Dear Tumbleweed users and hackers,

During this week we managed to release a snapshot every day. Granted, some were relatively small, but overall, there were some nice updates in the 7 snapshots published (0708…0714).

The most relevant changes were:

• Mozilla Firefox 102.0.1
• KDE Frameworks 5.96.0
• KDE Gear 22.04.3
• KDE Plasma 5.25.3
• Salt: fixed runtime with python-pyzmq update
• GNOME 42.3
• systemd 251.2
• GCC 12.1.1
• libvirt 8.5.0
• openSSL 1.1.1q (CVE-2022-2097, boo#1201099)
• Linux kernel: simpledrm has been re-enabled
• Perl 5.36.0

The queue is not very long, but that can change overnight. Currently, the things staged include:

• Linux kernel 5.18.11
• MicroOS Desktop “GNOME” reaches RC quality
• Pipewire 0.3.55 + patch: fixes an issue seen when switching TTY, when coming back sometimes has no active audio devices (boo#1201349)

 The VLOOKUP spreadsheet function by default requires the searched data to be sorted, and in that case it performs a fast binary search. If the data is not sorted (for example if it would be impractical to have the data that way), it is possible to explicitly tell VLOOKUP that the data is not sorted, in which case Calc did a linear one-by-one lookup. And there are other functions such as COUNTIF or SUMIF that essentially do a lookup too, and those cannot even be told that the data is sorted and so they processed the data linearly. With large spreadsheets this can actually take a noticeably long time. Bugreports such as tdf#139444, tdf#144777 or tdf#146546 say operations in such spreadsheets take minutes to complete, or even "freeze".

I wanted to do something about those for quite a while, as with the right idea making those much faster should be actually fairly simple. And the simple idea I had was to let Calc to sort the data first and then use fast binary search. These documents usually do lookups in the same fixed range of cells, so the linear search in the same unsorted data was rather a waste when done repeatedly. Surely Calc should be able to sort the data just once, cache it and then use that cached sort order repeatedly. In fact VLOOKUP already had a cache for results of lookup in the same area, used when doing lookup in the same row but different columns.

I finally found the time to do something about this when SUSE filled a bug to Collabora about their internal documents freezing on load and then crashing after 10 minutes. The LO thread pool class has a 10 minutes timeout as a safety measure after which it aborts, and the large number of lookups in the documents actually managed to exceed that timeout. So I can't actually say how slow it was before :), but I can quote Gerald Pfeifer from SUSE reporting the final numbers:

This work is available in LibreOffice 7.4, and the TDF bugreports show similar improvements. In fact tdf#144777, titled "countifs() in Calc is slower than Excel's countifs()", now has a final comment saying that MS Office 2021 can do a specific document in 26s and LO 7.4 can do it in 2s. Good enough, I guess :).

Vamos a ver un método para impedir que Akonadi de KDE arranque y nos abra procesos en nuestro sistema GNU/Linux

Akonadi, según la web de KDE es:

la responsable de proporcionar aplicaciones con una base de datos centralizada para almacenar, indexar y recuperar la información personal del usuario. Esto incluye correos electrónicos, contactos, calendarios, eventos, diarios, alarmas, notas,etc.

Es decir, una base de datos de información personal que utilizan varias aplicaciones propias de KDE como Kmail, Korganizer, KaddresBook, etc.

Muy bien, pero si yo no utilizo ninguna de estas u otras aplicaciones que necesitan de Akonadi, entonces ¿cómo puedo impedir que se abran procesos de Akonadi? Vamos a verlo…

Al final si quería acabar con Akonadi, iba matando los procesos que abría con kill, pero no encontraba en ningún sitio impedir que Akonadi se abriera, y como no lo necesito no quería que gastara recursos de mi máquina.

En la página de KDE dice que se puede detener el proceso mediante akonadictl stop pero que si cualquier servicio lo abre este se iniciará.

Y puede que haya aplicaciones como el reloj que se muestra en la barra, ya que lo usa para mostrar los eventos al pinchar sobre el y mostrarnos el calendario.

Estuve buscando en configuración del equipo y preferencias del sistema, busqué por la red cómo evitar que Akonadi se abra y no encontré nada, así que pregunté en el canal de Telegram cañas y bravas de KDE España para preguntar, debatir, compartir y aprender en español sobre la gran comunidad de KDE.

Y allí otro openSUSEro mítico (con esto quiero decir que ya es veterano en esto de GNU/Linux) con quien coincidí en la Akademy-es de Vigo, me dio la respuesta para impedir que Akonadi se abra.

Para ello editamos el archivo ~/.config/akonadi/akonadiserverrc y modificamos lo siguiente, StartServer=false

Guardamos, reiniciamos sesión y ya Akonadi no abrirá procesos inútiles para alguien como yo que no usa ninguna de sus aplicaciones.

The July syslog-ng newsletter is now on-line:

• RHEL 9 syslog-ng news
• How does the syslog-ng disk-buffer work?
• Installing syslog-ng on Microsoft Linux

It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-06-rhel-9-disk-buffer-microsoft-linux

Symptom

When posting a job using , you see an error message of the following kind:

$ openqa-cli api -X POST isos ...
403 Forbidden
Asset download requested but no domains passlisted! Set download_domains.

Solution

“Pass the SALT” (PTS) is a small IT security conference in Lille, France. It has less participants than speakers at the RSA conference. I gave talks at both events. RSA is a lot more prestigious event, but I still prefer PTS. Why?

Small Is Beautiful

As you could guess from my introduction, PTS is a small event. It is run by volunteers. It is also a free event thanks to sponsors. The small size has many advantages. There are not many parallel tracks competing for your attention. There is a main track and a workshop track. No need for buzzwords, for loud marketing of talks, as most people will be there anyway. Instead of attention seeking, speakers can focus on technical content.

The focus of PTS is open source security software. Which is a nice coincidence, as I work on two open source software projects. Sudo is definitely security focused, it lets you control access to your hosts and log access. While syslog-ng is not strictly security focused, it is also often used by infosec. Commercial software and services are of course mentioned by speakers while introducing themselves, but the focus is open source.

Small also means that there is a much stronger feeling of community than at larger events. The speaker’s dinner is fantastic. Not just because of the food served, but also because you can talk to many like-minded people who are experts in their fields. There are always some old friends, but new people as well. The various breaks and the social event also gave us lots of possibilities to discuss not just security, but also Life, the Universe and Everything :-) I always feel a bit lost when there are hundreds or thousands of people around me. However, at PTS I always feel comfortable. Of course, as a strong introvert, I still regularly need some time alone. The conference is in a beautiful environment, so it is easy to take a quick walk and recharge before the next block of talks starts.

Small also means much more and much better feedback after talks. With many parallel tracks most people are running to the next talks, once your talk is over. With just one track, even if there were two more talks without a break after my talk, people came to me to discuss sudo and syslog-ng in the breaks. The latest major version of sudo, 1.9.0, incorporated many of the feedback I received at Pass the SALT in 2019. This kind of in-depth discussions with users are almost completely missing at larger events.

sudo logs for blue teamers

My talk at PTS combined the two software projects I am working on. The primary focus was on the very latest sudo features that arrived in minor versions after the 1.9.0 release. Many of these are logging related, so I also included syslog-ng and demonstrated how you can work with sudo logs in syslog-ng. Based on the feedback I received at the conference, it is much easier to work with sudo logs, or JSON logs in general using syslog-ng than with most other logging software.

You can watch my talk at https://passthesalt.ubicast.tv/videos/sudo-logs-for-blue-teamers/.

However, if you are like me and hate videos, here is a blog covering most of the things I talked about at the conference: https://www.sudo.ws/posts/2022/05/sudo-for-blue-teams-how-to-control-and-log-better/

Some of my favorite talks

Every talk was really interesting, but of course not all of them were relevant to me. Below I collected some of my favorite talks from the conference:

CryptPad is an end-to-end encrypted collaboration solution. It provides many of the features of Google and Microsoft cloud tools, but it is fully open source and data is stored encrypted securely. With something like this I’d probably trust the cloud more to store my data, now I rather store sensitive data locally… https://cfp.pass-the-salt.org/pts2022/talk/LPMHUA/

I used containers when they were still called “FreeBSD jail” :-) So, I love the technology. Fedora is one of the pioneers of containerization on Linux. They have multiple operating systems based on a minimal read-only Fedora Linux that can be extended using containers. There are specific distributions targeting everything from IoT through desktops to servers. https://cfp.pass-the-salt.org/pts2022/talk/MTLGWL/

sslh is something I’m planning on trying. It allows servicing SSH and HTTPS from the same port. Many places block access to port 22, or even limit access to HTTPS. Using sslh can help in this situation. https://cfp.pass-the-salt.org/pts2022/talk/XTBQ73/

I have been using Suricata for many years. It is not really my job, I only use it out of curiosity, but it’s still a lot of fun. Especially because Suricata produces JSON formatted log messages, and syslog-ng is pretty good at working with JSON formatted logs. You can read my blog about working with Suricata logs in syslog-ng at https://www.syslog-ng.com/community/b/blog/posts/analyze-your-suricata-logs-in-real-time-using-syslog-ng. At the conference I participated both a talk and a workshop on Suricata: https://cfp.pass-the-salt.org/pts2022/talk/AGLDYH/ and https://cfp.pass-the-salt.org/pts2022/talk/BNNNQX/

As usual, one of my favorite talks came from Xavier Mertens. One of his earlier talks inspired the in-list() function of syslog-ng. This year, he talked about Cyberchef, a tool used to decode exotic data formats. Luckily, it’s not that often that I would need anything like this, but sometimes it could come in handy when trying to figure out what is hiding in my e-mails. https://cfp.pass-the-salt.org/pts2022/talk/8NDEN8/

Summary

I hope to be back next year again :-)

Una vez roto el hielo con el primer podcast del año, los chicos del podcast pequeño de KDE España parece que toman carrerilla. Me congratula presentaros que tenemos a nuestra disposición el episodio 12 de KDE Express, titulado Reencuentro fin de curso, una charla muy distendiida en la que aparecen noticias, eventos, lanzamientos, hardware, proyectos y aplicaciones.

Episodio 12 de KDE Express: Reencuentro fin de curso

Comenté ya casi hace un año que había nacido KDE Express, un audio con noticias y la actualidad de la Comunidad KDE y del Software Libre con un formato breve (menos de 30 minutos) que complementa los que ya genera la Comunidad de KDE España de forma casi mensual con sus ya veteranos Vídeo-Podcast que podéis encontrar en Archive.org, Youtube, Ivoox, Spotify y Apple Podcast.

De esta forma se llega al número 12 de su primera temporada que reccupera a su triada de presentadores: José Picon, Brais Arias y David Marzal, lo cual me alegra ya que es la prueba de sul compromiso con KDE en particulas y el Software Libre en general.

En sus palabras:

Nos ha llevado tiempo, pero volvemos a juntarnos los tres integrantes principales del podcast. Tenemos noticias, novedades y salseo.

Y, como siempre, os dejo aquí el listado de los episodios. ¡Disfrutad!

• KDE Plasma 5.25.2, lanzamiento de corrección de errores de junio
  • KDE Plasma 5.25.2 Released to Improve Flatpak Support, Present Windows Effect
• Plasma Mobile Gear 22.06 is Out
• Kdenlive 22.04.2
• DigiKam 7.7
• WINE: Theming support for Qt5 applications.
• Akademy será en Barcelona entre el 1 y el 7 de Octubre
• Akademy-ES 29 y 30 de septiembre
• Podcast KDE España 7.5×01 – KDE Eco
• Slimbook KDE IV a la venta! – KDE – Proximamente entrevista 😉

A mi me sigue gustando mucho, es rápido, directo al grano y muy dinámico, con lo cual es ideal para aquellos que les guste tener su pincelada de Kdeera en su podcaster. Evidentemente, no se profundiza en temas aunque si se da una visión muy personal de los mismos.

Por cierto, también podéis encontrarlos en Telegram: https://t.me/KDEexpress

La entrada Episodio 12 de KDE Express: Reencuentro fin de curso se publicó primero en KDE Blog.

openSUSE joins fellow open-source project Arch Linux in having up-to-date packages for the Nim Language and the statically typed, imperative programming language now has first-class Nim support in openSUSE.

The compiled programming language gives programmers runtime efficiency and combines successful concepts from mature languages like Python, Ada and Modula.

“Real software runs without an OS, but if yours needs one, choose one which offers first class Nim support. Like SUSE does.” , said Nim programming language creator Andreas Rumpf, when asked about openSUSE supporting up-to-date Nim from now on.

Rumpf created Nim back in 2005 and has recently published his book Mastering Nim covering each corner of this emerging programming language.

There are Nim packages built for x86-64, i586, ppc64le and ARM64 with openSUSE.

“Very excited to have the first Linux distribution announcing first-class support for Nim,” said Dominik Picheta, a Nim core developer and writer of the Nim in Action book. “Hope this opens the door for other distros to do the same.”

One of Nim strengths, besides the macro system and runtime efficiency, is its standard library, which is similar to other languages and covers most standard functionality; these include string handling and formatting, async code development, networking and even high-level language functionality (like the compiler itself) or NimScript, which is a subset of Nim specially built for scripting that can be embedded and executed at run-time.

Moreover, Nim comes with a wide range of tools included by default. The compiler allows the targeting of C, C++ and Javascript as its backend. There are a few tools included for easy development:

• nim compiler
• nimsuggest (support for language suggestions, autocompletion, error/issues detection, etc.)
• nimgrep (a powerful grep alternative with built-in Nim support to find symbols and inspect Nim codebases).
• nim-gdb wrapper (gdb support for Nim types)
• nimble (package manager)

There is automated testing for openSUSE builds. Generally availability for Nim with openSUSE involves upstreaming broken tests for specific architectures along with the backporting and upstreaming of security patches.

Nim has a very interesting and vibrant ecosystem of packages for easy development on many fronts; from web development to systems programming and scientific to data processing, to name a few. It’s possible to develop extremely fast and parallelized applications using Weave, develop both frontend and backend web applications fully in Nim by using Karax or Jester and to perform heavy computational math-based operations with ArrayMancer. On the playful side, Nim can be used to develop high-performance 3D visualizations and game development with Godot by using Godot-Nim as a bridge.

Even if developers only want to support another language, Nim allows a rich ecosystem of foreign function interface (FFI) technologies to interact with other languages. Besides the native support to interact with C and C++ codebases, it is possible to use Nim to easily build Python modules by using NimPy.

Developers can play around with Nim at https://play.nim-lang.org/ and can learn a bit about it in five-minutes.

A taste of Nim

import strformat

type
  Person = object
    name*: string # Field is exported using `*`.
    age: Natural  # Natural type ensures the age is positive.

var people = [
  Person(name: "John", age: 45),
  Person(name: "Kate", age: 30)
]

for person in people:
  # Type-safe string interpolation.
  echo(fmt"{person.name} is {person.age} years old")

Useful Links

• Development repository
• Compiler user guide
• Documentation
• Manual

Este mes parece que la gente de Slimbook no quiere dejar semana sin grandes novedades que comentar en el blog. En esta ocasión os presento el nuevo Executive, una versión renovada de uno de sus modelos top tanto por dentro como por fuera, ya que a la carcasa clásica de 14 pulgadas se ha añadido otra nueva de 16 pugadas. El pequeñín ha crecido.

Nuevo Executive de Slimbook, ahora con versión 16 pulgadas

Si hace unos días comenté que la empresa valenciana Slimbook había anunciado la renovación de su gama KDE Slimbook con la cuarta iteración, hoy me apetece hablar de su gama Executive, la cual destacaba por su potencia, autonomía y conectividad.

Como es habitual con esta empresa, cada cierto tiempo revisan sus dispositivos y en esta ocasión la renovación de esta gama ha sido realmente espectacular ya que además de mejorar los componenetes internos del ultrabook, han añadido un ultrabook de de 16 pulgadas que es una verdadera bestia.

De esta forma, la versión de 14 pulgadas ofrece con el procesador Intel i7-12700H, que viene con 20 hilos, con una pantalla única HiDPI de 2880×1800 píxeles y, a pesar de su delgadez, lleva una batería de 99wh, el máximo legal permitido en dispositivos portátiles por las leyes europeas.

Por otra parte, el Executive de 16 pulgadas repite procesador pero incorpora una increíble tarjeta gráfica dedicada NVIDIA RTX 3050 Ti con trazado de rayos. Al ser más grande, evidentemente, ofrece una pantalla 16:10 y con resolución 2560×1600 píxeles, que alcanza los 400nits y un sRGB cover 100%. Y aún así solo llega a los 1.5kg.

Las características comunes de los Slimbook Executive son las siguientes:

• Teclado: retro-iluminado
• Material: Magnesio y Aluminio
• Puertos USB 3.2 Gen1: 2
• Puertos USB-C 3.2 Gen2: 2
• Puertos HDMI 2.0: 1
• Memoria base RAM: 8GB 16GB
• Disco duro M.2 (Executive 14): 1 disco SSD M.2 NVMe a partir 250GB, 500GB, 1TB, 2TB, o 1x PCIe x2 + 1x PCIe x4
• Disco duro M.2 (Executive 16): Hasta 2 discos SSD M.2 NVMe de 250GB, 500GB, 1TB, 2TB (total 4TB), o 1x PCIe x2 + 1x PCIe x4, con posiblidad de RAID 0 y 1
• Tarjeta WIFI 6: Intel AX200
• Bluetooth 5.1
• Sonido: Altavoces 2x2W, Microfono integrado en webcam y conectores jack para auriculares y micrófono 2 en 1
• Entradas USB: 2 x USB-A 3.2 Gen1, 1x USB-C 3.2 Gen2 con salida de imagen (displayport 1.4), 1x Thunderbolt 4 con salida de imagen (displayport 1.4a) y carga del ordenador (90W o 120W, según modelo)
• Webcam 1080 HD con doble micrófono estéreo IR de detección de facial biométrica dedicada

¿Qué os parece? En mi opinión es espectacular.

La entrada Nuevo Executive de Slimbook, ahora con versión 16 pulgadas se publicó primero en KDE Blog.

Happens that I spent today (Finally) a good few hours trying to figure out why my autocompletion was broken on my new shiny MacBook Pro M1 Pro…

despite Homebrew’s brew doctor giving me the All OK.

foursixnine@pakhet ~ % brew doctor
Your system is ready to brew.

turns out that it was just the shell:

foursixnine@pakhet ~ % echo $FPATH
/opt/homebrew/share/zsh-completions:/usr/local/share/zsh/site-functions:/usr/share/zsh/site-functions:/usr/share/zsh/5.8.1/functions

My user’s shell is still being set to osx’s 5.8.1 zsh…

So after hours of searching on the internet to no avail, and scratching my head, I came back to my initial idea of just switching the shell::

echo "export PATH=/opt/homebrew/bin:$PATH" >> ~/.zshenv
sudo sh -c "echo $(which zsh) >> /etc/shells"
chsh -s $(which zsh)