Dear Tumbleweed users and hackers,

During this week we managed to release a snapshot every day. Granted, some were relatively small, but overall, there were some nice updates in the 7 snapshots published (0708…0714).

The most relevant changes were:

• Mozilla Firefox 102.0.1
• KDE Frameworks 5.96.0
• KDE Gear 22.04.3
• KDE Plasma 5.25.3
• Salt: fixed runtime with python-pyzmq update
• GNOME 42.3
• systemd 251.2
• GCC 12.1.1
• libvirt 8.5.0
• openSSL 1.1.1q (CVE-2022-2097, boo#1201099)
• Linux kernel: simpledrm has been re-enabled
• Perl 5.36.0

The queue is not very long, but that can change overnight. Currently, the things staged include:

• Linux kernel 5.18.11
• MicroOS Desktop “GNOME” reaches RC quality
• Pipewire 0.3.55 + patch: fixes an issue seen when switching TTY, when coming back sometimes has no active audio devices (boo#1201349)

 The VLOOKUP spreadsheet function by default requires the searched data to be sorted, and in that case it performs a fast binary search. If the data is not sorted (for example if it would be impractical to have the data that way), it is possible to explicitly tell VLOOKUP that the data is not sorted, in which case Calc did a linear one-by-one lookup. And there are other functions such as COUNTIF or SUMIF that essentially do a lookup too, and those cannot even be told that the data is sorted and so they processed the data linearly. With large spreadsheets this can actually take a noticeably long time. Bugreports such as tdf#139444, tdf#144777 or tdf#146546 say operations in such spreadsheets take minutes to complete, or even "freeze".

I wanted to do something about those for quite a while, as with the right idea making those much faster should be actually fairly simple. And the simple idea I had was to let Calc to sort the data first and then use fast binary search. These documents usually do lookups in the same fixed range of cells, so the linear search in the same unsorted data was rather a waste when done repeatedly. Surely Calc should be able to sort the data just once, cache it and then use that cached sort order repeatedly. In fact VLOOKUP already had a cache for results of lookup in the same area, used when doing lookup in the same row but different columns.

I finally found the time to do something about this when SUSE filled a bug to Collabora about their internal documents freezing on load and then crashing after 10 minutes. The LO thread pool class has a 10 minutes timeout as a safety measure after which it aborts, and the large number of lookups in the documents actually managed to exceed that timeout. So I can't actually say how slow it was before :), but I can quote Gerald Pfeifer from SUSE reporting the final numbers:

This work is available in LibreOffice 7.4, and the TDF bugreports show similar improvements. In fact tdf#144777, titled "countifs() in Calc is slower than Excel's countifs()", now has a final comment saying that MS Office 2021 can do a specific document in 26s and LO 7.4 can do it in 2s. Good enough, I guess :).

The July syslog-ng newsletter is now on-line:

• RHEL 9 syslog-ng news
• How does the syslog-ng disk-buffer work?
• Installing syslog-ng on Microsoft Linux

It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-06-rhel-9-disk-buffer-microsoft-linux

Symptom

When posting a job using , you see an error message of the following kind:

$ openqa-cli api -X POST isos ...
403 Forbidden
Asset download requested but no domains passlisted! Set download_domains.

Solution

“Pass the SALT” (PTS) is a small IT security conference in Lille, France. It has less participants than speakers at the RSA conference. I gave talks at both events. RSA is a lot more prestigious event, but I still prefer PTS. Why?

Small Is Beautiful

As you could guess from my introduction, PTS is a small event. It is run by volunteers. It is also a free event thanks to sponsors. The small size has many advantages. There are not many parallel tracks competing for your attention. There is a main track and a workshop track. No need for buzzwords, for loud marketing of talks, as most people will be there anyway. Instead of attention seeking, speakers can focus on technical content.

The focus of PTS is open source security software. Which is a nice coincidence, as I work on two open source software projects. Sudo is definitely security focused, it lets you control access to your hosts and log access. While syslog-ng is not strictly security focused, it is also often used by infosec. Commercial software and services are of course mentioned by speakers while introducing themselves, but the focus is open source.

Small also means that there is a much stronger feeling of community than at larger events. The speaker’s dinner is fantastic. Not just because of the food served, but also because you can talk to many like-minded people who are experts in their fields. There are always some old friends, but new people as well. The various breaks and the social event also gave us lots of possibilities to discuss not just security, but also Life, the Universe and Everything :-) I always feel a bit lost when there are hundreds or thousands of people around me. However, at PTS I always feel comfortable. Of course, as a strong introvert, I still regularly need some time alone. The conference is in a beautiful environment, so it is easy to take a quick walk and recharge before the next block of talks starts.

Small also means much more and much better feedback after talks. With many parallel tracks most people are running to the next talks, once your talk is over. With just one track, even if there were two more talks without a break after my talk, people came to me to discuss sudo and syslog-ng in the breaks. The latest major version of sudo, 1.9.0, incorporated many of the feedback I received at Pass the SALT in 2019. This kind of in-depth discussions with users are almost completely missing at larger events.

sudo logs for blue teamers

My talk at PTS combined the two software projects I am working on. The primary focus was on the very latest sudo features that arrived in minor versions after the 1.9.0 release. Many of these are logging related, so I also included syslog-ng and demonstrated how you can work with sudo logs in syslog-ng. Based on the feedback I received at the conference, it is much easier to work with sudo logs, or JSON logs in general using syslog-ng than with most other logging software.

You can watch my talk at https://passthesalt.ubicast.tv/videos/sudo-logs-for-blue-teamers/.

However, if you are like me and hate videos, here is a blog covering most of the things I talked about at the conference: https://www.sudo.ws/posts/2022/05/sudo-for-blue-teams-how-to-control-and-log-better/

Some of my favorite talks

Every talk was really interesting, but of course not all of them were relevant to me. Below I collected some of my favorite talks from the conference:

CryptPad is an end-to-end encrypted collaboration solution. It provides many of the features of Google and Microsoft cloud tools, but it is fully open source and data is stored encrypted securely. With something like this I’d probably trust the cloud more to store my data, now I rather store sensitive data locally… https://cfp.pass-the-salt.org/pts2022/talk/LPMHUA/

I used containers when they were still called “FreeBSD jail” :-) So, I love the technology. Fedora is one of the pioneers of containerization on Linux. They have multiple operating systems based on a minimal read-only Fedora Linux that can be extended using containers. There are specific distributions targeting everything from IoT through desktops to servers. https://cfp.pass-the-salt.org/pts2022/talk/MTLGWL/

sslh is something I’m planning on trying. It allows servicing SSH and HTTPS from the same port. Many places block access to port 22, or even limit access to HTTPS. Using sslh can help in this situation. https://cfp.pass-the-salt.org/pts2022/talk/XTBQ73/

I have been using Suricata for many years. It is not really my job, I only use it out of curiosity, but it’s still a lot of fun. Especially because Suricata produces JSON formatted log messages, and syslog-ng is pretty good at working with JSON formatted logs. You can read my blog about working with Suricata logs in syslog-ng at https://www.syslog-ng.com/community/b/blog/posts/analyze-your-suricata-logs-in-real-time-using-syslog-ng. At the conference I participated both a talk and a workshop on Suricata: https://cfp.pass-the-salt.org/pts2022/talk/AGLDYH/ and https://cfp.pass-the-salt.org/pts2022/talk/BNNNQX/

As usual, one of my favorite talks came from Xavier Mertens. One of his earlier talks inspired the in-list() function of syslog-ng. This year, he talked about Cyberchef, a tool used to decode exotic data formats. Luckily, it’s not that often that I would need anything like this, but sometimes it could come in handy when trying to figure out what is hiding in my e-mails. https://cfp.pass-the-salt.org/pts2022/talk/8NDEN8/

Summary

I hope to be back next year again :-)

openSUSE joins fellow open-source project Arch Linux in having up-to-date packages for the Nim Language and the statically typed, imperative programming language now has first-class Nim support in openSUSE.

The compiled programming language gives programmers runtime efficiency and combines successful concepts from mature languages like Python, Ada and Modula.

“Real software runs without an OS, but if yours needs one, choose one which offers first class Nim support. Like SUSE does.” , said Nim programming language creator Andreas Rumpf, when asked about openSUSE supporting up-to-date Nim from now on.

Rumpf created Nim back in 2005 and has recently published his book Mastering Nim covering each corner of this emerging programming language.

There are Nim packages built for x86-64, i586, ppc64le and ARM64 with openSUSE.

“Very excited to have the first Linux distribution announcing first-class support for Nim,” said Dominik Picheta, a Nim core developer and writer of the Nim in Action book. “Hope this opens the door for other distros to do the same.”

One of Nim strengths, besides the macro system and runtime efficiency, is its standard library, which is similar to other languages and covers most standard functionality; these include string handling and formatting, async code development, networking and even high-level language functionality (like the compiler itself) or NimScript, which is a subset of Nim specially built for scripting that can be embedded and executed at run-time.

Moreover, Nim comes with a wide range of tools included by default. The compiler allows the targeting of C, C++ and Javascript as its backend. There are a few tools included for easy development:

• nim compiler
• nimsuggest (support for language suggestions, autocompletion, error/issues detection, etc.)
• nimgrep (a powerful grep alternative with built-in Nim support to find symbols and inspect Nim codebases).
• nim-gdb wrapper (gdb support for Nim types)
• nimble (package manager)

There is automated testing for openSUSE builds. Generally availability for Nim with openSUSE involves upstreaming broken tests for specific architectures along with the backporting and upstreaming of security patches.

Nim has a very interesting and vibrant ecosystem of packages for easy development on many fronts; from web development to systems programming and scientific to data processing, to name a few. It’s possible to develop extremely fast and parallelized applications using Weave, develop both frontend and backend web applications fully in Nim by using Karax or Jester and to perform heavy computational math-based operations with ArrayMancer. On the playful side, Nim can be used to develop high-performance 3D visualizations and game development with Godot by using Godot-Nim as a bridge.

Even if developers only want to support another language, Nim allows a rich ecosystem of foreign function interface (FFI) technologies to interact with other languages. Besides the native support to interact with C and C++ codebases, it is possible to use Nim to easily build Python modules by using NimPy.

Developers can play around with Nim at https://play.nim-lang.org/ and can learn a bit about it in five-minutes.

A taste of Nim

import strformat

type
  Person = object
    name*: string # Field is exported using `*`.
    age: Natural  # Natural type ensures the age is positive.

var people = [
  Person(name: "John", age: 45),
  Person(name: "Kate", age: 30)
]

for person in people:
  # Type-safe string interpolation.
  echo(fmt"{person.name} is {person.age} years old")

Useful Links

• Development repository
• Compiler user guide
• Documentation
• Manual

Happens that I spent today (Finally) a good few hours trying to figure out why my autocompletion was broken on my new shiny MacBook Pro M1 Pro…

despite Homebrew’s brew doctor giving me the All OK.

foursixnine@pakhet ~ % brew doctor
Your system is ready to brew.

turns out that it was just the shell:

foursixnine@pakhet ~ % echo $FPATH
/opt/homebrew/share/zsh-completions:/usr/local/share/zsh/site-functions:/usr/share/zsh/site-functions:/usr/share/zsh/5.8.1/functions

My user’s shell is still being set to osx’s 5.8.1 zsh…

So after hours of searching on the internet to no avail, and scratching my head, I came back to my initial idea of just switching the shell::

echo "export PATH=/opt/homebrew/bin:$PATH" >> ~/.zshenv
sudo sh -c "echo $(which zsh) >> /etc/shells"
chsh -s $(which zsh)

Dear Tumbleweed users and hackers,

Full steam ahead – with 7 snapshots published in one week. of course, most of those snapshots were not drastically changing the world. Vacation season on one hand and lots and lots of discussions around ALP and prototyping take some resources away. Nevertheless, Tumbleweed is supposedly staying the base for it all, and it is thus just natural to let it roll.

The 7 snapshots (0630, 0701…0706) consisted of these changes:

• Mesa 22.1.3
• Pipewire 0.3.53
• Vim 9.0
• Linux kernel 5.18.9
• KDE Plasma 5.25.2

For the following snapshots in the works, there are some things the community has been waiting for. you can expect these changes to happen rather sooner than later:

• GCC 12.1.1
• Libvirt 8.5.0
• Pipewire as a replacement for PulseAudio: The default has been switched in Snapshot 0708 to install Pipewire by default instead of Pulseaudio. Existing systems will not be migrated automatically. If you wish to perform the switch: zypper in pipewire-pulseaudio and let zypper remove the Pulseaudio packages
• Perl 5.26.0: breaks texlive and one yast’s Perl bindings
• systemd 251.2: blocked by SELinux reports (boo#1200911)
• KDE Applications 22.04.3
• GNOME Shell 42.3 (sort of GNOME 42.3, but again without the actual gnome-desktop version bump)
• Linux kernel: re-enabling simpledrm (3rd attempt)