Fri, Oct 27th, 2023

Apache, Plasma, firewalld updates in Tumbleweed

This week saw a major transition in openSUSE Tumbleweed for YaST as it moved to a new major version.

Several other packages like Apache, Redis, GVfs, Vim, KDE Plasma 5.27.9 and Frameworks updated in the rolling release this week.

KDE Plasma 5.27.9 arrives in snapshot 20231025. The latest update for the Plasma Desktop makes implements changes to avoid recursively adding every copied file to the desktop. Its recent files component ensures compatibility with an older Frameworks version of kconfigwidgets. Kwin resolves a misgenerated QHoverEvent and enhances functionality by adding QKeySequence functionality to a part of the Virtual Desktop Manager. An update of firewalld 2.0.1 resolves issues related to the command-line interface (CLI) by ensuring that the --list-all-zones output is consistent and that the default zone attribute is correctly displayed. Active attributes for zones and policies are shown accurately, and the --get-active-zones command includes the default zone. There were also enhancements in the nftables integration, so the main table is now always flushed upon the start. Several other issues were resolved, including the proper usage of IPv6 names for ICMPv6 and the configuration of IP ranges and values for ipsets when working with nftables. Updates for GNOME users also arrived in the snapshot. An update of gnome-control-center 45.1 includes enhancing the ability to close the Cursor Size and Shortcuts dialogs using the Escape key. It also supports more types of processors in the About section. A lower timeout when downloading service files, which leads to improved performance was made in the gnome-maps 45.1. This snapshot also updates gnome-terminal to version 3.50.1, which has checks for alternate terminals within the Flatpak environment and improves the handling of the headerbar preference. The second kernel-firmware of the month to version 20231019 fixes the robot email script, updates AMD CPU microcode and introduces support for sending emails during PR/patch processing. The 7.2.2 version of redis has a critical Common Vulnerability and Exposure fix; CVE-2023-45145 creates a race condition that potentially leads to unauthorized Unix socket permissions upon startup, which had existed since the 2.6.0 release candidate version. Several more packages were updated in the snapshot.

Snapshot 20231023 brought updates of some GNOME packages like gvfs, evolution and gnome-software 45.1. The latter update brings various styling fixes, an ability to report PackageKit GPG-related errors in the graphical user interface and it improves Flatpak permission checks. The update also includes translation updates. With evolution 3.50.1, the personal information management application fixes bugs like correcting the conversion of UTF-16 encoded text files, enabling spell checking for editable fields and updates default calendar colors. A fix warning about the failure to solve a puzzle when loading games was made in the gnome-sudoku 45.2 update. Another GNOME package to update was gvfs 1.52.1. This Virtual filesystem implementation addresses issues including the prevention of returning invalid mount cache entries in the client, fixes authentication problems when using DNS-Service Discovery Uniform Resource Identifiers (URI) and resolves IPv6 URI handling problems in the Network File System component. An update of harfbuzz 8.2.2 fixes a regression from 8.1.0 in shaping fonts with duplicate feature tags and resolves a regression from in parsing CSS-style feature strings. The update ofvirtualbox 7.0.12 addresses multiple CVEs like CVE-2023-22098, CVE-2023-22099 and CVE-2023-22100, which would lead to can lead to unauthorized access and system crashes. Several other packages were updated in the snapshot including rubygem-agama 5, which has enhancements like not reusing pre-existing swap partitions in the storage proposal, extends the Software service to configure selected patterns and adapts storage settings for ALP Dolomite.

The update of apache2 2.4.58 arrives in snapshot 20231022. Apache2 addresses CVE-2023-45802, which relates to stream memory management, and CVE-2023-43622, which addresses a DoS vulnerability. The updates include various improvements like enhanced support for WebSockets via HTTP/2 and the introduction of new directives for better control and logging in various scenarios. A update of ceph takes care of issues related to minimal file system BlueFS and enables a 4K allocation unit for it. The package also enables building for RISC-V. An update of dracut addresses issues related to FIPS (Federal Information Processing Standards) setup that was causing test failures and core dumps in various test scenarios. An update of the Linux Kernel had enhancements for Advanced Linux Sound Architecture among other things. The kernel-source 6.5.8 package has network-related component changes, such as net drivers and protocols, and addresses other issues with audio and sound support like that of ALSA System on Chip for a non-functioning mic on Lenovo 82YM. An update of pipewire 0.3.83 fixes a regression, reduces memory usage in audio conversion and removes the buffer-size limit with JACK. The update of xfce4-terminal 1.1.1 improves X11 and Wayland compatibility. Among the other packages to update were libstorage-ng 4.5.149, yast2-storage-ng 5.0.3, freerdp 2.11.2 and more.

The update of the man package 2.12.0 in snapshot 20231020 addresses manual page portability issues and enables timestamps beyond 2038 for the Y2K38 event that’s a long time away.An update of nftables 1.0.9 introduces improvements like custom conntrack timeouts and better support for dynamic sets. Plus it fixes a crash with a log prefix longer than 127 bytes. The sqlite3 3.43.2 update fixes memory leaks, and enhances the JSON processing performance. The version also adds support for Full-Text Search version 5 (FTS5) Indexes that allows for the deletion of indexed records without retaining the content of the deleted records. A ton of version 5 packages in the snapshot align YaST’s versioning with SUSE versions and the service packs it supports; more than 50 yast2 packages transitioned to version 5 to align with one of SUSE’s next major releases.

KDE Plasma users who did a zypper dup with snapshot 20231019 and later received KDE Frameworks 5.111.0 updates. The KIO made improvements to dbusactivationrunner’s service activation and fixes some object paths. A fix in Kirigami allows customizing ‘donateUrl’ in AboutPage for Donate button removal. KImageFormats brings support for repetition count in the avif format, has fixes for multi-image loading in the raw format, and resolves various issues, including crashes in the High Dynamic Rang and Gimp’s xcf formats. The libnvme 1.6+5 update fixes an issue by avoiding stack corruption caused by unaligned direct memory access to user space buffers, as reported. The regular expressions library oniguruma updates to version 6.9.9 in the snapshot. This update includes updating Unicode to version 15.1.0, introducing a new API called and, addressing issues related to character classes and POSIX brackets. Rendering library virglrenderer had its first major release with version 1.0.0. The update transitions to the Venus protocol, eliminating the experimental label from the Venus configuration option. This release also improves the handling of fences between guest and host for synchronization purposes. More major versions of YaST 5 arrived and there were a few other updates to include a 4.19.2 version of samba.

Only three packages updated in snapshot 20231018 from last week that did not make it in our weekly review. That update includes enhancements and improvements to the kernel module management tools kmod; version 31 includes in-kernel decompression for performance and depmod now supports a separate output directory. Another package to update was python-pytz 2023.3.post1 that is replacing deprecated datetime.utcfromtimestamp() and is adding support for Python 3.12. Text editor vim 9.0.2043 was also in the snapshot and enhances documentation, translations and provides a few fixes.

Thu, Oct 26th, 2023

Colorful HIG

The refresh of the Human Interface Guidelines in both the content and presentation is something to be proud of, but there were a couple of areas that weren’t great. Where we don’t quite shine in the area of blueprint illustration style is the contrast for the dark mode. While in many cases a single graphic can work in the two contexts just fine, in other it struggles. And while we tried to address it in the HIG, it became clear we do need to do better.

Low contrast for HIG blueprint illustrations

Inline SVG Stylesheet

there’s a little trick I learned from razze while working Flathub — a single favicon working in both dark and light mode can be achieved using a single SVG. The SVG doesn’t have inline defined fills, but instead has a simple embedded <style> that defines the g,path,rect,circle and whatnot element styles and sets the fill there. For the dark mode it gets overriden with the @media (prefers-color-scheme: dark){} rule. While generally favicons are a single color stencil, it can work for fullcolor graphics (and more complex rules):

  rect.fg { fill: #5e5c64; } { fill: #fff; }
  @media (prefers-color-scheme: dark) {
    rect.fg { fill: #fff; } { fill: #5e5c64; }

This made me think of a similar approach working for inline images as well. Sadly there’s two obstacles. While the support for inline stylesheets in SVGs seems to be quite wide among browsers, Epiphany only seems to respect prefers-color-scheme when using the image directly (or the favicon case), but didn’t seem to work when emebded inside and html page as <img>.

The more severe issue is that producing such SVGs is a little cumbersome as you have to clean up the document generated by Inkscape, which likes to use fill attribute or inline css in style. While it generally doesn’t remove markup, it will reformat your markup and you will be fighting with it every time you need to edit the SVG visually rather than inside a text editor.

HTML5 Picture

For inline images, the approach that seems more straight forward and I’ve taken on many occasions is using the HTML5 <picture> element. It works great for providing dark mode variants using source with a media attribute as well as a neat accessibility feature of showing non-animated image variant for people who opt out:

    <source srcset="static.png" 
        media="(prefers-reduced-motion: reduce)" />
    <img src="animated.gif" />


GNOME Human Interface Guidelines are written in restructured text/Sphinx, however. Escaping to html for images/pictures would be quite cumbersome, but luckily dark mode is supported in the furo theme (and derivates) using the only-light and only-dark classes. The markup gets a little chatty, but still quite legible. There’s some iterations to be made, but in terms of legibility it’s finally a bit more accessible.

New HIG light New HIG dark

Wed, Oct 25th, 2023

Best wget options to fully mirror a site

Lately I needed to mirror a website as fully as possible, and ended up researching a bit more than my previous times I’ve done so. Here I’m just dropping a note that I ended up doing the following:

wget -mkxp --adjust-extension -e robots=off

Here -m is:

-r -N -l inf --no-remove-listing

or in long form:

--recursive --timestamping --level inf --no-remove-listing

and the rest ie -kxp are, in the same order

--convert-links --force-directories --page-requisites
YaST Team posted at 11:00

Announcing Agama 5

We are aware that the time between Agama releases is usually too long. Recently, we committed to increase the frequency, although it means having smaller releases. You know, “release early, release often”.

Agama 5 includes some changes we have been working on for some time, like a translated web interface or a software patterns selector. Additionally, it introduces a change in the storage area to not reuse pre-existing swap partitions. And last but not least, now you can boot Agama Live via PXE.

Translated web interface

Until now, Agama web interface was only available in English. However, this new release allows you to select a different language and it is now available in another four languages: Dutch, Japanese, Spanish and Swedish. Kudos to Natasha Ament, Yasuhiko Kamata, Victor hck and Luna Jernberg for this first round of translations. Much appreciated!

Language selector

If you are interested, please, consider helping with the translations. The openSUSE localization guide might be a good starting point. :wink:

You can check the pull request #796 if you are interested in the technical details.

Bear in mind that selecting a different language does not affect the system you are installing. For that matter, we have started to work on a better “Localization” page that will allow selecting a language, a keyboard layout and a timezone for the system to install.

Patterns selection

An important feature that we have been postponing for some time is customizing the software selection. We do not want to bring back complex and specific concepts, like system roles, so we decided to start with a prototype that shows the list of available software patterns.

Agama 5 ships a new software patterns selector, as shown in the screenshot below, although it is still a work in progress. However, it is even more important the discussion we have opened about this topic in the openSUSE Factory mailing list. Please do not hesitate to join if you have anything to say.

Software patterns selector

Technical details? You can find them in #792, #762, #770 and #772.

Do not reuse pre-existing swap partitions

When proposing a storage layout, Agama reuses pre-existing swap partitions. This behavior was introduced in YaST just for backward compatibility with old versions and was inherited by Agama. However, we decided that Agama should stop doing this because it is confusing. Now, pre-existing swap partitions are not reused.

Check #806 for further details and screenshots.

Booting via PXE

Since the earlier releases of Agama Live, it became clear that we needed a way to boot the installer using PXE. Recently, we started to build the images you need for that. The agama-live package contains some notes about how to grab them from openSUSE Build Service.

This feature relies on Kiwi, so it can be used by anyone who commits to create a real installation media based on Agama in the future. After all, Agama Live was built for demonstration purposes.

Other changes

  • Add a label in the storage section to indicate whether a Btrfs system will be transactional (#789).
  • Set more restrictive permissions to the archive generated by the agama logs store command (#812).
  • Update to Patternfly 5.1 (#800).

Transactional Btrfs indicator

Trying Agama 5

The best way to try Agama is to download one of the two variants (ALP or openSUSE) of the Agama Live devel ISO. This image is built in the systemsmanagement:Agama:Devel OBS project and is updated each time we release a new version.

Are you interested in the bleeding edge? The ISO in the systemsmanagement:Agama:Staging OBS project is for you because it is built automatically from the code on Agama’s Git repository.

What’s next

Agama 6 is already under development and we expect to have another version ready by the end of November. For that release, we expect more changes in the internationalization area, support for the SUSE Customer Center and the possibility of selecting how to make space for your new system. Additionally, we are working on making it easier to tweak Agama’s configuration.

We appreciate opinions and feedback. Feel free to contact the YaST team at the YaST Development mailing list, our #yast channel at or even the Agama project at GitHub.

Stay tunned!

openSUSE to have Logos Competition

The openSUSE Community is pleased to announce a logo competition for a new openSUSE logo as well as four openSUSE distributions; Tumbleweed, Leap, Slowroll and Kalpa.

You read that correctly; the openSUSE Community is considering a new, distinct openSUSE logo to represent the project; essentially, a new chameleon-inspired design. This new logo should complement the brand identity of the openSUSE Project with its distributions. The color green (#73ba25) is reserved as the primary logo color for the project, but color suggestions for distribution logos are welcome.

There have been discussions of a new openSUSE logo over the years, but the timing to transition to a new logo wasn’t ideal, until now. As openSUSE’s logo is similar to SUSE’s old logo and the project is experiencing a transitional period, now seems like a logical time to have the competition along with the four distribution logos. This should provide an opportunity to strengthen the visual identity of the openSUSE brand and make it discernible and cohesive with its other logos.

The current Tumbleweed logo’s wide shape and thin lines have caused visibility and recognition issues, which we aim to avoid with a new Tumbleweed logo. The Leap logo doesn’t have the same issues, but members of the community felt the option should be available to submit a new logo for Leap.

The intent of the competition is to have the logo designs visualize a unified brand. Newly added openSUSE Distribution logos are designed with simple shapes and lines for uniqueness and interest, typically as empty outlines, although the possibility of using fill is not excluded. The logos use a 16u square canvas with a 1u stroke width, maintaining a relatively square aspect ratio.

openSUSE is a community-driven Linux project that develops, builds and maintains many software packages, tools and infrastructure for its distributions.

Tumbleweed is a pure rolling-release Linux distribution with tested versions of the newest stable software.

Leap is a reliable open-source Linux distribution with a focus on stability for desktops and servers.

Slowroll is an experimental distribution based on Tumbleweed, but has a slower release pace. Big updates come every one or two months, and continous bug fixes and security fixes gradually come in moving toward the big updates. The Slowroll logo should not directly mimic the Tumbleweed logo to maintain differentiation among the distributions from the same source.

Kalpa is the KDE Plasma MicroOS Desktop distribution that is gradually advancing from its Alpha state, and receives updates as a subset of Tumbleweed. While Kalpa has a close relationship with Aeon, their logos should be distinct. Gears and the letter K motifs are acceptable for Kalpa, but it cannot directly use KDE trademarks.

An element of the competition, as stated above, is the desire for submitted logo designs to be similar and integrate well with the newer project logos like Aeon (a GNOME MicroOS Desktop distribution), MicroOS and Leap Micro. There is a desire for all the logos together to show a cohesive brand identity for openSUSE and its distributions.

The logos will be selected for the marketing material at events, on its websites as well as on clothing. All the logos submitted will be voted on using

To establish the official logo for the Project and distribution going forward, current logos of openSUSE, Tumbleweed, and Leap, must be submitted just like the others. The rules of the contest can be found at

The competition starts on Nov. 1.

The winners will receive a “Geeko Mystery Box” as a reward for their creative designs.

The deadline is Nov. 22.

The Rules of the Contest are as follows:

  • The logo should be licensed under CC-BY-SA 4.0 and allow everyone to use the logo without attribution (BY) if your work is used as a logo for the openSUSE Project. Note that the attribution is going to be shown on the project’s websites.
  • Design must be original and should not include any third party materials.
  • Both monochromes and color formats are essential for submission.
  • Submissions must be in SVG format.
  • Design should reflect the openSUSE communities.
  • The logo should avoid the following things:

    • Brand names or trademarks of any kind.

    • Illustrations that may consider inappropriate, offensive, hateful, tortuous, defamatory, slanderous or libelous.

    • Sexually explicit or provocative images.

    • Violence or weapons.

    • Alcohol, tobacco, or drug use imagery.

    • Discrimination based on race, gender, religion, nationality, disability, sexual orientation or age.

    • Bigotry, racism, hatred or harm against groups or individuals.

    • Religious, political, or nationalist imagery.

  • The branding guidelines will be helpful to design your logo (optional)

Please submit your design by doing the following:

  • Email:
  • Subject: openSUSE/Tumbleweed/Leap/Kalpa/Slowroll – [your name]
  • Your name and mail address to contact
  • Vector file of the design with SVG format ONLY.
  • Post a PNG of the design under the openSUSE, Tumbleweed, Leap Slowroll, or Kalpa headings on
  • File size less than 512 KB.
  • Text about philosophy of the design

The designs that are submitted will be added to a survey where the community can vote on the submitted logo designs. The final decision will be made at an openSUSE Community meeting and it may not be the highest scored design.

We recommend the artist to use Inkscape, a powerful, free and open source vector graphics tool for all kinds of design.

Join others on openSUSE’s Marketing Telegram Channel if you want to chat with people about the designs.

Mon, Oct 23rd, 2023

Ender3 Stuck at Heating Extruder

I have been having this frustrating occurrence with my Ender3 where the machine will get stuck at Extruder Heating, before it begins the printing process and just sit there. I looked up solutions for the problem and I read more than once that it was a failed MOSFET that would have to be replaced or … Continue reading Ender3 Stuck at Heating Extruder

Prospect Mail | Best Microsoft Outlook Experience on openSUSE

I think it’s terrible when “best” is ever used in a title, but I have to say that this is absolutely true, at least, calling it the best experience for me. I’ve not really been a huge fan of Outlook due to some of its quirky behavior and the technical support that I have had … Continue reading Prospect Mail | Best Microsoft Outlook Experience on openSUSE

Sun, Oct 22nd, 2023

openSUSE Tumbleweed Endures 18 Month Update Gap

I am continually impressed by the tolerance that openSUSE Tumbleweed has to delays between updates. The recommendation is weekly, maybe bi-weekly to keep your system up to day. It is NOT a good idea to go much more than a month but I have been sloppy from time to time. The great thing about Tumbleweed … Continue reading openSUSE Tumbleweed Endures 18 Month Update Gap

Fri, Oct 20th, 2023

openSUSE Tumbleweed – Review of the week 2023/42

Dear Tumbleweed users and hackers,

Week 42 has been a busy one for Tumbleweed. A total of 6 snapshots have been released (1012, 1013, 1015, 1016, 1017, and 1018). Quite a few interesting discussions are also happening on the factory mailing list (e.g. Agama as the future installer, how to interact with patterns, and such).

But let’s look first at the updates you received during the last week:

  • KDE Gear 23.08.2
  • cURL 8.4.0
  • Zypper 1.14.66
  • Freetpe 2.13.2
  • Pipewire 0.3.81
  • Qt 6.6.0
  • Samba 4.19.1
  • Node.JS 20.8.1

Looking into the future, we know of these things being worked on at the moment (mainly due to pending submit requests that we have in staging right now):

  • KDE Frameworks 5.111.0
  • Samba 4.19.2
  • Linux kernel 6.5.8
  • Binutils 2.41
  • moving to dbus-broker
  • Removal of /run/utmp and /var/log/wtmp (See mailing list thread)

All Things Open 2023

All Things Open (ATO) is one of my favorite conferences. This week I had the privilege to be in Raleigh, NC for the third time, and give a talk at the conference for the fourth time. I participated not just ATO, but the Community Leadership Summit. Both events were fantastic. I learned a lot, and also realized that many others have the very same problems as I have. I also had a slight overdose of AI :-)

Why I like ATO?

Normally I prefer small events, like Pass the Salt. Small events are more comfortable, have more discussions, more interactions between participants. Large events are noisy, and if you are an introvert (like me), then it’s hard to engage in meaningful interactions with others.

Why do I like to attend ATO then? Obviously, there is noise, lots of it. But no matter how shy I am, I have tons of good discussions both with sudo/syslog-ng users and with completely random participants.

How is it possible? I guess it can be attributed to many things. First and foremost, Todd Lewis, who founded this event 11 years ago, and has kept running it ever since. He keeps saying “Thank you” to everyone, and he means it. Last time we met was four years ago. When we ran into each other on the corridors, he remembered my name, where I am coming from, which events I participate and about my talk too. And he thanked me for being here at ATO.

The name of the conference includes the word “open”. It does not only refer to open source, but also to being open minded. I talked to dozens of people during ATO, and everyone was fully open minded. I cannot find the website boasting it anymore, but once I read that the Research Triangle is the highest average IQ area of the whole US. I do not know how much of it is true, but I met a lot of bright people here. Everyone I talked to was open to new ideas, and no discussions were side tracked by endless ranting about software licenses, closed source software, or other creations of the devil…

Community Leadership Summit

On the first day I participated a co-located event, the Community Leadership Summit. After the opening thoughts of Jono Bacon, the conference had a rather unconventional format, discussion groups. These sessions are lead by volunteers, who introduce their topic, and also make sure that the discussion is kept on track.

To me the main message was that around the world many community leaders have the very same problems as I experience. And I learned about problems I definitely want to avoid. Just to name a few:

  • If you invest time and energy into an open source community, it will usally have positive effects after 3-5 years.
  • Building up trust, and the community based on this trust, is a lenghty process. Destroying this trust is a rapid process…
  • If you abandon investing in your community, it still might go on for a few years, even grow for a while, but you lose trust and users over time, and it will be difficult to win them back.
  • There are no metrics to demonstrate, how your open-source software improves the sales of your commercial offering. Even if there are direct connections, sales often tries to hide the evidence.
  • There are software to measure the health of open source communities by measuring developer activity, support forum activity, etc., but they answer only part of the questions, and any measurement can easily lead to false results (daily user activity jumping 100x could easily mean a technical problem in a new release).

AI, OpenTelemetry and other topics

One of the returning topics at the conference was AI and LLM. It is a huge and contradictory topic, and it was also reflected in the talks. There were many opposing opinions:

  • AI is not evil, but of course it can be misused.
  • AI is evil, doomed to fail, but open source AI might be good.
  • AI is good for math and coding, but not for generic questions.
  • AI might be good for generic questions, but proven to fail with basic math on the eight largest AI services.

My personal view is a mixture of these: AI might be useful in some cases, but gives useless answers in many cases. It is far from perfect, but getting better. There is a strong need for open source: not just AI software, but also training data. So, all pieces are out in the open to experiment with.

The talk by Frank Karlitschek of NextCloud provided probably the most balanced view: The recording of this talk should be available soon.

Another topic, which came up both in a dedicated talk, and as part of other topics: OpenTelemetry. When it comes to Kubernetes, but even without it (FreeBSD users were asking for OpenTelemetry support), OpenTelemetry is an emerging new standard embraced by many large and smaller organizations for collecting logs, metrics and traces. Support for OpenTelmetry was added to syslog-ng by Axoflow. It has some rough edges, like difficulty to compile, OS support is really limited, however it is definitely a step into the right direction.

The conference had several social events to help networking. I had many good discussions. Of course my favorite was about syslog-ng. Recently I have seen a lot of activity around syslog-ng in the OpenNMS. I put it on my To-do list to take a closer look. As it turned out, my discussion partner worked on OpenNMS for over eight years!

Unfortunately some of the best talks were not recorded: communication skills for developers and developer advocates, monetizing open source, and talking about open source with your managers. As I have lived and breathed open source for almost 30 years now, much of these were nothing new for me. However, these were very well written talks, and would be fantastic if they could reach a lot larger audience.

My talk

This year I talked about sudo at ATO: It went pretty well, even with jet lag. I received many good questions about sudo functionality during and after my talk. English is not my native language, so I was especially happy that the audience was laughing when I improvised a few jokes on stage :-)

My talk was not recorded, however not everything is lost. All topics I talked about at the conference are covered in the sudo blogs at

Sudo logo

Thank you!

Finally, I want to say “Thank you!” to many people. To Todd Lewis for organizing this event, to the volunteers and sponsors, who made it happen. And of course to all people who came to my talk. I hope you did not just learn something new about sudo, but that you will also implement these in your own environment.

I hope to see you again next year! :-)