The openSUSE Project was inspired by Fedora’s efforts to make Cisco’s OpenH264 codecs and FDK AAC available to its users that members reached out to Cisco’s open-source team to do the same for its user base.

An obstacle to overcome is the current limitation for free redistribution of the codecs is 100,000 users, so board member Neal Gompa and openSUSE’s Leap release manager Lubos Kocman proposed a way to simplify the codec installation in openSUSE.

The codec library, which supports H.264 encoding and decoding, is suitable for real-time-application use like WebRTC. The simplification of the installation will make out-of-the-box use much easier for openSUSE users.

Cisco, which the openSUSE Project is very thankful for their efforts, agreed to an approach on OpenH264 re-distribution via a Cisco-owned infrastructure to openSUSE users. A release workflow for OpenH264 was envisioned and a three-step approach handled via a set of scripts in openSUSE Release Tools. 

A workflow script triggers and sends Cisco an email with an archive containing OpenH264 rpm packages to Cisco; it makes a snapshot of data that is then sent or “POSTed” for manual extraction of a Cisco binaries. The process ensures that the project always has a set of related binaries in the Open Build Service. 

An archive is created and sent by one of multimedia:libs:cisco-openh264 project maintainers. 

The package is signed in OBS by the openSUSE key, so the origin of the package can be verified. The repository metadata is published by OBS under codecs.opensuse.org/openh264.

The archive must contain only packages with Cisco OpenH264 and related OpenH264 GStreamer plugins. Addition of any other content outside of the agreement, especially other codecs, under the agreement from Cisco would lead to a violation.  

Potential improvements have already been discussed to improve the existing workflow, but the initial efforts are set to provide openSUSE a more simplified experience after installation. 

Or enable repo manually by running the following:

Leap

sudo zypper ar http://codecs.opensuse.org/openh264/openSUSE_Leap repo-openh264

Tumbleweed or MicroOS  

sudo zypper ar http://codecs.opensuse.org/openh264/openSUSE_Tumbleweed repo-openh264

Installation

sudo zypper in gstreamer-1.20-plugin-openh264

The openh264 repository will be enabled by default on all new installations of openSUSE Tumbleweed starting with the next snapshot iso build. It will be also available as part of openSUSE Leap 15.5 Beta. 

Alternatively, using the openSUSE-repos for repository management will provide users an openh264 repo definition as part of the latest update. Users will need to remove old duplicate repo definitions manually as found in the project README file.

AAC has already been part of the distribution for several months.

I was doing some preparation for my weekly tutoring activity and when I realized I misspelled “science” on a particular file that I end up sharing with parents. Somehow, I spelled “scoence” and almost published the file spelled as such. I realized that somewhere along the line, Dolphin, the most amazing file manager wasn’t doing […]

The second Linux Saloon Live was a News Flight Night with a flight of topics sourced from all around the internet from the Linux Saloon bunch. The main topic of the show revolved around a Strawpoll that Aris made asking, “Have you ever built a desktop.” A simple question that made for some incredibly interesting […]

This week’s openSUSE Tumbleweed snapshots will switch the RPM and repository signing key of Tumbleweed from 2048 bit RSA to a 4096 bit RSA key.

This switchover was necessary to meet current security recommendations. If you are regulary updating your Tumbleweed installation, the key will already be imported to the RPM keyring, and also in the openSUSE-build-key package.

The GPG fingerprint of the new key:

pub   rsa4096/0x35A2F86E29B700A4 2022-06-20 [SC] [expires: 2026-06-19]
      Key fingerprint = AD48 5664 E901 B867 051A  B15F 35A2 F86E 29B7 00A4
uid   openSUSE Project Signing Key <opensuse@opensuse.org>

Note that openSUSE Leap 15.4 and 15.5 will also switch to using this key, and also the openSUSE Backports and SLE repositories will switch to 4096 bit RSA keys in 2023.

If you have questions about this, feel free to reach out to the Factory or Security mailing lists at Lists.

Here is the whole GPG key if you want to import it manually:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.15 (GNU/Linux)

mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M
6q2h+hgWNQ==
=nMh8
-----END PGP PUBLIC KEY BLOCK-----

Dear Tumbleweed users and hackers,

For Tumbleweed, things are steadily rolling. Updates come in (mostly pre-tested in devel projects), are staged, pass staging (most requests pass in a day), and are then added to a snapshot. Sounds rather unspectacular. Of course, this is the optimal case, which does not work in some cases (as seen on the ‘future changes’ that have been carried over for a few weeks already). But all that does not have an impact on users’ workstations, as we simply do not deliver those aspects which are known not to be ready.

With all this going on, we have again delivered 7 snapshots during the last week (0112…0118), containing the following, noteworthy changes:

• File 5.44
• Mesa 22.3.3
• Salt 3005.1
• NetworkManager 1.40.10
• Fuse 3.13.0
• Pipewire 0.3.64
• KDE Frameworks 5.102.0
• Linux kernel 6.1.6
• Node.JS 19.4.0
• python Sphinx 6.1.3
• libraw 0.21
• RPM: added support for x86_64 microarchitecture. This was the last bit missing to allow packages to start shipping hardware-optimized libraries (glibc hwcaps enabled loading)

In the staging areas, we are currently testing the impact of these changes:

• Linux kernel 6.1.7
• Mozilla Firefox 109.0
• Mesa adding support for Rusticl (See https://docs.mesa3d.org/rusticl)
• LibreOffice 7.4.4.2
• LLVM 15.0.7
• Boost 1.81.0: breaks libetonyek and LibreOffice
• GnuPG 2.4: breaks gpgme:qt
• Ruby 3.2 to become the default ruby version: YaST is failing
• Switch to openSSL 3: Progress tracked in Staging:N
• Initial tests to set GCC 13 as the system compiler

The openSUSE Tumbleweed repositories are scheduled to change their signing key from the now-used 2048 RSA key to a new 4096bit RSA key. The new public key has been rolled out to the systems since snapshot 20220811, which should make the migration to the new key transparent for all regularly updated systems. Please see the extra announcement on the mailing list

Besides all this, please keep in mind that the repositories for i586 installations are going to change. i586 is being split out from the main repositories and handled like the other ports (arm, powerpc, s390x). Anybody can already change the repo manually and perform tests, by end of January, we will deploy code that will switch the repositories automatically. By end of March, we expect all users to have migrated their repositories and we will remove all i586 RPMs from the published repositories (-32bit.x86_64 will remain for wine/steam). More details on this can be found in this post

This week’s openSUSE Tumbleweed snapshots had a steady amount of software packages in each of the daily releases.

While vim, Node.js and Salt updates made the headlines, AppStream, KDE Frameworks and the Linux Kernel provided several important updates.

In the most recent 20230118 snapshot, manpages-l10n moves to version 4.17.0, which now actively has Swedish maintained. The package also adds a new language. A week’s worth of fixes came in the ncurses 6.4.20230114 update. The package improves configure-script macros vs compiler warnings and it has a fix to avoid a conflict with pre-existing usage in vim. Two openSUSE packages updated in the snapshot. A change to allow both swap and none as paths for swap in fstab were made with the libstorage-ng 4.5.64 update. An update to identify Dell storage devices with the extension of regular expressions was made in yast2-storage-ng 4.5.16. The diffutils utility program used for creating patch files updated to version 3.9, but did not list any fixes for the platform, according to the changelog. Other packages to update were python-httpx 0.23.3 and python310-packaging 23.0.

Both the Node.js and the Linux Kernel updated in snapshot 20230117. The 6.1.6 kernel-source update enabled headset microphones with more Dell laptops through Advanced Linux Sound Architecture changes, and netfilter nftables consolidated set descriptions and added a function to create set stateful expressions. The nodejs19 package update to 19.4.0 improved timeout defaults handling. The package also had a change with an impact of less RAM for AArch64 and 32-bit arm. Fixes to handle btrfs subvolumes were made with GNOME’s tracker-miners 3.4.3 version. Georgian and Macedonian language changes were made with a yast2-trans update and a few other libraries were updated in the snapshot.

With the exception of three other packages in snapshot 20230116, KDE Frameworks updates took the majority of data packets for users who did a zypper dup. Frameworks 5.102.0 fixes a crash with KTextEditor and adds a missing KWindowSystem dependency. The Plasma Framework update centers a panel popup only if it would cover two-thirds of its panel widget and it adds a function to open a context menu. Another Frameworks update was made to the barcode namespace generator; Prison adds the 2.0 version of decoder ZXing. KDE hex editor okteta cleaned the spec file in version 0.26.10 and improved translations. An update of perl-Image-ExifTool 12.54, which is a command-line interface for reading and writing meta information, adds support for a number of new XMP tags, which included the decoding of Nikon, Fujifilm and Canon tags. An update of mpg123 1.31.2 fixed a build error that was network related.

Two packages were released in the 20230115 snapshot. An easier initial setup was made with the perl-Bootloader 0.941 update. The other package, python-Pygments, updated to version 2.14.0. This syntax highlighting package had a number of changes and improves parentheses handling for function definitions. The new version also fixes number and operator recognition.

Vim was among the several updates in snapshot 20230114. The text editor updated to version 9.0.1188 and fixes a memory leak when using class functions, yet the new release may provide an unexpected output when autoloading a script for an interactive operation. A newer 0.15.6 version of AppStream’s cross-distribution efforts added a patch to support meson 0.59, which is meant for the next minor version of Leap. The software component for metadata standardizing also added an Application Programming Interface for content rating descriptions and ratingIds. There were a few fixes with the NetworkManager 1.40.10 update. One of those fixes an evaluation of the autoconnect function and another ensures that dnsmasq is stopped after changing the dns backend and restarting the service. There were various other fixes in the package. An update of pipewire 0.3.64 had a mass amount of info about the update. It cleared some old buffer memory on ports to fix some bus errors, and now makes it possible to assign custom port names to the ports from an adapter. The audio and video package fixed an error in the quantum and rate calculations that could cause nodes to run with these wrong computations when multiple rates were allowed. Several patches were removed with the package update. The utility library for ndctl had a major version update. Version 75 had many improvements and added master-passphrase removal support. Other packages to update in the snapshot were gtksourceview5 5.6.2, libstorage-ng 4.5.63 and more.

Salt 3005.1 added a missing patch after a rebase to fix collections mapping issues, which arrived in snapshot 20230113. The release was full of patches and one of the fixes ensures the default values for interprocess communication buffers are the correct type. The new version also fixes an architecture parsing issue in apt source files. Mesa 22.3.3 fixes a broken graphics in a game, a hang with Plasma and a crash when creating graphics pipeline libraries with a module identifier. Some updates for Xfce packages also became available in the snapshot. The file manager thunar 4.18.2 prevents a crash for copy+overwrite via DBus and also prevents a rare crash when closing thunar. Another update was made to xfce4-panel 4.18.1, which fixes a sync timeout issue. A few more packages were updated in the snapshot.

The snapshot that began the week, 20230112, had file updated to version 5.44.

After almost a year of having my Ender3, it has received a lot of new parts, fixes and upgrades. The great thing about the Ender3 is that you can do so much with it and truly personalize it for your use case. One area that needed to be addressed was the power supply situation that […]

These software projects and technologies caught my attention and excitement during 2022, though they may not have necessarily appeared that year. My selection and focus have a clear bias as I have spent most of my life developing open-source, data center, and e-commerce infrastructure software on UNIX-like systems. I only included projects I have tried myself.

I admire software that solves complex problems in a simple, elegant, and lean manner and those that are easily adopted and standardized as the “default”.

Tree-sitter

Description from its website:

Tree-sitter is a parser generator tool and an incremental parsing library. It can build a concrete syntax tree for a source file and efficiently update the syntax tree as the source file is edited.

Why is this important? This comment summarizes it well:

Incremental parsing of incorrect code is one of those things that is literally impossible in the general case, but tree-sitter has found a lot of good ways to do it that are not just possible for a large fraction of reality, but also performant. It’s hard to understate how impressive a piece of engineering this is.

I see this technology having an impact on IDEs, editors, linters and other tools similar to what the LLVM project did years ago for the compiler and interpreter ecosystem, and what Language Server Protocol did for IDEs during the last years.

For example, the Emacs editor adopted LSP by including eglot by default.

Originally, you could replace the limited regexp-based syntax highlighting in Emacs with the emacs-tree-sitter modes. This is no longer necessary, as from version 29+, Tree-sitter support is part of Emacs by default.

Wireguard

Description from its website:

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.

Wireguard’s simplicity:

• implemented in ~5000 lines of code, when most VPN solutions range from tens of thousands to hundreds of thousands
• works at the interface level, which means you can treat it like any other interface
• the state is hidden from the user, so things like roaming just work
• It is incorporated in most open-source operating systems. There is a Windows native version and a multi-platform userspace version written in Go.
  • NetworkManager, which most people use to manage networks in desktop Linux, has native support for it, and GNOME even displays the toggle for Wireguard connections.
• Android/iOS app
• Most commercial VPN providers support it, including the only one that is worth your time.

Some higher-level solutions have been built on top of WireGuard. The most impressive is Tailscale, which brings magical usability to access private networks spread across the world.

And last but not least, Fritzboxes, one of the most popular consumer routers in Germany, supports Wireguard natively, since December 2022, which means I now can access my home LAN very easily and from almost any device.

Litestream and liteFS

I believe many of the complicated app architectures today are either too early or just unnecessary.

SQLite is a local database engine that operates on a single file per database. It is the most deployed database in the world, and it is likely running in your pocket inside your phone on many different apps.

Many businesses could start in a single machine using a SQLite database.

Litestream is a project from Ben Johnson that replicates sqlite3 databases to make sqlite globally distributed. The replication part was extracted into LiteFS, while Litestream kept the disaster recovery replication.

With this model, LiteFS uses FUSE (Filesystem in userspace) as a pass-through filesystem to intercept writes to the database to detect transaction boundaries and replicate those in the replica nodes.

Litestream allows replicating databases by continuously copying write-ahead log pages to cloud storage.

An alternative implementation of transaction replication using SQLite built-in VFS is also planned.

The project was since then acquired by Fly.io, which specializes in deploying apps close to the users.

Both projects give SQLite superpowers and allow for resilient and performant applications while keeping the setup and architecture lean and simple.

During the Twitter exodus to Mastodon, I saw people dealing with the complexity and resource requirements of operating Mastodon for a single user. My Fediverse instance is not Mastodon, but gotosocial. Uses 128M ram, a 140M SQLite database, and runs on a 5€ micro VM. The database is replicated to an sftp share with Litestream.

Nix

Nix is a tool for producing reproducible builds and deployments. It takes a different approach to package management using a declarative and functional build description.

When you build something with Nix, it ends in its own directory in the Nix store e.g. /nix/store/hxxrbmr2zh6ph90qi8b4n2m53yvan3fr-curl-7.85.0/ and as long as the inputs do not change, the location, which is content-addressed, will not change either. They will also depend on the exact versions they were built against.

This allows you the installation of multiple versions in parallel, and the current system profile itself is a collection of symbolic links to the right binaries, which means you can roll back very easily.

While Nix can be used on Linux and macOS, there is a full Linux distribution built on this model.

While it can also be used for CI, building container images, etc., I use Nix in two ways:

• Declare project dependencies

  If I have e.g. a folder with some Ansible roles I use to configure my home gadgets, I can make that project independent from where I am running it by just having a top shell.nix declaring dependencies. Then a simple .envrc file with the line use_nix and direnv setup in my shell.

  As soon as I cd into the directory, Ansible is installed and appears in the path. I cd out and it disappears. The nix store is cached, so the second time is very fast (until you nix store gc).

  You can use this to have reproducible developer environments.

  Nix Flakes is a new format to package Nix-based projects in a more discoverable, composable, consistent and reproducible way.

  With Flakes, you could even pin your environment to a specific revision of the package descriptions.

• Manage packages, including my own

  Some packages I need all the time: Emacs, Chromium, tarsnap, etc. I use Nix for that, and keep my distribution just for the base system.

  nix profile install nixpkgs#tarsnap and the package is now always available. I also have packages that are not free to distribute, so I can keep the recipe to build it in git, or just override a few compile options from another package. It is just flexible.

The language is a functional DSL that takes some curve to learn, just like the built-in functions. I am not sure if this will be someday the future of deployments, but for me as been agreat addition to those two use cases..

Stable Diffusion

StableDiffusion is an AI model which allows to:

• transform text prompt into images
• transform images plus a text prompt into new images
• edit images by selecting an area and a prompt

Also impressive are the creations where StableDiffusion is used to change a single video frame, and another model is used to extrapolate the change to the rest of the frames, resulting in full video editing.

The Dreambooth model allows to finetune StableDiffusion for specific subjects. This is what the Lensa app does when generating many avatars from your selfies.

I believe this will have a huge impact on creative industries (design, gaming), and will make their software understand the semantics of the image, just like IDEs have been doing for years offering syntax-aware refactorings.

ChatGPT

I’d like to mention ChatGPT together with Copilot, but I haven’t tried Copilot yet.

These technologies are already proving to be very useful in the context of programming.

Leaving out the controversial topic of training proprietary models on GPL code for another occasion, I am impressed how good ChatGPT is to port code from one dimension to another, eg. rewriting using a different language, library, etc. I think it will become very useful for porting, refactoring and updating software.

For example, I was very pleased with ChatGPT being able to take some Linux commands, and generating me a set of Ansible tasks to replicate the configuration

Phoenix LiveView, hotwire and the return of the server-side HTML

Single-page applications (SPA) are with us for longer than I can remember, but the feeling something is not right in that model continues to live with me.

The architecture duplication on the server and client-side (controllers, views, stores), dividing teams through json messages in two worlds speaking different languages seems broken. The instability of the Javascript eco-system just makes things worse.

I can’t however, picture how to solve the challenges SPAs aim to solve when it comes to highlyy interactive applications.

Phoenix is a web framework for Elixir, a language running on the Erlang VM. His creator has a Rails background, so he took off from where Rails left and brought innovation to the space in the form of Phoenix LiveView, a technique that allows for highly interactive applications without abandoning the server side paradigm.

Other toolkits have appeared which allow to start server side and add interactivity in a structured way without abandoning the server side paradigm. One is HotWire from Basecamp, which includes Turbo and other libraries, and htmx, which works by just annotating HTML.

virtio-fs and krunvm

Something I always disliked about virtualization was the use of images. It added a whole layer of complexity.

virtio-fs is a filesystem that allows sharing the host filesystem with the guest. Unlike virtio-9p (the one used by Windows Subsystem for Linux), it has local semantics.

qemu has support for it, so you can boot a root filesystem.

One tool that takes advantage of virtio-fs is krunvm. It allows to run container images as micro virtual machines. The machines implement a few simple virtio devices enough to run an embedded kernel in libkrun.

krunvm takes virtio-fs to the next level, basically making it invisible, allowing you to mount any host folder into the virtual machine the same way that you do it with container images.

Follow the work Sergio Lopez is doing in this space.

---

These are my picks. What are yours?

People interested in mentorship for this year’s Google Summer of Code as part of openSUSE’s application will conclude a finalization meetup on Feb. 7 at 15:30 UTC on the project’s Jitsi instance channel.

After the project meeting, the project will submit an application for the openSUSE Project being a mentorship organization for 2023.

A large group of people involved in the project participated in a workshop on Jan. 10 with a focus on increasing mentorship for the organization and listing project mentoring ideas. Participants brainstormed project ideas during the workshop on the event’s etherpad and created listings for the project’s mentorship repository.

Still, there is plenty of time for people who are interested in mentoring to create an issue on the mentorship repository; the submitter of the issue will be listed as the main mentor. Those who do submit a project idea should list all the details from the template and label it with a tag as either a large-size project (350 hrs) or medium-size project (175 hrs).

Those who did not attend the workshop are still encouraged to participate as a mentor if they have the time or interest. The mentorship efforts have proven over the years to introduce people into open-source development, the many projects openSUSE has and the interactions it has with many other open-source projects. The openSUSE Project lists it’s GSoC mentorship projects on 101.opensuse.org.

The openSUSE Project has a long tradition of participating in GSoC and has done it several times since 2006. If you have any questions about the GSoC application or want to help mentor a project on 101.opensuse.org, email ddemaio@opensuse.org. The application period is open between Jan. 23 and Feb 7, but mentors can add their project on 101.opensuse.org now.

The openSUSE Project is planning activities for this year’s FOSDEM, which will take place Feb. 4 and 5 in Brussels.

The project will be in with operating systems space in Hall H and at its exhibit will have contributors available to discuss all openSUSE related projects to include ALP, MicroOS, Tumbleweed, Leap, Open Build Service, openQA and more. 

SUSE released its second prototype late last month of its Adaptable Linux Platform (ALP). There will be experts from the on hand to discuss ALP. 

Two ALP prototypes have been released so far; Les Droites was the first one released in October and Punta Baretti is the current available prototype for testing. More prototypes are expected for spring and summer.

Make sure not to miss talks from the community. Dan Čermák will talk about Modularity and ALP; Richard Brown will give a keynote for the distribution track. And Sarah Julia Kriesch will give a talk about collaboration and The Open Mainframe Project.

The booth will have swag, a quiz and beer. Enlighting yourself. Come see us and Have a lot of fun!