):
      b1 = h1.pread(blksize, i)
      b2 = h2.pread(blksize, i)
      if b1 == b2:
          # Same
          image.putpixel((x, y), green)
      elif b1 != zero_block and b2 == zero_block:
          # Zeroed
          image.putpixel((x, y), black)
      else:
          # Different but not zeroed
          image.putpixel((x, y), red)
      x = x+1
      if x == width:
          x = 0
          y = y+1
          print("%d/%d\r" % (y, height), end='')
  
  print()
  image.save(output)
  print("Saved to %s" % output)
  
  h1.close()
  h2.close()
  

  The resulting image showed that stretches of the disk were getting zeroed out during the copy (which was definitely not supposed to happen).

  

March 25, 2025

• Peter Czanik Nightly arm64 syslog-ng container builds are now available

  Recently we enabled nightly syslog-ng builds and container builds for arm64. It means that from now on, you can run the latest syslog-ng on 64bit ARM platforms.

  Before you begin

  For this test, I used a Raspberry Pi 3 running the latest Raspberry Pi OS. As I use Podman everywhere else (I am an openSUSE / Fedora guy), I also installed it here for container management.

  Running syslog-ng nightly in a container

  Support for arm64 was added after the last syslog-ng release, which means that by the time of writing this blog, there is no arm64 syslog-ng package available for the latest release, only for the nightly builds. Make sure that you use the “nightly” tag, otherwise Podman will download an x86 image (well, at least until the next release), and complain about wrong architecture only at the end.

  This first command will download the container image from the Docker hub and print some syslog-ng version information. Note that the registry host name is also included, as the Podman package does not come with a pre-configured registry.

  root@raspberrypi:~# podman run -ti docker.io/balabit/syslog-ng:nightly -V
  Trying to pull docker.io/balabit/syslog-ng:nightly...
  Getting image source signatures
  Copying blob 52daf8b0f06f done  
  [...]
  Starting syslog-ng with params: -V
  syslog-ng 4 (4.8.1.224.g600b1e8)
  Config version: 4.2
  Installer-Version: 4.8.1.224.g600b1e8
  Revision: 4.8.1.224.g600b1e8-snapshot+20250313T232005
  Compile-Date: Mar 13 2025 23:20:05
  Module-Directory: /usr/lib/syslog-ng/4.8
  Module-Path: /usr/lib/syslog-ng/4.8
  Include-Path: /usr/share/syslog-ng/include
  Available-Modules: otel,map-value-pairs,afamqp,bigquery,tags-parser,kafka,rate-limit-filter,loki,afsmtp,json-plugin,affile,redis,sdjournal,clickhouse,afsnmp,secure-logging,afstomp,afmongodb,afsocket,mqtt,disk-buffer,mod-python,graphite,kvformat,afsql,timestamp,examples,metrics-probe,geoip2-plugin,linux-kmsg-format,riemann,cryptofuncs,http,cloud_auth,correlation,pacctformat,pseudofile,afuser,tfgetent,confgen,hook-commands,add-contextual-data,basicfuncs,regexp-parser,afprog,stardate,csvparser,azure-auth-header,syslogformat,appmodel,system-source,cef,xml
  Enable-Debug: off
  Enable-GProf: off
  Enable-Memtrace: off
  Enable-Stackdump: off
  Enable-IPv6: on
  Enable-Spoof-Source: on
  Enable-TCP-Wrapper: on
  Enable-Linux-Caps: on
  Enable-Systemd: on

  The following command starts syslog-ng with the default configuration running in the foreground and printing debug messages on the terminal. Creating a proper syslog-ng configuration and setting up storage is not in the scope of this blog, but using this setup you can still verify that syslog-ng works as expected:

  root@raspberrypi:~# podman run -it -p 514:514/udp -p 601:601 --name syslog-ng docker.io/balabit/syslog-ng:nightly -edv

  At the end of many lines of debug messages you should see sever lines indicating that syslog-ng is ready to receive network connections. For example:

  [2025-03-14T12:33:15.414977] Accepting connections; addr='AF_INET(0.0.0.0:601)'

  Port 601 is expecting RFC5424 formatted log messages with octet counting over a TCP connection. You can send a test message using this command from another terminal:

  logger -n 127.0.0.1 -P 601 -T --octet-count this is a test

  On the terminal, where you run syslog-ng, you should see something similar in the debug logs:

  [2025-03-14T12:38:08.805320] Syslog connection accepted; fd='19', client='AF_INET(10.88.0.1:59612)', local='AF_INET(0.0.0.0:601)'
  [2025-03-14T12:38:08.806800] Incoming log entry; input='<13>1 2025-03-14T13:38:08.805035+01:00 raspberrypi root - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="319500"] this is a test', msg='0x7f93510000', rcptid='0'
  [2025-03-14T12:38:08.806800] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='this is a test', marker='@cee:'
  [2025-03-14T12:38:08.806800] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='this is a test', marker='@cim:'
  [2025-03-14T12:38:08.831167] Initializing destination file writer; template='/var/log/messages', filename='/var/log/messages', symlink_as='(null)'
  [2025-03-14T12:38:08.851750] Initializing destination file writer; template='/var/log/messages-kv.log', filename='/var/log/messages-kv.log', symlink_as='(null)'
  [2025-03-14T12:38:08.852912] Syslog connection closed; fd='19', client='AF_INET(10.88.0.1:59612)', local='AF_INET(0.0.0.0:601)'
  [2025-03-14T12:38:08.854588] Outgoing message; message='2025-03-14T13:38:08.805+01:00 host .SDATA.timeQuality.isSynced=1 .SDATA.timeQuality.syncAccuracy=319500 .SDATA.timeQuality.tzKnown=1 HOST=host HOST_FROM=host MESSAGE="this is a test" MSGFORMAT=rfc5424 PROGRAM=root SOURCE=s_network TRANSPORT=rfc6587\x0a'
  [2025-03-14T12:38:08.854588] Outgoing message; message='Mar 14 13:38:08 host root: this is a test\x0a'

  What is next?

  As I mentioned earlier, in this blog we only made sure that syslog-ng can start on arm64 in a container and that it can collect log messages over the network. Depending on your environment you will also need to change the configuration and provide some disk space for collected log messages. If you give the nightly arm64 syslog-ng images a try, let us know about your experience!

  -

  If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

March 24, 2025

• Daniel Pocock Anticipated in 2018: Lilie James & Location tracking, Googlists complained

  The ABC published a summary of the Lilie James inquest with a focus on the Location Tracking issues. The coroner hasn't completed their official report yet and these news reports are only summaries of the evidence. (See my previous blog about what people hide from coroners).

  In the winter 2017/2018 round of Outreachy, I selected Renata D'Avila from Brazil to be an intern for Debian ( Debian official announcement and Outreachy project list).

  During the application process, we ask each applicant to do a small programming task and submit the results. I was startled to see Renata giving help to the women she was competing against. It turns out that while tech industry diversity programs try to attract interns who are fresh out of university, Renata had already worked as a schoolteacher for a number of years and helping the other women was just part of her nature.

  In the middle of the program, Renata published a blog post with the title The right to be included in the conversation. Renata's blog post features a screenshot of Google Maps with lines marked on it showing how Googlists have tracked her movements around Porto Alegre, here it is again, along with some analysis:

  

   

  Renata's blog opens with a quote from Pierre-Joseph Proudhon that anticipates the prospect of being clubbed to death:

  To be GOVERNED is to be watched, inspected, spied upon, directed, ... then, at the slightest resistance, the first word of complaint, to be repressed, fined, vilified, harassed, hunted down, abused, clubbed, disarmed, bound, choked, imprisoned, judged, condemned, shot, deported, sacrificed, sold, betrayed; and to crown all, mocked, ridiculed, derided, outraged, dishonored.

  The ABC report mimics the quote chosen by Renata:

  The inquest examining Ms James's death at St Andrew's Cathedral School in 2023, heard she had tried to set boundaries with Thijssen the weekend before.

  Creepy. But it gets worse.

  The Googlists couldn't stand this. Google is one of the companies that contributes money to these diversity internships. When women are selected for the program, their blog posts are syndicated into various web sites where they are seen by many Google employees and their followers. It was really shocking for them when this blog about how creepy they are suddenly appeared all over the open source eco-system.

  Various rumors appeared. They created rumors about "behavior", rumours about "harassment" and rumors about "abuse". They created rumors that I was dating an intern.

  They sent threats to Renata, which she didn't tell me about until a few months later. I published some of those communications.

  Debian "Community Team" (political police) to Renata, private email of 13 June 2018: Reinforcing positive attitudes and steps that you see in Debian towards women inclusion can also motivate yourself, the other Debian contributors, and possible newcomers, to go on working in that strategy and foster diversity in Debian. This does not mean to avoid criticism or hiding problems, but providing a more accurate vision of how the Brazilian Debian community works towards our common goals.

  In other words, we can tell fairy tales but nobody is allowed to speculate about the negative risks associated with location tracking or anything else that comes from Googlists. Because now that it actually happened to a location tracking victim, we can all say I chose the right woman for the internship.

  Please watch Renata speaking in this video. They continue spending vast sums of money on "diversity" internships but diversity of thought is not welcome.

  Related: the Code of Conduct gaslighting in open-source software hobbyist groups may violate the new coercive control laws too.

  Even more scary are the predictions I made when Donald Trump was elected for the first time.

  Googlists have spent over US$130,000 to try and discredit me, to stop women telling me stuff and to stop us making predictions that are uncomfortably close to the truth.

  RIP Lilie James

  

• Adam Young Diff between Code review versions

  Bottom line up front: create a tag with each version of a code review you post, to be able to see changes between versions.

  Git commits come in (at least) three flavors.
  
  First is the personal flavor, where you commit to git in order to not lose some quantum of behavior you have just implemented. These commits are small, and may be breaking commits. They are not meant for upstream consumption in the long term.

  
  Second is the upstream commit, a reasonable chunk of a code to review. While the overall patch-series (to use the LKML term) might still be multiple patches, each one is meant to be stand-alone reviewed, and probably should be a non-breaking patch that can be merged as is…provided all the pre-req patches get merges.
  
  The third type of commit is a fix to a code review commit. Say a patch series is 5 patches long, and you are asked to make a change in the first patch in the series. When doing your work, the first thing you do is make that change and make sure it works, and commit it on the top of the stack. Typically that change means you do a git rebase -i HEAD~6 (or comparable) and reorder the patches so that the fix sits just above the original commit you want to fix. At this point, you can squash the original and fixing commits together.
  
  When using gitlab or github, you can update an existing code review request (Merge Request or MR in gitlab, Pull Request or PR in Github) by doing some form of git push with the –force flag. Since both git services use a branch to represent the request, an update to the branch will create an update to the request.
  
  The problem with this process is that the change gets lost. Say that the change was questionable, and you just wanted to try it out. A fellow developer on a different system has no way of reverting to the previous stage…they would need the private information on your system.
  
  Another code review system that does not lose this information is Gerrit. I don’t wish to compare and contrast all of the various merits and drawbacks of Gerrit. Instead, I wish to focus in on the fact that a review is a top level concept in Gerrit, and each version of a review becomes its own branch. A version of a review is visible from the server and you can diff between two versions of a review. I would like to have the option to do something similar, but in gitlab or github.
  
  It turns out that you can, but it requires more work on the part of the developer. After you push each version of a merge request, you tag it and push that tag. They you update the merge request conversation with links to that tag.

  Obviously, this requires more effort on the part of the coder, but since you are essentially performing two operations each time you push, you can script it. We can write a script git-pushrev that does the following:

  1. pushes the current head to gitlab with –force using the name of the current branch. Make sure you don;t use main or other protected branch.
  2. tags the current head. The name of the tag should be related to the name of the branch, with a 3 digit index appended
  3. push the current tag to git using git push tag <tagname>

  The developer would need to then grab the tag and add it to the code review comments. However, if they forget to do this, the tag already exists and it could be looked up and posted in the future, or merely kept as a reference for later.

  To see what work was done in a revision of a review, use git diff. For example, assuming a branch named code-review,

  git diff code-review-000 code-review-001.

  I have a project where I deleted a short file. Here is what I get:

  ayoung@sut05sys-r112:~/testing/packaging$ git tag
  plumbum-wip-0
  plumbum-wip-1
  ayoung@sut05sys-r112:~/testing/packaging$ git diff plumbum-wip-0 plumbum-wip-1
  diff --git a/packaging/archive.py b/packaging/archive.py
  deleted file mode 100644
  index a3b2e94..0000000
  --- a/packaging/archive.py
  +++ /dev/null
  @@ -1,6 +0,0 @@
  -# Represents an archive to be built:  tar.gz, rpm, or comparable
  -
  -class Archive():
  -    def __init__(self, kit_name, build_id, branch_tag, base_tag):
  -        for key, value in locals().items():
  -            setattr(self, key, value)
  

• Alejandro Acosta Event report: Fedora @ SCaLE22x

  The 22nd edition of the Southern California Linux Expo ,or SCaLE for short, has come to and end and Fedora project had presence as it has happened for most of the editions of this important event. A few months ago I was gathering information on the Fedora participation in SCaLE for the Fedora Contributors conference (Flock to Fedora, check abstract for that talk here)and I was able to collect documentation as far as its 4th edition back in 2006!!

  Sounds easy, but that’s 19 out of 22 editions of the largest and most important community-run open source and free software conference in North America. Here’s a slide from my talk at Flock

  

  As always, it started months before conference’s day 1 with the not-so-fancy but very important work of planning. From surveying potential participants, create event wiki, estimate budget, contact organizers, requesting and receiving swag all the way to setting up the booth before the expo floor is open to attendees. The previous work itself gives us enough material for a separate article, or probably a grade thesis, maybe someday

  The first day starts with co-located events. New and very interesting events where organized along the conference, like Planet Nix, Cloud Native days LA, OpenInfra days, to mention a few. Even when we were not able to have our long desired Fedora Activity Day, we had an opportunity to participate in the Fedora + CentOS classroom with our friends form CentOS and RedHat.

  

  By the end of this day we had to setup our booth, as it needed to be ready for first day of expo on Friday. Having local people participating in the event is very important, not only helps with logistics but also with the little details that sometimes we take them for granted or don’t even notice them at all. Like Perry anticipating that the tablecloth may have come wrinkled due to handling, shipping or just being folded for long time and bringing a steamer from home. Well thought Perry!!

  

  By the way, this year we shared or booth space with our CentOS friends. Being both (Fedora and CentOS ) projects with a lot of common ground, it made this year’s experience enriching not only for both projects participants but also for attendees, who had a more clear panoramic on what’s the role of each project.

  

  Friday was over but we didn’t go straight to rest. Even though it was a busy day and we were beat tired, we wouldn’t be honoring our Fedora foundations if we do not invest quality time with our amigos, so we headed to a mediterranean café to have dinner with friends from CentOS, RedHat and Fedora. I’m sorry I don’t have compeling -or at least more appealing- evidence but here’s a sample of my food

  

  Talking about amigos, one of things I loved the most in this edition is that I had a re-encounter with my old friend, former Fedora contributor, former SCaLE staff and the person who talked me into attending my first SCaLE, my brother in the other side of the border, Larry Cafiero.

  Larry is now a writer for fossforce.com and he asked me for a few words that he could use in one of his articles in my capacity of Fedora contributor and long time SCaLE attende. You may call it an interview, I call it the pleasure of spending time with Larry.

  

  It is now Saturday, the busiest day in the expo hall as it is opened for the longest time and it is the day when most people attend the conference. It was crazy delightful from beginning to end, lots of visitors, increasing spanish speaking attendees, schools, companies, vendors, newbies, oldies, families, nerds, geeks,etc. In short, unique, valuable experiences to talk to people.

  Saturday closed with Game Night, a much appreciated opportunity to sit down for a while, grab a sip and continue talking about nerd things while enjoying a game. As a new, this is the first time that I got food spilled on my jeans from an excited player. I guess it comes with the territory

  Sunday is short, time for a wrap. Booth was lifted up, expo was closed. Fortunately there are a few other activities after the expo, like the much expected closing keynote. This time it was in charge of the Turing Award winning Leslie Lamport !!! The conference says that they’re always looking to bring these «legends» and they never disappoint. Leslie’s keynote was just delicious, delightful.

  

  I usually don’t include a thank you section because I fear to leave someone out of my mentions, but I’m grateful for all of the people who made this edition a success. Thank you Perry Rivera for co-owning the event and for all the effort you put in the organization, during and after the event. Thank you Scott Williams, Brian Monroe and Ivan Chavero for the time and passion you put in booth duty. Shaun McCance and Carl George, it was a privilege sharing booth space and adventures with you. Thank you Justin and Jason, without your support we wouldn’t be able to make it. And finally, thank you Nick Bebout, we’re sorry you couldn’t finally make it to the event but we’re sure we will continue working on having you there and we appreciate and value your work during the organization.

  See you next year at SCaLE !!!

• Josef Strzibny Running JavaScript after a Turbo Stream renders

  Turbo comes with turbo:before-stream-render but unfortunately doesn’t ship with the equivalent turbo:after-stream-render. Here’s how to run JavaScript after the stream renders.

  Why we need this

  If you are building your application with Hotwire, your Turbo streams will likely add, remove, and replace some HTML nodes. This mostly works except when you want to add HTML that comes with some JavaScript. Like a file picker, Trix editor, and the like.

  Turbo itself won’t do anything about this. It’s a rather simple tool with simple purpose. JavaScript initialization should come with the HTML Turbo is about to add. Hotwire solves this with Stimulus.

  The Hotwire way

  The Hotwire answer to the problem is Stimulus controllers. Stimulus is build on top of MutationObserver which is a browser API providing the ability to watch for changes being made to the DOM.

  When a Stimulus controller appears on the page, its connect method is called automatically. If our HTML doesn’t come with a Stimulus controller, we should create a new controller and put our initialization code inside its connect method:

  // app/javascript/controllers/my_controller.js
  import { Controller } from "@hotwired/stimulus"
  
  export default class extends Controller {
    connect() {
      // Code to initialize something
    }
  }
  

  Then we simply add the controller to an element inside our Turbo Stream:

  <turbo-stream>
    <div data-controller="my-controller">
    	Something that needs to be initialize with JavaScript.
    </div>
  </turbo-stream>
  

  When Stimulus is not an option

  Sometimes Stimulus might not be what we want and we would love to have a Turbo Stream event to hook into anyways.

  Luckily, Steve shared his little implementation of turbo:after-stream-render in this thread:

  // application.js
  const afterRenderEvent = new Event("turbo:after-stream-render");
  addEventListener("turbo:before-stream-render", (event) => {
    const originalRender = event.detail.render
  
    event.detail.render = function (streamElement) {
      originalRender(streamElement)
      document.dispatchEvent(afterRenderEvent);
    }
  })
  

  As you can see, the idea is quite simple. We create a new custom Event and add an event listener for turbo:before-stream-render which already exist. We then run our event after we are done with original rendering.

  To use it we create an event listener and paste the JavaScript that needs to run after rendering:

  document.addEventListener("turbo:after-stream-render", () => {
    console.log("I will run after stream render")
  });
  

March 21, 2025

• Daniel Pocock Heathrow power failure, UK skills shortage, Brexit & Russia

  Heathrow airport was shut down for almost the whole day due to a loss of electrical supply.

  People were quick to ask if it involved foul play and if it might involve Russia.

  The answer was already there in broad daylight.

  The UK's national grid has been publicly appealing for help with the skills shortage for some time.

  Brexit and Covid both hit the UK in early 2020. The skills shortage became more dire. There are many who argue that Brexit played a much bigger role than Covid in the long term skills shortage.

  Who brought on Brexit? There were many actors involved. The role of Russia was significant enough that there is a dedicated Wikipedia page about Russian interference in the 2016 Brexit referendum.

  Understanding critical infrastructure

  The air traffic control facilities are critical infrastructure. The passenger check-in facilities are not. It was uncomfortable to see that UK ministers commenting on the crisis were unable to explain this distinction to the public or even comment on the state of the air traffic control.

  Nonetheless, whether every part of the facility is critical infrastructure or not, it was simply bad for the UK's national brand.

  The UK knows better

  The last time energy supplies at Heathrow were cut so dramatically was the fire at the Buncefield fuel depot. I was living about 5km away from the depot when it exploded at about 3am on a Sunday morning. It turns out that both Heathrow and Luton airports were obtaining fuel through pipelines from Buncefield and airlines had to arrange alternative stops for refuelling.

  During the cold war, British Telecom (BT) built nuclear-proof telephone exchange bunkers deep under UK cities. As luck would have it, I was living in Manchester at the time their indestructible telephone exchange caught fire. They discovered that everything from the cash machines and payment terminals to the dispatch system for ambulances depended on the same telephone exchange. Many of those things were not working for about two weeks. Nobody ever found evidence linking Russians to the fire.

  Incidents like these are well known in the UK, they have had inquiries at Westminster and they would be wise to dig up the reports from these previous incidents and see how many of the recommendations have really been implemented and whether they can generalize the lessons from previous incidents to help prevent today's catastrophe from repeating itself.

  Help from France

  The day before the crisis, Tour de France organizers announced that the UK will host the grand depart and the first three stages of the race in 2027. As the saying goes, on your bikes.

• Michael Catanzaro GNOME 48 Core Apps Update

  It has been a year and a half since my previous GNOME core apps update. Last time, for GNOME 45, GNOME Photos was removed from GNOME core without replacement, and Loupe and Snapshot (user-facing names: Image Viewer and Camera) entered, replacing Eye of GNOME and Cheese, respectively. There were no core app changes in GNOME 46 or 47.

  Now for GNOME 48, Decibels (Audio Player) enters GNOME core. Decibels is intended to close a longstanding flaw in GNOME’s core app set: ever since Totem (Videos) hid its support for opening audio files, there has been no easy way to open an audio file using GNOME core apps. Totem could technically still do so, but you would have to know to attempt it manually. Decibels fixes this problem. Decibels is a simple app that will play your audio file and do nothing else, so it will complement GNOME Music, the music library application. Decibels is maintained by Shema Angelo Verlain and David Keller (thank you!) and is notably the only GNOME core app that is written in TypeScript.

  Looking to the future, the GNOME Incubator project tracks future core apps to ensure there is sufficient consensus among GNOME distributors before an app enters core. Currently Papers (future Document Viewer, replacing Evince) and Showtime (future Videos or possibly Video Player, replacing Totem) are still incubating. Applications in Incubator are not yet approved to enter core, so it’s not a done deal yet, but I would expect to see these apps enter core sooner rather than later, hopefully for GNOME 49. Now is the right time for GNOME distributors to provide feedback on these applications: please don’t delay!

  On a personal note, I have recently left the GNOME release team to reduce my workload, so I no longer have any direct role in managing the GNOME core apps or Incubation process. But I think it makes sense to continue my tradition of reporting on core app changes anyway!

• Tom Tromey Faster Faster GDB Startup

  A while ago, I wrote about my work to speed up GDB’s DWARF reader. I thought I’d write again with a few updates.

  Sharding

  Back then, I wrote: “maybe GDB could trade memory for performance and shard the resulting index and do separate canonicalizations in each worker thread”.

  I did end up doing this. Recall that the canonicalization step goes through all the discovered DWARF entries of interest — basically, all the objects in the program that both have a name and are not in a function scope (except in some languages, there is always an exception with DWARF) — and ensures the names are in a normal form. For Ada, this step includes synthesizing the package hierarchy (something that should probably be done for Go as well, except nobody really works on the Go support in GDB).

  As an aside, sometime in the last few years we realized that this canonicalization has to be done for C as well, because in C there are multiple spellings of types like “short”. This is also implemented.

  Because GDB already reads DWARF CUs in chunks in separate threads, the sharding idea is that we can speed up canonicalization a bit by doing this separately. Previously, GDB combined all the results before processing. Sharding means that lookups are a little more complicated; but it turns out not to be too hard, because the number of shards is typically low (for reasons I haven’t yet investigated, the reader doesn’t scale past 8 threads or so).

  Background Reading

  The other major change I made is to do all the DWARF reading in the background. This is a trick to make gdb feel faster to users. The basic idea here is that in many cases, gdb does not immediately need the DWARF from the various files. So, if we push the reading into worker threads, maybe it will be completely read in by the time gdb does need it.

  This also somewhat benefits the situation where several shared libraries are loaded at once into the inferior. In this case, gdb already defers breakpoint re-setting until all the DWARF has been read — and with this change, all that work will be done in parallel.

  Making this work wasn’t entirely straightforward. The main issue here is that gdb determines the initial language and location for “list” (et al) based on the debug info. The patches arrange to set these things lazily as well. I also had to add some rudimentary thread-safety to BFD.

  Now, this can be defeated in a few ways. If you have a .gdbinit that sets a breakpoint, then that will cause the familiar pause, because setting a breakpoint will wait for the workers to complete. Or, if you debug a large executable and type very quickly, you may have to wait for the parsing to finish.

  However, when it does work, it feels like gdb starts instantly.

• Josef Strzibny Running interactive sessions with Kamal

  How to connect to a container on a server managed by Kamal and run an interactive session?

  Interactive server actions

  Kamal comes with a kamal server exec to execute a single command on the server. If we pass the -i option, we’ll start the interactive session that doesn’t cancel the connection immediatelly.

  Similarly, Docker comes with docker exec command with the -it options to run a container process interactively.

  If we combine both of these we’ll get what we need. A single command to run something interactively out of a single container:

  $ kamal server exec -i "docker exec -it [CONTAINER] [COMMAND]"
  

  Example

  Here’s an example with kamal-proxy:

  $ kamal server exec -i "docker exec -it kamal-proxy bash"
  

  After running the comment we’ll be dropped into the container running Kamal Proxy.

  Then we can play with the proxy without running long commands:

  $ kamal-proxy stop app-web --message=""
  $ kamal-proxy resume app-web
  

March 20, 2025

• Amit Shah List of Patents I have filed

  This is the list of patents I’ve filed over the years.

  US Patent Number	Title	Inventor/s	Assignee
  US-12223191-B1	Management of operating system software using read-only multi-attach block volumes	Shah; Amit	Amazon Technologies, Inc.
  US-12210875-B2	Security vulnerability mitigation using address space co-execution	Shah; Amit, Schoenherr; Jan Hendrik, Raslan; Karimallah Ahmed Mohammed, Hillenbrand; Marius, Sironi; Filippo	Amazon Technologies, Inc.
  US-10496424-B2	Reconfiguring virtual machines	Shah; Amit	Red Hat, Inc.
  US-9990217-B2	Hypervisor printer emulation for virtual machines	Shah; Amit	Red Hat, Inc.
  US-9880868-B2	Modifying an OS installer to allow for hypervisor-specific adjustment of an OS	Shah; Amit	Red Hat, Inc.
  US-9436529-B2	Providing random data to a guest operating system	Shah; Amit	Red Hat, Inc.
  US-9323562-B2	Providing seamless copy-paste operations in a virtual machine environment	Shah; Amit	Red Hat, Inc.
  US-9280378-B2	Adjustment during migration to a different virtualization environment	Shah; Amit	Red Hat, Inc.
  US-8874697-B2	Content download based on hashes	Shah; Amit	Red Hat, Inc.
  US-8863114-B2	Managing software packages using a version control system	Shah; Amit	Red Hat, Inc.
  US-8806040-B2	Accessing external network via proxy server	Shah; Amit	Red Hat, Inc.
  US-8631408-B2	Configuring parameters of a guest operating system based on detected events	Shah; Amit	Red Hat, Inc.
  US-8561067-B2	Test suites for virtualized computing environments	Shah; Amit	Red Hat, Inc.
  US-8312453-B2	Mechanism for communication in a virtualization system via multiple generic channels of a paravirtualized device	Shah; Amit	Red Hat, Inc.

March 19, 2025

• Fedora fans نسخه لینوکس فدورا ۴۲ بتا منتشر شد

  

  پروژه فدورا با خوشحالی انتشار نسخه بتای فدورا لینوکس ۴۲ را اعلام می‌کند! این نسخه پیش‌نمایشی از ویژگی‌ها و تغییرات نسخه نهایی فدورا لینوکس ۴۲ را ارائه می‌دهد. برای دریافت نسخه پیش‌انتشار هر یک از ویرایش‌ها، می‌توانید به وب‌سایت پروژه مراجعه کنید: فدورا ورک‌استیشن ۴۲ بتا فدورا KDE Plasma Desktop ۴۲ بتا فدورا سرور ۴۲ […]

  The post نسخه لینوکس فدورا ۴۲ بتا منتشر شد first appeared on طرفداران فدورا.