Home Home > 2014 > 09
Sign up | Login

Archive for September, 2014

openSUSE booth at Akademy, now with a video

September 19th, 2014 by

To share a bit more about this long trip but worth to made it.
You can now enjoy the video clip made during this event.

Was a real pleasure to meet so numerous openSUSE users.

Next: openSUSE hardening

September 15th, 2014 by


Running the rolling openSUSE Factory has been smooth so far, no problems since the last post.

I have been involved in submitting new packages (ftop, dstat, some perl modules), patching other’s existing packages (dnsmasq) and of course taking after packages that I maintain (btrfsprogs). With a very few exceptions I’ve got done everything I needed, the exceptions were my rather silly mistakes. The damage is only the first few seconds when one realizes that the submit request was ‘rejected’. Don’t get bored by it, grab a coffee or go fix it later. Need to say the rejects are backed by a reason or explanation what’s wrong and what should be fixed in the next attempt. Learn from that, take notes, read the docs again. Once this becomes common, the amount of basic mistakes is near to zero, the self-checks become a routine. This makes a happy contributor and the distro maintainers too.

I recommend to skim the factory snapshots announcements, look at the changes or scroll down to the newly added ones. One day you can see your contributions there, go for it.

Before something goes to the Factory distro, the packages are getting ready in the devel projects. I’ve asked for maintainership of filesystems and benchmark projects and did some fixing in packages I use or at least recognize. The state of the projects is not ‘all-green’, build failures exist, but without some motivation I’m not rushing to fix them.

If you are interested (as a user) in a package from those devel projects, feel free to bug me about it. I can help with fixing build failures or submitting to Factory.


All of the above is a routine. A routine of making the distro better on the core side. There’s never enough of it and it may become boring (oh it does) over time. Out of the many research projects and experimenting I do, I decided to focus on one that’s definetely related to openSUSE, is fun, is important, useful and is not there yet.

openSUSE hardening!

“No way, really? But there’s AppArmor and SElinux enabled and the compile-time hardening options.

Yeah. I won’t repeat the arguments why AppArmor and SElinux are insufficient, functionally or usability-wise. So what’s left? Grsecurity, of course. Sadly openSUSE lacks even the unofficial grsecurity-patched kernels unlike Arch, Debian or Gentoo. Sadly2, the patched kernels are unofficial and will remain at that state until grsec is upstream. I don’t dare to predict if/when this will happen.

I’m aware of only the NetSecL distribution based on openSUSE that offered the grsec kernels, but it’s discontinued.

My hardening efforts got the codename openSUSE-gardening and are hosted in my github repository of the same name. The wiki contains more comprehensive information. It’s still work in progress and does not cover all topics in detail but should be enough to get started.

Quite unexpectedly, spender found the repo and gave it a bit of publicity on twitter. Thanks man 🙂

My plan was to update all relevant packages, test the kernels a bit, update the wiki and then post about that here. Nah, I got the right kick to do it now.

Quick start is really simple, a pattern that installs all necessary packages for a desktop use:

One-click install for 13.1
One-click install for Factory

Note, you’ll probably need to run linux-pax-flags before the first reboot, it will apply PaX flag exceptions, some binaries may crash due to the protections (like window manager processes, browsers). Once the zypper plugin is properly installed, the flags get updated automatically.

Warning: the patched kernel has not been extensively tested, works for me, might not work for you.

To be continued …

running an openSUSE booth at KDE Akademy 2014

September 14th, 2014 by


If running a booth is, for sure, an investment of time, energy and money (even if TSP contribute to help you), We often forget to say
how much it’s important for our community and project.

Booths makes openSUSE alive in all open source events! and it’s a great experience to live, for any of us.

Feel the beat!

I strongly believe that openSUSE has be to visible on events like KDE Akademy, Scale, Fosdem, Guadec.
It’s not a question of "Bang for the buck", than a simple obviousness:

  • Fosdem : the biggest open source event in Europe (perhaps in the world) with more than 5000 hackers visiting.
  • Scale : biggest event in North America with more than 3000 attendees
  • Guadec : The annual conference of Gnome Hackers with lot of worldwide attendees
  • KDE Akademy : This year with around 150 active contributors coming from all over the world.

The obviousness is: if openSUSE has no booth there, you just see Ubuntu and Redhat, and let’s add Debian, Mageia etc for Fosdem or Scale.

You all know how much I like our Geeko community. And when Akademy staff proposed us to run a booth, I said yes, great I will be there!
After comparing ways to go to Brno, the Geeko’s car was the less expensive, and allow me to pick the demo touch screen at SUSE Headquarter.
So I took a full week off and drive 2000 kilometers to make it happens.


Birdfont fonteditor for the rest of us

September 12th, 2014 by

Have you ever dreamed making your own unique font set. You get on it and seek for decent cheap or open source alternatives for making Truetype fonts  and  probably you find at least Fontforge. You are very happy and make you mind I’ll do my fonts with Fontforge. After a while you realize Fontforge is a Swiss army knife for making fonts in open source but you just wanted to create TTF, EOT or SVG font set. Weep no more you can use Birdfont. (more…)