The VLOOKUP spreadsheet function by default requires the searched data to be sorted, and in that case it performs a fast binary search. If the data is not sorted (for example if it would be impractical to have the data that way), it is possible to explicitly tell VLOOKUP that the data is not sorted, in which case Calc did a linear one-by-one lookup. And there are other functions such as COUNTIF or SUMIF that essentially do a lookup too, and those cannot even be told that the data is sorted and so they processed the data linearly. With large spreadsheets this can actually take a noticeably long time. Bugreports such as tdf#139444, tdf#144777 or tdf#146546 say operations in such spreadsheets take minutes to complete, or even "freeze".

I wanted to do something about those for quite a while, as with the right idea making those much faster should be actually fairly simple. And the simple idea I had was to let Calc to sort the data first and then use fast binary search. These documents usually do lookups in the same fixed range of cells, so the linear search in the same unsorted data was rather a waste when done repeatedly. Surely Calc should be able to sort the data just once, cache it and then use that cached sort order repeatedly. In fact VLOOKUP already had a cache for results of lookup in the same area, used when doing lookup in the same row but different columns.

I finally found the time to do something about this when SUSE filled a bug to Collabora about their internal documents freezing on load and then crashing after 10 minutes. The LO thread pool class has a 10 minutes timeout as a safety measure after which it aborts, and the large number of lookups in the documents actually managed to exceed that timeout. So I can't actually say how slow it was before :), but I can quote Gerald Pfeifer from SUSE reporting the final numbers:

This work is available in LibreOffice 7.4, and the TDF bugreports show similar improvements. In fact tdf#144777, titled "countifs() in Calc is slower than Excel's countifs()", now has a final comment saying that MS Office 2021 can do a specific document in 26s and LO 7.4 can do it in 2s. Good enough, I guess :).

The July syslog-ng newsletter is now on-line:

• RHEL 9 syslog-ng news
• How does the syslog-ng disk-buffer work?
• Installing syslog-ng on Microsoft Linux

It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-06-rhel-9-disk-buffer-microsoft-linux

Symptom

When posting a job using , you see an error message of the following kind:

$ openqa-cli api -X POST isos ...
403 Forbidden
Asset download requested but no domains passlisted! Set download_domains.

Solution

“Pass the SALT” (PTS) is a small IT security conference in Lille, France. It has less participants than speakers at the RSA conference. I gave talks at both events. RSA is a lot more prestigious event, but I still prefer PTS. Why?

Small Is Beautiful

As you could guess from my introduction, PTS is a small event. It is run by volunteers. It is also a free event thanks to sponsors. The small size has many advantages. There are not many parallel tracks competing for your attention. There is a main track and a workshop track. No need for buzzwords, for loud marketing of talks, as most people will be there anyway. Instead of attention seeking, speakers can focus on technical content.

The focus of PTS is open source security software. Which is a nice coincidence, as I work on two open source software projects. Sudo is definitely security focused, it lets you control access to your hosts and log access. While syslog-ng is not strictly security focused, it is also often used by infosec. Commercial software and services are of course mentioned by speakers while introducing themselves, but the focus is open source.

Small also means that there is a much stronger feeling of community than at larger events. The speaker’s dinner is fantastic. Not just because of the food served, but also because you can talk to many like-minded people who are experts in their fields. There are always some old friends, but new people as well. The various breaks and the social event also gave us lots of possibilities to discuss not just security, but also Life, the Universe and Everything :-) I always feel a bit lost when there are hundreds or thousands of people around me. However, at PTS I always feel comfortable. Of course, as a strong introvert, I still regularly need some time alone. The conference is in a beautiful environment, so it is easy to take a quick walk and recharge before the next block of talks starts.

Small also means much more and much better feedback after talks. With many parallel tracks most people are running to the next talks, once your talk is over. With just one track, even if there were two more talks without a break after my talk, people came to me to discuss sudo and syslog-ng in the breaks. The latest major version of sudo, 1.9.0, incorporated many of the feedback I received at Pass the SALT in 2019. This kind of in-depth discussions with users are almost completely missing at larger events.

sudo logs for blue teamers

My talk at PTS combined the two software projects I am working on. The primary focus was on the very latest sudo features that arrived in minor versions after the 1.9.0 release. Many of these are logging related, so I also included syslog-ng and demonstrated how you can work with sudo logs in syslog-ng. Based on the feedback I received at the conference, it is much easier to work with sudo logs, or JSON logs in general using syslog-ng than with most other logging software.

You can watch my talk at https://passthesalt.ubicast.tv/videos/sudo-logs-for-blue-teamers/.

However, if you are like me and hate videos, here is a blog covering most of the things I talked about at the conference: https://www.sudo.ws/posts/2022/05/sudo-for-blue-teams-how-to-control-and-log-better/

Some of my favorite talks

Every talk was really interesting, but of course not all of them were relevant to me. Below I collected some of my favorite talks from the conference:

CryptPad is an end-to-end encrypted collaboration solution. It provides many of the features of Google and Microsoft cloud tools, but it is fully open source and data is stored encrypted securely. With something like this I’d probably trust the cloud more to store my data, now I rather store sensitive data locally… https://cfp.pass-the-salt.org/pts2022/talk/LPMHUA/

I used containers when they were still called “FreeBSD jail” :-) So, I love the technology. Fedora is one of the pioneers of containerization on Linux. They have multiple operating systems based on a minimal read-only Fedora Linux that can be extended using containers. There are specific distributions targeting everything from IoT through desktops to servers. https://cfp.pass-the-salt.org/pts2022/talk/MTLGWL/

sslh is something I’m planning on trying. It allows servicing SSH and HTTPS from the same port. Many places block access to port 22, or even limit access to HTTPS. Using sslh can help in this situation. https://cfp.pass-the-salt.org/pts2022/talk/XTBQ73/

I have been using Suricata for many years. It is not really my job, I only use it out of curiosity, but it’s still a lot of fun. Especially because Suricata produces JSON formatted log messages, and syslog-ng is pretty good at working with JSON formatted logs. You can read my blog about working with Suricata logs in syslog-ng at https://www.syslog-ng.com/community/b/blog/posts/analyze-your-suricata-logs-in-real-time-using-syslog-ng. At the conference I participated both a talk and a workshop on Suricata: https://cfp.pass-the-salt.org/pts2022/talk/AGLDYH/ and https://cfp.pass-the-salt.org/pts2022/talk/BNNNQX/

As usual, one of my favorite talks came from Xavier Mertens. One of his earlier talks inspired the in-list() function of syslog-ng. This year, he talked about Cyberchef, a tool used to decode exotic data formats. Luckily, it’s not that often that I would need anything like this, but sometimes it could come in handy when trying to figure out what is hiding in my e-mails. https://cfp.pass-the-salt.org/pts2022/talk/8NDEN8/

Summary

I hope to be back next year again :-)

openSUSE joins fellow open-source project Arch Linux in having up-to-date packages for the Nim Language and the statically typed, imperative programming language now has first-class Nim support in openSUSE.

The compiled programming language gives programmers runtime efficiency and combines successful concepts from mature languages like Python, Ada and Modula.

“Real software runs without an OS, but if yours needs one, choose one which offers first class Nim support. Like SUSE does.” , said Nim programming language creator Andreas Rumpf, when asked about openSUSE supporting up-to-date Nim from now on.

Rumpf created Nim back in 2005 and has recently published his book Mastering Nim covering each corner of this emerging programming language.

There are Nim packages built for x86-64, i586, ppc64le and ARM64 with openSUSE.

“Very excited to have the first Linux distribution announcing first-class support for Nim,” said Dominik Picheta, a Nim core developer and writer of the Nim in Action book. “Hope this opens the door for other distros to do the same.”

One of Nim strengths, besides the macro system and runtime efficiency, is its standard library, which is similar to other languages and covers most standard functionality; these include string handling and formatting, async code development, networking and even high-level language functionality (like the compiler itself) or NimScript, which is a subset of Nim specially built for scripting that can be embedded and executed at run-time.

Moreover, Nim comes with a wide range of tools included by default. The compiler allows the targeting of C, C++ and Javascript as its backend. There are a few tools included for easy development:

• nim compiler
• nimsuggest (support for language suggestions, autocompletion, error/issues detection, etc.)
• nimgrep (a powerful grep alternative with built-in Nim support to find symbols and inspect Nim codebases).
• nim-gdb wrapper (gdb support for Nim types)
• nimble (package manager)

There is automated testing for openSUSE builds. Generally availability for Nim with openSUSE involves upstreaming broken tests for specific architectures along with the backporting and upstreaming of security patches.

Nim has a very interesting and vibrant ecosystem of packages for easy development on many fronts; from web development to systems programming and scientific to data processing, to name a few. It’s possible to develop extremely fast and parallelized applications using Weave, develop both frontend and backend web applications fully in Nim by using Karax or Jester and to perform heavy computational math-based operations with ArrayMancer. On the playful side, Nim can be used to develop high-performance 3D visualizations and game development with Godot by using Godot-Nim as a bridge.

Even if developers only want to support another language, Nim allows a rich ecosystem of foreign function interface (FFI) technologies to interact with other languages. Besides the native support to interact with C and C++ codebases, it is possible to use Nim to easily build Python modules by using NimPy.

Developers can play around with Nim at https://play.nim-lang.org/ and can learn a bit about it in five-minutes.

A taste of Nim

import strformat

type
  Person = object
    name*: string # Field is exported using `*`.
    age: Natural  # Natural type ensures the age is positive.

var people = [
  Person(name: "John", age: 45),
  Person(name: "Kate", age: 30)
]

for person in people:
  # Type-safe string interpolation.
  echo(fmt"{person.name} is {person.age} years old")

Useful Links

• Development repository
• Compiler user guide
• Documentation
• Manual

Happens that I spent today (Finally) a good few hours trying to figure out why my autocompletion was broken on my new shiny MacBook Pro M1 Pro…

despite Homebrew’s brew doctor giving me the All OK.

foursixnine@pakhet ~ % brew doctor
Your system is ready to brew.

turns out that it was just the shell:

foursixnine@pakhet ~ % echo $FPATH
/opt/homebrew/share/zsh-completions:/usr/local/share/zsh/site-functions:/usr/share/zsh/site-functions:/usr/share/zsh/5.8.1/functions

My user’s shell is still being set to osx’s 5.8.1 zsh…

So after hours of searching on the internet to no avail, and scratching my head, I came back to my initial idea of just switching the shell::

echo "export PATH=/opt/homebrew/bin:$PATH" >> ~/.zshenv
sudo sh -c "echo $(which zsh) >> /etc/shells"
chsh -s $(which zsh)

Dear Tumbleweed users and hackers,

Full steam ahead – with 7 snapshots published in one week. of course, most of those snapshots were not drastically changing the world. Vacation season on one hand and lots and lots of discussions around ALP and prototyping take some resources away. Nevertheless, Tumbleweed is supposedly staying the base for it all, and it is thus just natural to let it roll.

The 7 snapshots (0630, 0701…0706) consisted of these changes:

• Mesa 22.1.3
• Pipewire 0.3.53
• Vim 9.0
• Linux kernel 5.18.9
• KDE Plasma 5.25.2

For the following snapshots in the works, there are some things the community has been waiting for. you can expect these changes to happen rather sooner than later:

• GCC 12.1.1
• Libvirt 8.5.0
• Pipewire as a replacement for PulseAudio: The default has been switched in Snapshot 0708 to install Pipewire by default instead of Pulseaudio. Existing systems will not be migrated automatically. If you wish to perform the switch: zypper in pipewire-pulseaudio and let zypper remove the Pulseaudio packages
• Perl 5.26.0: breaks texlive and one yast’s Perl bindings
• systemd 251.2: blocked by SELinux reports (boo#1200911)
• KDE Applications 22.04.3
• GNOME Shell 42.3 (sort of GNOME 42.3, but again without the actual gnome-desktop version bump)
• Linux kernel: re-enabling simpledrm (3rd attempt)

The openSUSE Tumbleweed snapshots are rolling out steady during the month or July.

Some big and small snapshots have been released with a few major-versions updates arriving this week.

The most recent snapshot arrive in the last 24 hours was 20220706. The release updated the Linux Kernel to 5.18.9. It had several additions for the Advanced Linux Sound Architecture to include fixing a couple missing beep setups and adding a mute LED quirk for HP Omen laptops. The kernel also enabled configuration for the MLX90614 remote temperature sensor. There were some minor changes in the update of xfce4-settings 4.16.3, which fixed a recursive lock in libX11. Both yast2-network and yast2-schema-default updated to version 4.5.4, which the packages added a missing route element to the networking section.

A major version updated package arriving in the 20220705 snapshot was 7zip 22; the new version has switches for Linux TAR archives and can now can store additional file timestamps with high precision at one nanosecond or a billionth of a second. That’s fast. Another major version to land this week was vim. The text editor received its second update this week to version 9.0.0032, which fixed a couple Common Vulnerabilities and Exposures; one of those was a moderate Integer Overflow reflected in CVE-2022-2285. Mesa 22.1.3 had some X11 performance fixes and a lot of Zink driver fixes. GNOME’s personal information manager evolution updated translations and fixed a crash when printing task lists to pdf in version 3.44.3. An update of firewalld 1.2.0 added a secure version of Kubernetes controller-plane components and added distributed web IPFS services. The audio and video package PipeWire updated to 0.3.53 and the ALSA plugin should now be able to deal with unsupported sample rates and fall back to the nearest supported one. The audio-convert plugin was rewritten, which should make it more maintainable. Other packages to update in the snapshot were pango 1.50.8, harfbuzz 4.4.1, kernel-firmware 20220622, sssd 2.7.3 and more.

GNOME’s sushi updated to the 42.0 version in snapshot 20220704; the updated file previewer enabled WebKit sandboxing for increased security and responsiveness. The previewer also allows right-clicks to show the context menu for GtkSourceView. Both gnome-software and gnome-remote-desktop updated to version 42.3. An incorrect restart notification related to a failed firmware update was fixed and an uninitialized caps lock was fixed respectively. The camera, access and control library libgphoto2 provided updates in version 2.5.30 related to cameras Canon EOS Rebel T8i, Sony DSC-WX220, Nikon Z9, Fuji X-E4 and the GoPro HERO10. The snapshot also had a few Perl, Python and Ruby support libraries updated.

A single package was updated in snapshot 20220703. The update of the adwaita-xfce-icon-theme to a 0.0.2 version added some multimedia and camera icons.

The dependency manager Yarn updated to version 1.22.19 in snapshot 20220702 and added compatibility with web standard WebAuthn on the npm registry. An update of kmod 30 both dropped and added one patch. The update also provides support for the SM3 hash algorithm. The power management tool tlp 1.5.0 has new features for Sony, ASUS and ThinkPads laptops. The package also added radio device support for switching Near-Field Communication (NFC) devices and removed support for wireless-tools, iwconfig. More than a handful of other language package libraries were updated in the snapshot.

The major version update for vim 9 arrived in the 20220701 snapshot. The text editor made fixes for the CTRL-key combinations that caused more problems than it solves. The editor may still access invalid memory after changing terminal size, according to the changelog. Arriving three days after it’s release, KDE’s Plasma 5.25.2 found its way in the snapshot. The desktop environment updated some Qt 5 requirements for KWayland Integration among many other packages for Plasma. The X Window Manager and Wayland Compositor KWin ensured modeset properties were reset properly and fixed broken keyboard navigation while filtering. Plasma Desktop fixed the dbus interface when building the kglobalaccel and there were many other fixes for Plasma users.

openSUSE.Asia Summit 2022

Call For Papers

CFP deadline is extended to Aug 13, Fri. And Notification to speakers: Week of August 22, 2022. Let's submit your proposal.

It is a pleasure to announce the call for papers for openSUSE.Asia summit 2022 Main Track starting today, the openSUSE.Asia Committee is looking for speakers from different avenues of life, representing and advocating Free and Open Source Software. openSUSE.Asia Summits are organized every year to promote the use of free and open source software and have been appreciated events for the openSUSE community (i.e. both contributors and users) in Asia. Following the last Asia Virtual Summit hosted by India team, the eighth openSUSE.Asia Summit 2022 will be held by openSUSE online volunteer team on Late September. The past Asia Summits received major participation from Indonesia, China mainland, Taiwan, Japan, South Korea, and India.

This year’s event will consist of the two parts: the Asia Summit Main Track and local online/offline parts held in several Asian countries/regions. This call is for the Asia Summit Main Track. The event is going to be completly virtual and use online conference tools. Talks will be live, but you can record video in advance if you want it.

Topics

openSUSE.Asia Summit 2022 will invite talks relevant to openSUSE and other topics like Cloud, Virtualization, Container, Container Orchestration, Linux desktop environments and applications since openSUSE is a collection of various FLOSS products. The examples of the topics (not limited to) are as the following:

• openSUSE (including Leap, Tumbleweed, Open Build Services, openQA, YaST)
• openSUSE Kubic & MicroOS, Cloud, Virtualization, Container, and Container Orchestration
• Embedded and IoT
• Security (Access/Integrity control, Cryptography, Vulnerability management)
• Desktop environments and applications (e.g. GNOME, KDE, XFCE)
• Office suite, graphic art, multimedia (e.g. LibreOffice, Calligra, GIMP, Inkscape)
• Multilingualization support (e.g. input methods, translation)
• Other software running on openSUSE

Please note that non-technical talks are also welcome. For example:

• Explanations of FLOSS technologies
• Development, Quality Assurance, Translation
• Tips & Tricks, Experience stories (success or fail), Best practice
• Marketing and community management
• Education
  
  

Types of sessions

We are inviting proposals for these 2 types of sessions.

• Keynote or long talks with presentation (30 min + Q&A)
• Short talk with/without presentation (15 min + Q&A)

Due to a shorter attention span during online sessions, we will keep talks short and engaging.

Schedule

• The deadline of the call for proposals: August 13, 2022
• Notification to speakers: Week of August 22, 2022
• openSUSE.Asia Summit 2022: Week of September 26 (The local events during the summit will be announced later among each local community. Please stay tuned.)
• Conference Timings:
  • Sep 30 Fri 2022 : 10:00 UTC - 15:00 UTC
  • Oct 1 Sat 2022 : 4:00 UTC - 7:00 UTC
    
    

How to submit your proposal

Please submit your proposal to the event

• Your proposal must be written in English and 150–500 words long with an appropriate title.
• You need to use English both in speech and on slides.
• Please run spell and grammar checks for your proposal before submission. LibreOffice Language tools and Grammarly
• Your biography on your profile page is also a reviewed document. Please do not forget to write your background.
• You must obey openSUSE Conference code of Conduct. You will receive a forms link after successful submission of proposal for further information requirements.
  
  

Guide to write your proposal

Please ensure that your proposal is about and around a topic

For example, if your talk is on security or desktop application, a wholesome proposal will always start with steps to install the application first.

Please include the reasons as to why your proposal should be the one.

It may contain the following as a reason:

• Need of the application/ technology/ solution
• Future prospects of the proposed solution
• Learnings for the target audience (beginners, contributors)

Do not hesitate to contact the local team on social media or write to the committee if you are not sure about writing your proposal or preparing your presentation.

Contact Organising committee

For any enquiries regarding the programme, please contact:

opensuseasia-summit@googlegroups.com

We look forward to see you at openSUSE.Asia Summit 2022.