Welcome to Planet openSUSE

This is a feed aggregator that collects what openSUSE contributors are writing in their respective blogs.

To have your blog added to this aggregator, please read the instructions.

29 June, 2016

  • La Mapería

    It is Hack Week at SUSE, and I am working on La Mapería (the map store), a little program to generate beautiful printed maps from OpenStreetMap data.

    I've gotten to the point of having something working: the tool downloads rendered map tiles, assembles them with Cairo as a huge PDF surface, centers the map on a sheet of paper, and prints nice margins and a map scale. This was harder to me than it looks: I am pretty good at dealing with pixel coordinates and transformations, but a total newbie with geodetic calculations, geographical coodinate conversions, and thinking in terms of a physical map scale instead of just a DPI and a paper size.

    Printed map Printed map 2

    The resulting chart has a map and a frame with arc-minute markings, and a map scale rule. I want to have a 1-kilometer UTM grid if I manage to wrap my head around map projections.

    Coordinates and printed maps

    The initial versions of this tool evolved in an interesting way. Assembling a map from map tiles is basically this:

    1. Figure out the tile numbers for the tiles in the upper-left and the lower-right corners of the map.
    2. Composite each tile into a large image, like a mosaic.

    The first step is pretty easy if you know the (latitude, longitude) of the corners: the relevant conversion from coordinates to tile numbers is in the OpenStreetMap wiki. The second step is just two nested for() loops that paste tile images onto a larger image.

    When looking at a web map, it's reasonably easy to find the coordinates for each corner. However, I found that printed maps want one to think in different terms. The map scale corresponds to the center of the map (it changes slightly towards the corners, due to the map's projection). So, instead of thinking of "what fits inside the rectangle given by those corners", you have to think in terms of "how much of the map will fit given your paper size and the map scale... around a center point".

    So, my initial tool looked like

    python3 make-map.py
            --from-lat=19d30m --from-lon=-97d
            --to-lat=19d22m --to-lon=-96d47m

    and then I had to manually scale that image to print it at the necessary DPI for a given map scale (1:50,000). This was getting tedious. It took me a while to convert the tool to think in terms of these:

    • Paper size and margins
    • Coordinates for the center point of the map
    • Printed map scale

    Instead of providing all of these parameters in the command line, the program now takes a little JSON configuration file.

    La Mapería generates a PDF or an SVG (for tweaking with Inkscape before sending it off to a printing bureau). It draws a nice frame around the map, and clips the map to the frame's dimensions.

    La Mapería is available on github. It may or may not work out of the box right now; it includes

28 June, 2016


The ESP8266 lacks any hardware support for PWM. Any ATtiny, PIC or any ARM Cortex M0 based SoC fares better in this regard, although the smallest SoCs may have only one or two channels.

As an alternative to hardware PWM it is possible to do PWM purely in software, typically assisted by interrupts from a hardware counter. For the ESP8266 a software PWM implementation is available in the SDK provided by Espressif, but it comes with several strings attached:

  1. It has a quite awkward API, the documentation lacks several important points open
  2. As any interrupt based implementation it is susceptible for glitches
  3. The duty cycle is limited to 90% maximum

The missing manual parts

The API has four important functions to control the PWM, as follows:

void pwm_set_duty(uint32 duty, uint8 channel)

Set the duty for a logical channel. One duty unit corresponds to 40ns. The maximum should be period / 40ns, but due to the implementation there is a fixed dead time of 100μs which limits the maximum duty to 90% when using a period of 1ms (i.e. a frequency of 1kHz).

void pwm_set_period(uint32 period)
Set the PWM period to period microseconds.

void pwm_start(void)
Needs to be called before any pwm_set_duty, pwm_set_period calls take any effect. Does some preparatory work needed for the interupts handler to do its job of toggling the GPIOs.

void pwm_init(uint32 period, uint32 *duty,
uint32 pwm_channel_num, uint32 (*pin_info_list)[3])

duty points to an array of duty cycles, the number of array elements depends on the number of used channels. From the documentation it is not obvious if this is only needed for initial settings, if this is also accessed after the pwm_init call (e.g. ownership of the array is transfered) and if is save to pass NULL here.

pin_info_list points to an array of arrays. It better had been declared as an array of structs, each struct storing the configuration of a GPIO pin. As is, each 3-tuple stores:

  1. the name of the MUX configuration register as documented in the GPIO chapter of the SDK, see the PIN_FUNC_SELECT macro
  2. the name of the MUX setting, see GPIO SDK documentation
  3. the number of the GPIO from 0 to 15

One 3-tuple is needed for each PWM channel/GPIO pin. Ownership transfer is not documented.

The „90% maximum duty“ limitation

The maximum duty limit is an implementation artifact. To understand where this limitation is coming from, it is necessary how the the software PWM works. The following two scope traces both show the same signals, 2 PWM channels with a duty of 1467 (58.7μs) and 399 counts (15.9μs), with a specified period of 1000μs, but different timebases (500μs/div resp. 20μs/div).

1kHz PWM from Espressif SDK1kHz PWM from Espressif SDK. A specified period of 1 milliseconds results in a period of 1.1 milliseconds.
1kHz PWM from Espressif SDK1kHz PWM from Espressif SDK. Each Period is split into a „short pulse“ and a „long pulse“ phase.

As can be seen, in each


Last Friday, at openSUSE Conference 2016, I was giving a talk together with Christian Schneemann about KIWI and OBS (the events.opensuse.org software is not able to manage "two speakers for one talk", this is why I am not listed in the schedule).

The slides from that talk are now available from the B1-Systems website.

27 June, 2016


Semarang, Indonesia by Yohanes Dicky Yuniar

The openSUSE.Asia Committee are announcing the call for papers for 3rd openSUSE.Asia Summit. Starting today, the Committee is looking forward to your proposals. We are looking for free and open source software advocates. All open source contributors, enthusiasts, and business owners can submit.

Presentations are in the following formats

  • Lightning Talk (10 mins)
  • Short Talk (30 mins)
  • Long Talk (60 mins)
  • Workshop Short (2 hours)
  • Workshop (3 hours)

The openSUSE.Asia committee recommends workshops or hands-on sessions.

The conference website is accepting submissions starting now until 3 August 2016.  Proposals should include a title and an abstract of 150 – 500 words. The committee will announce the accepted proposals on 17th August 2016.


We Have Just Started!

This is our fourteenth HackWeek at SUSE already. HackWeek is a SUSE way of Hackathon
which is usually one full week long. This time it's actually six days, overlapping one day with the openSUSE conference in Nürnberg. See more including current projects at the HackWeek page.

SUSE Prague at the HackWeek XIV Opening Event
Although we have started on Friday and it's just Monday, we already have quite some results to show...

YaST Dialog Editor

YaST guys discussing the idea
Ladislav came with an idea to have a WYSIVYG editor for YaST dialogs. Right now, you have to design a dialog, write an exact definition of the dialog in the code and then run it to see the result. His project enables everyone to change a dialog on-the-fly directly in a running YaST. You can already open the editor, delete some widgets or edit their properties. See more at the project itself.

We were already able to open a Stylesheet Editor by pressing Ctrl-Shift-Alt-S in YaST (and also the Installer) and edit the used style. Ladislav's project uses similar approach to the dialog content.

Rooms management for Janus/Jangouts using Salt

Jangouts welcome screen
We use Jangouts every day for our SCRUM stand-up calls, and other meetings. More and more teams at SUSE want to do the same, but the current Jangouts does not allow to create rooms as they are needed yet - an administrator has to adjust the configuration manually and reload the service.

Ancor originated the idea to use Salt for the Jangouts room management and Pablo took it and already implemented a working solution which talks directly to the Janus REST API.

Speeding-Up The Installer

13 seconds faster!
We have been using openQA for continuous integration testing for quite some time and we are writing more and more tests. This means that we have to run them, but as time is actually limited, every second counts. Especially the saved one and even more if you multiply the result by several hundreds (tests per week). Moreover, this should lead into saving resources and being greener at the end.

Josef has decided to speed-up the installer by not doing things that are not necessary. He already succeeded in saving 13 seconds (from 58 seconds down to 45) while writing and adjusting the bootloader settings (here and here).

Stay tuned for the update! Or contribute to our projects :)


Welcome to part 2 of my posts on the material from the “Cryptography I” course. In this course the material is designed to teach students about how to scientifically determine what concepts/algorithms are and are not cryptographically secure. I am continuing this series of posts so that I can have some way to review the information at a later time as well as to provide my interpretation of the material for others to read and comment on. Enjoy!


In the first part I cover topics like Probability Distributions (Uniform and Point), Events, Randomized Algorithms and Independence.


XOR proves to be a very important aspect of cryptography and is actually use in many ciphers like OTP, DES and AES. Therefore if you are not familiar with the concept of XOR, now would be a good time to read up on it. Basically the following truth table provides the mapping for XOR given X and Y inputs.

(X, Y) | Z
(0, 0) | 0
(0, 1) | 1
(1, 0) | 1
(1, 1) | 0

Symmetric Ciphers

A Symmetric Cipher is one that uses the same key (k) for the sender and receiver. For example if Alice sends Bob a message, both Alice and Bob must use the same key to be able to securely send and receive messages.

More formally we can define it such that over a key space of all possible keys (K), a message space of all possible messages (M) and a cipher text space of all possible CT (C) the cipher is efficient where encryption (E) and decryption (D):

E: K x M -> C
D: K x C -> M
such that... ∀ m in M, k in K: D(k, E(k, m)) = m

∀ = For all

Note that E is often randomized but D is always deterministic!

The One Time Pad (OTP)

From Wikipedia:
First described by Frank Miller in 1882, the one-time pad was re-invented in 1917. On July 22, 1919, U.S. Patent 1,310,719 was issued to Gilbert S. Vernam for the XOR operation used for the encryption of a one-time pad. It is derived from the Vernam cipher, named after Gilbert Vernam, one of its inventors. Vernam’s system was a cipher that combined a message with a key read from a punched tape.

OTP uses a very simple concept of XORing the plaintext message with the key to produce some ciphertext (c) that cannot easily be decrypted.

ciphertext: E(k, m) = k ⊕ m
plaintext: D(k, c) = k ⊕ c

Note: D(k, E(k, m)) = D(k, k ⊕ m) = k ⊕ (k ⊕ m) = (k ⊕ k) ⊕ m = m


m = 0110001
k = 1101110
c = 1011111

Note that k must be at least as long as m to securely encrypt m

As we can see OTP is a very fast encryption and decryption cipher but it needs long keys. Now however we really need to ask what defines a “good” cipher?

Perfect Secrecy

The basic idea to secure a plaintext (PT) message is that the

26 June, 2016


DSC_0007_1The openSUSE Conference ended today and people who were not able to travel to Bavaria for the conference can view most of the conference on the openSUSETV channel on YouTube.

The conference had several high-level talks. A few that people are recommended to view are Owen Synge’s talk about ceph. Tony Jones talked about performance analysis on openSUSE using Perf and Nitin Madhok talked about managing VMware infrastructure using salt-cloud.

The keynotes were great this year and there was some big news from Norman Fraser about the release of a new ARM server for developers from SoftIron running openSUSE Leap.

Thomas Hatch and company provided an overview of automation with Salt.

Frank Karlitschek from NextCloud provided a keynote about the future of the internet and Georg Greve provided a keynote on hardware topics and innovation.

Klaas Freitag provided an ownCloud workshop and Mauro Morales provided a guided tour of the Machinery Project.

More openSUSE centric talks took place on the first day of the conference. Alberto Planas provided demographics on openSUSE users and Ludwig Nussel, the release manager for openSUSE Leap talked about the release of 42.2.

openSUSE’s Chairman Richard Brown took a position on flatpak and snap and eluded to users selling their souls to a South African.

A live project meeting will close out the conference along with a Docker Meetup.

25 June, 2016

Luca Beltrame: Two in one

12:11 UTCmember


As you may know (unless you’ve been living in Alpha Centauri for the past century) the openSUSE community KDE team publishes LiveCD images for those willing to test the latest state of KDE software from the git master branches without having to break machines, causing a zombie apocalypse and so on. This post highlights the most recent developments in the area.

Up to now, we had 3 different media, depending on the base distribution (stable Leap, ever-rolling Tumbleweed) and whether you wanted to go with the safe road (X11 session) or the dangerous path (Wayland):

  • Argon (Leap based)
  • Krypton (Tumbleweed based, X11)
  • Krypton Wayland (Tumbleweed based, Wayland)

So far we’ve been trying to build new images in sync with the updates to the Unstable KDE software repositories. With the recent switch to being Qt 5.7 based, they broke. That’s when Fabian Vogt stepped up and fixed a number of outstanding issues with the images as well.

But that wasn’t enough. It was clear that perhaps a separate image for Wayland wasn’t required (after all, you could always start a session from SDDM). So, perhaps it was the time to merge the two…

Therefore, from today, the Krypton image will contain both the X11 session and the Wayland session. You can select which session to use from the SDDM screen. Bear in mind that if you use a virtual machine like QEMU, you may not be able to start Wayland from SDDM due to this bug.

Download links:

Should you want to use these live images, remember where to report distro bugs and where to report issues in the software. Have a lot of fun!

24 June, 2016

Klaas Freitag: ownCloud Client 2.2.x

13:06 UTCmember


A couple of weeks ago we released another significant milestone of the ownCloud Client, called version 2.2.0, followed by two small maintenance releases. (download). I’d like to highlight some of the new features and the changes that we have made to improve the user experience:

Overlay Icons

Overlay icons for the various file managers on our three platforms already exist for quite some time, but it has turned out that the performance was not up to the mark for big sync folders. The reason was mainly that too much communication between the file manager plugin and the client was happening. Once asked about the sync state of a single file, the client had to jump through quite some hoops in order to retrieve the required information. That involved not only database access to the sqlite-based sync journal, but also file system interaction to gather file information. Not a big deal if it’s only a few, but if the user syncs huge amounts, these efforts do sum up.

This becomes especially tricky for the propagation of changes upwards the file tree. Imagine there is a sync error happening in the foo/bar/baz/myfile. What should happen is that a warning icon appears on the icon for foo in the file manager, telling that within this directory, a problem exists. The complexity of the existing implementation was already high and adding this extra functionality would have reduced the reliability of the code lower than it already was.

Jocelyn was keen enough to do a refactoring of the underlying code which we call the SocketApi. Starting from the basic assumption that all files are in sync, and the code has just to care for these files that are new or changed, erroneous or ignored or similar, the amount of data to keep is very much reduced, which makes processing way faster.

Server Notifications

On the ownCloud server, there are situation where notifications are created which make the user aware of things that happened.

An example are federated shares:

If somebody shares a folder with you, you previously had to acknowledge it through the web interface. This explicit step is a safety net to avoid people sharing tons of Gigabytes of content, filling up your disk.


With 2.2.x, you can acknowledge the share right from the client, saving you the round trip to the web interface to check for new shares.

Keeping an Eye on Word & Friends

Microsoft Word and other office tools are rather hard to deal with in syncing, because they do very strict file locking of the files that are worked on. So strict that the subsequent sync app is not even allowed to open the file, not even for reading. That would be required to be able to sync the file.

As a result the sync client needs to wait until word unlocks the file, and then continue syncing.

For previous version of the client, this was hard to detect and worked only

Chief Executive Officer of SoftIron, Norman Fraser, Ph.D., provides the keynote talk at the openSUSE Conference in Nuremberg, Germany, on June 24.

Chief Executive Officer of SoftIron, Norman Fraser, Ph.D., provides the keynote talk at the openSUSE Conference in Nuremberg, Germany, on June 24.

The keynote speaker for the openSUSE Conference today and Chief Executive Officer of SoftIron, Norman Fraser, Ph.D., made a big announcement about the release of a new powerful ARM server that comes with essential tools to get the 64-bit ARM development up and running, out-of-the-box.

Fraser announced the availability of the affordable, feature rich Overdrive 1000, which is an entry level 64-bit ARM® developer system, powered by the AMD Opteron A1100™ series processor.

“Many developers want more than what the DIY boards can offer but only need specific parts of the functionality delivered by full on enterprise systems,” Fraser said.

The Overdrive 1000 will run openSUSE Leap and comes with Apache webserver, MySQL, PHP, Xen, KVM Hypervisor, Docker and OpenJDK pre-installed so developers can get to work and see results straight out-of-the-box, according to Fraser.

“We are thrilled openSUSE Leap has been chosen as the platform for the Overdrive 1000 and know developers will be highly satisfied with it,” said Richard Brown, Chairman of the openSUSE Board.

The Overdrive 1000, according to Fraser, will retail for $599 and has the following:

  • Processor cores 4 x 64-bit ARM Cortex A57 Cores
  • Quad core ARM64 SoC and 8GB DDR4 memory
  • 1TB HDD with fast direct-attach SATA 3.0 ports
  • 2x USB 3.0
  • Wirespeed 1Gbps throughput
  •  Low and predictable energy consumption at 45 watts max

Fraser also announced at the conference that SoftIron’s Overdrive 3000, which runs openSUSE Tumbleweed, will soon have the option of running with either openSUSE Tumbleweed or openSUSE Leap.

Michael Meeks: 2016-06-24 Friday.

09:17 UTCmember

  • Out for a run before school with J. On Brexit - I voted in, so disappointed, but interested to see what the result will be; presumably not an Irish style neverendum; will the golden rule be applied to exiters ? why are the CAC40 and EURO STOXX 50 down 8.5% now when the FTSE 100 is down 5% ? when does the curse of "interesting times" go away again.

23 June, 2016

Michael Meeks: 2016-06-23 Thursday.

21:00 UTCmember

  • Up early, mail chew, customer call, pleased to see our first product integration on the market with ownCloud. Some ideas take lots of time to mature - I recall discussing what was needed with Markus Rex at CeBIT, March 2014. Some amazing work from the Collabora team to get everything together for today.
  • Lunch. Plugged away at slideware until late.

Frank Karlitschek, founder of Nextcloud and ownCloud, talks about a Global User Directory for Cloud and other services and applications.

Frank Karlitschek, founder of Nextcloud and ownCloud, talks about a Global User Directory for Cloud and other services and applications.

The second day of this year’s openSUSE Conference had two keynote speakers.

Frank Karlitschek, founder of Nextcloud and ownCloud, talked about the importance of federation infrastructure and reaching the critical mass. He pointed out that Free Open Source Software projects that offer similar applications to those that are proprietary fail to gain mainstream acceptance. One of the reasons he gave was trying to balance the balance between privacy and openness. He suggested that more projects should work with one another on a cloud-sharing standard and perhaps there should be a Global User Directory. Users could manage their privacy data that is shared or visible on a GUD as an answer to sharing personal cloud-based content with users running different applications or services.

Georg Greve, the Chief Executive Officer of Kolab Systems AG, also discussed the idea of reaching critical mass through making products that are simply better by companies or projects that can be trusted based on openness, the ability for users to control and build the applications or produces. Greve went on further to discuss the importance of innovation and gave reasons for why Kolab Systems joined The Open Innovation Network with companies like SUSE and Red Hat.

Lasse Schuirmann provided a talk titled Static Code Analysis for All Languages.

Owen Synge talked about the reasons ceph storage will stay.

Georgi Kodinov talked about MySQL Firewall.

Harald Sitter just finished discussing KDE neon as a rolling workspace to aid in getting KDE in the hands of users. KDE neon has both a user and developer edition.

Those who are not able to make the openSUSE Conference can watch it live via stream at https://events.opensuse.org/.

More videos will be posted on YouTube and https://media.ccc.de/b/conferences/osc16.


Installation Video Mode

If you need to make screenshots of the installation it is useful to influence their size. You could press F3 in the boot menu and choose from a menu, but that is not well suited for scripts such as openQA.

The installer now obeys an option from the boot command line: xvideo.


(Available in yast2-installation-3.1.195 + yast2-x11-3.1.5. bsc#974821)

How to Install with a Self-Signed Certificate

You can now install from a repository served with HTTPS that has a self-signed certificate. Use a ssl_certs=0 boot option.

(Available in yast2-packager-3.1.104. bsc#982727)

Installation: Local SMT Servers are Pre-filled

Last sprint (S#20) we improved the registration UI. Now we’ve made one more improvement: pre-filling the Register System via local SMT Server field.

Before, the widget was a single text field and a little helpful smt.example.com was always shown (no matter what your actual domain was). local-smt-server-1-before

Now, if your local SMT servers are advertised via SLP they will be offered as choices. (Here acme.com stands for your domain) local-smt-server-2-after

(Available in yast2-registration-3.1.176. bsc#981633.)

New Storage: ISO

We have started building an installation ISO image with the new storage library. The first build contains all the pieces but they don’t work together yet.

New Storage: Boot Scenarios

We have documented the supported scenarios regarding booting in the new storage layer.

(Tooling note: We made this with a Markdown formatter for RSpec invoked like this.)

Network Settings are Less Eager to Restart

If you opened Network Settings to review something, made no changes, and closed the dialog with OK, the network would be restarted. That may be undesirable if you have an Important Application running. We originally thought that everyone would close the dialog with Cancel, but we were proven wrong.

Now the module properly checks whether you have made changes to the settings, and omits the restart if appropriate.

(Available in yast2-network-3.1.155. FATE#318787)

Network in AutoYaST

Due to a problem in the AutoYaST version shipped with SLE 12 SP1 and openSUSE Leap 42.1, the network configuration used during the first stage was always copied to the installed system regardless the value of keep_install_network.

Upcoming SLE 12 SP2 and Leap 42.2 behaves as expected and keep_install_network will be set to true by default.

(Available in yast2-network-3.1.157 + autoyast2-3.1.133. Fixes bsc#984146.)

22 June, 2016

Michael Meeks: 2016-06-22 Wednesday.

21:00 UTCmember

  • Mail chew; meeting / slideware prep. poked partners. Admin, paperwork, etc.
  • Reviewed Noel's nice patch after dinner and stories for VclPtr'ing all Menus - turns up some surprising things in the code. Boggled with Azorpid at the namespace mis-handling corner-cases in the code.

SaltStack Chief Technical Officer and technical founder Thomas Hatch talks about the evolution of Salt and IT automation at the openSUSE Conference on June 22.

SaltStack Chief Technical Officer and technical founder Thomas Hatch talks about the evolution of Salt and IT automation at the openSUSE Conference on June 22.

The first day of this year’s openSUSE Conference went well and the  keynote speaker team of SaltStack Chief Technical Officer and technical founder Thomas Hatch along with Senior SaltStack Engineer David Boucha and SUSE’s Joe Werner showed how powerful Salt is for IT automation.

Boucha gave a live demo and Hatch talked about the evolution of Salt and even talked a little about Salt’s Thorium Reactor, which was added to Salt as an experimental feature in the 2016.3.0 release. Werner discussed how SUSE uses Salt with SUSE Manager.

Frank Sundermeyer, from SUSE’s Documentation Team, gave his impressions of the first day of the conference and details a litte more information about Salt in this blog entry.

The SaltStack Summit was standing room only and the talks will be available in the next few weeks for those who are interested is seeing all the convincing arguments for why developers should use Salt for automation.

Kristoffer Grönlund talked about Rust during his talk at the SUSE Labs Summit and recommend to developers to consider writing new developments in Rust as the programming language continues to evolve.

Alberto Planas provided an overview of the the amount of people using openSUSE as well as how people install and update to new openSUSE releases. Most people were installing X86_64 was the highest architecture through a DVD and Germany makes up the country with the most use of openSUSE.

openSUSE’s new release manager Ludwig Nussel provided an overview of the next release Leap 42.2. The Alpha 2 was released yesterday and Nussel provided a schedule of the release of 42.2. There are currently 900 packages from the SUSE Linux Enterprise 12 Service Pack 2 that will be going into Leap 42.2.

Closing out the day, Max Lin is talking about staging in openSUSE Factory.

Tomorrow, there will be two keynote speakers. Frank Karlitschek, the founder of Nextcloud and former co-founder of ownCloud, will provide a keynote at 10 a.m. tomorrow. Georg Greve, CEO of Kolab Systems AG, will have a keynote in the afternoon.

Those who are not able to make the openSUSE Conference can watch it live via stream at https://streaming.media.ccc.de/osc16

21 June, 2016

Michael Meeks: 2016-06-21 Tuesday.

21:00 UTCmember

  • Mail chew; customer / partner calls; sync. with Philippe, poked Azorpid's GSOC work, and filed mid-term review.

Barcelona (Spain) will be the venue for the next OpenStack Summit this October (25.-28.10.2016). The "Call for Speakers" period started. You can submit your presentation here. The deadline to fill your application is July 13, 2016 at 11:59 pm (PDT) / July 14 8:59 CEST.

In May there was a long discussion in the community about changing the selection process for the presentations, especially about if there should be a voting at all. The process changed slightly compared to Austin, checkout the current selection process.


Well it will take some work, security is not like what they show on TV. You don’t need green on black text, special goggles or an unlimited enhance function. Instead, it requires sitting down and understanding the history of the field, what it means to be “secure” and what limitations or assumptions you can work under. This summer I have decided to start my journey on the vast field of cryptography and am doing an online course at Stanford University that provides an introduction to cryptography. It is appropriately named “Cryptography I” and is the first part of a two part course, the second part being offered later in the Fall. Both are taught by a really awesome professor Dan Boneh who I find explains the material very well. I decided I would like to make some posts about what I have learned in this course as I go through the material so that I can share my knowledge and get a chance to write it down somewhere for later reference.

The Start

Cryptography provides two important functions, it allows users to have a secret key that they can establish and share, as well as allowing a secure communication that provides confidentiality and integrity of the message. Crypto can also provide authentication, anonymity and even a digital currency!

To begin a journey into the world of crypto we have to understand what the basic steps are to perform accurate research. The course outlines these in 3 basic steps:

Precisely specify a threat model
Example: a digital signature cannot be forged by an adversary

Propose some construction

Prove that breaking the construction threat model will solve the underlying hard problem
Example: any attacker who is able to attack the construction under the threat model is unable to solve the hard problem, the construction cannot be broken

The Basics

Before the real crypto analysis can begin however, there needs to be some understanding of the key concepts that are used in the course. These are Probability Distributions, Events, Randomized Algorithms and Independence.

Probability Distributions

Suppose you have some set U ( our ‘universe’) which is a finite set, for example U = {0,1}^n. What this notation means is that U is a set which can consist of either 0 or 1, n amount of times. So for example if n was 2 then the following values would be present inside of U: {00, 01, 10, 11}.

Now that there is a universe to limit the calculation, the next step is to understand the two types of distribution. Note that the total of the probabilities always adds up to 1.

Uniform Distribution

In a uniform distribution the probability of a certain element of the set being selected is exactly equal to 1/|U|. Note that |U| means the size of the set U. So in the example above, a truly random distribution has probability 1/4 of selecting any specific element.

Point Distribution

In a point distribution the probabilities are not evenly

20 June, 2016

Michael Meeks: 2016-06-20 Monday.

21:00 UTCmember

  • Up early; music practice with the babes - mail chew; team calls, partner bits; customer call; board call somewhere.


Tomorrow the German OpenStack Days 2016 (Deutsche OpenStack Tage) will start in Cologne. I will give a talk on Ceph and OpenStack about "OpenStack at 99,999% availability with Ceph".

It seems the event is already sold out completely, but as far as I know the presentations (mostly conducted in German) will be recorded and available after the conference. If you have already a ticket, have a interesting OpenStack conference in Cologne!

19 June, 2016

Michael Meeks: 2016-06-19 Sunday.

21:00 UTCmember

  • Up; Fathers Day cards; out to NCC - Roy spoke; home for a fine BBQ lunch; with Baked Alaska - wow. Watched The Martian - which (apart from some gratuitous language) was good fun for the babes. Party left-overs, put babes to bed.


Mozilla recently announced a new feature that is being tested in the Firefox browser called “Contextual Identities”. The idea behind this feature is that users will be able to separate different types of browsing into different identities, allowing them to protect their data with more control. The images below were all taken from the announcement page and should provide a good example of how this feature works.

Unlike Private Browsing Mode which is a temporary store, and wipes everything when it ends, these Contextual Identities will allow storage of certain data so that things like history are not lost but cookies and other sensitive data is still protected. You may wonder what makes these different from profiles/users and from what I can tell, its simply that these are more seamless and can be loaded at the same time so all you need to look for is the visual cues to know what context you are browsing in.




All in all I think this is a very neat feature and look forward to seeing how Mozilla improves it in the future (also if Chrome will implement a similar feature). If you are interested in learning more about this feature and how to use it, head on over to the Mozilla announcement here and check it out.

18 June, 2016

Michael Meeks: 2016-06-18 Saturday.

21:00 UTCmember

  • Up earlyish; slugged - cooked breakfast; a 39th birthday - nearly officially 'old'; some nice cards & presents. Barabara & Colin popped in - a nice surprise, and Mary Rogers too - lovely. Prepped for E's party lunch.
  • Into Cambridge on the train with H. and N. - started them on Truckers; went Bowling with the David, E. and lots of small people - fun; home for a party tea, and a series of games.
  • Neve had a sleep-over, plus Simpsons The Movie with E. Bed.

Now that Nextcloud 9 is out, many users are already interested in migration so I'd like to address the why and how in this blog post.

Why migrate

Let's start with the why. First, you don't have to migrate yet. This release as well as at least the upcoming releases of own- and Nextcloud will be compatible so you'll be able to migrate between them in the future. We don't want to break compatibility if we can avoid it!

Of course, right now Nextcloud 9 has some extra features and fixes and future releases will introduce other capabilities. With regards to security, we have Lukas Reschke working for us. However, we promise that for the foreseeable future we will continue to report all security issues we find to upstream in advance of any release we do. That means well ahead of our usual public disclosure policy, so security doesn't have to be a reason for people to move.

Migration overview

If you've decided to migrate there are a number of steps to go through:
  • Make sure you have everything set up properly and do a backup
  • Move the old ownCloud install, preserving data and config
  • Extract Nextcloud, correct permissions and put back data and config
  • Switch data and config
  • Trigger the update via command line or the web UI
Note that we don't offer packages. This has been just too problematic in the past and while we might offer some for enterprise distributions, we hope to work together with distributions to create packages for Nextcloud 9 and newer releases. Once that is done we will of course link to those on our installation page.

There are other great resources besides this blog, especially this awesome post on our forums which gives a great and even more detailed overview of a migration with an Ubuntu/NGINX/PHP7/MariaDB setup.


First, let's check if you're set up properly. Make sure:
  • You are on ownCloud 8.2.3 or later
  • Make sure you have all dependencies
  • Your favorite apps are compatible (with ownCloud 9), you can check this by visiting the app store at apps.owncloud.com
  • You made a backup
Once that's all done, time to move to the next step: cleaning out the old files.

Removing old files

In this step, we'll move the existing installation preserving the data and configuration.
  • Put your server in maintenance mode. Go to the folder ownCloud is installed in and execute sudo -u www-data php occ maintenance:mode --on (www-data has to be your HTTP user). You can also edit your config.php file and changing 'maintenance' => false, to 'maintenance' => true,.
  • Now move the data and config folder out of the way. Best to go to your webserver folder (something like /var/www/htdocs/ and do a mv owncloud owncloud-backup

Deploying Nextcloud

Now, we will put Nextcloud in place.

17 June, 2016

Michael Meeks: 2016-06-17 Friday.

21:00 UTCmember

  • Up; out for a run with J, partner call, mail chew; out for a fine lunch with Bruce & Anne; & J. partner call. Wrote LXF column. Submitted backlog of GCloud6 nul returns.
  • Poked at Elize's computer - apparently un-bootable, Windows MBR corruption; odd.


limba-smallI wanted to write this blogpost since April, and even announced it in two previous posts, but never got to actually write it until now. And with the recent events in Snappy and Flatpak land, I can not defer this post any longer (unless I want to answer the same questions over and over on IRC ^^).

As you know, I develop the Limba 3rd-party software installer since 2014 (see this LWN article explaining the project better then I could do 😉 ) which is a spiritual successor to the Listaller project which was in development since roughly 2008. Limba got some competition by Flatpak and Snappy, so it’s natural to ask what the projects next steps will be.

Meeting with the competition

At last FOSDEM and at the GNOME Software sprint this year in April, I met with Alexander Larsson and we discussed the rather unfortunate situation we got into, with Flatpak and Limba being in competition.

Both Alex and I have been experimenting with 3rd-party app distribution for quite some time, with me working on Listaller and him working on Glick and Glick2. All these projects never went anywhere. Around the time when I started Limba, fixing design mistakes done with Listaller, Alex started a new attempt at software distribution, this time with sandboxing added to the mix and a new OSTree-based design of the software-distribution mechanism. It wasn’t at all clear that XdgApp, later to be renamed to Flatpak, would get huge backing by GNOME and later Red Hat, becoming a very promising candidate for a truly cross-distro software distribution system.

The main difference between Limba and Flatpak is that Limba allows modular runtimes, with things like the toolkit, helper libraries and programs being separate modules, which can be updated independently. Flatpak on the other hand, allows just one static runtime and enforces everything that is not in the runtime already to be bundled with the actual application. So, while a Limba bundle might depend on multiple individual other bundles, Flatpak bundles only have one fixed dependency on a runtime. Getting a compromise between those two concepts is not possible, and since the modular vs. static approach in Limba and Flatpak where fundamental, conscious design decisions, merging the projects was also not possible.

Alex and I had very productive discussions, and except for the modularity issue, we were pretty much on the same page in every other aspect regarding the sandboxing and app-distribution matters.

Sometimes stepping out of the way is the best way to achieve progress

So, what to do now? Obviously, I can continue to push Limba forward, but given all the other projects I maintain, this seems to be a waste of resources (Limba eats a lot of my spare time). Now with Flatpak and Snappy being available, I am basically competing with Canonical and Red Hat, who can make much more progress faster then I can do as a single developer. Also, Flatpaks bigger base of contributors compared to Limba is a clear sign


Dear Tumbleweed users and hackers,

It has been a very busy week, but it has shown how much enthusiasm every contributor puts into Tumbleweed. There have been again 4 snapshots released (0609, 0611, 0612 and 0613) and this marks the end of ‘Tumbleweed being built using GCC 5’. As usual, one end is just the beginning of something new: starting with Snapshot 0614 (or any higher number, in case openQA won’t agree) the entire distribution is built using GCC 6 as compiler.

Let’s first look back what the four snapshots delivered:

  • QEmu 2.6.0 (we were at 2.4 for way too long, and missed openGL support)
  • Wayland 1.11.0 – stable release (you already enjoyed the RCs though)
  • Mozilla Firefox 47.0
  • Linux kernel 4.6.2 – Some broadcom users were waiting for that
  • A lot of YaST updates – See also the YaST reports for what nice things they work on

What can we expect from the future? As mentioned, snapshot 0614 is currently being built using GCC 6. This will be a rather large update, as literally everything is being rebuilt again. After being in Stagings for quite a while, everything up to Ring2 (stuff on the DVD, ~2200 packages) built. With GCC 6 now being the default compiler, it was expected that quite some of the non-ring packages (another ~ 7000 packages!) will cause some trouble. The build is not all done yet, but we are at around 200 errors that need fixing (see boo#984984 for a reference what still needs work).

And despite all this, no contributor is getting tired and many more, even bigger updates are scheduled in the Staging areas:

  • Qt 5.6.1 – some important bug fixes it seems
  • KDE Applications 16.04.2
  • KDE Framework 5.23.0
  • TeXLive 2016
  • GIT 2.9.0

If there is anything you want to discuss with the community, next week is THE opportunity, as the openSUSE conference will be held in Nuremberg, starting Wednesday, June 22nd. I am looking forward to see you there.

A note regarding the breakage we had seen in snapshot 0605 (pam config files getting overwritten): we have since configured a new test in openQA that installs a current Tumbleweed snapshot and will try to update this new install right to the snapshot that is being tested. This should help us catch such issues next time around.

Let’s have a lot of fun


This week I was invited by Memblaze to give a talk on Data Center Technology Conference 2016 about Linux MD RAID performance on NVMe SSD. In the past 3 years, Linux community make a lot of effort to improve MD RAID performance on high speed media, especially on RAID456. I happen to maintain block layer for SUSE Linux, back port quite a lot patches back to Linux 3.12.

From this talk, I list a selected recognized effort from Linux kernel community on MD RAID5 performance improvement, and how much performance data is increased by each patch (set), it looks quite impressive. Many people contribute their talent on this job, I am glad to say “Thank you all ” !


A slide in Mandarin of this talk can be found here, currently I don’t have time to translate it in English, maybe several months later …

16 June, 2016

Michael Meeks: 2016-06-16 Thursday.

21:00 UTCmember

  • Up early; sometimes it is annoying getting https:// certificates right; but then I poke Orange's website to top-up H's phone - and discover a litany of failures: poor certificates, scripts loaded from elsewhere etc. fun.
  • Postal voted (somewhat reluctantly) for 'Remain' (for now) in the EU election. Built ESC stats. ESC call, JanI call.

Older blog entries ->