Tue, Jan 14th, 2025
OpenVINO with Generative AI
The openSUSE Innovator initiative and the Intel Innovator program play a crucial role in ensuring that the openVINO repository remains up to date for the openSUSE Linux distribution community, which I continually to strive to help.
OpenVINO (Open Visual Inference and Neural Network Optimization) is one of the most crucial tools in the AI ecosystem, especially for applications requiring optimized performance for deep learning model inference. The 2024.6.0 release that arrived in Tumbleweed brings significant advancements in compatibility, optimizations and support for complex models, including those used in Generative AI, such as Large Language Models (LLMs).
The Importance of OpenVINO on openSUSE Linux
- Seamless Hardware and Software Integration: OpenVINO provides native acceleration for Intel CPUs and GPUs while maintaining flexibility to support other platforms. When paired with openSUSE Linux’s optimized kernel and advanced library compatibility, OpenVINO reaches its full potential.
- Generative AI in Open Source: In the era of Generative AI, tools like OpenVINO democratize access to cutting-edge technologies and allow developers of all levels to create advanced solutions directly on openSUSE without requiring expensive proprietary hardware.
- Performance and Efficiency: OpenVINO significantly reduces inference times and resource usage, which is a critical feature for LLM-based applications processing large amounts of data in real-time.
- Developer Simplicity: One of OpenVINO’s greatest advantages is its accessibility. It enables even beginner developers to build robust applications with minimal code while still offering flexibility and customization for advanced projects.
Building an LLM Application in 3 Lines of Code
With OpenVINO, creating an application using a generative language model is as simple as:
import openvino_genai as ov_genai
pipe = ov_genai.LLMPipeline("TinyLlama-1.1B-Chat-v1.0/", "CPU")
print(pipe.generate("Openvino é", max_new_tokens=100, do_sample=False))
This simplicity highlights how OpenVINO allows seamless integration of Generative AI technologies into openSUSE Linux, combining optimization with ease of use.
Conclusion
The presence of OpenVINO on openSUSE Linux reinforces the role of open source in leading technological advancements in the AI era. It empowers businesses, independent developers and enthusiasts to build efficient, scalable and impactful applications. With tools like OpenVINO, openSUSE positions itself as a powerful platform for innovation in Generative AI.
Feedback and suggestions for the evolution of work can be sent to Alessandro de Oliveira Faria (A.K.A. CABELO) cabelo@pensuse.org
pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013)
Table of Contents
- 1) Introduction
- 2) Improper use of
PAM_IGNORE
Return Values - 3) Upstream Bugfix
- 4) Remaining Uses of
PAM_IGNORE
- 5) Possible Workaround
- 6) Timeline
- 7) References
1) Introduction
The pam-u2f module allows to use U2F (Universal 2nd Factor) devices like YubiKeys in the PAM authentication stack. The hardware tokens can be used as a second authentication factor, or to allow password-less login.
We have been checking all PAM modules in the openSUSE code base for bad return
values. During this effort we found that improper use of PAM_IGNORE
return
values in the pam-u2f module implementation could allow bypass of the second
factor or password-less login without inserting the proper device.
This report is based on pam-u2f release 1.3.0.
2) Improper use of PAM_IGNORE
Return Values
PAM modules basically consist of a set of hook functions that are invoked by
libpam based on the active PAM stack configuration. Each PAM module function
returns an int
containing one of the PAM_*
return
values defined in the libpam headers. These return
values are vital for the outcome of a PAM authentication procedure, since
libpam reports authentication success or failure depending on the return
values encountered while processing the modules configured in the auth
management group of the active PAM stack configuration.
The main business logic of the pam-u2f module is found in function
pam_sm_authenticate()
, which contains multiple code
paths that will result in a PAM_IGNORE
return value. The following is a list
of the possible situations that can cause this to happen:
- if an error occurs in
gethostname()
. - if various memory allocation errors occur in
strdup()
orcalloc()
. - if
resolve_authfile_path()
fails (which fails ifasprintf()
fails). - if
pam_modutil_drop_priv()
orpam_modutil_regain_priv()
fail.
Returning PAM_IGNORE
signifies to libpam that the pam-u2f module shall not
contribute to the return value that the application obtains. If no module
reports a decisive return value, then libpam will report an authentication
failure by default. However, if any other module in the auth
management group returns PAM_SUCCESS
, and no module marks an error
condition, the overall result of the authentication will be “success”.
How exactly this can happen is explored in the rest of this section.
In the pam-u2f documentation two main use cases for the PAM module are stated:
# as a second factor
auth required pam_u2f.so authfile=/etc/u2f_mappings cue
# for password-less authentication:
auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue pinverification=1
In the “second factor” scenario, a PAM_IGNORE
return from pam-u2f means that
login will be possible without actually providing a second factor. The first
factor authentication module (typically something like pam_unix
) will set a
PAM_SUCCESS
return value, which will become the overall authentication
result.
In the “password-less” authentication scenario, when pam-u2f is used
exclusively for authentication, a PAM_IGNORE
return could mean that login
will succeed without providing any authentication at all. The precondition for
this is that another module in the auth
management group returns
PAM_SUCCESS
. There exist utility modules that don’t actually authenticate
but perform helper functions or enforce policy. An example is the
pam_faillock
module, which can be added to the
auth
management group to record failed authentication attempts and lock the
account for a certain time if too many failed attempts occur. This module will
return PAM_SUCCESS
when running in “preauth” mode and if the maximum number
of failed attempts has not been reached yet. In such a case PAM_SUCCESS
would become the overall authentication result when pam-u2f returns
PAM_IGNORE
.
An attacker can attempt to provoke a situation that results in a PAM_IGNORE
return value in pam-u2f to achieve one of these outcomes. In particular,
provoking an out-of-memory situation comes to mind - for example if a local
attacker already has user level access and wants to escalate privileges via
sudo
or su
.
3) Upstream Bugfix
We suggested to upstream to change the problematic PAM_IGNORE
return values
to others that mark the authentication as failed, e.g. PAM_BUF_ERR
for
memory allocation errors or PAM_ABORT
for other critical errors. Furthermore
we suggested to harmonize the error handling in the affected function, because
different styles of return values have been used in
the retval
variable (PAM_*
constants mixed with literal integers returned
from sub-functions).
Upstream implemented a bugfix along these lines, which is available in commit a96ef17f74b8e4. This bugfix is available as part of release 1.3.1. Yubico also offer their own security advisory for this CVE.
4) Remaining Uses of PAM_IGNORE
PAM_IGNORE
should only be used in clearly defined circumstances, like when
necessary configuration for the PAM module is missing. Even then, this
behaviour ideally should require an explicit opt-in by administrators, by
passing configuration settings to the module’s PAM configuration line.
Two such cases remain in pam-u2f with the bugfix applied. These cases trigger if no auth file exists for the user to be authenticated and if the “nouserok” option has been passed to the PAM module.
5) Possible Workaround
If applying the bugfix is not possible right away, then a temporary workaround
for the issue can be applied via the PAM stack configuration by changing
the pam_u2f
line as follows:
auth [success=ok default=bad] pam_u2f.so [...]
This way even a PAM_IGNORE
return in pam_u2f.so
will be considered a bad
authentication result by libpam.
6) Timeline
2024-11-20 | We reported the issue to Yubico security, offering coordinated disclosure. |
2024-11-22 | Yubico security accepted coordinated disclosure and stated that they are working on a fix. |
2024-12-06 | Yubico security notified us that a bugfix release is planned in early January. |
2024-12-12 | Yubico security shared their suggested bugfix with us. We sent back minor suggestions for improvement. |
2025-01-08 | Yubico security informed us of the release date of 2025-01-14. |
2025-01-10 | Yubico security shared the CVE identifier and their formal security advisory with us. |
2025-01-14 | The upstream bugfix release 1.3.1 has been published as planned. |
7) References
Mon, Jan 13th, 2025
LXQt Wayland support is now here
With the release of LXQt 2.1, we are pleased to announce the availability of Wayland compatibility for LXQt within Tumbleweed.
This support is to be considered experimental at this point, and for most users, is likely not ready for daily driving.
LXQt, unlike many other desktop environments, does not provide its own Window Manager. Under X11, the openSUSE-LXQt team defaults to using Openbox as its Window Manager. This decision carries over from upstream to the new Wayland support; the initial release of lxqt-wayland-sessions supports the following Wayland Compositors:
At present, not all of LXQt’s built-in configuration tools work with all compositors, nor do all compositors support all features of LXQt components. Most notably:
- lxqt-globalkeys does not work with Wayland, and setting keybinds must be done through each individual compositor’s configuration files.
- lxqt-panel’s desktop switcher, and LXQt Power Manager’s settings for controlling displays are only compatible with KWin.
- With the exception of KWin and labwc, configuration is done by editing the text configuration files of individual compositors. KWin can be configured through GUI tools, provided the relevant parts of KDE System Settings are installed. labwc offers labwc-tweaks, which allows certain configurations through a GUI, but it is not comprehensive.
The openSUSE-LXQt team is not currently making any recommendations as to a “default” Wayland compositor for LXQt since this support is still in active development, but we do make the following suggestions to help you decide. If you don’t know which compositor you would like to try, take the following considerations:
- KWin provides the most complete Wayland session, workspace support, and with the right parts of Plasma installed, can be configured through the GUI rather than by editing text files.
- labwc is roughly based on the idea of “Openbox for Wayland” and will feel more “at home” for existing LXQt users.
- If you prefer Floating/Stacking desktops, Kwin, labwc, or Wayfire are your best current choices.
- If you like tiling desktops, Hyprland, niri, river, or Sway may be to your liking.
- If you like lots of desktop effects and “bling”, Kwin, Hyprland, or Wayfire are probably good places to start.
For more detailed information, please visit the openSUSE LXQt Wayland wiki.
Fri, Jan 10th, 2025
Tumbleweed – Review of the week 2025/01 & 02
Dear Tumbleweed users and hackers,
Welcome to 2025! While we were all celebrating, some people continuously felt the urge to work on packages for Tumbleweed. Tumbleweed kept rolling, as we ensured the staging and openQA results would be monitored even during this time. This review will try to cover the most relevant changes since snapshot 20241218 and include things up to 20250108, which is the latest snapshot published as of this writing. I will thus cover 11 snapshots.
The most relevant and exciting things that have been delivered were:
- Linux kernel 6.12.6 & 6.12.8; FBDEV has been disabled
- LLVM 19.1.6
- PHP 8.3.15
- Qemu 9.2.0
- Systemd 256.10
- XFCE 4.20.0
- Shadow 4.17.0 & 4.17.1
- Samba 4.21.2
- KDE Plasma 6.2.5
- Poppler 24.12.0
- Mesa 24.3.3
- Ruby 3.4: all rubygems have been rebuilt for version 3.4 and the ruby3.3-rubygem packages have been dropped.
- Xen 4.20.0
The staging areas are already well filled up and the following things are works in progress:
- Removal of Python 3.10 module packages (we now build for 3.11, 3.12, and 3.13, with Python 3.11 still being the distro default interpreter)
- KDE Gear 24.12.1
- Mozilla Firefox 134.0
- Linux kernel 6.12.9
- Systemd 257
- RPM 4.20: a few caveats to consider: %patch is now a regular macro, and #%patch might not do what you’d expect. Commented-out lines should always escape % or use %dnl to comment out lines in a spec file. The usage of noarch and ifarch in a spec file are mutually exclusive, as are noarch and the usage of %_libdir.
Thu, Jan 9th, 2025
New Year Starts with Slowroll Version Bump
The openSUSE Slowroll community has welcomed the January version bump that was completed recently.
Slowroll’s snapshots mark the beginning of fresh updates with the initial updates now accessible on mirrors globally.
This month’s bump comes a day early to avoid interruptions caused by routine maintenance on critical infrastructure. Updates are rolling out and users get new Tumbleweed versions from the 20250101 snapshot.
The updates integrate advancements from the openSUSE reproducibility initiative, which derive from Factory/Tumbleweed. Key improvements include enhanced tools for reproducible builds and fixes for dependency handling, parallelism and race conditions in packages such as Python, Qt and others.
Slowroll’s smart roll approach delivers a dependable foundation for users seeking a reliable system with essential security updates that avoid frequent changes seen in traditional rolling-release models. The balance makes it an excellent choice for those who want a balance of stability and access to modern software.
Updates for Slowroll arrive between an average of 5 to 10 days after being released in Tumbleweed. Users can read the latest monthly update for Tumbleweed to see what packages are arriving in Slowroll; recent updates include QEMU 9.2.0, which adds 3D acceleration for Vulkan apps and enhanced crypto support, and GPG 2.5.2, which features ECC+Kyber key generation and improved smart card handling.
While still marked as experimental (for lack of automated tests), Slowroll continues to evolve and offers users a dependable and innovative alternative in the openSUSE ecosystem.
For more details, visit the project’s roadmap.
Wed, Jan 8th, 2025
I am still looking for a SoftIron OverDrive replacement
Yes, I know. Bad title. After so many years only a handful of people will decipher it that I am looking for an affordable and standards compliant ARM machine for Linux & FreeBSD. It refers to a machine released 8 years ago, and a blog I wrote 4 years ago: The ARM developers workstation: Why the SoftIron OverDrive 1000 is still relevant
The good news is that since my previous blog there is a lot more ARM hardware available. The bad news is that the problems remained the same: ARM hardware is either standards compliant or affordable. It is a huge spectrum, where you can decide on your own compromise. Cheap, slow, non-compliant. Expensive, fast, standards compliant. And many variants in between.
-
The Raspberry Pi did a fantastic job to make Linux on ARM affordable. However these boards are not standards compliant. They come with their own Linux-based OS, and you have to port your own, if you want to use something different. OpenSUSE, my favorite Linux distribution is still not ported to the latest Raspberry Pi.
-
There are many more ARM SBCs (Single-board computer) available on the market. Cheap, but lack standards compliance, and often support is unavailable in the upstream Linux / FreeBSD kernel. Even running the supplied distribution image can be problematic, not to mention a random Linux distro freshly downloaded from the Internet.
-
When Apple switched to ARM, Linux was ported to it relatively quickly. These machines are still not standards compliant, but at least they look stylish and provide a good performance. The Asahi Linux project does a fantastic job enabling Linux on Apple Silicon.
-
Ampere does a nice job on standards compliance. As far as I am aware, you can install any Linux distributions or FreeBSD on it, without any extra effort. However, it comes at a price, literally :-) Just check these stylish workstations at System76: Thelio Astra
-
It is going to be expensive too, but I am also looking forward to Nvidia’s upcoming desktop supercomputer: Project DIGITS. I am just learning AI, and this box seems to be the ideal for testing / developing AI applications.
-
Finally an ARM Laptop built for Linux: the Tuxedo Snapdragon X Elite notebook. It is not yet available, but I expect it to be more on the affordable end. The question is standards compliance, I read too many contradicting info on this topic. We will hopefully see it soon! And a related news from CES, probably even more forward looking: https://www.engadget.com/computing/qualcomms-snapdragon-x-chip-will-power-more-affordable-copilot-pcs-104029263.html
So, what will be my next ARM-based machine? Right now I am checking if the Raspberry Pi 500 is available here in Hungary. But I follow ARM news, just in case :-)
If you have any feedback on my blog, you can comment on one of the following threads:
Tumbleweed Monthly Update - December 2024
Tumbleweed continues to exemplify a solid rolling release and December 2024 wraps up a year of several snapshots and large array of updates! KDE Gear 24.12 improves app usability, SQLite introduces innovative query features and snapshots brought critical patches across various packages for enhanced security. These updates not only strengthen functionality but also set the stage for an exciting 2025.
As always, remember to roll back using snapper if any issues arise.
Happy updating and tumble on!
For more details on the change logs for the month, visit the openSUSE Factory mailing list.
New Features and Enhancements
- KDE Gear 24.12: This update delivers many enhancements across KDE’s diverse application suite. Dolphin now boasts better keyboard navigation, file sorting and a new mobile-optimized interface for Plasma Mobile. Document viewer Okular enhances its annotation, form-handling and digital signing capabilities, while Kdenlive introduces features like timeline item resizing and proxy generation improvements. Other apps like certificate manage Kleopatra and KDE Connect also see notable upgrades that ncludes improved cryptography tools and improved Bluetooth connectivity.
- KDE Ships Frameworks 6.9.0: Key highlights include better accessibility, improved file handling and updated icon sets across various modules. Frameworks like Baloo and Kirigami received significant updates for test reliability and usability, while Breeze Icons introduced new symbolic versions for better UI consistency. The transition to Qt6 progresses with many components now optimized for compatibility, and new Python bindings extend functionality in multiple libraries. Other improvements address cryptographic handling, better integration with Flatpak, and fixes for platform-specific builds like Haiku.
-
sqlite 3.47.1 & 3.47.2: The 3.47.1 version fixes makefile
DESTDIR
handling, addresses issues with certain IN queries and resolves bugs from prior releases. The upgrade introduces arbitrary expressions for RAISE, enhanced query optimizations, improved group_concat behavior and new CLI features likemedian()
and.www
. Several query planner improvements boost performance, while SQLite now avoids “long double” usage for better compatibility. Additional enhancements include custom locale-aware FTS5 tokenizers, contentless FTS5 tables, and an experimentalsqlite3_rsync
tool. Compatibility for TCL9 is added, and JavaScript OPFS VFS issues are fixed. The 3.47.2 version resolves a text-to-floating-point conversion issue affecting specific numeric text values on x64 and i386 systems, introduced in version 3.47.0. Minor bug fixes are included, and the session extension is now enabled to support NodeJS 22. - Kernel-firmware 20241128: This introduces extensive updates that include the i915 Xe2LPD DMC v2.24, new Cirrus CS35L56 firmware for Dell laptops, and multiple amdgpu updates. It also adds new aliases for kernel 6.13-rc1 and enhances support for various AMD GPUs, iwlwifi and other devices.
- gpg 2.5.2: This update introduces ECC+Kyber key generation, trustdb validation post-key import and improved handling of expired trusted keys. Enhancements include fixes for encryption issues, robust error handling for smart cards and performance boosts for certificate listings. Other updates refine ADSK key usage, address database race conditions and optimize directory creation during extraction.
- curl 8.11.1: This release addresses a critical security issue involving netrc and redirect credential leaks. Improvements include fixes for cookie handling, enhanced trace timestamps and better error messaging for expired certificates. Updates also resolve issues with netrc parsing, libssh IPv6 handling and HTTP content decoding.
Key Package Updates
- Kernel Source 6.12.6: The kernel introduces numerous improvements and fixes. Key updates include enhanced USB support, addresses issues in device suspension and improves audio compatibility for specific devices. Other notable fixes involve enhancements to scheduling, block storage, network protocols and RISC-V architecture. It also includes critical patches for BPF, IOMMU, and several drivers.
-
Flatpak 1.15.12: This fixes crashes during app installations by reverting to process IDs in cgroup names, introduces USB metadata parameters (
--usb
,--no-usb
), enhances accessibility with--a11y-own-name
, improves debugging withflatpak run -vv
, adds KDE search completion support and includes build fixes, updated dependencies, and memory leak resolutions. -
systemd 256.9 and 256.10: This 256.9 update clarifies
$WATCHDOG_USEC
usage for the shutdown binary and addresses SAS wide ports inudev-builtin-path_id
. It reverts a commit causing regressions, disables EFI on non-compliant architectures, and removes/run/systemd
when switching root. The 256.10 update includes fixes for VLAN ranges, improved WireGuard key error reporting and adjustments tosystemctl
for better user feedback. -
LLVM 19.1.5 and 19.1.6: This minor update provides bug fixes and the
llvm-do-not-install-static-libraries.patch
was rebased to align with the update. - qemu 9.2.0: This update introduces 3D acceleration for Vulkan apps via virtio-gpu, enhanced crypto with SHA-384 support and QATzip migration compression. arm gains FEAT_EBF16 emulation, two-stage SMMU and CPU Security Extensions for xilinx-zynq-a9. RISC-V sees IOMMU support, extensions for control flow integrity and improved vector performance. x86 highlights include a new Nitro Enclave machine type and AVX10 KVM enhancements.
- GStreamer 1.24.10: This update addresses more than 40 security vulnerabilities in components like MP4, Matroska and Ogg demuxers and includes fixes for avviddec assertions, appsink/appsrc, decodebin3, closed captioning and pipeline graph generation.
- vim 9.1.0908: This update includes new file type recognitions, enhancements to documentation, better syntax support for various languages and numerous bug fixes across features like completion, file operations, and plugins. It also refreshes translations and improves runtime components like netrw and termdebug.
-
libzypp 17.35.15: This update updates to treat
=
as a safe character in URL query values, adds support for recognizingrpmdb.sqlite
as a database file, fixes a typo and adjusts the FastCGI header. -
gedit 48.1: This update removes plugins like External Tools, Snippets and Python Console. The package rewrites the Text Size plugin in C, and eliminates the background-pattern grid feature. Fixes include Wayland unmaximize bug and compilation warnings, alongside code refactoring and updated translations. The
gedit-plugins-python-env.patch
was dropped as obsolete. -
AppStream 1.0.4: This release brings new features, including
AS_BUNDLE_KIND_SYSUPDATE
for system updates and dark theme support for Plasma and Pantheon. Improvements were made to memory size detection for Illumos, Solaris, and GNU/Hurd along with enhanced branding color exposure in Qt. Bug fixes address race conditions in GResource loading, timezone handling and legacy compatibility tags.
Bug Fixes and Security Updates
Several key security vulnerabilities were addressed this month:
-
avahi:
- CVE-2024-52616: Predictable Avahi-daemon DNS transaction IDs enable potential spoofing attacks.
-
mozjs128 128.5.1:
- CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL.
- CVE-2024-11692: Select list elements could display over another site.
- CVE-2024-11694: CSP bypass and XSS exposure via Web Compatibility Shims.
- CVE-2024-11695: URL bar spoofing through manipulated Punycode and whitespace characters.
- CVE-2024-11696: Unhandled exception during add-on signature verification.
- CVE-2024-11697: Improper keypress handling in executable file confirmation dialog.
-
curl 8.11.1:
-
CVE-2024-11053: Versions 6.5–8.11.0 leaked
.netrc
passwords during HTTP redirects.
-
CVE-2024-11053: Versions 6.5–8.11.0 leaked
-
libheif:
- CVE-2023-0996: Addressed out-of-bounds read and write issues during HEIF file decoding with forged overlay image offsets.
- CVE-2024-41311 : Fixes mitigating vulnerabilities that could lead to memory corruption during malformed HEIF file handling.
- CVE-2023-29659: Enhances overall security and addresses security flaws in HEIF file processing to prevent out-of-bounds access.
-
socat 1.8.0.2:
- CVE-2024-54661: Predictable temp file paths in socat may allow arbitrary file overwrites.
-
emacs:
- CVE-2024-53920: On untrusted Emacs, Lisp code can trigger unsafe macro expansion, allowing arbitrary code execution.
Conclusion
December 2024 capped off the year with significant updates. Notable enhancements include QEMU’s improved virtualization features, systemd’s refined user feedback and hardware compatibility, and the kernel’s advancements in boosting device support and performance. Updates to Flatpak and AppStream further enhance the ecosystem, providing better app management and integration. As Tumbleweed users roll into 2025, they can count on a comfortable, secure open-source software experience. Happy tumbling!
Slowroll Arrivals
Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.
Contributing to openSUSE Tumbleweed
Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
Syslog-ng is coming to EPEL 10
Last December, I added support for EPEL 10 in my unofficial syslog-ng Git snapshot repository. This week, I call for testing the official syslog-ng EPEL 10 package.
Once I saw in my unofficial syslog-ng repo that syslog-ng compiles fine on EPEL 10, I also started to work on the official package. I hit a roadblock immediately: ivykis (a mandatory dependency of syslog-ng) was missing from EPEL 10. So, right before the Christmas holidays, I submitted two missing dependencies I maintain (ivykis and riemann-c-client) to EPEL 10. As of today, all mandatory and most optional syslog-ng dependencies are available either in the base OS or in EPEL 10.
Last week, I submitted syslog-ng 4.8.1 to EPEL 10. Three dependencies are missing, thus the related features are disabled. These missing dependencies are SQL support, MQTT support and SMTP support. I suspect that SQL support will stay missing, while MQTT and SMTP might arrive later on. At least these packages arrived with some delay to EPEL 9.
Read more at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-is-coming-to-epel-10
Tue, Jan 7th, 2025
Board Election Schedule Revised
Members of the openSUSE Election Committee have provided an update regarding this year’s Board election. This election will fill three board seats. All eligible openSUSE members are encouraged to participate in shaping the future of the project.
The nomination process, originally scheduled for completion in December, has been extended due to an insufficient number of candidates. The updated timeline aims to provide more opportunities for members to engage in the process.
Revised Election Timeline
- Jan. 3, 2025: Extension for nominations and applications for Board candidacy; membership drive begins
- Jan. 18, 2025: Final candidate list announced; campaign begins; membership drive continues (new members can vote but not run)
- Jan. 19, 2025: Voting opens
- Feb. 2, 2025: Voting closes
- Feb. 3, 2025: Election results announced
The three open seats are held by Douglas DeMaio, Neal Gompa, and Patrick Fitzgerald. Board members serve as guides for the community, handle key project functions, facilitate initiatives, organize meetings, and manage openSUSE domains and trademarks. They also uphold community standards, including overseeing complaints and ensuring compliance with the openSUSE Code of Conduct.
How to Participate
Any openSUSE member can stand for election by sending an email to project@lists.opensuse.org
and election-officials@lists.opensuse.org
. Members can also nominate others by contacting the Election Committee, who will confirm the nominee’s interest.
Eligibility Requirements
Per the Election Rules, only current members are eligible to run for board positions. New members joining during the membership drive can participate in voting but cannot stand as candidates.
The election is overseen by committee members Ish Sookun, Edwin Zakaria, and Ariez Vachha. Their responsibilities include finalizing the candidate list and ensuring a smooth election process.
Let’s work together to make this election a success and continue driving openSUSE forward into 2025!
Tue, Dec 31st, 2024
Quick howto for systemd-inhibit
Bit of the why
So often I come across the need to avoid my system to block forever, or until a process finishes, I can’t recall how did I came across systemd inhibit, but here’s my approach and a bit of motivation
Motivation
I noticed that the Gnome Settings, come with Rygel
After some fiddling (not much really), it starts directly once I login and I will be using it instead of a fully fledged plex or the like, I just want to stream some videos from time to time from my home pc over my ipad :D using VLC.
The Hack
systemd-inhibit --who=foursixnine --why="maybe there be dragons" --mode block \
bash -c 'while $(systemctl --user is-active -q rygel.service); do sleep 1h; done'
One can also use waitpid and more.
Thank you for comming to my ted talk.