Fedora is a Trademark of Red Hat, Inc, an operating system built by volunteers around the world. This page is provided so that independent volunteers can showcase our contributions to Fedora and Free Software in general. Official Fedora Download page.

RSS Atom

We Make Fedora

March 18, 2026

• Remi Collet 📝 Valkey version 9.1 🎲

  RPMs of Valkey version 9.1 are available in the remi-modular repository for Fedora ≥ 42 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  ⚠️ Warning: this is a pre-release version not ready for production usage.

  1. Installation

  Packages are available in the valkey:remi-9.1 module stream.

  1.1. Using dnf4 on Enterprise Linux

  # dnf install https://rpms.remirepo.net/enterprise/remi-release-<ver>.rpm
  # dnf module switch-to valkey:remi-9.1/common

  1.2. Using dnf5 on Fedora

  # dnf install https://rpms.remirepo.net/fedora/remi-release-<ver>.rpm
  # dnf module reset  valkey
  # dnf module enable valkey:remi-9.1
  # dnf install valkey

  The valkey-compat-redis compatibility package is not available in this stream. If you need the Redis commands, you can install the redis package.

  2. Modules

  Some optional modules are also available:

  • valkey-bloom (Fedora and EL ≥ 9)
  • valkey-json
  • valkey-ldap (Fedora and EL ≥ 9)
  • valkey-lua (always available)
  • valkey-rdma
  • valkey-search (Fedora)
  • valkey-tls (always available)

  These packages are weak dependencies of Valkey, so they are installed by default (if install_weak_deps is not disabled in the dnf configuration).

  The Modules are automatically loaded after installation and service (re)start.

  3. Future

  Valkey also provides a set of modules, which may be submitted for the Fedora official repository.

  ℹ️ Notices:

  • Enterprise Linux 9.7 and 10.1, and Fedora 42 have Valkey 8.0 in their repository
  • Fedora 43 has Valkey 8.1
  • Fedora 44 will have Valkey 9.0
  • Fedora 45 will have Valkey 9.1

  4. Statistics

  valkey

• Alberto Ruiz Booting with Rust: Chapter 3

  In Chapter 1 I gave the context for this project and in Chapter 2 I showed the bare minimum: an ELF that Open Firmware loads, a firmware service call, and an infinite loop.

  That was July 2024. Since then, the project has gone from that infinite loop to a bootloader that actually boots Linux kernels. This post covers the journey.

  The filesystem problem

  The Boot Loader Specification expects BLS snippets in a FAT filesystem under loaders/entries/. So the bootloader needs to parse partition tables, mount FAT, traverse directories, and read files. All #![no_std], all big-endian PowerPC.

  I tried writing my own minimal FAT32 implementation, then integrating simple-fatfs and fatfs. None worked well in a freestanding big-endian environment.

  Hadris

  The breakthrough was hadris, a no_std Rust crate supporting FAT12/16/32 and ISO9660. It needed some work to get going on PowerPC though. I submitted fixes upstream for:

  • thiserror pulling in std: default features were not disabled, preventing no_std builds.
  • Endianness bug: the FAT table code read cluster entries as native-endian u32. On x86 that’s invisible; on big-endian PowerPC it produced garbage cluster chains.
  • Performance: every cluster lookup hit the firmware’s block I/O separately. I implemented a 4MiB readahead cache for the FAT table, made the window size parametric at build time, and improved read_to_vec() to coalesce contiguous fragments into a single I/O. This made kernel loading practical.

  All patches were merged upstream.

  Disk I/O

  Hadris expects Read + Seek traits. I wrote a PROMDisk adapter that forwards to OF’s read and seek client calls, and a Partition wrapper that restricts I/O to a byte range. The filesystem code has no idea it’s talking to Open Firmware.

  Partition tables: GPT, MBR, and CHRP

  PowerVM with modern disks uses GPT (via the gpt-parser crate): a PReP partition for the bootloader and an ESP for kernels and BLS entries.

  Installation media uses MBR. I wrote a small mbr-parser subcrate using explicit-endian types so little-endian LBA fields decode correctly on big-endian hosts. It recognizes FAT32, FAT16, EFI ESP, and CHRP (type 0x96) partitions.

  The CHRP type is what CD/DVD boot uses on PowerPC. For ISO9660 I integrated hadris-iso with the same Read + Seek pattern.

  Boot strategy? Try GPT first, fall back to MBR, then try raw ISO9660 on the whole device (CD-ROM). This covers disk, USB, and optical media.

  The firmware allocator wall

  This cost me a lot of time.

  Open Firmware provides claim and release for memory allocation. My initial approach was to implement Rust’s GlobalAlloc by calling claim for every allocation. This worked fine until I started doing real work: parsing partitions, mounting filesystems, building vectors, sorting strings. The allocation count went through the roof and the firmware started crashing.

  It turns out SLOF has a limited number of tracked allocations. Once you exhaust that internal table, claim either fails or silently corrupts state. There is no documented limit; you discover it when things break.

  The fix was to claim a single large region at startup (1/4 of physical RAM, clamped to 16-512 MB) and implement a free-list allocator on top of it with block splitting and coalescing. Getting this right was painful: the allocator handles arbitrary alignment, coalesces adjacent free blocks, and does all this without itself allocating. Early versions had coalescing bugs that caused crashes which were extremely hard to debug – no debugger, no backtrace, just writing strings to the OF console on a 32-bit big-endian target.

  And the kernel boots!

  March 7, 2026. The commit message says it all: “And the kernel boots!”

  The sequence:

  1. BLS discovery: walk loaders/entries/*.conf, parse into BLSEntry structs, filter by architecture (ppc64le), sort by version using rpmvercmp.

  2. ELF loading: parse the kernel ELF, iterate PT_LOAD segments, claim a contiguous region, copy segments to their virtual address offsets, zero BSS.

  3. Initrd: claim memory, load the initramfs.

  4. Bootargs: set /chosen/bootargs via setprop.

  5. Jump: inline assembly trampoline – r3=initrd address, r4=initrd size, r5=OF client interface, branch to kernel:

  core::arch::asm!(
      "mr 7, 3",   // save of_client
      "mr 0, 4",   // r0 = kernel_entry
      "mr 3, 5",   // r3 = initrd_addr
      "mr 4, 6",   // r4 = initrd_size
      "mr 5, 7",   // r5 = of_client
      "mtctr 0",
      "bctr",
      in("r3") of_client,
      in("r4") kernel_entry,
      in("r5") initrd_addr as usize,
      in("r6") initrd_size as usize,
      options(nostack, noreturn)
  )
  

  One gotcha: do NOT close stdout/stdin before jumping. On some firmware, closing them corrupts /chosen and the kernel hits a machine check. We also skip calling exit or release – the kernel gets its memory map from the device tree and avoids claimed regions naturally.

  The boot menu

  I implemented a GRUB-style interactive menu:

  • Countdown: boots the default after 5 seconds unless interrupted.
  • Arrow/PgUp/PgDn/Home/End navigation.
  • ESC: type an entry number directly.
  • e: edit the kernel command line with cursor navigation and word jumping (Ctrl+arrows).

  This runs on the OF console with ANSI escape sequences. Terminal size comes from OF’s Forth interpret service (#columns / #lines), with serial forced to 80×24 because SLOF reports nonsensical values.

  Secure boot (initial, untested)

  IBM POWER has its own secure boot: the ibm,secure-boot device tree property (0=disabled, 1=audit, 2=enforce, 3=enforce+OS). The Linux kernel uses an appended signature format – PKCS#7 signed data appended to the kernel file, same format GRUB2 uses on IEEE 1275.

  I wrote an appended-sig crate that parses the appended signature layout, extracts an RSA key from a DER X.509 certificate (compiled in via include_bytes!), and verifies the signature (SHA-256/SHA-512) using the RustCrypto crates, all no_std.

  The unit tests pass, including an end-to-end sign-and-verify test. But I have not tested this on real firmware yet. It needs a PowerVM LPAR with secure boot enforced and properly signed kernels, which QEMU/SLOF cannot emulate. High on my list.

  The ieee1275-rs crate

  The crate has grown well beyond Chapter 2. It now provides: claim/release, the custom heap allocator, device tree access (finddevice, getprop, instance-to-package), block I/O, console I/O with read_stdin, a Forth interpret interface, milliseconds for timing, and a GlobalAlloc implementation so Vec and String just work.

  Published on crates.io at github.com/rust-osdev/ieee1275-rs.

  What’s next

  I would like to test the Secure Boot feature on an end to end setup but I have not gotten around to request access to a PowerVM PAR. Beyond that I want to refine the menu. Another idea would be to perhaps support the equivalent of the Unified Kernel Image using ELF. Who knows, if anybody finds this interesting let me know!

  The source is at the powerpc-bootloader repository. Contributions welcome, especially from anyone with POWER hardware access.

March 17, 2026

• Daniel Pocock Kyle & Jackie O sackings: Artificial Intelligence replacement in the pipeline

  ARN Media has now confirmed the sacking of radio host Kyle Sandilands, who follows his co-presenter Jackie O Henderson out the door.

  ARN Media signed a ten year contract with the duo in 2023. The contract is worth approximately $10 million each per year.

  ChatGPT appeared in November 2022, shortly before the contract was signed. Audio and video generated by artificial intelligence only started to be appreciated from 2024, shortly after ARN had signed the contract.

  The current generation of artificial intelligence is probably not really capable of replacing Kyle and Jackie O right now. ARN Media may be anticipating that within two or three years, artificial intelligence will exceed the work of authentic humans on a radio show. Rather than waiting for that technology to arrive, it appears management have decided to sack the duo pre-emptively based on a minor on-air feud that occurred in February.

  The sacking is not about censorship. ARN Media was very keen for Kyle and Jackie O to continue broadcasting the same type of content that makes so much money for them in the short term.

  Read more about artificial intelligence.

• Kiwi TCMS Kiwi TCMS 15.4

  Dear testers, we're happy to announce Kiwi TCMS version 15.4!

  IMPORTANT:

  This is a minor version release which includes security related updates, dependency updates and new translations.

  You can explore everything at https://public.tenant.kiwitcms.org!

  ---

  Public container image (x86_64):

  pub.kiwitcms.eu/kiwitcms/kiwi   latest  ae3ae4a25d24   729MB
  

  IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

  Changes since Kiwi TCMS 15.3

  Security

  • Update Django from 5.2.10 to 5.2.12
  • Update node_modules/pdfmake from 0.3.3 to 0.3.6

  Improvements

  • Update django-guardian from 3.2.0 to 3.3.0
  • Update django-tree-queries from 0.23.0 to 0.23.1
  • Update markdown from 3.10.1 to 3.10.2
  • Update mysqlclient from 2.2.7 to 2.2.8
  • Update psycopg[binary] from 3.3.2 to 3.3.3
  • Update python-gitlab from 8.0.0 to 8.1.0
  • Update node_modules/webpack from 5.104.1 to 5.105.4
  • Update node_modules/webpack-cli from 6.0.1 to 7.0.1
  • Update transient node_modules/ dependencies

  Refactoring and testing

  • Update actions/upload-artifact from 6 to 7
  • Update locust from 2.43.1 to 2.43.3
  • Update pylint-django from 2.6.1 to 2.7.0
  • Pin setuptools<82 to workaround pkg_resources API deprecation
  • Pin pylint to 3.3.9 to workaround false positive errors
  • Adjust code for newer pylint
  • Cancel CI jobs when new ones are in queue
  • Standardize CI jobs on Ubuntu 24.04
  • Remove CI jobs against site-packages

  Translations

  • Updated French translation
  • Updated Indonesian translation
  • Updated Portuguese, Brazilian translation
  • Updated Spanish, Venezuela translation

  Changes since Kiwi TCMS Enterprise v15.3-mt

  • Based on Kiwi TCMS v15.4
  • Update certbot from 5.2.2 to 5.4.0
  • Update django-ses from 4.6.0 to 4.7.2
  • Update dj-database-url from 3.1.0 to 3.1.2
  • Update sentry-sdk[django] from 2.50.0 to 2.54.0

  Private container images

  hub.kiwitcms.eu/kiwitcms/version          15.4 (aarch64)          9e55b77392d5    17 Mar 2026     747MB
  hub.kiwitcms.eu/kiwitcms/version          15.4 (x86_64)           f65cf08eb2e4    17 Mar 2026     729MB
  hub.kiwitcms.eu/kiwitcms/enterprise       15.4-mt (aarch64)       267353b14a05    17 Mar 2026     1.02GB
  hub.kiwitcms.eu/kiwitcms/enterprise       15.4-mt (x86_64)        b3b04b9b2846    17 Mar 2026     996MB
  

  IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

  How to upgrade

  Follow the Upgrading instructions from our documentation.

  Happy testing!

  ---

  If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!

  • Give â­� on GitHub;
  • Join our newsletter and follow all news;
  • Become a subscriber and help us sustain development

• Daniel Pocock Sophie Brun, Raphael Hertzog & Debian: Conflits d’intérêts sexuels

  Que signifient réellement les termes « Communauté Debian » ou « Famille Debian » ? Que signifie réellement la diversité ?

  Pour répondre à cette question, consultez à nouveau le rapport de Galia Mancheva sur les abus commis par FSFE :

  Même après que mon avocat l'ait averti de cesser toute tentative de communication avec moi et d'envoyer quelqu'un d'autre récupérer mon ordinateur portable professionnel, il est venu en personne chez moi et était très irrité que je ne sois pas seule.

  Ce que Galia nous explique, c'est qu'elle sortait avec un homme qui ne fait pas partie de cette soi-disant « communauté ».

  Les chefs masculins de ces groupes estiment que si une femme est embauchée, elle doit se rendre disponible à la communauté 24 heures sur 24, 7 jours sur 7, en toutes circonstances. C'est, selon eux, le seul moyen de la manipuler complètement. Si les femmes entretiennent des relations en dehors de cette prétendue « communauté », elles sont moins vulnérables à ces techniques de manipulation sectaires .

  Comparez l'histoire de Galia Mancheva avec celle de Sophie Brun . En février 2021, Raphael Hertzog a soumis les commentaires suivants pour soutenir la candidature de Sophie au poste de développeuse Debian :

  J'ai personnellement travaillé avec Sophie Brun <sophie@freexian.com> (clé 3B21B8E68AE5C16F87F5322D5792783B206FEE30) au cours des 6 dernières années.

  [ ... extrait ... ]

  Je crois que son historique de contributions (à long terme) montre à lui seul qu'il est inutile de commencer comme mainteneur Debian, d'autant plus que le travail qu'elle effectue nécessite de toucher à de nombreux paquets différents et d'introduire de nouveaux paquets dans Debian.

  Je sais que l'on peut faire confiance à Sophie Brun, membre à part entière de Debian, et qu'elle dispose actuellement de droits de téléchargement sans surveillance ni restriction.

  L'intégration de Sophie Brun s'est déroulée en seulement quatre mois et demi. C'est l'une des plus rapides jamais enregistrées.

  Raphael Hertzog nous a indiqué plus haut qu'ils avaient travaillé ensemble pendant six ans. Il ne mentionne nulle part dans le courriel qu'ils sont mari et femme.

  Dans l' interview de la Journée Ada Lovelace 2024 , Sophie nous dit la vérité :

  1. Qui êtes-vous ?

  Je suis une Française de 44 ans. Je suis mariée et j'ai deux fils.

  2. Comment avez-vous découvert Debian ?

  En 2004, mon petit ami (aujourd'hui mon mari) a installé Debian sur mon ordinateur personnel pour me faire découvrir ce système d'exploitation . Je ne connaissais alors quasiment rien aux logiciels libres . Pendant mes études d'ingénieur, un professeur avait mentionné l'existence de Linux, et plus particulièrement de Red Hat , sans donner de détails.

  J'ai appris Debian en utilisant et en lisant (au préalable) le manuel de l'administrateur Debian [écrit également par son mari].

  Voilà pourquoi Galia Mancheva ne s'intégrait pas au groupe des marginaux de la FSFE . Son petit ami n'appartenait pas à « la communauté ». Sophie Brun, quant à elle , est la compagne d'un membre de « la communauté », ce qui lui vaut un traitement de faveur.

  3. Depuis combien de temps utilisez-vous Debian ?

  Je suis utilisatrice depuis 2004. Mais je n'ai commencé à contribuer à Debian qu'en 2015 : j'avais quitté mon emploi et je souhaitais m'investir dans un projet plus utile. C'est pourquoi j'ai rejoint mon mari chez Freexian , son entreprise. Contrairement à la plupart des gens, je pense, j'ai commencé à contribuer à Debian pour des raisons professionnelles. Je ne suis devenue bénévole Debian qu'en 2021, sous la pression sociale et lorsque je me suis sentie suffisamment à l'aise.

  4. Utilisez-vous Debian au quotidien ? Si oui, comment ?

  Bien sûr, j'utilise Debian dans ma vie professionnelle pour presque toutes les tâches : des tâches administratives à la création de paquets Debian .

  J'utilise également Debian à titre personnel. Mes besoins sont très basiques : Firefox, LibreOffice, GnuCash et Rhythmbox sont les principales applications dont j'ai besoin.

  Jugement de mauvaise foi : Raphael Hertzog a trompé tout le monde lors du processus de nomination des nouveaux responsables de la maintenance de Debian.

  À la lecture du plaidoyer de Raphael Hertzog en faveur de Sophie Brun , les observateurs extérieurs et les lecteurs futurs auront l'impression que Raphael et Sophie ne sont rien de plus que des collègues de travail.

  Pourtant, il plaide avec force pour que Sophie ait un accès illimité au trousseau de clés Debian le plus rapidement possible, sans révéler qu'il s'agit d'une femme qui dort dans son lit toutes les nuits depuis 2004, voire avant.

  Si les gens connaissaient ce fait essentiel concernant la relation sexuelle, ils ignoreraient probablement le plaidoyer écrit par son mari et accorderaient plus d'importance aux plaidoyers de personnes extérieures à l' entreprise Freexian .

  Raphaël et Sophie ont eu leur premier enfant en 2009, au début du syndrome de grossesses chez les utilisateurs de Debian . Leur deuxième enfant est né en 2013. La décision de Sophie de quitter son emploi précédent en 2014 pour rejoindre Freexian semble être étroitement liée à la naissance de ce deuxième enfant.

  Pourquoi les ressources Debian sont-elles utilisées pour aider certaines familles tout en pénalisant d'autres ?

  Il ne s'agissait absolument pas de diversité. Il s'agissait de promouvoir les intérêts économiques de la famille Hertzog.

  Lors de son intégration, elle utilise le nom de Sophie Brun . Sur le site web de Freexian, elle utilise le nom de Sophie Hertzog . Sur son profil LinkedIn, elle utilise le nom de Sophie Hertzog Brun .

  Les personnes qui consultent le nom Sophie Brun sur des sites web liés à Debian ne réalisent pas qu'il existe un lien avec Raphael Hertzog .

  Plus de liens :

  • Github - Sophie Brun
  • GitLab - Sophie Brun
  • Raphaël Hertzog - À propos

  Pour en revenir au témoignage de Galia Mancheva sur les abus qu'elle a subis , elle nous a dit :

  Matthias a entretenu l'illusion que je ne faisais pas mon travail, tout en m'appelant et en m'envoyant des SMS sur mon numéro personnel à des heures indues (comme 5 h du matin ou 22 h) pour me donner des ordres de travail et des sujets divers. Contrairement à mes autres collègues, j'ai eu beaucoup de mal à obtenir des congés pour les jours supplémentaires travaillés et j'ai été privé de mes congés annuels.

  Si les gens veulent vraiment parler de diversité dans Debian et d'autres groupes de logiciels libres, ils doivent expliquer pourquoi leurs petites amies sont traitées comme des princesses et pourquoi les femmes qui ont un partenaire en dehors de « la communauté » sont traitées comme si elles étaient jetables.

  Galia Mancheva n'était pas la seule femme à avoir exprimé de vives inquiétudes concernant cette culture. Ma dernière stagiaire chez Outreachy , Renata D'Avila, a elle aussi reçu des menaces de ce genre :

  ... nous envisageons de demander le rejet de votre candidature auprès de l'équipe des bourses.

  ... Malheureusement, le temps presse, nous vous prions donc de bien vouloir répondre à ce message dès que possible afin que le traitement des bourses puisse être débloqué.

  Ce chantage est digne des sectes . Pourtant, Sophie Brun et Raphael Hertzog n'ont aucune crainte d'exposer leurs enfants à ce milieu car ils font partie d'un cercle protégé contre toute exploitation. Voici une photo de leurs enfants, publiée lors de la DebConf25 à Brest :

  

   

  Lorsque des épouses et des enfants mentionnent le nom de Debian sur leur CV, ils s'attribuent le mérite du travail que nous avons tous accompli auparavant. Pourtant, d'autres co-auteurs, dont le Dr Preining , Linus Torvalds , le Dr Richard Stallman (RMS) et moi-même, avons vu nos noms retirés des crédits ou avons été diffamés. Cela équivaut à du plagiat.

  Sujet : [Semi-VAC] Maintenant, papa…
  Date : lundi 14 décembre 2009 14:56:30 +0100
  De : Raphaël Hertzog <hertzog@debian.org>
  À : debian-private@lists.debian.org
  
  Salut à tous,
  
  Je serai peut-être moins actif dans les semaines à venir, étant donné que je suis maintenant le fier
  Père de Baptiste (depuis hier). Il a eu quelques difficultés respiratoires au début.
  Il a donc été placé en soins intensifs, mais aujourd'hui il peut respirer seul.
  et il va bien (tout comme sa mère).
  
  (Tous mes paquets sont gérés en co-maintenance, veuillez donc vérifier auprès d'eux si nécessaire.)
  
  Acclamations,
  --
  Raphaël Hertzog
  

  Voici le deuxième bébé, né peu de temps avant que Sophie Brun ne décide de quitter son emploi régulier et de travailler à domicile avec Freexian .

  Sujet : Père pour la deuxième fois
  Date : vendredi 8 mars 2013 09:28:06 +0100
  De : Raphaël Hertzog <hertzog@debian.org>
  À : debian-private@lists.debian.org
  
  Bonjour,
  
  Mercredi à 2h06, j'ai eu mon père pour la deuxième fois. Ma femme a donné
  Naissance de Lucas, 3,245 kg et 48 cm. Tout le monde va bien.
  
  Mon premier enfant était déjà un garçon. Baptiste a maintenant 3 ans et est
  Nous sommes curieux de connaître Lucas, même si nous ressentons aussi une sorte de crainte à son égard.
  Changement annoncé... :)
  
  Quoi qu'il en soit, vous pouvez vous attendre à ce que je sois un peu moins réactif dans les prochains jours et
  semaines... Je serai toujours disponible, mais je ne pourrai pas y consacrer autant de temps.
  le temps comme avant jusqu'à ce que je (re)maîtrise le nouveau rythme avec des nuits courtes
  pendant mes règles et jusqu'à ce que je devienne super efficace pour changer les couches. ;-)
  
  Acclamations,
  
  P.-S. : Ce courriel doit rester privé.
  --
  Raphaël Hertzog ◈ Développeur Debian
  
  Téléchargez le manuel de l'administrateur Debian :
  → http://debian-handbook.info/get/
  

  Voyez les histoires similaires où Tassia a emmené des Thaïlandais à trois conférences de promotion . Quel est le lien et pourquoi devrions-nous tous payer pour un tel favoritisme ?

  Freexian , une société basée en France, est un concurrent direct de mon entreprise, le Software Freedom Institute . Certaines des personnes qui répandent des calomnies à mon sujet sont rémunérées par Freexian . Voir Freexian SARL, SIREN 481385649, 7B rue de la Montat, 42290 Sorbiers, France . ( OpenStreetMap )

  Qu’advient-il de ceux qui sont en marge du cercle ? Qu’advient-il de ceux qui se laissent berner par la promesse de transparence ? Lisez le récit détaillé de la mort d’Adrian von Bidder-Senn . Il est décédé à 32 ans, le jour même de notre mariage, déclenchant des années de conflit au sein du débianisme .

  Le meilleur moyen d'encourager les gens à se présenter aux élections du Débianisme serait que le dirigeant actuel, Andreas Tille , retire toutes les attaques contre la vie privée, règle les poursuites judiciaires de manière proactive et s'assure que le prochain dirigeant puisse entrer en fonction et trouver le bureau propre, prêt à travailler sur des choses productives.

  N'attendez pas de transparence concernant ces attaques contre ma famille. Il est encore temps de visionner ma vidéo et de contribuer à la campagne de financement participatif .

• Daniel Pocock Sophie Brun, Raphael Hertzog & Debian sexual conflicts of interest

  What does "Debian Community" or "Debian Family" really mean? What does diversity really mean?

  To answer that, take another look at Galia Mancheva's abuse report about FSFE:

  Even after my lawyer warned him to terminate all attempts to communicate with me and send someone else to pick up my work laptop, he came in person to my house, and was very irritated that I was not alone.

  What Galia is telling us is that she was dating a man who is not part of the same so-called "Community".

  The male overlords in these groups think that if they give a job to a woman, the woman has to make herself available to the community twenty four hours per day, seven days per week, in every way. That is the only way somebody can be completely brainwashed. If women maintain relationships outside the so-called "community" then they are less vulnerable to the cult-like brainwashing techniques.

  Contrast the story of Galia Mancheva with the story of Sophie Brun. In February 2021, Raphael Hertzog submitted the following comments in his advocacy for Sophie to become a Debian Developer:

  I have personally worked with Sophie Brun <sophie@freexian.com> (key 3B21B8E68AE5C16F87F5322D5792783B206FEE30) for the last 6 years.

  [ ... snip ... ]

  I believe her (long-term) track record of contributions shows by itself that there's no point to start as Debian Maintainer, in particular since the work she's doing requires touching many different packages and introducing new packages to Debian.

  I know that Sophie Brun can be trusted to be a full member of Debian, and have unsupervised, unrestricted upload rights, right now.

  The onboarding process for Sophie Brun was completed in just four and a half months. It was one of the fastest in living memory.

  Raphael Hertzog told us, above, they worked together for six years. Nowhere in the email does he mention that they are husband and wife.

  In the 2024 Ada Lovelace Day interview, Sophie tells us the truth:

  1. Who are you?

  I'm a 44 years old French woman. I'm married and I have 2 sons.

  2. How did you get introduced to Debian?

  In 2004 my boyfriend (now my husband) installed Debian on my personal computer to introduce me to Debian. I knew almost nothing about Open Source. During my engineering studies, a professor mentioned the existence of Linux, Red Hat in particular, but without giving any details.

  I learnt Debian by using and reading (in advance) The Debian Administrator's Handbook. [ written by her husband too ]

  This is why Galia Mancheva did not fit in the FSFE misfits. Her boyfriend was not part of "the community". Sophie Brun is the partner of somebody in "the community" so she is treated like a princess.

  3. How long have you been into Debian?

  I've been a user since 2004. But I only started contributing to Debian in 2015: I had quit my job and I wanted to work on something more meaningful. That's why I joined my husband in Freexian, his company. Unlike most people I think, I started contributing to Debian for my work. I only became a DD in 2021 under gentle social pressure and when I felt confident enough.

  4. Are you using Debian in your daily life? If yes, how?

  Of course I use Debian in my professional life for almost all the tasks: from administrative tasks to Debian packaging.

  I also use Debian in my personal life. I have very basic needs: Firefox, LibreOffice, GnuCash and Rhythmbox are the main applications I need.

  Bad Faith judgment: Raphael Hertzog deceived everybody in the Debian New Maintainer Process

  Reading Raphael Hertzog's advocacy for Sophie Brun, the outside observers and people reading it in the future will have the impression that Raphael and Sophie are nothing more than work colleagues.

  Yet he very strongly advocates for Sophie to have unrestricted access to the Debian keyring as quickly as possible, without revealing this is a woman who sleeps in his bed every night since 2004 or earlier.

  If people knew that key fact about the sexual relationship, they would probably ignore the advocacy written by her husband and put more weight on the advocacies of people outside the Freexian company.

  Raphael and Sophie had their first baby in 2009. That was at the onset of the Debian Pregnancy Cluster. They had their second baby in 2013. Her decision to leave her previous job in 2014 and join Freexian appears to be closely related to the arrival of a second baby.

  Why are Debian resources used to help some families while screwing other families?

  This was not about diversity at all. This was about advancing the economic interests of the Hertzog family.

  In the onboarding process she uses the name Sophie Brun. In the Freexian web site she is using the name Sophie Hertzog. On her LinkedIn profile she is using the name Sophie Hertzog Brun.

  People looking at the name Sophie Brun on Debian-related web sites do not realise there is a connection to Raphael Hertzog.

  More links:

  • Github - Sophie Brun
  • Gitlab - Sophie Brun
  • Raphael Hertzog - About

  Back to Galia Mancheva's abuse report, she told us:

  Matthias was manufacturing the false impression I wasn't doing my work, while at the same time calling and texting my private phone number in obscure hours (such as 5:00AM or 22:00PM) with work orders and topics. Unlike other colleagues, I had a hard time receiving time off for the extra days I worked on, and was prevented from taking any of my annual holidays.

  If people are serious about discussing diversity in Debian and other open source software groups then they need to explain why their girlfriends are treated like princesses and women who have a partner outside "the Community" are treated like they are disposable.

  Galia Mancheva was not the only woman who raised serious concerns about this culture. My last Outreachy intern Renata D'Avila also received threats like these:

  ... we are considering requesting a rejection of your application to the bursaries team.

  ... Sadly, time is short, so we kindly request you to reply to this message as soon as possible, so the bursaries processing can be unblocked.

  This blackmail is the stuff of cults. Yet Sophie Brun and Raphael Hertzog have no fears about mixing their children with this culture because they are part of the clique that is immune to exploitation. Here is a photo they published of their kids at DebConf25 in Brest:

  

   

  When wives and children use the name of Debian on their CV, they are taking credit for the work that all of us did before. Yet other joint authors, including Dr Preining, Linus Torvalds, Dr Richard Stallman (RMS) and I have all had our names removed from the credits or dragged through the mud. The effect is tantamount to plagiarism.

  Subject: [Semi-VAC] Now father...
  Date: Mon, 14 Dec 2009 14:56:30 +0100
  From: Raphael Hertzog <hertzog@debian.org>
  To: debian-private@lists.debian.org
  
  Hi everybody,
  
  I might be less active in the upcoming weeks since I'm now the proud
  father of Baptiste (since yesterday). He had some early troubles breathing
  so he was put in a "reanimation" service but today he can breathe alone
  and he's fine (as is his mother).
  
  (All my packages are co-maintained so check with them if needed.)
  
  Cheers,
  -- 
  Raphaël Hertzog
  

  Here is baby two, born shortly before Sophie Brun decided to leave her regular employment and do work-from-home with Freexian.

  Subject: Father for a second time
  Date: Fri, 8 Mar 2013 09:28:06 +0100
  From: Raphael Hertzog <hertzog@debian.org>
  To: debian-private@lists.debian.org
  
  Hello,
  
  on wednesday at 02:06 I just got father for a second time. My wife gave
  birth to Lucas, 3.245kg and 48cm. Everybody is fine.
  
  My first child was already a son. Baptiste is now 3 years old and is
  curious about Lucas, although we also feel some sort of fear of the
  announced change... :)
  
  Anyway, you can expect a bit less reactivity from me in the coming days and
  weeks... I'll still be available but won't be able to dedicate as much
  time as I used to until I (re-)master the new rhythm with short sleep
  periods and until I get super-productive in diaper changing. ;-)
  
  Cheers,
  
  PS: This mail is to remain private.
  -- 
  Raphaël Hertzog ◈ Debian Developer
  
  Get the Debian Administrator's Handbook:
  → http://debian-handbook.info/get/
  

  Look at similar stories when Tassia brought Thais to three DebConfs. How are they related and why should the rest of us pay for favoritism like this?

  Freexian, a company based in France is a direct competitor of my company Software Freedom Institute. Some of the people spreading defamation about my company are paid by Freexian. See Freexian SARL, SIREN 481385649, 7B rue de la Montat 42290 Sorbiers, France. ( OpenStreetMap)

  What happens to people who are on the outside of the clique? What happens to the people who are fooled by the promise of transparency? Read the detailed history of the death of Adrian von Bidder-Senn. He died age 32 on the same day as our wedding, precipitating years of conflict in Debianism.

  The best way to encourage people to nominate for Debianism elections will be for the existing leader, Andreas Tille, to withdraw all the privacy attacks, settle the lawsuits proactively and ensure the next leader can walk in and find the desk is clean ready to work on productive things.

  Don't hold your breath waiting for transparency about these attacks on my family. There is still time to watch my video and contribute to the crowdfunding campaign.

• Daniel Pocock Héctor Orón Martínez & Debian shadow candidate pressure on Sruthi Chandran

  Sruthi Chandran, who appears to be the wife of Pirate Praveen Arimbrathodiyil, is the only person who submitted a valid nomination before the deadline on Friday the 13th.

  In the Debianism voting system, voters have three choices, they can vote for Sruthi Chandran, they can vote "None of the above" or they can choose not to make any vote at all.

  If the number of people who vote "None of the above" exceeds the number who vote for Sruthi Chandran then her campaign fails and the nomination period opens again.

  Shortly after the deadline, Héctor Orón Martínez tried to submit a late nomination but it was rejected by Kurt Roeckx, the secretary of Debianism. While Héctor Orón Martínez will not be on the ballot paper, he is now there in spirit, as a shadow candidate, telling people they can vote "None of the Above" and when the election is repeated, he will try to nominate again.

  This immediately creates more pressure for Sruthi Chandran. If enough supporters of Héctor Orón Martínez vote "None of the above" then the first election will be highly embarassing for her.

  The voting finishes on 17 April 2026, that is the anniversary of one of the most notorious deaths in Debianism. See the detailed history of the death of Adrian von Bidder-Senn. He died age 32 on the same day as our wedding, precipitating years of conflict in Debianism.

  Hypothetically, Sruthi Chandran could withdraw her nomination immediately, thereby forcing the nomination period to be extended by a whole week. She could submit her nomination again alongside Héctor Orón Martínez and they would be competing with each other. Losing to Héctor Orón Martínez would be less embarassing than losing to "None of the above".

  People may be privately contacting Sruthi Chandran and either suggesting this possibility or directly telling her to withdraw. While I have major concerns about some aspects of Sruthi Chandran's candidacy, I also feel uncomfortable that people are putting pressure on her like this.

  Looking at the late nomination submitted by Héctor Orón Martínez, he does not even acknowledge there is another candidate and he does not show the manners to politely ask her consent to his late nomination.

  This is a strong hint that Sruthi Chandran doesn't command a lot of respect and may be beaten by the shadow candidate hiding behind "None of the above".

  Subject: Re: Debian Project Leader Elections 2026: Call for nominations
  Date: Sat, 14 Mar 2026 18:24:03 +0100
  From: Kurt Roeckx <kurt@roeckx.be>
  To: Héctor Orón Martínez <zumbi@debian.org>
  CC: debian-vote@lists.debian.org
  
  On Sat, Mar 14, 2026 at 05:36:09PM +0100, Héctor Orón Martínez wrote:
  > Hello,
  > 
  > > Please make sure that nominations are sent to (or cc:'d to)
  > > debian-vote, and are cryptographically signed.
  > 
  > Hello,
  > 
  > Apologies for sending this email one day late, but I was unable to get hold
  > of my key earlier and I have also been sick.
  > 
  > As a good friend mentioned, it is better to be late than never, therefore I
  > would like to nominate myself for Debian Project Leader.
  > 
  > Thanks very much for your consideration.
  
  Hi Héctor,
  
  I'm sorry, the nomination period is clearly over, and the constitution
  is clear that no candidate can be added after the nomination period has
  ended.
  
  

  The best way to encourage people to nominate for the election will be for the existing leader, Andreas Tille, to withdraw all the privacy attacks, settle the lawsuits proactively and ensure the next leader can walk in and find the desk is clean ready to work on productive things.

  Don't hold your breath waiting for transparency about these attacks on my family. There is still time to watch my video and contribute to the crowdfunding campaign.

March 16, 2026

• Fedora fans چهارشنبه سوری خجسته باد

  

  پیام ما روشن است: آتش ما، نماد نور و پاکی ایران، بر تاریکی و پلیدی  پیروز خواهد شد و خاک ایران را پاک خواهد کرد.

  The post چهارشنبه سوری خجسته باد first appeared on طرفداران فدورا.

March 15, 2026

• Daniel Pocock Pirate Praveen Arimbrathodiyil & Debian denouncing volunteers, hiding romances

  In the analysis of Sruthi Chandran's nomination for Debian Project Leader, we began to examine her relationship with another Debian Developer, Pirate Praveen Arimbrathodiyil.

  I know many people from India and some of them are now very ashamed of this behaviour. For others, it is business as usual.

  When NR Narayana Murthy founded one of India's biggest IT companies, Infosys, he decided there would be no nepotism and no jobs for family members. The press tells the story over and over again, even after he is dead, to help India learn the lesson.

  It’s Not All In The Family

  Murthy is the only member of his family at Infosys, and the same holds true for all the other co-founders as well. A decision taken by all the partners.

  The tech honcho reportedly told his author and philanthropist wife Sudha that only one of them could be with the company.

  The idea was to remove nepotism of any sort, and nurture talent.

  As noted in the earlier blog, when Pirate Praveen wrote an advocacy for Sruthi Chandran to become a Debian Developer, he did not make any statement about his relationship with this woman.

  Sruthi Chandran did not make any declaration about her conflicts of interests when writing her platforms for previous DPL elections.

  When did they become boyfriend and girlfriend? When did they become husband and wife?

  Despite not wanting to say anything about their own relationships, remember Pirate Praveen is one of the people who wanted to make big public statements about Daniel Baumann from Bern, Switzerland.

  These are people who speak English as a second language. When they are interacting in a mailing list in English, the last thing they need is some group of Indians poring over their messages and nitpicking about their "tone".

  What Pirate Praveen demanded was a cyberattack on the reputation of an unpaid volunteer in neutral Switzerland.

  Don't hold your breath waiting for a statement about romantic conflicts of interest.

  If one of these people is elected, will we see them making statements about other volunteers on a weekly basis?

  Subject: Re: Call for moderation and mediation: debian-live vs. debian-live-ng
  Date: Wed, 11 Nov 2015 20:58:05 +0530
  From: Pirate Praveen <praveen@debian.org>
  To: debian-private@lists.debian.org
  
  
  
  On 2015, നവംബർ 11 8:46:15 PM IST, Joachim Breitner <nomeata@debian.org> wrote:
  >Hi,
  >
  >Am Mittwoch, den 11.11.2015, 14:19 +0100 schrieb Miriam Ruiz:
  >> Just for the record, I don't feel myself capable of acting a
  >> moderator able to help in this situation, particularly when it seems
  >> that what's essentially asked for is for someone to talk with Daniel [Baumann]
  >> and convince him not to get mad and to not make a fuss out of it, and
  >> to deal with it in a civilized way. Or maybe I'm wrong, but the
  >> impression I already have about the situation, being an outsider and
  >> having made up my opinion mostly from what I've seen, heard or read
  >> throughout the years, is that there is nothing to negotiate or
  >> moderate here, the decision is taken -for the sensible reasons that
  >> have already been explained, I'm not complaining about that or
  >> anything- and the point is essentially trying to convince Daniel [Baumann] et
  >> al. not to get angry about how things are being done. Am I wrong?
  >
  >it might be part of what I am hoping for, but not everything.
  >
  >There are a few people out there (and maybe in here as well) who see
  >(parts of) this story and draw conclusions about how Debian treats
  >contributors. Conclusions that I hope are in general false, and
  >conclusions that I’d not like to pervade our image.
  >
  >So, a bit more concretely, here are thinks that I such a neutral report
  >could state. (Read every line with an “if deemed appropriate by the
  >mediator” – I certainly do not know enough about the issue to make any
  >such call, and therefore some of these are deliberately contradictory)
  >
  > * Outline the history of events that led to this outcome.
  > * Allow Daniel [Baumann] to not lose his face. This might involve
  >   - acknowledging his work, and thanking for it
  >   - apologize to him, if he was treated wrong on a social level
  >   - outline a way forward to collaborate, or at least to allow
  >     the projects to exist side-by-side in a friendly manner
  > * Explain why, despite the public perception, nobody has been wronged,
  >   neither technically and socially.
  > * Explain that “the project” did the technical correct thing, but did
  >   it wrong on a social level, and state that this was a mistake, and
  >   we are all humans, and the project in general does not approve such
  >   behaviour.
  >
  >A bit more profanely, one could say that we have a slight PR problem,
  >and PR problems should better be handled actively.
  
  I agree. There has to be a public statement and this is a good starting point.
  

  Nominations closed on Friday the 13th and the voting finishes on 17 April 2026, the anniversary of a notorious death that was discussed like a suicide, a copy-cat suicide. The victim died on our wedding day. Nobody ever asked for a public statement from the coroner. The victim's widow, Diana von Bidder-Senn became the mayor of Basel in Switzerland.

  There was never any statement about why Abraham Raji died after they asked him to contribute his own money to the kayak trip at DebConf23. Over $120,000 from Debian bank accounts was used to attack my family and try to hide the Debian suicide cluster.

  

   

  The best way to encourage people to nominate for the election will be for the existing leader, Andreas Tille, to withdraw all the privacy attacks, settle the lawsuits proactively and ensure the next leader can walk in and find the desk is clean ready to work on productive things.

  Don't hold your breath waiting for transparency about these attacks on my family. There is still time to watch my video and contribute to the crowdfunding campaign.

March 14, 2026

• Peter Robinson Fedora 44 on the Raspberry Pi 5

  So where has the last six months gone? I was planning on getting images done for Fedora 44 Beta but I was unwell and busy and ran out of time. So what better time to get them out than Pi Day!.

  So compared to the last image what do we have now? Quite a lot more and I have more in the pipeline which should be in place in before freeze, plus a possible secret , I just wanted to get something out sooner rather than later for people to play with. So the things that are working and tested are now:

  • All Raspberry Pi 5B: both revC and revD SoC 1/2/4/8/16GB variants
  • Serial console
  • The micro SD slot – the only supported OS disk ATM
  • HDMI including accelerated graphics
  • Wired ethernet port
  • Wireless network interface
  • USB ports (NOT for OS disks)
  • Desktops including images for KDE and GNOME
  • Some other random bits

  Overall the devices are quire usable, but I will be working to improve it even more in the coming days.

  The things that don’t work, but I’m hoping will be working RSN (pre 44) in no particular order:

  • Raspberry Pi 500 series
  • CM5 Series
  • NVME
  • Thermal
  • Audio
  • A bunch of other stuff
  • Automatic CMA additions

  One thing you do need to currently do manually once you’ve created an image is to add the following to the kernel command line (use the –args option to arm-image-installer): cma=256M@0M-1024M and without that accelerated graphics and some other things just won’t work, once you’re booted add it to /etc/kernel/cmdline so new kernels will get it too. I’ll hopefully have that issue fixed shortly, I know the problem, just still haven’t got the best solution!

  You’ll also want to disable auto-suspend on the Desktop images.

  So where can I get these images? Right here:
  The Fedora 44 Minimal Image
  The Fedora 44 KDE Image
  The Fedora 44 GNOME Workstation Image

  Happy Pi Day everyone!

• Kevin Fenzi misc fedora bits second week of march 2026

  

  Another saturday, another weekly recap.

  Fedora 44 Beta release

  Monday and Tuesday were all about the Fedora 44 Beta release. Things went mostly smoothly, aside the magazine article publishing early so some outlets announced the release before the website was updated and that caused a bit of confusion.

  Hopefully everyone is trying out 44 Beta and reporting bugs and issues so we can have a good final release.

  Infra unfreezing flood gates

  We were in infra freeze around the Beta release so a bunch of pull requests and changes pilled up waiting for that to end. With the beta out the door, we unfroze and I spent time this week (along with others) pushing out many of those changes. A short / incomplete list:

  • Merged pr for pkgs to perhaps fix sporadic core dumps ( https://forge.fedoraproject.org/infra/tickets/issues/12670 )

  • Merged pr to attempt to fix koji 502's ( https://forge.fedoraproject.org/infra/ansible/pulls/3173 )

  • Merged pr to fix a bunch of pagure/forge move links (mostly in comments) ( https://forge.fedoraproject.org/infra/ansible/pulls/3174 )

  • Merged pr to move fedoraloveskde from pagure to forge ( https://forge.fedoraproject.org/infra/ansible/pulls/3183 )

  • Created a pr to update our security.txt file ( https://forge.fedoraproject.org/infra/ansible/pulls/3210 )

  • Merged openshift-readonly pr ( https://forge.fedoraproject.org/infra/ansible/pulls/3188 )

  • new pr to drop haproxy for src.fp.o ( https://forge.fedoraproject.org/infra/ansible/pulls/3211 )

  • A pull request moving us to using lmdb instead of hash for postfix configutation (rhel10 drops bdb): ( https://forge.fedoraproject.org/infra/ansible/pulls/3120 )

  and more. We got a lot moved forward and there were a number of pull requests from new folks or folks who don't normally submit them and thats been great to see!

  kojipkgs outage thursday morning

  Thursday morning we had a outage of kojipkgs servers. It all happened before I was awake, but I think I have a good idea of what happened:

  • Someone/scrapers/whoever requested some urls under our ostree tree via our cloudfront distribution.

  • These were for objects directories (the directories themselves)

  • These directories have around 32k object files in them.

  • So, dutifully, apache generated a pretty index of them for the client.

  • This required each request to stat all 32k files in order to display them in a index.

  • This took... minutes for each request

  • Requests filled up the request queue

  • haproxy then marked the backends as down

  • clients started getting 503's

  I have no forbidden directory indexes on these directories, so hopefully that will prevent this from happening again.

  Scrapers still around

  Lets we forget that they are still around, scrapers made their presense known again toward the end of the week. Two things they were doing:

  • They started hitting over and over our hotspot.txt file. This is a small static file containing just "OK" that is used to detect if you are behind a captive portal or not. It's hard to imagine that they get any extracted value from their scraping when they are this mindnumbingly bad at writting a distributed crawler. I guess they make up for it with just having way more clients than they can use to bother with being efficent at all. This one is particularly anoying because we don't want it put it behind anubis or block it or it will break it's entire function.

  • They started hitting koji's 'search' endpoint with pretty exacting queries. These caused database load to go through the roof and caused the application to stop responding. I disabled search for friday, and just re-enabled it. I hope they have moved on to /dev/null now.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/116228691881195787

March 13, 2026

• Fedora Community Blog Community Update – Week 11

  This is a report created by CLE Team, which is a team containing community members working in various Fedora groups for example Infrastructure, Release Engineering, Quality etc. This team is also moving forward some initiatives inside Fedora project.

  Week: 09 – 13 March 2026

  Fedora Infrastructure

  This team is taking care of day to day business regarding Fedora Infrastructure.
  It’s responsible for services running in Fedora infrastructure.
  Ticket tracker

  • Dealing with spam
  • Resolved issue with user getting error when sending e-mail to admin@fedoraproject.org
  • Resolved issue with broken e-mail aliases
  • OpenID Connect Enrollment – Konflux ROSA Cluster
  • Setup new gpu01.rdu3.fedoraproject.org machine
  • Improvements on zabbix monitoring

  CentOS Infra including CentOS CI

  This team is taking care of day to day business regarding CentOS Infrastructure and CentOS Stream Infrastructure.
  It’s responsible for services running in CentOS Infratrusture and CentOS Stream.
  CentOS ticket tracker
  CentOS Stream ticket tracker

  • Put the Jenkins runner under Ansible control
  • new sig-messaging co-chairs
  • stream9 and stream10 BuildTargets and Tags needed for Ceph Umbrella
  • website isn’t rendered correctly everywhere
  • spam on the automotive-sig mailing list
  • New Mirror Submission
  • www pool member unreachable

  Release Engineering

  This team is taking care of day to day business regarding Fedora releases.
  It’s responsible for releases, retirement process of packages and package builds.
  Ticket tracker

  • Fedora 44 Beta is out now!
  • https://fedoramagazine.org/announcing-fedora-linux-44-beta/
  • Final freeze is scheduled to start on March 31st and the final release is tentatively scheduled for April 14th.

  RISC-V

  This is the summary of the work done regarding the RISC-V architecture in Fedora.

  • F44 rebuild will be slow until we clear the current queue in the build system (side note: until RISC-V enters primary Koji, it is likely to be out of sync with primary arch in terms of image delivery timelines).  Engaged on ‘fedora-devel’ (and the Discussion forum) about primary vs. alternative arch requirements. Downstream needs brought the pending Fedora upstream work for LLVM and Java into the foreground. Reviewed the link-time optimization (LTO) situation in Fedora RISC-V: for now we’ll keep it disabled, the LTO gains are rather small, and it gives us much better build times.  Evaluated migrating documentation from Wiki to Forge, but it remains a bit of a low-priority for now.
  • Resolved a “unified kernel” (soon to be “omni kernel”) boot failure on P550
  • Debugged a small regression in ‘arch-test’ reported on the RISC-V Matrix channel.
  • Chip away at the RISC-V tracker
  • Make progress on draining the queue on the tasks tracker

  QE

  This team is taking care of quality of Fedora. Maintaining CI, organizing test days
  and keeping an eye on overall quality of Fedora releases.

  • Fedora 44 Beta was approved last week and is getting released this week. This involved a lot of release validation tests, blocker bugs management, common issues writeup, and more.
  • Ran Podman test week + I18N week (currently in progress). Article and blog invites were created for both events.
  • Cooperation started with Desktop QA wrt adding fmf tests for mesa fedora CI.
  • The Testdays Web app now has a unit tests suite.

  Forgejo

  This team is working on introduction of https://forge.fedoraproject.org to Fedora
  and migration of repositories from pagure.io.

  • Many new orgs added to Forgejo, and migrations ramping up. Fixing migration issues on the fly
  • Pagure static pages archive almost ready to be published for review
  • Continued work on Private Issues:
    • Implement issue-level access control (DB queries still outstanding)
    • Fix hanging and failing tests, (partially caused by rebased upstream, not yet pushed)
    • Switch from pointers to sql.NullInt64 types of public/private issue ID pairs for safety and better consistency with existing code
    • RPM: Package 14.0.3

  EPEL

  This team is working on keeping Epel running and helping package things.

  • Traveling back from Scale (Trip report will follow)
  • Maintenance work (business as usual) 
  • WIP: matrix bot to look into forgejo repo

  UX

  This team is working on improving User experience. Providing artwork, user experience,
  usability, and general design services to the Fedora project

  • Design assets migrated to Forgejo with new directory structure. Assets can now be found here.  
  • F45 Wallpaper: Sketches and Rough Drafts ticket closed

  If you have any questions or feedback, please respond to this report or contact us on #admin:fedoraproject.org channel on matrix.

  The post Community Update – Week 11 appeared first on Fedora Community Blog.

• Remi Collet ⚙️ PHP version 8.4.19 and 8.5.4

  RPMs of PHP version 8.5.4 are available in the remi-modular repository for Fedora ≥ 42 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  RPMs of PHP version 8.4.19 are available in the remi-modular repository for Fedora ≥ 42 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  ℹ� These versions are also available as Software Collections in the remi-safe repository.

  ℹ� The packages are available for x86_64 and aarch64.

  ℹ� There is no security fix this month, so no update for versions 8.2.30 and 8.3.30.

  Version announcements:

  • PHP 8.5.4 Release Annoucement
  • PHP 8.4.19 Release Annoucement

  ℹ� Installation: Use the Configuration Wizard and choose your version and installation mode.

  Replacement of default PHP by version 8.5 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.5/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.5
  dnf update
  

  Parallel installation of version 8.5 as Software Collection

  yum install php85

  Replacement of default PHP by version 8.4 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.4/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.4
  dnf update
  

  Parallel installation of version 8.4 as Software Collection

  yum install php84

  And soon in the official updates:

  • Fedora Rawhide now has PHP version 8.5.4
  • Fedora 44 - PHP 8.5.4
  • Fedora 43 - PHP 8.4.19
  • Fedora 42 - PHP 8.4.19

  ⚠� To be noticed :

  • EL-10 RPMs are built using RHEL-10.1
  • EL-9 RPMs are built using RHEL-9.7
  • EL-8 RPMs are built using RHEL-8.10
  • intl extension now uses libicu74 (version 74.2)
  • mbstring extension (EL builds) now uses oniguruma5php (version 6.9.10, instead of the outdated system library)
  • oci8 extension now uses the RPM of Oracle Instant Client version 23.26 on x86_64 and aarch64
  • A lot of extensions are also available; see the PHP extensions RPM status (from PECL and other sources) page

  ℹ� Information:

  • Migrating from PHP 8.2.x to PHP 8.3.x
  • Migrating from PHP 8.3.x to PHP 8.4.x
  • Migrating from PHP 8.4.x to PHP 8.5.x

  Base packages (php)

  

  

  Software Collections (php83 / php84 / php85)

  

  

   

March 12, 2026

• suve's ramblings The new old wolf

  Reminiscing about an old game project that I've had laying around and rotting away for the last 8 years.

March 11, 2026

• Swiss JuristGate Suicide of disgruntled employee? Bus fire at Kerzers / Chiètres, Switzerland, at least six dead

  News reports have appeared about a bus catching fire in Kerzers, Switzerland, which is also known as Chiètres in French. Reports suggest one person doused himself in fire. Police confirm it was deliberate and they say it is not a terrorist. The possibility that remains for us to contemplate is that it was somebody who has been humiliated by their employer or the jurists in a tribunal.

  This web site has gone to great lengths to reveal the extent to which jurists take money from people and then fail to provide any solution to the needs of their clients. In many cases, the jurists make disputes even worse in the hope that parties on both sides of the dispute, or their insurers, will end up paying even more legal fees.

  When employers make somebody redundant in Switzerland, they normally have to give the workers three to six months notice or a lump sum payment, sometimes both. To avoid making these payments, some employers and some of the agencies responsible for contract employees will try to blame one of the workers. Many of these disputes are settled by a tribunal. Both the employer and employee want to save face and so the judgments are kept totally secret.

  There are parallel cases in Germany. Galia Mancheva's abuse report describes her experience of taking the FSFE misfits to an employment tribunal. The tribunal forced her to listen to lies from the men and then they humiliated her by telling her she can't have justice because she had been in the job for less than twelve months.

  Due to the JuristGate scandal, when the illegal legal fees insurance scheme vanished overnight, up to 20,000 clients suddenly found themselves without a lawyer. Some of those people were in the middle of legal disputes with employers or employees. Some of those disputes involve sensitive matters, such as accusations of sexual impropriety and employee illness. FINMA has not made any comment on how these case files were protected or compromised. Matthieu Parreaux, the founder of the rogue firm, suggested that all the case files have fallen into the hands of other lawyers.

  When we began examining the Adrian von Bidder death in Basel, where his wife subsequently became the mayor, we looked at a petition to the Basel Kanton about the way they are hiding the number of suicides and the reasons for them. We were shocked to find the name A. von Bidder on the petition shortly before Adrian von Bidder-Senn died at age 32. No official reasons have been given. The only fact we know is that he died eight months after the Debian Day volunteer suicide and people discussed it like a copy-cat suicide. Nonetheless, if Debianism was not the only influence in his death, we need to start asking if he had simultaneously been the victim of rogue employment practices or incompetence by jurists.

  As noted in the Basel Kanton suicide petition, many of these cases involve total secrecy and the employment tribunals also operate in secrecy. From time to time, news reports appear about cases where multiple people are attacked or killed, for example, a chainsaw attack at the office of CSS insurance in Kanton Schaffhausen. I went to some detail to explain the incompetence, corruption and racism we encountered when somebody fell on Carla at a Zurich yoga studio and the people at the accident insurance spent two years giving us excuses.

  Police confirm the Postbus fire occurred deliberately. It happened at peak hour when the bus had the maximum number of passengers. The victim chose to die in a Postbus. These buses are iconic of Swiss rural life and the tourism industry. Did the victim of this suicide intend to send some kind of signal, like the distinctive three-tone horn of the bus itself?

  

   

  Will the victims of this tragedy spend two years waiting for an answer or will they never get answers at all?

  Read more about JuristGate, the illegal legal insurance that Swiss regulator FINMA knew about for five years.

March 10, 2026

• Marcin 'hrw' Juszkiewicz RISC-V is sloooow

  About 3 months ago I started working with RISC-V port of Fedora Linux. Many things happened during that time.

  Triaging

  I went through the Fedora RISC-V tracker entries, triaged most of them (at the moment 17 entries left in NEW) and tried to handle whatever possible.

  Fedora packaging

  My usual way of working involves fetching sources of a Fedora package (fedpkg clone -a) and then building it (fedpkg mockbuild -r fedora-43-riscv64). After some time, I check did it built and if not then I go through build logs to find out why.

  Effect? At the moment, 86 pull requests sent for Fedora packages. From heavy packages like the “llvm15” to simple ones like the “iyfct” (some simple game). At the moment most of them were merged, and most of these got built for the Fedora 43. Then we can build them as well as we follow ‘f43-updates’ tag on the Fedora koji.

  Slowness

  Work on packages brings the hard, sometimes controversial, topic: speed. Or rather lack of it.

  You see, the RISC-V hardware at the moment is slow. Which results in terrible build times — look at details of the binutils 2.45.1-4.fc43 package I took from koji (Fedora and RISC-V Fedora):

  Architecture	Cores	Memory	Build time
  aarch64	12	46 GB	36 minutes
  i686	8	29 GB	25 minutes
  ppc64le	10	37 GB	46 minutes
  riscv64	8	16 GB	143 minutes
  s390x	3	45 GB	37 minutes
  x86_64	8	29 GB	29 minutes

  That was StarFive VisionFive 2 board, while it has other strengths (such as upstreamed drivers), it is not the fastest available one. I asked around and one of porters did a built on Milk-V Megrez — it took 58 minutes.

  Also worth mentioning is that the current build of RISC-V Fedora port is done with disabled LTO. To cut on memory usage and build times.

  RISC-V builders have four or eight cores with 8, 16 or 32 GB of RAM (depending on a board). And those cores are usually compared to Arm Cortex-A55 ones. The lowest cpu cores in today’s Arm chips.

  The UltraRISC UR-DP1000 SoC, present on the Milk-V Titan motherboard should improve situation a bit (and can have 64 GB ram). Similar with SpacemiT K3-based systems (but only 32 GB ram). Both will be an improvement, but not the final solution.

  Hardware needs for Fedora inclusion

  We need hardware capable of building above “binutils” package below one hour. With LTO enabled system-wide etc. to be on par with the other architectures. This is the speed-related requirement.

  There is no point of going for inclusion with slow builders as this will make package maintainers complain. You see, in Fedora build results are released into repositories only when all architectures finish. And we had maintainers complaining about lack of speed of AArch64 builders in the past. Some developers may start excluding RISC-V architecture from their packages to not have to wait.

  And any future builders need to be rackable and manageable like any other boring server (put in a rack, connect cables, install, do not touch any more). Because no one will go into a data centre to manually reboot an SBC-based builder.

  Without systems fulfilling both requirements, we can not even plan for the RISC-V 64-bit architecture to became one of official, primary architectures in Fedora Linux.

  I still use QEMU for local testing

  Such long build times make my use of QEMU useful. My AArch64 desktop has 80 cores, so with the use of QEMU userspace riscv64 emulation, I can build the “llvm15” package in about 4 hours. Compare that to 10.5 hours on a Banana Pi BPI-F3 builder (it may be quicker on a P550 one).

  

  And LLVM packages make real use of both available cores and memory. I am wondering how fast would it go on 192/384 cores of Ampere One-based system.

  Still, I used QEMU for local builds/testing only. Fedora, like several other distributions, does native builds only.

  Future plans

  We plan to start building Fedora Linux 44. If things go well, we will use the same kernel image on all of our builders (the current ones use a mix of kernel versions). LTO will still be disabled.

  When it comes to lack of speed… There are plans to bring new, faster builders. And probably assign some heavier packages to them.

• Tim Waugh Searching Logseq by Concept, Not Keystrokes

  Logseq is great for dumping daily notes, but finding them again later can be a pain. If you’re looking for notes on a “connection timeout” but originally wrote “increasing the socket keepalive”, a standard keyword search will give you nothing. You end up having to guess the exact phrasing your past self used.

  I wanted a way to search my graph by concept rather than exact text matches. That’s why I put together the Logseq Semantic Search plugin.

  The upcoming database version of Logseq actually has semantic search built-in. But since I’m still using the standard Markdown version for my day-to-day workflow, I wanted to get that capability right now.

  Indexing the hierarchy

  The plugin uses text embeddings to find conceptually similar blocks. But just embedding individual bullet points doesn’t work well for outliners. A block that just says “needs refactoring” is useless on its own.

  If you’ve seen my Logsqueak project, you’ll recognise the indexing approach here. Every block is indexed along with its complete structural lineage—the page name, properties, and the full chain of parent blocks above it.

  Because it captures this nested context, the search index knows that a vague bullet point nested under billing-service → Database Connection Pool is actually about your Postgres setup. Searching for “optimizing billing db” will pull that specific child block right to the top of the results.

  Running it locally

  Since a Logseq graph is essentially a private brain dump, I wanted this to run entirely locally. By default, the plugin connects to Ollama using the lightweight nomic-embed-text model. It’s smart enough to only re-embed blocks that have changed, so it’s relatively fast even without a GPU. (If you prefer, you can also point it at any OpenAI-compatible endpoint in the settings).

  I run Fedora Workstation and prefer to keep my host system clean, so I run Ollama via Podman. It’s incredibly straightforward to set up:

  # Start the Ollama container, exposing the default port
  # and persisting data
  podman run -d \
    --name ollama \
    -p 11434:11434 \
    -e "OLLAMA_ORIGINS=*" \
    -v ollama:/root/.ollama \
    docker.io/ollama/ollama
  
  # Pull the lightweight embedding model
  podman exec ollama ollama pull nomic-embed-text

  Because we mapped port 11434, the Semantic Search plugin can talk to the container seamlessly at http://localhost:11434 right out of the box. No dependency issues, just a private embedding server ready to run in the background.

  Usage

  You can grab the plugin directly from the Logseq Marketplace. Once it’s installed, hit Alt+K (or click the toolbar icon) to open the search modal. Try typing a natural language query—like “notes about debugging pipeline failures”—and it will surface the relevant blocks even if you didn’t use the word “debugging.”

  The source code is up on GitHub if you want to poke around or contribute.

  The post Searching Logseq by Concept, Not Keystrokes appeared first on PRINT HEAD.

March 09, 2026

• Kushal Das In the land of XML

  One of the major thing at work is XML, due to all things identity. Yes, XML and SAML are very much alive. SWAMID is the identity fedeation for research and higher education in Sweden and edusgain which is the global identify federation around the world connected 80+ pariticipaaant federations connecting over 10k identify and service providers. And these are based on SAML.

  In the last few weeks I released two libraries in Rust and then python bindings for the same using pyo3. uppsala is the zero dependency XML library and pyuppsala is the python binding.

  Features of uppsala/pyuppsala

  • XML 1.0 parsing with full well-formedness checking
  • Namespace-aware DOM with tree mutation (create, append, insert, remove, detach)
  • XPath 1.0 evaluation (all axes, functions, predicates)
  • XSD validation (structures + datatypes, 40+ built-in types, facets, complex types)
  • XSD regex pattern matching (Unicode categories, blocks, character class subtraction)
  • Imperative XML builder (XmlWriter) for constructing output without a DOM
  • Serialization with pretty-printing, compact output, and streaming to files
  • Automatic encoding detection for UTF-8 and UTF-16 (LE/BE)

  Read the full documentation

  bergshamra is the pure Rust XML Security library implementing the W3C XML Digital Signatures (XML-DSig), XML Encryption (XML-Enc), and XML Canonicalization (C14N) specifications. Built entirely on the RustCrypto ecosystem with Uppsala for XML parsing, and pybergshamra is the python binding.

  Features of bergshamra/pybergshamra

  • XML Digital Signatures — sign and verify (enveloped, enveloping, detached)
  • XML Encryption — encrypt and decrypt (element, content, key wrapping, key transport, multi-recipient)
  • XML Canonicalization — all 6 W3C C14N variants (inclusive/exclusive, with/without comments, 1.0/1.1) with document-subset filtering via XPath
  • X.509 certificate chain — validation with expiry, trust anchors, CRL revocation, chain building
  • Post-quantum signatures — ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) with context strings
  • EdDSA — Ed25519 signatures (RFC 8032)
  • Key agreement — ECDH-ES (P-256/P-384/P-521), X25519, DH-ES (X9.42 finite-field)
  • Key derivation — ConcatKDF, HKDF (SHA-256/384/512), PBKDF2
  • RSA-OAEP — configurable digest (SHA-1/224/256/384/512), MGF1, and OAEPparams
  • HMAC truncation — HMACOutputLength with CVE-2009-0217 minimum length protection
  • SAML support — SAML v1.1 AssertionID attribute as default ID, cid: URI scheme for WS-Security MIME references
  • CipherReference — resolve encrypted content via URI with XPath and Base64 transforms
  • XPath — XPath, XPath Filter 2.0, XPointer for reference processing
  • XSLT — identity transform and minimal XSLT for document-subset operations
  • OPC Relationship Transform — for Office Open XML signatures (ECMA-376 Part 2)
  • Key formats — PEM, DER, PKCS#8 (plain and encrypted), PKCS#12, X.509 (PEM and DER), xmlsec keys.xml, raw symmetric keys
  • KeyInfo resolution — KeyName, X509Certificate (multi-cert chain with leaf detection), X509IssuerSerial, RSA/EC/DSA KeyValue, DEREncodedKeyValue, RetrievalMethod, EncryptedKey, KeyInfoReference
  • #![forbid(unsafe_code)] across every crate

  Supported algorithms

  Category	Algorithms
  Digest	SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, MD5†, RIPEMD-160†
  Signature (RSA)	RSA PKCS#1 v1.5 (SHA-1/224/256/384/512, MD5†, RIPEMD-160†), RSA-PSS (SHA-1/224/256/384/512, SHA3-224/256/384/512)
  Signature (EC)	ECDSA (P-256/P-384/P-521 × SHA-1/224/256/384/512, SHA3-224/256/384/512, RIPEMD-160†)
  Signature (other)	DSA (SHA-1, SHA-256), Ed25519, HMAC (SHA-1/224/256/384/512, MD5†, RIPEMD-160†)
  Post-quantum	ML-DSA-44/65/87 (FIPS 204), SLH-DSA SHA2-128f/128s/192f/192s/256f/256s (FIPS 205)
  Block cipher	AES-128/192/256-CBC, AES-128/192/256-GCM, 3DES-CBC
  Key wrap	AES-KW-128/192/256 (RFC 3394), 3DES-KW (RFC 3217)
  Key transport	RSA PKCS#1 v1.5, RSA-OAEP (SHA-1/224/256/384/512 digest, MGF1-SHA-1/224/256/384/512)
  Key agreement	ECDH-ES (P-256/P-384/P-521), X25519, DH-ES (X9.42)
  Key derivation	ConcatKDF, HKDF (SHA-256/384/512), PBKDF2
  C14N	Inclusive 1.0/1.1, Exclusive 1.0, each ± comments
  Transforms	Enveloped signature, Base64, XPath, XPath Filter 2.0, XSLT (identity), OPC Relationship
  Key formats	PEM, DER, PKCS#8, PKCS#12, X.509, xmlsec keys.xml, raw HMAC/AES/3DES

  † MD5 and RIPEMD-160 are behind the legacy-algorithms feature flag.

  xmlsec test suite compatibility

  Bergshamra is tested against the full xmlsec interoperability test suite (1157 test steps across DSig and Enc). These are the same tests used by the xmlsec1 C library, covering test vectors from the W3C, Merlin, Aleksey, IAIK, NIST, and Phaos interop suites.

  Suite	Passed	Failed	Total	Pass Rate
  Enc	701	0	701	100%
  DSig	447	9	456	98%
  Total	1148	9	1157	99.2%

  The 9 DSig failures are GOST algorithm tests (GOST R 34.10-2001, GOST R 34.10-2012-256, GOST R 34.10-2012-512) which require special OS cryptographic libraries not available in the RustCrypto ecosystem.

  These are the libraries, you will see the tools/services built on top of these in the coming months hopefully.

• Máirín Duffy Referred pain is deferred pain

  I was chatting with Brian “redbeard” Harrington recently, and a certain turn of phrase came up during our conversation I thought was worth sharing:

  “Referred pain is deferred pain.”
  

  What does this mean?

  A lot of open source projects and programming projects in general start from a single developer scratching an itch that solves a problem they personally experience. As a unit, the person developing the code and experiencing the pain are one and the same. Software that solves clearly-defined issues with the perspective of those directly experiencing those issues is much better positioned to succeed than software meant to solve problems its builders it don’t understand or experience firsthand.

  So projects started by one or two or a small group of developers who really deeply understand the problem domain – first-hand experience with it is best – are ones that tend to succeed.

  When things get more complicated – a larger scale project, folks building solutions who don’t live and breath or even understand the problem domain, solving problems for people they don’t know – that’s when your ability to build something truly great, that has a fantastic user experience, that gains user adoption, that really solves real problems is compromised. Because the pain is referred.

  (Wait, what’s “referred pain?” It’s when you experience pain in one area of the body for which the source of injury is a completely different body part. A lot of folks experience back pain, for example, that is referred pain from another body part.)

  User experience / human-centered design practice

  My career-long approach to software engineering is from a human-centered perspective. In that role, I’ve served as the bridge between users – the folks directly experiencing pain – and the builders creating solutions for them. Open source itself enables direct links (without user experience type practitioners in the middle.) In open source, the folks experiencing pain can connect directly with the folks building the tool. If they are so inclined, they can even contribute to the code itself! It’s one of the things that I truly enjoy about working on open source community projects: that direct connection and tighter feedback loop. There are folks that need to be connected that for various reasons do not participate in this direct way, though. So I have described my role at times as serving as an ambassador for those users to the developers and other team members planning and building things. I serve as their voice.

  Democratizing the means of production

  Open source was a first milestone in democratizing the means of software production.

  Generative AI tools are perhaps the next, because they lower the bar in terms of skill sets and access in producing software. (We can niggle about the quality and maintainability and the software engineering skill sets that are still critical and valuable in that production. I hope we can all agree these tools are a great enabler of prototype code to help communicate needs / address pain / etc., though.)

  The power I’m talking about here, is kind of looping back to open source’s roots… folks with the skill set to build, building things to solve problems they are familiar with and face the pain of. Now we have folks who previously could not build for themselves, with different pains, able to scratch their own itches. This is a more diverse community. Their pains, their problems, are from a broader set of domains than developers directly experience. There’s potential, consequentially, that we could see more innovative and novel forms of software emerging.

  Principles to take away

  1. Get closer to your users. Software as a solution is best when it’s built by a team that directly experiences the pain of the problem(s) the software is meant to solve. If you want to improve your software, connect as closely as possible with and put yourself into the shoes of those experiencing the pain. You need empathy for your users. Try out their workflows for yourself. Learn their workflows. Keep conversations going with them. Build connections with them. The further referred their pain is from software builders, the more deferred finding a successful solution in a timely manner will be.
  2. Users now have tools to scratch their own itches. This isn’t a threat! It’s a new way of working. If you’ve got users of your software who’ve tried their hand at vibe-coding solutions – take a look at their prototypes! This is a potential new form of needs communication that can help you meet their needs better. If you’re in open source, you may find them filing PRs – this is awesome. You don’t have to take them if they don’t meet your project’s bar, but they absolutely do meet the bar in communicating needs the software could solve (in another form than simply filing an issue.) This is rich feedback you can use to improve your software.

   

  A video to watch

  I speak a little to this shift we may see in user engagement with open source projects in the latest episode of my Red Hat video series, “What’s on Mo’s Mind?” I talk about how Gen AI is a new abstraction layer in computing that lowers the bar for participation and in doing so enables a broader set of perspectives to contribute to software. Take a look if you like

  

   

  (Note: The feature image was generated with Gemini 3.0 using a prompt I drafted manually and using character design artwork from my own portfolio. A frustrating process, by the way, but here we are. )

March 07, 2026

• Kevin Fenzi misc fedora bits first week of march 2026

  

  Here we are in the first week of March 2026 already. This was a pretty quiet week for me, partly due to the Fedora 44 Beta freeze and partly I think due to people traveling/being away. In any case it was welcome to me to have a chance to work on some planned work instead of day to day or fighting fires.

  GPU machine

  This week I finally got our gpu machine all setup, which has been a very long road. Last year we thought it would be very handy to have a machine that has desktop GPUs in it that we could use to test / build / explore things that could use those. We didn't want a server with fancy datacenter gpus, we wanted things that Fedora users might have. This of course is tricky, since that entails a desktop like machine in a datacenter.

  After some looking around, we found the Dell Precision 7960 Rack, which is a rackmount machine, but sort of a desktop too.

  We got a loaner to test things out with, and finally decided to buy it and use it. There have been so many little delays with this thing ( wrong network card, need a new one. Time of people involved to setup the testing. Drac license was wrong and I couldn't install it, and more).

  But finally this week it's up. We will see how useful it becomes and what new exciting things it opens up.

  Fedora 44 Beta is GO for release next tuesday

  We had our Fedora 44 Beta go/nogo meeting on thursday and amazinly we were go for release on tuesday. The second beta candidate had no accepted blockers. I'm always a bit surprised when things go so smoothly, but I will take it!

  Secure boot signing

  I also made some more progress on my secure boot signing setup, but then i hit a blocker. I was able to sign grub and kernel for aarch64, but it doesn't actually boot. (I have my lenovo slim7x and also another aarch64 box that supports secure boot to test with). Hopefully we can get to the bottom of that soon so we can switch things on. I really hope we can have it running before Fedora 44 final freeze.

  This also has been a long road.

  Just missed it

  I'm getting a solar system with batteries and home backup installed late this month, and I'm really looking forward to it.

  Unfortunately, my electic coop just informed me that there is going to be a 4 hour power outage on monday for maint work. If it had only been next month, I could have just ignored it. Oh well, one more time for the generator! :)

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/116189196834124254

• ! Avi Alkalay ¡ Ideal Laptop

  Do you remember the most important characteristics you should look for in a good laptop? In the following order:

  1⃣ A high-resolution, high-density display: 3K or 4K, far beyond HD or Full HD
  2⃣ A battery that lasts all day
  3⃣ Fast storage (SSD)
  4⃣ Light, thin, and elegant

  It’s not the CPU.
  It’s not AI.
  It’s not having huge storage capacity.
  It’s not a large physical size.
  It’s not having more than 8 GB of memory (memory is not storage).
  It’s not having a stylus, tablet convertible, or having a detachable or articulated keyboard.
  And it’s definitely not having a numeric keypad on the side.

  Until last week, the best and most affordable laptop on the market with these characteristics was the $1100 MacBook Air. But now Apple has launched the MacBook Neo, which delivers all these qualities — display, battery, storage, lightness, and elegance for 45% less: $600.

  ❝A laptop for me is just for browsing the internet, email, editing documents, messaging, watching movies, and relaxing with games like Solitaire or Roblox.❞

  Congratulations, you’re like 99.9% of humanity. The MacBook Neo delivers the best value for you.

  In the Windows laptop universe, these truly important characteristics (display quality, lightness, etc.) are usually found only in the most expensive product lines. To justify the high price, their marketing shifts the focus to things that are largely irrelevant: unnecessarily powerful CPUs, unnecessarily large storage, unnecessarily large memory, tablet modes, styluses, and so on.

  All unnecessary for 99.9% of humanity.

  And even in those expensive lines, the battery rarely lasts more than two hours, let alone all day. The reason: inefficient CPU.

  Don’t be misled when choosing your next laptop. Pay attention to the characteristics that really matter: hires display, battery duration, fast storage, lightness, and elegance. General rule is to avoid laptops that use Intel CPUs.

  This also applies to the laptops that companies give to their employees.

  Also in my Instagram, Facebook and LinkedIn.

• ! Avi Alkalay ¡ Laptop ideal

  Lembra quais são as características mais importantes que você deve procurar num bom laptop? 1⃣ tela de alta resolução e densidade, 3K ou 4K, bem mais que HD ou full HD; 2⃣ bateria que dura o dia todo; 3⃣ armazenamento rápido (SSD); 4⃣ leve, fino e elegante.

  Não é CPU. Não é IA. Não é armazenamento grande. Não é ter tamanho físico grande. Não é ter mais do que 8GB de memória (memória não é armazenamento). Não é ter caneta, virar tablet, teclado removível ou articulado. E definitivamente não é ter teclado numérico lateral.

  Até semana passada, o melhor e mais barato laptop do mercado com essas características era o MacBook Air de $1100. Mas agora a Apple lançou o MacBook Neo que entrega todas essas características de tela, bateria, armazenamento, leveza e elegância, 45% mais barato: $600.

  ❝Laptop prá mim é só prá navegar na internet, e-mail, editar documentos, mandar mensagem, assistir filmes, me distrair jogando paciência e Roblox❞. Parabéns, você é como 99,9% da humanidade. O MacBook Neo entrega o melhor custo-benefício para você.

  No universo dos laptops Windows, essas características importantes (tela, leveza etc), só se encontram nas linhas mais caras dos fabricantes. E para justificar o alto preço, seu marketing procura mudar o foco para coisas completamente irrelevantes, como CPU desnecessariamente poderosa, armazenamento desnecessariamente alto, memória desnecessariamente grande, virar tablet, ter caneta etc. Desnecessário para 99,9% da humanidade. E mesmo assim, nem nessas linhas mais caras a bateria dura mais do que 2 horas (motivo: CPU ineficiente), quanto menos o dia todo.

  Não seja ludibriado ao escolher seu próximo laptop. Preste atenção nas características que realmente importam: tela, bateria, armazenamento rápido, leveza e elegância. A regra geral é evitar laptops com CPUs Intel.

  Isso vale também para laptops que empresas dão a seus funcionários.

  Também no meu Instagram, Facebook e LinkedIn.

March 06, 2026

• Allan Day GNOME Foundation Update, 2026-03-06

  This post is the latest in my series of GNOME Foundation updates. I’m writing these in my capacity as Foundation President, where I’m busy managing a lot of what’s happening at the organisation at the moment. Each of these posts is a report on what happened over a particular period, and this post covers the current week as well as the previous one (23rd February to 6th March).

  Audit time

  I’ve mentioned the GNOME Foundation’s audit on numerous occassions previously. This is being conducted as a matter of routine, but it is our first full formal audit, so we have been learning a lot about what’s involved.

  This week has been the audit fieldwork itself, which has been quite intense and a lot of work for everyone involved. The audit team consists of 5 people, most of whom are accountants of different grades. Our own finance team has been meeting with them three times a day since Tuesday, answering questions, doing walkthroughs of our systems, and providing additional documents as requested.

  A big part of the audit is cross-referencing and checking documentation, and we have been busy responding to requests for information throughout the week. On last count, we have provided 140 documents to the auditors this week alone, on 20 different themes, including statements, receipts, contracts, invoices, sponsorship agreements, finance reports, and so on.

  We’re expecting the draft audit report in about three weeks. Initial signs are good!

  GUADEC 2026

  Planning activity for GUADEC 2026 has continued over the past two weeks. That includes organising catering, audio visual facilities, a photographer, and sponsorship work.

  Registration for the event is now open. The Call for Papers is also open and will close on 13 March – just one week away! If you would like to present this year, please submit an abstract!

  If you would like travel sponsorship for GUADEC, there are two deadlines to submit a request: 15th March (for those who need to book travel early, such as if they need a visa) and 24th May (for those with less time pressure).

  LAS 2026

  This year’s Linux App Summit is happening in Berlin, on the 16th and 17th May, and is shaping up to be a great event. As usual we are co-organizing the event with KDE, and the call for proposals has just opened. If you’d like to present, you have until 23rd March to submit a paper.

  The Travel Committee will be accepting travel applications for LAS attendees this year, so if you’d like to attend and need travel assistance, please submit a request no later than 13th April.

  Infrastructure

  On the infrastracture side, GNOME’s single sign on service has been integrated with blogs.gnome.org, which is great for security, as well as meaning that you won’t need to remember an extra password for our WordPress instance. Many thanks to miniOrange for providing us with support for their OAuth plugin for WordPress, which has allowed this to happen!

  That’s it for my update this week. In addition to the highlights that I’ve mentioned, there are quite a number of other activities happening at the Foundation right now, particularly around new programs, some of which we’re not quite ready to talk about, but hope to provide updates on soon.

• Fedora Community Blog Final Reminder: Flock 2026 Financial Assistance Applications Close Sunday, March 8th

  Do you want to join us for our annual contributor conference? We want to see you there! However, we know that traveling to a global event is a big trip. It costs real money. To help out, the Flock Organizing Team offers Flock 2026 financial assistance. We want to make sure money does not stop our active contributors from attending.

  This is your final reminder. You must submit your form by Sunday, March 8th, 2026. The organizing team starts looking at the data on Monday morning. Because of this fast timeline, we cannot accept any late forms. Sunday is a hard stop.

  What does this funding actually cover? We can help you pay for your travel. This includes your airfare or train tickets. We can also help cover your hotel room at the main event venue. We have a limited budget. Because of this, we cannot fully fund every person who applies. Your peers on the organizing team review all the forms. They look at your community impact to make these tough choices.

  Note for Flock 2026 speakers

  Are you giving a talk this year? We are excited to hear from you! But please remember one important rule. Being an accepted speaker does not give you guaranteed funding. You still need to ask for help. All speakers must fill out the Flock 2026 financial assistance form if they need travel support.

  Apply for Flock 2026 financial assistance

  Applying is easy. Just follow these steps:

  1. Open the Google Form application.
  2. Fill in your travel details and your estimated costs.
  3. Explain your recent work and your impact in the Fedora community.
  4. Submit the form before the end of the day on Sunday, March 8th.

  We want to bring as many builders and contributors together as possible. Please do not wait until the last minute. If you need support to join us, fill out the application today!

  The post Final Reminder: Flock 2026 Financial Assistance Applications Close Sunday, March 8th appeared first on Fedora Community Blog.

• Fedora Community Blog Community Update – Week 10 2026

  This is a report created by CLE Team, which is a team containing community members working in various Fedora groups for example Infrastructure, Release Engineering, Quality etc. This team is also moving forward some initiatives inside Fedora project.

  Week: 02 – 06 March 2026

  Fedora Infrastructure

  This team is taking care of day to day business regarding Fedora Infrastructure.
  It’s responsible for services running in Fedora infrastructure.
  Ticket tracker

  • Migrated remaining pagure.io repositories, there is one remaining, but needs to have private issues implemented
  • Provide DNS domain name for konflux (ticket)
  • Meeting with the IPA-tuura team to move forward with the Ipsilon replacement project

  CentOS Infra including CentOS CI

  This team is taking care of day to day business regarding CentOS Infrastructure and CentOS Stream Infrastructure.
  It’s responsible for services running in CentOS Infratrusture and CentOS Stream.
  CentOS ticket tracker
  CentOS Stream ticket tracker

  • investigate jenkins repo gpg key change
  • zabbix agent fails to load on rhel 10.1 due to selinux policy mismatch
  • Podman/crun issue on ansible ARA host
  • Enable side tag feature
  • Add AIE to sigs.centos.org
  • Enable draft builds in CBS
  • [spike] verify how to prevent self-registration on mailman3 instance (outside of allowing FAS/ACO accounts)
  • Update pungi for CentOS Stream

  Release Engineering

  This team is taking care of day to day business regarding Fedora releases.
  It’s responsible for releases, retirement process of packages and package builds.
  Ticket tracker

  • Still in Beta Freeze, we have had a couple of release candidate composes for Fedora 44 Beta.
  • GO/NO-GO call for the Beta Release is tentatively scheduled for Thursday, March 5th.

  RISC-V

  This is the summary of the work done regarding the RISC-V architecture in Fedora.

  • Continue to comb through the list of Fedora packages that need work —  submit changes to Fedora / upstream, review patches from others, and submit builds as needed.
  • Build/test the RISC-V unified kernel.
  • Figured out logistics for 24-h remote access to SpacemiT ‘K3’ hardware (based on RVA230
  • Discussed with the RISC-V SIG and Fedora docs about migrating the Fedora RISC-V docs from the wiki to forge.
  • Figure out the prerequisites for F44 builds — toolchain dependencies are being sorted out.

  AI

  This is the summary of the work done regarding AI in Fedora.

  • Aurelien Bompard Worked on the AI-powered This Week in Fedora.
  • Claude helped Gordon Messmer develop an extension to glibc’s malloc API to solve a common problem with memory inflation, and produced some illustrations of the problem and solution.  The write-up will be posted shortly. Draft at:  https://codeberg.org/gordonmessmer/dev-blog/src/branch/main/memory-efficiency-with-arena-allocators.md
  • Quality Team workflow for AI code review in Forgejo — easily reused if you’re interested! https://forge.fedoraproject.org/quality/workflows/src/branch/main/.forgejo/workflows/ai-review.yml

  QE

  This team is taking care of quality of Fedora. Maintaining CI, organizing test days
  and keeping an eye on overall quality of Fedora releases.

  • Fedora 44 RCs are now available and under heavy testing. The Go/NoGo is scheduled in a few days. Lots of blocker (and not blocker) bugs were discovered, discussed, voted on and resolved. 
  • Kernel 6.19 test days are complete and Podman 5.8 test days are under way.
  • A new version of BlockerBugs bot was implemented and deployed to staging, which should allow us to migrate blocker voting repository from Pagure to Forge (ticket).
  • Our cloud automation now reports results to the production wiki for each new compose.
  • The refactoring of Fedora Easy Karma was merged to the main branch. All places with links were also updated wrt the recent transition to Forge, and the migration is now done for this repo.
  • Forge QA repos now has a reusable workflow for an AI review.
  • More bugs hitting OpenQA automated testing were resolved, some some particular ones are very hard to debug, e.g. an ibus hang or an xdg-desktop-portal crash.

  Forgejo

  This team is working on introduction of https://forge.fedoraproject.org to Fedora
  and migration of repositories from pagure.io.

  • [Forgejo] New Organization and Teams Request: Fedora KDE [Followup]
  • [Forgejo] Participated in the Forge review, planning and retrospective meet with Rodney, Nils, Ryan and David [Board]
  • [Forgejo] New organisation for Fedora Code of Conduct committee + migration [Followup] [Namespace] [Followup]
  • [Forgejo] New repo for Security SIG [Followup] [Namespace] [Followup] [Followup]
  • [Forgejo] New Organization and Teams Request: Fedora Btrfs [Followup] [Namespace]
  • [Docs] Will be migrating Release Notes imminently + branching for F44, contributions welcome once the repo appears on Forgejo
  • Forgejo runners added for orgs mindshare and apps
  • Private Issues
    • Unit tests for code ⇔ DB boundary (Issue & PrivateIssue: done, related types: ongoing)
    • Verify, debug and fix DB migration

  UX

  This team is working on improving User experience. Providing artwork, user experience,
  usability, and general design services to the Fedora project

  • Updated all references to Fedora Design ticket tracker to point to Forgejo [ticket], migration of tickets still wip, but significant progress made.

  If you have any questions or feedback, please respond to this report or contact us on #admin:fedoraproject.org channel on matrix.

  The post Community Update – Week 10 2026 appeared first on Fedora Community Blog.

March 04, 2026

• Tim Waugh Logsqueak: Rescuing Insights from the Logseq Journal

  I’ve been using Logseq for a year now and it’s become the backbone of my workflow. I have pages dedicated to specific topics, concepts, projects, meetings… all sorts of things.

  During my day, when I want to note something down or write something out to think about it, the daily Logseq journal is the obvious place for it to go. It has been an invaluable habit to build. But there’s a catch: the journal can easily become a black hole. It ends up as a chaotic mix of meeting notes, fleeting thoughts, random ideas, task lists and the occasional moment of genuine insight.

  Most of the time, I try to link journal items to the relevant pages. Sometimes I remember to update those pages in light of new information. But other times I forget, and those insights get buried in the timeline, only resurfacing if I explicitly search for them.

  All of those things belong in the journal, but some of them also belong in permanent pages. I wanted a way to filter the signal from the noise and capture things that I can integrate into my pages, in a way that makes them traceable back to the journal, without leaving the keyboard.

  Enter Logsqueak: a proof-of-concept experiment to see if a local AI model can act as an automated gardener for a Personal Knowledge Management (PKM) system.

  

  How Logsqueak Works

  It’s a Python-based terminal UI built with Textual, using RAG (Retrieval-Augmented Generation) via Ollama. Because PKM data is highly personal, my aim was to be able to build a tool that can run entirely on a local GPU, meaning your private journal entries never have to leave your machine. (Though you can certainly connect it to much larger cloud models if you prefer.)

  The workflow is broken down into 3 phases:

  1: Extraction (Signal vs. Noise)

  In this phase, Logsqueak reads your Logseq journal and helps identify which items are ephemeral daily noise (e.g., “Morning standup at 9am”) and which are actual knowledge or insight worth keeping.

  2: Refinement (Making it Evergreen)

  Temporal context is stripped away, and additional context from parent bullet points is added in.

  • Original Journal Entry:
    • Working on the new analytics dashboard
      • Finally figured out why the main chart was double-fetching data on load. The useEffect hook was missing the empty dependency array.
  • Logsqueak Refinement:
    • To prevent double-fetching data on load in the analytics dashboard, ensure the useEffect hook for the main chart includes an empty dependency array.

  3: Integration (Filing it Away)

  In this final phase, the most semantically relevant pages in your Logseq graph are tracked down, and the best insertion point is identified. Logsqueak will suggest exactly which page and heading the new insight belongs under.

  Logseq is built around powerful block properties, so crucially this is where the traceability happens. When an insight is integrated, Logsqueak adds an extracted-to:: property to the original journal block, linking it directly to the new block. The new block on the target page gets an id:: property linking back. This means you can always jump from your polished knowledge base straight back to the original journal entry to see the full context of what you were doing that day.

  All writes are performed using a custom engine specifically built for Logseq’s Markdown format, ensuring your notes stay safe. Because this is a proof-of-concept, all writes are guarded by explicit user approval—Logsqueak won’t change your files without you saying “yes.”

  Try it out!

  Logsqueak requires Python 3.11+ and an AI assistant. You can use Ollama to run everything locally.

  If you’re on Fedora, getting the prerequisites running is incredibly straightforward. Since Fedora Workstation ships with recent Python versions out of the box, you’re already halfway there. You just need to grab Ollama to run the models locally, set up a virtual environment, and you’re good to go:

  # Assuming you've installed Ollama
  git clone https://github.com/twaugh/logsqueak.git
  cd logsqueak
  ./setup-dev.sh
  source venv/bin/activate
  logsqueak init

  Taming the Knowledge Graph

  This tool can help you turn a pile of daily logs into a structured, searchable knowledge base. Although it can’t yet create new pages from scratch or be given custom instructions about how best to integrate things into the graph, it’s already useful enough for me to use in my daily routine.

  It’s very much a proof-of-concept though, and I’d love to get some feedback from other developers and knowledge management enthusiasts. You can check out the code on GitHub.

  Building Logsqueak made me realise just how much time I spend thinking about note-taking friction. While Logsqueak handles my fast, keyboard-driven daily logging, I actually do a lot of my deep thinking away from the screen on a Ratta Supernote e-ink tablet.

  I recently found myself trying to solve a similar “black hole” problem over there. The result is Slipstream: a Zettelkasten framework to let you build infinitely nested idea networks by hand.

  If you happen to be an e-ink user who prefers a stylus to a keyboard when you need to disconnect and focus, you might find it an interesting contrast. As a bonus, because Slipstream has a structured convention, exporting those handwritten notes to plain text makes them perfectly readable for the exact kind of LLM processing Logsqueak relies on. It’s analogue thinking, ready for the AI age.

  The post Logsqueak: Rescuing Insights from the Logseq Journal appeared first on PRINT HEAD.

March 03, 2026

• ! Avi Alkalay ¡ Uniqlo T-Shirt Bash Script Easter Egg

  At Uniqlo flagship store in Ginza, Tokyo, there was this T-shirt with an encoded shell script.

  

  

  Well, I had to decode it and see the result.

  I took a photo with my iPhone and used its own OCR, which made a lot of confusion between 0 (zero), O (capital o) and 8, mixed 1 and l (small L), and yielded many chars as very similar glyphs but in advanced Unicode ranges, which are invalid for Base64 encoding. It took me some time to fix it all. The final corrected text is this:

  #!/bin/bash
  eval "$(base64 -d <<< 'IyEvYmluL2Jhc2gKCiMgQ29uZ3Jhd
  HVsYXRpb25zISBZb3UgZm91bmQgdGhlIGVhc3RlciBlZ2chIOKdpO+4jwojIOOBiuO
  CgeOBp+OBqOOBhuOBlOOBluOBhOOBvuOBme+8gemaoOOBleOCjOOBn+OCteODl+OD
  qeOCpOOCuuOCkuimi+OBpOOBkeOBvuOBl+OBn++8geKdpO+4jwoKIyBEZWZpbmUgd
  GhlIHRleHQgdG8gYW5pbWF0ZQp0ZXh0PSLimaVQRUFDReKZpUZPUuKZpUFMTOKZpV
  BFQUNF4pmlRk9S4pmlQUxM4pmlUEVBQ0XimaVGT1LimaVBTEzimaVQRUFDReKZpUZ
  PUuKZpUFMTOKZpVBFQUNF4pmlRk9S4pmlQUxM4pmlIgoKIyBHZXQgdGVybWluYWwg
  ZGltZW5zaW9ucwpjb2xzPSQodHB1dCBjb2xzKQpsaW5lcz0kKHRwdXQgbGluZXMpC
  gojIENhbGN1bGF0ZSB0aGUgbGVuZ3RoIG9mIHRoZSB0ZXh0CnRleHRfbGVuZ3RoPS
  R7I3RleHR9CgojIEhpZGUgdGhlIGN1cnNvcgp0cHV0IGNpdmlzCgojIFRyYXAgQ1RS
  TCtDIHRvIHNob3cgdGhlIGN1cnNvciBiZWZvcmUgZXhpdGluZwp0cmFwICJ0cHV0I
  GNub3JtOyBleGl0IiBTSUdJTlQKCiMgU2V0IGZyZXF1ZW5jeSBzY2FsaW5nIGZhY3R
  vcgpmcmVxPTAuMgoKIyBJbmZpbml0ZSBsb29wIGZvciBjb250aW51b3VzIGFuaW1hd
  Glvbgpmb3IgKCggdD0wOyA7IHQrPTEgKSk7IGRvCiAgICAjIEV4dHJhY3Qgb25lIGN
  oYXJhY3RlciBhdCBhIHRpbWUKICAgIGNoYXI9IiR7dGV4dDp0ICUgdGV4dF9sZW5nd
  Gg6MX0iCiAgICAKICAgICMgQ2FsY3VsYXRlIHRoZSBhbmdsZSBpbiByYWRpYW5zCiA
  gICBhbmdsZT0kKGVjaG8gIigkdCkgKiAkZnJlcSIgfCBiYyAtbCkKCiAgICAjIENhb
  GN1bGF0ZSB0aGUgc2luZSBvZiB0aGUgYW5nbGUKICAgIHNpbmVfdmFsdWU9JChlY2
  hvICJzKCRhbmdsZSkiIHwgYmMgLWwpCgogICAgIyBDYWxjdWxhdGUgeCBwb3NpdGl
  vbiB1c2luZyB0aGUgc2luZSB2YWx1ZQogICAgeD0kKGVjaG8gIigkY29scyAvIDIpIC
  sgKCRjb2xzIC8gNCkgKiAkc2luZV92YWx1ZSIgfCBiYyAtbCkKICAgIHg9JChwcmlu
  dGYgIiUuMGYiICIkeCIpCgogICAgIyBFbnN1cmUgeCBpcyB3aXRoaW4gdGVybWluY
  WwgYm91bmRzCiAgICBpZiAoKCB4IDwgMCApKTsgdGhlbiB4PTA7IGZpCiAgICBpZi
  AoKCB4ID49IGNvbHMgKSk7IHRoZW4geD0kKChjb2xzIC0gMSkpOyBmaQoKICAgICM
  gQ2FsY3VsYXRlIGNvbG9yIGdyYWRpZW50IGJldHdlZW4gMTIgKGN5YW4pIGFuZCAyM
  DggKG9yYW5nZSkKICAgIGNvbG9yX3N0YXJ0PTEyCiAgICBjb2xvcl9lbmQ9MjA4CiA
  gICBjb2xvcl9yYW5nZT0kKChjb2xvcl9lbmQgLSBjb2xvcl9zdGFydCkpCiAgICBjb
  2xvcj0kKChjb2xvcl9zdGFydCArIChjb2xvcl9yYW5nZSAqIHQgLyBsaW5lcykgJSBj
  b2xvcl9yYW5nZSkpCgogICAgIyBQcmludCB0aGUgY2hhcmFjdGVyIHdpdGggMjU2L
  WNvbG9yIHN1cHBvcnQKICAgIGVjaG8gLW5lICJcMDMzWzM4OzU7JHtjb2xvcn1tIiQ
  odHB1dCBjdXAgJHQgJHgpIiRjaGFyXDAzM1swbSIKCiAgICAjIExpbmUgZmVlZCB0b
  yBtb3ZlIGRvd253YXJkCiAgICBlY2hvICIiCgpkb25lCgo= ')"

  When base64-decoded, this bash script appears:

  #!/bin/bash
  # Congratulations! You found the easter egg! ❤
  # おめでとうございます！隠されたサプライズを見つけました！❤
  # Define the text to animate
  text="♥PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥PEACE♥FOR♥ALL♥"
  # Get terminal dimensions
  cols=$(tput cols)
  lines=$(tput lines)
  # Calculate the length of the text
  text_length=${#text}
  # Hide the cursor
  tput civis
  # Trap CTRL+C to show the cursor before exiting
  trap "tput cnorm; exit" SIGINT
  # Set frequency scaling factor
  freq=0.2
  # Infinite loop for continuous animation
  for (( t=0; ; t+=1 )); do
      # Extract one character at a time
      char="${text:t % text_length:1}"
      # Calculate the angle in radians
      angle=$(echo "($t) * $freq" | bc -l)
      # Calculate the sine of the angle
      sine_value=$(echo "s($angle)" | bc -l)
      # Calculate x position using the sine value
      x=$(echo "($cols / 2) + ($cols / 4) * $sine_value" | bc -l)
      x=$(printf "%.0f" "$x")
      # Ensure x is within terminal bounds
      if (( x < 0 )); then x=0; fi
      if (( x >= cols )); then x=$((cols - 1)); fi
      # Calculate color gradient between 12 (cyan) and 208 (orange)
      color_start=12
      color_end=208
      color_range=$((color_end - color_start))
      color=$((color_start + (color_range * t / lines) % color_range))
      # Print the character with 256-color support
      echo -ne "\033[38;5;${color}m"$(tput cup $t $x)"$char\033[0m"
      # Line feed to move downward
      echo ""
  done

  The original encoded text, when executed in my Linux terminal gives a beatiful animation, similar to this:

  

  ---

  After decoding and executing the script, I found other people doing the same:

  • Uniqlo’s Peace For All Easter Egg | leewc
  • GitHub – SeenamZaSodaSingha/UNIQLO_Akamai_TShirt_Base64 · GitHub

  But I swear I decoded it myself first, without any help.

• Fedora Community Blog Fedora Documentation translations not available from March 4th, 2026

  Fedora Documentation translations will be put on hold from March 4th as the Fedora Localization Team has started the process of migration from pagure.io to the Fedora Forge. From the date, translation projects of the documentation (with ‘fedora-docs-l10n’ in name) will be gradually locked on the Fedora translation platform. Translation automation of the Docs website will also be stopped in the Fedora infrastructure. Consequently, there will be no translation updates available in the language versions on the Fedora Documentation.

  The migration involves all repositories which support and ensure the availability of translations of the Fedora Documentation. There is no possibility the migration can be performed ‘on the fly’ as changes in the repositories, related scripts and continuous integration with the translation platform cannot be dealt with independently. Therefore the translation process of the Fedora Documentation is kept on hold.

  We regrettably ask the Fedora contributors, our translation community, to pull back from translating of the Fedora Documentation and wait till the translation automation of the documentation is resumed again.

  The progress of migration can be followed in the localization tracker as issue #52.

  The post Fedora Documentation translations not available from March 4th, 2026 appeared first on Fedora Community Blog.

• Tony Asleson Honey, I Shrunk the Model (Maybe): blk-archive vs AI Data

  Because “It Should Work” Isn’t Data

  After reading about the billions spent on AI infrastructure, I kept wondering: how much of that storage is just… the same bytes over and over? So I decided to find out. As I’m involved with https://github.com/device-mapper-utils/blk-archive I thought it would be good to understand how much storage blk-archive can realistically save when pointed at AI-style datasets.

  Let me be clear upfront: this isn’t a speed test or hardware benchmark. I’m only interested in one question: how many bytes go in, and how many come out?

March 02, 2026

• Adam Young LImiting What an Agent can do

  I do not work with AI tools. This is not advice from experience of working with AI. It is advice from working with access controls in general.
  
  Any agent has responsibility and authority. Responsibility is what it is required to produce. Authority is the set of resources that you provide to that agent. This does not change if the agent is human or automation, and AI agents fall in to that later category.

  
  The way to limit what an agent can do is to allow it access to nothing, and then see what it requests access to. If that resource is reasonable, provide access.
  
  The best example I can point to for a workflow like this is SELinux. When a new program is added to Fedora or comparable OS, it requires and update to the SELinux policy to say what files it can read/write/execute.
  
  To generate this policy, the developer runs the program on a scratch system in permissive mode, and tracks the aces where policy would deny the program access to a resource. The engineer can then look at the set of resources and build a new policy to allow access to those resources, and only those. If one of the requests is suspect, the SELinux policy team is unlikely to accept the updated policy.
  
  You do not require an agent to self-limit access. We don’t trust humans to that, we certainly should not require automation to do that.

  An agent should not be able to make any web request by default. No posts to github/gitlab, or Wells Fargo, or the NSA. Every URL, every Host should be denied until authorized.
  
  However, yes-no access alone may not be sufficient. A request to read or write or make a web call may be perfectly innocuous. And a payment made for a small resource may be perfectly acceptable. But filling up a hard disk, or deleting files, or emptying a bank account are all issues of scale. Any resources that can be exhausted require limits. Quotas are hard, and delegation of quotas to other systems are even harder. But not impossible. I wrote about it a while back: https://adam.younglogic.com/2018/05/tracking-quota/
  
  If your agent is supposed to write code, let it write code in a sandbox. Let the human delegating to the agent take the responsibility of promoting that code to a live system. Do not allow it to delete database schemas that you would not let a human delete.
  

February 28, 2026

• Kevin Fenzi misc fedora bits last week of feb 2026

  

  The year is rolling along, and here we are at the end of Feb.

  Lots of small day to day items

  There were a lot of small day to day investigations and incoming requests, along with a pretty large amount of pull requests for our ansible repo. Since we are in Beta freeze some of them will have to wait, but some we can test out in staging now. It's great to see people submitting fixes and enhancements.

  There were also some small fun to debug issues this week, including:

  • The https://whatcanidoforfedora.org/ site was sometimes alerting that it's ssl cert was expired. Turns out this was caused by that domain having old ip's for 2 proxies that had moved datacenters. So, sometimes it hit those, timed out and the ssl check just assumed it was bad. So, it was DNS. :)

  • The fedorapeople.org web server started being very slow to respond. Turns out the scrapers were hitting the cgit interface there and downloading xz snapshots of every commit. This caused the server to have to try and compress things over and over again. So, for now I just disabled those links and increased resources on the webserver. scrapers continue to keep on giving.

  Secure boot signing work

  Much of my time this week has been spent working on our new secure boot signing workflow. This is really really overdue and something I was hoping to finish mid last year, but things kept coming up and it kept getting pushed back.

  The new setup leverages our existing signing infrastructure (sigul) so there's no need for special build hardware anymore. It also removes some constraints in the existing setup allowing us to do something we have wanted for a long time, namely sign aarch64 boot loader artifacts for secure boot.

  Kudos to Jermey Cline for all his work on the code to make this possible. This uses the siguldry-bridge, rust based server to talk to sigul, and hopfully before too long we can replace the sigul server side with the new rust based server too.

  I got everything deployed, I am now able to sign things, but in testing on my aarch64 laptop, there's still some issue with grub2 that needs to be sorted out. Hopefully it's something not too difficult to track down and we can move to this new setup after beta freeze once and for all.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/116149442549416772

• Porfirio A. Páiz - porfiriopaiz Installing TeX Live 2025 on Fedora: A Minimalist User-Space Guide

  This guide consolidates the steps required to establish a professional-grade LaTeX environment into a single, clean workflow. Following this chronological order ensures that directories exist, dependencies are met, and the environment is correctly configured before the software attempts to utilize them.

  By installing TeX Live in user-space (within ~/.local/opt), we adhere to a minimalist philosophy. This approach avoids cluttering the system root, removes the need for sudo during package management via tlmgr, and ensures you are using the most recent upstream binaries rather than potentially outdated distribution packages.

  ---

  Pre-Installation: System Dependencies

  Fedora's "minimal" Perl and X11 profiles often lack specific libraries required by the TeX Live installer and its graphical management tools. While we aim for a lean system, these Perl modules are essential for the installer's checksum verification and the tlmgr interface.

  Install these requirements using dnf:

  sudo dnf install perl-File-Find perl-File-Copy perl-Digest-MD5 perl-Tk perl-Term-ANSIColor xdotool
  

  ---

  Create the Directory Structure

  We will create a "user-space system" directory. Utilizing ~/.local/opt keeps your home directory organized while mimicking the Linux Filesystem Hierarchy Standard (FHS).

  mkdir -p ~/.local/bin
  

  mkdir -p ~/.local/opt/texlive
  

  ---

  Download and Launch the Installer

  To avoid "checksum mismatch" errors common with unstable local mirrors, we will point the installer directly to the Comprehensive TeX Archive Network (CTAN) global repository.

  cd ~/Downloads
  

  wget http://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz
  

  tar -xzf install-tl-unx.tar.gz
  

  cd install-tl-*
  

  Launch the installer using a reliable global mirror:

  ./install-tl -repository http://mirror.ctan.org/systems/texlive/tlnet/
  

  ---

  Installer Configuration (Text Menu)

  Once the command-line interface menu appears, you must modify specific installation paths to point to your local directories:

  1. Directories (D): Change TEXDIR to: /home/porfirio/.local/opt/texlive/2025
  2. Options (O): * Toggle Paper Size to letter. * Toggle Create symlinks (L) to [X]. * Binaries: /home/porfirio/.local/bin * Manpages: /home/porfirio/.local/share/man * Info: /home/porfirio/.local/share/info
  3. Install (I): Start the process.

  Note

  The full installation can take approximately 3 hours depending on your connection. It is highly recommended to run this inside a tmux session to prevent the installation from terminating if your terminal session disconnects.

  ---

  Post-Installation: Environment Setup

  Fedora needs to be instructed where to find these new binaries. We will create a modular profile script in ~/.bashrc.d/ to keep our ~/.bashrc clean.

  Create the configuration file:

  vi ~/.bashrc.d/texlive.sh
  

  Paste the following content into the file:

  # TeX Live 2025 Path Configuration
  TEX_BIN_PATH="/home/porfirio/.local/opt/texlive/2025/bin/x86_64-linux"
  
  if [ -d "$TEX_BIN_PATH" ]; then
      # Prioritize TeX binaries and your local bin folder
      export PATH="$TEX_BIN_PATH:/home/porfirio/.local/bin:$PATH"
      export INFOPATH="/home/porfirio/.local/opt/texlive/2025/texmf-dist/doc/info:$INFOPATH"
      export MANPATH="/home/porfirio/.local/opt/texlive/2025/texmf-dist/doc/man:$MANPATH"
  fi
  

  Apply the changes to your current session:

  source ~/.bashrc
  

  ---

  Finalizing the Formats

  With the paths set and Perl dependencies satisfied, manually execute the tasks that occasionally fail during the installer's finalization stage due to environment restrictions:

  # Set default paper size
  tlmgr paper letter
  

  # Build the format files (Engines)
  fmtutil-sys --all
  

  ---

  Verification and Troubleshooting

  To ensure your system is ready for document production, perform a "smoke test" by checking the binary location and compiling a dummy document.

  Check the Binary Path

  which pdflatex
  

  This should return a path pointing to your ~/.local/bin/ or ~/.local/opt/ folder rather than /usr/bin/.

  Compile a Test Document

  echo "\documentclass{article}\begin{document}LaTeX 2025 is Live on Fedora!\end{document}" > test.tex
  

  pdflatex test.tex
  

  ---

  Summary of Locations

  For future maintenance on your system, keep these paths in mind:

  • The System Root: ~/.local/opt/texlive/2025/
  • The Binaries/Symlinks: ~/.local/bin/
  • The Configuration: ~/.bashrc.d/texlive.sh
  • The Logs: ~/.local/opt/texlive/2025/texmf-var/web2c/fmtutil.log

  You now have a professional-grade, upstream LaTeX installation that is completely independent of Fedora's system packages, making it easy to back up or migrate to a new machine in the future.

February 27, 2026

• Tim Waugh Patchutils 0.4.5 released

  I have released version 0.4.5 of patchutils and also built it in Fedora rawhide. This is a stability-focused update fixing compatibility issues and bugs, some of which had been introduced in 0.4.4.

  Compatibility Fix: Git Extended Diffs

  Version 0.4.4 added support in the filterdiff suite for Git’s extended diff format. Git diffs without content hunks (such as renames, copies, mode-only changes and binary files) were included in the output. This broke compatibility with 0.4.3.

  For 0.4.5 this functionality is now gated with a --git-extended-diffs=include|exclude parameter. The default for 0.4.x is to exclude files in Git extended diffs with no content. There were also some fixes relating to file numbering for these types of diffs.

  Note: in 0.5.x this default will change to include.

  Status Indictors for grepdiff

  Previously grepdiff --status showed ! for all matching files, but now it correctly reports them as additions (+), removals (-) or modifications (!).

  As always, bug reports and feature requests are welcome on GitHub. Thanks to everyone who reported issues and helped to test fixes!

  The post Patchutils 0.4.5 released appeared first on PRINT HEAD.

• Fedora Community Blog Community Update – Week 9, 2026

  This is a report created by CLE Team, which is a team containing community members working in various Fedora groups for example Infrastructure, Release Engineering, Quality etc. This team is also moving forward some initiatives inside Fedora project.

  Week: 20 Feb – 27 Feb 2026

  Fedora Infrastructure

  This team is taking care of day to day business regarding Fedora Infrastructure.
  It’s responsible for services running in Fedora infrastructure.
  Ticket tracker

  • Migration of pagure.io repositories continues
  • Ansible repository now has CI running in runner
  • Resolved errors on dist-git that were spamming sysadmin-main mailbox – ticket

  CentOS Infra including CentOS CI

  This team is taking care of day to day business regarding CentOS Infrastructure and CentOS Stream Infrastructure.
  It’s responsible for services running in CentOS Infratrusture and CentOS Stream.
  CentOS ticket tracker
  CentOS Stream ticket tracker

  • Fix `automotive10s-packages-main-el10s-build` inheritance to inherit from `autosd10s-packages-main-release`
  • Extend underlying storage for OKD/SCoS deliverables
  • Add kernel-rpm-macros to the buildroot of automotive10s-packages-main-el10s-build
  • Rebase/align mailman3 packages stack for el 9.7
  • Clarify debuginfod.centos.org Stream 8 usage (and take action)
  • Investigate current hardware situation

  Release Engineering

  This team is taking care of day to day business regarding Fedora releases.
  It’s responsible for releases, retirement process of packages and package builds.
  Ticket tracker

  • Release engineering is currently in Beta Freeze.
  • Releng has provided the first beta release candidate after the QE request.
  • Request for creating detached signature has been handled by Samyak for ignition 2.26.0 release.

  RISC-V

  This is the summary of the work done regarding the RISC-V architecture in Fedora.

  • Continued to go through the list of packages to investigate (failing to build; requires patching, and more).
    • Got a PR merged for ‘libkrunfw’ (a low-level library for process isolation) and built it in RISC-V Koji; Marcin (“hrw”) also got a couple more merged.
  • Work is progressing well on Fedora RISC-V unified kernels (Jason Montleon is doing most of the heavy-lifting here).  Currently hosted in Copr.

  AI

  This is the summary of the work done regarding AI in Fedora.

  • Worked on the AI-powered This Week in Fedora.
  • Updated ai-code-review to use Gemini 3.1 Pro by default
  • Nexus team: interesting experience using Claude to refactor fedora-easy-karma, on review we found it made multiple unrequested functionality changes which complicated the review, after discussion decided to re-prompt it to avoid functionality changes

  QE

  This team is taking care of quality of Fedora. Maintaining CI, organizing test days
  and keeping an eye on overall quality of Fedora releases.

  • Fedora 44 Beta testing in full swing
  • Kernel 6.19 test week in progress, please contribute
  • Help wanted: if anyone can help figure out why F44 boot occasionally just hangs for no very obvious reason that’d be great (details in bug)

  Forgejo

  This team is working on introduction of https://forge.fedoraproject.org to Fedora
  and migration of repositories from pagure.io.

  • Create and present Fedora -> Forgejo efforts during FOSDEM 2026 Distributions Devroom [Video] [Followup]
  • Pagure migration doc: add follow-up checklist based on Nexus team’s [Review]
  • Create new organisation and namespace on Fedora Forge for Fedora Join [Followup] [Namespace]
  • Rename “translations” into “localization-docs” [Followup][Namespace]
    • Remedy mapping after renaming translations to localization-docs [Commit]
  • Migrating NeuroFedora SIG [Followup][Namespace][Update]
    • Perform mapping for NeuroFedora SIG teams and groups [Commit] [Followup]
  • New Organization and Teams Request: Fedora KDE [Followup][Triaged]
    • Perform mapping for Fedora KDE teams and groups [Commit]
  • REST API: Create private issue & foundational work [Followup]
  • Runner for forge organization [Followup]
  • Refactor the ansible-role-forgejo-runner role task now configured and deploy the runners using ansible-pull 
  • Clean out the spam from Pagure.io [Followup]
  • Refactor internal APIs for public vs. private issue identity [Followup][Feature]

  EPEL

  This team is working on keeping Epel running and helping package things.

  • Completed EPEL 10.2 mass branching in preparation for the upcoming RHEL 10.2 release (announcement)

  UX

  This team is working on improving User experience. Providing artwork, user experience,
  usability, and general design services to the Fedora project

  • Madeline’s  F45 Wallpaper Process Update:  blog post / discussion post
  • The Fedora Design Team has switched to using Google Meet for our weekly meetings to utilise Gemini for note-taking. Discussion took place on this ticket and on our weekly call. Updated Fedocal entry can be found here. 
  • Forgejo migration: Sprint board created, tickets currently being imported, remaining assets currently being imported / reorganised.

  If you have any questions or feedback, please respond to this report or contact us on #admin:fedoraproject.org channel on matrix.

  The post Community Update – Week 9, 2026 appeared first on Fedora Community Blog.

• Guillaume Kulakowski Mise en place d’Anubis sur l’instance Scaleway de Fedora-Fr

  Pour rappel, l’architecture de Fedora-Fr repose sur un VPS, ou plutôt une Instance, comme l’appelle Scaleway. Cette machine (virtuelle) correspond à nos besoins actuels et nous est gracieusement fournie par notre partenaire Scaleway. Côté sécurité, nous utilisons le firewall natif proposé par Scaleway, appelé Security Groups. Nous n’avons pas activé le WAF, car je n’ai […]

• Remi Collet 🎲 PHP version 8.4.19RC1 and 8.5.4RC1

  Release Candidate versions are available in the testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for parallel installation, the perfect solution for such tests, and as base packages.

  RPMs of PHP version 8.5.4RC1 are available

  • as base packages in the remi-modular-test for Fedora 42-44 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  RPMs of PHP version 8.4.19RC1 are available

  • as base packages in the remi-modular-test for Fedora 42-44 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  ℹ️ The packages are available for x86_64 and aarch64.

  ℹ️ PHP version 8.3 is now in security mode only, so no more RC will be released.

  ℹ️ Installation: follow the wizard instructions.

  ℹ️ Announcements:

  • PHP 8.5.4RC1 available for testing
  • PHP 8.4.19RC1 available for testing

  Parallel installation of version 8.5 as Software Collection:

  yum --enablerepo=remi-test install php85

  Parallel installation of version 8.4 as Software Collection:

  yum --enablerepo=remi-test install php84

  Update of system version 8.5:

  dnf module switch-to php:remi-8.5
  dnf --enablerepo=remi-modular-test update php\*

  Update of system version 8.4:

  dnf module switch-to php:remi-8.4
  dnf --enablerepo=remi-modular-test update php\*

  ℹ️ Notice:

  • version 8.5.4RC1 is in Fedora rawhide for QA
  • EL-10 packages are built using RHEL-10.1 and EPEL-10.1
  • EL-9 packages are built using RHEL-9.7 and EPEL-9
  • EL-8 packages are built using RHEL-8.10 and EPEL-8
  • oci8 extension uses the RPM of the Oracle Instant Client version 23.9 on x86_64 and aarch64
  • intl extension uses libicu 74.2
  • RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
  • versions 8.4.19 and 8.5.4 are planed for March 12th, in 2 weeks.

  Software Collections (php84, php85)

  

  

  Base packages (php)

  

  

February 26, 2026

• Richard W.M. Jones Veritasium

  I was interviewed on Veritasium about the rise of Linux and the XZ hack.

February 25, 2026

• Cockpit Project Cockpit 357

  Cockpit is the modern Linux admin interface. We release regularly.

  Here are the release notes from Cockpit 357, cockpit-files 37, cockpit-machines 350 and cockpit-podman 123:

  Show browser context menu when holding Shift

  To help with accessibility and user-specific items in your browser context menu we now follow the behavior seen in Firefox: holding the Shift key while right-clicking will skip our own context menu and instead follow the default behavior of your browser. Note that while Cockpit Files uses the Cockpit context menu it did not receive this update before the release, but will get it for the for next one.

  Machines: Support for kernel boot arguments when creating VMs

  Cockpit now supports the --extra-args option of virt-install. This allows you to pass arguments to the kernel when the installer is booted during the creation of a new virtual machine. Installers like Anaconda and Agama can be controlled in various ways via these arguments.

  Thanks to Nykseli for this contribution!

  Podman: Show description, version and documentation image labels

  The image details tab now shows a select set of labels from the OpenContainers Annotations specification.

  

  Try it out

  Cockpit 357, cockpit-files 37, cockpit-machines 350 and cockpit-podman 123 are available now:

  • For your Linux system

  • Cockpit Client

  • Cockpit Source Tarball
  • Cockpit Fedora 43
  • Cockpit Fedora 42
  • cockpit-files Source Tarball
  • cockpit-files Fedora 43
  • cockpit-files Fedora 42
  • cockpit-machines Source Tarball
  • cockpit-machines Fedora 43
  • cockpit-machines Fedora 42
  • cockpit-podman Source Tarball
  • cockpit-podman Fedora 43
  • cockpit-podman Fedora 42

February 24, 2026

• Remi Collet 📝 Install PHP 8.5 on Fedora, RHEL, CentOS Stream, Alma, Rocky or other clone

  Here is a quick howto upgrade default PHP version provided on Fedora, RHEL, CentOS, AlmaLinux, Rocky Linux or other clones with latest version 8.5.

  You can also follow the Wizard instructions.

   

  Architectures:

   

  The repository is available for x86_64 (Intel/AMD) and aarch64 (ARM).

   

  Repositories configuration:

   

  On Fedora, standards repositories are enough, on Enterprise Linux (RHEL, CentOS) the Extra Packages for Enterprise Linux (EPEL) and Code Ready Builder (CRB) repositories must be configured.

  Fedora 44

  dnf install https://rpms.remirepo.net/fedora/remi-release-44.rpm
  

  Fedora 43

  dnf install https://rpms.remirepo.net/fedora/remi-release-43.rpm
  

  Fedora 42

  dnf install https://rpms.remirepo.net/fedora/remi-release-42.rpm
  

  RHEL version 10.1

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm
  subscription-manager repos --enable codeready-builder-for-rhel-10-x86_64-rpms
  

  RHEL version 9.7

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm
  subscription-manager repos --enable codeready-builder-for-rhel-9-x86_64-rpms
  

  RHEL version 8.10

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
  subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
  

  Alma, CentOS Stream, Rocky version 10

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm
  crb install
  

  Alma, CentOS Stream, Rocky version 9

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm
  crb install
  

  Alma, Rocky version 8

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
  crb install
  

   

  PHP module usage

   

  With Fedora and EL, you can simply use the remi-8.4 stream of the php module

  With Fedora (dnf5 has partial module support)

  dnf module reset php
  dnf module enable php:remi-8.5
  dnf install php-cli php-fpm php-mbstring php-xml

  Other distributions (dnf4)

  dnf module switch-to php:remi-8.5/common

   

  PHP upgrade

   

  By choice, the packages have the same name as in the distribution, so a simple update is enough:

  dnf update

  That's all :)

  $ php -v
  PHP 8.5.3 (cli) (built: Feb 10 2026 18:25:51) (NTS gcc x86_64)
  Copyright (c) The PHP Group
  Built by Remi's RPM repository  #StandWithUkraine
  Zend Engine v4.5.3, Copyright (c) Zend Technologies
      with Zend OPcache v8.5.3, Copyright (c), by Zend Technologies
  

   

  Known issues

  The upgrade can fail (by design) when some installed extensions are not yet compatible with  PHP 8.5.

  See the compatibility tracking list: PECL extensions RPM status

  If these extensions are not mandatory, you can remove them before the upgrade; otherwise, you must be patient.

  Warning: some extensions are still under development, but it seems useful to provide them to upgrade more people and allow users to give feedback to the authors.

   

  More information

  If you prefer to install PHP 8.5 beside the default PHP version, this can be achieved using the php85 prefixed packages, see the PHP 8.5 as Software Collection post.

  You can also try the configuration wizard.

  This is also documented as the community way to install PHP 8.5 on the official PHP web site.

  The packages available in the repository were used as sources for Fedora 44.

  By providing a full feature PHP stack, with about 150 available extensions, 11 PHP versions, as base and SCL packages, for Fedora and Enterprise Linux, and with 300 000 downloads per day, the remi repository became in the last 21 years a reference for PHP users on RPM based distributions, maintained by an active contributor to the projects (Fedora, PHP, PECL...).

  See also:

  • Posts RSS feed (version announcements)
  • Comments RSS feed
  • Repository RSS feed (example for EL-10, php 8.5)
  • Install PHP 8.4 on Fedora RHEL CentOS Alma Rocky or other clone
  • Install PHP 8.3 on Fedora RHEL CentOS Alma Rocky or other clone
  • Install PHP 8.2 on Fedora RHEL CentOS Alma Rocky or other clone

February 22, 2026

• Nazi.Compare First speech of Chanellor Hitler, Andreas Tille & Debian denounce Branden Robinson

  Hitler became Chancellor of Germany in January 1933.

  On 10 February 1933, Hitler gave his first official speech as Chancellor.

  He used the occasion to attack his predecessors for everything that had transpired against German interests since the end of World War One.

  Many copies of the speech are available online:

  That’s what Germany looks like today! Under the rule of these parties who have ruined our Volk for fourteen years. The only question is, for how much longer?

  ...

  And this brings us thus to our sixth item, clearly the goal of our struggle: the preservation of this Volk and this soil, the preservation of this Volk for the future, in the realization that this alone can constitute our reason for being.

  The word Volk, which means People or Population, appears forty two times in the speech.

  On 10 February 2026, the Debianist leader Andreas Tille reprimanded one of his predecessors G. Branden Robinson, just as Adolf Hitler had reprimanded the predecessors who ruled Germany in the fourteen years before the Nazis took power.

  While Hitler claimed to represent the Volk / People, Andreas Tille claims to represent the user, whoever that is, in this spiteful reply:

  ... directly harms our ability to serve our users

  ...

  the project owes first and foremost to its users.

  ...

  Andreas Tille was, on two successive occasions, elected on Hitler's birthday. Go figure.

  Read more about Nazi comparisons.

February 21, 2026

• Kevin Fenzi misc fedora bits 3nd week of feb 2026

  

  Well, another saturday, time for another bit of longer form recapping what has been going on in fedora infrastructure and other areas for me.

  Infrastructure Fedora 44 Beta freeze

  We started the beta freeze in infrastructure. This is to make sure that we don't cause any problems for the release building and distributing pipeline. We require some acks for any changes to things that might impact those things until the day after the Beta is released.

  I think this has served us fine over the years. Every once in a while I wonder if we could just stop doing it as we are usually pretty good about not breaking things day to day, but having the extra eyes on changes and slowing down a bit is a good thing I think.

  Forge migrations

  We have been busy working on migrating things from pagure.io to forge.fedoraproject.org. On tuesday just before the freeze we finally got our ansible repo moved over. I've really been looking forward to this as the review interface in forgejo is a good deal nicer than the pagure one. I've already used it to great effect.

  We do still have a few more things to migrate, but overall it's moving along nicely.

  Last bits of rdu2-cc move

  We finally finished off the last things (at least that I am aware of) for things we moved in last december from rdu2-cc to rdu3.

  There was a very strange and difficut to figure out problem for copr builders on ipv6 that I wasn't able to track down, but luckily Pavel worked with networking and finally did so! It seems to have been a odd caching bug in the switches. Hopefully it's now gone once and for all.

  There was some hardware issues to sort out: some bad network cards that had to be replaced, a machine that didn't actually move when it was supposed to, etc.

  Anyhow I hope all that work is all finally done.

  signing work

  Finally got back to deploying / testing the new signing path for secure boot signing. I got it all deployed, just need to get things tested now and hopefully we can switch over after the freeze.

  This should hopefully allow us to sign aarch64 kernels for secure boot as well as removing reliance on an old smart card for signing.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/116110354434738317

• Guillaume Kulakowski Pourquoi j’ai basculé de Portainer vers Arcane pour gérer les conteneurs sur le NAS

  Si tu me lis un peu, tu sais que j’ai une attitude assez pragmatique vis-à-vis de mes outils. Je n’aime pas changer pour changer, mais je n’hésite pas non plus à bouger quand une solution stagne trop ou prend une direction qui ne me plaît pas. Récemment, j’ai d’ailleurs confirmé mon choix de rester sous […]

February 20, 2026

• Felipe Borges GNOME is participating in Google Summer of Code 2026!

  Potential GSoC contributors may reach out with questions about our project ideas or GNOME internships in general. Please direct them to gsoc.gnome.org to learn more.

  You can find our proposed project ideas at gsoc.gnome.org/2026.

  Project proposal submissions are open from March 16th to 31st.

February 19, 2026

• Allan Day GNOME Foundation Update, 2026-02-19

  Welcome to another GNOME Foundation update post, covering highlights from the past two weeks (this week and last week). It’s been a busy time, particularly due to conference planning and our upcoming audit – read on to find out more!

  Linux App Summit 2026

  We were thrilled to be able to announce the location and dates of this year’s Linux App Summit this week. The conference will happen in Berlin on the 16th and 17th of May, at Betahaus Berlin. More information is available on the LAS website.

  As usual, we are very pleased to be collaborating with KDE on this year’s LAS. Our partnership on LAS has been a real success that we hope to continue.

  Travel sponsorship for LAS 2026 is available for Foundation members through the Travel Committee, so head over to the travel page if you would like to attend and need financial support.

  February’s Board meeting

  The Board of Directors it’s regular monthly meeting last week, on 9th February. Highlights from the meeting included:

  • We finally caught up on our minutes, approving the minutes from a total of nine meetings. This was a big relief, and hopefully we will be able to stay on top of the minutes now that we’re caught up.
  • The Board was thrilled to formally add Nirbheek Chauhan as a member of the Travel Committee. Many contributors will know Nirbheek as a longstanding GStreamer hacker, and he’s already been doing some great work to help with travel. Thanks Nirbheek!
  • The Board approved a new document retention and destruction policy, which is something that we are encouraged to have by regulators.
  • I gave an update on the operational highlights from the last month, including fundraising, conference planning, and audit preparation.
  • The Board considered a proposal for an exciting new program that we’re hoping to launch very soon. More details to follow soon.

  The next Board meeting is scheduled for March 9th.

  Audit submissions

  As I’ve mentioned in previous updates, the GNOME Foundation is due to be audited very soon. This is a routine occurrence for non-profits like us, but this is our first formal audit, so there’s a good deal of learning and setup to be done.

  Last week was the deadline to submit all the documentation for the audit, which meant that many of us were extremely busy finalising numbers, filling in spreadsheets, and tidying up other documentation ready to send it all to the auditors.

  Our finance team *really* went the extra mile for us to get everything ready on time, so I’d like to give them a huge thank you for helping us out.

  The audit inspection itself will happen in the first week of March, so preparations continue, as we assemble and organise our records, update our policies, and so on.

  GUADEC 2026

  Planning for this summer’s conference has continued over the past two weeks. In case you missed it, the location and dates have been announced, and accommodation bookings are open at a reduced rate. In the background we are gearing up to open the call for papers, and the sponsorship effort is on its way. Now is a good time to start thinking about any talk proposals that you’d like to submit.

  Membership certificates

  A cool community effort is currently underway to provide certificates for GNOME Foundation members. This is a great idea in my opinion, as it will allow contributors to get official recognition which can be used for job applications and so on. More volunteers to help out would definitely be welcome.

  That’s it for this week. Thanks for reading, and feel free to ask questions in the comments.

February 18, 2026

• Kiwi TCMS Community Edition Explained

  This page explains what Kiwi TCMS Community Edition is, how it ships and what risks are associated with it. Please read about the details below.

  What is Kiwi TCMS Community Edition

  This is the official version of the Kiwi TCMS application as produced by our own team with the help of many contributors. It may also be referred to upstream or the community edition version and comes packaged as a container image which is publicly available and can be downloaded via the docker pull pub.kiwitcms.eu/kiwitcms/kiwi command!

  Who is this for

  Community Edition is suitable for developers, teams and organizations which are happy to run Kiwi TCMS without any warranty and safeguards for development, testing and even production purposes!

  What do you get

  You get access the publicly available container image; public documentation and source code but not much else!

  What do all of the individual items mean

  Upstream container image: Kiwi TCMS is packaged as a single container image. See Running Kiwi TCMS as a container to get started!

  Only x86_64 build: the community edition container is built on Linux, suitable for Intel/AMD 64bit processors only.

  No version tags: the community edition container is always the latest version! There are no other versions available!

  GPL-2.0 license: Kiwi TCMS is an open source software, with very long history, with its primary core licensed under the GNU GPL-2.0 license!

  No warranty: the community edition version of Kiwi TCMS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

  EthicalAds: the community edition version of Kiwi TCMS comes with built-in advertisement from EthicalAds rewards from which are paid out to opencollective.com/kiwitcms for transparency.

  You assume all risk: you must understand and accept that open source comes with associated risks. To name just a few: our team disappears and stops development; security issues stay unresolved; code slowly becomes outdated & may incur technical debt in the case of one-off patches! All of these have happened in the past with the predecessor of what is now Kiwi TCMS.

  There is no charge but please understand that software isn't zero cost! You pay for it indirectly with time and effort invested in engineering, operations, maintenance and resolving any issues which may arise from the use of said software, regardless of whether it is open source or not!

  IMPORTANT: open source and Kiwi TCMS by extension, provide you with more options when it comes to mitigating risks and cost compared to proprietary software. However the easiest way to secure the future of Kiwi TCMS is to become a customer and help us sustain development!

  Happy Testing!

  ---

  If you like what we're doing and how Kiwi TCMS please help us!

  • Give â­� on GitHub;
  • Join our newsletter and follow all project news;
  • Become a contributor and an awesome open source hacker;
  • Become a customer and help us sustain development

February 17, 2026

• Kiwi TCMS Private Tenant Extras Subscription Explained

  This page explains what Private Tenant Extras is and how it brings more value to your existing Kiwi TCMS subscription. Please read about the details below.

  What is Private Tenant Extras by Kiwi TCMS

  This is an optional subscription tier which combines our existing Private Tenant SaaS hosting with access to the underlying data in its raw format!

  IMPORTANT: any Private Tenant subscription with unit count > 1 entitles you to this Extras add-on! Please contant support for setup!

  Who is this subscription for

  Private Tenant Extras is suitable for teams using the SaaS version of Kiwi TCMS which require access to their underlying data in machine readable format!

  What do you get

  Everything from lower tier subscription plans plus access to a database and file exports in case you would like to keep your own backup copy or provide in-house integration with other tools.

  What do all of the individual items mean

  Raw SQL database export: you will receive a database export in SQL format, suitable for the Postgres database engine. It includes all tables which constitute your own namespace under the *.tenant.kiwitcms.org domain name. This also includes information about user accounts authorized to access your tenant!

  IMPORTANT: due to technical and security limitations we cannot give you direct access to the underlying database cluster in real-time!

  File uploads included: means exactly that - all attachments uploaded to your private tenant will be included as part of this subscription!

  Encrypted access: all data we export is stored encrypted and may be accessed using the popular open source tool restic. We will provide you with read-only level access and an unique public/private keypair!

  IMPORTANT:

  • Export frequency: 1/day (max 3/day)
  • Exports on disk: last 3 days
  • Retention period: 7 days

  Storage region of your choice: means that we can publish to a geographic region and data center of your choice. Exact locations are subject to availability.

  NOTE: At the time of writing our preferred storage backend is Amazon S3.

  Happy Testing!

  ---

  If you like what we're doing and how Kiwi TCMS please help us!

  • Give â­� on GitHub;
  • Join our newsletter and follow all project news;
  • Become a contributor and an awesome open source hacker;
  • Become a customer and help us sustain development

February 16, 2026

• Pravin Satpute The Performance and Scale Booth at DevConf 2026

  

  
  This initiative was initially proposed by Jaison Raju, who had successfully organized a similar booth at DevConf 2025. As Jaison was unavailable to lead this year, he requested that I take charge of the effort.
  
  Despite an already demanding schedule, my commitment to continuing this valuable presence led me to accept the leadership role.I attended a Booth Organizers meeting with Rajan Shah to establish a clear understanding of the necessary tasks and responsibilities.
  
  From the wide array of projects within Performance and Scale meetup, we decided to feature the Krkn project for the booth, given its recent inclusion in the CNCF organization.
  
  Further information regarding the Krkn project is available here: Link.
  
  Darshan Jain, who recently began working on Krkn, demonstrated exceptional dedication to the booth's success. He took the lead on critical tasks, including planning the presentation slides, recording demonstrations, and onboarding Shashank Kestwal as a member of the booth staff.
  
  

  

  On the day of the event, a parallel talk on the LogAn project was also scheduled: Link. I had initially planned for Darshan and Shashank to manage the booth while I attended the LogAn talk. However, the impressive level of engagement and attendance at the Krkn booth prompted me and Nikhil Jain to join the staff. This provided an opportunity for stimulating discussions covering Krkn, general performance and scale topics, guidance on contributing to open source, and various other subjects.

  

  Booth swag is often an essential component of these events. Unfortunately, a shortage of Performance and Scale stickers necessitated an alternative, and we opted to distribute chocolates as our promotional item, coincidentally aligning with Valentine's Day. This solution proved to be well-received by attendees.
  
  I extend my gratitude to Krishna Magar, Aman Vishwakarma, 

  Rajaditya Chauhan and Nikhil Jain for their presence and support at the booth.

  
  Significant credit is due to Darshan Jain for the meticulous planning and smooth execution of the booth, and to Shashank Kestwal for his excellent support from planning to execution.

February 14, 2026

• Kevin Fenzi misc fedora bits 2nd week of feb 2026

  

  Another weekly recap of happenings around fedora for me.

  Strange long httpd reload times on proxy11

  I spent a fair bit of time looking at one of our proxies. We have them all to a reload (aka 'graceful restart') every hour when we update a ticketkey on them. For the vast majority of them, thats fine and works as expected. However, proxy11 decided to start taking a while (like 12-15seconds) to reload, causing our monitoring to alert that it was down... then back up.

  In the end, it seemed the problem was somehow related to some old tls certificates that were present, but not used anywhere. All I can think of is that it's doing some kind of parsing of all certs and somehow those old ones cause it undue processing time. I removed those old certs and reload times went way back down again.

  I'm tempted to try and figure out what it's doing exactly here, but I already spent a fair bit of time on it and it's working again now, so I guess I will just shrug and move on.

  Anubis and download servers

  A while back I had to hurredly deploy anubis in front of our download servers. This was due to the scrapers deciding to just download every rpm / iso from every fedora release since the dawn of time at a massive concurrency. This was saturating one of our 10G links completely, and making another somewhat full. So, I deployed anubis and it dropped things back to 'normal' again.

  Fast forward to this last week, and my rush in deploying anubis came back to bite me. We have a cloudfront distribution that uses our download servers as it's 'origin'. Then we point all aws network blocks to use that for any fedora instances in aws. This is a win for us as then everything for them is cached on the aws side saving bandwith, and a win for aws users as that traffic is 'local' to them so faster and doesn't cause them to need to be billed for ingress either.

  Last week, anubis started blocking CloudFront, so uses in aws would get a anubis challenge page instead of the actual content they were expecting. But why did it this just happen now? well, as near as I could determine, someone/scrapers were hitting the CloudFront endpoints and crawling our download server (fine, no problem there), but then they hit a directory that they handled poorly.

  The directory was used/last updated about 11 years ago with a readme file explaining that the content was moved and no longer there. Great. However, also it had previous subdirectories as links to '.' (ie, the current directory). Since scrapers don't use any of the 20 years of crawling code, and instead just brute force things, this resulted in a bunch of requests like:

  GET /foo/ GET /foo/foo/ GET /foo/foo/foo/

  and so on. These are all really small (just a directory listing), so that meant it could make requests really really fast. So, after some point anubis started challenging those CloudFront connections and boom.

  So, the problem with the hurred deployment I had made there was that The policy file I had deployed was not actually being used. I had allowed CloudFront, but it didn't seem to help any, and it took me far too long to figure out that anubis was starting up, printing one error about not being able to read the policy file and just running with the default configuration. ;( It turned out be a podman/selinux interaction and is now fixed.

  I also removed those . links and set that directory tree to just 403 all requests to it.

  Anubis and forge

  Also this week, folks were reporting problems with our new forgejo forge. Anubis was doing challenges when people were trying to submit comments and it was messing them up.

  In the end here, I just needed to adjust the config to allow POSTs through. At least right now scrapers aren't doing any POSTS and just allowing those seems to fix the issues people were having.

  Some more scrapers

  Friday we had them hitting release-monitoring.org. This time it was what I am calling a 'type 0' scraper. It was all coming from one cloud ip and I could just block them.

  This morning a bit ago, we had a group hit/find the 'search' button on koji.fedoraproject.org, taking it offline. I was able to block the endpoint for a few hours and they went away, but no telling if they will be back. These were the 'type 2' kind (botnet using users ip's/browsers from 100's of thousands of different ips).

  I am sad that the end game here sounds like there's not going to be so much of a open internet anymore. ie, for self defense sites will all have to go to requiring registration of some kind before working. I can only hope business models change before it comes to that.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/116070476999694239

February 13, 2026

• Dave Airlie drm subsystem AI patch review

  This topic came up at kernel maintainers summit and some other groups have been playing around with it, particularly the BPF folks, and Chris Mason's work on kernel review prompts[1] for regressions. Red Hat have asked engineers to investigate some workflow enhancements with AI tooling, so I decided to let the vibecoding off the leash.

  My main goal:

  - Provide AI led patch review for drm patches

  - Don't pollute the mailing list with them at least initially.

  This led me to wanting to use lei/b4 tools, and public-inbox. If I could push the patches with message-ids and the review reply to a public-inbox I could just publish that and point people at it, and they could consume it using lei into their favorite mbox or browse it on the web.

  I got claude to run with this idea, and it produced a project [2] that I've been refining for a couple of days.

  I started with trying to use Chris' prompts, but screwed that up a bit due to sandboxing, but then I started iterating on using them and diverged.

  The prompts are very directed at regression testing and single patch review, the patches get applied one-by-one to the tree, and the top patch gets the exhaustive regression testing. I realised I probably can't afford this, but it's also not exactly what I want.

  I wanted a review of the overall series, but also a deeper per-patch review. I didn't really want to have to apply them to a tree, as drm patches are often difficult to figure out the base tree for them. I did want to give claude access to a drm-next tree so it could try apply patches, and if it worked it might increase the review, but if not it would fallback to just using the tree as a reference.

  Some holes claude fell into, claude when run in batch mode has limits on turns it can take (opening patch files and opening kernel files for reference etc), giving it a large context can sometimes not leave it enough space to finish reviews on large patch series. It tried to inline patches into the prompt before I pointed out that would be bad, it tried to use the review instructions and open a lot of drm files, which ran out of turns. In the end I asked it to summarise the review prompts with some drm specific bits, and produce a working prompt. I'm sure there is plenty of tuning left to do with it.

  Anyways I'm having my local claude run the poll loop every so often and processing new patches from the list. The results end up in the public-inbox[3], thanks to Benjamin Tissoires for setting up the git to public-inbox webhook.

  I'd like for patch submitters to use this for some initial feedback, but it's also something that you should feel free to ignore, but I think if we find regressions in the reviews and they've been ignored, then I'll started suggesting it stronger. I don't expect reviewers to review it unless they want to. It was also suggested that perhaps I could fold in review replies as they happen into another review, and this might have some value, but I haven't written it yet. If on the initial review of a patch there is replies it will parse them, but won't do it later. 

  [1]  https://github.com/masoncl/review-prompts

  [2] https://gitlab.freedesktop.org/airlied/patch-reviewer

  [3] https://lore.gitlab.freedesktop.org/drm-ai-reviews/

• Remi Collet ⚙️ PHP version 8.4.18 and 8.5.3

  RPMs of PHP version 8.5.3 are available in the remi-modular repository for Fedora ≥ 42 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  RPMs of PHP version 8.4.18 are available in the remi-modular repository for Fedora ≥ 42 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  ℹ� These versions are also available as Software Collections in the remi-safe repository.

  ℹ� The packages are available for x86_64 and aarch64.

  ℹ� There is no security fix this month, so no update for versions 8.2.30 and 8.3.30.

  Version announcements:

  • PHP 8.5.3 Release Annoucement
  • PHP 8.4.18 Release Annoucement

  ℹ� Installation: Use the Configuration Wizard and choose your version and installation mode.

  Replacement of default PHP by version 8.5 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.5/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.5
  dnf update
  

  Parallel installation of version 8.5 as Software Collection

  yum install php85

  Replacement of default PHP by version 8.4 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.4/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.4
  dnf update
  

  Parallel installation of version 8.4 as Software Collection

  yum install php84

  And soon in the official updates:

  • Fedora Rawhide now has PHP version 8.5.3
  • Fedora 44 - PHP 8.5.3
  • Fedora 43 - PHP 8.4.18
  • Fedora 42 - PHP 8.4.17

  ⚠� To be noticed :

  • EL-10 RPMs are built using RHEL-10.1
  • EL-9 RPMs are built using RHEL-9.7
  • EL-8 RPMs are built using RHEL-8.10
  • intl extension now uses libicu74 (version 74.2)
  • mbstring extension (EL builds) now uses oniguruma5php (version 6.9.10, instead of the outdated system library)
  • oci8 extension now uses the RPM of Oracle Instant Client version 23.26 on x86_64 and aarch64
  • A lot of extensions are also available; see the PHP extensions RPM status (from PECL and other sources) page

  ℹ� Information:

  • Migrating from PHP 8.2.x to PHP 8.3.x
  • Migrating from PHP 8.3.x to PHP 8.4.x
  • Migrating from PHP 8.4.x to PHP 8.5.x

  Base packages (php)

  

  

  Software Collections (php83 / php84 / php85)

  

  

   

February 11, 2026

• Cockpit Project Cockpit 356

  Cockpit is the modern Linux admin interface. We release regularly.

  Here are the release notes from Cockpit 356:

  Services: Timers created by Cockpit run shell commands and can be edited

  The systemd timer units created by Cockpit now run their command via the shell. Previously, the text you entered into the “Command” field was used directly for the ExecStart value in the systemd service unit for the timer, and was thus subject to systemd specifier expansion and other idiosyncrasies. Now the text you enter is executed directly by /bin/sh.

  Systemd timer units that have been created by this version of Cockpit (or later) can now also be edited in Cockpit.

  Thanks to Miguel Ribeiro for contributing this feature!

  Try it out

  Cockpit 356 is available now:

  • For your Linux system

  • Cockpit Client

  • Cockpit Source Tarball
  • Cockpit Fedora 43
  • Cockpit Fedora 42

February 10, 2026

• Tim Waugh Zettelkasten on a Supernote

  I love the Ratta Supernote e-ink devices. They are a delight to use for writing, planning and all sorts of things. Writing things out by hand helps me connect with them on a deeper level because I need to choose the words more carefully than I would when typing, simply because of the speed difference. The Supernote’s onboard handwriting recognition works really well for my handwriting style.

  At work I also love using Logseq, an open source personal knowledge management tool and outliner. I use it to write down things I learn and ideas I have, then connect things together in interesting ways in order to gain deeper understanding.

  That’s the experience I wanted on the Supernote. Then I discovered Zettelkasten and knew it was what I wanted to use. ZK is a paper-based method and there have been adaptations to all sorts of environments, both physical and virtual. When I started I found it difficult to figure out how to make it feel native on a Supernote.

  I also knew I wanted to be able to export my Supernote Zettelkasten as text in case I wanted to process it on a computer in different ways, or even run an AI assistant on it.

  My first attempt was pretty messy! I’d create a new handwritten notebook file for each idea. Each filename had a timestamp (pre-filled by Supernote when you create a new file) along with a short title.

  I found pysn-digest, a tool which is able to convert Supernote notebooks into Markdown files. So I worked out an elaborate system in which each notebook (each idea) had a level one heading for the title, then level two headings for metadata field names like “type” or “relates to”, then a level one heading again to start the content. The filenames were handwritten (timestamps and all) and I made them links to the idea files. It was really process-heavy and I didn’t stick with it for long before realising I needed to improve it.

  

  Many months later I have evolved this system into a framework I’m really pleased with. It uses only level one headings and all the ideas can be in a single notebook (or split across notebooks if preferred). There are no complicated timestamps or numbering systems, only unique titles.

  Idea notes can link together arbitrarily but also cluster together neatly, as well as nest as deeply as I need them to. I don’t have to keep to the Supernote’s native limit of four heading levels. And thanks to a system of templates and stickers I designed, I can easily see how deep in the tree I am, even from the pages overview. This means it is fast to insert a new idea note into the right place.

  I’ve called it Slipstream. If you have a Supernote and want to skip the trial and error, I’ve packaged the entire framework (PDF user guide, templates, stickers, quick reference and notebooks) into a ready-to-use kit. Download the full Slipstream kit here.

  The post Zettelkasten on a Supernote appeared first on PRINT HEAD.

February 06, 2026

• Allan Day GNOME Foundation Update, 2026-02-06

  Welcome to another GNOME Foundation weekly update! FOSDEM happened last week, and we had a lot of activity around the conference in Brussels. We are also extremely busy getting ready for our upcoming audit, so there’s lots to talk about. Let’s get started.

  FOSDEM

  FOSDEM happened in Brussels, Belgium, last weekend, from 31st January to 1st February. There were lots of GNOME community members in attendance, and plenty of activities around the event, including talks and several hackfests. The Foundation was busy with our presence at the conference, plus our own fringe events.

  Board hackfest

  Seven of our nine directors met for an afternoon and a morning prior to FOSDEM proper. Face to face hackfests are something that the Board has done at various times previously, and have always been a very effective way to move forward on big ticket items. This event was no exception, and I was really happy that we were able to make it happen.

  During the event we took the time to review the Foundation’s financials, and to make some detailed plans in a number of key areas. It’s exciting to see some of the initiatives that we’ve been talking about starting to take more shape, and I’m looking forward to sharing more details soon.

  Advisory Board meeting

  The afternoon of Friday 30th January was occupied with a GNOME Foundation Advisory Board meeting. This is a regular occurence on the day before FOSDEM, and is an important opportunity for the GNOME Foundation Board to meet with partner organizations and supporters.

  Turn out for the meeting was excellent, with Canonical, Google, Red Hat, Endless and PostmarketOS all in attendance. I gave a presentation on the how the Foundation is currently performing, which seemed to be well-received. We then had presentations and discussion amongst Advisory Board members.

  I thought that the discussion was useful, and we identified a number of areas of shared interest. One of these was around how partners (companies, projects) can get clear points of contact for technical decision making in GNOME and beyond. Another positive theme was a shared interest in accessibility work, which was great to see.

  We’re hoping to facilitate further conversations on these topics in future, and will be holding our next Advisory Board meeting in the summer prior to GUADEC. If there are any organizations out there would like to join the Advisory Board, we would love to hear from you.

  Conference stand

  GNOME had a stand during both FOSDEM days, which was really busy. I worked the stand on the Saturday and had great conversations with people who came to say hi. We also sold a lot of t-shirts and hats!

  I’d like to give a huge thank you to Maria Majadas who organized and ran our stand this year. It is incredibly exhausting work and we are so lucky to have Maria in our community. Please say thank you to her!

  We also had plenty of other notable volunteers, including Julian Sparber, Ignacy Kuchciński, Sri Ramkrishna. Richard Litteaur, our previous Interim Executive Director even took a shift on the stand.

  Social

  On the Saturday night there was a GNOME social event, hosted at a local restaurant. As always it was fantastic to get together with fellow contributors, and we had a good turnout with 40-50 people there.

  Audit preparation

  Moving on from FOSDEM, there has been plenty of other activity at the Foundation in recent weeks. The first of these is preparation for our upcoming audit. I have written a fair bit about this in these previous updates. The audit is a routine exercise, but this is also our first, so we are learning a lot.

  The deadline for us to provide our documentation submission to the auditors is next Tuesday, so everyone on the finance side of the operation has been really busy getting all that ready. Huge thanks to everyone for their extra effort here.

  GUADEC & LAS planning

  Conference planning has been another theme in the past few weeks. For GUADEC, accommodation options have been announced, artwork has been produced, and local information is going up on the website.

  Linux App Summit, which we co-organise with KDE, has been a bit delayed this year, but we have a venue now and are in the process of finalizing the budget. Announcements about the dates and location will hopefully be made quite soon.

  Google verification

  A relatively small task, but a good one to highlight: this week we facilitated (ie. paid for) the assessment process for GNOME’s integration with Google services. This is an annual process we have to go through in order to keep Evolution Data Server working with Google.

  Infrastructure optimization

  Finally, Bart, along with Andrea, has been doing some work to optimize the resource usage of GNOME infrastructure. If you are using GNOME services you might have noticed some subtle changes as a result of this, like Anubis popping up more frequently.

  That’s it for this week. Thanks for reading; I’ll see you next week!

• Tomas Tomecek Trying Claude Code prompt injections (Feb 2026)

  For quite some time I’ve wanted to test how prone agentic tools are to prompt injection. Let’s go.

  I’ll be using Claude Code 2.1.5, 4.5 Opus in various different sessions.

  

February 04, 2026

• Dave Airlie nouveau: a tale of two bugs

  Just to keep up some blogging content, I'll do where did I spend/waste time last couple of weeks.

  I was working on two nouveau kernel bugs in parallel (in between whatever else I was doing).

  Bug 1: Lyude, 2 or 3 weeks ago identified the RTX6000 Ada GPU wasn't resuming from suspend. I plugged in my one and indeed it wasn't. Turned out since we moved to 570 firmware, this has been broken. We started digging down various holes on what changed, sent NVIDIA debug traces to decode for us. NVIDIA identified that suspend was actually failing but the result wasn't getting propogated up. At least the opengpu driver was working properly.

  I started writing patches for all the various differences between nouveau and opengpu in terms of what we send to the firmware, but none of them were making a difference.

  I took a tangent, and decided to try and drop the latest 570.207 firmware into place instead of 570.144. NVIDIA have made attempts to keep the firmware in one stream more ABI stable. 570.207 failed to suspend, but for a different reason.

  It turns out GSP RPC messages have two levels of sequence numbering, one on the command queue, and one on the RPC. We weren't filling in the RPC one, and somewhere in the later 570's someone found a reason to care. Now it turned out whenever we boot on 570 firmware we get a bunch of async msgs from GSP, with the word ASSERT in them with no additional info. Looks like at least some of those messages were due to our missing sequence numbers and fixing that stopped those.

  And then? still didn't suspend/resume. Dug into memory allocations, framebuffer suspend/resume allocations. Until Milos on discord said you did confirm the INTERNAL_FBSR_INIT packet is the same, and indeed it wasn't. There is a flag bEnteringGCOff, which you set if you are entering into graphics off suspend state, however for normal suspend/resume instead of runtime suspend/resume, we shouldn't tell the firmware we are going to gcoff for some reason. Fixing that fixed suspend/resume.

  While I was head down on fixing this, the bug trickled up into a few other places and I had complaints from a laptop vendor and RH internal QA all lined up when I found the fix. The fix is now in drm-misc-fixes.

  Bug 2: A while ago Mary, a nouveau developer, enabled larger pages support in the kernel/mesa for nouveau/nvk. This enables a number of cool things like compression and gives good speedups for games. However Mel, another nvk developer reported random page faults running Vulkan CTS with large pages enabled. Mary produced a workaround which would have violated some locking rules, but showed that there was some race in the page table reference counting. 

  NVIDIA GPUs post pascal, have a concept of a dual page table. At the 64k level you can have two tables, one with 64K entries, and one with 4K entries, and the addresses of both are put in the page directory. The hardware then uses the state of entries in the 64k pages to decide what to do with the 4k entries. nouveau creates these 4k/64k tables dynamically and reference counts them. However the nouveau code was written pre VMBIND, and fully expected the operation ordering to be reference/map/unmap/unreference, and we would always do a complete cycle on 4k before moving to 64k and vice versa. However VMBIND means we delay unrefs to a safe place, which might be after refs happen. Fun things like  ref 4k, map 4k, unmap 4k, ref 64k, map 64k, unref 4k, unmap 64k, unref 64k can happen, and the code just wasn't ready to handle those. Unref on 4k would sometimes overwrite the entry in the 64k table to invalid, even when it was valid. This took a lot of thought and 5 or 6 iterations on ideas before we stopped seeing fails. In the end the main things were to reference count the 4k/64k ref/unref separately, but also the last thing to do a map operation owned the 64k entry, which should conform to how userspace uses this interface.

  The fixes for this are now in drm-misc-next-fixes.

  Thanks to everyone who helped, Lyude/Milos on the suspend/resume, Mary/Mel on the page tables.

   

• Swiss JuristGate JuristGate is for sale: three billion Swiss francs for a domain name

  When the share price of Credit Suisse, one of Switzerland's two top banks, went into its death spiral, the Swiss authorities had some discussions among themselves and the inevitable result of that discussion was the sale of Credit Suisse to their main rival, UBS.

  The public were told that UBS had offered three billion Swiss francs to compensate the shareholders of Credit Suisse for their shares. Some people were sceptical about the method used to reach this valuation. Nonetheless, it was important for Swiss national pride.

  When writing the reports on the JuristGate web site, I've attempted to operate with the highest level of accuracy and integrity. Nonetheless, everybody has their price. If somebody offered me three billion Swiss francs for the domain then I would probably do like Urban Angehrn and Birgit Rutishauser and take a lengthy garden leave.

  In the meantime, to make up for the wayward support from Swiss legal insurance I've started a crowdfunding campaign to resolve one of the disputes relating to Debian. This is vital because we all do a lot of work for Debian and we are all entitled to equal recognition.

  In a previous blog, I looked at the prompt and efficient manner in which Bernice is undertaking enforcement action to protect the public from rogue health practitioners in the State of Victoria.

  Bernice generated a lot of news stories when she banned a social media influencer, Emily Lal, who promoted herself as The Authentic Birthkeeper. Lal had promoted wild birthing. A number of mothers and babies have died around the world when following the advice of social media influencers.

  I don't know how much Bernice gets paid but I found a job vacancy for her deputy. The salary is in the range up to $290,000 per year. That is approximately CHF 160,000 Swiss francs.

  As Bernice is a nurse and keyworkers never get paid what they are really worth I'm guessing her salary is not too much bigger than that.

  The FINMA annual reports reveal the salaries for the CEO and executive team. Urban Angehrn's salary was CHF 602,000. It looks like FINMA pays their CEO three or four times what the State of Victoria pays Bernice.

  We can compare their performance and see how many banning orders each of them has published:

  FINMA (Swiss financial regulator) banning orders: they published 24 bans between 2018 and 2025. Some bans are not reported publicly.

  Health Complaints Commissioner (Victoria) banning orders: Bernice has personally signed over 100 interim or permanent bans since taking office in July 2022.

  This was Urban Angehrn's payout, CHF 581,000, when he resigned at the same time that FINMA published their anonymous decision about Parreaux, Thiebaud & Partners. Clients/victims were offered nothing.

  

   

  Read more of the JuristGate reports.

February 03, 2026

• Stephen Smoogen Generations (take N+1)

   

  Putting some rigour to generations

  Recently a coworker posted that children born this year would be in Generation Beta, and I was like “What? That sounds like too soon…” but then thought “Oh its just that thing when you get older and time flies by.” I saw a couple of articles saying it again, so decided to look at what was on the wikipedia article for generations and saw that yes ‘beta’ was starting.. then I started looking at the lengths of the various generations and went “Hold On”.

  

  Let us break this down in a table:

  Generation	Wikipedia	How Long
  T (lost)	1883-1900	17
  U (greatest)	1901-1927	26
  V (silent)	1928-1945	17
  W (boomer)	1946-1964	18
  X	1965-1980	15
  Y (millenial)	1981-1996	15
  Z	1997-2012	15
  alpha	2013-2025	12
  beta	2026-2039	13
  gamma	2040-???	??

  So it is bad enough that Generation X,Millenials, and Z got shortened from 18 years to 15.. but alpha and beta are now down to 12 and 13? I realize that this is because all of this is a made up construct to make some people born in one age group angry/sad/afraid in another by editors who are needing to sell advertising for things which will solve the feelings of anger, sadness, or fear.. but could you at least be consistent.

  I personally like some order to my starting and ending dates for generations so I am going to update some lists I have put out in the past with newer titles and times. We will use the definiton as outlined at https://en.wikipedia.org/wiki/Generation

  A generation is all of the people born and living at about the same time, regarded collectively.[1] It also is “the average period, generally considered to be about 20–30 years, during which children are born and grow up, become adults, and begin to have children.”

  For the purpose of trying to set eras, I think that the original 18 years for baby boomers makes sense, but the continual shrinkflation of generations after that is pathetic. So here is my proposal for generation ending dates outside. Choose which one you like the best when asked what generation you belong to.

  Generation	Wikipedia	18 Years
  T (lost)	1883-1900	1889-1907
  U (greatest)	1901-1927	1908-1926
  V (silent)	1928-1945	1927-1945
  W (boomer)	1946-1964	1946-1964
  X	1965-1980	1965-1983
  Y (millenial)	1981-1996	1984-2002
  Z	1997-2012	2002-2020
  alpha	2013-2025	2021-2039
  beta	2026-2039	2040-2058
  gamma	2040-???	2059-2077

  (*) I say wikipedia here, but they are basically taking dates from various other sources and putting them together.. which should be seen as more on the statement of social commentators who aren’t good at math.

• Fedora fans دانلود و راه‌اندازی Psiphon Conduit؛ ابزار قدرتمند ضد سانسور اینترنت

  

  Psiphon Conduit یک پروژه متن‌باز است که توسط شرکت Psiphon Inc توسعه یافته و بر پایه‌ی هسته‌ی تونلینگ Psiphon (psiphon-tunnel-core) ساخته شده است. این پروژه شامل یک کلاینت موبایل و CLI کراس‌پلتفرم برای ایجاد تونل و پروکسی است که با هدف دور‌ زدن سانسور اینترنت و افزایش دسترسی آزاد به اینترنت طراحی شده است. برخی […]

  The post دانلود و راه‌اندازی Psiphon Conduit؛ ابزار قدرتمند ضد سانسور اینترنت first appeared on طرفداران فدورا.

January 31, 2026

• Fedora fans آموزش و معرفی Snowflake Tor برای عبور از محدودیت‌های اینترنت

  

  پروژه Snowflake یک فناوری ضدسانسور از پروژه Tor است که به کاربران کمک می‌کند حتی در کشورها یا شبکه‌هایی که Tor مسدود شده، به اینترنت آزاد و شبکه Tor متصل شوند. چند ویژگی‌ مهم Snowflake: یک Pluggable Transport برای Tor است که ترافیک را طوری پنهان می‌کند که شناسایی و فیلتر آن سخت‌تر شود. ارتباطات […]

  The post آموزش و معرفی Snowflake Tor برای عبور از محدودیت‌های اینترنت first appeared on طرفداران فدورا.

January 30, 2026

• Adam Young Stacking Protocols

  I find myself writing a program in C that is supposed to handle multiple protocols. At its entry point, the protocol is Platform Communication Channel (extended memory, type 3 and type 4). Embedded in that is an Management Component Transport Protocol (MCTP) message, and embedded in that is one of many different protocols.
  
  I might want to swap out the PCC layer in the future for….something else. MCTP can come over many different protocols, so there is a good be that the tool will be more useful if it can assume that the protocol outside of the MCTP layer is something other than MCTP.
  
  One problem I have is that the MCTP header does not have a length field. We do not not know how long the payload is; all it has is version, source, destination, and flags. Thus, if we want to pass a buffer of type MCTP header along, and we want the length, we need to pass it in a separate field. This goes both for incoming (how many bytes to read) and outgoing (how many bytes to write).

  My initial thought on writing this layer is to have a request/response pair for each layer of the protocol. For PCC, I could just do this. For all the other internal ones, I would need to pass length in and length out for each handler. Length in will not change, but length out might, so this needs to be passed as pointer. This leads to functions that look like this:

  void handle_mctp_control_message(struct mctp_hdr * mctp_req,  int req_len,  struct mctp_hdr * mctp_resp,  int *resp_len)
  {
  
  }

  I will also need to be converting from outer protocols to inner protocols. So I will need code like this:

  struct mctp_hdr * mctp_req  = (struct mctp_hdr *)pcc_req->buffer_start;
  int mctp_req_len = pcc_req->length - sizeof(MCTP_SIGNATURE);
  struct mctp_hdr * mctp_rsp  = (struct mctp_hdr *)pcc_rsp->buffer_start;

  The outgoing length would be initialized to 0, and grow as each later of the protocol stack adds its own data. However, I am planning on pre-allocating the buffer, and just passing a pointer to the location where the protocol is supposed to write its data. IN order to confirm we don’t want to write past the end of the function, we will have to pass the overall buffer length in, maybe shortened by the amount we need to reserve for the outer headers.

  If each protocol header had a smart pointer, I could pass those around instead. Something like:

  struct pcc_header_p {
      struct pcc_header * header;
      int buffer_length;
  }
  
  struct mctp_header_p {
      struct mctp_header * header;
      int length;
      int buffer_length;
  }

  Then it would be fairly easy to write a function that, given an *pcc_header_p populates a struct mctp_header_p that points to it.

  void pcc_2_mctp(struct pcc_header_p *pcc, struct mctp_header_p *mctp)
  {
     mctp->header = (struct mctp_header *)pcc->header[sizeof struct pcc_header];
     mctp->len =  pcc->header.length - sizeof(MCTP_SIGNATURE);
     mctp->buffer_length = pcc->buffer->length - sizof(struct pcc_header);
       
  }

  This seems like it would benefit from a set of preprocesser Macros. I know that Qemu does something like this. But for a first pass, I think I can just code it up like this.