You already know what a fantastic platform openSUSE is for doing just about anything with Linux. So what’s behind that easy-to-use and super powerful distribution that we know and love, and have come to rely on. In many minds there is a perception that its simply SUSE with the proprietary code stripped out. It’s true that a lot of the development work does flow down from SUSE but there is also an active community of dedicated volunteers who drive and make the project work, adding the goodies we have come to take for granted for the myriad of uses we have come to rely on it for.

It’s election time at openSUSE and the election board asked an existing board member Gertjan who has agreed to step up again and run for re-election of what it is like to be on the board. Below is a transcript of an offline interview between fellow election committee member Edwin and Gertjan highlighting what it’s like to be on the board of openSUSE.

Edwin: Would you like to tell us about your daily schedule and how does being an openSUSE Board member impacts on that?

Gertjan: To be fair, my daily schedule varies a lot, depending on what is on my table. Most of the time this leaves me with enough spare time to do board related things. But before I was on board, I spent that time in openSUSE too, i.e. forums, IRC etc., so the main impact on my daily schedule were the bi-weekly video conference calls. For the rest I just spread the spare time a bit differently. It does take a couple of hours though, on an average week.

Edwin: Do you still remember what motivated you to step up for Board candidacy the first time? And then why a second time?

Gertjan: O, yes, I do. I was asked by Richard whether I had ever considered running for board. My reply was “Hey, you know me, I’m the one that considers others to run”… Followed by a small discussion, a night of sleep, some others asking me to step up as a candidate. All in all, I felt I could not ignore all that, and at least see if the community would have me on board. So basically the community motivated me, and felt I had to go for it. The second time was not much different. And, in both cases, a huge motivation was the love I feel for the project and the people in its community.

Edwin: What was your first task as a Board member?

Gertjan: To read all the docs. Like many people, I had to find out that my impression of what the board does wasn’t accurate.

Edwin: What’s your best memory serving on the openSUSE Board?

Gertjan: Lots of good memories, but to summarize: The learning experience re. all the aspects of the openSUSE Project, the relationship with SUSE.

Edwin: Any negative incident that you recall and would like to share?

Gertjan: I do recall some, yeah. Most of them with the PRIVATE stamp all over them, but the thing I disliked most was me crossing ( a.o. my own ) lines on a couple of occasions.

Edwin: Could you tell us what is the biggest transformation / change in the openSUSE community that you witnessed after becoming Board member?

Gertjan: For me that would be the current process of getting some form of openSUSE Foundation on its feet.

Edwin: How is life as an openSUSE Board member?

Gertjan: Not too bad. I loved the biweekly video meetings, the F2F meetings, working together with people passionate about the project and the community.

Edwin: Any message or suggestion for members unsure about running for Board?

Gertjan: Don’t doubt, do it. It’s fun. And, the project needs you !!!

Edwin: Is there anybody you would like to nominate?

Gertjan: O, yes !!! Stasiek Michalski, a.k.a. hellcp, a.ka. LCP

Edwin: Would you still be involved in the project as your second and last term ends?

Gertjan: No doubt. I’m still a forums admin / mod, mod on Discord, Matrix, Facebook, so I’ll be around on those a bit more after my term ends. And who knows, I might go for another term next year.

So you can see there is no magic to being a board member the main criteria is to have a love for the project and a desire to move it forward. You don’t have to be a geek or niche expert, the project and the board needs all types of skill-sets so if you feel you have some free time and something to contribute jump in and put in your nomination, as Gertjan says “Don’t doubt, do it. It’s fun. And, the project needs you !!!”

This article was revised at 10:35 on Jan. 7, 2020.

As you might have noticed on our status page, our etherpad instance at https://etherpad.opensuse.org/ was updated to the latest version 3 days ago.

But this time,we did not only upgrade the package (which lives, btw, in our openSUSE:infrastructure project), we also migrated the underlying database.

As often, the initial deployment was done with a "just for testing" mindset by someone, who afterward left his little project. And - also as often - these kind of deployments suddenly became productive. This means - in turn - that our openSUSE heroes team suddenly gets tickets for services we originally did neither set up, nor maintain.

For etherpad, this means that we suddenly faced a "dirty.db" file of over 2GB in size, filling up the root-fs of the machine. Upstream even has a warning in their boot script, telling everyone that a dirty.db is NOT for production... :-/

The first try, using the dirty-db-cleaner.py script to reduce the size, did not finish after 2 days. So we decided to dump the data directly from the dirty.db into our Galera cluster. After fixing the initially created table scheme from MyISAM to InnoDB (Galera does not like MyISAM), the migration script took "only" 16 hours.

With this final migration, we hope to be prepared for the next update - and hope that this only takes minutes again.

After some weeks, I added bitcoin support on it thanks to the library NBitcoin (good work Nicholas!). After some months, I added a cross-platform UI besides the first archaic command-line frontend. These days it looks like this:

• Make it even more user friendly: blockchain addresses are akin to the numeric IP addresses of the early 80s when DNS still didn’t exist. We plan to use either ENS or IPNS or BNS or OpenCAP so that people can identify recipients much more easily.
• Implement Layer2 technologies: we’re already past the proof of concept phase. We have branches that can open channels. The promise of these technologies is instantaneous transactions (no waits!) and ridiculous (if not free) fees.
• Switch the GTK Xamarin.Forms driver to work with the new “GtkSharp” binding under the hood, which doesn’t require glue libraries. (I’ve had quite a few nightmares with native dependencies/libs when building the sandboxed snap package!)

• Integrate with some Rust projects: MimbleWimble(Grin) lib, the distributed COMIT project for trustless atomic swaps, or other Layer2-related ones such as rust-lightning.
• Cryptography work: threshold keys or deniable encryption (think "duress" passwords).
• NFC support (find recipients without QR codes!).
• Tizen support (watches!).
• Acceptance testing via UI Selenium tests (look up the Uno Platform).

• Flatpak support: unfortunately I haven’t had time to look at this sandboxing technology, but it shouldn’t be too hard to do, especially considering that there’s already a Mono-based project that supports it: SparkleShare.
• Ubuntu packaging: there’s a patch blocked on some Ubuntu bug that makes the wallet (or any .NET app these days, as it affects the .NET package manager: nuget) not build in Ubuntu 19.10. If this patch is not merged soon, the next LTS of Ubuntu will have this bug :( As far as I understand, what needs to be solved is this issue so that the latest hotfixes are bundled. (BTW I have to thank Timotheus Pokorra, the person in charge to package Mono in Fedora, for his help on this matter so far.)
• GNOME community: I’m in search for a home for this project. I don’t like that it lives in my GitLab username, because it’s not easy to find. One of the reasons I’ve used GitLab is because I love the fact that being open source, many communities are adopting this infrastructure, like Debian and GNOME. That’s why I’ve used as a bug tracker, for merge requests and to run CI jobs. This means that it should be easy to migrate to GNOME’s GitLab, isn’t it? There are unmaintained projects (e.g. banshee, which I couldn’t continue maintaining due to changes in life priorities...) already hosted there, so maybe it’s not much to ask if I could host a maintained one? It's probably the first Gtk-based wallet out there.

• Please don’t ask me to add support for your favourite %coin% or <token>.
• If you want to contribute, don’t ask me what to work on, just think of your personal itch you want to scratch and discuss it with me filing a GitLab issue. If you’re a C# developer, I wrote a quick F# tutorial for you.
• Thanks for reading up until here! It’s my pleasure to write about this project.

OpenBSD is a new beast for me. I’m still learning, experimenting, and trying out new things. Yesterday I was able to create 3 onion services on it quite easily but it takes time to learn the correct order of operations and to learn how to find out why things don’t work when you think they should.

A word about OpenBSD

OpenBSD isn’t friendly to newbies. The developers, users, and management work to make the best and most secure OS that they can. When you work with OpenBSD, it is assumed that you have at least a moderate to advanced amount of Linux or Unix knowledge and experience before starting and that you know how to read documentation, man pages, etc. Don’t bother asking for help unless you’ve done your homework first. Here’s an unedited quote from a recent mailing list post:

> I never read

Please stop wasting our time then.

Setting up Tor

It will become obvious in a minute, but it’s important to set up your Tor onion services first and your web server later. We will be setting up 3 onion services with 3 completely different addresses that have completely different websites associated with them.

First install Tor:

pkg_add tor

Enable the tor service:

rcctl enable tor

Here is my torrc file. It can be a little hard to see, but I enabled separate logging and debugging for Tor when I was working through this. If you don’t, it can be hard to see why something isn’t working. For example, mine kept failing but I couldn’t get a good error as to why until I did this. The reason was because I hand’t actually created the /var/tor/ directories nor set them to the correct permissions. I didn’t see that until I starting watching those logs.

Here is how I set up the configuration for each site. These are the directories that I forgot to create. They contain the public and private keys and the hostname for each onion service.

HiddenServiceDir /var/tor/site1
HiddenServicePort 80 127.0.0.1:8080

HiddenServiceDir /var/tor/site2
HiddenServicePort 80 127.0.0.1:8081

HiddenServiceDir /var/tor/site3
HiddenServicePort 80 127.0.0.1:8082

Each onion service is running internally on port 8080, 8081, or 8082, etc. This is the port that the actual OpenBSD OS will see running. However, tor will be expecting traffic to come in on the standard http port 80. You might be wondering how this works. Tor will be advertising my onion service on port 80. That traffic will come in via tor and get translated to the internal port that the OS will use.

Once I had this running correctly, I finally started tor.

rcctl start tor

Once tor is up an running, check each HiddenServiceDir for the hostname of each onion service. You will need them to test the web server.

Setting up httpd

OpenBSD has it’s own web server that comes with the standard installation called httpd. This is not the same as the Apache httpd that comes with Redhat or Ubuntu. This is a secure minimalist webserver which might actually be ideal for Onion services.

By default, you can’t just start the httpd service and have it running with a default configuration like you can with Apache or Nginx. You actually need to create an /etc/httpd.conf file first. Here is mine.

## Site 1

server "tpsh5cb4zl73pwymkkuopl4roibk4envf6k3ybdcdzuhuztrytsnxxqd.onion" {
listen on * port 8080
root "/htdocs/tpsh5cb4zl73pwymkkuopl4roibk4envf6k3ybdcdzuhuztrytsnxxqd.onion"
}

# Include additional MIME types
types {
include "/usr/share/misc/mime.types"
}

## Site 2

server "ueaireabdst7uqupz5dlrt5vhltgid3wyz4esgwd7buug7nc2absawyd.onion" {
listen on * port 8081
root "/htdocs/ueaireabdst7uqupz5dlrt5vhltgid3wyz4esgwd7buug7nc2absawyd.onion"
}

## Site 3

server "r6udfh5el5bigkpnh7twtsx3j6w6cxmyexlaa23vacqugq7jo6hxlryd.onion" {
listen on * port 8082
root "/htdocs/r6udfh5el5bigkpnh7twtsx3j6w6cxmyexlaa23vacqugq7jo6hxlryd.onion"
}

The first things is the define the name of the url that traffic will be coming in on. I got this from the onion hostname that was generated by tor. Secondly, that hostname needs to be matched with the internal port number that tor will be sending traffic to. Finally you need to tell the web server where to find the actual html that make up that website. I used the complete onion name for that directory. That’s not actually necessary but to me it is helpful. Be careful: although the line of code says “root” it is not the compete directory. htdocs is actually under /var/www/.

You can test your web server’s configuration without actually starting it by running:

httpd -n

Once you get a “configuration OK” status, you can enable and start it

rcctl enable httpd

rcctl start httpd

A really great resource for starting to work with this web server is here. I would suggest waiting 30 seconds or so after starting the web server to check the urls with the Tor Browser or you can check them directly using the internal ports with curl.

Final thoughts:

OpenBSD put security before performance.

OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems.

Security is not privacy and it is certainly not anonymity and yet these things work well together. This focus makes OpenBSD the right match for those who want to use Tor and why I will always suggest that people avoid Windows or Macs for those who are serious about privacy because they put those platforms put user experience and sales before anything else on top of being closed source.

Dear Tumbleweed users and hackers,

Happy new year! The year 2020 has started in full swing and I wish everybody a great new year!

For Tumbleweed, things have started off reasonably well: Snapshot 20200101 (first one of the year) has been published, and 0102 will be discarded. Ups But let’s step back a bit and do the review of the whole week (which was the crossing over of 2019 to 2020). In the last week, we have released a total of 6 snapshots! Ok, I admit, they were all rather ‘small’ updates, as many contributors are with their families and have better things to do than submitting breaking updates. The six updates released were, still from 2019: 1227, 1228, 1229, 1230 and 1231 and from 2020 the one mentioned earlier: 20200101. The snapshots contained these package changes:

• Ruby RSpec 3.9.0
• Wireshark 3.2.0
• Mozilla Firefox 71.0
• Rust 1.39.0

Obviously, with so many contributors on leave, the stagings that are actually in need of attention barely moved. So it is no big surprise that the list of ‘things being forged’ is largely unchanged:

• RPM 4.15: most issues are solved by now, one final piece of post-build-checks has been submitted and supposedly makes this acceptable soon
• Python 3.8
• systemd 244: mostly ready, but python-prompt_toolkit1 keeps on failing with this update
• Qt 5.14. Build and testing have been completed. There are some legal reviews pending
• Kubernetes 5.17: openQA still failing
• Linux kernel 5.4.x: Issues to be resolved in the used signing CA and the certificate in use.
• SQLite 3.30: python-django still failing, despite fix-patches added to sqlite
• Rust 1.40

I expect, with the holiday season mostly being over, to see an increase in submissions again. Let’s hope OBS will not meltdown under the pressure