Welcome to Planet openSUSE

This is a feed aggregator that collects what openSUSE contributors are writing in their respective blogs.

To have your blog added to this aggregator, please read the instructions.

23 October, 2019


Podman 101 at the Middlesex University Mauritius

Thanks to Senior Lecturer and Programme Coordinator, Aditya Santokhee, at the Middlesex University Mauritius, my colleague Chittesh & I got to deliver guest talks at the university today.

Podman 101 at the Middlesex University Mauritius

Chittesh, also our local Mozillian, spoke about the Internet Health Report and raised privacy concerns surrounding major online platforms. He mentioned the Cambridge Analytica scandal in particular, especially how that raised public awareness about digital privacy. He added that following the enforcement of the European Union's General Data Protection Regulations (EU GDPR), tens of thousands of violation complaints have been filed. Google was fined €50 million for GDPR violations in France.

His talk was more a message to the young students for them to review their online habits and take a moment to think about digital privacy.

On the other hand I had a semi-technical talk about Pods & Containers. Although we had a lecture theatre fully packed with Computer Science students, I was told they were mostly in second year, I realise that not everyone would be acquainted to Linux containers, or yet Linux itself.

Therefore, I started with a gentle introduction about operating systems and where Linux stands. I asked the students whether they are familiar with virtualization and part of the room answered yes. It made it easier to compare between having an "architecture emulator" to run a virtual machine and a simple isolated environment comprising of a bunch of files. That's the simplest explanation I could give to make the students comfortable with the idea of containers.

Podman 101 at the Middlesex University Mauritius
Podman 101 at the Middlesex University Mauritius

Then, I moved to the topic of Podman, while doing some demos and helping the students learn how podman run ... could make things easier for them. I asked them a few questions about university assignments such as developing an application and the need of having an "environment" to build or test the application. Instead of having a full Linux environment with a bunch of packages installed & configured simply to serve a web application, a single-line of podman could serve those files in an Nginx container. Especially, doing this without a big-fat-daemon, pun intended! 🤓

I briefly talked about Skopeo and I invited the more adventurous students to peek inside of containers and get a better understanding of what they are made of. The key lesson being, magic is for the users not for the engineer.

I ended the talk with this nice slide copied from my openSUSE MicroOS workshop deck from the openSUSE Asia Summit 2019. 😊

Podman 101 at the Middlesex University Mauritius

Slides available at speakerdeck.com/ishwon/podman-101.


It’s time for another YaST team report! Let’s see what’s on the menu today.

  • More news and improvements in the storage area, specially regarding encryption support.
  • Some polishing of the behavior of YaST Network.
  • New widgets in libYUI.
  • A look into systemd timers and how we are using them to replace cron.
  • And a new cool tool for developers who have to deal with complex object-oriented code!

So let’s go for it all.

Performance Improvements in Encrypted Devices

As you may know, we have recently extended YaST to support additional encryption mechanisms like volatile encryption for swap devices or pervasive encryption for data volumes. You can find more details in our blog post titled "Advanced Encryption Options Land in the YaST Partitioner".

Those encryption mechanisms offer the possibility of adjusting the sector size of the encryption layer according to the sector size of the disk. That can result in a performance boost with storage devices based on 4k blocks. To get the best of your systems, we have instructed YaST to set the sector size to 4096 bytes whenever is possible, which should improve the performance of the encrypted devices created with the recently implemented methods.

Additionally, we took the time to improve the codebase related to encryption, based on the lessons we learned while implementing volatile and pervasive encryption. We also performed some additional tests and we found a problem that we are already fixing in the sprint that has just started.

Other improvements related to encryption

One of those lessons we have learnt recently is that resizing a device encrypted with a LUKS2 encryption layer works slightly different to the traditional LUKS1 case. With LUKS2 the password must be provided in the moment of resizing, even if the device is already open and active. So we changed how libstorage-ng handles the passwords provided by the user to make it possible to resize LUKS2 devices in several situations, although there are still some cases in which it will not be possible to use the YaST Partitioner to resize a LUKS2 device.

As a side effect of the new passwords management, now the process that analyzes the storage devices at the beginning of the installation should be more pleasant in scenarios like the one described in the report of bug#1129496, where there are many encrypted devices but the user doesn’t want to activate them all.

And talking about improvements based on our users’ feedback, we have also adapted the names of the new methods for encrypting swap with volatile keys, as suggested in the comments of our already mentioned previous blog post. We also took the opportunity to improve the corresponding warning messages and help texts.

New name and description for encryption with volatile keys

Network and Dependencies Between Devices

Similar to encryption, the network backend is another area that needed some final adjustments after the big implementation done in the previous sprints. In particular, we wanted to improve the management of devices that depend on other network devices, like VLANs (virtual LANs


The openSUSE project informed it's members by mail to vote for a potential name change. The vote ends on 07.11.2019 at 23:59 UTC. In a Wiki article the openSUSE Board and Election Committee have gathered the most important arguments for and against a name change for all members.

The background

In an article the media platform Heise already reported on 12.06.2019 that the openSUSE project is going to build a foundation and might also consider a name and logo change in the process.



Not having faded into the Podcast ether yet, I bring this nonsense to you almost a week late. At least, a week later than I wanted to complete this. In an effort to keep you interested

The 7th Noodling place of unrest


I have been using BTRFS on all of my openSUSE machines without issue. In my quest to build a new multi-roll system to act as a server, workstation and occasional casual desktop use, I wanted to have a storage solution that was very fault tolerant and would allow me to expand my disk size with minimal effort. That is in both replacing individual drives with larger drives and potentially adding another controller card to have more drives.

ZFS is in the news as the new “hotness” for a file system and it does indeed have a lot of the really awesome features BTRFS provides, maybe more but support in Linux doesn’t appear to be as robust as BTRFS. Could my mind change in the future? Absolutely, but for now, until I get the stability of BTRFS on root, the snapshot system and the ease of flexibility in altering the array of storage, I will stick with BTRFS.


Ultra Widescreen Monitors

I have been looking at doing an upgrade to my monitor situation, for numerous reasons. The monitors I am using are of unequal resolution, size and aspect ratio, it has been fine but I am becoming less satisfied with its usability. This is especially true since I started to use some of the tiling techniques built into Plasma. I just happen to need more pixels. Looking at my available options, I became interested in one of these 1440p monitors. My issue is, I am not interested in a curved monitor. I think they look just a bit silly and I don’t stand directly in front of the computer all the time. Interestingly, it seems as though the curved screens are less expensive then their flat counterparts with the same resolution and frequency. Although I would prefer a flat screen, it is more economical and of better specifications to go with the curved model.

I’m not prepared to make a purchase today as I need to do some more research on the subject but I am now very much interested in a single 1440p monitor rather than my two cobbled, odd lots hanging above my laptop.


End to Floppy Drives

US military has been using 8-inch floppy disks in an antiquated ’70s computer to receive nuclear launch orders from the President. Now, the US strategic command has announced that it has replaced the drives with a “highly-secure solid state digital storage solution,” Lt. Col. Jason Rossi

The 8-inch floppy disks have been used in an ancient system called the Strategic Automated Command and Control System, or SACCS.

It’s used by US nuclear forces

22 October, 2019



Our Container Host OS openSUSE MicroOS and our Kubernetes platform openSUSE Kubic are both using transactionl-update to apply patches to the system. This implies that a read-only root filesystem is used. While this has big advantages, like it allows to update a cluster automatically in a safe way, this has one drawback: you need to reboot to activate new installed packages. But what if you want to debug a problem and the utility you need is not installed? Who says, that the problem is still debuggable after a reboot?

For this, we introduced now the toolbox utilitiy with a toolbox container.

toolbox - bring your own tools with you

toolbox is a small script that launches a privileged container to let you bring in yourfavorite debugging or admin tools in such a system. If the container does not contain the utility you need, you can install whatever you want with zypper. toolbox is stateful, if you quit the script and start it later again, the environment is in the exactly same state as when you left it. To reset it, the container image needs to be deleted: podman rm toolbox-<user>. The root filesystem can be found at /media/root.


$ /usr/bin/toolbox
Spawning a container 'toolbox-root' with image 'registry.opensuse.org/opensuse/toolbox'
Container started successfully. To exit, type 'exit'.
toolbox:/ # ls -alF /media/root
toolbox:/ # tcpdump -i ens3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 65535 bytes
toolbox:/ # zypper in vim
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following 5 NEW packages are going to be installed:
  libgdbm6 libgdbm_compat4 perl vim vim-data-common

5 new packages to install.
Overall download size: 9.0 MiB. Already cached: 0 B. After the operation,
additional 49.4 MiB will be used.
Continue? [y/n/v/...? shows all options] (y):
toolbox:/ # vi /media/root/etc/passwd

Advanced Usage

Use a custom image

toolbox uses an openSUSE-based userspace environment called opensuse/toolbox by default, but this can be changed to any container image. Simply override environment variables in $HOME/.toolboxrc, where every entry is optional:

toolbox configuration file
# cat ~/.toolboxrc

Root container as normal user

toolbox called by a normal user will start the toolbox container, too, but the root filesystem cannot be modified. Running toolbox with sudo has the disadvantage, that the .toolboxrc from root and not the user is used. To run the toolbox container with root rights, toolbox --root has to be used.

Automatically enter toolbox on login

Set an /etc/passwd entry for one of the users to /usr/bin/toolbox:

useradd bob -m -s /usr/bin/toolbox

Now when SSHing into the system as that user, toolbox will automatically be started:

# ssh bob@hostname.example.com
Last login: Thu Oct  3 16:52:16 2019 from
.toolboxrc file detected, overriding defaults...
Container 'toolbox-bob 

20 October, 2019


I don’t do Public Transport! I’d heard that parking in Manchester was not only a nightmare and that you would have to sell your children into slavery to pay the parking fee for a few hours so with that in mind I decided to use the train. Now to get to Manchester by car from … Continue reading "The fight to get home from Oggcamp 2019"

Ish Sookun: Krakathon 🐙

15:14 UTC


Krakathon 🐙

Krakathon - the hackthon with a Kraken - kicked off on Saturday 19 October at the Caudan Arts Centre in Port-Louis.

Krakathon 🐙

LSL Digital didn't participate this year due to other priorities. However, some of my colleagues participated individually as Team Kalchul. Shelly & I stopped by the venue during the evening to meet folks in various teams and wish them luck.

Krakathon 🐙

The event was happening at the conference centre at the ground floor level. The room was fully packed. I'm told there are 55 teams with over 200 participants. I believe this is the first time that Krakathon reached such high level of.

My colleagues Yusuf, Nirvan, Jules and Kushul from team Kalchul were focused on solving the challenges at about 21h30 when I met them. Most of the teams were busy scoring points. A few tired faces here and there but the overall enthusiasm looked good.

Oh... while meeting folks from other teams, look what I found. 😊

Krakathon 🐙openSUSE & LSL Digital stickers :)

Today, we went back to the Caudan Arts Centre at around an hour before the event ends. Some teams had left while a few others had already started packing up. Everyone had a weary face due to the lack of sleep. However, some folks were still trying to score points and wouldn't waste this last hour - fighter's spirit I would say.

The competition ended shortly before 14h00 and the final scoreboard looked like this.

Krakathon 🐙

A special students' prize went to ALU's "The Razers" team.

Lazy Pirates came third. Binary Beast & Black fire scored the same amount of points and were both declared second. The efforts of team Kalchul paid up and they won the Krakathon 2019! 🎉 🎊

Krakathon 🐙

openSUSE.Asia Summit 2019

“All the honor belong to our strong local committee and staff”

This year, openSUSE.Asia summit 2019 host in Indonesia again. 

Let’s see somes video first :)

Highlight openSUSE Asia Summit 2019 - Day 1

Highlight openSUSE Asia Summit 2019 - Day 2

There are some good photos in flickr group [2]

It’s great  to have almost 350 geeko in openSUSE.Asia Summit 2019.

Before the openSUSE.Asia summit, we have community meetup with openSUSE Board member.

All the openSUSE guys from different area - brainstorming for how to grow up and make everyone love and know openSUSE :)

For the Keynote with openSUSE board

It’s surprise - Gerald Pfeifer take a greeting from Melissa Di Donato :) 

It’s great to hear SUSE / openSUSE status from openSUSE Board.

My talk is “openSUSE Kubic - The easy and fast way to deploy kubernetes with openSUSE”

And also co-work with Sunny’s talk “ We are openSUSE Asia Community ”

Report about
“Introduce TSP application” http://bit.ly/sakana2019100502 

“openSUSE local activities in each site - Taiwan”
Slide: http://bit.ly/sakana2019100503 

Also my pleasure to give openSUSE.Asia Book to Indonesia team Again :)  
  • From Taiwan team to Indonesia team
  • The best way is AL give to Indonesia team, but AL is not here this year  QQ

I want to thank all our sponsors
Without our sponsors, we can't have such lovely summit.

Thanks everyone come to openSUSE.Asia Summit.
Thanks all friends come to together, smiles - make us get together.

I wish I could keep contribute to openSUSE.
-Fun and share-


18 October, 2019


Dear Tumbleweed users and hackers,

Another week has passed with again four snapshots published. This pace seems to be holding pretty solid and I think it’s not the worst speed there is. During this week, we have released the snapshots 1011, 1012, 1014 and 1016. As usual, some were smaller, some were bigger.

The changes include:

  • GStreamer 1.16.1
  • Linux kernel 5.3.5
  • KDE Plasma 5.17.0
  • KDE Frameworks 5.63.0
  • KDE Applications 19.08.2
  • LLVM 9.0 (added to the repo, but not yet the default llvm version in use)

The staging areas (and the next snapshot in production) already contain some updates again. Those include:

  • GNOME 3.34.1 (finally!)
  • Kubernetes 1.16
  • Mesa 19.2
  • openssl 1.1.1d: breaks nodejs8, nodejs10 and python3
  • More work to support /usr/etc
  • LLVM 9.0 as the default when using llvm

Besides all this, I’d like to bring yout attention to a change done to the setup of the openSUSE:Factory/snapshot build target. You can read all the needed information in the post published on the Factory mailing list at https://lists.opensuse.org/opensuse-factory/2019-10/msg00142.html

17 October, 2019


I am not one to just toss something when it is broken. I want to give every piece of equipment a shot at another life whenever possible. Somethings do have to go to the big recycler in the sky but not without some kind of fight at my end.

I couple years back when I thrusted myself into the foray of “modern” gaming, I purchased two of these “Rock Candy” Gamepads from a local retailer. This was for my first Steam Game purchase, River City Ransom: Underground. They worked quite well but having kids with passion bubbles very near the surface, gamepads have a tendency to go flying or falling from time to time.

After some time of play, one had a fall too many and the plastic broke that held the batteries in place on one controller. Within a week, the other decided it would no longer turn on. Both controllers were put away into storage, until yesterday.

My oldest son asked if they could be fixed and I suggested that we could take the board from one and put it in the body of the other. He said he wanted to do it. I supplied some tools, provided just a bit of guidance and my 8 year old took the screw driver to task. I guided him on disassembly and used a magnetic bowl to hold the screws so didn’t roll away.

When he started to put it together, he asked how to do it, to which I gave the proper fatherly advice, “just like taking it apart, but in reverse!” Surprisingly, that was enough. I just made sure that the Left and Right Bumpers PCBs was correctly placed. He knew what screws went where and placed everything just right.

I double checked the screws to ensure that they were all snugged up properly, popped in some batteries and we were off to the races. There is only just a bit of confusion now as the blue controller now goes to the green dongle.

In another proud moment, my boy turned to a SNES emulator and played Super Mario All-Stars. Those old games are still fun to play today, even for the youth, which is a testament to the fun-gineering of yeaster-year

Final Thoughts

Technology is certainly a fun thing to play with but it is so much more fun to pass on the joy of owning your technology to your kids. The amount of confidence my boy has earned through this exercise is worth far more than the cost of both of the controllers. I am hoping this sparks a flame for a passion for technology, not just in using but in creating and imagining new ways to use technology. I am quite sure that his abilities that will far surpass my own.


Actually, this journey begins in 2015. I attending Indonesia Linux Conference, that's the first time I meet people from openSUSE Indonesia. Mr. Edwin Zakaria. I remember, he gave me Alex the Gecko T-Shirt from Babacucu.com. My first openSUSE T-shirt. After attending the conference. I also invited to KPLI (Kelompok Pengguna Linux Indonesia: it's like Indonesian … Continue reading openSUSE Asia Summit 2019: Summit Preparation

The post openSUSE Asia Summit 2019: Summit Preparation appeared first on dhenandi.com.

FOSSCOMM 2019 - Lamia

FOSSCOMM (Free and Open Source Software Communities Meeting) is a Greek conference aiming at free-software and open-source enthusiasts, developers, and communities. This year was held at Lamia from October 11 to October 13.

It is a tradition for me to attend to this conference. Usually I have presentations and of course booths to inform the attendees about the projects I represent.

This year the structure of the conference was kind of different. Usually the conference starts on Friday with "beer event". Now it started with registration and a presentation. Personally I made my plan to leave from Thessaloniki by bus. It took me about 4 hours on the road. So when I arrived, I went to my hotel and then waited for Pantelis to go to the University and setup our booths.

FOSSCOMM 2019 - Stathis at openSUSE and GNOME booth

ALERT: Long projects presentation...

Our goal was to put the stickers and leaflets on the right area. This year we had plenty of projects at our booths. We met a lot of friends at Nextcloud conference and we asked them for brochures and stickers. So this year our basic projects were Nextcloud and openSUSE (we had table cloths). We had stickers from GNOME (I had couple of T-Shirts from GUADEC just in case someone wanted to buy one). Since openSUSE sponsorts GNU Health, I was there to inform students about it (it was great opportunity since the department organizing was Bioinformatics department). We had brochures, stickers, chocolate and pencils from ONLYOFFICE, also we had promo material from our friends Turris. We are happy that Free Software Foundation Europe gave us brochures when we were in Berlin, and we were able to inform attendees about the campaigns and the work they are doing for us. We met Collabora guys also and we asked them if they want to promote them, since Collabora and Nextcloud are working together. Finally, our friends from DAVx5, gave us their promo material since the program works with Nextcloud so well.

I warned you!!! Well the first day we met the organizers and the volunteers. I was surprised by the number of volunteers and their willing to help us (even with setting up the booths). The first day ended with going out to eat something. Thank you Olga for introduce us to FRESCO. I used to eat at FRESCO when I was in Barcelona. I guess they're not franchise :-)

Well Saturday started with registration. We put more swag on the booth (we saw that last night they took almost everything). Personally I went to meet other projects. I was glad that my friend Julita applied to present what she's doing at the university (Linux on Supercomputers). I was kind of surprised but happy for her that her talk upgraded to Keynote. Glad I met her at GUADEC. Glad also that she had Fedora booth and gave some different aura to the conference. Check out her blogpost about her FOSSCOMM experience .

Glad I met Boris from Tirana. He did a presentation about Nextcloud


Since last week, there have been four openSUSE Tumbleweed snapshots released and the snapshots brought new versions of software from KDE, Mozilla and more.

The most recent snapshot, 20191014, updated several packages around KDE’s projects. Plasma 5.17.0 arrived in the snapshot and there are some extraordinary changes to the new version. The release announcement says this new version is as lightweight and thrifty with resources as ever before. The start-up scripts were converted from a slower Bash to a faster C++ and now run asynchronously, which means it can run several tasks simultaneously, instead of having to run them one after another. Improvements to the widget editing User Experience were made and the Night Color feature became available, which subtly changes the hue and brightness of the elements on the screen when it gets dark; this diminishes glare and makes it more relaxing to the eyes. The same snapshot brought KDE Applications 19.08.2 and the second version of the 19.08 release improved High-DPI support in Konsole and other applications; there were many bugs fixes as well and KMail can once again save messages directly to remote folders. There was more KDE packages arriving in Tumbleweed with the update of KDE Frameworks 5.63.0; KIO, Kirigami and KTextEditor had the most bug fixes in frameworks latest release. The Tumbleweed snapshot had several other software packages updated like the file system utilities package e2fsprogs 1.45.4, which addressed Common Vulnerabilities and Exposures CVE-2019-5094 where an attacker would have been able to corrupt a ext4 partition. The 3.6.10 version of gnutls added support for deterministic Elliptic Curve Digital Signature Algorithm (ECDSA) / Digital Signature Algorithm (DSA). Text editor Nano updated to version 4.5 and offers a new ‘tabgives’ command allowing users to specify per syntax whatthe <Tab> key should produce. The php7 7.3.10 version modified some patches and fixed some bugs. With all these changes, the snapshot is trending at a stable rating of 95, according to the Tumbleweed snapshot reviewer.

The 20191012 snapshot had one package update and it was for Linux Kernel 5.3.5. The single kernel update appears to have increased the stability of Tumbleweed as it is trending at a stable rating of 96, according to the Tumbleweed snapshot reviewer. That’s four rating points up from the snapshot the day before, 20191011, which is trending at a stable rating of 92.

Snapshot 20191011 had updates for ImageMagick that now supports animated WebP encoding/decoding. Both Moxilla Firefox and Thunderbird were updated to version 69.0.2 and 68.1.1 respectively. Firefox had a single fix for a Linux-only crash when changing the playback speed while watching YouTube videos. Thunderbird on the other hand had multiple bug fixes to include various theme fixes and dark theme improvements for the calendar. The fwupd package, which is a daemon to allow session software to update firmware,  version 1.3.1 now allows the

16 October, 2019


openSUSE Asia Summit

I met Edwin and Ary earlier this year at the openSUSE Conference in Nuremberg. They invited me to come to the openSUSE Asia Summit happening in Bali. I wasn't sure that I would be able to attend it. But then, around June I saw a tweet reminding about the deadline for the Call for Proposal for the openSUSE Asia Summit and I thought maybe I should give it a try.

openSUSE Asia Summit

I submitted a workshop proposal on MicroOS and a lightning talk proposal to the openSUSE Asia CFP team. Both were accepted and I couldn't be happier. It gave me the chance to meet friends from the openSUSE community again, learn and share more.

We do not have direct flights to Indonesia. I traveled through Air Mauritius to Kuala Lumpur and then Malaysia Arlines to Denpasar, Bali. I spent almost 24 hours traveling before reaching my hotel in Jimbaran. I was totally knackered when I arrived but the enthusiasm of being there for the summit was stronger than anything.

I booked a taxi through Traveloka ahead of my arrival in Bali. It was recommended by Edwin. When I compared other taxi fares I felt glad I booked it online. I also bought a SIM card on my way to the hotel with a 6GB data package. I knew we'd all communicate mostly on Telegram, just as we did for oSC 2019. My hotel WiFi connection wasn't great but I was impressed by the 4G coverage of my mobile Internet provider, XL Axiata. Mobile connectivity was extremely helpful as I would rely on GoJek car-hailing for the next few days.


The only thing bugging me was about finding vegetarian food. McDonald's, Pizza Hut and KFC were just a few minutes walk from my hotel and along the way there were a few restaurants as well. But those were Seafood restaurants and I felt weird to go there and ask for veggies.

Unlike in Mauritius and Germany, McDonald's and KFC do not offer the vegetarian or vegan burger. I only found two vegetarian pizza options at Pizza Hut, the Veggie Garden and Cheese Deluxe. There might have been some veggie options in the Chinese restaurants but I didn't venture. I visited a supermarket and found that they were selling stuffed croissant. However, there was no clear indication whether they contain tuna, chicken or simply cheese.

openSUSE Asia SummitWelcome dinner for speakers & sponsors at the New Furama Seafood, Jimbaran

Finally, I was saved from the food dilemma by the folks from the openSUSE Asia community. Estu & Ary made sure that there was a vegetarian option during the summit or whenever we went out along with the speakers. I got to eat things other than pizza :) like tofu, tempe, vegetable chop suoy etc.

The summit kicked-off on Saturday 5 October at the Information Technology Department, Faculty of Engineering, Udayana University. There were around 40 or so students who volunteered to help run the summit. Some of the volunteers were


The openSUSE Community is going to Ireland March 27 and 28, 2020, for openSUSE Summit Dublin.

Registration for the summit has begun and the Call for Papers is open until Feb. 14.

The summit will begin at the end of SUSE’s premier annual global technical conference SUSECON.

Partners of openSUSE, open-source community projects and community members are encouraged to register for the summit and submit a talk.

The schedule for the openSUSE Summit Dublin will be posted on Feb. 17.

There is an openSUSE and open source track. There are three talks that can be submitted for the summit. One is a short talk with a 15-minute limit;a normal talk with a with a 30-minute limit and a long talk with a 45-minute limit.

Attendees of SUSECON are welcome to attend and submit talks. openSUSE Summit Dublin is a free community event that will take place on the last day of SUSECON and the Saturday that follows SUSECON.

Contact ddemaio (@) opensuse.org if you have any questions concerning the summit.


There are many flavors of Linux, we call them distributions but in a way, I think “flavor” is a good word for it as some some are a sweet and delightful experience while with others a lingering, foul taste remains. Manjaro has not left a foul taste in any way. In full disclosure, I am not a fan of Arch based Linux distributions. I appreciate the idea of this one-step-removed Gentoo and for those that really like to get into the nitty-gritty bits Arch is good for that. My problem with Arch is the lack of quality assurance. The official repository on Arch Wiki describes the process of how core packages need to be signed off by developers before they are allowed to move from staging into the official repositories. With the rate at which packages come in, it is almost an impossibility that through manual testing software will continue to work well with other software as some dependencies may change. Admittedly, I don’t use it daily, outside of VMs for testing nor do I have a lot of software installed so this is not going to be a problem I am likely to experience.

Manjaro, from my less than professional opinion, is a slightly slower rolling Arch that seems to do more testing and the process, from what I understand, is similar. Developers have to approve the packages before they are moved into the official repositories. I also understand that there isn’t any automated QA to perform any testing so this is all reliant on user or community testing, which, seemingly, Manjaro is doing a good job of it.

My dance with Manjaro is as part of a BigDaddyLinuxLive Community challenge, to give it a fair shake and share your experience.

This is my review of Manjaro with the Plasma Desktop. Bottom Line Up Front, this is quite possibly the safest and most stable route if you like the Arch model. In the time I ran it, I didn’t have any issues with it. The default Plasma Desktop is quite nice, and the default themes are also top notch. The graphical package manager works fantastically well and you do have Snap support right out of the gate. It’s truly a great experience. Was it good enough to push me from my precious openSUSE? No, but it has made for a contender and something about which to think.


The installation process was as smooth as room temperature butter and felt incredibly refined. The installation media greets with a very nicely themed boot loader to which the default option is to boot Manjaro. Very quickly you are brought into a live session where you can begin to do some exploration.

Since I was doing this in a VM, I did have some VM-isms, that made this look less than stellar, initially. Since I wanted to get to installation, straight away, I went right for that icon on the desktop. Nice to see that the icon was

15 October, 2019


UNITE is the partner and user conference of One Identity, the company behind syslog-ng. This time the conference took place in Phoenix, Arizona where I talked to a number of American business customers and partners about syslog-ng. They were really enthusiastic about syslog-ng and emphasized two major reasons why they use syslog-ng or plan to introduce it to their infrastructure: syslog-ng allows them to reduce the log data volume and greatly simplify their infrastructure by introducing a separate log management layer.


Log messages are very important both for the operation and security of a company. This is why you do not just simply store them, but feed the log messages to SIEM and other log analysis systems that create reports and actionable alerts from your messages.

Applications can produce tremendous amount of log data. This is a problem for SIEM and other log analysis systems for two major reasons:

  • hardware costs, as the more data you have the more storage place and processing power you need to analyze the data

  • licensing costs, as most analysis platforms are priced on data volume

You can easily reduce message volume by parsing and filtering your log messages and only forwarding the logs for analysis which are really necessary. Many people started to use syslog-ng just for this use case, as it is really easy to create complex filters using syslog-ng.

This is why I was surprised to learn about another approach: sending all log messages, but not whole messages, only the necessary parts. This needs a bit of extra work, as you need to figure out which part of the log message is used by your log analysis application. But once you are ready with your research, you can easily halve the log messages, or in some special cases even reduce the message volume by 90%.

Some examples are:

  • Reading the name-value pairs from the systemd journal, but forwarding only selected name-value pairs.

  • Parsing HTTP access logs and forwarding only those columns which are actually analyzed by your software.

The syslog-ng application has powerful parsers to segment the log messages to name-value pairs, after which you can use templates and template functions of syslog-ng for such selective log delivery.

If your log analysis infrastructure is already in place, it is still worth to make the switch to syslog-ng and reduce your log volume using these techniques. You can use the current log analysis infrastructure for a lot longer time without having to expand it with further storage and processing power.


Most SIEM and log analysis solutions come with their own client applications to collect log messages. So, why bother installing a separate application from yet another vendor to collect your log messages? Installing syslog-ng as a separate log management layer does not actually complicate your infrastructure, but rather simplifies it:

  • No vendor lock-in: replacing your SIEM is pain free and quick, as you do not have to replace all the agents as well

  • Operations, security and different teams of the company

13 October, 2019


The openSUSE.Asia Summit is one of the big events for the openSUSE community (i.e. both contributors and users) in Asia. Those who normally communicate online can meet from all over the world, talk in person and have fun. Members of the community share their current knowledge, experience and learn FLOSS technologies around openSUSE. The openSUSE.Asia Summit 2019 took place from October 5 to October 6, 2019 at the Information Technology Department, Faculty of Engineering, Udayana University, Bali.

Highlight-Videos Day 1 and 2

YouTube Video

YouTube Video

Further videos with lectures and workshops are available on YouTube.

11 October, 2019


Dear Tumbleweed users and hackers,

Just like the previous week, we have again released 4 snapshots since last Friday (1003, 1004, 1007 and 1009). 3 more have been tested but have been discarded by openQA; two of them only due to OBS being ‘too fast’ and random failures marking a snapshot as failed; likely they would have been ok. Snapshot 1010, on the other hand, was declined by openQA as the yast software management was not usable due to an ABI break. This has since been fixed and snapshot 1011 is expected to be releasable again (currently building).

So, what did those 4 snapshots bring? Looking at the changelogs, I can see those noteworthy changes:

  • poppler 0.81.0
  • Linux kernel 5.3.2 & 5.3.4
  • systemd 243
  • open-vm-tools 11.0
  • qemu 4.1.0

Things being worked on and that are currently staged:

  • GStreamer 1.16.1
  • KDE Plasma 5.17.0: current alphas are staged and being tested
  • GNOME 3.34.1
  • Linux kernel 5.3.5
  • Kubernetes 1.16
  • createrepo_c 0.15: the new version is very strict on ‘broken’ changelogs with control chars < 32. It will refuse to build snapshots/metadata for every package it detects. You might have received submit requests to address such issues: please accept them
  • Mesa 19.2
  • openssl 1.1.1d: breaks nodejs8, nodejs10 and python3


My 6th noodling might be my longest noodling yet. It started out a bit light but then after reading I just got a bit too excited. If you want to skip to the end where I do a little self-deprecation and ignore the meat of it, that is very understandable.

The 6th Noodling can be obtained here

Linux Symphony

I took my kids to the symphony this past Sunday. It was hugely beneficial to have the kids experience a symphonic performance. It made for a pretty decent lesson about the benefits of working together. When the orchestral members were warming up before they begin the performance there is a cacophony of sounds and although individually, the instruments sound nice, together it sounds like a mess. When the performance started and the conductor did his conducting, keeping everyone on pace and on the “same sheet of music” as it were, you could listen and imagine the story of events in the mind’s eye. Everything from serious and intense melodies to whimsical light hearted tones. Although my kids could only manage to sit through an hour of the performance, there were lots of lessons to be extracted about the benefits of working together.

How this can be applied to the Linux community is as such. When we work together, in harmony with one another, we can make for some amazing results. Whether it is the latest Ubuntu MATE, the newest release of Plasma or helping someone through a tech question, by working together in a kind and respectful tone we can achieve great things. I am of the belief that all Linux is good Linux and by making any one aspect better, we make it all better, regardless of the flavor of Linux or desktop you choose.

Let’s make some beautiful music

Dell Latitude E6440 Caddy Drive Bay

My primary machine that I am using I didn’t choose lightly, I wanted a lot of flexibility in a fairly small package. Since I like to test things in VM, I wanted to have the option of a third hard drive. What I discovered is that it doesn’t seem to matter how much storage I have available, I seem to fill it up. I am starting to think that maybe I have a problem.

I do clean out my drives from time to time but I find that the more space I have, the sloppier I am about cleaning up the cruft. I am preparing to build a system with a heck of a lot more storage and after making my hard drive purchases, I realized, I may have purchased too small of drives. If this is the case, I think I have a strategy to compensate for this.

I did create a YouTube video of the ease of using the drive bay for additional storage as I knew it would be a short thing and provide me an opportunity to edit something together. A consequence of the additional drive

10 October, 2019

Michael Meeks: 2019-10-10 Thursday.

20:19 UTCmember

  • Mail chew, projections, planning, patch porting; performance win for idle JSON conversion of sidebars.
  • Intensely frustrated to (minor) update openSUSE 15.1, and discover it jumped thunderbird from 60.8 to 68, breaking all of the extensions needed to be productive - (eg. making it possible to move E-mail between folders without getting RSI from mouse-use), horrible; downgraded with trepidation.
  • TDF is making good progress on a carbon policy, but I was curious as to how writing more efficient software might help here. Crunching some numbers with a 50/50 desktop/laptop mix and a 65% increase from CPU use gives ~10^-5 kg of CO2 per CPU second you're not idle. Multiplying that by the number of LibreOffice users 2x10^8 (pace Sir David MacKay) to get a big number, that's around 2 tons of CO2 saved for every second of CPU busy time that we can save our user-base; go optimizers!


It’s been way too long since the last blog post, so we’ve got quite a lot to report on!

Plasma 5.17 Beta

The Beta version of Plasma 5.17 was released with many new features and improvements such as per-screen fractional scaling on Wayland, a new User Interface (UI) for configuring permissions of Thunderbolt devices and network statistics in KSysGuard. The latter requires some more privileges than usual for a user application, so is currently being looked at by the SUSE security team.

openQA found a few bugs already, like GIMP looking more “colorful” than usual and some applications mixing Kirigami and Qt Widgets breaking some keyboard shortcuts. Both of those were addressed meanwhile and will be fixed in the final release of 5.17.

If you haven’t tested the Plasma 5.17 Beta yet, there’s still some time left! If you come across a problem in the software, please head over to the KDE bug tracker; if instead you find an issue that is openSUSE specific, go over to the openSUSE bugzilla.

To get it on your Leap or Tumbleweed installation, you can read https://en.opensuse.org/SDB:KDE_repositories.

In case you face some severe issues, the automatic snapshotting of the root filesystem using btrfs has your back and you can simply go back to the working state by booting into an older snapshot and doing a rollback.

Argon, an installable live medium that includes Leap 15.1 with the Beta and doesn’t require any manual repository addition, is also available.

openSUSE Leap 15.2

Like it happened for Leap 42.2, 15.2 will also see major version upgrades of many components.

Next to a new version of the Linux kernel, it’s planned to ship with Qt 5.12 LTS, Plasma 5.18 (of course also LTS) and the latest KDE Frameworks and Applications, which we can get in early enough for proper testing to ensure the best user experience possible!

This means that the “Full Wayland” session that landed in Tumbleweed a few weeks ago will also be available in Leap 15.2 and support per-screen fractional scaling.

As the target versions of Applications, Frameworks and Plasma aren’t even out yet, we’re currently integrating Qt 5.12 LTS with the latest packages from Factory.

Qt 5.14

Users of Tumbleweed and Leap with newer KDE software are used to having the latest available features and bugfixes, which is only possible by keeping up with Qt development and acting proactively.

So while the 5.14 branch of Qt is still young, we’re already busy integrating it into our builds. During the initial packaging of the 5.14 Alpha some bugs (QTBUG-78867, QTBUG-78881, QTBUG-78911, QTBUG-78948) were already identified and most of them fixed by now, so the KDE:Qt:5.14 project is built and usable by now. To develop against Qt 5.14 and test your applications with it, you can add the repo and get started


This laptop of mine that I purchased just over two years ago has the ability to have 3 storage devices. I have previously described what I’ve done in it with an mSATA and the 2.5″ SSD. Between the two, I have 995 GiB of storage, 101 GiB for root using the mSATA and 894 GiB on the 2.5″ drive. That was fine and all for normal things, but VMs do require a lot of space and so a lot of space I needed. Although I do often use my optical drive, it’s not as often as I use VMs so I decided to get a caddy and install a third drive in this 14″ chassis laptop.

Here is a short video on how simple the process is… and another reason to play around with Kdenlive. In short, adding a hard drive is as simple as:

  • Insert the drive into the caddy
  • Secure the drive using the set-screws but be careful to not over tighten
  • remove optical drive from the computer and insert hard drive (SSD) caddy into bay
  • Bob’s your uncle

Really… why?

The main reason is, I need more space for virtual machines. I’m sure for normal people the two drives is more than adequate but I have to play. Most people would probably just clear out the old virtual machines after they were done but I am guilty of data hording and probably need to get that under control. I also don’t have much interest in wiping or possibly interfering with how my laptop is running as openSUSE Tumbleweed works so fantastically well on it.

My process is, I try out the Linux distribution virtually to obtain some general impressions, test out a few things, check the memory usage and so forth. If I find it exceptionally interesting or want to test a use case, I take it to the next level and put it on some hardware. I find it a more efficient use of my time to do my first round of testing virtually before I meddle with the metal.

It also doesn’t help that I am more likely to use Virt Manager with Qemu which uses Qcow2 drive images and they take up more space than VDI images from VirtualBox. Since I tend to get a better feel for the distribution using Virt Manager, especially with Gnome based desktops, I am more likely able to give them a fair shake. Consequently, I need more storage space.

The drives are all still too full which might mean no matter the amount of storage, I will use it up.

Final Thoughts

Despite the fact this laptop is older, I can’t seem to find another comparable 14″ machine that has the drive flexibility that the Dell Latitude E6440 has. I do wish it had some kind of refresh to allow for a faster CPU with lower power utilization but that is just not the demands of typical users these

09 October, 2019

Michael Meeks: 2019-10-09 Wednesday.

21:00 UTCmember

  • Testing, project planning, etc. Got the Oculus Quest update making it possible to play 'go' games, very impressed with Daedalus' flying thing. Band practice at church, worked late.


A fundamental concept of all openSUSE packages as well as any image offered for download is a fully transparent, reproducible and automatic build and development process based on sources.

In openSUSE developers do not perform manual builds on some specially crafted machine in their basement and then upload the result somewhere. Instead all sources are stored in a version control system inside the open build service (OBS) instance at build.opensuse.org. OBS then automatically builds the sources including all dependencies according to defined build instructions (eg spec files for rpms). OBS also automatically adds cryptographic signatures to files that support it to make sure nobody can tamper with those files.

The WSL appx files are basically zip files that contain a tarball of a Linux system (like a container) and a Windows exe file, the so called launcher. Building a container is something OBS can already do fully automatic by means of Kiwi. The launcher as well as the final appx however is typically built on a Windows machine using Visual Studio by the developer.

Since the goal of the openSUSE WSL offering is to have the appx files officially and automatically be produced along with other images such as the DVD installer, Live images or containers, the appx files have to be built from sources in OBS.

Fortunately there’s already a MinGW cross toolchain packaged as rpms OBS and a tool to generate appx files on Linux.

Combining that all together OBS can actually build the WSL appx from sources. The current state of development can be found in the Virtualization:WSL project in OBS. The generated appx files are published on download.opensuse.org.
The current images for Leap 15.2 Alpha and Tumbleweed there are good enough for some testing already so please go ahead and do so, feedback welcome!
Note that since the appx files are signed by OBS rather than Microsoft, there are a few steps required to install them.

Going forward there is still quite some work needed to polish this up. Kiwi for example can’t build the appx directly itself but rather the fb-util-for-appx is called by a spec file. That requires some hacks with the OBS project config to work. On Linux side there’s currently no password set for the root user, so we need a better “first boot” solution. More details on that in a later article. Meanwhile, remember to have a lot of fun…


Now that you had a chance to look at our post about Advanced Encryption Options (especially if you are an s390 user), it is time to check what happened during the last YaST development sprint, which finished last Monday.

As usual, we have been working in a wide range of topics which include:

  • Improving support for multi-device file systems in the expert partitioner.
  • Fixing networking, secure boot and kdump problems in AutoYaST.
  • Stop waiting for chrony during initial boot when it does not make sense.
  • Preparing to support the split of configuration files between /usr/etc and /etc.
  • Using /etc/sysctl.d to write YaST related settings instead of the /etc/sysctl.conf main file.

Expert Partitioner and Multi-Device File Systems

So far, the Expert Partitioner was assuming that Btrfs was the only file system built on top multiple devices. But that is not completely true because some file systems are able to use an external journal to accomplish a better performance. For example, Ext3/4 and XFS can be configured to use separate devices for data and the journaling stuff.

We received a bug report caused by this misunderstanding about multi-device file systems. The Expert Partitioner was labeling as “Part of Btrfs” a device used as an external journal of an Ext4 file system. So we have improved this during the last sprint, and now external journal devices are correctly indicated in the Type column of the Expert Partitioner, as shown in the screenshot below.

External Journal Type

Moreover, the file system information now indicates which device is being used for the external journal.

External Journal Device Details

And finally, we have also limited the usage of such devices belonging to a multi-device Btrfs. Now, you will get an error message if you try to edit one of those devices. In the future, we will extend this feature to make possible to modify file systems using an external journal from the Expert Partitioner.

AutoYaST Getting Some Love

During this sprint, we have given AutoYaST some attention in different areas: networking, bootloader and kdump.

About the networking area, we have finished s390 support in the new network layer, fixing some old limitations in devices activation and udev handling. Apart from that, we have fixed several bugs and improved the documentation a lot, as we found it to be rather incomplete.

Another important change was adding support to disable secure boot for UEFI through AutoYaST. Of course, we updated the documentation too and, during the process, we added some elements that were missing and removed others that are not needed anymore.

Finally, we fixed a tricky problem when trying to get kdump to work on a minimal system. After some debugging, we found out that AutoYaST adds too late kdump to the list of packages to install. This issue has been fixed and now it should work like a charm.

As you may have seen, apart from writing code, we try to contribute to the documentation so our users have a good source of information. If you are


Welcome to a new sneak peek on the YaST improvements you will enjoy in SLE-15-SP2 and openSUSE Leap 15.2… or much earlier if you, as most YaST developers, are a happy user of openSUSE Tumbleweed.

In our report of the 84th sprint we mentioned some changes regarding the encryption capabilities of the YaST Partitioner, like displaying the concrete encryption technology or the possibility to keep an existing encryption layer.

Keeping the previous encryption layer

And the report of sprint 85 contained a promise about a separate blog post detailing the new possibilities we have been adding when it comes to create encrypted devices.

So here we go! But let’s start with a small disclaimer. Although some of the new options are available for all (open)SUSE users, it’s fair to say that this time the main beneficiaries are the users of s390 systems, which may enjoy up to four new ways of encrypting their devices.

Good Things don’t Need to Change

As you may know, so far the YaST Partitioner offered an “Encrypt Device” checkbox when creating or editing a block device. If such box is marked, the Partitioner asks for an encryption password and creates a LUKS virtual device on top of the device being encrypted.

LUKS (Linux Unified Key Setup) is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it facilitates compatibility among distributions. LUKS stores all necessary setup information in the partition header, enabling to transport or migrate data seamlessly. So far, there are two format specifications for such header: LUKS1 and LUKS2. YaST uses LUKS1 because is established, solid and well-known, being fully compatible with the (open)SUSE installation process and perfectly supported by all the system tools and by most bootloaders, like Grub2.

You should not fix what is not broken. Thus, in most cases, the screen for encrypting a device has not changed at all and it still works exactly in the same way under the hood.

Editing an encrypted device

But using an alternative approach may be useful for some use cases, and we wanted to offer an option in the Partitioner for those who look for something else. So in some special cases that screen will include a new selector to choose the encryption method. Let’s analyze all those new methods.

Volatile Swap Encryption with a Random Key

When a swap device has been marked to be encrypted, the user will be able to choose between “Regular LUKS1” and “Volatile Encryption with Random Key”. Both options will be there for swap devices on all hardware architectures. The first option simply uses the classical approach described above.

Selecting the encryption method

The second one allows to configure the system in a way in which the swap device is re-encrypted on every boot with a new randomly generated password.

Encrypt swap with a random password

Some advanced users may point that configuring such a random encryption for swap was already possible in versions of openSUSE prior to Leap 15.0. But the procedure to do so was obscure to say the least. The encryption

08 October, 2019

Michael Meeks: 2019-10-08 Tuesday.

21:00 UTCmember

  • Mobile UX improvements and tweaking for Online; calls with the team variously; lots of fun.

07 October, 2019


A problem that a lot of sysadmins and developers have is, how do you run a single task on a CPU without it being interrupted? It’s a common scenario for real-time and virtualised workloads where any interruption to your task could cause unacceptable latency.

For example, let’s say you’ve got a virtual machine running with 4 vCPUs, and you want to make sure those vCPU tasks don’t get preempted by other tasks since that would introduce delays into your audio transcoding app.

Running each of those vCPU tasks on its own host CPU seems like the way to go. All you need to do is choose 4 host CPUs and make sure no other tasks run on them.

How do you do that?

I’ve seen many people turn to the kernel’s isolcpus for this. This kernel command-line option allows you to run tasks on CPUs without interruption from a) other tasks and b) kernel threads.

But isolcpus is almost never the thing you want and you should absolutely not use it apart from one specific case that I’ll get to at the end of this article.

So what’s the problem with isolcpus?

1. Tasks are not load balanced on isolated CPUs

When you isolate CPUs with isolcpus you prevent all kernel tasks from running there and, crucially, it prevents the Linux scheduler load balancer from placing tasks on those CPUs too. And the only way to get tasks onto the list of isolated CPUs is with taskset. They are effectively invisible to the scheduler.

Continuing with our audio transcoding app running on 4-vCPUs example above, let’s say you’ve booted with the following kernel command-line: isolcpus=1-4 and you use taskset to place your four vCPU tasks on to those isolated CPUs like so: taskset -c 1-4 -p <vCPU task pid>

The thing that always catches people out is that it’s easy to end up with all of your vCPU tasks running on the same CPU!

$ ps -aLo comm,psr | grep qemu
qemu-system-x86 1
qemu-system-x86 1
qemu-system-x86 1
qemu-system-x86 1

Why? Well because isolcpus disabled the scheduler load balancer for CPUs 1-4 which means the kernel will not balance those tasks equally among all the CPUs in the affinity mask. You can work around this by manually placing each task onto a single CPU by adjusting its affinity.

2. The list of isolated CPUs is static

A second problem with isolcpus is that the list of CPUs is configured statically at boot time. Once you’ve booted, you’re out of luck if you want to add or remove CPUs from the isolated list. The only way to change it is by rebooting with a different isolcpus value.

cset to the rescue

My recommended way to run tasks on CPUs without interruption by isolating them from the rest of the system with the cgroups subsystem via the cset shield command, e.g.

$ cset shield --cpu 1-4 --kthread=on
cset: --> shielding 

Michael Meeks: 2019-10-07 Monday.

21:00 UTCmember

  • Mail chew, couple of team calls, admin. Misc. debugging, and re-factoring. PCC meeting in the evening, and collected minutes.

Older blog entries ->