24 April is the anniversary of the Easter Rising. That is the day
that Irish republicans bravely rose up against foreign control. The Irish
leaders were captured and killed.
25 April is ANZAC Day. It is the anniversary of various battles,
most notable of which is Gallipoli.
The Gallipoli landings, like the Easter Rising, are notable for a
significant loss of life.
ANZAC Day has evolved to commemorate not only those who lost their lives
at Gallipoli but all the sacrifices made by those who serve in uniform for
Australia and New Zealand.
When the FSFE Fellowship voted for the Irish-Australian Daniel Pocock
in 2017, voting finished at 11:05 UTC on 24 April 2017. That is
the 101st anniversary of the Easter rising.
FSFE headquarters are in Berlin, Germany and the majority of
members appear to be Germans. After the community voted for an
Irish-Australian, the management
removed the elections from the FSFE constitution. There hasn't been
another election since.
Your favorite Linux distribution is X. You test everything there. However, your colleagues use distro Y, and another team distro Z. Nightmares start here: the same commands install a different set of syslog-ng features, configuration defaults and use different object names in the default configuration. I ran into these problems while working with Gábor Samu on his HPC logging blog.
From this blog you can learn about some of the main differences in packaging and configuration of syslog-ng in various Linux distributions and FreeBSD, and how to recognize these when configuring syslog-ng on a different platform.
Packaging
You will notice major differences already when you install syslog-ng. When you install the syslog-ng package on openSUSE / SLES or Fedora / RHEL (and compatibles), it installs a basic syslog-ng package with most files from SCL (syslog-ng configuration library). However, all syslog-ng modules that need extra dependencies are packaged separately to keep the footprint of the package minimal.
The syslog-ng package in FreeBSD follows a similar policy. The syslog-ng package only has features which do not require extra dependencies. The only exception is the http() destination, which is built-in, and needs curl. If you want any other features with extra dependencies, like Python or Riemann support, you must compile syslog-ng yourself from FreeBSD ports.
Packaging on Debian /Ubuntu is completely different. The syslog-ng package is an umbrella package, pulling in all syslog-ng sub packages with their dependencies. Hundreds of megabytes. On the other hand, if you install the syslog-ng-core package, then it is unusable by itself as SCL is missing, just as most modules, including those without extra dependencies. You really have to know what you are doing.
No matter which Linux distribution you are using, you will be surprised because a completely different set of syslog-ng features and dependencies will be installed from what is expected. One of the returning problems is that a driver implemented in SCL, like elasticsearch-http() expects the syslog-ng http module to be installed. Luckily, they now show a meaningful error message, including suggestions on which package(s) to install:
[root@rawhideserv conf.d]# syslog-ng -s
Cannot load required module; module='http', details='The elasticsearch-http() driver depends on the syslog-ng http module, please install the syslog-ng-mod-http (Debian & derivatives) or the syslog-ng-http (RHEL & co) package', location='/usr/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf:39:2'
[…]
In other cases, you have to figure out yourself, that if your configuration does not work if a Riemann destination is added, then you have to install the related syslog-ng module (if available).
Each object (source, filter, and so on) in the configuration has a name. This is how we can refer to various objects in the log path, where we connect these objects. The above configuration is from Debian, and the name for local log sources is called s_src. However, these names are not standardized. For example, in openSUSE / SLES the name for local logs is called src.
Why is this a problem? For example, let's say that you find a configuration snippet in a blog which addresses a problem that you are trying to solve. You copy & paste the snippet into a new configuration file in the directory /etc/syslog-ng/conf.d/. However, you happen to run SLES, but the config sample was made on a Debian system:
This is where the “fun” begins. Well, kind of, as long as you like detective stories. The previously mentioned problems are annoying, but you get a straightforward error message. You can configure global options for syslog-ng in the options section of the configuration. This is yet another case where each Linux distribution or BSD variant has different settings. As there are no error messages, you must read the documentation to resolve these problems.
We initially started to work on RHEL, then switched to Debian. Suddenly, instead of host names we started to see IP addresses in log messages. In this case it was relatively easy. The syslog-ng.conf on RHEL has keep_hostname(yes) in options, while the one in Debian does not have this setting. The default value of this option is no, which means that syslog-ng replaced host names with the sender IP address. Adding this option to the configuration resolved the problem. Other problems might require a bit more time to recognize and more effort to resolve.
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.
In the context of an inquest,
unlawful killing tells us
that the circumstances of the death involved some sort of crime.
The crime may be deliberate or it may be a matter of extreme
incompetence. The verdict of a coroner's inquest does not name
a guilty party. We could use the same framework to think about
the deaths in the
Debian suicide cluster.
Shortly after the jury announced their verdict, people noticed
a blog from Russ Allbery in Debian.News
and other syndication services on the topic
Review: The Stars, Like Dust.
Russ publishes a lot of book reviews
and it could have just been coincidence. Nonetheless, there are a lot
of accusations about trolling in Debian so it seems like a good
opportunity to look at the similarities between the
Stardust deaths and the
Debian suicide cluster deaths.
Some things change...
The tragedy was a long time ago in 1981 but it remains highly
relevant today.
Some things changed. For example, both Ireland and the UK now have
much stricter safety regulations in business premises. The quality of
building materials and the standard of electrical installation work
has improved a lot.
Forbidden music was censored
One of Ireland's most notable folk singers
Christy Moore became a convicted criminal for singing
about the fire.
Yet this is something that has changed: Ireland abolished
criminal speech laws and and the Internet provided a way
for people to circumvent the censorship and listen to Moore's song
They Never Came Home.
To put that in perspective, nobody was ever convicted of a crime
in relation to overcrowding, the ignition of the fire or the
blocked fire exits. But Moore was convicted for singing about those
things.
We can see exactly the same phenomena in Debian. Nobody has ever
been investigated or convicted over the
Debian suicide cluster deaths but there have been enormous efforts
to punish those who spoke up about it.
... but some things don't change
The fire was on Valentine's Day, 14 February 1981 and the initial
inquiry concluded in November 1981 with a finding that it was
probably started by arson.
No evidence of arson was documented. It looks like this was not
much more than guesswork.
Eventually, in 2009, a review was commissioned by the Government.
The report declared that the finding of arson was not justified.
The Oireachtas, the Irish parliament, publicly accepted his conclusions.
The arson verdict was now erased. The families of victims were left
in limbo for another 15 years waiting for the new verdict, a lot
like the open source community has been left in limbo waiting
for an official report about the suicides.
In 2019 the Government agreed to a new inquest. The inquest began
in 2023 and last week it produced verdicts of unlawful killing.
The finding of arson was not substantiated.
The
Wikipedia page about Unlawful Killing tells us that such
verdicts only require proof on the balance of probabilities.
News reports suggest that in Ireland, the verdict had to
be beyond reasonable doubt, which is a much stronger
verdict.
Scapegoating in Ireland and Debian
The finding of arson in 1981 has the impact of shifting blame.
By finding that arson was a possible factor, the inquiry was
reducing the weight of blame on the owners of the nightclub and
officials at the Dublin City Council for their
own failings in health and safety practices.
Moreover, a finding of arson shifts the blame from the landlord classes
to the youth. Rather than seeing the youth as victims, the arson finding
encourages us to consider the possibility that one of the youngsters
had a role in their own suffering.
We can see the same in the world of Debian. Frans Pop chose
to write his resignation/suicide note the night before Debian Day yet
Wouter Verhelst wrote a blog insisting that
Pop had other reasons for suicide.
We can see the same phenomena in Debian and other open source
software groups that have implemented
amateur hour Codes of Conduct (CoC). Whenever there is some kind of
conflict, the CoC is used to shift the blame from wrongdoing by the
leadership figures and use some volunteer as a scapegoat.
We find the same thing again in the Catholic abuse scandals. The
Crimen Sollicitationis
is a Code of Conduct for handling abuse cases. In rule 73 of this code,
the wording selected by the author in the original Latin version of the text
explicitly suggests that the child
is a collaborator in the crime rather than a victim. The finding of arson
suggests that some of the youth may have been collaborators in
their own demise.
Crimen Sollicitationis, the CoC for hiding abuse, goes on to
provide a procedure for interrogating victims who make a complaint.
The victims are asked to admit that they made the complaint
because they are seeking forgiveness for their own "participation" in
the forbidden act.
We saw the same phenomena in Debian. Dr Norbert Preining
made a complaint about harassment from the Debian Account Managers.
He gave an example of the nasty messages these people sent him
in December 2018
(
evidence).
A common theme used by the abusers and those investigating abuse
is the questioning of the victim's reasons for making a complaint.
Victim's were asked if they were seeking forgiveness or
absolution. The implication is that a victim asking for absolution
is admitting they were somehow party to the wrongdoing. From
the thesis of Sally Muytjens:
The confessional is a unique situational context for
clergy and was utilised by DN actors as a multi-functional
DN resource (Cahill and Wilkinson 2017, 16). Clericalism was
exploited as a significant DN resource in this situational context.
Where a victim is seeking forgiveness, they are extremely vulnerable
as the priest has the power to grant or withhold absolution.
The church teaches us from a young age that the confessional is
a place of secrecy and privacy. The messages Debian Account Managers
are sending to their victims seek to exploit the same
psychology, from the message published by Dr Preining:
We are sending this email privately, leaving its
disclosure as your decision (although traces in public databases are
unavoidable)
In fact, we can see the same psychology in other social problems
that Ireland is facing today. For example, for a long time, the
Irish government
dragged their feet over compensation to victims of the Mica scandal.
The biggest social problems in Ireland today involve the health
system, homelessness and insufficient housing, even for those who
are working and able to afford the rent. In each case, public discourse
about the subject tries to shift the blame to those who are suffering
or some third party like the immigrants.
En ce mardi 23 avril, les utilisateurs du Projet Fedora seront ravis d'apprendre la disponibilité de la version Fedora Linux 40.
Fedora Linux est une distribution communautaire développée par le projet Fedora et sponsorisée par Red Hat, qui lui fournit des développeurs ainsi que des moyens financiers et logistiques. Fedora Linux peut être vue comme une sorte de vitrine technologique pour le monde du logiciel libre, c’est pourquoi elle est prompte à inclure des nouveautés.
Cette 40e édition propose principalement une mise à jour de son interface principale GNOME 46 et de son concurrent KDE Plasma 6 qui passe à Wayland par défaut au passage.
Expérience utilisateur
Passage à GNOME 46. Cette version se démarque par beaucoup d'améliorations pour son navigateur de fichiers nommé Fichiers. Il dispose dorénavant, en plus d'une recherche dans le dossier et sous-dossiers en cours, d'une recherche globale utilisable via le bouton dédié avec une icône de loupe ou par le raccourci clavier Ctrl+Shift+F (contrairement à la recherche locale qui se fait via le raccourci Ctrl+F). Il permet de chercher dans l'ensemble du répertoire utilisateur voire davantage selon les préférences de l'utilisateur.
L'icône de loupe prend place où était l'icône de progression lors des opérations sur les fichiers comme les décompressions ou la copie de fichiers. De fait ces opérations sont affichées en bas de la barre latérale ce qui permet d'afficher plus d'informations en un coup d’œil. L'application bénéficie en outre d'améliorations de performances en particulier pour afficher de gros dossiers avec des images ou lors du passage d'une vue liste à une vue par icônes et vice-versa. Plus de périphériques sur le réseau peuvent être découverts automatiquement permettant notamment de parcourir leurs fichiers.
GNOME prend en charge les comptes Microsoft OneDrive ce qui permet de facilement parcourir les fichiers sauvegardés avec ce service. Dans les comptes à distance, le protocole WebDAV est aussi pris en charge pour l'accès à des calendriers, listes de contacts et autres fichiers partagés. Pour l'authentification de ces comptes en ligne, le navigateur par défaut est utilisé dorénavant ce qui permet d'utiliser une plus grande diversité de moyens d'authentifications comme l'usage de périphériques USB dédiés.
Pour les amateurs de la connexion distante, il est maintenant possible de se connecter à GNOME graphiquement à distance via le protocole RDP. Auparavant seulement une session ouverte pouvait être pilotée ainsi. Cette option est désactivée par défaut et nécessite des droits appropriés, tout se configure via le panneau de configuration tout comme le bureau distant.
En parlant du panneau de configuration, ce dernier a été amélioré en regroupant plusieurs configurations par sections afin d'améliorer la clarté de l'application. La liste des menus devenait particulièrement importante et rendait difficile la localisation des éléments à configurer. De plus, la configuration du pavé tactile a été améliorée pour permettre de choisir entre le clic dans un coin ou le clic à deux doigts pour réaliser l'équivalent d'un clic droit avec ce périphérique.
Côté accessibilité, le lecteur d'écran Orca a été modernisé pour le rendre plus performant, plus fiable et plus compatible avec les applications Wayland ou celles exécutées dans un bac à sable tel que Flatpak. Il est possible de couper temporairement Orca avec le raccourci clavier Ctrl+Alt+Shift+Q ce qui est particulièrement utile en cas de conflit entre deux lecteurs d'écran ou si une application utilise du son aussi.
Les notifications dans GNOME indiquent par quelle application elles ont été émises. Il est maintenant possible d'étendre facilement la notification afin de pouvoir la visualiser en entier, utilisant une vue plus compacte par défaut.
De manière plus générale, GNOME bénéfice d'améliorations de performances notamment pour son terminal, son moniteur système qui bénéficie aussi d'un graphe dédié aux entrées / sorties sur les espaces de stockage, pour l'enregistrement de l'écran, le visionneur d'images ou encore pour la recherche globale de GNOME. L'ensemble des applications GTK4 bénéficie d'un nouveau moteur de rendu qui améliore le rendu du texte mais aussi les performances.
L'environnement de bureau KDE Plasma change de version majeure avec sa nouvelle version 6. Au passage Plasma 6 utilise Wayland par défaut, et s'il était prévu de supprimer totalement la possibilité de l'utiliser avec X11 pour simplifier la maintenance, des volontaires ont permis de repousser l'échéance pour l'instant.
Sous le capot, cette version utilise la nouvelle bibliothèque majeure graphique qu'elle emploie à savoir Qt 6. C'était l'occasion par ailleurs de rationaliser les différentes couches techniques et APIs internes afin de supprimer ce qui n'était plus au goût du jour ou trop peu employé pour être maintenu.
Cette version propose la prise en charge partielle du rendu des couleurs en HDR pour les applications et matériel compatibles, mais aussi un profil de couleur spécifique par écran afin d'avoir un rendu fidèle des couleurs. Dans cette thématique pour les personnes souffrant de daltonisme ou d'autres formes de maladies dichromatiques peuvent utiliser des filtres pour améliorer la lisibilité des applications et de leur contenu.
Dans les changements plus classiques, la barre principale est par défaut en mode flottant comme pour beaucoup de docks d'autres environnement de bureaux ou systèmes d'exploitation. Il est bien sûr possible de changer tout cela dans les paramètres et plus encore concernant cette barre principale. Concernant l'affichage principal, l'effet cube en cas de changement de bureau virtuel est de nouveau disponible. Pour la capture d'écran, il est possible de choisir une zone arbitraire de l'écran, d'utiliser le codec VP9 pour les enregistrements vidéos et de choisir sa qualité.
Le thème par défaut de l'environnement nommé Breeze bénéficie d'un rafraichissement, il utilise moins de cadres et a un affichage un peu plus compact.
Comme pour GNOME, la recherche a bénéficié d'un effort important. En plus de permettre la conversion de fuseaux horaires ou de trier les résultats par type, les performances sont grandement améliorées : jusqu'à 200% plus rapide pour chercher des documents, jusqu'à 60% plus rapide pour trouver une application, le tout jusqu'à moins 30% d'usage du processeur. La recherche obtient les résultats pour les textes traduits dans votre langue ou en anglais pour les noms ou les descriptions d'applications par exemple.
Il est dorénavant possible de s'authentifier par mot de passe ou par empreinte digitale en même temps, il n'est plus nécessaire de forcer l'une des deux options.
Et tant d'autres changements encore.
Gestion du matériel
Fourniture de ROCm 6 pour améliorer la prise en charge de l'IA et le calcul haute performance pour les cartes graphiques ou accélérateurs d'AMD. Il concerne notamment les puces AMD Instinct MI300A et MI300X, et fournit de nouveaux algorithmes optimisés du mécanisme d'attention et de bibliothèques de communication. Il permet l'usage de flottant 8 bits pour gagner en consommation mémoire au détriment de la précision du modèle pour PyTorch et hipblasLT. Via la plateforme AMD Infinity Hub, il est possible d'obtenir des paquets prêts à l'usage pour certains travaux en IA ou calculs haute performance notamment pour les calculs scientifiques.
Passage à l'étape 2 de la prise en charge du noyau unifié nommée UKI (donc unifiant noyau, initrd, ligne de commande du noyau et signature) pour les plateformes avec UEFI mais rien ne change par défaut à ce sujet. L'objectif dans cette phase est de pouvoir démarrer sur de tels noyaux directement sans chargeur de démarrage intermédiaire, tout en offrant la possibilité de démarrer sur d'autres noyaux et de passer automatiquement au noyau suivant par défaut suite à une mise à jour. Les machines Aarch64 (ARM 64 bits) peuvent également s'en servir maintenant. Une image pour cette architecture et x86_64 doit également être fournie pour un contexte de virtualisation en étant basée sur ces fichiers kickstart.
Si vous souhaitez tester cela sur un système existant, vous pouvez installer les paquets virt-firmware, uki-direct avant d'exécuter le script sh /usr/share/doc/python3-virt-firmware/experimental/fixup-partitions-for-uki.sh pour configurer les partitions proprement afin d'être découvrables par le système, puis enfin installer le paquet kernel-uki-virt pour qu'il installe le noyau proprement avec la nouvelle méthode. Il est préférable de tester cela sur une machine virtuelle ou si vous savez ce que vous faites avec du matériel standard type ahci / nvme pour le stockage principal. Bien sûr ce travail reste expérimental et est réservé à ceux qui savent comment faire pour réparer le système en cas de problèmes.
Internationalisation
Le gestionnaire d'entrée de saisie IBus passe à la version 1.5.30. Les commandes pour lancer et relancer IBus fonctionnent depuis l'environnement Plasma Wayland dorénavant, et pour cet environnement aussi les préférences sont maintenant accessibles depuis le menu non contextuel.
Mise à jour de ibus-anthy 1.5.16 pour la saisie du japonais. Le principal changement est la conversion possible d'ère japonaise avec 2024.
Administration système
NetworkManager tente de détecter par défaut les conflits d'usage d'adresse IPv4 avec le protocole Address Conflict Detection (RFC 5227) avant de l'attribuer à la machine. En somme au moment de s'attribuer une adresse IP donnée, une requête ARP est envoyée au réseau concernant cette adresse. Si une réponse est obtenue, l'adresse est déjà utilisée et n'est donc pas exploitable sans perturber le réseau. Ce mécanisme existe pour les réseaux avec IP fixes ou même avec un serveur DHCP central car rien n'empêche la présence d'une machine configurée avec une IP fixe dans le réseau malgré tout. Si le réseau a un serveur DHCP et qu'un conflit est détecté, la réponse DHCPDECLINE sera envoyée pour obtenir peut être une autre adresse. En cas de conflit une erreur sera rapportée permettant à l'utilisateur de diagnostiquer le problème et d'y apporter une solution. Par défaut le système attendra 200 ms avant de décider qu'il n'y a aucune réponse. Pour l'IPv6 cela est inclus dans le standard RFC 4862 ce qui rend ce changement non nécessaire dans ce cas de figure.
NetworkManager va utiliser une adresse MAC aléatoire par défaut pour chaque réseau Wifi différent, et cette adresse sera stable pour un réseau donné. En effet, certains systèmes utilisent l'adresse Mac pour identifier les machines en déplacement de réseau en réseau permettant une pseudo géolocalisation ce qui nuit à la vie privée. Mais la méthode usuelle de changer d'adresse MAC aléatoirement à chaque connexion pose un problème en cas de réseau restreignant l'accès à certaines adresses MAC uniquement ou en changeant d'adresse IP à chaque reconnexion. Cette méthode est un compromis entre le respect de la vie privée et le confort d'utilisation. Cela est fait en ajoutant la configuration wifi.cloned-mac-address="stable-ssid" dans le nouveau fichier /usr/lib/NetworkManager/conf.d/22-wifi-mac-addr.conf.
Les entrées des politiques SELinux qui font référence au répertoire /var/run font maintenant référence au répertoire /run. Il y a dix ans déjà que le premier répertoire a bougé vers le deuxième chemin mais SELinux a gardé les vieilles règles en utilisant un lien d'équivalence entre eux pour permettre leur utilisation. Cependant certains outils comme restorecon ne gèrent pas bien cette situation tout comme les administrateurs systèmes qui ne sont pas sûrs de comment écrire proprement de nouvelles règles. Pour résoudre le problème le lien d'équivalence passe de /run = /var/run à /var/run = /run.
L'outil SSSD ne prend plus en charge les fichiers permettant de gérer les utilisateurs locaux. Il pouvait exploiter les fichiers /etc/passwd et /etc/group via l'utilisation de l'option id_provider=files. Cependant cette option n'est plus proposée par le projet officiel et n'était à l'époque conservée que pour permettre l'authentification via des cartes à puce ou l'enregistrement de sessions. Mais dans les deux cas il est possible de passer à la méthode proxy via l'option id_provider=proxy pour le remplacer dans ces cas d'usage. Un guide officiel est proposé pour effectuer la conversion pour ceux qui en ont besoin.
DNF ne téléchargera plus par défaut la liste des fichiers fournie par les différents paquets. Jusqu'à présent il le faisait par défaut parmi d'autres métadonnées, mais cette information n'est en réalité nécessaire que dans certains cas précis qui ne concernent pas celui de la majorité des utilisateurs. Notamment pour quelques paquets ayant une dépendance envers un fichier particulier plutôt qu'un paquet donné ou si on cherche un paquet fournissant un fichier spécifique. Cela permet de réduire les ressources consommées chez les utilisateurs mais aussi au sein de l'infrastructure de Fedora car il n'est plus nécessaire de fournir ces données assez conséquentes de manière systématique.
L'outil fwupd pour mettre à jour les firmwares va utiliser passim comme cache pour partager sur le réseau local les métadonnées liées aux mises à jour disponibles pour les firmwares. Ce fichier qui représente environ 1 Mio est téléchargé quotidiennement parfois sur des liaisons coûteuses. Ainsi la pression est réduite sur les infrastructures notamment le CDN fwupd et la bande passante en utilisant localement la ressource quand elle est disponible. Passim utilise avahi pour signaler son service sur le réseau local qui est disponible via le port 27500 afin que les autres clients puissent identifier si des métadonnées sont disponibles localement.
Les systèmes Fedora Silverblue et Kinoite disposent de bootupd pour la mise à jour du chargeur de démarrage. Par conception les systèmes avec rpm-ostree comme ceux-ci n'ont pas le chargeur de démarrage qui se met à jour par ce biais car cela n'est pas une opération sûre. En effet, la mise à jour de ces systèmes repose sur le principe de transaction pour que le passage d'un état à un autre soit fiable, cependant ce mécanisme ne fonctionne pas bien pour le chargeur de démarrage qui est un composant distinct et critique. On retrouve la même problématique pour les systèmes utilisant un mécanisme de mise à jour basé sur une partition A et B et passant de l'un à l'autre. D'où la création de cet utilitaire qui est mis à disposition pour ceux qui le souhaitent, du moins pour les machines disposant d'un EFI. La mise à jour est pour le moment manuelle à la demande avec la commande bootupctl update. La mise à jour automatique sera prévue dans le futur.
Le paquet libuser est marqué en voie de suppression pour Fedora 41 alors que le paquet passwd est supprimé. La bibliothèque libuser sert à cacher les différences entre les utilisateurs locaux et distants via le protocole LDAP. Mais la prise en charge de ce protocole reste incomplet et il n'y a pas de plan pour aller plus loin, comme sssd peut la remplacer dans ce rôle, la décision de la supprimer prochainement de Fedora fait sens. Pour l'instant seuls les paquets usermode et util-linux en ont encore besoin. Le paquet passwd quant à lui disparaît pour se débarrasser de la dépendance à libuser. La commande pour changer de mot de passe ne change pas, mais est fournie par le paquet shadow-utils.
Le paquet cyrus-sasl-ntlm a été supprimé. Le protocole d'identification NTLM n'est plus maintenu, au profit du protocole Kerberos et ce composant dans SASL n'est plus maintenu depuis des années justifiant une telle décision.
La gestion des droits utilisateurs pam_userdb passe de la base de données BerkeleyDB à GDBM. BerkeleyDB 5.x fourni par Fedora n'est plus à jour ce qui pose des soucis en terme de bogues et de sécurité, d'autant plus avec le rôle de PAM dans le système. La licence de BerkeleyDB a changé dans la branche 6.x, passant de BSD à AGPL rendant impossible l'adoption de cette version plus à jour pour ce composant, les licences n'étant pas compatibles. Ainsi GDBM se pose comme une alternative pour résoudre ce problème. BerkeleyDB 5.x a débuté sa sortie du projet Fedora depuis Fedora 33, ceci est une étape de plus dans cette direction.
Le filtre antispam bogofilter utilise SQLite au lieu de BerkeleyDB pour gérer sa base de données interne. La raison est analogue au paragraphe précédent.
Le serveur LDAP 389 passe de la version 2.4.4 à la version 3.0.0. Le projet abandonne la prise en charge de BerkeleyDB pour sa base de données interne pour la même raison que précédemment. En dehors de cela qui introduit des incompatibilités, cette mise à jour est en réalité assez mineure sur les autres aspects en fournissant essentiellement des correctifs de bogues.
Le paquet iotop est remplacé par iotop-c. Si le nom du paquet change, celui du binaire installé ne change pas. iotop n'est plus vraiment maintenu depuis une dizaine d'années et est sévèrement concurrencé par iotop-c sur cet aspect qui bénéfice en plus d'une empreinte mémoire plus petite étant rédigé en C au lieu de Python. Il n'est pas pertinent aux yeux des mainteneurs de maintenir les deux ainsi.
L'orchestrateur de conteneurs Kubernetes évolue de la version 1.27 à la version 1.29. Ce changement est communiqué car Kubernetes déconseille le saut des versions ce que Fedora fait actuellement en passant à la version 1.28 en fournissant ainsi la dernière version disponible. Cette version propose aux utilisateurs la possibilité d'avoir un écart de version de n-2 à n-3 pour les versions mineures entre le nœud principal et le plan de contrôle. Il est également possible si un nœud est indisponible suite à une panne ou à un état non récupérable de démarrer les services qu'il gérait dans un autre nœud dans un état sain. Le mode d'accès aux données ReadWriteOncePod devient accessible sans restrictions, permettant de restreindre l'accès à des données à un seul pod à la fois plutôt qu'à un seul nœud, pour réduire le risque d'accès concurrents en particulier en écriture. De même le module KMS v2 est disponible à tous pour réaliser les services de chiffrement pour vos APIs.
Par ailleurs les paquets de Kubernetes sont restructurés. L'objectif est de se rapprocher de l'organisation du projet upstream et de simplifier la vie des utilisateurs. Ainsi le paquet kubernetes récupère l'utilitaire kubelet qui avait son paquet dédié et les services fournis via l'ancien sous-paquet kubernetes-master sont renommés kubernetes-systemd. Les paquets kubernetes-client et kubernetes-kubeadm restent inchangés.
Pendant que podman est mis à jour vers la version 5. Cette version abandonne la prise en charge des cgroupv1 du noyau, de même que les plugins CNI ou la base de données clé / valeur Boltdb au profit de SQLite pour les nouvelles instances. Le format des fichiers de configuration pour les podman machines a été profondément remanié, rendant nécessaire la recréation des machines virtuelles concernées conçues avant cette version.
Le paquet wget2 remplace le paquet }}wget}} en fournissant une nouvelle version. Cette version propose du code multithreadé et qui télécharge plus vite grâce à la prise en charge du protocole HTTP2 avec la compression ou le téléchargement parallèle. Il propose plus d'options, il a également plus de tests automatiques pour s'assurer de sa robustesse dans le temps. Sa réécriture dans un style plus moderne devrait faciliter l'adoption de nouveaux protocoles à l'avenir. Par contre les protocoles dépassés WARC et FTP sont moins bien pris en charge. La licence change pour GPLv3+, de même que sa bibliothèque libwget2 vers LGPLv3+.
Le gestionnaire de base de données PostgreSQL migre vers sa 16e version. De part l'arrêt des modules, les paquets pour des versions alternatives sont également réintroduits. Ainsi les paquets postgresql15* font leur apparition pour la prise en charge de la version précédente, et les paquets postgresql17* seront proposés quand la 17e version sera disponible. En terme de changements apportés par cette nouvelle version, les jointures FULL ou OUTER sur des hash peuvent être parallélisées pour de meilleures performances. Il est dorénavant possible de répliquer des données depuis des serveurs dans un état standby, de même la réplication peut être appliquée en parallèle pour de larges transactions afin d'améliorer les performances de l'opération. La vue pg_stat_io fournit des informations statistiques concernant les entrées et sorties. SQL/JSON qui est introduit dans le standard SQL bénéficie de constructeurs dédiés pour créer des objets JSON mais aussi des fonctions identités pour connaître le type des clés. Et ce parmi de nombreuses corrections de bogues et d'amélioration de performances.
Les paquets MySQL et MariaDB sont remaniés et mis à jour vers la version 10.11 pour MariaDB. Le paquet community-mysql est renommé mysql tandis que le paquet mariadb ne fourni plus de binaires avec le nom mysql. En effet la décision à l'époque a été prise car il semblait convenu que MariaDB remplacerait MySQL tout comme LibreOffice a supplanté OpenOffice.org mais force est de constater que les deux projets vont cohabiter longtemps. Cela rend le tout plus simple pour l'utilisateur. Cependant, puisque ces logiciels évoluent séparément, ils deviennent peu à peu incompatibles et le mainteneur abandonne la possibilité d'utiliser MariaDB comme serveur avec MySQL comme client et vice-versa. Aucune autre distribution en fournissait une telle possibilité et cela devenait difficile à maintenir car cela était source de problèmes.
En terme de nouvelles fonctionnalités pour MariaDB, il est possible de lire entièrement les tables Information Schema Parameters et Information Schema Routines tout en améliorant les performances dans la procédure. Il est possible de savoir combien de temps une requête passe dans l'optimiseur via l'option ANALYZE FORMAT=JSON. Les semi-jointures pour la mise à jour ou la suppression de données sont optimisées. Les privilèges SUPER et READ ONLY ADMIN sont dorénavant distincts, à ce sujet il est possible de fournir à tous les utilisateurs des droits spécifiques via la requête GRANT <privilege> ON <database>.<object> TO PUBLIC.
Développement
Mise à jour de la suite de compilation GNU : GCC 14.0, binutils 2,41, glibc 2.39 et gdb 14.1.
Concernant la suite de compilateurs GCC, elle continue l'amélioration de la prise en charge des langages C23 et C23, alors que débute la prise en charge de la future norme C26. De nombreux modèles de puces Aarch64 et x86_64 bénéficient de micro-optimisations, tandis qu'il y a un début de prise en charge des nouvelles instructions pour l'architecture x86_64 d'Intel dénommées APX et AVX10. L'analyseur statique de code peut afficher visuellement les dépassements de tampons pour mieux comprendre ce qui se passe en mémoire.
Pour la suite d'outils binutils, cela se concentre surtout sur la prise en charge plus étendue des instructions des architectures Aarch64, RISC-V et x86_64.
Quant à la bibliothèque standard C glibc, cela se traduit par de nombreuses améliorations comme la prise en charge de la pile cachée pour éviter les attaques par modification d'adresse de retour, ce que Fedora Linux active par ailleurs. De même pour limiter certaines attaques, la glibc propose de pouvoir réécrire au lancement la PLT pour obtenir les adresses des fonctions des bibliothèques dynamiques plutôt que de les avoir lors du premier appel à chaque fonction. Le programme démarre plus lentement mais est plus sûr pour la suite. L'en-tête <stdbit.h> fait son apparition pour les manipulations sur les bits, opérations basées sur la norme de C20. Et une nouvelle fonction posix_spawnattr_setcgroup_np est ajoutée pour démarrer un processus dans un cgroup donné afin d'éviter des situations de concurrence entre le moment où le processus est démarré et où les restrictions s'appliquent.
Enfin le débogueur gdb propose un début de prise en charge du protocole de Microsoft Debugger Adapter Protocol pour faire le lien entre les débogueurs et des IDEs ou éditeurs de code afin de faciliter leur intégration mutuelle. Il peut également gérer des entiers au delà de 64 bits, de même que d'appeler une commande shell avec l'instruction $_shell pour obtenir son résultat. Les instructions de l'architecture Aarch64 SME et SME2 commencent à être gérées et l'API Python est considérablement étoffée pour ceux qui veulent scripter le débogueur.
La suite de compilateurs LLVM est mise à jour à la version 18. Fedora en profite pour que CLang utilise des informations de débogage au format DWARF-5 au lieu de DWARF-4 par défaut comme appliqué par le projet amont. Pour simplifier la procédure de compilation de Fedora pour les paquets utilisant cette chaîne de compilation, le Fat-LTO sera employé pour permettre l'usage du LTO quand c'est possible comme cela était déjà le cas avec GCC. Jusqu'alors ces paquets étaient compilés avec LTO par défaut avec une éventuelle conversion vers ELF à la main si la compatibilité le nécessitait ce qui était particulièrement lourd. Par ailleurs les paquets de compatibilité des versions précédentes fournissent les binaires des différents utilitaires et non plus seulement les bibliothèques et en-têtes.
Concernant les nouveautés apportées par le projet en lui même, comme pour la chaîne de compilation GNU, les architectures Aarch64, x86_64 ou RISC-V sont mieux gérées. Le compilateur CLang suit GCC avec du travail sur C20, C23 pour améliorer la compatibilité avec le standard et le début de prise en charge de la future norme C++26.
Mise à jour de la bibliothèque C++ Boost à la version 1.83. Depuis la version 1.81, cette bibliothèque propose un module pour communiquer avec les bases de données MySQL ou encore une bibliothèque Compat: pour fournir en code compatible C++11 des ajouts proposés par les standards ultérieurs.
Le langage Go passe à la version 1.22. La sémantique de la boucle for évolue un peu avec la création de la variable de boucle à chaque itération de boucle plutôt qu'à la première avec mise à jour à chaque passage. De plus il accepte l'usage des plages de valeurs basées sur des entiers. L'exécution des programmes gagne 1 à 3% grâce à l'optimisation de la localisation mémoire des métadonnées du ramasse miette. Les programmes compilés avec un profil d'optimisation peuvent gagner entre 2 et 14% de performances par rapport à la version précédente grâce à la possibilité d'appliquer la technique sur plus de fonctions qu'avant.
Le JDK de référence pour Java passe de la version 17 à 21. OpenJDK peut maintenant faire du filtrage par motif dans une instruction switch. Il est possible aussi d'affecter le résultat d'une identification de type dans une variable directement afin de pouvoir s'en servir immédiatement. Des fils d'exécution virtuels font leur apparition qui sont plus légers et performants, plutôt dédiés à des tâches courtes avec beaucoup d'attentes, ces tâches peuvent ainsi bénéficier de meilleure performance notamment en terme de latence. Il introduit également une API pour les collections d'objet en séquence (donc ordonnées). De même une nouvelle API pour manipuler les clés cryptographiques symétriques fait son entrée. Le ramasse miette Z Garbage Collector améliore ses performances.
Ruby 3.3 surveille sa syntaxe avec Prism. Prism est un gem introduisant un nouveau parseur très flexible qui a vocation à remplacer Ripper. Le compilateur juste à temps YJIT bénéficie de nombreuses améliorations comme de meilleures performances, une réduction de la consommation mémoire avec un code généré plus compact et avec moins de métadonnées et un temps de compilation plus court. Un concurrent RJIT fait son entrée, écrit en pur Ruby et non en C comme YJIT, il a plus vocation à servir de terrain d'expérimentation. Le ramasse miette est également plus performant.
Le langage PHP utilise la version 8.3. Cette version permet de définir des classes constantes, il propose également un attribut #\Override si une classe surcharge une méthode d'une classe parente. Une nouvelle fonction json_validate permet de vérifier la validité d'un JSON sans le décoder. Le Randomizer a plus de méthodes pour permettre de générer des noms ou nombres aléatoires suivant les besoins.
La boîte à outils pour le machine learning PyTorch fait son entrée dans Fedora. L'objectif est de fournir une meilleure expérience pour les développeurs de ce genre de solution. Un groupe de travail dédié s'est mis en place avec une réunion bi-hebdommadaire. Pour le moment l'architecture x86_64 est la seule prise en charge avec un effort important mis sur les solutions AMD.
Le paquet python-sqlalchemy utilise la nouvelle branche majeure 2.x du projet, le paquet python-sqlalchemy1.4 est proposé pour garder la compatibilité. Cette version apporte entre autre de l'annotation de type ce qui permet de construire des ORM sur un modèle déclaratif. Les opérations d'insertions sont aussi bien plus performantes quelque soit le gestionnaire de base de données derrière.
La bibliothèque de validation des données Pydantic utilise dorénavant la version 2. Outre l'amélioration des performances, il change radicalement son API ce qui coupe la compatibilité ascendante.
La bibliothèque Thread Building Blocks passe du fil 2020.3 au fil 2021.8. De même la compatibilité ascendante n'est pas garantie ce qui a rendu ce portage compliqué.
La bibliothèque OpenSSL 1.1 est supprimée ne laissant que la dernière version de la branche 3.x. Depuis Fedora 36 la branche 3 est employée par défaut dans Fedora. OpenSSL 1.1 n'est plus maintenue depuis fin de l'année dernière ce qui rend sa maintenance délicate et non sûre d'où son abandon malgré la faible compatibilité entre les deux versions pour ceux qui s'en servait encore.
Les bibliothèques zlib et minizip utilisent leur variante zlib-ng et minizip-ng dorénavant. Ces versions sont plus rapides grâce à l'emploi des instructions plus modernes des processeurs actuels tout en gardant la compatibilité par rapport à l'implémentation de référence.
Le langage Python ne bénéficie plus de la version 3.7. Depuis juin de l'année dernière cette version n'est plus maintenue et il n'y a pas de raison de poursuivre son maintien dans les dépôts en tant que version de compatibilité.
Projet Fedora
L'édition Cloud sera construite avec l'utilitaire Kiwi dans Koji. L'utilitaire ImageFactory employé jusqu'à présent n'est plus maintenu. Les outils mkosi et osbuild ont été considérés mais non retenus, le premier car il manque de flexibilité pour fournir toutes les images souhaitées, tandis que le second est certes adopté par l'équipe de Fedora Workstation mais ne semble pas adapté aux besoins des images clouds qui reposent sur d'autres technologies dont rpm-ostree et doit fournir des délivrables plus variés également. En effet l'image cloud cible Vagrant, Azure, AWS, GCP et peut dorénavant viser aussi les images pour WSL2 ou pour conteneurs directement.
Tandis que l'édition Workstation aura son image ISO générée avec l'outil Image Builder. En effet ce dernier bien que déjà employé par Fedora Workstation bénéficie enfin de la prise en charge des images ISO live. Il remplace donc les outils lorax/livemedia-creator qui avaient beaucoup de problèmes. Il devient aussi plus simple pour quiconque de générer son image ISO avec un simple fichier TOML pour le décrire et quelques utilitaires en ligne de commande.
L'image minimale ARM sera construite avec l'outil OSBuild. Comme dans le cadre de l'édition Cloud, il remplace l'utilitaire ImageFactory qui montrait ses limites. L'objectif à terme est de pouvoir supprimer totalement ou partiellement les hacks nécessaires à ce jour pour utiliser cette image sur une grande variété de systèmes ARM.
Fedora IoT bénéficiera d'images pouvant démarrer dans des conteneurs. Ainsi il est possible de tester le système dans des conteneurs plutôt que via de la virtualisation classique ou sur des machines physiques. Cette flexibilité peut aider le test par les utilisateurs mais également par ses mainteneurs.
Il bénéficiera également des images Simplified Provisioning. Fedora IoT peut ainsi utiliser l'utilitaire coreos-installer pour l'installer sur le disque directement et ce en utilisant un argument noyau pour savoir sur quel disque l'installer. Ainsi pas besoin de fichier kickstart ou d’interaction avec l'utilisateur ce qui simplifie la procédure et son automatisation. Cela s'intègre parfaitement avec les dispositifs Fido Device Onboarding et Ignition pour la configuration de tels systèmes dans un environnement de production.
Et le tout sera construit en utilisant rpm-ostree unified core. L'ancien mode n'est en effet plus maintenu et moins testé. Le mode unifié permet au compose server, qui est l'image de base créée à partir de RPM, de fonctionner de manière similaire au client qui ajoute des commits par dessus pour personnaliser le contenu du système. Cela permet de simplifier la maintenance côté rpm-ostree mais aussi de résoudre certaines difficultés notamment pour la gestion du démarrage avec bootupd, les labels SELinux et l'utilisation de conteneurs pour les scriplets pré et post installations des paquets. Depuis Fedora Linux 39 où Silverblue et Kinoite ont amorcé la transition, l'édition IoT était la dernière variante à ne pas avoir franchi le pas.
Fedora sera construit avec DNF 5 en interne. Ainsi les outils Mock, Koji et Copr passent le cap, en attendant Fedora Linux 41 pour que cela soit le cas pour les utilisateurs de la distribution. L'objectif est ici double. Les développeurs de DNF auront un retour d'expérience grandeur nature sur cette version et permettra d'identifier d'éventuels problèmes. Pour l'infrastructure, DNF 5 est plus léger en mémoire, plus performant et consomme moins d'espace disque ce qui permettrait de gagner du temps dans la construction des RPM et des images et de réduire la pression sur le matériel employé à ces tâches.
Les macros forge passent du paquet redhat-rpm-config à forge-srpm-macros. Ces projets sont maintenant distincts upstream et ce premier dépend maintenant du second. L'objectif est de simplifier la possibilité d'exécuter des tests automatiques sur ces macros afin d'améliorer leur fiabilité.
Phase 3 de l'usage généralisé des noms abrégés de licence provenant du projet SPDX pour la licence des paquets plutôt que des noms du projet Fedora. L'objectif de cette phase est de poursuivre le travail entamé dans les versions précédentes en convertissant l'essentiel des paquets RPM vers ce nouveau format. Cependant le travail devrait être achevé pour l'ensemble des paquets pour Fedora Linux 41.
La construction de certains paquets échouera si l'éditeur de lien détecte certaines classes de vulnérabilité dans le binaire en construction. C'est la macro %{hardened_build} qui est étendue pour fournir ce service, cela ne concerne que les paquets l'utilisant. Il peut ainsi générer une telle erreur s'il détecte une pile exécutable, un segment chargeable en mémoire avec des permissions en lecture, écriture et exécutable ou un fil d'exécution local ayant un segment exécutable. L'objectif est donc de renforcer le caractère non modifiable des sections mémoires exécutables pour limiter le risque de failles de sécurité. Cela est fait grâce à l'éditeur de lien BFD qui fournit de telles vérifications. Jusqu'à présent ces cas étaient détectés mais ne généraient que des avertissements qui étaient de fait ignorés.
Compilation des paquets en convertissant plus d'avertissements comme erreurs lors de la compilation des projets avec le langage C. L'objectif est de supprimer de plus en plus de code utilisant d'anciennes constructions qui sont source de bogues d'une part, mais qui seront aussi progressivement interdites par défaut avec les futures versions de GCC. Par ailleurs, certains de ces éléments pouvaient être bloquants pour l'adoption d'une nouvelle norme C de référence pour certains paquets.
Voici la liste des changements opérés :
Suppression des déclarations implicites de fonctions : 54 paquets concernés ;
Suppression du type implicite int quand le type est omis : 5 paquets concernés ;
Obligation de mentionner les types dans les arguments lors de la déclaration de fonctions : aucun paquet concerné ;
Interdiction de conversions implicites entre entier et pointeurs : 100 paquets concernés ;
L'instruction return doit avoir les arguments qui correspondent au type de retour d'une fonction (donc pas d'argument si void, et non vide si un entier est attendu par exemple) : 13 paquets concernés ;
Interdiction des conversions implicites de pointeurs de types différents : 381 paquets concernés.
Certains changements devraient voir le jour dans le futur :
Interdiction des déclarations de fonctions dans le style pré-C89 ;
Interdiction d'utiliser des mots clés bool, true ou false avec des définitions locales plutôt que d'utiliser l'en-tête de la bibliothèque standard ;
Déclarer une fonction sans argument comme void foo() aurait le même sens qu'en C++, à savoir équivalent à void foo(void) plutôt qu'à accepter n'importe quel type d'arguments.
Clap de fin pour la construction des mises à jour au format Delta RPM. Ils sont désactivés par défaut dans la configuration de DNF et Fedora ne les générera plus. Cette fonctionnalité permettait pour les mises à jour de ne télécharger que la différence entre le paquet déjà installé et celui à mettre à jour. Cela permettait de réduire la quantité de données à télécharger, la machine de l'utilisateur pouvait reconstruire le paquet à partir de ces informations et ainsi obtenir la nouvelle version. Mais en pratique la fonctionnalité se révèle de moins en moins pertinente. Tout d'abord le processus n'est pas fiable à 100%, parfois la reconstruction échoue et dans ce cas le nouveau paquet est totalement téléchargé à nouveau ce qui conduit à un gaspillage de ressources. De plus peu de paquets étaient concernés, les delta RPM étaient d'ailleurs construits en général que d'une version à une autre ce qui la rend fonctionnelle surtout pour ceux qui mettent à jour très régulièrement leur système. Et pour que cette fonctionnalité soit exploitable, ces fichiers delta rpm font partie des métadonnées que DNF télécharge. Sauf que c'est le cas même si les delta rpm sont désactivés par l'utilisateur, ou pour les systèmes reposant sur rpm-ostree ou utilisant un GUI comme GNOME Logiciels car PackageKit comme rpm-ostree ne se servent pas de ces métadonnées. Au final cela pénalise toute l'infrastructure qui doit générer et stocker ces données, et beaucoup d'utilisateurs qui subissent les inconvénients sans les avantages le tout pour un gain jugé marginal pour ceux qui s'en servent : moins de 8% de réduction de la taille des téléchargements en moyenne.
Les JDKs ne sont générés qu'une fois, et rempaquetés ainsi à toutes les variantes du système. Pour cela les paquets du JDK sont générés à partir de la version la plus ancienne de Fedora Linux encore maintenue, et le résultat est directement réutilisé pour former les paquets des autres versions du système. Cela réduit considérablement le temps de validation de chaque JDK car il y a cinq fois moins de versions différentes à gérer. Cela permettra aux mainteneurs de maintenir la diversité actuelle des JDK à savoir les versions 1.8.0, 11, 17 et la dernière (actuellement la version 20). Si ce résultat ne permet pas de libérer assez de temps aux mainteneurs, la réduction du nombre de JDK à l'avenir pourrait être considérée.
Les images immuables pour les systèmes personnels comme Silverblue seront nommées sous la dénomination Atomic pour éviter la référence au terme immuable qui est confus pour les utilisateurs. Les noms de variantes Silverblue, Kinoite, Sericea et Onyx vont être préservés, l'objectif est de donner une dénomination commune qui utilise le terme Atomic déjà employé par l'édition Cloud par exemple. Le terme immuable est en effet considéré comme peu clair car si le système principal est majoritairement en lecture seule, il ne l'est pas totalement notamment pour la configuration ou les parties dynamiques du système. Alors que le système repose sur le concept d'atomicité en ayant une approche par état du système, d'où la nécessité de redémarrer pour changer cet état notamment lors d'une mise à jour par ailleurs.
L'objectif est donc purement au niveau de la communication autour de ces systèmes. Cependant les nouvelles variantes devraient utiliser ce terme dans ce nom comme par exemple Fedora XCFE Atomic si jamais cette variante prend vie un jour.
La communauté francophone
L'association
Borsalinux-fr est l'association qui gère la promotion de Fedora dans l'espace francophone. Nous constatons depuis quelques années une baisse progressive des membres à jour de cotisation et de volontaires pour prendre en main les activités dévolues à l'association.
L'association est en effet propriétaire du site officiel de la communauté francophone de Fedora, organise des évènements promotionnels comme les Rencontres Fedora régulièrement et participe à l'ensemble des évènements majeurs concernant le libre à travers la France principalement.
Si vous aimez Fedora, et que vous souhaitez que notre action perdure, vous pouvez :
Adhérer à l'association : les cotisations nous aident à produire des goodies, à nous déplacer pour les évènements, à payer le matériel ;
Participer sur le forum, les listes de diffusion, à la réfection de la documentation, représenter l'association sur différents évènements francophones ;
Concevoir des goodies ;
Organiser des évènements type Rencontres Fedora dans votre ville.
Nous serions ravis de vous accueillir et de vous aider dans vos démarches. Toute contribution, même minime, est appréciée.
Si vous souhaitez avoir un aperçu de notre activité, vous pouvez participer à nos réunions mensuels chaque premier lundi soir du mois à 20h30 (heure de Paris). Pour plus de convivialité, nous l'avons mis en place en visioconférence sur Jitsi.
La documentation
Depuis juin 2017, un grand travail de nettoyage a été entrepris sur la documentation francophone de Fedora, pour rattraper les 5 années de retard accumulées sur le sujet.
Le moins que l'on puisse dire, c'est que le travail abattu est important : près de 90 articles corrigés et remis au goût du jour.
Un grand merci à Charles-Antoine Couret, Nicolas Berrehouc, Édouard Duliège et les autres contributeurs et relecteurs pour leurs contributions.
La synchronisation du travail se passe sur le forum.
Si vous avez des idées d'articles ou de corrections à effectuer, que vous avez une compétence technique à retransmettre, n'hésitez pas à participer.
Comment se procurer Fedora Linux 40 ?
Si vous avez déjà Fedora Linux 39 ou 38 sur votre machine, vous pouvez faire une mise à niveau vers Fedora Linux 40. Cela consiste en une grosse mise à jour, vos applications et données sont préservées.
Here are some more private emails I received that show the culture
of punishing people.
Punishment is a key element of a modern slavery regime.
By way of background, I resigned from mentoring at a time when
I lost two family members. I noticed when people started punishing
Dr Norbert Preining and I stood up to defend him. The gangmasters became
hysterical when I challenged their authority and then they started
spreading rumors about me as well.
Gunnar is writing about "sentences", as in putting people in prison.
Sentence, in this context, is synonymous with punishment. Punishment
is synonymous with modern slavery.
Subject: Re: Censorship in Debian
Date: Thu, 17 Jan 2019 16:10:07 -0600
From: Gunnar Wolf <gwolf@iiec.unam.mx>
To: Daniel Pocock <daniel@pocock.pro>
Hello Daniel,
I won't get into the details of your mail - Just answering in general.
My recommendation is... Given half of your "sentence" has already
passed, and the difficulty *any* such kind of process would mean, I
suggest you just wait for the extra needed time and ask for the ban to
be lifted.
I do hope you reflect on your communication patterns. The mails you
sent to d-project did _nothing good_ to heal your image in
Debian. Much to the contrary.
I don't know if your case was Chris' personal issue or if it exhibited
a larger issue; after all the energy that was wasted in d-private in
the last few weeks, I really don't want to go back into that.
Greetings,
In a professional environment, if you want to influence people, you
either pay them or you exhibit very good leadership skills yourself.
In modern slavery, if you want to influence people, you use
punishments, prisons and sentences.
Gunnar is a professor at Universidad Nacional Autónoma de México (UNAM).
Two weeks later at FOSDEM 2019, Molly de Blanc showed the infamous
slide with a cat behind bars. The picture implies some force is used to impose upon developers against our will. What she has illustrated here is a concentration camp. If she displayed this slide in Germany she could be prosecuted for glorifying the holocaust.
Subject: Art
Date: Thu, 07 Mar 2024 15:52:22 +0000
From: Cade Foster <cade.foster117@proton.me>
To: daniel@pocock.pro <daniel@pocock.pro>
Sent with Proton Mail <https://proton.me/> secure email.
Why are people sending me messages like this? They have been incited
to behave this way. The real crime is the crime of incitement.
Jonathan Carter has used his position as Debian Project Leader
to send more emails inciting the mob to harass my family and I.
These people don't pay us anything for our work. If we don't obey
them, they rush to punishments and public humiliation.
It is modern slavery. Is it any surprise that there is a
Debian suicide cluster?
And what a week it was! Fedora Linux 40 got the ‘GO’ at the Go/No-Go meeting on Thursday so that means a brand new release of Fedora Linux is arriving to you tomorrow, Tuesday 23rd April!
Read on to hear about other exciting Fedora news
CfPs & Events
Flock to Fedora
The CfP for Flock to Fedora has been extended until Monday April 29th, so dont delay if you have been thinking about submitting something – here is your chance!
Devconf.us
Devconf.us is returning this year in Boston, MA from August 14th – 16th. Their cfp is closing today, so get it in quick if you have had something in draft.
Fedora Linux 41
Now that F40 is releasing, attention will be on the development of F41 which has been happening for a while now. Here are some deadlines for all you change proposal enthusiasts, and for other key dates like the beginning of the Beta freeze and mass rebuild, please view the release schedule.
June 19th – Changes requiring infrastructure changes
June 25th – Changes requiring mass rebuild
June 25th – System Wide changes
July 16th – Self Contained changes
If you are unsure of how to propose a change, there is some excellent documentation and video tutorial to help, and you can always reach out directly to me too.
A full list of the already accepted changes for Fedora Linux 41 can be found on the change set page too.
Elections
The F40 elections will begin soon! There are some changes to this cycle, which you can read about them in more detail in the Elections blog post coming later this week and do consider nominating yourself or someone you think would be a great person on Council, FESCo, Mindshare or EPEL when the nominations page is live. Please do make sure the person you are nominating is on board with their nomination too
Help Wanted
Help is always greatly appreciated.We also have some packages needing some new maintainers and others needing reviews. See below links to adopt and review packages!
The Debian Social Contract, point 3 tells us
We won't hide problems. Yet there is a pattern, whenever an
election candidate wants to have a frank discussion about the problems,
small minded people like Lamb embark on a pestering campaign to have
their blogs and emails censored.
From: "Chris Lamb" <lamby@debian.org>
To: community-council@lists.ubuntu.com
Date: Sat, 30 Mar 2019 07:22:25 -0400
Subject: Inappropriate content on planet.ubuntu.com?
Hi CC,
I'm not sure if this is the right place to send this but is is really
appropriate for posts such as:
https://danielpocock.com/dont-trust-me-trust-the-voters
.. to appear on Planet Ubuntu?
I don't like to make legalistic arguments but this would appear to be
CoC violation or, at the very least, the pattern and history of posts
both on Planets and elsewhere constitutes one IMHO.
Do note that the above post has been apparently engineered to not
appear on his homepage whilst remaining aggregated on your Planet.
This, of course, hardly engenders the relaxed and welcoming attitude
I'm sure our respective communities wish to promote.
I would love to know your thoughts on the above.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org � chris-lamb.co.uk
`-
The Flock to Fedora 2024 call for proposals (CFP) is now extended to Monday, April 29th 2024 at 11:59 PM US Eastern. Now is the last chance to get your great idea or topic into the Flock 2024 CFP before it closes. This will be the only extension and the new deadline is final.
Please join us at the next regular Open NeuroFedora team meeting on Monday 22 April at 1300 UTC.
The meeting is a public meeting, and open for everyone to attend.
You can join us in the Fedora meeting channel on chat.fedoraproject.org (our Matrix instance).
Note that you can also access this channel from other Matrix home severs, so you do not have to create a Fedora account just to attend the meeting.
You can use this link to convert the meeting time to your local time.
Or, you can also use this command in the terminal:
$date-d'Monday, April 22, 2024 13:00 UTC'
The meeting will be chaired by @ankursinha.
The agenda for the meeting is:
Josh and Kurt talk about a database of game cheaters. Cheating in games has many similarities to security problems. Anti cheat rootkits are also terrible. The clever thing however is using statistics to identify cheaters. Statistics don’t lie. Also, we discuss the Pretendo project sitting on a vulnerability for a year, is this ethical?
FreeBSD arm64 support. --track-fds=yes now warns against double close, generates (suppressible) errors and supports XML output. s390x supports more z16 instructions. More accurate x86_64-v3 instruction support. Wrappers for wcpncpy, memccpy, strlcat and strlcpy. Support Linux syscalls mlock2, fchmodat2, pidfd_getfd. And much more. 50+ bug fixes, 280+ commits by 14 developers since 3.22.0.
Fedora rawhide binary packages are available for aarch64, i686, ppc64le, s390x and s390x.
This is just a quick update that I’m updating my primary email address. A year or so ago, I bought the domain dieter.ie (since I’m resident in Ireland, it seemed like a good choice), and it seemed time to put it to good use. My blog will continue to be hosted on jdieter.net, but my primary email address is now jonathan@dieter.ie. My previous Gmail address will continue to work and I’m not giving it up any time soon.
I’m also very aware that it’s been a while since I last posted. The company I work for, Spearline, was acquired just over a year ago by Cyara, and life has been unusually hectic over the last year. Hopefully I’ll have some time to post a bit more frequently in the near future. In the meantime, I’ve included a picture I took yesterday of an old ringfort nearby. West Cork is beautiful when the weather’s nice!
They submit many boilerplate documents containing copies of
the domain and trademark registrations. On top of that, they
only submit three other documents.
One of those is the copy of a judgment from a previous Debian
dispute. The judgment expresses concern about some specific images on another
web site. The complaint does not provide any examples of those
images or any similar content on any of my own Debian web sites.
Therefore, this judgment can't be extrapolated to content on my
own web sites.
They provide a copy of biographical information about me from
my company web site. This is not published on one of the domains
in dispute so it is not relevant. By providing this, they are insulting
me. Looking at the very first archived copy of an email from
the debian-project mailing list in 1994, we
find that Debian co-authors are using the term
Debian Developer four years before there was a trademark. That is
four years before the Debian Project constitution. The term
Debian Developer is completely valid
for somebody who has done significant creative work over many
decades. In plain English, the term Debian Developer can mean
three things: somebody who possesses the skill of creating
Debian software, somebody who has an authorship interest in
the Debian software and thirdly, but lastly, somebody who is
a member of the clique. Copyright law does not require somebody
to be a member of the clique. I never joined the Debian Project
Unincorporated Association, I have always used the term
Debian Developer first and foremost to describe myself as an author with
moral rights in the creative work. Given that they have taken
this text from a web site that is not even part of the dispute,
I feel the legal panel would be best to avoid getting involved
in this aspect of the dispute.
The third document they provide is a defamation they created
themselves. They are clearly hoping to have WIPO republish
insults and defamation to cause some sort of harm to my
ability to work and feed myself.
They allege that there was some issue of harassment
but do not provide any details. They claim it was in the year
2018, a period when I lost two family members. Their insistence
on twisting a knife in my back at such a time only proves
bad faith on their part.
In various ways, we can see that the document they submitted
is a fraud that has the possibility of deceiving the WIPO
legal panel.
For starters, the harassment began in 2017. Even
the year specified in their evidence is wrong. Therefore,
the evidence they are submitting is a deliberate deception that
tries to invert the story.
Here is the internal report about the harassment. The date is 12
October 2017 so the misfits are clearly lying to the WIPO
legal panel. I have redacted the section that identifies
underage victims.
There you have it. The most senior student representative to have
had contact with a member of the choir in the era of Cardinal Pell has
subsequently arrived in Albania and correctly and discretely raised the
alarm about pimps and pedophiles using funds from Mozilla, IBM Red Hat
and other tech companies to bait their child victims and young women.
It is creepy how the complainants deception about the dates and details
mirrors the case of the
Swiss JuristGate scandal. The
Swiss financial regulator, FINMA, has published a summary
of their decision to shut the rogue firm. In the summary
of the decision, not only does FINMA redact the names of those
responsible for ripping off the customers, FINMA even redacts the dates.
One of the reasons FINMA is redacting the dates is to hide how long
the regulator and the bar association really knew about the scandal.
The hidden dates are examined in more detail in my first
blog post about Juristgate. Here is a screenshot from the FINMA
document showing where the year is obfuscated / redacted:
The FSFE
Fellowship elected me as a community representative in April 2017.
Shortly after that, women in Albania confided in me about the incidents
of harassment. I traveled there again to help organize a MiniDebConf
and Fedora Women's day and in the process, I became a witness to
acts of harassment and a serious possibility of underage abuse.
All of this clearly began in 2017 but the defamation created by
Debian seeks to obfuscate the year and the source of the harassment.
They completely fail to thank me for the effort I made supporting
these women. This was an effort above and beyond what had
been anticipated when I volunteered to speak at the conference
in Albania.
At the time, I had confided in the women that I was watching
these matters very carefully because one of my cousins, who is much
younger than me, had been in the St Patrick's cathedral choir
during the time Cardinal George Pell was Archbishop of Melbourne.
The Pell case was one of the most high profile allegations of abuse
in the Catholic Church. The Royal Commission notes in their
report that of 15,000 victims who contacted them,
the Catholic Church was implicated in far more cases than all the other
religions combined.
In the meantime, Carla had also written about her eating disorder
on her web site. Research estimates that at least thirty percent
of women with these conditions have been victims of harassment or
abuse in childhood.
Various people appeared to resent the fact that women had given
evidence about an (IBM Red Hat) Fedora Ambassador and Mozilla
Tech Speaker to an independent, elected community representative
who was not under any obligation of confidentially to the companies
funding the Albanian groups. In other words, these companies
would have prefered to see the women reporting scandals through
internal company channels.
Shortly after I received this information from women, the FSFE
revised their constitution to
remove their annual elections and
ensure there would never be any other community representative again.
The complete removal of the election and the representative position
proves that this wasn't about any failing on my own part, this was
about the companies behind FSFE wanting to ensure that complaints
about their people wouldn't reach any independent outsider who
might be elected next.
At the end of the process, Mozilla produced a report about the
harassment. I have never been given a copy of the report and
the complainant has not submitted the report either. I don't
feel the complaint should be taken seriously at all unless all
parties, including the legal panel, are granted access to all these
original, contemporaneous documents about the origins of the
harassment and my support for the victims.
Meanwhile, at the very same time as the Cardinal Pell trial
was progressing in Australia, family and friends were shocked to
see mysterious references to abuse circulated on social media.
I don't even have any social media accounts myself so I only
started hearing about these character assassination plots
from witnesses who saw the smears. Cardinal Pell was convicted in December
2018 and a few weeks later, in January 2019, Joerg Jaspert of the
Debian Account Managers team put
mysterious references to abuse in one of our
Debian source code repositories.
One of the findings from the Royal Commission states that
abuse survivors who came forward took an average of 23.9 years to talk about
what happened to them.
Having attended a Catholic school in the same neighborhood and
having multiple connections with fellow alumni and the diocese, it
would not be a surprise for me if any one of the people I know
might reveal themselves to be connected with the scandal at some
point in the future.
Moreover, two of my cousins passed away far too young.
It is so shocking for me to see how these dirty men are playing these
games with the subject of abuse.
At the time that Joerg Jaspert started making these privacy
violations, he was on the school council at Dalbergschule in Fulda, Germany.
Local magazines published a photo of him in a Debian t-shirt
with other parents Claudia Beck and Ina Riechert.
How can the other parents and staff trust this dirty man with
any sensitive topics when he runs around spreading gossip about abuse
in the debian-private world?
Given that background, I find it abhorrent that these silly
people claim to be victims of abuse when what really happened
is they got caught doing the wrong thing. By claiming to be
victims of harassment and abuse, by hijacking and distorting
the language of sexual misconduct they are asking us to exhibit the same
sympathy for long-distance peeping toms at Google as we would for those
15,000 child victims.
Here is another example of Debianists pretending to be
part of the sexual crimes detective unit and circulating
gossip as if it was truth. The email is written by Russell Coker, a
Debian Developer in Australia, half way around the world from
where the rumors started in Berlin. How could he write such
forceful words about Dr Appelbaum when it is something he had no way to see?
This shows how Debianists use their titles and their trademark
to make stuff up and then give weight to defamation.
This type of rogue behavior makes it even harder
for the community to know when real victims take the difficult step
of coming forward with real reports of abuse.
Bad faith: deliberately conflating different types of harassment and abuse
The complainant frequently raises concerns about "harassment"
and "abuse" whenever somebody asks a question they don't want to reply
to.
Yet it doesn't stop there.
Not only do they claim to be victims of "harassment" and "abuse",
they deliberately seek to conflate different meanings of these words.
It works a bit like the game of Chinese Whispers.
The classic example was the lynching of Dr Jacob Appelbaum.
One person posted messages about "harassment". Somebody else who wasn't
actually there extrapolated that into "sexual harassment". Then another
person who was all the other way over the other side of the world in
Australia forcefully writes that it was a "rape".
The word "abuse" is used in much the same way. Somebody asks
a question about the bank account. The question is disparaged as
an unqualified example of "abuse". Later, somebody adds a prefix,
people mention "sexual abuse". But there is nothing sexual about
asking why somebody's girlfriend got paid to do work that other
volunteers do for free. We saw them using this word game in
relation to Prof Eben Moglen recently.
Not only are they trying to defame the person asking a serious
question but we also have to remember that when people try to
portray themselves as victims of "abuse", they are siphoning off a little bit
of credibility from the real victims, like those incredibly young boys
and girls who made complaints about institutional abuse. The pretend
victims and their antics dilute the credibility of the real victims.
Most healthy people are turned off by discussions like this. Yet
there is a subculture around Debian, a subgroup of volunteers who appear
to take some voyeuristic interest in making these word games with references
to abuse, the type of thing we see in the blog post by Matthew Garrett.
Just how did Garrett become an expert on abuse?
These comments about the phenomena may appear quite strong and
defamatory at first glance but the evidence is already public. Have
a look at the controversy about the package with the name "weboob".
According to reports, the source code is laced with crude references
to women. The package was
discussed on debian-private. Quite a few Debian men,
like Axel Beckert, a system administrator at the ETH Zurich university,
defended the package during his working hours.
Subject: Re: weboob package
Date: Fri, 13 Jul 2018 14:29:58 +0200
From: Axel Beckert <abe@debian.org>
Organization: The Debian Project
To: debian-private@lists.debian.org
Hi,
Jonathan Dowland wrote:
> Yesterday I stumbled across the "weboob" package for the first time,
> which includes a slew of binaries with names similar to the following:
[...]
So what? I don't see any problem with that. (And I don't see why
there's a thread on debian-private about it.)
Regards, Axel
--
,''`. | Axel Beckert <abe@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Develoober, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bad faith: using WIPO and an Albanian gangmaster to defame me
I previously documented how I was a witness to acts of
harassment and the risks to underage participants by two
Albanian men. I attached the emails showing how this was
raised through internal channels at Mozilla.
When Chris Lamb decided to attack me on our wedding anniversary,
he actually used Elio Qoshi, the Albanian bringing a sixteen year old
girlfriend to tech conferences, to distribute the messages about
the vendetta.
At the time, I was with one of the victims. Women who had worked
with me personally had been surprised to see Lamb colluding with
these Albanian gangmasters. I took a photo of the message that
the Albanian forwarded from Lamb to the phones of female victims:
It is an extraordinary example of corruption. When I saw
Chris Lamb colluding with Elio Qoshi to denounce me at such a
painful time for my family, I couldn't help thinking of men like
Jimmy Saville and Rolf Harris collaborating in their
crimes.
Chris Lamb: You are well-aware that I
have been nothing but scrupulous and gentlemanly with regards to your
personal privacy and thus ...
The dishonesty of these misfits is as extraordinary as the
intrusion into the family lives of volunteers.
As Debian is an operating system, it is relied upon as the foundation
for so many other things that people do with their computers both
in industry and in private. In other words, people put a lot of trust
in the operating system but we can't trust the people making it.
Here we have caught the then leader of Debian using a common
garden variety Albanian pimp to spread rumors about a long standing
volunteer and also publicly lying about the matter.
Now these dirty little men aspire to exploiting a WIPO panel
in the same way they used this Albanian gangmaster to denounce
my family and I on the anniversary of our wedding. As mentioned
earlier, the deadline set by WIPO was Carla's birthday.
When submitting a UDRP case to WIPO, complainants are asked to sign a
declaration stating that they are not using the UDRP for harassment.
Here is what was submitted to WIPO for the Debian Community censorship
case:
Here is a similar declaration submitted in the latest WIPO UDRP
censorship case:
In the 2022 case, the WIPO panel did not publish the names of any
volunteers or make any accusations against volunteers. Yet as soon
as the Debianists had seized the domain, it was used to publish attack
pages directed at a single volunteer.
The victim has exercised his legal rights under the GDPR and asked
for the public attacks to be removed. The trademark holder in their high
arrogance has decided they are above the law of the GDPR.
Therefore, in hindsight, we can see that the 2022 case really was
intended for harassment. They simply didn't use the domain name
for anything else.
The Wayback Machine has captured snapshots of the page:
The volunteer resigned from mentoring at a time when he lost two family
members. The trademark holder has made a gross violation of the privacy
of this man's family.
We can only wonder, why did the trademark holder have to change their
lawyer after the 2022 case? Is it because they tricked Jonathan Cohen
into signing that declaration and then after seizing the domain,
they reneged on the declaration Cohen had signed for them and used the
domain for harassment anyway?
Lawyers don't like to be used like that. Is it possible that Cohen
has declined to work for these puppet masters again?
Adolf Hitler was born on 20 April 1889 in Austria. Today would be
the Fuhrer's 135th birthday.
In 1939, shortly after Hitler annexed Austria, the Nazi command
in Berlin had a big celebration for
the 50th birthday of Adolf Hitler. It was such a big occasion
that it has its own Wikipedia entry.
One of the quotes in Wikipedia comes from British historian
Ian Kershaw:
an astonishing extravaganza of the Führer cult. The lavish
outpourings of adulation and sycophancy surpassed those of any previous
Führer Birthdays
For the first time ever, the Debian Project Leader election has finished
just after 2am (Germany, Central European Summer Time) on the birthday
of Hitler and
the winning candidate is Andreas Tille from Germany.
Hitler's time of birth was 18:30, much later in the day.
Tille appears to be the first German to win this position
in Debian.
We don't want to jinx Tille's first day on the job so we went to
look at how each of the candidates voted in the 2021 lynching of
Dr Richard Stallman.
Here we trim the
voting tally sheet
to show how Andreas Tille and Sruthi Chandran voted on the question
of lynching Dr Stallman:
Tally Sheet for the votes cast.
The format is:
"V: vote Login Name"
The vote block represents the ranking given to each of the
candidates by the voter.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Option 1--------->: Call for the FSF board removal, as in rms-open-letter.github.io
/ Option 2-------->: Call for Stallman's resignation from all FSF bodies
|/ Option 3------->: Discourage collaboration with the FSF while Stallman is in a leading position
||/ Option 4------>: Call on the FSF to further its governance processes
|||/ Option 5----->: Support Stallman's reinstatement, as in rms-support-letter.github.io
||||/ Option 6---->: Denounce the witch-hunt against RMS and the FSF
|||||/ Option 7--->: Debian will not issue a public statement on this issue
||||||/ Option 8-->: Further Discussion
|||||||/
V: 88888817 tille Andreas Tille
V: 21338885 srud Sruthi Chandran
We can see that Tille voted for option 7: he did not want Debian's name
used in the attacks on Dr Stallman. However, he did not want Debian
to denounce the witch hunt either. This is scary. A lot of Germans were
willing to stand back and do nothing while Dr Stallman's Jewish ancestors
were being dragged off to concentration camps.
The only thing necessary for the triumph of evil is that
good men do nothing.
On the other hand, Sruthi Chandran appears to be far closer to the
anti-semitic spirit. She put her first and second vote preferences next
to the options that involved defaming and banishing Dr Stallman.
Will the new DPL be willing to stop the current vendettas against a
volunteer and his family? Or will Tille continue using resources for
stalking a volunteer in the same way that Nazis stalked the Jews?
Adolf Hitler famously died by suicide, a lot like the founder of
Debian, Ian Murdock, who was born in Konstanz, Germany.
Will Tille address the questions of the
Debian suicide cluster or will he waste more money on legal fees
to try and cover it up?
The date September 11, also referred to as 9-11, is well known as the
anniversary of the tragic attacks that Al Qaeda made against targets
in the United States of America.
Shortly after the anniversary of the attacks in September 2010,
Der Spiegel published
an article about Operation Pastorius,
Hitler's plans that included the use of either missiles or kamikaze pilots
to destroy the towers of New York City.
Many free software products and free software organizations have been
founded in the United States and have been founded on promises of freedom
that resonate with the American philosophy.
Various observers have noted that these values, inspired by the
First Amendmant and Bill of Rights, are closely intertwined with
the philosophy of software freedom.
In
Coding Freedom (E. Gabriella Coleman, Princeton University Press),
the author explores many of the synergies between freedom philosophies
in licenses, in technology and in speech. Interestingly,
Coleman anticipates the vendettas being practiced through the UDRP today:
Because a commitment to free speech and intellectual property
is housed under the same roof—the US Constitution—the potential for conflict
has long existed. For most of their legal existence, however, conflict was
noticeably absent, largely because the scope of both free speech and
intellectual property law were more contained than they are today. It was only
during the course of the twentieth-century that the First Amendment and
intellectual property took on the unprecedented symbolic and legal mean-
ings they now command in the United States as well as many other nations.
while noting the intersection of Debian with the DeCSS affair
and other milestones in the evolution of the Internet:
Much of the coherence emerged through reasoned political debate.
Cleverness—or prankstership—played a pivotal role as well. Prodromou,
a Debian developer and editor of one of the first Internet zines, Pigdog,
circulated a decoy program that hijacked the name DeCSS, even though it
performed an entirely different operation from Johansen’s DeCSS.
In the following year, Bruce Perens reframed this definition
as the Debian Social Contract (Debian Project 2004), emphasizing the
rights of, and programmers’ responsibilities to, the community of
users.
The
Fedora Foundations, advanced by Red Hat, now a subsidiary of IBM,
brought together developers under a similar promise:
Freedom: We are dedicated to free software and content.
Advancing software and content freedom is a central community goal,
which we accomplish through the software and content we promote.
Many of us have contributed decades of work under these terms
and conditions, the promise of an American style of freedom.
Yet this is under attack and one of the most dramatic attacks
in the history of free software was launched on September 11, 2022,
when a group of fascist Germans and Swiss banded together to demand
state violence against volunteers discussing
the toxic culture in Debian.
The September 11 attacks were notable for the impact on the emergency
services, especially the firemen. One of the volunteers being attacked
started doing voluntary work with the Wireless Institute Civil
Emergency Network (WICEN) when he was fourteen years old.
How would you feel if little Germans like Axel Beckert at ETH Zurich
were plotting against you and your family on the anniversary of
the most notorious terrorist attacks in living memory?
The September 11 attacks involved a huge and immediate loss of life.
In Debian, we have seen the
evidence of a suicide cluster slowly coming out of the shadows.
One of the volunteers has died, in a possible suicide, on the very
same day the latest victim went to the church to get married.
How much of the
$120,000 Debian legal budget paid for this abhorrent attack on American
principles and freedoms that underpin the world of free software?
Who pocketed that money?
The Wayback Machine has captured images of the Justicia SA web site
in the weeks before the legal insurer was shut down by FINMA, the Swiss
financial regulator.
Depuis plusieurs années, j’ai utilisé OpenWRT, mais je n’étais pas pleinement satisfait de ma solution de contrôle parental. C’était principalement à cause de l’utilisation des services d’OpenDNS, qui était nécessaire en raison de mes deux routeurs Redmi AC2100 ayant une capacité mémoire limitée (seulement 128 Mo). J’ai, depuis peu, fait l’achat d’un routeur Redmi AX6000 […]
We provide you both an infographic and a text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in-depth details look at the infographic.
Week: 15 April – 19 April 2024
Infrastructure & Release Engineering
The purpose of this team is to take care of day-to-day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work. It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces, etc.). List of planned/in-progress issues
Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS, Scientific Linux (SL) and Oracle Linux (OL).
Updates
Texas Linux Fest (TXLF) was held from 12-13 April
Carl gave talk on the state of EPEL
Also manned the EPEL and Fedora booth
EPEL docs are being reworked to include onboarding processes
Also including an overall cleanup, better UI/UX
Community Design
CPE has few members that are working as part of Community Design Team. This team is working on anything related to design in Fedora Community.
For the last few months, Benjamin Tissoires and I have been working on and polishing a little tool called udev-hid-bpf [1]. This is the scaffolding required quickly and easily write, test and eventually fix your HID input devices (mouse, keyboard, etc.) via a BPF program instead of a full-blown custom kernel driver or a semi-full-blown kernel patch. To understand how it works, you need to know two things: HID and BPF [2].
Why BPF for HID?
HID is the Human Interface Device standard and the most common way input devices communicate with the host (HID over USB, HID over Bluetooth, etc.). It has two core components: the "report descriptor" and "reports", both of which are byte arrays. The report descriptor is a fixed burnt-in-ROM byte array that (in rather convoluted terms) tells us what we'll find in the reports. Things like "bits 16 through to 24 is the delta x coordinate" or "bit 5 is the binary button state for button 3 in degrees celcius". The reports themselves are sent at (usually) regular intervals and contain the data in the described format, as the devices perceives reality. If you're interested in more details, see Understanding HID report descriptors.
BPF or more correctly eBPF is a Linux kernel technology to write programs in a subset of C, compile it and load it into the kernel. The magic thing here is that the kernel will verify it, so once loaded, the program is "safe". And because it's safe it can be run in kernel space which means it's fast. eBPF was originally written for network packet filters but as of kernel v6.3 and thanks to Benjamin, we have BPF in the HID subsystem. HID actually lends itself really well to BPF because, well, we have a byte array and to fix our devices we need to do complicated things like "toggle that bit to zero" or "swap those two values".
If we want to fix our devices we usually need to do one of two things: fix the report descriptor to enable/disable/change some of the values the device pretends to support. For example, we can say we support 5 buttons instead of the supposed 8. Or we need to fix the report by e.g. inverting the y value for the device. This can be done in a custom kernel driver but a HID BPF program is quite a lot more convenient.
HID-BPF programs
For illustration purposes, here's the example program to flip the y coordinate. HID BPF programs are usually device specific, we need to know that the e.g. the y coordinate is 16 bits and sits in bytes 3 and 4 (little endian):
That's it. HID-BPF is invoked before the kernel handles the HID report/report descriptor so to the kernel the modified report looks as if it came from the device.
As said above, this is device specific because where the coordinates is in the report depends on the device (the report descriptor will tell us). In this example we want to ensure the BPF program is only loaded for our device (vid/pid of 04d9/a09f), and for extra safety we also double-check that the report descriptor matches.
// The bpf.o will only be loaded for devices in this list
HID_BPF_CONFIG(
HID_DEVICE(BUS_USB, HID_GROUP_GENERIC, 0x04D9, 0xA09F)
);
SEC("syscall")
int probe(struct hid_bpf_probe_args *ctx)
{
/*
* The device exports 3 interfaces.
* The mouse interface has a report descriptor of length 71.
* So if report descriptor size is not 71, mark as -EINVAL
*/
ctx->retval = ctx->rdesc_size != 71;
if (ctx->retval)
ctx->retval = -EINVAL;
return 0;
}
Obviously the check in probe() can be as complicated as you want.
This is pretty much it, the full working program only has a few extra includes and boilerplate. So it mostly comes down to compiling and running it, and this is where udev-hid-bpf comes in.
udev-hid-bpf as loader
udev-hid-bpf is a tool to make the development and testing of HID BPF programs simple, and collect HID BPF programs. You basically run meson compile and meson install and voila, whatever BPF program applies to your devices will be auto-loaded next time you plug those in. If you just want to test a single bpf.o file you can udev-hid-bpf install /path/to/foo.bpf.o and it will install the required udev rule for it to get loaded whenever the device is plugged in. If you don't know how to compile, you can grab a tarball from our CI and test the pre-compiled bpf.o. Hooray, even simpler.
udev-hid-bpf is written in Rust but you don't need to know Rust, it's just the scaffolding. The BPF programs are all in C. Rust just gives us a relatively easy way to provide a static binary that will work on most tester's machines.
The documentation for udev-hid-bpf is here. So if you have a device that needs a hardware quirk or just has an annoying behaviour that you always wanted to fix, well, now's the time. Fixing your device has never been easier! [3].
[1] Yes, the name is meh but you're welcome to come up with a better one and go back in time to suggest it a few months ago.
[2] Because I'm lazy the terms eBPF and BPF will be used interchangeably in this article. Because the difference doesn't really matter in this context, it's all eBPF anyway but nobody has the time to type that extra "e".
[3] Citation needed
Article mise à jour le 17/04/2024 pour tenir compte des spécificités d’OpenWRT 23.05. Bien que je sois le très récent et heureux possesseur d’une Freebox Pop, j’ai fait le choix de continuer à déléguer la gestion de mon réseau ainsi que de mon partage Wi-Fi, non pas à la Pop, mais à OpenWRT. Les avantages […]
Also, I’ve sent two poster proposals for Wikimania 2024:
Towards a Very Small GLAM entities solution:
This proposal proposes an activity line for empowering very small GLAM entities with limited resources to preserve and document cultural heritage effectively. It comprises:
the development an open-source GLAM suite and
recommendations on affordable, reliable hardware.
The suite includes:
software such as unRAID OS with ZFS for data preservation and
Wikibase and packaged software services.
Also a preload of metadata for museology (ontologies and vocabularies) and a technical information collection in the form of linked open data and documents.
The proposal outlines the project’s timeline, funding sources, and physical and online community involvement.
and
Wikimedia LEADS a Learning Ecosystem and Ameliorating Data Space:
To create a free ecosystem and data-space for learning in the Wikimedia Movement. Ecosystem will extends the Movement with new classes of knowledge and addressing sustainability needs. With:
libraries of:
practices, modeled in Wikibase as Linked Open Data (LOD);
credentials, also modeled as LOD, based in ELM;
software extensions and services required for a working implementation in the Movement.
First will address the GLAM Wiki domain, producing incremental results ready to be adopted. This domain strongly intersects with the Wikimedia Movement.
Furthermore, the methodologies, tools and many of the specific contents will be applicable to any other knowledge areas.
We have coined the term Very Small GLAM to refer the community of very small GLAM institutions: private, public, formal or informal, etc. It has not a rigorous definition, but you can think in teams of less than 10 members and reduced budget. So we’ll drop the bombastic term of «Small GLAM SLAM».
About Wikimedia LEADS, this is a new line of work also based in Wikibase to develop a Wikimedia ecosystem of models for Essence practices and microcredentials. It has been proposed for an European Union grant so it has no funding yet. This initiative interesects with Very Small GLAM as both focuses first in contents for the GLAM Wiki domain, as project driver.
The SCaLE (The Southern California Linux Expo) community Linux event delivered an iconic experience with four days of open source training, exhibits, and general presentations. This year’s conference took place in Pasadena (Los Angeles) area.
This expo drew worldwide guests to discuss AI, Linux, security, embedded, IoT, and more. The Conference Chair, Mr. Ilan Rabinovitch, and Technical Committee Chairperson, Owen Delong paved the way for a smooth registration.
Conference Highlights
Fedora @ SCaLE 21x Linux Conference – Ready, Set, Go!
Justin Flory arranged and shipped hand-selected swag and marketing items to Brian Monroe. Items include: pens, stickers, commuter mugs, badge ribbons, badge lanyards, and more.
Furthermore, the ambassadors gathered up supplies for the conference.
Day 1: Thursday 14 March
Red Hatter Brian Proffitt carefully delivered our marketing notebook system.
In addition, Perry brought the following:
Dry-board markers
Dry-board flipchart easel
Opportunity drawing tickets
Leftover ribbons, mini-swag from 19x event
Safety scissors
Gaffers tape
Glue
And more!
Some of our ambassadors travelled in the morning, to catch earlier events and workshops. Others, however, arrived later to factor in traffic.
We met in the exhibit hall to check out the booth and to discuss strategy. Henceforth, we thought about our discussions and engagement to attract visitors. In contrast to SCaLE 20x, our booth was some distance away from the Red Hat booth.
The booth did not receive any free-standing banners this year. Thus, aside from our table cover, swag, and flip chart, we had few items to work with which had large Fedora branding. Soon, we discovered that some guests had initial challenges trouble locating our booth.
Upon dropping things off, some of us reconvened at the KWAAI Summit, new for 2024. Matt Small, Reza Rassool, Román Pineda, Khai Pham, John Willis, and others closed out the the event with an engaging Q&A, introductions, wrap up, and reception, for example.
Afterwards, Fedora joined the Red Hat and CentOS teams and others for a meal at the Yard House.
Day 2: Friday 15 March
Checking in on the other variants…
Alejandro and I set out for breakfast Friday and discussed booth and expo plans for the days ahead. Eventually, we headed off to the NixCon track co-located in SCaLE 21x to learn about Nix. We were surprised to find a very packed workshop.
Booth Setup
After a brief look into these OSes, we returned to the Expo Hall to begin putting our booth together. For example, Scott arrived to install a notebook system that he configured with Flatpak pinball game running atop Universal Blue.
Next, Perry set up a Fedora flip chart and pasted in a handy QR that Alejandro generated for guests to claim a Fedora badge. Then, Alejandro later wrote in our Fedora scheduled talks, which was handy for guests to take pictures of as they stopped by. Concurrently, Brian strategically set up swag items and carefully routed power within the booth.
Perry later stopped by the Red Hat booth to help raise the 5-person banner. It’s not heavy, however, but it is awkward and difficult to stand up with fewer than 5-people in attendance.
What an Exhibit at Fedora @ SCaLE 21x Linux Conference
At 10am, the Exhibit Hall opened. As a result, we had a steady stream of community throughout the reminder of the conference. Then, we took turns for breaks from time to time; however, as we were down a person, things felt a bit busier this year. We definitely missed not having Iván Chavero there.
We greeted approximately 400+ this day.
One of the many highlights from today was discovering a vending machine that dispenses temporary VMs. The buttons were quite amusing.
At length, a few of us met up with Red Hat, CentOS, at El Portal Restaurant for dinner.
El Portal Restaurant for dinner.
Rob McBryde: Coordinator of Karaoke goodness.
Subsequently, we met up with Red Hat and CentOS later at Barney’s Beanery to enjoy karaoke and merriment.
Day 3: Saturday 16 March
Specifically, Brian Monroe, Scott, and Perry met up early Saturday morning to go over slide logistics for our Exploring Immutable Linux Desktops with Fedora presentation later that day. Afterward, we caught up with Alejandro at the booth to continue engaging with guests and greeted approximately 500+ this day.
Perry dropped in on a Digital Art / Krita open-source application workshop that went over how the fundamentals of using this tool. They gave pointers on how they use the app in their workflow, for instance.
Nicholas Maramba and Helen Ortiz present “Digital Art Makes You Smart”
Humberto Macias, lucky winner of a Fedora commuter tumbler.
Portal to the endless wonder of immutable desktops..
Guests listened attentively at the Immutable Desktop presentation
Scott Williams chats with Joshua Loscar at the Red Hat Booth
Jeff Carlson ponders his next move..
We also held opportunity drawings throughout the week to beckon more booth interest. Indeed, this proved a success. 40+ people stopped by for each draw.
Comparatively, Perry, Brian Monroe, and Scott later delivered their presentation to 45+ guests.
Thereafter, we re-joined Alejandro to finish up meeting our community at the booth for the expo day. We ate a late linner at the Dog Haus to reflect on the week’s events.
Soon, SCaLE 21x held their annual game night event. Next, we reunited with friends and associates to catch up and enjoy.
Day 4: Sunday 17 March
All of us packed up our rooms early Sunday. Naturally, Alejandro and I re-joined up at the Cordova Cafe for breakfast.
Consequently, we made our way over to the Exhibit Hall to finish up a final day with guests. Altogether, we had a little breather to visit the CentOS booth and say hello.
Shaun McCance and Carl George exhibiting at the CentOS booth
The final exhibit day brought in about 250 guests to our booth. Following, our team packed up the booth for transport.
Ultimately, to complete a fine Sunday, we attentively listened to an excellent closing keynote provided by Bill Cheswick.
Suggestion / Feedback Box Items for Fedora @ SCaLE 21x Linux Conference
In addition, we had a booth sign-in sheet for visitors to help collect feedback and suggestions about Fedora and related efforts.
From data compiled, we summarize these key highlights:
Marketing: Many requests for Fedora new logo swag and shirts. Could use stuffed animals, socks, or something different, USB stick. More creative ideas, sticker ideas (hex are popular), floor banners with new logo, DEI stickers were very popular. Portable swag (small and travel-ready) is great for travelers.
Marketing: One guest suggested a Fedora merch store where community could purchase Fedora logo swag/stickets/items. Above all, proceeds ideally would funnel back to Fedora community where needed.
Cross: One Debian guest continues prefers Debian for consistency, but wouldn’t mind using Fedora if a consistent spin was available. Potentially opportunity for immutable education or Debian/Ubuntu/NixOS etc. to Fedora presentations.
Info: Another Debian guest wanted to know key differences between Debian and Fedora. Ultimately, potential opportunity for explainer or migrating presentation or Why Use Fedora vs. ________?
Usage: One mentioned they are a Rawhide user.
Info: One requested more information about NeuroFedora. In other words, clearer information about what it is and the status of that Special Interest Group (SIG). Explainer card might be helpful at the booth.
Usage: One guest enjoys QT packages with DX build.
Licensing/Booth Info: One guest wanted clearer definition of the licensing relationship and sponsorship between Fedora / RHEL, if any.
Fedora Activity Day: It might be advantageous for Fedora to identify an organizer for a Fedora Activity Day (or two). For example, possible topics include: Debian to Fedora, command-line, Gnome, KDE, Immutable, Ambassadoring, Why Use Fedora vs. X?, etc.
Other: Changes for CentOS and Red Hat were points of concern and confusion for some guests.
Comm: Connect with Universal Blue folks, Lutris, Nobaro (sp?). Bazzite quality badges
Booth: Engagement with community at the table, opportunity drawing seems to be a success. Let’s get people in the front door of Fedora…for SCaLE 22x, provide challenge or engaging gimmick.
Thank You/Derivative: Ultramarine user says thank you for Fedora.
Thank You/Support: Thank you for Data Transit (GTFS) support
Magic Wormhole and Fedora are great. Ultimately, we referred this guest to Matthew Miller.
One guest tracking 39 and 40 Beta packaging and kernel. Definitely, this visitor expressed interest in helping with general or immutable. Additionally, we referred this guest.
In conclusion, we look forward to seeing you at next year’s SCaLE!
Snaps from Fedora @ SCaLE 21x Linux Conference
Perry Rivera and Kevin Howell
Conference Center Conversation Flows. Photo by Carl George
Patrick Finie and Perry Rivera
An engaging kernels workshop by Neil Gompa, Shaun McCance, and Carl George. Photo by Carl George.
Ana Ma and Perry Rivera
Romy Meyerson@SuSe stops by to visit to say hello..
Rob McBryde, Jaime Burwood, Katherine Nnanwubar, Perry Rivera, and Brian Proffitt
Perry Rivera and Siggy
Perry Rivera and Marc Provitt from SCaLE 21x’s Game Night event.
Discussing SCaLE strategies. L to R: Scott Williams, Brian Monroe, Shaun McCance, and Carl George.
Perry Rivera and Bill Cheswick
Clockwise, L to R: Joshua Loscar, Shaun McCance, Brian Proffitt, Cali Dolfi, Perry Rivera, Alex Acosta, Carl George, and Joshua’s oldest son discussing SCaLE week highlights at Lunasia Dim Sum House…
So I’ve run into this issue in the past but I finally started looking into why Python is soo slow at running basic math operations in a long loop, for example, simple stream cipher operations. You’ll see lots of suggestions to use numpy instead, however, I didn’t find this to be the most helpful. Since I like writing/reading C, I remembered that Python has a built-in ctypes module which is very helpful and useful if you are in need of specialized and optimized code paths. You can pretty easily pass in integer and byte array pointers with little complexity!
Most people only showed sympathy and respect for my family at that time.
Colleagues in the Debian world started sending me insults, telling me
that I am not a real Debian Developer. It is no surprise that there
is a suicide cluster in this group
(
Debian suicide cluster meets criteria from Public Health England).
Therefore, it is important to look at who really is a Debian Developer.
Origins of the term Debian Developer
Looking at the very first archived copy of an email from
the debian-project mailing list in 1994, we
find that Debian co-authors are using the term
Debian Developer four years before there was a trademark. That is
four years before the Debian Project constitution. The term
Debian Developer is completely valid
for somebody who has done significant creative work over many
decades. In plain English, the term Debian Developer can mean
three things: somebody who possesses the skill of creating
Debian software, somebody who has an authorship interest in
the Debian software and thirdly, but lastly, somebody who is
a member of the clique. Copyright law does not require somebody
to be a member of the clique. I never joined the Debian Project
Unincorporated Association, I have always used the term
Debian Developer first and foremost to describe myself as an author with
moral rights in the creative work.
Legitimate interest: a very long history of voluntary contribution
Some of us started doing Debian as a hobby alongside other hobbies
such as amateur radio. One of the early Debian Project Leaders,
Bruce Perens, also notably came to Debian for amateur radio purposes.
I passed the amateur radio exam in 1993,
when I was 14 years of age.
My first years of voluntary activities in amateur radio and free software
were during a time when I was legally a child. I didn't receive any
payment for some of those activities. I offered my time on the basis
that I was gaining skills and helping real communities.
Around the same time, while I was still legally a child, I came to
appreciate the fact that there are some adults who exploit talented and
precocious youngsters by trying to direct the work that is being undertaken
and failing to disclose or share financial benefits.
The Debian Project constitution was originally published on
10 September 1998,
some time later.
The trademark was only registered later on 21 December 1999
Looking at the Scientologie.org UDRP verdict,
(
WIPO UDRP case D2000-0410)
the panelists
gave some weight to those possessing a copyright interest that predates
the registration of a trademark or a copyright interest arising from
a situation that intersects with the history of the trademark.
The spirit of the Scientologie.org UDRP verdict can
be extracted in good faith to questions like who can use the term
Debian Developer.
Legitimate interests: the promise of recognition
The misfits behind the WIPO insults do not pay the rest of us anything
for our collaboration in creating the Debian software.
They told us that the only thing we get in return for our creations
is the recognition.
Using the term Debian Developer is interchangeable with
recognition for our skills and recognition of our status as voluntary,
un-paid joint authors
who are not compensated in any manner other than recognition.
They are now using the debian.org web site and the trademark
to give people negative recognition. This is like bouncing a cheque.
In the circumstances, it seems entirely appropriate for me to follow
through on the promise of recognizing people. The misfits have provided
a list of the domains along with the dates that each domain name was
registered. On the list, the name debian.plus is the first
name registered. debian.plus was registered for the purpose
of delivering on the promise of positive recognition to the
authors and our work.
Debian promises recognition, I take the following quote from
the latest Debian law suit where they admit using the promise of recognition
to lure people into working for free:
64. ... un des avantages importants de travailler pour la communauté Debian est la valeur de sa réputation dans le domaine, à la fois professionellement et dans la communauté. ...
The motivations of the authors also are varied, but the coin that they get paid in is often recognition, acclaim in the peer group, or experience that can be traded in in the work place
you are recognized for your contributions ... Did you ever have a boss who takes credit for your work? Not in Debian.
In short, there is a big emphasis on working for recognition instead of a salary. They gave us the promise of recognition and that gives rise to a legitimate interest in using the trademark in domain names for web sites about our work.
Moreover, it means once we gain the status of Debian Developer in the
sense of being a joint author, as the term has been used since at least 1994,
they can't bounce the cheque and extinguish
our copyright / recognition / status as these things are interchangeable.
Bad faith: not every co-author wants to be a member of something too
In a number of jurisdictions, we have seen people establishing
associations, some of them legally incorporated, some of them unincorporated,
where they now use the term Debian Developer interchangeably
with the status of a member rather than the status of an author.
Over the years, people have regularly protested against this practice
of conflating authorship and membership.
In 2005, some Debian Developers in the UK created the
Debian UK Society. They published a
proposed constitution / articles of incorporation suggesting
that every Debian Developer in the UK would become
a member of the Society unless they opt-out.
Some authors felt this was a forced membership, similar to forced
membership of a trade union.
The Debian UK Society (DUS) asserted
automatic membership of debian developers (much like that sometimes
suggested for SPI and rejected every time) and some of its members
insulted and lied about me instead of fixing that bug.
Credit to them for fixing it eventually.
Steve McIntyre: Membership of the society consists of the set of registered Debian developers resident in the UK, bar those who have deliberately opted out.
Why would you force authors to downgrade their rights from their status
under copyright law to a lower status as described in the
Debian UK Society constitution?
Under copyright law, joint authors can't expel each other
Under the constitutions of these associations, they purport that
authorship and membership can be simultaneously extinguished on the
whims of the leader of the day.
Some of us never joined any of these associations yet they claim,
in bad faith, that they have the power to "expel" us.
The status of Debian Developer is independent of membership status
Nonetheless, when we examine the words from Steve McIntyre above, we
can see that the status of being a Debian Developer
(co-author or joint author) is something distinct
from being a member.
The distinction is therefore clear to those who created those periphery
associations around the copyrighted work.
Who has a copyright interest in the Debian GNU/Linux?
Version 1.9.16 of sudo will feature a new option for logging: json_compact. Why is this important? This new format can easily be read and parsed by a log management software, like syslog-ng.
Note that in this blog I am showing you a sudo feature which has not yet been released officially. You have to compile sudo yourself. By all means, if you have any other application writing JSON-formatted log messages, you can apply most of what you read here with slight modifications.
Before you begin
You need JSON-formatted log messages. This blog is about working with the json_compact logs from sudo. You need version 1.9.16 or later for this, or you can also compile sudo yourself from git sources. It is described in my latest sudo blog at https://www.sudo.ws/posts/2024/04/when-it-comes-to-sudo-logging-pretty-is-not-always-better/ .
Naturally, you can also use any other JSON-formatted logs, as long as each message takes a single line.
Configuring sudo
You can enable the new json_compact logging format in sudo for log files (JSON formatting for syslog always uses a variant of the compact format) by adding these two lines to your sudoers file using visudo:
Certainly, the name of the file could be anything. I use my initials in file names to make sure they are unique and do not collide with existing names on the system.
Once you have saved the sudoers file, you should test sudo. Run something using sudo and check the content of the file you just specified in the sudoers file. Instead ofreadable, multi-line messages, you should see single-line JSON-formatted messages like this:
This is not easy to read. However, syslog-ng and most other log management software can read single-line log messages out of the box. You just have to point them at the file name.
Configuring and testing syslog-ng
Here is my initial syslog-ng configuration: append it to syslog-ng.conf or create a new configuration snippet under /etc/syslog-ng/conf.d/ with a .conf extension.
This configuration does not do much. It reads the JSON-formatted file line by line. The no-parse flag means that syslog-ng does not parse the message as an RFC3164-formatted syslog message, as it is normally done by default. Instead, syslog-ng uses a JSON parser to turn the message into name-value pairs.I usually use JSON formatting to save name-value pairs into a text file, but as the initial format is JSON, I use WELF formatting here.
If you take a look at that file, you should see similar messages to these:
Even if you do not need logs in this format in the long run, this step is useful in multiple ways. First of all, you can see that message parsing works. You can also see all (well, most) of the name-value pairs created by syslog-ng from the log message. You can use this log file while refining the syslog-ng configuration and delete / comment it out from the configuration later.
Here is a bit more fun of configuration, building on the previous one. This one adds two more destinations:
source s_sudojson {
file("/var/log/czpsudo2" flags(no-parse));
};
parser p_json {
json-parser();
};
destination d_sudo {
file("/var/log/sudowelf"
template("$(format-welf --scope nv_pairs --exclude MESSAGE --exclude accept.submitenv)\n\n")
);
file("/var/log/sudofreetext"template("${DATE} user ${accept.submituser} ran ${accept.command} on host ${HOST} using sudo\n"));
};
log {
source(s_sudojson);
parser(p_json);
destination(d_sudo);
if (match("root" value("accept.submituser"))) {destination { file("/var/log/sudoroot" template("Oops, why did root use sudo to run ${accept.command}\n")); };};
};
The file sudofreetext uses name-value pairs parsed by syslog-ng from the JSON-formatted logs to create new log messages.
The other log file is only written to if user root executes a command using sudo. Of course, there can also be some legitimate uses, but I just come across the user becoming root way too often while still using sudo to run commands. Copy & paste from blogs and documentation :-)
The log files will look something similar to these:
leap154b:/var/log # cat sudofreetext
Apr 10 12:38:49 user czanik ran /usr/bin/ls on host leap154b using sudo
Apr 10 12:38:54 user root ran /usr/bin/ls on host leap154b using sudo
leap154b:/var/log # cat sudoroot
Oops, why did root use sudo to run /usr/bin/ls
What is next?
From this blog, you could learn how to work with JSON-formatted log files. The sample configurations showed you how to get started when developing a configuration. I hope I was not the only one having fun while working with these configurations. Surely, in a production environment, you will use different message formats or use other name-value pairs. However, you can use the examples with minor modifications to achieve those.
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.
Aprovecharé para enseñar alguna de las últimas cosas en las que trabajo en el proyecto SMALL GLAM SLAM Pilot 1 con el que estamos preparando la infraestructura digital del futuro centro de documentación digital de LaOficina.
El taller tendrá lugar el 18 de abril por la tarde en la biblioteca María Moliner y la entrada es libre.
There have been many opportunities for them to communicate with me
like a human being. They talk about Debian being a
"family" but
they pack together like gang rapists to pick off developers one
at a time and attack us.
They are bypassing any normal human communication because they
want to cause the maximum amount of stress. They want
WIPO to publish the name of my family in a negative context more than
they want any of those domains.
In such circumstances, they prove they are committing the act of
harassment under UDRP rule 15(e)
Chamando todos os cientistas de dados, sobretudo os que lidam com séries temporais, como eu, para ver um experimento.
Mediram a frequência cardíaca de Yuja Wang, a pianista erudita mais badalada do momento — e a mais gata também — enquanto executava uma façanha sem precedentes: tocar todos os 5 concertos de piano de Rachamninoff em uma única apresentação de mais de 4 horas de duração. Mediram também a frequência cardíaca do regente Yannick Nézet-Séguin, de alguns músicos da orquestra, e também de ouvintes na platéia, no Carnegie Hall de Nova York, em 28 de janeiro de 2023.
Entrevistas, explicações e análises de dados podem ser vistas no vídeo do Carnegie Hall. Algumas revelações dos dados coletados são óbvias: devido ao esforço físico, o coração de Yuja dispara conforme a densidade da partitura aumenta. Mas outras constatações são também muito interessantes, como o sincronismo cardíaco — ou emocional — entre a pianista, público e músicos.
Um experimento multi-disciplinar absolutamente lindo, inédito e necessário.
In the UDRP dispute over WeMakeFedora.org,
the legal panel found
that communications from IBM Red Hat had authorized
use of the domain name and therefore, IBM Red Hat themselves were acting
in bad faith by trying to retrospectively launch a dispute.
The authorizations published on the debian.org web site
are even more unambiguous, unconditional and explicit than the
authorizations that IBM Red Hat gave to the owner of WeMakeFedora.org.
Therefore, Software in the Public Interest, Inc has no right to
complain about third party web sites that "look like" debian.org.
Using the standards set by the WeMakeFedora.org verdict,
we can say clearly that Software in the Public Interest, Inc is
acting in bad faith when it complains about similar web sites.
We don't even need to pay a legal panel to tell us that because
the hypocrisy has a certain smell about it. Debian is rotting from the
inside.
It is important to think about the consequences for the volunteers
running independent web sites. Many of us do this without payment.
We do this as a hobby. Dealing with harassment from lawyers creates
stress and takes time away from our families. If a WIPO panel was
to make a declaration of bad faith about us simply because we don't
know how to write an adequate response and can't afford a lawyer then
the rogue WIPO verdict could have negative consequences for our
employment, ability to borrow money and ability to obtain or renew
essential insurance policies for our homes and our trade.
When you think about all those potentially negative consequenes for
us as volunteers, it is really wrong for SPI to seek such consequences
despite the fact they authorized use of the logo and theme.
That is why it is so important for the legal panel to make a verdict
of bad faith against SPI themselves.
Legitimate interest: redistribution of the Debian software is
explicitly authorized
With this authorization, any person who obtains a copy of the
software is entitled to redistribute it.
The DebianGNULinux.org
domain name was registered to do exactly that, to redistribute
copies of the Debian software. This activity has been authorized.
Remarkably, in one of their claims submitted to another tribunal,
the misfits explicitly describe a web site redistributing Debian
as an outrageous crime, despite the fact the DFSG and the license
statement referred to earlier explicitly authorize redistribution of
genuine copies of Debian GNU/Linux.
Such a flagrant violation of the principles in the DFSG appears
to be bad faith on the part of the complainant.
Legitimate interest: use of the logo is authorized
The page describes two versions of the logo, the open logo
and the restricted use logo.
The page gives a free-for-all license to use the open logo.
The logo I am using on pages about my Debian work is the open logo.
Here is the text of the authorization from the trademark holder:
The Debian Open Use Logo comes in two flavors, with and without “Debian” label.
The Debian Open Use Logo(s) are Copyright (c) 1999 Software in the Public Interest, Inc., and are released under the terms of the GNU Lesser General Public License, version 3 or any later version, or, at your option, of the Creative Commons Attribution-ShareAlike 3.0 Unported License.
Legitimate interest: use of Debian-themed web page style
The Debian web page style is used extensively on third party web sites
run by individual co-authors and volunteers.
At the bottom of every page on the main
www.debian.org
web site there is a link to a dedicated page about the licenses
(authorization) to re-use the theme and content of www.debian.org.
Since 25 January 2012, the new material can be redistributed and/or modified under the terms of the MIT (Expat) License or, at your option, of the GNU General Public License; either version 2 of the License, or (at your option) any later version (the latest version is usually available at https://www.gnu.org/licenses/gpl.html).
Work is in progress to make the older material compliant with the above licenses. Until then, please refer to the following terms of the Open Publication License.
This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, Draft v1.0 or later (you can read our local copy, the latest version is usually available at http://www.opencontent.org/openpub/).
“Debian” and the Debian Logo are trademarks of Software in the Public Interest, Inc.
The complainant publishes the source code for the web site theme.
This makes it easy for anybody empowered by the above license to download
the theme and use it when creating their own site.
At the bottom of every page on Debian.org, they promote
the source code for the web site with a link text
"Web site source code is available".
Bad faith: complainant reneges on existing authorizations
As noted in the statements on legitimate interest, the
complainant has clearly authorized many of the things they complained
about.
The Debian Social Contract, which states "We will not hide problems",
authorizes discussion of controversial technical, social and ethical
topics. In fact, it is more than an authorization, it encourages
such discussions and publications. Therefore, their complaining
about what is published on these web sites is itself an act of bad faith.
They authorized use of the logo, as discussed, so their complaining
about use of the logo is itself bad faith.
They put the web site theme and content under the open source licenses,
as discussed above, so their complaining about sites with a similar
appearance is itself bad faith.
Overall, for their claim of bad faith to supercede these authorizations,
they would have to demonstrate some extraordinary acts of wrongdoing,
for example, to show that a web site was using the trademark, domain
name and logo to distribute a virus. They provide no evidence of
such wrongdoing.
Legal panels looking at the disputes have so far refused to make
any finding about who owns a copyright interest in Debian.
Precedents in the UDRP have determined that any joint author has
a legitimate interest in using the Debian name as part of a domain name.
The example that people have been discussing is the Scientologie.org
dispute
(
WIPO UDRP case D2000-0410).
Copyright is important because it gives rise to legitimate interests
of the co-authors who want to register their own Debian domain names.
Co-authors of a work are
equal. Notions of exclusive memberships, expulsions and
demotions violate the principle of being equal.
The implication of this statement is clear: the Scientologie.org
precedent for a single entity having a copyright interest can be relied
upon by any equal co-author of a work. The precedent is not only
applicable to cases with a single author and doesn't require all
authors to be in agreement (or Debian groupthink) with each other.
In the most recent Debian UDRP vendetta, the legal panel wrote:
The Panel confirms that this finding does not imply
that it has taken any view of the ownership of copyright in DEBIAN
software. Indeed, it is unable to do so on the evidence before it.
Here I try to fill that gap and provide evidence about Debian GNU/Linux
copyright, including my own copyright interest.
Debian Developers are asserting that:
Debian GNU/Linux is a Collective Work, which has a special meaning in copyright law
The aforementioned Collective Work is created not by a single author but by Joint Authors
Debian GNU/Linux copyright is based on the US law and may be influenced by the laws of other countries where various Debian Developers and Debian Project Leaders have resided over the years
What a WIPO legal panel told us about Debian GNU/Linux copyright
This analysis has been conducted by long time Debian Developer Daniel
Pocock.
Various people have been holding up copies of one of the UDRP vendetta
verdicts. Therefore, they are clearly aware of the references to the original
Scientologie.org verdict and the logic in that verdict
(
WIPO UDRP case D2000-0410).
The two lines quoted above from the 2022 panel are significant and as the misfits have
submitted this document in support of their demands again in 2024, with
the help of legal counsel, we are surprised they have not tried to answer
that question
proactively. It appears that they don't care too much about documenting
and protecting the exclusive economic rights of a copyright owner or
the moral rights of an author.
On the distinction between the exclusive economic rights of a copyright
owner, I note that none of us Debian Developers, being the co-authors
of Debian, have ever been asked to assign our rights to any third-party
copyright owner. The misfits have not submitted any evidence purporting
to prove that such an assignment did take place. Therefore, there is no
copyright owner having exclusive economic rights over the Debian software.
By default, the rights rest with the authors who did the work. Despite
having clearly
read the panel's comments, the misfits have not submitted any evidence
claiming that any such party exists with exclusive economic rights
as a copyright owner of the Debian software.
Where is the real Debian license statement?
Oddly enough, Debian documents and files in a Debian system refer
to the licenses of the individual packages being distributed. It
was hard to find an actual example of a copyright statement or
license for Debian itself as a collective work.
The
Debian Project constitution of 1998, referred to above,
encourages Software in the Public Interest, Inc to register a
trademark. It says nothing about copyright in the existing body of
work.
Here are the words from the original constitution:
Since Debian has no authority to hold money or property, any donations for the Debian Project must be made to SPI, which manages such affairs.
SPI have made the following undertakings:
1. SPI will hold money, trademarks and other tangible and intangible property and manage other affairs for purposes related to Debian.
So people can donate intangible property like copyright to SPI if they make a personal decision to do so. The constitution did not oblige us to make such donations/assignments.
This situation is well known in open source software development.
Some companies ask their contributors to sign a Contributor License Agreement
or an assignment granting all their rights to a central entity with
exclusive copyright.
Such an assignment can't take place through a majority vote, such an
assignment or transfer of rights to a single entity would require
the unanimous consent of every single author who ever contributed
to Debian. In the case of those authors who are deceased, we would
need to obtain consent from their estates.
Continuing the search for a Debian license,
on the ISO installation media, I found the file
isolinux/f10.txt which contains the very brief text:
COPYRIGHTS AND WARRANTIES
Debian GNU/Linux is Copyright (C) 1993-2016 Software in the Public Interest,
and others.
The Debian GNU/Linux system is freely redistributable. After installation,
the exact distribution terms for each package are described in the
corresponding file /usr/share/doc/<packagename>/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
It asserts that copyright is owned by Software in the Public Interest,
and others. Most of us are individual private volunteers and we
have never personally chosen to grant or assign our copyright interest
to Software in the Public Interest. I became curious about who put
this statement into the ISO image.
Debian is a collective work under the above US copyright law.
The work was initiated in 1993 by Ian Murdock in the United States.
In a Collective work (US), the authors (or co-authors) are selecting works
from third parties and arranging them into the final product, Debian,
a collective work. The decision making process that involves selecting
third party works and the decision making process that involves
arranging the third party works gives rise to the moral rights
of authorship in the Debian collective work.
The “authorship” in a collective work comes from the original selection, coordination, and arrangement of the independent works included in the collective work.
In the Debian world, the independent works are referred to as "upstream" source code. The authors of independent works are referred to as "upstream authors" or just "upstream".
The Debian maintainer guide describes the process of jointly selecting the independent works for inclusion in Debian. In particular, co-authors are required to create a public "Intent To Package" (ITP) report in the bug tracking system (BTS) so that other co-authors can discuss the merits of the selection decision. The requirement to engage in a shared discussion for every selection decision gives rise to joint authorship rights.
Moreover, the person who creates the package importing the independent work into Debian is required to create a manifest describing the inclusion of the independent upstream work. This manifest is the debian/control file. The Debian Policy Manual provides a list of fields in the debian/control files.
Some of these fields are dedicated to the coordination and the arrangement of the independent works within a Debian system.
Coordination of the independent contributions: the package dependency fields describe the relationships between packages that have to be installed together or which conflict with each other. In many cases, when a library package is a dependency for other packages, we have to ensure that the version of the library package in Debian is compatible with the dependent packages. We have a formal process of coordination in this case, the Transition process. Populating the dependency fields in the debian/control file and participating in a Transition process, either as the producer or the consumer of a dependency, are examples of coordination of the independent works from upstream authors.
Here are some examples where I personally engaged in these actions:
The fields Section and Priority impact the arrangement of the contributions from the perspective of the user. The person completing the values in these fields is engaged in the process of arrangement of the contributions in a collective work.
Therefore, the development of Debian includes features of
both a collective work and a work of joint authorship at the same time.
Moreover, due to processes such as library transitions, NMU and our
system of voting on certain decisions, any co-author may influence the
way that other co-authors are integrating the independent upstream works
into Debian. This cross-pollination of ideas and effort is a well known
feature of Debian. In other Linux distributions, the developers are
a little bit more siloed from each other.
Every two years, an official stable release of the Debian software
is released to the public. This process of releasing involves
declaring a version number that corresponds to a particular subset
of the contributions that are in a working state at the time of the
release. Even if a Debian Developer's contributions are obstructed
from inclusion in future releases, or if a Debian Developer commits suicide,
their work is still present in all the past releases that have been
published.
My own contributions are included in a number of these Debian releases
over the years.
This
report finds my name in changelogs and copyright files.
There are 21 pages of results.
Shooting themselves in the foot
To declare that the Debian Developers do not have authorship
rights at all would be incredibly de-motivating.
Future volunteers may be deterred from contributing their
intellectual property and their time.
Bad faith: the complainant is gaslighting about authorship and membership
The complainant appears to pivot back and forth between concepts from
copyright law and from the law of associations.
Consider the case when somebody begins contributing to Debian.
There is no such thing as a "New member" process. Rather, it has
historically been called the "New maintainer" process. We can see that
clearly in the
name of the
debian-newmaint mailing list.
The word "maintainer" primarily implies somebody is doing creative work to
select, coordinate and arrange more independent works into Debian.
Then we have the guide for the
New Member process, which was previously known as the New
Maintainer process. In step 3, explained in that page, the new contributors
are asked to agree to the Debian Social Contract,
the Debian Free Software Guidelines and the
Debian Machine Usage Policy. The former is ultimately about our relation
as authors, not as members and the terms under which we license our
work to the rest of the world.
The new maintainer/member guide doesn't ask people to ratify
their adherence to the constitution. The notion of joining an association,
whether it is incorporated or not, is inseparable from consenting to
be governed by and uphold the association's constitution. The
only people who ever ratified the constitution were
86 co-authors
in 1998 (23% of the developers at that time) who wanted to have
a constitution.
Somebody who did not ask to be a member can't be expelled.
Somebody who is not an employee can't be demoted or sacked.
Yet we have seen some of the leadership figures insist on having
these powers over a
series of victims. The title Debian Project Leader
implies just that: to lead, not to give orders.
The insinuation that concepts of expulsions and demotions can
be applied to co-authors is an example of gaslighting.
Copyright law is very clear: co-authors of a work are
equal. Notions of expulsions and demotions violate
the principle of being equal.
The fact that they are knowingly and deliberately trying to obfuscate
our moral rights as co-authors, giving us nothing in exchange
for the status they are taking away, is an aggravating factor
that justifies the finding of harassment and bad faith against
the complainant.
Bad faith: use of an administrative process to extinguish the moral rights and recognition of co authors
The paper notes that the Nazis used administrative law to
frustrate the rights of authors, just as misfits are using a WIPO
administrative process to harass and intimidate a Debian co-author.
Quoting the journal article:
Despite the fact that written IP legislation in Nazi Germany
did not include specific exclusions for Jewish applicants and authors,
in practice, they were excluded by administrative measures alone
rather than legal ordinances.
The misfits frequently use the same language, the word "exclude" comes
up again and again. Harassment, UDRP rule 15(e)
The scientologie.org UDRP verdict makes reference to the
promotion of an author's work.
This point was also emphasized by the legal panel considering
previous Debian disputes. The panel wrote:
Unlike the circumstances in Religious Technology Center
v. Freie Zone E. V, supra the Respondent in the present case is not using
the disputed domain name to disseminate information about its
copyright work.
All the web sites that have been started using these domains
involve the promotion of my creative work in a Debian context.
Several of the domain names have been chosen in
recognition to my own work in specific areas of Debian. For example,
the domains debian.chat,
debian.finance and
debian.video have already been
started with information about my work on software relating to
financial software, chat software and video software, as well as
videos about my work.
Josh and Kurt talk about a Notepad++ fake website. It’s possibly not illegal, but it’s certainly ethically wrong. We also end up discussing why it seems like all these weird and wild things keep happening. It’s probably due to the massive size of open source (and everything) now. Things have gotten gigantic and we didn’t really notice.
First, you of course need a video to test. On a modern desktop computer, you want a 4k 60fps video or better to have something that pushes your CPU to the limits so you know when it doesn’t work. Of course, the recommendation has to be Big Buck Bunny at the highest of qualities – be aware that the most excellent 4000×2250 @ 60fps encoding is 850MB. On my Intel TigerLake, that occasionally drops frames when I play that with software decoding, and I can definitely hear the fan turn on.
When selecting a video file, keep in mind that the format matters.
Second, you need hardware decoding. That is provided by libva and can be queried using the vainfo tool (which comes in the `libva-utils` package in Fedora). If that prints a long list of formats (it’s about 40 for me), you’re good. If it doesn’t, you’ll need to go hunt for the drivers – due to the patent madness surrounding video formats that may be more complicated than you wish. For example, on my Intel laptop on Fedora, I need the intel-media-driver package which is hidden in the nonfree RPMFusion repository.
If you look at the list from vainfo, the format names give some hints – usually VP9 and MPEG2 exist. H264 and HEVC aka H265 are the patent madness, and recent GPUs can sometimes do AV1. The Big Buck Bunny video from above is H264, so if you’re following along, make sure that works.
Now you need a working video player. I’ll be using gtk4-demo (which is in the gtk4-devel-tools package, but you already have that installed of course) and its video player example because I know it works there. A shoutout goes out to livi which was the first non-demo video player to have a release that supports graphics offloading. You need GTK 4.14 and GStreamer 1.24 for this to work. At the time of writing, this is only available in Fedora rawhide, but hopefully Fedora 40 will gain the packages soon.
If you installed new packages above, now is a good time to check if GStreamer picked up all the hardware decoders. gst-inspect-1.0 va will list all the elements with libva support. If it didn’t pick up decoders for all the formats it should have (there should be a vah264dec listed for H264 if you want to decode the video above), then the easiest way to get them is to delete GStreamer’s registry cache in ~/.cache/gstreamer-1.0.
If you want to make sure GStreamer does the right thing, you can run the video player with GST_DEBUG=GST_ELEMENT_FACTORY:4. It will print out debug messages about all the elements it is creating for playback. If that includes a line for an element from the previous list (like `vah264dec` in our example) things are working. If it picks something else (like `avdec_h264` or `openh264dec`) then they are not.
Finally you need a compositor that supports YUV formats. Most compositors do – gnome-shell does since version 45 for example – but checking can’t hurt: If wayland-info (in the wayland-utils package in Fedora) lists the NV12 format, you’re good.
And now everything works.
If you have a 2nd monitor you can marvel at what goes on behind the scenes by running the video player with GDK_DEBUG=dmabuf,offload and GTK will tell you what it does for every frame, and you can see it dynamically switching between offloading or not as you fullscreen (or not), click on the controls (or not) and so on. Or you could have used it previously to see why things didn’t work.
You can also look at the top and gputop variant of your choice and you will see that the video player takes a bit of CPU to drive the video decoding engine and inform the compositor about new frames and the compositor takes a bit of CPU telling the 3D engine to composite things and send them to the monitor. With the video above it’s around 10% on my laptop for the CPU usage each and about 20% GPU usage.
And before anyone starts complaining that this is way too complicated: If you read carefully, all of this should work out of the box in the near future. This post just lists the tools to troubleshoot what went wrong while developing a fast video player.
The latest WIPO censorship documents specify a jurisdiction for the
domain registrar
but the content on the web sites needs to be viewed through the
perspective of different jurisdictions and cultural conventions.
The Debian co-authors today come from a
range of different countries
each having their own legal and cultural expectations about matters such
as copyright, privacy and abuse.
There is a widespread understanding that the free, open source
software community values freedom of expression in the sense of the
first amendment to the US constitution / US Bill of Rights.
When people look at the
Debian Social Contract, which includes the
clause (3) We will not hide problems, there is an expectation that
we have all agreed to collaborate under an American regime of transparency
and free speech about organizational issues.
The role of Debian Project Leader has been performed by people from a
range of different countries where norms differ from one country to the
next. For example, Chris Lamb, who started the current vendetta in 2018,
is from the UK. It has been quite normal for the British press to
publish information about the former Mayor of London trying to help
girlfriends get jobs in the public service. Asking similar questions
about women who won internships in proximity to Chris Lamb feels entirely
compatible with the convention followed in British society.
In other European countries, such as Germany and Switzerland,
there seems to be far more emphasis on protecting the reputations
of those who are party to such affairs such that the whole affair
is often hidden from view. There is a perception that people from
these countries want to have their cake and eat it too. They
demand privacy for themselves but they still lurk on the
debian-private mailing list and chat channels spreading rumors
about the rest of us. They want to download and use the software without
paying for it and they don't even respect the principles of the developers.
The FSFE is even using a name derived from the American FSF, it
is feels like
a case of identity theft,
but at the same time they are snubbing freedom of expression.
Content that appears to be inconvenient for an entirely
German online community is quite valid in an online community claiming to
adhere to an American style of discourse.
The work we do as open source software developers intersects
with many other aspects of our lives.
For example, when we participate in other voluntary groups in
the real world, we often help them with their technology requirements.
The solutions we provide often involve Debian and other free software
products. When misfits start spreading rumors from Debian into social media
networks, this is harmful to other groups where we participate and
at the same time, it is harmful to our own personal lives,
the places where we go to socialize away from our computers,
the places where we go to exercize and so on.
This intrusion on multiple aspects of our lives, both professional
and personal, is not by accident, it has become a deliberate intention
of the rogue leadership figures who engage in publicly
humiliating volunteers.
Therefore, given the impact that public denouncing us has on our
lives, it is harassment and it violates UDRP rule 15(e)
The paper notes that the Nazis used administrative law to
frustrate the rights of authors, just as misfits are using a WIPO
administrative process to harass and intimidate a Debian co-author.
Quoting the journal article:
Despite the fact that written IP legislation in Nazi Germany
did not include specific exclusions for Jewish applicants and authors,
in practice, they were excluded by administrative measures alone
rather than legal ordinances.
The misfits frequently use the same language, the word "exclude" comes
up again and again. Harassment, UDRP rule 15(e)
RPMs of PHP version 8.3.6 are available in the remi-modular repository for Fedora ≥ 38 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...) and in the remi-php83 repository for EL 7.
RPMs of PHP version 8.2.18 are available in the remi-modular repository for Fedora ≥ 38 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...) and in the remi-php82 repository for EL 7.
RPMs of PHP version 8.1.28 are available in the remi-modular repository for Fedora ≥ 38 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...) and in the remi-php81 repository for EL 7.
The Fedora 39, 40, EL-8 and EL-9 packages (modules and SCL) are available for x86_64 and aarch64.
We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.
Week: 08 April – 12 April 2024
Infrastructure & Release Engineering
The purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work. It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.). List of planned/in-progress issues
Fedora Infra
In progress:
Adding template to handle monitoring of external hosts to zabbix
Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS, Scientific Linux (SL) and Oracle Linux (OL).
This is the 119th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
NEWS
Collecting One Identity Cloud PAM Essentials logs using syslog-ng
One Identity Cloud PAM Essentials is the latest security product by One Identity. It provides asset management as well as secure and monitored remote access for One Identity Cloud users to hosts on their local network. I had a chance to test PAM Essentials while still in development. While there, I also integrated it with syslog-ng.
From this blog, you can learn what PAM Essentials is, and how you can collect its logs using syslog-ng. My next blog will show you how to work with the collected log messages and create alerts when somebody connects to a host on your local network using PAM Essentials.
Dedicated Windows XML eventlog parser in syslog-ng
Version 4.6 of syslog-ng introduced windows-eventlog-xml-parser(), a dedicated parser for XML-formatted event logs from Windows. It makes the EventData portion of log messages more useful, as it combines two arrays into a list of name-value pairs.
Most log messages fit on a single line. However, Windows and some developer tools and services, like Tomcat, write multi-line log messages. These can come in various formats. For example, new log messages start with a date in a specific format. You use the multi-line-prefix() of the syslog-ng file() source to send multi-line messages as single messages instead of line by line.
I must admit that I have never seen multi-line logs in production. I am not a developer, do not run Tomcat or Windows. However, recently I tested a software on Windows, which produced multi-line log messages.
Há mais de 10 anos, por todas as últimas empresas que passei — umas 3 ou 4 — MacBook é o laptop padrão que profissionais high-tech usam.
E hoje em dia estranham quando só lhes deixam usar Windows. Mas não falam abertamente sobre isso por incorretamente acharem que é um assunto banal. Só que não é. Da perspectiva de RH e de ambiente de trabalho, no mínimo para o setor high-tech, equipamento de alta qualidade, moderno e adequado é ponto positivo de atração e retenção de talentos.
MacBook é equipamento indiscutivelmente melhor do que um laptop médio baseado em Windows.
A tela de alta densidade (conhecida como Retina) é mais confortável aos olhos e faz caber mais informação.
O equipamento é mais coeso, mais fino e mais leve para se carregar na mochila.
A bateria dura muitas horas mais, parece que nunca acaba.
O laptop esquenta menos por ter CPU mais eficiente e mais moderna que a de um laptop projetado para Windows.
O teclado é melhor, permite mais possibilidades de escrita, correção e substituição de texto, e tem melhor suporte a Unicode.
O trackpad é maior, mais ergonômico e tem mais funções.
A qualidade da câmera, microfone, alto-falantes é a melhor possível.
E o sistema operacional, baseado em Posix (Unix), é ambiente mais familiar para trabalhos tipicamente high-tech, por ser similar a ambientes de produção.
Repare que não entrei no mérito de segurança, facilidade de uso e nem boniteza do macOS. Isso é bem menos relevante para este contexto. E convenhamos que o Microsoft Windows não deixa a desejar, é igualmente bom em todos estes quesitos. A preferência por MacBook continua girando em torno do hardware, não do software.
O conjunto citado e mais muitos outros pequenos detalhes faz do MacBook a plataforma preferida por profissionais high-tech, e outros também, que passam muitas horas do dia na frente de um computador.
É por isso que quem experimenta dificilmente volta atrás para hardware mediano baseado em Windows.
MacBook é equipamento mais caro?
Se você procurar no mercado de laptops Windows as linhas com as mesmas características de tela, ergonomia, leveza, bateria, teclado etc, vai perceber que os equipamentos serão mais caros ainda do que um MacBook equivalente. Como referência, as linhas de alta qualidade de outros fabricantes são XPS da Dell, Spectre ou Envy da HP, X1 da Lenovo.
O mercado de laptops Windows, por ser mais competitivo, inova no palavreado para vender refugo. Digo isso porque já fiz essa pesquisa e terminei frustrado. Eu considero refugo as linhas de laptops inferiores das citadas acima, por usarem componentes físicos obsoletos e de menor qualidade.
Apesar de “ser mais caro”, a empresa opta ter escritório na Av. Paulista, ao invés de Alphaville.
Apesar de “ser mais caro”, a empresa prefere instalar ar-condicionado, ao invés de ventiladores ou de manter janelas abertas.
Pois então, optar por oferecer um laptop melhor aos funcionários que valorizam alta qualidade técnica é o mesmo tipo de escolha.
Então não é uma questão monetária e sim de usar características mínimas para os padrões de hoje em dia.
Some of my fellow Debian Developers (co-authors) started harassing
my family and I back in 2018 at a time when I lost two family members.
This blog has been written under duress. Normally the best thing to
do with bullies is to ignore them but they are blackmailing me with the
threat that WIPO will publish some insults denouncing me,
destroying my life and trying to push me into the
Debian suicide cluster.
Trigger warning
The Debian online community makes malicious references
to harassment and abuse, deliberately conflating different meanings of
these words to sully the reputations of independent volunteers. Victims
and witnesses to real harassment and abuse may be triggered
by exposure to these word games in the Debian online community.
Background
The misfits have now used Software in the Public Interest, Inc,
an organization that I have no relationship with, to transmit insults
through WIPO.
Some people may think that after more than three decades that I
have been doing voluntary work in ham radio and free, open source software,
this must be some kind of April Fool's Day joke. Sadly it is not.
The case says a lot about the toxic culture of these small-minded
people who are using the trademark to cling onto the coat-tails of
Debian's founders.
It is glaring at us in the list of domains in dispute. While these
misfits spend all their time slinking around in chat channels
jealously sneering at the real developers, I was the only one engaged
in creative thought registering some of the most exciting Debian-inspired
domain names. To prove the point, here is the list of domain names now
in dispute. Given all the effort they put into the debian.community
vendettas, why did none of the misfits spare a minute to think of any of
these names and register them first?
The list of domains is startling but at the same time, it captures
all the most contentious political issues in Debian today.
I feel that I have done the real community a huge service by thinking
ahead and registering these domains before they could fall into the
hands of cybersquatters.
Criminal proceedings in progress
There are now a range of criminal proceedings in progress regarding
the harassment of my family and I.
The outgoing Debian Project Leader has used his final email
newsletter to distribute defamation about police involvement.
This demonstrates the real motive of the WIPO insults is to use
all forms of proceedings concurrently, with as much noise about it as
possible, to cause the maximum stress and psychological harm to victims
such as my family and I and other independent volunteers.
The current harassment through the WIPO process is a violation of
UDRP Rules 15(e) regarding the harassment of the
domain name holder.
The outcome of criminal proceedings may help to test the
evidence submitted by the parties, to fill the deliberate gaps
in the evidence and to give some indication of the real source of
bad faith and previous patterns of harassment against my family and I.
I believe the panel should suspend the current procedure and
wait for the parties to provide details of the criminal proceedings
to the panel.
1.
Expresses respect for all victims of totalitarian and undemocratic regimes in Europe and pays tribute to those who fought against tyranny and oppression;
In point 4, the European Parliament asserts that
constant vigilance is needed to fight undemocratic, xenophobic,
authoritarian and totalitarian ideas and tendencies. Inspired by
this bi-partisan resolution from the European Parliament, I created the
web site Nazi.Compare and started publishing
examples of poor behavior by the vigilantes in free, open source
software communities.
Moreover, 2 April is Carla's birthday. The manner in which rogue
Debianists and toxic people at WIPO demand that I shift my focus to their petty
concerns is another prime example of the way that Debian fascism
(Debianism) is imposing on our families and personal lives.
Carla was born in Chile on the very day that Argentina launched their
doomed invasion of
Las Islas Malvinas / Falkland Islands. Carla's country, Chile,
who share a 4000km land border with Argentina, sided with the British
and allowed British forces to operate from Chilean territory.
Margarita Manterola (marga), who is Argentinian,
banned Carla from food at DebConf, despite the fact that Marga
has attended numerous DebConfs with her husband. Just another example
of how these two-faced people behave.
WIPO, Modern Slavery and Blackmail in Switzerland
The deadline also coincides with the Easter long weekend. While
other people are able to rest on the long weekend, these people are
blackmailing me to focus on my work with Debian, which is a voluntary
activity.
Blackmail is accompanied with a threat of adverse consequences.
In many countries, blackmail is a crime.
Forcing people to work without payment is a crime.
WIPO operates this blackmail with the threat that if I do not
spend Easter reading their insults and sit here working on this response,
they will automatically re-publish insults
and defamation, dragging the name of my family through the mud.
In other words, WIPO are revealing themselves to be a fascist
regime, a lot like those regimes that the European Parliament resolution
is warning us about.
I have already done decades of voluntary work for Debian and free,
open source software and now they force me to work on a public holiday.
The insults misfits submitted through WIPO regurgitate references to
harassment, abuse and 2018, the time when the trial of Cardinal George Pell
was underway, among other things.
Normally, when cases of abuse appear in the news,
the identities of victims, possible victims, witnesses, any other children
who were there and anybody in proximity to the children is obfuscated.
Yet Google, WIPO and Debian seem to be able to do as they please
and spread rumors about harassment and abuse of anonymous victims
in proximity to the volunteer developers.
The WIPO UDRP process makes no reference to how they protect the privacy
of people in proximity to potential cases of abuse.
I contacted various lawyers about the matter, this is an example
of one response from a firm registered with the bar association
in Ireland:
We are a small firm and our resources are quite stretched at this time.
Nonetheless, one of the architects of the cover-up in Melbourne has been
linked to Ireland.
Response being prepared without legal representation
In 2021, my business purchased a legal protection insurance from the
firm Parreaux, Thiebaud & Partners in Switzerland. It turns out this
firm had been operating in Switzerland since 2018 without a license
to sell insurance and without all but one or two staff having a law
license. In other words, from the perspective of the clients, the
Swiss insurance was no better than a ponzi scheme. Even more disturbing,
the Swiss authorities, including the financial regulator FINMA and
the Ordre des Avocats de Genève (Geneva Bar Association)
apparently knew about this since 2021 but didn't close the firm down
until 2023. It is the
Swiss JuristGate affair.
In some countries, like South Africa, home of the outgoing
Debian Project Leader Jonathan Carter, you can pay less than that to
have somebody killed.
No faith in WIPO, the legal panel, conflicts of interest
In the previous WeMakeFedora.org dispute, the ADR Forum
proposed a legal panelist who had a leading role in a trade association
promoting the interests of the complainant.
That particular conflict of interest was very easy to recognize
and the panelist withdrew from the process.
Many of the panelists appear to be associated with companies who
have funded one of the parties and some of them appear to be involved
in groups like the
FSFE Legal Network. At the same time, many of the current
vendettas appear to intersect with both FSFE and Debian at the same time.
Therefore, without being able to determine the extent to which any
particular panelist or WIPO employee is engaged in these other groups,
I do not trust any of them.
Jurisdiction and cultural issues
The WIPO documents specify a jurisdiction for the domain registrar
but the content on the web sites needs to be viewed through the
perspective of different jurisdictions and cultural conventions.
The Debian co-authors today come from a
range of different countries
each having their own legal and cultural expectations about matters such
as copyright, privacy and abuse.
There is a widespread understanding that the free, open source
software community values freedom of expression in the sense of the
first amendment to the US constitution / US Bill of Rights.
When people look at the
Debian Social Contract, which includes the
clause (3) We will not hide problems, there is an expectation that
we have all agreed to collaborate under an American regime of transparency
and free speech about organizational issues.
The role of Debian Project Leader has been performed by people from a
range of different countries where norms differ from one country to the
next. For example, Chris Lamb, who started the current vendetta in 2018,
is from the UK. It has been quite normal for the British press to
publish information about the former Mayor of London trying to help
girlfriends get jobs in the public service. Asking similar questions
about women who won internships in proximity to Chris Lamb feels entirely
compatible with the convention followed in British society.
In other European countries, such as Germany and Switzerland,
there seems to be far more emphasis on protecting the reputations
of those who are party to such affairs such that the whole affair
is often hidden from view. There is a perception that people from
these countries want to have their cake and eat it too. They
demand privacy for themselves but they still lurk on the
debian-private mailing list and chat channels spreading rumors
about the rest of us. They want to download and use the software without
paying for it and they don't even respect the principles of the developers.
The FSFE is even using a name derived from the American FSF, it
is feels like
a case of identity theft,
but at the same time they are snubbing freedom of expression.
Content that appears to be inconvenient for an entirely
German online community is quite valid in an online community claiming to
adhere to an American style of discourse.
Similarity of the domain names
It is clear that most of the domain names are either identical to
the trademark or they contain the trademark.
Total similarity is completely normal and inevitable because the
misfits behind the WIPO insults and I are all collectively co-authors
of the same Debian software that is identified by the trademark.
Some of the names, such as debianproject.org may appear
to be particularly audacious. Nonetheless, I do not expect the
legal panel to be the first to approve such a name. The previous case
D2000-0410 Religious Technology Center v. Freie Zone E. V.
concerned the domain scientologie.org which is totally
identical to the German spelling of the trademark. The case
was decided on the merits of legitimate interests. The
incredible similarity was not a black mark against the choice of
domain name.
It is odd that the misfits have
spent $120,000 on legal cases
to censor domain names but they couldn't think of any of these
names and register them in advance.
Money can buy legal harassment but it seems money can't replace
the creative minds that have abandoned Debian long ago.
Legitimate interests to use the trademark
There are various grounds providing Debian co-authors with a legitimate
interest to use the trademark in a domain name and in other contexts.
Legal counsel representing the misfits have submitted to WIPO
a copy of a previous WIPO censorship decree discussing the
scientologie.org dispute. Therefore, I presume that the
misfits and their legal counsel are aware of the arguments relating
to the scientologie.org verdict
(
WIPO UDRP case D2000-0410).
The outcome in the scientologie.org verdict is that somebody
having a copyright interest in a creative work that shares the name
of a trademark, that person has a legitimate interest in using the
name of the creative work in a domain name and possibly other contexts too.
By submitting the document, they implicitly acknowledge the open questions
from the previous legal panel.
The respondent to the previous dispute was an anonymous non-profit
organization, the Free Software Contributors Association. The
association asserted that some of their members were Debian Developers
wishing to protect their anonymity and privacy. In relation to whether
or not those people are real Debian Developers, the panel wrote:
The Panel confirms that this finding does not imply
that it has taken any view of the ownership of copyright in DEBIAN
software. Indeed, it is unable to do so on the evidence before it.
The panel did not seek to speculate on the names of the authors
contributing to the site but the misfits have been hysterical in
their finger pointing. After stealing that domain, the only thing
they used it for was publishing attack pages. In other words,
they violated UDRP rule 15(e) after the procedure had completed.
These two lines from that panel are significant and as the misfits have
submitted this document in support of their demands, with the help of
legal counsel, we are surprised they have not tried to answer that question
proactively. It appears that they don't care too much about documenting
and protecting the exclusive economic rights of a copyright owner or
the moral rights of an author.
On the distinction between the exclusive economic rights of a copyright
owner, I note that none of us Debian Developers, being the co-authors
of Debian, have ever been asked to assign our rights to any third-party
copyright owner. The misfits have not submitted any evidence purporting
to prove that such an assignment did take place. Therefore, there is no
copyright owner having exclusive economic rights over the Debian software.
By default, the rights rest with the authors who did the work. Despite
having clearly
read the panel's comments, the misfits have not submitted any evidence
claiming that any such party exists with exclusive economic rights
as a copyright owner of the Debian software.
Legitimate interest: a very long history of voluntary contribution
Some of us started doing Debian as a hobby alongside other hobbies
such as amateur radio. One of the early Debian Project Leaders,
Bruce Perens, also notably came to Debian for amateur radio purposes.
I passed the amateur radio exam in 1993,
when I was 14 years of age.
My first years of voluntary activities in amateur radio and free software
were during a time when I was legally a child. I didn't receive any
payment for some of those activities. I offered my time on the basis
that I was gaining skills and helping real communities.
Around the same time, while I was still legally a child, I came to
appreciate the fact that there are some adults who exploit talented and
precocious youngsters by trying to direct the work that is being undertaken
and failing to disclose or share financial benefits.
The Debian Project constitution was originally published on
10 September 1998,
some time later.
The trademark was only registered later on 21 December 1999
Looking at the Scientologie.org UDRP verdict, the panelists
gave some weight to those possessing a copyright interest that predates
the registration of a trademark or a copyright interest arising from
a situation that intersects with the history of the trademark.
Legitimate interest: the Debian license statement
Oddly enough, Debian documents and files in a Debian system refer
to the licenses of the individual packages being distributed. It
was hard to find an actual example of a copyright statement or
license for Debian itself as a collective work.
The
Debian Project constitution of 1998, referred to above,
encourages Software in the Public Interest, Inc to register a
trademark. It says nothing about copyright in the existing body of
work.
Here are the words from the original constitution:
Since Debian has no authority to hold money or property, any donations for the Debian Project must be made to SPI, which manages such affairs.
SPI have made the following undertakings:
1. SPI will hold money, trademarks and other tangible and intangible property and manage other affairs for purposes related to Debian.
So people can donate intangible property like copyright to SPI if they make a personal decision to do so. The constitution did not oblige us to make such donations/assignments.
This situation is well known in open source software development.
Some companies ask their contributors to sign a Contributor License Agreement
or an assignment granting all their rights to a central entity with
exclusive copyright.
Such an assignment can't take place through a majority vote, such an
assignment or transfer of rights to a single entity would require
the unanimous consent of every single author who ever contributed
to Debian. In the case of those authors who are deceased, we would
need to obtain consent from their estates.
Continuing the search for a Debian license,
on the ISO installation media, I found the file
isolinux/f10.txt which contains the very brief text:
COPYRIGHTS AND WARRANTIES
Debian GNU/Linux is Copyright (C) 1993-2016 Software in the Public Interest,
and others.
The Debian GNU/Linux system is freely redistributable. After installation,
the exact distribution terms for each package are described in the
corresponding file /usr/share/doc/<packagename>/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
It asserts that copyright is owned by Software in the Public Interest,
and others. Most of us are individual private volunteers and we
have never personally chosen to grant or assign our copyright interest
to Software in the Public Interest. I became curious about who put
this statement into the ISO image.
Debian is a collective work under the above US copyright law.
The work was initiated in 1993 by Ian Murdock in the United States.
In a Collective work (US), the authors (or co-authors) are selecting works
from third parties and arranging them into the final product, Debian,
a collective work. The decision making process that involves selecting
third party works and the decision making process that involves
arranging the third party works gives rise to the moral rights
of authorship in the Debian collective work.
The “authorship” in a collective work comes from the original selection, coordination, and arrangement of the independent works included in the collective work.
In the Debian world, the independent works are referred to as "upstream" source code. The authors of independent works are referred to as "upstream authors" or just "upstream".
The Debian maintainer guide describes the process of jointly selecting the independent works for inclusion in Debian. In particular, co-authors are required to create a public "Intent To Package" (ITP) report in the bug tracking system (BTS) so that other co-authors can discuss the merits of the selection decision. The requirement to engage in a shared discussion for every selection decision gives rise to joint authorship rights.
Moreover, the person who creates the package importing the independent work into Debian is required to create a manifest describing the inclusion of the independent upstream work. This manifest is the debian/control file. The Debian Policy Manual provides a list of fields in the debian/control files.
Some of these fields are dedicated to the coordination and the arrangement of the independent works within a Debian system.
Coordination of the independent contributions: the package dependency fields describe the relationships between packages that have to be installed together or which conflict with each other. In many cases, when a library package is a dependency for other packages, we have to ensure that the version of the library package in Debian is compatible with the dependent packages. We have a formal process of coordination in this case, the Transition process. Populating the dependency fields in the debian/control file and participating in a Transition process, either as the producer or the consumer of a dependency, are examples of coordination of the independent works from upstream authors.
Here are some examples where I personally engaged in these actions:
The fields Section and Priority impact the arrangement of the contributions from the perspective of the user. The person completing the values in these fields is engaged in the process of arrangement of the contributions in a collective work.
Therefore, the development of Debian includes features of
both a collective work and a work of joint authorship at the same time.
Moreover, due to processes such as library transitions, NMU and our
system of voting on certain decisions, any co-author may influence the
way that other co-authors are integrating the independent upstream works
into Debian. This cross-pollination of ideas and effort is a well known
feature of Debian. In other Linux distributions, the developers are
a little bit more siloed from each other.
Every two years, an official stable release of the Debian software
is released to the public. This process of releasing involves
declaring a version number that corresponds to a particular subset
of the contributions that are in a working state at the time of the
release. Even if a Debian Developer's contributions are obstructed
from inclusion in future releases, or if a Debian Developer commits suicide,
their work is still present in all the past releases that have been
published.
My own contributions are included in a number of these Debian releases
over the years.
This
report finds my name in changelogs and copyright files.
There are 21 pages of results.
Shooting themselves in the foot
To declare that the Debian Developers do not have authorship
rights at all would be incredibly de-motivating.
Future volunteers may be deterred from contributing their
intellectual property and their time.
Legitimate interests: the Debian family fallacy
Debian oligarchs repeatedly tell us that we are all a family.
Harry and Meghan were asked to stop using their
His/Her Royal Highness (HRH) styles.
Harry was banned from
wearing military uniform at the funeral of the late
Queen Elizabeth II. Yet they still have a legitimate interest
in using the family name, Windsor.
If Debian really is a family, and it certainly isn't an employer,
we can all use the family name even if we are not willing to live with
each other in the same castle.
Legitimate interests: the promise of recognition
The misfits behind the WIPO insults do not pay the rest of us anything
for our collaboration in creating the Debian software.
They told us that the only thing we get in return for our creations
is the recognition.
They are now using the debian.org web site and the trademark
to give people negative recognition. This is like bouncing a cheque.
In the circumstances, it seems entirely appropriate for me to follow
through on the promise of recognizing people. The misfits have provided
a list of the domains along with the dates that each domain name was
registered. On the list, the name debian.plus is the first
name registered. debian.plus was registered for the purpose
of delivering on the promise of positive recognition to the
authors and our work.
Debian promises recognition, I take the following quote from
the latest Debian law suit where they admit using the promise of recognition
to lure people into working for free:
64. ... un des avantages importants de travailler pour la communauté Debian est la valeur de sa réputation dans le domaine, à la fois professionellement et dans la communauté. ...
The motivations of the authors also are varied, but the coin that they get paid in is often recognition, acclaim in the peer group, or experience that can be traded in in the work place
you are recognized for your contributions ... Did you ever have a boss who takes credit for your work? Not in Debian.
In short, there is a big emphasis on working for recognition instead of a salary. They gave us the promise of recognition and that gives rise to a legitimate interest in using the trademark in domain names for web sites about our work.
Legitimate interests: promoting my creative efforts
The scientologie.org UDRP verdict makes reference to the
promotion of an author's work.
This point was also emphasized by the legal panel considering
previous Debian disputes. The panel wrote:
Unlike the circumstances in Religious Technology Center
v. Freie Zone E. V, supra the Respondent in the present case is not using
the disputed domain name to disseminate information about its
copyright work.
All the web sites that have been started using these domains
involve the promotion of my creative work in a Debian context.
Several of the domain names have been chosen in
recognition to my own work in specific areas of Debian. For example,
the domains debian.chat,
debian.finance and
debian.video have already been
started with information about my work on software relating to
financial software, chat software and video software, as well as
videos about my work.
Legitimate interest: EU whistleblower directive,
raising workplace health & safety concerns
With this authorization, any person who obtains a copy of the
software is entitled to redistribute it.
The DebianGNULinux.org
domain name was registered to do exactly that, to redistribute
copies of the Debian software. This activity has been authorized.
Remarkably, in one of their claims submitted to another tribunal,
the misfits explicitly describe a web site redistributing Debian
as an outrageous crime, despite the fact the DFSG and the license
statement referred to earlier explicitly authorize redistribution of
genuine copies of Debian GNU/Linux.
Such a flagrant violation of the principles in the DFSG appears
to be bad faith on the part of the complainant.
Legitimate interest: use of the logo is authorized
The page describes two versions of the logo, the open logo
and the restricted use logo.
The page gives a free-for-all license to use the open logo.
The logo I am using on pages about my Debian work is the open logo.
Here is the text of the authorization from the trademark holder:
The Debian Open Use Logo comes in two flavors, with and without “Debian” label.
The Debian Open Use Logo(s) are Copyright (c) 1999 Software in the Public Interest, Inc., and are released under the terms of the GNU Lesser General Public License, version 3 or any later version, or, at your option, of the Creative Commons Attribution-ShareAlike 3.0 Unported License.
Legitimate interest: use of Debian-themed web page style
The Debian web page style is used extensively on third party web sites
run by individual co-authors and volunteers.
At the bottom of every page on the main
www.debian.org
web site there is a link to a dedicated page about the licenses
(authorization) to re-use the theme and content of www.debian.org.
Since 25 January 2012, the new material can be redistributed and/or modified under the terms of the MIT (Expat) License or, at your option, of the GNU General Public License; either version 2 of the License, or (at your option) any later version (the latest version is usually available at https://www.gnu.org/licenses/gpl.html).
Work is in progress to make the older material compliant with the above licenses. Until then, please refer to the following terms of the Open Publication License.
This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, Draft v1.0 or later (you can read our local copy, the latest version is usually available at http://www.opencontent.org/openpub/).
“Debian” and the Debian Logo are trademarks of Software in the Public Interest, Inc.
The complainant publishes the source code for the web site theme.
This makes it easy for anybody empowered by the above license to download
the theme and use it when creating their own site.
At the bottom of every page on Debian.org, they promote
the source code for the web site with a link text
"Web site source code is available".
The misfits have been making gossip against my family and I long before
I registered any Debian-related domain names.
Notably, they use the Debian trademark and the Debian.org web site
to add weight to their vendetta to humiliate volunteers and our families.
They censor, threaten and blackmail anybody who dares to challenge
their vendettas. "We are humiliating Bob this week, you can't talk to him
or you are next".
That is what it looks like when misfits blackmail other volunteers.
Therefore, to respond to the vendettas published on Debian.org
by operating similar web sites containing the name Debian
feels entirely reasonable and proportionate as a right-of-reply
by any co-author.
Bad faith: by the complainant, not me
For a UDRP case to be successful, in addition to proving that there is
similarity to the trademark and if the complainant somehow proves that there
is no legitimate interest whatsoever, the complainant must also prove that
there is bad faith in the use of the domain names.
In this case, I believe the test for legitimate interest has already
been satisfied and therefore, when legitimate interest exists, the panel
does not make any inquiry into whether there is bad faith on the part
of the domain name holder.
Under the UDRP Rule 15(e), it is also vital for the legal panel to consider
whether the complainant themselves is harassing the domain name owner or
acting in bad faith. In other
words, whether the complainant has deceived the panel,
whether a complaint has been brought for the purpose of
harassment or whether the complaint is part of a broader pattern
of harassment against the domain name holder.
Therefore, I simultaneously examine the attacks the complainant
is making against my family and I, demonstrating not only that they are
unjustified but also that by making these attacks, the Debian misfits
themselves are clearly engaging in harassment and bad faith behavior.
Bad faith: no communication before opening the WIPO UDRP procedure
The misfits did not make any attempt to contact me and propose
a solution to the conflict. They unilaterally opened a dispute through
the UDRP.
There have been many opportunities for them to communicate with me
like a human being. They talk about Debian being a
"family" but
they pack together like gang rapists to pick off developers one
at a time and attack us.
They are bypassing any normal human communication because they
want to cause the maximum amount of stress. They want
WIPO to publish the name of my family in a negative context more than
they want any of those domains.
In such circumstances, they prove they are committing the act of
harassment under UDRP rule 15(e)
Bad faith: lawyers get the lifejackets, Abraham Raji gets none
In January 2023, I published a
picture of our crew rowing Head of the Yarra. The guy sitting
behind me won the award for Emergency Practitioner of the Year.
He is just the type of person you would want to have around if
somebody went missing in the water. But in all the years we did
rowing, I don't remember anybody going missing.
A few months after I published that photo and
Abraham Raji
disappeared and drowned on the DebConf day trip.
According to the
Wiki page for the day trip,
volunteers participated in a series of activities throughout the day.
To participate in the final activity, the kayak, the volunteers were
expected to pay an extra fee. People not paying the fee would be
left alone to swim like Abraham Raji.
In Australia, we all learn the basic rules of swimming. Never swim
alone is one of those rules. Swim in the marked swimming areas.
Debian people like to reinvent the wheel and find their own way
of doing things. The DebConf organizers are particularly bad at this.
People are constantly bike shedding about the costs of minor things.
They tell the foreigners from poor countries that they have to
pay their own visa fees. They expected the Indians to pay
the supplement for going in a kayak, which comes with a life jacket, or
be left alone.
But according to their own records, they paid over
$120,000 to lawyers to attack my family and I. Paying the
lawyers was more important than providing supervision or life jackets for
victims like Abraham Raji.
Given this vendetta has drained so much of the budget that somebody
was left without a lifejacket and he died, it is clear to me
that this vendetta is brought in bad faith and it violates UDRP rule 15(e).
Bad faith: attacking a volunteer at a time of grief, disrespect
for the sanctity of human life
The complainant admits they began attacking my family and I
in 2018 (evidence: screenshot of doxing messages from Chris Lamb
further below). This was a time when I lost two family members and it was
a disturbing time for my family and I for a range of reasons.
I told fellow collaborators that I couldn't fully commit to some
of my voluntary responsibilities at that time.
(email to Molly de Blanc)
At the same time, one of the issues causing controversy is the
appearance of a Debian suicide cluster or an open source software
suicide cluster. The attempt to minimize attention on individual
suicides also has the effect of minimizing discussion about whether
the combined body of deaths form a cluster. Public health authorities
define three or more suicides as a cluster. The
public health authorities advise that clusters need special attention
to avoid the risk of further deaths.
Moreover, given the way that the Debian deaths intersect with
my own family life, including the unexplained
death of Adrian von Bidder on the day of our wedding,
a possible suicide,
the grief and toxicity associated
with these phenomena have inevitably become intertwined.
This phenomena should be examined from an independent perspective,
with a focus on the issues and not trying to misdirect attention towards
a volunteer who expressed concerns about it. Forcing an individual
volunteer to write about such phenomena under the threat that WIPO
will denounce me is abhorrent.
Given that we already have this unexplained Debian death on the
very day of our wedding, which is a huge scar, how can they possibly be
imposing more scars upon my life with the continued burden of public
harassment on the Debian web site and through WIPO? It is too much and
it has been going on for too long.
Therefore, the bad faith is entirely on the part of those bullies
forcing the matter before WIPO.
Bad faith: psychological torture / cybertorture
In the role the community elected me to perform, I gave people
accurate assessments of the FSFE as an organization. The people
caught doing the wrong thing responded with personal attacks on my
family and on me as an individual.
It is entirely correct for us to scrutinize the functioning of a
group or organization like that. It is wrong for such groups to turn
on an individual volunteer.
Prof Nils Melzer, United Nations Special Rapporteur on Torture and
Other Cruel, Inhuman or Degrading Treatment or Punishment has published
a report on the practices of cybertorture and psychological torture.
An earlier blog post examines the phenomena in Debian.
The insults submitted by the misfits write about excluding
people. We saw similar tactics in the case of the
"hooded men" in Northern Ireland. The obsession with excluding
and isolating people, which comes up frequently in online discussions
between the enforcers, is truly evil.
The defamation and insults created by the Debian misfits focus on
a period when I lost two family members. By making repeated references
to that period in 2018 they are seeking to trigger and exploit feelings
of grief. This is the sort of deliberately cruel behavior envisaged
by the UN special rapporteur.
Given that the misfits used WIPO and the UDRP to transmit documents
targetting a period of grief, this is an example of a complaint brought for
the purposes of harassment in violation of UDRP rule 15(e).
Bad faith: intent to use the domains for vendettas
The misfits provided a copy of a previous UDRP censorship decree
for a domain they seized. After seizing the domain, the misfits
have not used the domain for any original purpose. They are only
using the domain to publish insults and attacks against my family and I.
Therefore, it would be reasonable to assume that any domains censored
by this new UDRP case will also be weaponized against me.
Given that they have already behaved like this before, with their
use of debian.community, it would be no surprise if they
continue that behavior with any other domains they steal. Therefore,
their intention is to harass me, as prohibited by UDRP rule 15(e).
Bad faith: voluntary work intertwined with our lives
The work we do as open source software developers intersects
with many other aspects of our lives.
For example, when we participate in other voluntary groups in
the real world, we often help them with their technology requirements.
The solutions we provide often involve Debian and other free software
products. When misfits start spreading rumors from Debian into social media
networks, this is harmful to other groups where we participate and
at the same time, it is harmful to our own personal lives,
the places where we go to socialize away from our computers,
the places where we go to exercize and so on.
This intrusion on multiple aspects of our lives, both professional
and personal, is not by accident, it has become a deliberate intention
of the rogue leadership figures who engage in publicly
humiliating volunteers.
Therefore, given the impact that public denouncing us has on our
lives, it is harassment and it violates UDRP rule 15(e)
Bad faith: suicide, stigma and tarnishing
WIPO panelists are asked to consider whether the content of the web
sites tarnishes a trademark. There is clearly a lot of stigma around
suicides. It is inevitable that some tarnishing may occur when
suicide is mentioned.
Nonetheless, the panel needs to consider whether tarnishing is the lesser
evil.
The factual revelations of a
Debian / open source suicide cluster do run the risk of tarnishing
the Debian trademark, I am not going to dispute that.
Yet the panel can not automatically conclude that tarnishing is
done in bad faith. If the reason for publishing evidence related to a
suicide cluster is in the interest of public health and preventing more
suicides then it looks like tarnishing but it is NOT bad faith.
Given the nature of suicide, there is simply no way to publish
these public health concerns without the counter-accusations of
tarnishing.
In responding to the previous case of UDRP harassment by IBM Red Hat,
in relation to the domain name WeMakeFedora.org,
I made reference to the Holmes and Rahe Stress Scale.
The loss of a family member is one of the highest events on the scale,
between 63 and 100 points. Significant attacks on the business, career
or professional reputation are rated between 39 and 47. It is suggested
that when these events and scores combine, for example, through bad luck
or persistent harassment, overall scores over 300 are highly likely to
have an impact on health. In other words, there is a higher risk of
illness, accident and suicide for people subjected to stress of this
level.
The complainant is clearly aware of these arguments from the prior
WeMakeFedora.org case so their decision to embark upon
a copy-cat case and deliberately submit documents referring to 2018,
the specific time when I lost two family members, appears to be
a reckless and deliberate attempt to knowingly impose more pain on my family
and I. Therefore, it is clearly a violation of UDRP rule 15(e),
harassment and bad faith by those who initiated the procedure.
Bad faith: concealing risks to children
When IBM Red Hat submitted their case in the UDRP, they included as
evidence an example of content from the WeMakeFedora.org
web site. The example included five blog posts and one of those was
a blog that had originally been published by me and then automatically
syndicated by WeMakeFedora.org.
The blog that IBM Red Hat complained about and therefore wanted to
censor was the blog post
Google, FSFE & Child labor.
FSFE is a non-profit puppet organization jointly funded by Google,
IBM Red Hat and other large corporations.
There are a subset of Debian co-authors who are also associated with
FSFE.
As the community had elected me as the FSFE Fellowship representative
and as I had concurrently been a mentor and administrator in programs
like Google Summer of Code (GSoC) and Outreachy, I had an important
role to play documenting the risks to children.
At the same time these risks to children began appearing in the world
of open source software, the criminal procedure against Cardinal George
Pell had been unfolding in Australia. As it turns out, a family member,
some years younger than me, had been in the choir at the time that the
late Cardinal Pell was Archbishop of Melbourne.
I had personally been an officer of the National Union of Students
(Victorian state branch) in 1999. As far as I can tell, I was the most
senior student representative having contact with somebody in the choir
at the very
time that the late Cardinal was in charge. When I saw risks to children
around the open source software world, how could I not express concerns?
I had started doing voluntary work as a GSoC mentor in 2013. Therefore,
I had five years experience of these programs when I came across the
problems in Albania in the latter part of 2017. I used internal channels
to raise concerns about the risk to minors.
Complainants knew my concerns were based on long standing experience
and on personal exposure to these situations. While credible organizations
would have found a way to deal with these matters diplomatically, the
complainants are simultaneously trying to both censor me and discredit
anything I have to say about these risks.
The fact that IBM Red Hat cited the child labor blog in their UDRP
submission shows that is what they were trying to cover up. Their
UDRP complaint was ruled an act of bad faith.
The fact that I had both privately and publicly expressed concerns about
the risk to children and the timing of Debian's UDRP action coincides so
closely with IBM Red Hat makes me feel they are seeking to censor and
undermine exactly the same concerns about risks to children.
Looking at the way the FSFE's child labor program progressed,
we can see that when the program finished, FSFE obfuscated the
full names of the children who did the work. These children clearly
have a copyright interest in the work they created. In other fields
of endeavour we can see children receiving credit for their work
under their full name. For example, look at the Jackson Five,
where
Michael Jackson began performing under his real name from age five.
The French pop singer
Marina Kaye (a stage name) appeared under her
real name Marina Dalmas on France's Got Talent when she was thirteen years old.
Yet the children who wrote code for FSFE are not given credit under
their full names.
Only their first names were published.
The trial of Cardinal Pell never proved whether abuse took place.
What has been confirmed by medical evidence is that one member of the
choir began substance abuse at approximately fourteen years of age.
There are multiple possible explanations for the substance abuse. For
some of the boys, participation is a burden and they never sing again
after graduating from the school.
The choir was associated with the pressure of maintaining a
scholarship at one of Australia's most expensive schools. The FSFE
YH4F program involved the pressure of competing for a financial prize.
When somebody like me with exposure to both of these situations expresses
concerns, why are these organizations so desperate to cover it up?
The internal reports I submitted about harassment of women and
risks to minors in 2017 are contemporaneous evidence of what really
went on in proximity to the Outreachy funding in high risk countries
like Albania. I was often the only mentor to personally witness the
behavior of local men and women in these groups.
In 2013, when the Australian government sought to humiliate
Iranian women and migrants with a video, I loudly resigned my membership
of the party. This was nine years before the rest of the world took a
serious interest in the plight of Iranian women protesting against
a headscarf Code of Conduct. Even more telling, my written concerns
put the mistreatment of these women in the same category as the alleged
abuse in the Catholic church. The concerns were
captured by Crikey.
Given my personal involvement as a witness over many years, my track
record of being right about these things, sometimes well ahead of time
and the track record of organizations trying to silence people who raise
concerns about abuse, the attempts to discredit my testimony about these
matters in proximity to GSoC and Outreachy is itself the act of bad faith,
a violation of UDRP rule 15(e).
Bad faith: companies trying to keep the real abuse reports in-house
In the world of free and open source software, we have the unique
phenomena of corporate employees working side by side with
developers who work for competitors and also the unpaid volunteers.
After the commmunity elected me as the FSFE Fellowship representative
in 2017, I began to receive significantly more detail about wrongdoing
that goes on in the world of free and open source software. It is
understandably surprising and disturbing for some of the larger companies
to discover that these reports about their employees were going to an
external volunteer and not to their in-house human resources department.
It is a useful moment to compare this situation to how it worked
in the institutional abuse crisis. Australia's Royal Commission published
many of the internal documents from the institutions concerned.
One set of meeting minutes from the Archdiocese of Melbourne stands out.
The Personnel Advisory Board (PAB), a group of highly trusted clergy
who assist the Archbishop with the appointment of clergy to different
roles, has realized that their board is too big and they need to create
smaller sub-groups to handle the more sensitive cases.
Father X____ raised the question of how much is told to whom.
Father X____'s name appears frequently as somebody involved as an architect
of the cover-up. His parish web site notes that
he went into retirement in 2016. Coincidentally, that was
the very moment the Royal Commission was seeking answers from
Cardinal Pell.
Miraculously, Father X____ reappeared very briefly in 2023 to give
a sermon at the funeral of a relative in a tiny village that few people
would have heard of outside the state of Victoria. The following month,
three people from that obscure village died in a mysterious mushroom
poisoning that made headlines around the world.
Here is a snippet from the sermon, the man who moved pedophiles not
only from one parish to another but also from one institution to another.
He mentions a family connection with
a former superintendent of An Garda Siochána (the Irish police).
By moving known pedophiles around, Father X____ enabled more abuse
to take place and this resulted in more lives destroyed by overdoses
and suicides.
Those seeking to discredit a former community representative
are acting a lot like the institutions in the abuse crisis.
As the WIPO UDRP guidelines tell us, anything that tarnishes the
brand of Debian or the church has to be censored and covered up.
They are seeking to remove, censor and discredit me simply because people
told me things I wasn't supposed to know. They would have preferred
that some of these issues with women and children were only known
to a select group of people appointed by the companies, just
as the Personnel Advisory Board sought to limit knowledge of certain
matters to the smallest possible sub-committee of clergy.
While the move to keeping information in-house is understandable
and many companies even have an obligation to do so due to
the privacy rights of their employees, it is not acceptable that
they retrospectively punish me for my knowledge of these things. If
punishing me or discrediting me for that role is part of their objective,
they are the ones behaving in bad faith, violating UDRP rule 15(e).
Bad faith should not be alleged against an individual volunteer
Working in IT, our personal reputations for integrity are essential
for us to feed ourselves and support those who depend on us.
A bad faith finding is likely to cause significant harm to a volunteer's
ability to seek employment, obtain credit and enter into insurance contracts.
There have been complaints that WIPO panels have been making bad faith
findings in cases that are ultimately about political speech rather than
integrity of the publisher. This is very dangerous for personal victims
of such findings and those who depend on such victims.
Moreover, using the bad faith verdict arbitrarily cheapens the
meaning of the term bad faith.
It seems incredulous that a vindictive trademark owner can pay
$1,500 to WIPO to make such an attack on a volunteer that will
destroy that person's future and cause significant harm to those
around them.
It is even more abhorrent that they can do such a thing to somebody
who has contributed decades of voluntary service and to somebody suffering
the loss of two family members at a time of grief.
Scrutiny should be turned around on those organizations who are
exploiting our work and then menacing volunteers with the
total loss of our livelihoods.
Bad faith can't be alleged when following a precedent
If a domain name holder has been motivated to register and
use a particular domain name based on the logic of previous UDRP
decisions, it would be very unreasonable to find the domain name
holder is acting in bad faith.
There was widespread discussion of the scientologie.org
verdict last time there were disputes about Debian domain names in 2022.
Based on those discussions and my new awareness of the
logic behind the scientologie.org verdict, I felt that I had
very reasonable grounds to register some Debian domains for the
purpose of promoting my work in Debian and for promoting Debian,
our collective work, as a whole.
Given that I was motivated by the precedent from another WIPO
panel and there are good reasons for me to feel that I have
legitimate interests on the same grounds, as somebody with a copyright
interest, it is entirely unreasonable to accuse me of bad faith.
Looking at the list of open disputes in the
WIPO UDRP case search,
I can see that the list of domain names in dispute only has one
thing in common: they are all owned by one person, me.
It is clear they are not concerned about the content, they are
concerned with attacking the person, me.
Moreover, this ad hominem attack behavior has started before the
registration of the domains and before the complaint. For example,
the defamation statement submitted by the complainant is another
example of an ad hominem attack. The statement is dated 2021,
before all but one of these domains were registered. It shows that the
complainant has a history of making ad hominem attacks with
an intention to harm my family and I.
An ad hominem use of the UDRP process is therefore harassment
by the complainant and a violation of UDRP rule 15(e).
Bad faith: complainant seeking revenge for whistleblowing about bad
faith
Insults submitted by the complainant as evidence show they started
harassing my family and I in 2018.
If we drill down, we find they started this harassment in September
of that year.
In April 2017, the FSFE members elected me as their Fellowship
representative. There is a significant overlap between members of
the FSFE (approximatley 1532 people at the time of the election)
and co-authors of the Debian software.
If you hire an engineer to inspect a used car, you would hope that
they would be able to verify basic things like the authenticity of the
serial number (VIN) on the vehicle chassis. As the elected Fellowship
representative, I had an obligation to report the FSFE was not what
it claims to be.
The money that volunteers and private individuals have contributed
to FSFE over the years is far more than the value of most used
cars. Therefore, in the case of FSFE, there is both evidence
of bad faith and there is quantitative evidence,
the financial reports,
showing us the impact of that bad faith.
The attacks against my family commenced immediately after I published
the evidence of bad faith by FSFE. The email was sent to the LibrePlanet
list on 11 September 2018 and the attacks began about one week
later, as shown by the date of the email from Chris Lamb below
on 20 September 2018.
The attacks against my family and I are a predecessor of this
harassment through the UDRP. It has been a continuous pattern of
harassment over six years now. It appears that this harassment,
of which the UDRP insults are just the latest instalment, is part
of an overall reprisal for the reports I gave the community in
my capacity as the Fellowship representative.
Using the UDRP to insult and harass a volunteer community representative
as a reprisal for performing their duties is clearly an act of
harassment and bad faith as anticipated by UDRP rule 15(e).
Evidence: email from Mirko Bohm: I would like to thank you for your contributions to FSFE and for your commitment not to shy away from asking the difficult questions and calling out the need for change where it exists.
Bad faith: complainant reneges on their own Diversity Statement
The pack adopted the Debian Diversity Statement by a General Resolution in which all the co-authors were invited to vote.
The Diversity Statement begins with the line:
The Debian Project welcomes and encourages participation by everyone.
The insults that they submitted with the complaint, the defamation
statement created by Donald Norwood in the Debian Press Team, contradicts
their own Diversity Statement which was adopted by a General Resolution.
Such a contradiction demonstrates a significant lack of integrity
and their defamation statement should not be taken seriously.
I informed people that I had resigned from some of my voluntary roles
at a time when I lost two family members. Therefore, their behavior
towards my family and I is not just a plain vanilla violation of the
diversity statement, it is an aggravated violation. It is bad faith.
Bad faith: the complainant is gaslighting about authorship and membership
The complainant appears to pivot back and forth between concepts from
copyright law and from the law of associations.
Consider the case when somebody begins contributing to Debian.
There is no such thing as a "New member" process. Rather, it has
historically been called the "New maintainer" process. We can see that
clearly in the
name of the
debian-newmaint mailing list.
The word "maintainer" primarily implies somebody is doing creative work to
select, coordinate and arrange more independent works into Debian.
Then we have the guide for the
New Member process, which was previously known as the New
Maintainer process. In step 3, explained in that page, the new contributors
are asked to agree to the Debian Social Contract,
the Debian Free Software Guidelines and the
Debian Machine Usage Policy. The former is ultimately about our relation
as authors, not as members and the terms under which we license our
work to the rest of the world.
The new maintainer/member guide doesn't ask people to ratify
their adherence to the constitution. The notion of joining an association,
whether it is incorporated or not, is inseparable from consenting to
be governed by and uphold the association's constitution. The
only people who ever ratified the constitution were
86 co-authors
in 1998 (23% of the developers at that time) who wanted to have
a constitution.
Somebody who did not ask to be a member can't be expelled.
Somebody who is not an employee can't be demoted or sacked.
Yet we have seen some of the leadership figures insist on having
these powers over a
series of victims. The title Debian Project Leader
implies just that: to lead, not to give orders.
The insinuation that concepts of expulsions and demotions can
be applied to co-authors is an example of gaslighting.
Copyright law is very clear: co-authors of a work are
equal. Notions of expulsions and demotions violate
the principle of being equal.
The fact that they are knowingly and deliberately trying to obfuscate
our moral rights as co-authors, giving us nothing in exchange
for the status they are taking away, is an aggravating factor
that justifies the finding of harassment and bad faith against
the complainant.
Bad faith: use of an administrative process to extinguish the moral rights and recognition of co authors
The paper notes that the Nazis used administrative law to
frustrate the rights of authors, just as misfits are using a WIPO
administrative process to harass and intimidate a Debian co-author.
Quoting the journal article:
Despite the fact that written IP legislation in Nazi Germany
did not include specific exclusions for Jewish applicants and authors,
in practice, they were excluded by administrative measures alone
rather than legal ordinances.
The misfits frequently use the same language, the word "exclude" comes
up again and again. Harassment, UDRP rule 15(e)
Bad faith: Debian Trademark Policy never ratified
Debian co-authors have never been asked to individually ratify the Debian
Trademark Policy or any similar regulations.
A trademark policy published unilaterally by the trademark owner
can give people authorizations above and
beyond fair use and legitimate interest. On the other hand,
such a policy can not unilaterally erode the default rights to
fair use and legitimate interest.
Hypothetically, the complainant could ask co-authors to
sign some agreement waiving our fair use rights. This may
happen in the context of employment, where those who receive a salary
agree to forego other rights.
Debianists do not pay us a salary and they did not ask us to
individually ratify any agreement waiving our fair use rights.
They have
never tried to do this. The only agreement they ever asked each and
every one of us to individually ratify is our adherence to the
Debian Machine Usage Policy and to the Debian Social Contract.
Therefore, in my role as a co-author, I am not bound by
any restrictions unilaterally imposed upon us by
the Debian Trademark Policy and only the normal rules of
fair use and legitimate interest can be considered in this dispute.
Moreover, it is bad faith by the complainant to simultaneously insist that
they can expel somebody, which is really a nonsense concept in terms
of joint authorship rights, as such rights can't be extinguished
and then insist that the people supposedly expelled will still
remain bound by rules from above that only apply in the context of
being a member of their clique.
Bad faith: complainant reneges on existing authorizations
As noted in the statements on legitimate interest, the
complainant has clearly authorized many of the things they complained
about.
The Debian Social Contract, which states "We will not hide problems",
authorizes discussion of controversial technical, social and ethical
topics. In fact, it is more than an authorization, it encourages
such discussions and publications. Therefore, their complaining
about what is published on these web sites is itself an act of bad faith.
They authorized use of the logo, as discussed, so their complaining
about use of the logo is itself bad faith.
They put the web site theme and content under the open source licenses,
as discussed above, so their complaining about sites with a similar
appearance is itself bad faith.
Overall, for their claim of bad faith to supercede these authorizations,
they would have to demonstrate some extraordinary acts of wrongdoing,
for example, to show that a web site was using the trademark, domain
name and logo to distribute a virus. They provide no evidence of
such wrongdoing.
Bad faith: the complainant's evidence
They submit many boilerplate documents containing copies of
the domain and trademark registrations. On top of that, they
only submit three other documents.
One of those is the copy of a judgment from a previous Debian
dispute. The judgment expresses concern about some specific images on another
web site. The complaint does not provide any examples of those
images or any similar content on any of my own Debian web sites.
Therefore, this judgment can't be extrapolated to content on my
own web sites.
They provide a copy of biographical information about me from
my company web site. This is not published on one of the domains
in dispute so it is not relevant. By providing this, they are insulting
me. Looking at the very first archived copy of an email from
the debian-project mailing list in 1994, we
find that Debian co-authors are using the term
Debian Developer four years before there was a trademark. That is
four years before the Debian Project constitution. The term
Debian Developer is completely valid
for somebody who has done significant creative work over many
decades. In plain English, the term Debian Developer can mean
three things: somebody who possesses the skill of creating
Debian software, somebody who has an authorship interest in
the Debian software and thirdly, but lastly, somebody who is
a member of the clique. Copyright law does not require somebody
to be a member of the clique. I never joined the Debian Project
Unincorporated Association, I have always used the term
Debian Developer first and foremost to describe myself as an author with
moral rights in the creative work. Given that they have taken
this text from a web site that is not even part of the dispute,
I feel the legal panel would be best to avoid getting involved
in this aspect of the dispute.
The third document they provide is a defamation they created
themselves. They are clearly hoping to have WIPO republish
insults and defamation to cause some sort of harm to my
ability to work and feed myself.
They allege that there was some issue of harassment
but do not provide any details. They claim it was in the year
2018, a period when I lost two family members. Their insistence
on twisting a knife in my back at such a time only proves
bad faith on their part.
In various ways, we can see that the document they submitted
is a fraud that has the possibility of deceiving the WIPO
legal panel.
For starters, the harassment began in 2017. Even
the year specified in their evidence is wrong. Therefore,
the evidence they are submitting is a deliberate deception that
tries to invert the story.
Here is the internal report about the harassment. The date is 12
October 2017 so the misfits are clearly lying to the WIPO
legal panel. I have redacted the section that identifies
underage victims.
There you have it. The most senior student representative to have
had contact with a member of the choir in the era of Cardinal Pell has
subsequently arrived in Albania and correctly and discretely raised the
alarm about pimps and pedophiles using funds from Mozilla, IBM Red Hat
and other tech companies to bait their child victims and young women.
It is creepy how the complainants deception about the dates and details
mirrors the case of the
Swiss JuristGate scandal. The
Swiss financial regulator, FINMA, has published a summary
of their decision to shut the rogue firm. In the summary
of the decision, not only does FINMA redact the names of those
responsible for ripping off the customers, FINMA even redacts the dates.
One of the reasons FINMA is redacting the dates is to hide how long
the regulator and the bar association really knew about the scandal.
The hidden dates are examined in more detail in my first
blog post about Juristgate. Here is a screenshot from the FINMA
document showing where the year is obfuscated / redacted:
The FSFE
Fellowship elected me as a community representative in April 2017.
Shortly after that, women in Albania confided in me about the incidents
of harassment. I traveled there again to help organize a MiniDebConf
and Fedora Women's day and in the process, I became a witness to
acts of harassment and a serious possibility of underage abuse.
All of this clearly began in 2017 but the defamation created by
Debian seeks to obfuscate the year and the source of the harassment.
They completely fail to thank me for the effort I made supporting
these women. This was an effort above and beyond what had
been anticipated when I volunteered to speak at the conference
in Albania.
At the time, I had confided in the women that I was watching
these matters very carefully because one of my cousins, who is much
younger than me, had been in the St Patrick's cathedral choir
during the time Cardinal George Pell was Archbishop of Melbourne.
The Pell case was one of the most high profile allegations of abuse
in the Catholic Church. The Royal Commission notes in their
report that of 15,000 victims who contacted them,
the Catholic Church was implicated in far more cases than all the other
religions combined.
In the meantime, Carla had also written about her eating disorder
on her web site. Research estimates that at least thirty percent
of women with these conditions have been victims of harassment or
abuse in childhood.
Various people appeared to resent the fact that women had given
evidence about an (IBM Red Hat) Fedora Ambassador and Mozilla
Tech Speaker to an independent, elected community representative
who was not under any obligation of confidentially to the companies
funding the Albanian groups. In other words, these companies
would have prefered to see the women reporting scandals through
internal company channels.
Shortly after I received this information from women, the FSFE
revised their constitution to
remove their annual elections and
ensure there would never be any other community representative again.
The complete removal of the election and the representative position
proves that this wasn't about any failing on my own part, this was
about the companies behind FSFE wanting to ensure that complaints
about their people wouldn't reach any independent outsider who
might be elected next.
At the end of the process, Mozilla produced a report about the
harassment. I have never been given a copy of the report and
the complainant has not submitted the report either. I don't
feel the complaint should be taken seriously at all unless all
parties, including the legal panel, are granted access to all these
original, contemporaneous documents about the origins of the
harassment and my support for the victims.
Meanwhile, at the very same time as the Cardinal Pell trial
was progressing in Australia, family and friends were shocked to
see mysterious references to abuse circulated on social media.
I don't even have any social media accounts myself so I only
started hearing about these character assassination plots
from witnesses who saw the smears. Cardinal Pell was convicted in December
2018 and a few weeks later, in January 2019, Joerg Jaspert of the
Debian Account Managers team put
mysterious references to abuse in one of our
Debian source code repositories.
One of the findings from the Royal Commission states that
abuse survivors who came forward took an average of 23.9 years to talk about
what happened to them.
Having attended a Catholic school in the same neighborhood and
having multiple connections with fellow alumni and the diocese, it
would not be a surprise for me if any one of the people I know
might reveal themselves to be connected with the scandal at some
point in the future.
Moreover, two of my cousins passed away far too young.
It is so shocking for me to see how these dirty men are playing these
games with the subject of abuse.
At the time that Joerg Jaspert started making these privacy
violations, he was on the school council at Dalbergschule in Fulda, Germany.
Local magazines published a photo of him in a Debian t-shirt
with other parents Claudia Beck and Ina Riechert.
How can the other parents and staff trust this dirty man with
any sensitive topics when he runs around spreading gossip about abuse
in the debian-private world?
Given that background, I find it abhorrent that these silly
people claim to be victims of abuse when what really happened
is they got caught doing the wrong thing. By claiming to be
victims of harassment and abuse, by hijacking and distorting
the language of sexual misconduct they are asking us to exhibit the same
sympathy for long-distance peeping toms at Google as we would for those
15,000 child victims.
Here is another example of Debianists pretending to be
part of the sexual crimes detective unit and circulating
gossip as if it was truth. The email is written by Russell Coker, a
Debian Developer in Australia, half way around the world from
where the rumors started in Berlin. How could he write such
forceful words about Dr Appelbaum when it is something he had no way to see?
This shows how Debianists use their titles and their trademark
to make stuff up and then give weight to defamation.
This type of rogue behavior makes it even harder
for the community to know when real victims take the difficult step
of coming forward with real reports of abuse.
Bad faith: deliberately conflating different types of harassment and abuse
The complainant frequently raises concerns about "harassment"
and "abuse" whenever somebody asks a question they don't want to reply
to.
Yet it doesn't stop there.
Not only do they claim to be victims of "harassment" and "abuse",
they deliberately seek to conflate different meanings of these words.
It works a bit like the game of Chinese Whispers.
The classic example was the lynching of Dr Jacob Appelbaum.
One person posted messages about "harassment". Somebody else who wasn't
actually there extrapolated that into "sexual harassment". Then another
person who was all the other way over the other side of the world in
Australia forcefully writes that it was a "rape".
The word "abuse" is used in much the same way. Somebody asks
a question about the bank account. The question is disparaged as
an unqualified example of "abuse". Later, somebody adds a prefix,
people mention "sexual abuse". But there is nothing sexual about
asking why somebody's girlfriend got paid to do work that other
volunteers do for free. We saw them using this word game in
relation to Prof Eben Moglen recently.
Not only are they trying to defame the person asking a serious
question but we also have to remember that when people try to
portray themselves as victims of "abuse", they are siphoning off a little bit
of credibility from the real victims, like those incredibly young boys
and girls who made complaints about institutional abuse. The pretend
victims and their antics dilute the credibility of the real victims.
Most healthy people are turned off by discussions like this. Yet
there is a subculture around Debian, a subgroup of volunteers who appear
to take some voyeuristic interest in making these word games with references
to abuse, the type of thing we see in the blog post by Matthew Garrett.
Just how did Garrett become an expert on abuse?
These comments about the phenomena may appear quite strong and
defamatory at first glance but the evidence is already public. Have
a look at the controversy about the package with the name "weboob".
According to reports, the source code is laced with crude references
to women. The package was
discussed on debian-private. Quite a few Debian men,
like Axel Beckert, a system administrator at the ETH Zurich university,
defended the package during his working hours.
Subject: Re: weboob package
Date: Fri, 13 Jul 2018 14:29:58 +0200
From: Axel Beckert <abe@debian.org>
Organization: The Debian Project
To: debian-private@lists.debian.org
Hi,
Jonathan Dowland wrote:
> Yesterday I stumbled across the "weboob" package for the first time,
> which includes a slew of binaries with names similar to the following:
[...]
So what? I don't see any problem with that. (And I don't see why
there's a thread on debian-private about it.)
Regards, Axel
--
,''`. | Axel Beckert <abe@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Develoober, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bad faith: timing of harassment
In each case, we can see that one of the Debian oligarchs has
engaged in some form of behavior that involves bullying or harassing
a volunteer and the disclosures about bullying have only happened
subsequent to that.
The vendettas began in September 2018. The complainant has submitted
their case of debian.community and we can see that the domain
name debian.community was only registered in October 2019,
more than 13 months after the Debian Project Leader started spreading
gossip about multiple volunteers.
In April 2021, I
incorporated a new company to promote
my work. In November 2021, the misfits began distributing their
defamation statement about my family and I as a reprisal. It appears
the misfits are jealous that I could start my own company and they wanted to
destroy it. In Australia, we call this the
Tall Poppy Syndrome.
In June 2021, one of the women was caught trying to start rumors about me
having a relationship with a female intern. The same woman was caught
again trying to start rumors in the same chat channel in July 2022.
In March 2023, I created a web site
Outreachy.Dating with proof that the rumors are false.
I did not spontaneously decide to go and create the
Outreachy.Dating web site. The
site only came into existence as a right of reply to the pre-existing
campaign of gossip against my interns, my family and I.
As already described in a previous section, when we agreed to
create Debian together, we agreed to uphold the Debian Social Contract,
which includes the commitment 3. We won't hide problems.
In 2018 and 2019, oligarchs started hiding the blogs of some co-authors.
The same phenomena occurred in the Fedora Linux community. I have
only had to register domain names like
Debian.News and
WeMakeFedora.org in response to the censorship of some blogs.
I did not just wake up one day and spontaneously decide to create
these domain names, I was motivated to do so because the censors
violated our existing rules of engagement, the Debian Social Contract
and the Fedora Foundations.
Bad faith: Debian's violent history of intolerance
Despite all the grand statements about the Code of Conduct, Respect
and Diversity, the Debian people are highly intolerant.
It has always been this way and there is plenty of evidence.
Consider 2006, the violent expulsion of Ted Walther from DebConf6 dinner
in Mexico. Somebody started a rumor that his dinner guest was a prostitute.
Nobody checked the facts. People physically pushed him out the door and
nearly threw him down the steps.
Instead of spending $120,000 on lawyers, they could have simply
apologized to my family for violating our privacy. But they are paying
all this money to rewrite history. They are paying the lawers all this money
to insist that the petty little word choice issues that their small minds are
preoccupied with are more significant than things like the death of
my father.
Bad faith: blackmailing people to disclose personal and private information
Whenever people come across the Debian smearing campaign through
social media and they ask me about the rumors of harassment and abuse,
the first things that come to mind are those cases that arose at
the time. The poor behavior I witnessed towards women from Albania,
Carla's eating disorder and the prosecution of Cardinal George Pell.
Other volunteers have made similar complaints about being blackmailed
to make public statements and disclose things about themselves.
Kuhn: As such, I'm outing myself here first (primarily) to disarm his ability to use what he knows about my sexual orientation against me.
In 2019, we saw that Dr Norbert Preining was blackmailed to
write a self-deprecating forced confession on a public mailing list.
When I saw that Dr Preining and I had been subject to similar
blackmail tactics, I felt that I was being expected to make
a similar public statement about matters that belong in private.
In the case of Bradley Kuhn, his disclosures relate to himself.
In my own case, in all cases of harassment and abuse where I have
been a witness, it is unthinkable that I should be forced by these
rumors to make disclosures about other people.
Therefore, when I published the Mozilla examples above, I partially
redacted them to avoid revealing the names of underage open source
software victims.
Nonetheless, I didn't voluntarily choose to publish responses
to gossip about abuse. They are using the WIPO UDRP to blackmail
me to publish comments about abuse cases. Therefore, they
are violating UDRP rule 15(e).
Bad faith: destroying our portfolio of work
In some industries, it is common for practitioners to carry
a portfolio of their work. For example, photographers, architects
and similar professionals often rely on such a portfolio to show
potential clients what they are capable of.
In computing, prospective employers and clients look at the
portfolio of our work in Debian and other free software projects.
Replacing that portfolio with insults and defamation is akin to setting the
portfolio on fire.
Once again, this appears to be the intention of the misfits behind
the complaint. By publishing attacks on my family and demanding
a verdict of bad faith, they are trying to further undermine the credit
I deserve for decades of work involving free and open source software.
It is harassment in violation of UDRP Rule 15(e).
Bad faith: how many Debian Developers really committed suicide?
There are 972 Debian Developers listed with the status
"Debian Developer, uploading". These are people considered to be active.
When people resign/retire, their status is changed to "Emeritus".
There are 449 Debian Developers with status Emeritus.
The status "Removed" is distinct from the status "Emeritus".
There are 272 Debian Developers with status "Removed". This list
includes people who have died, it includes victims who have been
disappeared and it includes people who have failed to respond
to any attempts to communicate. Some of these people may have been
participating under a fake identity. Some of them may have become
fed up with the politics and walked away without saying goodbye.
Some of these 272 people that we can't account for may have joined
the suicide cluster.
With or without a note, in this list of 272 people "Removed",
there will be many more we don't know about because their families
would never think to tell us.
How many of these 272 vanished after some secret humiliation on
the debian-private mailing list?
How many bloggers have committed suicide after WIPO denounced
them with accusations of bad faith?
Bad faith: deceiving the previous WIPO panel
The misfits have clearly deceived the previous WIPO panel on certain
issues. One of those issues is their claim that Albanian women
paid to travel to Brazil were junior female developers.
I was a mentor and administrator in both the Google Summer of
Code and Outreachy programs over a number of years from 2013 to 2018.
In that role, I interacted with many of the prospective interns,
both male and female.
I was involved in creating tasks that we asked the applicants to
perform to test their skills and demonstrate their motivation
during the selection process
for these internships. I observed the effort that each applicant made,
whether they were male or female.
There were definitely women who did a very high standard of work.
However, there were other women who did not do any software development
and we can see now in hindsight that some of those women still haven't
done any software development despite hanging around the open source
communities for almost a decade. Therefore, the claim that every woman
was a junior female developer was not true. Some women
were junior female developers, the rest we could not refer to with
the term developer.
We can see that the panel was deceived about the origins of
references to branding in the nether regions. This controversy, which
was mentioned in the panel's finding against another domain, is
rooted in the manner in which the misfits created rogue commits in
source code repositories on the anniversary of our wedding.
Specifically, we completed a civil wedding on 23 September 2010
and then we completed the religious ceremony a few months later
on 17 April 2011.
Here is the civil wedding certificate:
Here we can see the rogue commit in the Debian keyring repository,
on the date of the civil wedding, overlaid with the photo of genital
branding from NXIVM.
Given the way this extreme harassment simultaneously intrudes
on both my professional life and my family life, I find these
images even more horrific than they were for the WIPO panel.
Nonetheless, the images of genital branding are as relevant
as they are horrific when you consider the deliberate way these
misfits impose on our lives and our reputations.
Here is the date of the religious ceremony on my wedding ring,
alongside the tombstone of Adrian von Bidder, secretary of Debian.ch
who died in what appears to be a possible suicide on exactly the same day,
17 April 2011:
What an incredibly toxic culture the Debian misfits are trying to hide
with this WIPO UDRP vendetta.
The misfits have made multiple intrusions in the lives of volunteers.
While the scars are not identical, the mentality behind those scars is
much the same. In both Debian and NXIVM, some of the people feel they
have a sense of entitlement to impose upon all aspects of our lives and
our future, whether it is through branding, through gossip or through
demanding that WIPO denounces individual volunteers.
Bad faith: using WIPO and an Albanian gangmaster to defame me
I previously documented how I was a witness to acts of
harassment and the risks to underage participants by two
Albanian men. I attached the emails showing how this was
raised through internal channels at Mozilla.
When Chris Lamb decided to attack me on our wedding anniversary,
he actually used Elio Qoshi, the Albanian bringing a sixteen year old
girlfriend to tech conferences, to distribute the messages about
the vendetta.
At the time, I was with one of the victims. Women who had worked
with me personally had been surprised to see Lamb colluding with
these Albanian gangmasters. I took a photo of the message that
the Albanian forwarded from Lamb to the phones of female victims:
It is an extraordinary example of corruption. When I saw
Chris Lamb colluding with Elio Qoshi to denounce me at such a
painful time for my family, I couldn't help thinking of men like
Jimmy Saville and Rolf Harris collaborating in their
crimes.
Chris Lamb: You are well-aware that I
have been nothing but scrupulous and gentlemanly with regards to your
personal privacy and thus ...
The dishonesty of these misfits is as extraordinary as the
intrusion into the family lives of volunteers.
As Debian is an operating system, it is relied upon as the foundation
for so many other things that people do with their computers both
in industry and in private. In other words, people put a lot of trust
in the operating system but we can't trust the people making it.
Here we have caught the then leader of Debian using a common
garden variety Albanian pimp to spread rumors about a long standing
volunteer and also publicly lying about the matter.
Now these dirty little men aspire to exploiting a WIPO panel
in the same way they used this Albanian gangmaster to denounce
my family and I on the anniversary of our wedding. As mentioned
earlier, the deadline set by WIPO was Carla's birthday.
Ahh, it's that beautiful spontaneous time of year. A major public security incident has occured
in opensource. All of the epidemiologist's of 2020 suddenly emerge from their chrysalis once more
as a beautiful incarnation of a security expert. The hot takes flow more freely than cocaine at
a Liberal party event. My share
portfolio doubled in value due to taking a long position
on popcorn futures.
It's now been nearly 2 weeks since this glorious event, and the hot takes have started to settle.
Some of these include, but are not limited to:
The original maintainer burnt out, so we should pay maintainers through some kind of sovereign fund (but don't say tax, that's a bad word).
Automake should be shot into the sun because it's so easy to hide backdoors in it.
There need to be more code reviewers in opensource, that would have caught it.
We have normalised abuse in opensource, so no alarms were raised when sock puppet accounts abused people.
C is bad, so we should all use Rust, even though I'm pretty sure we could just stuff unlabeled binaries into Rust just as easily.
That we need more regulation of opensource projects.
Systemd was the cause of the issue since it was linked for sd-notify (and the documentation of how to do this with a unix socket is a one line footnote which no one can find forcing developers to link to libsystemd in the first place), meaning we should renew calls that systemd is an bad.
The clownshoes award certainly goes to this take though
Somehow the redis license change caused this and was a warning ahead of the XZ incident?
Or my favourite, absolutely nuclear take:
GPG would have prevented this by having the new maintainers ID verified by keysigning parties.
But I realised I have my own blog. So it's time for me to post my hot take.
🔥
Our industry is so immature, that people think there is one magic root cause that can be fixed, rather
than admit there are multiple contributing factors.
Incidents like XZ don't happen due to a single cause. They are a series of failures that range from
social to technical, and this combination of factors lead to the events that transpired.
And yet, we reward people who stand up and yell their single hot take, as though if this one persons
emotional outburst was accepted universally we would resolve all problems and our world would leap ahead
in time by decades.
We reward this thinking because it's easy. It's a clear, simple and emotional message that cuts through.
(I'm sure it does good things for the authors ego as well when clicks flow).
But our world isn't simple. There isn't one magic cure.
As an industry we need to stop looking for root causes.
We need to look at all the contributing social and technical factors, and address them all even if
they are just incremental steps. Because as we improve each of these small parts, the whole of
opensource improves.
Except GPG. That key signing party goop is just copium, and wouldn't solve anything.
It’s been a few days since my first entry in this series. For the most part, things have been going quite smoothly. I have to say, I am liking KDE Plasma Workspaces 6 much better than previous releases (which I dabbled with but admittedly did not spend a significant amount of time using). The majority of what I want to do here Just Works. This should probably not come as a surprise to me, but I’ve been burned before when jumping desktops.
I suppose that should really be my first distinct note here: the transition from GNOME Desktop to KDE Plasma Workspaces has been minimally painful. No matter what, there will always be some degree of muscle memory that needs to be relearned when changing working environments. It’s as true going from GNOME to KDE as it is from Windows to Mac, Mac to ChromeOS and any other major shift. That said, the Fedora Change that prompted this investigation is specifically about the possibility of changing the desktop environment of Fedora Workstation over to using KDE Plasma Workspaces and away from GNOME. As such, I will be keeping in mind some of the larger differences that users would face in such a transition.
Getting fully hooked up
The first few days of this experience, I spent all of my time directly at my laptop, rather than at my usual monitor-and-keyboard setup. This was because I didn’t want to taint my initial experience with potential hardware-specific headaches. My main setup involves a very large 21:9 aspect monitor, an HDMI surround sound receiver and a USB stereo/mic headset connected via a temperamental USB 3.2/Thunderbolt hub and the cheapest USB A/B switch imaginable (I share these peripherals with an overpowered gaming PC). So when I put aside my usual daily driver and plugged my Thinkpad into the USB-C hub, I was prepared for the worst. At the best of times, Fedora has been… touchy about working with these devices.
Let’s start with the good bits: When I first connected the laptop to my docking station, I was immediately greeted by an on-screen display asking me how I wanted to handle the new monitor. Rather than just making a guess between cloning or spanning the desktop, it gave me an easy and visual prompt to do so. Unfortunately, I don’t have a screenshot of this, as after the first time it seems that the system “remembers” the devices and puts them back the way I had them. This is absolutely desirable for the user, but as a reviewer it makes it harder to show it off. (EDIT: After initial publication, I was informed of the meta-P shortcut which allowed me to grab this screenshot)
Something else that I liked about the multi-monitor support was the way that the virtual desktop space on the taskbar automatically expanded to include the contents from both screens. It’s a simple thing, but I found that it made it really easy to tell at a glance which desktop I had particular applications running on.
All in all, I want to be clear here: the majority of my experience with KDE Plasma Workspaces has been absolutely fine. So many things work the same (or close enough) to how they work in GNOME that the transition has actually been much easier than I expected. the biggest workflow changes I’ve encountered are related to keyboard shortcuts, but I’m not going to belabor that, having discussed it in the first entry. The one additional keyboard-shortcut complaint I will make is this: using the “meta” key and typing an application name has a strange behavior that gets in my way. It almost behaves identically to GNOME; I tap “meta” and start typing and then hit enter to proceed. But the issue I have with KDE is this: I’m a fast typist and the KDE prompt doesn’t accept <enter> until the visual effect of opening the menu completes. This baffles me, as it accepts all of the other keys. So my muscle memory to launch a terminal by quickly tapping “meta”, typing “term” and hitting enter doesn’t actually launch the terminal. It leaves me at the menu with konsole sitting there. When I hit enter after the animation completes, it works fine. So while the behavior isn’t wrong, per se, it’s frustrating. The fact that it accepts the other characters makes me think this was a deliberate choice that I don’t understand.
There have been a few other issues, mostly around hardware support. I want to be clear: I’m fully aware that hardware is hard. One issue in particular that has gotten in the way is support for USB and HDMI sound devices in KDE Plasma. I don’t know if it’s specifically my esoteric hardware or a more general problem, but it has been very hard to get KDE to use the correct inputs and outputs. In the case of the HDMI audio receiver, I still haven’t been able to get KDE to present it as an output option in the control panel. It connects to the receiver and treats it as a very basic 720p video output device, but it just won’t recognize it as an audio output device. My USB stereo headset with mic has also been more headache than headset: after much trial and error, I’ve managed to identify the right output to send stereo output to it, but no matter what I have fiddled with, it does not recognize the microphone.
More issues on the hardware front are related to having two webcam devices available. KDE properly detects both the built-in camera on the laptop as well as the external webcam I have clipped to the top of my main monitor, but it seems to have difficulty switching between them. I’m not yet 100% sure how much of this is a KDE problem and how much a Firefox problem, but it is frustrating. Sometimes I’ll select my external webcam and it will still be taking input from the built-in camera. Also, it seems to always show two entries for both devices. I need to do more digging here, but I anticipate that I’ll be filing a bug report once I gather enough data.
Odds and Ends
I have mixed feelings about KDE’s clipboard applet in the toolbar. On the one hand, I can certainly see the convenience of digging into the clipboard history, particularly if you accidentally drag-select something and replace the clipboard copy you intended to keep. On the other hand, as a heavy user of Bitwarden who regularly copies passwords1 out of the wallet and into other applications, the fact that all of the clipboard contents are easily viewable in plaintext to anyone walking by if I forget to lock my screen for a few seconds is quite alarming. I’m pretty sure I’ll either have to disable this applet or build a habit of clearing it any time I copy a password. Probably the former, as I don’t like the fact that I have to call up and make the plaintext visible first in order to delete it without clearing the entire history anyway.
Conclusion
This will probably seem odd after a post that mostly contained complaints and nitpicks, but I want to reiterate: my experience over the last several days has actually been quite good. When dealing with a computer, I consider “it was boring” to be the highest of praise. Using KDE has not been a life-altering experience. It has been a stable, comfortable environment in which to get work done. Have I experienced some issues? Absolutely. None of them are deal-breakers, though the audio issues are fairly annoying. My time in the Fedora Project has shown me that hardware issues inevitably get fixed once they are noticed, so I’m not overly worried.
As for me? I’m going to stick around in KDE for a while and see how things play out. If you’re reading this and you’re curious, I’ll happily direct you to the Fedora KDE Spin for the Live ISO or the Kinoite installer if, like me, you enjoy an atomic update environment. Make sure to select “Show Beta downloads” to get Plasma 6!
I generate high-entropy, unique random passwords for everything. Don’t you? ︎
Josh and Kurt talk about a new FCC program to provide a cybersecurity certification mark. Similar to other consumer safety marks such as UL or CE. We also tie this conversation into GrapheneOS, and what trying to claim a consumer device is secure really means. Some of our compute devices have an infinite number of possible states. It’s a really weird and hard problem.
KDE had a feature a lot of people didn’t know about. You could run a command when a notification triggered. The feature wasn’t very well documented and nobody really blogged about it.
However with the release of KDE Plasma 6, the feature was removed. I learned about it by accident, as it is tracked by Bug #481069. I really need the feature and I re-implemented it in KDE Plasma 6. I will be available in KDE Plasma 6.1 and KDE Frameworks 6.1.
KDE: Run a command
Text-to-Speech for calendar events
I’m using the “Run a command” feature for calendar events. Normally you get a popup notification. The popup notification is small and pop up where all of them are shown. When I’m concentrated and working on some code I simply miss them. If I play a game, I miss them.
The solution for me is to use a Text to Speech (TTS) Engine. I’ve setup speech-dispatcher with piper-tts on my system. When an a reminder triggers it says: “Andreas, you have an appointment in 10 minutes: Samba Meeting”.
For my new job, I (annoyingly) have to use a silly MacBook. For everything else, I have a nice, beautiful desktop running Fedora.
I looked into KVMs to share my monitor and keyboard between the two computers, but couldn't really find something reasonably priced and functional.
Synergy/Barrier/InputLeap for keyboard sharing
I have used Synergy before to share keyboard and mouse between Linux computers, and this was already a good step. There is a fork for Synergy on Linux called Barrier, which now has been forked again to InputLeap. It also allows copy & paste between systems.
This brought me half to where I wanted to be, but I was still restricted to the tiny laptop screen on the Mac.
DDC monitor input source switching
Both of my monitors are connected via DisplayPort to my desktop. I now
connected the right monitor also via HDMI to the Mac. This already
allowed me to easily switch between the input sources with the monitor's
on-screen menu.
While researching a new monitor, which has a build in KVM, but only comes with software for Mac & Windows, I found out that you can control most monitor functionality via DCC.
This includes things like brightness, contrast, rotation, and most importantly the input source.
For Linux, you can use ddcutil and your window manager keyboard shortcut settings. For me, it is these two commands, your monitor and sources may vary.
On OS X you can use BetterDisplay, this is a pretty nifty tool to control all kinds of aspects of your display, definitely worth a look. It also supports keyboard shortcuts to change input sources.
There you go, easy-peasy and for free. I hope that helps someone, or me in the future, when I forget how it works.
I love Linux. Always have, always will. I run Linux (mostly RHEL and Fedora) on
a multitude of devices, from Raspberry Pi's to an old laptop functioning as a server,
and VMs on my NAS.
But I have also ended up (long story) doing a lot of work on MacOS with Apple silicon,
so I need a way to work on Ansible content from time to time, with a fast inner
development loop. Translated: I want a fast way to quickly test my Ansible "code" on
MacOS.
Roles and collections
I maintain a modest set of
collections. Mostly for fun, but also
to understand the workflow of my customers (I'm part of the Red Hat automation sales
team). I have one for Gitea and
act_runner, I have one for
atuin and I am working on one for starship.
As you might see, those current collections and any future ones I write, are aimed at
Linux machines, and RHEL in particular, either on x86_64 (amd64) or on aarch64 (arm64).
Writing roles and collections on MacOS
Writing a role or collection on MacOS is pretty easy. Whether you want to use VSCode,
vim or anything else, everything is available on MacOS (as it is on Linux).
The tricky thing is to test the roles you write on MacOS on local Linux infrastructure,
and in particular to test the roles on multiple architectures with a reasonable amount
of speed. Especially that last part is hard. I have tried various things involving VMs
and containers with qemu, and though that functionally works, it is sloooooow.
Rosetta
Then I read up on Rosetta. Rosetta is a binary
translator that makes it very fast and very convenient to run x86_64 software on an m1,
m2 or m3 aarch64 processor. It is FAST! It just wasn't very convenient to use when testing
roles on multiple architectures in VMs on MacOS.
Setting up the VM
What I wanted to have was an aarch64 Linux VM on MacOS, that allowed me to run x86_64
containers for molecule testing with Rosetta as a translation layer with as little
hassle as possible. (As said, I would have loved to use qemu for this, but it's just too
slow.)
Basically, what you do is create a Lima VM on MacOS (that's the quickest), pass some
flags during creation to have it mount the Rosetta translation binary, and configure the
VM to invoke Rosetta whenever you execute an x86_64 binary.
Lima makes it easy to use Rosetta in the Linux VM. It's a matter of passing the
--rosetta flag (as shown above) when creating a new machine. But in order to
automatically invoke Rosetta when we call an x86_64 binary, we need to do a couple of
things.
First of all, we need to drop a small config file 1 as
/usr/lib/binfmt.d/rosetta.conf. This file tells the operating system to call Rosetta
when it tries to open a file with a certain set of magic
bytes.
Then, we need to tweak the binfmt service itself a bit. When the binfmt service will
first start, it does so before the Rosetta share is mounted. Therefore, we tell it to
restart on failure after 5 seconds. Hardly a noticable delay and simple enough. This is
achieved by a systemd drop-in:
Because I run my tests on Fedora :heart, I needed to add some additional tasks to
configure the SELinux policy for Rosetta. Rosetta does not run out of the box on
a Fedora machine. That is because Rosetta needs to be mounted over NFS and it seems to
need to be run from that location. I haven't researched this, but copying over the
Rosetta binary to the VMs filesystem didn't seem to work at all.
Because the default SELinux policy disallows processes with init_t to execute files
with an nfs_t label, we have to teach SELinux that this is OK behaviour for now.
The type enforcement file you will need for this, is as follows:
Yes, that's right. At the moment, my Ansible dev workflow uses Docker CE. I'm planning
on making it work with Docker, but in all honesty, it's still slightly easier to use
Docker for molecule than it is to use podman. Especially when you plan to run molecule
tests both locally, and as part of tests on GitHub.
Virtualenv
I like to keep anything I install through pip in virtualenvs. Makes it easier to test
updates and makes it easier to work with different versions of Python packages for
different use cases. My venv tool of choice is virtualenvwrapper.
I just want to get that installed, and create a virtualenv with all my Ansible
dependencies in it, so I only have to log into my VM, run workon ansible and start
doing whatever it is I need to do.
Making this quick and easy
I wrapped all of the above tasks in an Ansible playbook for my (and your) convenience.
You can find it on GitHub. In order to
use it, you have to do six things:
Install lima through your package manager of choice. I use brew, so I go brew
install lima
Locally install Ansible on your Mac. I use a virtualenv for that, but since you are
here, reading this, I assume you'll know how to do this
Create a Fedora VM called "fedora" with limactl.
Clone the repo from GitHub and cd to it
Copy inventory.tmpl to inventory and update it with your username
Run the playbook using ansible-playbook setup.yml
After that, you can navigate to the Ansible content you are working on on your Mac, and
simply run limactl shell fedora to be dropped in the VM in the same directory. And
after running workon ansible, you'll have all the Ansbile tools you need to start
working on your collection or role.
As my readers may be aware, I have been a member of the Fedora Engineering Steering Committee (FESCo) for over a decade. One of the primary responsibilities of this nine-person body is to review the Fedora Change Proposals submitted by contributors and provide feedback as well as being the final authority as to whether those Changes will go forth. I take this responsibility very seriously, so when this week the Fedora KDE community brought forth a Change Proposal to replace GNOME Desktop with KDE Plasma Workspaces as the official desktop environment in the Fedora Workstation Edition, I decided that I would be remiss in my duties if I didn’t spend some serious time considering the decision.
As long-time readers of this blog may recall, I was a user of the KDE desktop environment for many years, right up until KDE 4.0 arrived. At that time, (partly because I had recently become employed by Red Hat), I opted to switch to GNOME 2. I’ve subsequently continued to stay with GNOME, even through some of its rougher years, partly through inertia and partly out of a self-imposed responsibility to always be running the Fedora/Red Hat premier offering so that I could help catch and fix issues before they got into users’ and customers’ hands. Among other things, this led to my (fairly well-received) series of blog posts on GNOME 3 Classic. As it has now been over ten years and twenty(!) Fedora releases, I felt like it was time to give KDE Plasma Workspaces another chance with the release of the highly-awaited version 6.0.
How will I do this?
I’ve committed to spending at least a week using KDE Plasma Workspaces 6 as my sole working environment. This afternoon, I downloaded the latest Fedora Kinoite installer image and wrote it to a USB drive.1 I pulled out a ThinkPad I had lying around and went ahead with the install process. I’ll describe my setup process a bit below, but (spoiler alert) it went smoothly and I am typing up this blog entry from within KDE Plasma.
What does my setup look like?
I’m working from a Red Hat-issued ThinkPad T490s, a four-core Intel “Whiskey Lake” x86_64 system with 32 GiB of RAM and embedded Intel UHD 620 graphics. Not a powerhouse by any means, but only about three or four years old. I’ve wiped the system completely and done a fresh install rather than install the KDE packages by hand onto my usual Fedora Workstation system. This is partly to ensure that I get a pristine environment for this experimen and partly so I don’t worry about breaking my existing system.
Thoughts on the install process
I have very little to say about the install process. It was functionally identical to installing Fedora Silverblue, with the minimalist Anaconda environment providing me some basic choices around storage (I just wiped the disk and told it to repartition it however it recommends) and networking (I picked a pithy hostname: kuriosity). That done, I hit the “install” button, rebooted and here we are.
First login
Upon logging in, I was met with the KDE Welcome Center (Hi Konqi!), which I opted to proceed through very thoroughly, hoping that it would provide me enough information to get moving ahead. I have a few nitpicks here:
First, the second page of the Welcome Center (the first with content beyond “this is KDE and Fedora”) was very sparse, saying basically “KDE is simple and usable out of the box!” and then using up MOST of its available screen real estate with a giant button directing users to the Settings app. I am not sure what the goal is here: it’s not super-obvious that it is a button, but if you click on it, you launch an app that is about as far from “welcoming” as you can get (more on that later). I think it might be better to just have a little video or image here that just points at the settings app on the taskbar rather than providing an immediate launcher. It both disrupts the “Welcome” workflow and can make less-technical users feel like they may be in over their heads.
I actually think the next page is a much better difficulty ramp; it presents some advanced topics that they might be interested in, but it doesn’t look quite as demanding of them and it doesn’t completely take the user out of the workflow.
Next up on the Welcome Center was something very welcome: an introduction to Discover (the “app store”). I very much like this (and other desktop environments could absolutely learn from it). It immediately provides the user with an opportunity to install some very popular add-ons.2
The next page was a bit of a mixed bag for me. I like that the user is given the option to opt-in to sharing anonymous user information, but I feel like the slider and the associated details it provided are probably a bit too much for most users to reasonably parse. I think this can probably be simplified to make it more approachable (or at least bury the extra details behind a button; I had to extend the window from its default size to get a screenshot).
At the end of the Welcome Center was a page that gave me pause: a request for donations to the KDE project. I’m not sure this is a great place for it, since the user hasn’t even spent any time with the environment at all yet. It seems a bit too forwards with asking for donations. I’m not sure where a better place is, but getting begged for spare change minutes after installing the OS doesn’t feel right. I think that if we were to make KDE the flagship desktop behind Fedora Workstation, this would absolutely have to come out. I think it gives a bad first impression. I think a far better place to leave things would be the preceding page:
OK, so let’s use it a bit!
With that out of the way, I proceeded to do a bit of setup for personal preferences. I installed my preferred shell (zsh) and some assorted CLI customizations for the shell, vi, git, etc. This was identical to the process I would have followed for Silverblue/GNOME, so I won’t go into any details here. I also have a preference for touchpad scrolling to move the page (like I’m swiping a touch-screen), so I set that as well. I was confused for a bit as it seemed that wasn’t having an effect, but I realized I had missed that “touchpad” was a separate settings page from “mouse” and had flipped the switch on the wrong devices. Whoops!
In the process of setting things up to my liking, I did notice one more potential hurdle for newcomers: the default keyboard shortcuts for working with desktop workspaces are different from GNOME, MacOS and Windows 11. No matter which major competitor you are coming from, this will cause muscle-memory stumbles. It’s not that any one approach is better than another, but the fact that they are all completely different makes me sigh and forces me to think about how I’m interacting with the system instead of what I want to do with it. Unfortunately, KDE did not make figuring this out easy on me; even when I used the excellent desktop search feature to find the keyboard shortcut settings, I was presented by a list of applications that did not clearly identify which one might contain the system-wide shortcuts. By virtue of past experience with KDE, I was able to surmise that the KWin application was the most likely place, but the settings app really didn’t seem to want to help me figure that out. Then, when I selected KWin, I was presented with dozens of pages of potential shortcuts, many of which were named similarly to the ones I wanted to identify. This was simply too many options with no clear way to sort them. I ended up resorting to trying random combinations of ctrl, alt, meta and shift with arrow keys until I eventually stumbled upon the correct set.
Next, I played around a bit with Discover, installing a pending firmware update for my laptop (which hadn’t been turned on in months). I also enabled Flathub and installed Visual Studio Code to see how well Flatpak integration works and also for an app that I know doesn’t natively use Wayland. That was how I discovered that my system had defaulted to a 125% fractional scaling setup. In Visual Studio Code, everything looked very slightly “off” compared to the rest of the system. Not in any way I could easily put my finger to, until I remembered how badly fractional scaling behaved on my GNOME system. I looked into the display settings and, sure enough, I wasn’t at an integer scaling value. Out of curiosity, I played around with the toggle for whether to have X11 apps scale themselves or for the system to do it and found that the default “Apply scaling themselves” was FAR better looking in Visual Studio Code. At the end of the day, however, I decided that I preferred the smaller text and larger available working area afforded me by setting the scaling back to 100%. That said, if my eyesight was poorer or I needed to sit further away from the screen, I can definitely see the advantages to the fractional scaling and I was very impressed by how sharp it managed to be. Full marks on that one!
I next went to play around in Visual Studio Code with one of my projects, but when I tried to git clone it, I hit an issue where it refused my SSH key. Digging in, I realized that KDE does not automatically check for keys in the default user location (~/.ssh) and prompt for their passphrases. I went ahead and used ssh-add to manually import them into the SSH keyring and moved along. I find myself going back and forth on this; on the one hand, there’s a definite security tradeoff inherent in allowing the desktop to prompt (and offer to save) the passphrase in the desktop keyring (encrypted by your login password). I decline to save mine persistently, preferring to enter it each time. However, there’s a usability tradeoff to not automatically at least launching an askpass prompt. In any case, it’s not really an issue for me to make this part of my usual toolbox entry process, but I’m a technical user. Newbies might be a bit confused if they’re coming from another environment.
I then went through the motions of getting myself signed in to the various messaging services that I use on a daily basis, including Fedora’s Matrix. Once signed in there via Firefox, I was prompted to enable notifications, which I did. I then discovered the first truly sublime moment I’ve had with Plasma Workspaces: the ephemeral notifications provided by the desktop. The way they present themselves, off to the side and with a vibrant preview window and show you a progress countdown until they vanish is just *chef’s kiss*. If I take nothing else away from this experience, it’s that it is possible for desktop notifications to be beautiful. Other desktops need to take note here.
I think this is where I’m going to leave things for today, so I’ll end with a short summary: As a desktop environment, it seems to do just about everything I need it to do. It’s customizable to the point of fault: it’s got so many knobs to twist that it desperately needs a map (or perhaps a beginner vs. expert view of the settings app). Also, the desktop notifications are like a glass of icy lemonade after two days lost in the desert.
This was actually my first hiccough: I have dozens of 4 GiB thumbdrives lying around, but the Kinoite installer was 4.2 GiB, so I had to go buy a new drive. I’m not going to ding KDE for my lack of preparedness, though! ︎
Unfortunately I hit a bug here; it turns out that all of those app buttons will just link to the updates page in Discover if there is an update waiting. I’m not sure if this is specific to Kinoite yet. I’ll be investigating and filing a ticket about it in the appropriate place. ︎
A few people (and multi-billion dollar companies!) have asked for my response to the xz backdoor. The fwupd metadata that millions of people download every day is a 9.5MB XML file — which thankfully is very compressible. This used to be compressed as gzip by the LVFS, making it a 1.6MB download for end-users, but in 2021 we switched to xz compression instead.
What actually happens behind the scenes is that the libxmlb library loads the optionally compressed metadata into a mmap-able binary blob, and then it gets used by fwupd to look for new updates for specific hardware. In libxmlb 0.3.3 we added support for xz as a compression format. Then fwupd 1.8.7 was released with xz support, preferring the xz format to the “legacy” gz format — as the metadata became a 1.1MB download, saving significant amounts of data from the CDN.
Then this week we learned that xz wasn’t the kind of thing we want to depend on. Out of an abundance of caution (and to be clear — my understanding is there is no fwupd or LVFS security problem of any kind) I’ve switched the LVFS to also generate zstd metadata, make libxmlb no longer hard depend on lzma and switched fwupd to prefer the zstd metadata over the xz metadata if the installed version of libjcat supports it. The zstd metadata is also ~3% smaller than xz (and faster to decompress), but the real benefit is that I now trust it a lot more than xz.
I’ll be doing new libxmlb and fwupd releases with the needed changes next week.
Version 4.2 of syslog-ng introduced a healthcheck option to syslog-ng-ctl. It prints three syslog-ng-related metrics on screen – if it can reach syslog-ng, that is. You can use it from scripts to monitor the health of syslog-ng.
Before you begin
The healthcheck option was added to syslog-ng-ctl in version 4.2. You need this or a later syslog-ng version to use this option. It is already available in the most recent Linux distributions. If you use an LTS Linux distribution, then check https://syslog-ng.org/3rd-party-binaries/ for 3rd party repositories for your OS.
If you want to send latency values printed by syslog-ng-ctl to Elasticsearch, you also need the jo utility: https://github.com/jpmens/jo This is available in several Linux distributions.
Testing from the command line
You can start syslog-ng-ctl from the command line or use it in your scripts. The -h option prints some help text on the terminal:
~# syslog-ng-ctl healthcheck --help
Usage:
syslog-ng-ctl [OPTION…] syslog-ng-ctl
Health check
Help Options:
-h, --help Show help options
Application Options:
-t, --timeout maximum seconds to wait for healthcheck results (default: 15)
-c, --control=<socket> syslog-ng control socket
This command line starts the health check with a five-second timeout. However, in my tests, the latency values stayed under one millisecond even during heavy load:
I tried to disable syslog-ng for a test, but I could not test the timeout feature this way, as syslog-ng-ctl detected that there is something wrong at the other end:
I wanted to see how the latency values printed by syslog-ng-ctl change over time. To check this, I created a cron job to run syslog-ng-ctl once a minute, and configured syslog-ng to send the results to Elasticsearch. The output of syslog-ng-ctl cannot be directly pushed to syslog-ng. However, using jo, you can turn the output of syslog-ng-ctl into JSON format. Syslog-ng can parse that and forward it to Elasticsearch.
~# cat health.sh
#!/bin/bash
/usr/sbin/syslog-ng-ctl healthcheck | sed 's/ /=/' | jo | nc 127.0.0.1 514
The sed rule turns the output of syslog-ng-ctl into the format expected by jo. The nc command forwards the results to syslog-ng, listening on port 514 on localhost.
You should append the following configuration snippet to syslog-ng.conf or – if your configuration supports it – store in a new .conf file under the /etc/syslog-ng/conf.d/ directory.
So, what does the above configuration do? The source is listening for a TCP connection and does not parse the incoming message. The reason is that the tcp() source uses an RFC3164 parser by default, but we collect JSON-formatted messages. The next step is that a JSON parser parses the message and turns it into name-value pairs. We have two destinations: a JSON-formatted text file, and Elasticsearch.
Here, we depend on type support, which was introduced in syslog-ng 4.0. The jo utility generates JSON from the syslog-ng-ctl output with proper type support. When version 3.X of syslog-ng parsed it, numbers were turned into strings. With version 4.0 and later, the type information is preserved. You can forward the parsed name-value pairs without any further preparation to Elasticsearch, and they will be stored with the correct type in the database.
Testing
Once you reloaded the syslog-ng configuration, you should test it. First, just start the script from the command line and check the Elasticsearch web interface for messages in the snghealth database. If everything works as expected, you should put the script in cron, so it runs regularly. Soon, you should be able to visualize the syslog-ng health data. In my case, latency stayed under one millisecond even under heavy load:
What is next?
In my test environment, I could not overload syslog-ng and increase latency. However, in a larger production environment, you might create alerts based on latency values, or if syslog-ng times out on health checks. If running Kubernetes, you could base liveness probes on this as well.
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.
We’ve just had another magnificent event this past March in beautiful Pasadena for the 21st edition of the Southern California Linux Expo, the largest community-driven linux and open source conference in North America. Fedora and its crew are proud of have been participated since the conference’s 8th edition back in 2009!. It may sound like a no biggie, but as the conference grows older, bigger and more important, so does the commitment, responsability and even the logistics to provide a memorable experience to the visitors.
This is not the first time that I act as event owner, but this is the first time that I experienced with the most intensity the responsability of having everything ready and putting all together in order to meet the expectations of the reputation that preceeds us. I don’t think I’ve talked about it in any of my past reports, but there are a lots of things that need to be arranged before Day 1, this is why we start preparing everything in the Fall of the previous year. Just to mention some of the most relevant: to poll among Fedorians for interest/intention of attending the event and to work for our project during the event, to create the event page, to create the budget estimation, to create the budget approval and follow up, to request the swag to give away in the booth, request the shipping of the event box for booth setup, to contact the organizers to request for participation and follow up, to request the creation of the Fedora Badge for the event and to print the poster for scanning it, and a lot more!!. I don’t pretend to take full credit for all of these, but I’d like to use this opportunity to thank to the fantastic Fedora crew that made it possible. Thank you Perry Rivera for helping me with many of this tasks and for volunteering as co-owner of the event. Thank you Brian Monroe for assisting with the event box and swag shipping to your personal address and also for your remarkable booth duty. Thank you Scott Williams for the passion in the project and the way you keep people interested in it. And thank you Justin Flory for all your support
Thank you guys, you Rock!
So, here we are, Thursday afternoon, one day before the exhibition floor opens.
This day is used for co-located events like Kubernetes Community Day, DevOps LA, Nixcon, Ubucon, etc.I made sure that we have everything ready for the booth setup, not only the Fedora stuff but also the essentials: power strips, chairs, networking, trash can, etc. After this, I had the opportunity to attend a few talks and workshops of the ongoing events. I personally found KWAAIÂ and NixOS very interesting and worth of taking a more detailed look at them.
Our good friends Carl George and Shaun McCaunce from the CentOS Project offered a talk on CentOS and a workshop on packaging that resulted in great interest from the audience and helped to clear the air and to clarify the relationship between Fedora, CentOS and RHEL.
Later in the afternoon we had some time for networking in a cocktail offered by Kwaii, and we had a chance to talk and spend some time with our Fedora Project Leader Matthew Miller.
On Friday we were all set for the Exhibit Hall, just waiting for it to open so we could receive the visitors to our booth. Friday is typically a busy day and this year was no exception, we had a lot of visitor in our booth and many of them stayed for a while, commenting on their experience with Fedora or asking for specific question ot even tech doubts.
We closed the day with a mexican dinner with all of the crew and our friends from CentOS, a delightful evening that prepared us for the longest day of the conference: Saturday.
And along came Saturday. This day is busy because Exhibit Hall opens from 10:00 to 18:00 and it is when we have the largest number of visitors. There are three things that I’d like to highlight from this day that made somehow a difference with previous editions.
The first is that we were giving away raffle tickets to our booth’s visitors for some of the swag that we had, and this created a different environmet, new expectations, people gathered at the times of the raffles and -for many- it was a way to identify us and keep us under their radar.
Another highlight is that this day they scheduled the talks of our Fedora ambassadors and our Fedora Leaders discussion panel, unfortunatelly they were scheduled at the same time and it was hard to attend them live
RedHat’s Brian Proffitt took care of our booth so I could be able to get a few pictures of both. Thank you Brian !
And the third highlight is a bit personal, since I was alone in charge of the booth while my friends were at their talks, I had to receive a couple of guided tours that normally are students or newbies to Linux and pitch Fedora in less than a minute. The pressure to compress so many things I had to say about Fedora and to summarize them in so little time
Sunday is the most quiet day, Exhibit Hall closes at 14:00 and most exhibitors are wrapping up or ran out of swag, not our case We ran a few raffles and wrapped up as well.
I am very satisfied with the outcome of this edition. We have now a mean for continuos communication between the crew, we have started processing new ideas (like bringing new and fresh faces to promote Fedora) and started working on them, we’d like to share our experience with SCaLE during these fourteen editions that we have participated to a wider Fedora audience -thinking about Flock- and continue improving the Fedora presence and contributing for its acceptance. I’m excited for the future.
Josh and Kurt talk about the recent events around XZ. It’s only been a few days, and it’s amazing what we already know. We explain a lot of the basics we currently know with the attitude much of these details will change quickly over the coming week. We can’t fix this problem as it stands, we don’t know where to start yet. But that’s not a reason to lose hope. We can fix this if we want to, but it won’t be flashy, it’ll be hard work.
This is an independent, censorship-resistant site run by volunteers. This site and the blogs of individual volunteers are not officially affiliated with or endorsed by the Fedora Project.