OpenSuSE Conference 14 in Dubrovnik, Croatia

I had the pleasure to be invited to the 2014 edition of the OpenSuSE Conference in Dubrovnik, Croatia. That event was flying under my radar for a long time and I am glad that I finally found out about it.

The first thing that impressed me was Dubrovik. A lovely city with a walled old town. Even a (rather high) watch tower is still there. The city manages to create an inspiring atmosphere despite all the crowds moving through the narrow streets. It’s clean and controlled, yet busy and wild. There are so many small cafΓ©s, pubs, and restaurants, so many walls and corners, and so many friendly people. It’s an amazing place for an amazing conference.

The conference itself featured three tracks, which is quite busy already. But in addition, an unconference was held as a fourth track. The talks were varying in topic, from community management, to MySQL deployment, and of course, GNOME. I presented the latest and greatest GNOME 3.12. Despite the many tracks, the hallway track was the most interesting one. I didn’t know too many faces and as it’s a GNU/Linux distribution conference which I have never attended before, many of the people I met had an interesting background which I was not familiar with. It was fun meeting new people who do exciting things. I hope to be able to stay in touch with many of them.

The conference was opened by the OpenSuSE Board. I actually don’t really know how OpenSuSE is governed and if there is any legal entity behind it. But the Board seems to be somehow elected by the community and was to announce a few changes to OpenSuSE. The title of the conference was “The Strength to Change” which is indeed inviting to announce radical changes. For better or worse, both the number and severity of the changes announced were limited. First and foremost, handling marketing materials is about to change. A new budget was put in place to allow for new materials to be generated to have a much bigger presence in the world. Also, the materials were created by SuSE’s designers on staff. So they are considered to be rather high quality. To get more contributors, they introduce formalised sponsorship program for people to attend conferences to present OpenSuSE. I don’t know what the difference to their Travel Support Program is, though. They will also reimburse for locally produced marketing materials which cannot be shipped around the world to encourage more people to spread the word about OpenSuSE. A new process will be put in place which will enable local contributors to produce materials up to 200 USD from a budget of 2000 USD per quarter. Something that will change, but not just yet, is the development and release model. Andrew Wafaa said that OpenSuSE was a victim of its own success. He mentioned the number of 7500 packages which should probably indicate that it is a lot for them to handle. The current release cycle of 8 months is to be discussed. There is a strong question of whether something new shall be tried. Maybe annual releases, or even longer to have more time for polish. Or maybe not do regular releases at all, like rolling releases or just take as long as it takes. A decision is expected after the next release which will happen as normal at the end of this year. There was an agreement that OpenSuSE wants to be easy to contribute to. The purpose of this conference is to grow the participants’ knowledge and connections in and about the FLOSS environment.

The next talk was Protect your MySQL Server by Georgi Kodinov. Being with MySQL since 2006 he talked about the security of MySQL in OpenSuSE. The first point he made was how the post-installation situation is on OpenSuSE 13.1. It ships version 5.6.12 which is not too bad because it is only 5 updates behind of what upstream released. Other distros are much further away from that, he said. Version 5.6 introduced cool security related features like expiring passwords, password strength policies, or SHA256 support. He urged the audience to stop using passwords on the command line and look into the 5.6 documentation instead. He didn’t make it any more concrete, though, but mentioned “login paths” later. He also liked that the server was not turned on by default which encourages you to use your self-made configuration instead of a default one. He also liked the fact that there is no pre-packaged database as that does not configure users that are not very well protected. Finally, he pointed out that he is pleased to see that no remote access is configured in the default configuration. However, he did not like that OpenSuSE does not ship the latest version. The newest upstream version 5.6.15 not only fixes around 25 security problems but also adds advanced AES functionalities such as keys being bigger than 128 bits. He also disliked that a mysql_secure_installation script is not run after installation. That script would put random passwords to the root account, would disallow anonymous access, and would do away with empty default passwords. Another regret he had was that mysql_config_editor is not packaged. That tool would help to get rid of passwords in scripts using MySQL by storing credentials in encrypted files. That way you would have to protect only one file, not a lot of scripts. For some reason OpenSuSE activates the “federated plugin” which is disabled upstream.
Another weird plugin is the archive plugin which, he said, is not needed. In fact, it is not even available so that the starting server throws errors… Also, authentication plugins which should only be used for testing are enabled by default which can be a problem as it could allow someone to log in as any user. After he explained how this was a threat, the actual attack seems to be a bit esoteric. Anyway, he concluded that you get a development installation when you install MySQL in OpenSuSE, rather than an installation suited for production use.

He went on to refer about how to harden it after installation. He proposed to run mysql_secure_installation as it wouldn’t cause any harm even if run multiple times. He also recommended to make it listen on specific interfaces only, instead of all interfaces which is does by default. He also wants you to generate SSL keys and certificates to allow for encrypted communication over the network.

Even more security can be achieved when turning off TCP access altogether, so you should do it if the environment allows it. If you do use TCP, he recommended to use SSL even if there is no PKI. An interesting advice was to use external authentication such as PAM or LDAP. He didn’t go into details how to actually do it, though. The most urgent tip he gave was to set secure_file_priv to a certain directory as it will restrict the paths MySQL can write to.

As for new changes that come with MySQL 5.7, which is the current development version accumulating changes over 18 months of development, he mentioned the option to log to syslog. Interestingly,
a --ssl option on the client is basically a no-op (sic!) but will actually enforce SSL in the upcoming version. The new version also adds more crypto functions such as RANDOM_BYTES() which interface with the SSL libraries. He concluded his talk with a quote: “Security is like plastic surgery. the more you invest, the prettier it gets.”.

Michael Meeks talked next on the history of the Document Foundation. He explained how it used to be in the StarOffice days. Apparently, they were very process driven and believed that the more processes with even more steps help the quality of the software they produced. He didn’t really share that view. The mind set was, he said, that people would go into a shop and buy a box with the software. He sees that behaviour declining steeply. So then hackers came and branched StarOffice into OpenOffice which had a much shorter release cycle than the original product and incorporated fixes and features of the future version. Everyone shipped that instead of the original thing. The 18 months of the original product were a bit of a long thing in the free software world, he said. He quoted someone saying “StarDivision a problem for every solution.”

He went on to rant about Contributor License Agreements and showed a graph of Fedora contributions which spiked off when they dropped the requirement of a CLA. The graph was impressive but really showed the number of active accounts in an unspecified system. He claimed that by now they have around the same magnitude of contributions as the kernel does and with set a new record with 3000 commits in February 2014. The dominating body of contributors is volunteers which is quite different when compared to the kernel. He talked about various aspects of the Document Foundation like the governance or the fact that they want to make it as easy to contribute to the project as possible.

The next talk was given on bcache by Oliver Neukum. Bcache is a disk cache which is probably primarily used to cache rotational disks with SSDs. He first talked about the principles of caching, like write-back, write-through, and write-around. That is, the cache is responsible for writing to the backing store, the cache places the data to be written in its buffer, or write to the backing storage, but not the cache, respectively. Subsequently, he explained how to actually use bcache. A demo given later revealed that it’s not fool proof and that you do need to get your commands straight in order to make it work properly. As to when to actually use Bcache, he explained that SSDs are cool as they are fast, but they are small and expensive. Fast, as he continued, can either mean throughput or latency. SSDs are good with regards to latency, but not necessarily with throughput. Other, probably similar options to Bcache are dm-cache, but it does not support safe writes. I guess that you cannot use it if you have the requirement of a write-through or write-around scenario. A different alternative is EnhanceIO, written originally by Facebook, which keeps hash structure of the data to be cached in RAM. Bcache, on the other hand, stores a b-tree on the SSD instead of in the RAM. It works on block devices, so anything goes. Tape drives, RAIDs, … It places a special superblock to indicate the partition is a bcache partition. A second block is created to indicate what the backing store is. Currently, the kernel does not auto detect these caches, hence making it work with the root filesystem is a bit tricky. He did a proper evaluation of the effects of the cache. So his statements were well founded which I liked a lot.

It was announced that the next year’s conference, oSC15, will be in The Hague, Netherlands. The city we had our GUADEC in, once. If you have some time in spring, probably in April, consider to go.

LinuxCon Brazil 2011

I was lucky to be invited to LinuxCon Brazil, taking place in *drumroll* Brazil! Sao Paulo to be precise. The conference centre was very spacious and the conference itself seemed to be much bigger than in Japan.

My talk on GNOME 3 (actually 3.2 and 3.x) was well received and I hope I was able to entertain a bunch of people and make some of them try the new GNOME. Fortunately, our friends from OpenSuSE just released their new version a couple of days ago and brought some machines and media to try it out. Needless to say that it features the latest and greatest GNOME release. We had a good discussion during the talk and I talked to many people after the talk. There was more interest that I expected. I was told that even Linus and Dirk Hohndel commented on it in the speaker’s room when I was not there.

I couldn’t really attend the other talks as I wanted because they were held in Portuguese :-\ There was translation but only for the foreign speakers not talking in Portuguese. So sadly I had to stick to talks that I either knew or didn’t interest me that much. But there were a couple of interesting ones, nonetheless πŸ™‚ My favourite was Jan Kiszka talking about “Developing Linux inside QEMU/KVM Virtual Machines” because I learned how to actually be able to pass data from my host system into my guest QEMU machine.

So the conference could have made more effort to actually indicate whether the talks were held in English or not. Other than that, it was a good conference which was held in a pretty good conference centre. As the other South American conference I attended a couple of weeks ago, it slipped behind schedule. But only for half an hour πŸ˜‰

It wasn’t all too easy to get to Brazil though. I had flight troubles in Amsterdam with KLM again. The security at the gate wanted to search my bag but I refused. I was told to either let them search the bag or wait for the supervisor. I chose to wait as I had quite a bit of newspaper left. Eventually one of the security guys called me out and told me to go out of the gate area to talk to the supervisor. We talked and came back to the gate where I was about to put my stuff into the xray machine. But then the guy came and told me that the flight attendant told him that I couldn’t fly. So I asked the woman directly whether I was denied boarding. She said yes because I caused a queue. I demanded a list of my rights because I was denied boarding and she sent me to the Transfer desk. Then she left… When I went to the transfer desk, I figured out that I was not referenced as being denied boarding but No-Show, i.e. I just wasn’t present. But that’s ridiculous as I sat in the gate except for three minutes when the supervisor called me out. For that reason, I wasn’t provided a list of my rights and the transfer agent wasn’t friendly at all. A second transfer agent managed to get me on the next flight though. I thought I’d like KLM, at least for them flying to South America not crossing the US. But I probably have to go with Iberia the next time.

I’m looking foward to come back to Brazil, either for GNOME Forum or for LinuxCon πŸ™‚

LinuxCon Japan 2011

Thanks to the Linux Foundation I was able to attend LinuxCon 2011 in Japan.

I used the opportunity to distribute GNOME 3 DVD Images and leaflets during my talk about GNOME 3 which was well enough received I’d say. While I collected a lot of experience approaching people and telling them about all the niceties that GNOME 3 offers over the last few month, I really had too little time to tell all the brilliant things about our new GNOME. Anyway, it was nice to be on the very same schedule as the very important Linux people like Greg KH, Linus or Lenny.

The conference itself was hosted in a very spacious building: The Pacifico in Yokohama. One could see that impressive building from our hotel room. Just nice. The conference was well organised and the provided amenities such as food and drinks were good enough. I was particularly impressed by the simultaneous translations that were done by two elderly men.

The talks were generally interesting, probably because I haven’t been to a kernel focused conference and I found it interesting to get new input. My favourites were the Kernel Developer Panel were one could pose question onto the Kernel people face to face and the talks about the social aspect of Kernel development.

Despite all the trouble in Japan, we had a very good time and in fact, there weren’t many indicators to the earthquake or the nuclear catastrophe. The most annoying inconveniences probably were the turned off elevators. Other than that, we didn’t really see any disrupted services or chaos or problems at all. Traveling in Japan is a real pleasure as the train system is gorgeous and the cities are very well mapped. You encounter a city map just about every other corner and it’s very detailed and helpful. Japanese people are extraordinarily friendly and although there is a language barrier, they try to understand and help you. The downside is, that Japan is quite expensive. Especially the train system, but also lodging and food. However, the quality is very good, so it’s probably worth the money.

I’m looking forward to attend the next LinuxCon, maybe even in Japan πŸ™‚

GNOME3 Release Parties

Oh, I almost forgot about the GNOME 3 Release Party that we had the other week. In fact, I had two times the pleasure of showing off GNOME 3 to the people. The first and official Release Party was held in the Attraktor. We even got mentioned by Heise. The second time was in my university during a self organised seminar.

On both occasions, I had to entertain a good bunch of people (around 15 and 30) and, well, it went at least alrightish, I’d say πŸ˜‰ The second time was a bit confusing, because my Laptop didn’t want to as perform well as I expected so a good bit of improvisation was needed. But it was great fun overall. The goodies, that were provided by the GNOME Foundation, were well received, esp. the T-Shirts.

I showed off the really brilliantly done videos that Jason produced. We demoed and discussed those features and discovered even more stuff on the way. I haven’t really worked much with GNOME3, esp. GNOME Shell before and it’s kinda awkward in the beginning, but I got used to it very quickly. I really like much of it now.

Thanks to the Attraktor for having hosted us. And thanks to the attendees for the nice discussions. I’m looking forward to do some more GNOME3 presentations at coming LinuxTag and other occasions.

Happy GNOME3 everybody!

I am GNOME

GNOME 3 Launch Party in Hamburg

For the new GNOME-3 love we will have a release party in Hamburg, just as many places over Germany and the whole world!

If you want to join the fun, be in the Attraktor, the local hackerspace. The address is Mexikoring 21, 22999 Hamburg, Germany, Europe, Earth, Solarsystem. Find more detailed instruction on how to get there here. The party starts on Friday, 2011-04-08, at 18:00 and runs open end.

We have a page in the local wiki to describe the event and further planning will take place there: http://wiki.attraktor.org/Termin:GNOME-3-Launch-Party. As for the program: We intend to have a small introductory talk to show off what new user experience GNOME-3 will bring to the people. Afterwards, we will distribute GNOME-3 images to be put on pendrives to be able try GNOME-3. Finally, we’ll sit around, have some beers and snacks and discuss about the new and shiny GNOME πŸ™‚

Besides the GNOME-3 images, we’ll have GNOME-3 goodies to give away! Thanks a lot to the GNOME Foundation making that possible! So show up early to claim your goodies!

So I expect you to be there πŸ™‚

GNOME @ FOSDEM 2011

I am very excited about having attended this years FOSDEM. Unfortunately, times were a bit busy so I am a bit late reporting about it, but I still want to state a couple of things.

I'm going to FOSDEM, the Free and Open Source Software Developers' European Meeting (I wonder how that image will look in 2012 πŸ˜‰ )

First of all, I am very happy that our GNOME booth went very well. Thanks to Frederic Peters and Frederic Crozat for manning to booth almost all the time. I tried to organise everything remotely and I’d say I partly succeeded. We got stickers, t-shirts and staff for the booth. We lacked presentation material and instructions for the booth though. But it still worked out quite well. For the next time, I’d try to be communicate more clearly who is doing what to prevent duplicate work and ensure that people know who is responsible for what.

Secondly, I’d like to thank Canonical for their generosity to sponsor a GNOME Event Box. After the orginal one went missing, Canocical put stuff like a PC, a projector, a monitor and lots of other stuff together for us to be able to show off GNOME-3. The old Box, however, turns out to be back again *yay*!

Sadly, we will not represent GNOME at upcoming CeBIT. But we will at LinuxTag. Latest.

Anyway, during FOSDEM, we got a lot of questions about GNOME 3 and Ubuntu, i.e. will it be easily possible to run GNOME 3 on Ubuntu. I hope we can make it possible to have a smooth transition from Unity to GNOME Shell. Interestingly enough, there isn’t a gnome-shell package in the official natty repositories yet πŸ™

It was especially nice to see and talk to old GNOME farts. And I enjoyed socialising with all the other GNOME and non-GNOME people as well. Sadly, I didn’t like the GNOME Beer Event very much because it was very hot in the bar so I left very quickly.

So FOSDEM was a success for GNOME I’d say. Let’s hope that future events will work at least as well and that we’ll have a strong GNOME representation even after the GNOME 3 release.

Creative Commons Attribution-ShareAlike 3.0 Unported
This work by Muelli is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported.