Panther is an open-source log management system, which is also available as a service for a time-limited trial. It is still in beta phase, but it looks promising. You can see the “beta” sign on its opening page: https://app.panther.support/ I tested the time-limited cloud service version, but you can also install it locally, either from Dockerhub, or you can build the containers locally from the source.

Even if it is still in beta phase, Panther comes with detailed documentation. There is a notable exception: while syslog-ng is shown on some of the figures, documenting it is still to be done. This blog helps you to get started with sending logs to Panther, using syslog-ng. You can use either legacy syslog with TLS encryption (still a bit problematic) or the http() destination to send logs to the Panther HTTP API.

Read my blog at https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-panther-using-syslog-ng

After a long break, we’re back with improvements for the notifications feature part of the beta program. Based on your feedback, we have introduced filters for your group notifications, a button to mark all your notifications as read and a notifications API. Group Filters On the My Notifications page, you can now filter notifications by groups. Here’s how it looks: Group notifications Manage Group Subscriptions You can subscribe to the events from your groups on...

If you’re a programmer and you’re looking for a Linux distro, this will help you find the perfect fit. Without further ado, we’ll go straight to the distro recommendations. If you want to learn more, scroll down to the bottom of the article. Here are the best Linux distros for programming: Ubuntu – best for […]

Source

The update of GNOME 41 in openSUSE’s rolling release Tumbleweed didn’t take long; the new GNOME landed a day after our last blog post.

Other software updates included in this week’s three snapshots include Mesa, PipeWire, Btrfs, Mozilla Firefox and Thunderbird.

Mesa’s 21.2.3 update focused on bug fixing, which arrived in snapshot 20211005. The 3D graphics package fixed a significant performance drop on the Radeon HD 8400 graphics card. Mozilla Thunderbird 91.1.2 now warns if an S/MIME encrypted message includes BCC recipients. The email client update also fixed delivery status notifications, which were only showing for the first recipient. Another email package, mailutils, updated to version 3.13 and fixed semantics of mail sending and saving commands. PipeWire 0.3.38 made various bluetooth compatibility improvements and the audio/video package for Linux now has better description service files for systemd. The only major-version update in the snapshot was sysvinit 3.00. The sysvinit package, which is for controlling the startup, running, and shutdown of a system, now provides better device detection of bootlogd. The btrfs file system updated to 5.14.1; the updated version fixes parsing of compression (option -c) and added a workaround for old kernels when reading zone sizes. Other packages to update in the snapshot were exim 4.95, Kernel-firmware 20210928 and more.

A minor update of Firefox came on the first of the month in snapshot 20211001. The 92.0.1 web-browser update fixed an issue where audio playback was not working on some Linux systems. An update of salt 3003.3 added an enormous amount of patches and made a fix to periodically restart the fileserver update process to avoid leaks, according to the changelog. The update of audit 3.0.5 fixed various issues when dealing with corrupted logs. Roughly 10 other packages were updated in the snapshot.

GNOME 41 arrived in snapshot 20210929. The new release provides significant improvements for developers, a new developer documentation website, new features in the Builder IDE and GTK4 enhancements. The software center has a new look and makes it easier to browse and discover apps. GNOME’s new remote desktop client Connections replaces the remote desktop functionality that was previously found in Boxes. The CD/DVD burner brasero made translation improvements and added some Help improvements in version 3.12.3. There was an update to glib2 2.70.0 in the snapshot and a major update of libsoup 3.0.1 removed unused dependency on libxml. The 18.8.16 version of NetworkManager-openvpn fixed the parsing of incomplete IPv6 configurations pushed by a server. Other packages to update in the snapshot were upower 0.99.13, rubygem-bundler 2.2.27, gupnp 1.4.0, vte 0.66.0 and several other GNOME-related libraries.

A month ago, when sudo 1.9.8 was still under development, we checked out the new log_subcmds option. It allows you log all commands (with some limitations) that are executed by a command started through sudo. For example, you can see if a shell was started through a text editor. The intercept option brings this one step further: you can prevent sub-commands from even running.

Read the rest of my blog at https://blog.sudo.ws/posts/2021/10/sudo-1.9.8-intercepting-commands/

The openSUSE Project is trying to gather more information from open-source developers, development teams, packagers and maintainers through the latest survey that will run from Oct. 7 until Oct. 29.

There are tools to monitor the health of packages, but the project doesn’t have tools to monitor the health of packagers.

Giving the floor to packagers, who are the dedicated working hands behind the betterment of distributions, will illuminate areas the openSUSE Project can improve upon to gain new contributors. The project wants to give the floor to the packagers so they can express as a group the challenges and complexities they face.

The aim is to take this information and find ways to make their contributions more pleasant and rewarding. Apart from the typical demographics questions, there are questions about tooling, contributions and contributor satisfaction.

Visit https://survey.opensuse.org/ to take the survey today.

Qwant is a European search engine that respects your privacy. I learned about it from a Twitter thread. The European Processor Initiative announced last week that their first RiscV test chip samples were delivered and booted successfully. I tweeted that I would be happy to see not just European CPUs but also European software services, alternatives to Google, Facebook, LinkedIn and others. Someone responded that a search engine is already available: https://www.qwant.com/

Testing

First, I did a couple of searches on the Qwant website. It was fast, gave relevant search results, there were no stupid ads, the links were not redirects, so it was love at first sight. Next, I wanted to replace Google with Qwant as my default search provider. My browser of choice is Firefox. Qwant is not yet available in the list of search providers, but luckily there is a Firefox extension, which can make Qwant your default search provider. So I switched to Qwant and never looked back ever since :-)

The good

• Fast. You might have heard the expression “Google-like speed”. Qwant is faster.
• No ads. On Google and other search engines, the first few hits are usually paid ads, which sometimes are almost indistinguishable from real results. There are no ads on Qwant.
• No redirects. If you find something, you get a real link for it, not a redirect. There is no slowdown and you can copy and paste the results without being tracked.
• More relevant results.
• It is not localized. I am Hungarian, but I am annoyed by localization. I prefer en_US everywhere. My browser is set to en_US, but Google and other search engines do not respect that. Qwant does.
• No suggestions while typing my query. Less network traffic, more privacy.

Room for improvement

• I do not speak French. Qwant is Made in France, and parts of the website are only available in French.
• Some spelling mistakes are automagically corrected, just like by Google. However, it is done silently and there is no way to search with the original spelling (which is sometimes the right spelling).
• There is also a maps part, but it is a lot more limited than Bing or Google Maps. It has no satellite images, it does not show districts within cities, etc. However, as data is coming from OpenStreetMap, parts of its maps feature are more detailed and up-to-date than other maps services.

Side effects

Ever since I use uBlock Origin in my main browser, my Google News feed started to show less and less relevant results. Now that I stopped using Google for searching, articles listed in Google News are almost completely irrelevant. Google cannot profile me as good as it did previously. I guess this is something I can live with :-)

Others?

Now, that I see that there is a viable alternative to Google Search here in Europe, I wonder what other services are available. Email, Facebook, LinkedIn, etc. If you know any good European alternatives, let me know! You can reach me on Twitter or LinkedIn:

• https://twitter.com/PCzanik
• https://www.linkedin.com/in/peterczanik/

Version 3.33 of syslog-ng arrived with basic MQTT support. Version 3.34 has added many important features to it: user authentication, TLS support and WebSocket support. These features give you both security and flexibility while sending log messages to an MQTT broker.

This blog helps you to make your first steps securing your MQTT connection: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-3-34-mqtt-destination-with-tls-and-websocket-support

There are times, when keeping your system up-to date does not help you against vulnerabilities. During these times, you want to have your servers and applications hardened as good as possible - including good Apparmor profiles. But even then, something bad can easily happen - and it's very good to see that others take care. Especially if these others are professionals, that take care for you, even if you did not ask them directly.

Tuesday, 2021-08-31, was such a day for our openSUSE infrastructure status page: SonarSource reported to us a pre-auth remote code execution at the https://status.opensuse.org/api/v1/incidents endpoint.

SonarSource, equally driven by studying and understanding real-world vulnerabilities, is trying to help the open-source community to secure their projects. They disclosed vulnerabilities in the open-source status page software Cachet - and informed us directly - that our running version is vulnerable to CVE-2021-39165. Turned out that the Cachet upstream project is meanwhile seen as dead - at least it went out of support by their original maintainers since a while. It went into this unsupported state unnoticed by us - and potentially also unnoticed by many others. A problem, that many other, dead open source projects sadly share.

Thankfully, the openSUSE Security team (well known as first contact for security issues) as well as Christian (as one of our glorious openSUSE heroes) reacted quick and professional:

• SonarSource informed our Security team 2021-08-31, 15:39
• Our Security team opened a ticket for us just two hours later, at 2021-08-31, 17:08
• Already one hour later, at 2021-08-31 18:29, Christian deployed a first hot-fix on our instances (Note: the original admin of the systems was on vacation)
• 2021-08-31 at 23:35, Christian already provided a collection of suspicious requests to the affected URL
• Meanwhile, there was a fix provided in a forked Github repository, which was applied to our installations one day later, 2021-09-01. This made our installations secure again (cross-checked by our Security Team and SonarSource). A response time of one day, even if the original upstream of a project is not available any longer - and the original admin of a system is on vacation! :-)
• ...and we started a long analysis of the "what" and "when"...
• In the end, we identified 6 requests from one suspicious IP, which we couldn't assign to someone we know. So we decided to distrust our installations. There might be a successful attack, even if we could not find any further evidence on the installed system (maybe thanks to the Apparmor profile?) or in the database. BUT: an attacker could have extracted user account data.
• The user accounts of the Cachet application are only used to inform our users about any infrastructure incident. An attacker might be able to log in and report fake incidents - or send out Emails to those, who subscribed to incident reports or updates. Something we don't like to see. Luckily, these accounts are in no way connected to the normal user accounts. They just existed on these systems, for exactly one purpose: informing our users.
• As result, we informed all users of the status.opensuse.org instances that they should change their password on a new system, setup from scratch. This new system is now deployed and in production, while the image of the old system is still available for further investigation.

Big kudos to Thomas Chauchefoin (SonarSource), Gianluca Gabrielli and Marcus Meissner (openSUSE Security Team) and Christian Boltz (openSUSE Heroes) for all their work, their good cooperation and quick reactions!

Our Horde docker images have switched over from Tumbleweed to openSUSE LEAP once again.

Recently our container build CI job in github.com broke down unexpectedly. An investigation showed that Tumbleweed’s core libraries, especially libc, were too new for the CI’s build system, based on Ubuntu LTS.

This is the second time we abandoned the Tumbleweed basis for Horde docker containers. OpenSUSE Leap 15.3 uses a relatively old, but well-maintained, set of base libraries. Both Leap and Tumbleweed deliver PHP 7.4 as a basis for Horde. In both systems, we skip the packaged composer version for a static pick which we will update from time to time. We may switch over to packaged composer if we feel confident.

For users and administrators of the image, both Tumbleweed and Leap 15.3 should feel more or less the same. For end users of the delivered horde setup, there should not be any downsides. We will switch back to the Tumbleweed image in a while when we have picked a more recent version of Ubuntu.