Downtime on the afternoon of 3rd of August On 3. August, a few hours after a large migration performed within the maintenance window earlier that day, we experienced multiple downtimes while recovering from database inconsistencies. Date: 03.08.2023 Impact: Multiple downtimes throughout the day. Root Causes: Our database cluster ran out of available space during a large schema/data migration (#14597 - Migrate the remaining database tables and columns to utf8mb4) Trigger: Morning deployment and migration from...

One of the highlights of the syslog-ng 4.3.0 release is parallelize(). Normally, syslog-ng processes incoming messages from a TCP connection in a single thread. While this works fine with many connections, it is a bottleneck when using a single or very few high-traffic connections. Using parallelize() allows syslog-ng to process log messages from a single high-traffic TCP connection in multiple threads, thus increasing processing performance on multi-core machines.

As you will see, parallelize() helps when you have a single high-traffic TCP connection. In this case parallelize() distributes incoming messages to multiple threads, so resources are better utilized. However, when using many TCP connections, parallelize() only gives an extra overhead. Likewise, you don’t need to use parallelize() if you have a single low-traffic connection, as a single thread can handle the messages without being a bottleneck in that case.

Read more at https://www.syslog-ng.com/community/b/blog/posts/accelerating-single-tcp-connections-in-syslog-ng-parallelize

For a while Dirk Mueller was working in the background to get a sponsored CDN subscription. Thanks to his effort Fastly.com has agreed to sponsor the openSUSE project with bandwidth. We primarily intend to use it to improve the reachability (latency) of download.opensuse.org in various areas of the world, but of course can expand it to other usecases as well.

openSUSE-repos simplifies openSUSE repository management by utilizing Repository Index Service (RIS) for core distribution repositories and its latest update switches users to the new cdn.opensuse.org.

Change just landed in Tumbleweed, openSUSE Leap 15.5 users will receive it in the next few days via a maintenance update. The change will be available also as part of Leap Micro 5.5. Users who don’t want to wait can get it from Base:System/openSUSE-repos.

Installation of openSUSE-repos for your distribution

openSUSE-repos backs up and disables all default system repositories as long as they have original filenames. User-defined repositories will remain untouched.

Install the correct package for your distribution and you should be all set.

sudo zypper in openSUSE-repos-Leap

sudo zypper in openSUSE-repos-Tumbleweed

sudo zypper in openSUSE-repos-MicroOS

sudo zypper in openSUSE-repos-LeapMicro

About Repository Index Service

zypp supports RIS services which translate a (remote) repoindex.xml into (local) repository definitions. These definitions are identified by a prefix, in this particular case openSUSE: .

Example: /etc/zypp/repos.d/openSUSE:repo-oss.repo

Making a change like switching users to CDN takes a one-line change in the service template. Service template can reference zypp variables such as a new /etc/zypp/vars.d/DIST_ARCH.

# head /usr/share/zypp/local/service/openSUSE/repo/repoindex.xml
<repoindex ttl="0"
disturl="https://cdn.opensuse.org"
distsub="leap/"
distver="${releasever}"
debugenable="false"
sourceenable="false">

<repo url="%{disturl}/distribution/%{distsub}%{distver}/repo/oss"
alias="repo-oss"
name="%{alias} (%{distver})"
enabled="true"
autorefresh="true"/>

Let’s have a look at our services

# zypper ls # list-services
# | Alias | Name | Enabled | GPG Check | Refresh | Type
--+----------------------------------------+----------------------+---------+-----------+---------+-------
1 | openSUSE | openSUSE | Yes | ---- | Yes | ris
2 | NVIDIA | NVIDIA | Yes | (r ) Yes | Yes | rpm-md
3 | google-chrome | google-chrome | Yes | (r ) Yes | Yes | rpm-md

You may optionally use zypper ref -s to explicitly refresh services. You can manually trigger refresh the service including its repos with zypper refs -r.

If you’d experiment with your own services, /var/log/zypper.log will help you troubleshoot most of the service-related issues. See doc-o-o for more information about zypper and RIS.

Rollback

Users can restore old repository files by following instructions in the project README file.

System administrators (sysadmins) are the unsung heroes of technology, and the openSUSE Project is thankful for all the openSUSE heroes that help our project to function.

Sysadmins are responsible for maintaining the backbone of our technology. They work behind the scenes to maintain infrastructure, security, and overall functionality of computer systems.

SysAdmin Day is celebrated every year on the last Friday of July and is a special occasion that recognizes the crucial role they play in keeping our digital world operational.

Some of the responsibilities include tasks like Installing, configuring, and maintaining hardware and software. They ensure system security, troubleshoot and solve problems. These individuals continuously learn and adapt while building positive work environments. Some might answer the phone asking if you “have you tried turning it off or on”. :joy:

These projections’ efforts are essential to the smooth running of businesses and organizations of all sizes. Without sysadmins, the digital world would grind to a halt and so would several open source projects.

On this SysAdmin Day 2023, let us take a moment to thank these dedicated professionals; They deserve our appreciation.

Here are some ways to show your appreciation for your sysadmins on SysAdmin Day:

• Send them a gift from shop.opensuse.org
• Hand them a card or send email expressing your thanks
• Take them lunch or dinner.
• Buy them a beer

No matter what you choose, your sysadmins will be grateful for your kind gesture and show of appreciation.

Thank you sysadmins for keeping our digital world running smoothly.

Happy SysAdmin Day!

GUADEC 2023 is underway in Riga. It’s great to see people face to face after a long time. Kicked off the first day with an ADHD trip of a talk. Rather than putting links in my slides, where nobody has the chance of actually follow, I’ve assembled them here. Enjoy!

• Color Pallette. Useful tool to get GNOME colors across your toolchain.
• App Icon Preview. Design app icons.
• OS Component Website Template. A template to get your pixel art laden component website up and running in a nanosecond.
• Beziers. An epic video on the elegance and control over bezier curves, by Freya Holmér.

Dear Tumbleweed users and hackers,

This week is all in the spirit of some data center moves. OBS had been announced to have fewer worker powers and openQA is also in read-only mode, busy moving to a new home. This of course has some effect on the number of Tumbleweed snapshots: we won’t be publishing snapshots that cannot go through openQA. For this reason, we have only published 4 snapshots this week (0714, 0716, 0717, and 0718).

The most relevant changes contained in these snapshots are:

• Mozilla Firefox 1150.2
• audit 3.1.1
• Linux kernel 6.4.3 (with full lockdown enabled)
• Libvirt 9.5.0
• Freetype2 2.13.1
• krb5 1.21.1
• Poppler 23.07.0

Staging projects started getting crowded – mostly due to openQA being down and no tests being executed at the moment. The list of staged changes includes:

• systemd 253.7
• Rust 1.71
• Meson 1.2.0: enabled Python cache builds by default, resulting in a bunch of files section not matching anymore
• Linux kernel 6.4.4
• PHP 8.2.8
• Samba 4.18.5
• GCC 13.2

This week’s openSUSE Tumbleweed updates had changes for harfbuzz, xterm, Redis, Audacity and more

Snapshots have been rolling out consistently this week.

The 20230718 snapshot updated two packages. Changes in the pentobi 23.1 update include a fix for an issue related to overwriting game files on Android and the zlib-ng-compat 2.1.3 had improvements and implemented updates to make the library more robust and efficient. The data compression optimizer package also dropped a patch that was no longer needed with the upstream changes.

Among the packages to update in snapshot 20230717 was a new major version of ext shaping engine harfbuzz; the 8.0.1 version includes a number of new features like an experimental, WebAssembly (WASM) shaper, as well as a number of bug fixes. The shaper offers increased flexibility for shaping fonts by utilizing WebAssembly embedded within the font file, but the WASM shaper is disabled by default and needs to be enabled during the build process. There were also several optimizations with the package. Font render freetype2 2.13.1 had a number of new features and bug fixes. The most notable changes are the addition of a new function FT_Get_Default_Named_Instance , FT_GlyphSlot_AdjustWeight, which can be used to adjust the glyph weight either horizontally or vertically. The fuse3 3.15.1 includes a reduction in the default write size by half. An update of poppler 23.07.0 made improvements and addresses issues such as reading UTF8-with-BOM files, rendering malformed documents, and took care of crashes related to overprint preview and signature handling. An update of xterm 384 also corrected the rendering of double-width characters with bitmap fonts, and fixes problems related to Remote Graphic Instruction Set, including handling color initialization and whitespace for color values. Overall, the snapshot covered a common theme of improving and enhancing various packages related to font rendering, shaping, document handling, and terminal emulation. Several other packages updated in the snapshot including krb5 1.21.1 and rsyslog 8.2306.0.

Mozilla Firefox updated in snapshot 20230716. Version 115.0.2 had a number of bug fixes and a Common Vulnerabilities and Exposures fix. CVE-2023-3600 was a use-after-free vulnerability that could be exploitable through a crash. In the macvlan component of iproute2 6.4, a new parameter called bclim was added. The Linux Kernel updated to version 6.4.3 after a hold in openSUSE’s bugzilla with issue 1012628. Another package to update in the snapshot was libvirt 9.5.0. The new version includes important changes such as the ability to configure the discard-no-unref feature of the qcow2 driver in qemu, which is expected to reduce cluster fragmentation of the image. Other improvements were made in the handling of CPU compatibility and proper handling of memory slots for non-DIMM devices. Several other packages were updated in the snapshot.

Snapshot 20230714 updated redis to version 7.0.12, which took care of two CVEs. CVE-2022-24834 was related to Lua scripts that can be executed to perform various operations. The flaw would have allowed a specially crafted Lua script to trigger a heap overflow in the cjson library. The other, CVE-2023-36824, was related to extracting key names from a command and a list of arguments and, in certain cases, had an extraction process that could also trigger a heap overflow. An update of ibus-table 1.17.1 updated translations and function get_active_window_xprop() is expected to return an empty values as pointed out in a resolved Fedora issue. Added support for Python 3.12, and compatibility updates with the railroad-diagrams package was made in the python311-pyparsing 3.1.0 update.. Netfilter library libnftnl 1.2.6 introduced a new expression for routing tables and GTK4 map widget libshumate 1.0.4 had change to the download process during animations.

No packages received a new version is snapshot 20230713, but it had a small change with audacity that updated constraints for the RISC-V architecture. The glibc package also had a change to improve its functionality and reliability. Changes were also made so that the package is compatible with the latest GNU Compiler Collection 12 version, which were helpful for builds arriving later in the week. A change was made to the libguestfs package to resolve an issue with resolve an issue with finding the supermin tool.

Several years back, SUSE had provided the sources from SUSE Linux Enterprise for usage in openSUSE Leap to bring the experience and quality of openSUSE Leap and SUSE Linux Enterprise (SLE) to a new level. The contribution promoted openSUSE Leap as a development platform for communities and industry partners going forward, as the provided source […]

The post From openSUSE Leap to SUSE Linux Enterprise Server PAYG on Azure appeared first on SUSE Communities.

One of the returning questions I received recently: why contribute to the syslog-ng upstream? I guess it is a question many open-source projects receive regularly. There are many generic answers. Here I would like to focus more on syslog-ng, focusing on various parts of it.

Of course, the generic answers also apply. Syslog-ng is an open-source project, free to use, modify, and extend. By contributing, you can give something back and improve syslog-ng for everyone. You do not have to be a developer in order to contribute: bug reports, configuration examples, PatternDB rules are all very useful contributions.

Read more at https://www.syslog-ng.com/community/b/blog/posts/why-contribute-to-syslog-ng-upstream

This week brought KDE users of openSUSE‘s rolling release Tumbleweed updates for Frameworks and Gear along with several other updated packages.

Snapshots have been rolling out with various enhancements and bug fixes this week.

The more recent snapshot, 20230712, updated GNU Compiler Collection 13.1.1 and the changes related to the architecture levels for the Adaptable Linux Platform. A patch was also removed. The Linux Kernel also updated in the snapshot as kernel-source 6.4.2 addressed a Common Vulnerability and Exposure. CVE-2023-3269 addressed the lock handling for accessing and updating virtual memory areas. The tool to copy files cpio backported some upstream fixes, refreshed some patches and removed four patches. A few GNOME packages updated in the snapshot. Miscellaneous bug fixes along with some cleanup, and updated translations arrived in the gnome-shell 44.3; it also fixed a cursor offset issue with the magnifier. The 44.3 mutter had improvements to ensure the preferred monitor mode is always included and to avoid rapid toggling of dynamic maximum render time. It also fixes an issue with a dynamic maximum render time. Additionally, there are miscellaneous bug fixes and updated translations. An update of yast2-storage-ng 4.6.12 ensures that storage support packages are added correctly for MicroOS, which uses a custom partitions proposal client instead of another specific client. Several other packages were updated in the snapshot.

Only one package was updated in snapshot 20230710. The update of the one-time password toolkit oath-toolkit to version 2.6.8 brings some changes. The libpskc component was updated to address compatibility issues with a recent libxmlsec release, which ensures smooth operation and proper integration with the latest libraries. The authentication process in pam_oath was improved to avoid failure when pam_modutil_getpwnam is unable to recognize the user in a specific case. The self-test functionality for pam_oath was also enhanced.

Snapshot 20230709 brought an update of KDE’s Frameworks 5.108.0. With that, Kirigami had some bugfixes, improves some functionality, and enhanced the user experience by ensuring proper behavior of notifications and prioritizing user input events for a more responsive interface. The update of KIO restored compatibility with the Plasma file dialog and the previewjob now checks for the validity of thumbRootDevice before accessing it. These updates improve functionality, fix bugs, and enhance the user experience in KIO. The file indexing and file search package Baloo fixed a parameter name and had a change to correctly parse empty quoted strings. Another change improved performance of indexing files that are not yet indexed by dividing UnindexedFileIndexer into multiple smaller transactions. The only other package to update in the release was Xen 4.17.1. This updates addresses several upstream bugs that are documented in a Bugzilla issue. The update fixed two CVEs with CVE-2022-42335 and CVE-2022-42336 being resolved. The latter CVE addresses the mishandling of guest SSBD selection on AMD hardware, where a guest can under or overflow the per-core thread counter, resulting in ineffective attempts to set SSBD and causing potential security vulnerabilities.

Snapshot 20230708 saw a major version update and a version bump for a browser. The new inih 57 major enhanced functionality for handling unsigned values and reading 64bit integers; this expands the capabilities of the library and improves compatibility with different types of configurations. The KDE hex editor for viewing and editing the raw data of files, okteta, updated to version 0.26.12, which improves translations and resolves issues related to the export and saving functionalities. Mozilla Firefox 115.0.1, which the major version arrived earlier in the week, had a version bump.

KDE users received Gear 23.04.3 in snapshot 20230707. The Kdenlive video editor update fixes some disappearing effects from the timeline sequence and other synchronization issues. An update of kitinerary improves the handling of URLs and ensured that URLs are fully encoded when passed to the Android Application Programming Interface and QFile. Image viewer gwenview addresses a bug to prevent a crash in the exiv2 library. The KMail package had a change to prevent the removal of certain margins and updates the HTML characters for the subject field of email messages. Several other Gear packages updated in the snapshot, but only one other non-KDE package updated. The libstorage-ng 4.5.122 places prioritization of swap activation, which suggests that the handling of swap partitions are given higher priority, potentially resulting in more efficient swap utilization.

The newest major version of a browser was released in snapshot 20230706. Mozilla Firefox 115 can now migrate payment methods saved in Chrome-based browsers to Firefox. Hardware video decoding is enabled for Intel GPUs on Linux. The tab manager dropdown includes close buttons for quicker tab closing. Users without support for H264 video decoding can fallback to Cisco’s OpenH264 plugin. The hardware detection tool from openSUSE, hwinfo, also had a major version landing in the snapshot; the 23.1 version export symbols were adjusted to match the test case in yast2-hardware-detection and a compile warning related to Point-to-Point Protocol over Ethernet (PPPoE). An update of Python 3.11.4 fixes a few security flaws. The patch from CVE-2007-4559 was also dropped. An update of the power-sources package upower updates to version 1.90.1. Its changes include the detection and automatic disappearance of headsets with kernel batteries when turned off, which hides duplicate Logitech Bluetooth and wireless devices. Other packages to update in the snapshot were gnome-maps 44.3, gupnp 1.6.4, libxcrypt 4.4.35 and more.