We are very pleased to announce Michael Meeks as our keynote speaker for the Saturday opening session at oSC14, held in Dubrovnik April 25th – 28th, 2014. Besides Michael Meeks, the openSUSE board will talk, opening the event on Friday and over 20 of the 60 currently submitted talks have already been accepted. Last but not least, we’d like to tell you that the deadline for the Call for Papers has been extended until the end of this month. Read the rest of this entry »
Minutes from the last Face to Face Board meeting
The oSC14 Program Committee is ready to accept your proposals!
GSoC 2014: First Steps
openSUSE is part of yet another Google Summer of Code. After a rocking ride in last year’s edition, our Geeko’s are gearing up for another awesome program. This year promises to be more special, as Google is celebrating its 10th anniversary of the program.
About the Program:
Google Summer of Code (commonly called as GSoC) is an annual program conducted by Google which pays students code to write code for open source organizations. It is one of the most best ways for organizations such as openSUSE to get some quality work done, and gain long term contributors. In the last edition, we had 10 students complete their projects and gain recognition within the community.
openSUSE and GSoC:
Last year, we collaborated with ownCloud, Balabit(makers of syslog-ng) and Hedgewars under a common umbrella. It worked very well for all of us. This year, we are collaborating with ownCloud, Zorp(a Gateway technology by Balabit) and the MATE desktop along with the bucket load of awesome projects from openSUSE itself. Our mentors are quite enthusiastic, and recognize the role played by GSoC in moving the community forward.
If you are a student who wants to participate under openSUSE, and ‘have a lot of fun’, do check out our ideas page and guidelines. As always, the key is to start early and to interact with mentors and the community at large. Fixing bugs and working on Proof of Concepts is a good way to start.
Student application period opens on 10th March, and continues till March 21.
You can find out all about our GSoC programme on the wiki or contact the GSoC team for further questions
You can reach the community at our Mailing List and on #opensuse-project on IRC (Freenode).
This article has been contributed by Saurabh Sood
The openSUSE Board has pleasure to announce the minutes from Face to Face Board meeting that happened in February 7th to 9th, 2014 in Nuremberg.
Please read carefully and see how it was productive.
Thanks to SUSE for hosting the meeting and thanks to those meeting with the board over the weekend for taking the time.
We have also reach agreement to re-instate the reimbursement of locally produced materials. We’ll create some guidelines and a new team needs to be formed. We hope that with some modification to the TSP app both reimbursement streams can be handled in a similar way.
We all feel we got a lot of stuff sorted out and ready to roll. As always if you have questions or concerns please feel free to send a message to board at o.o
Another good reference can be find here http://andrew.wafaa.eu/2014/02/19/opensuse-board-in-the-flesh.html
Have a great week!
The openSUSE Board
The openSUSE Conference 2014 will happen in Dubrovnic, Croatia. The TSP goal is to help everybody in and around openSUSE to be able to come to the openSUSE Conference! You don’t have to be one of the top 10 packagers to apply – if you’re translating, building a local community or helping out at the forums, we might still be able to offer you some support, so apply!
When and how
The application period started February 20th and closes on February 28th. All requests will be managed through our application at http://connect.opensuse.org/travel-support.
You will need an openSUSE Connect account in order to log in and apply for sponsorship.
A few reminders
- Please, read the Travel Support wiki page http://en.opensuse.org/
before you apply. We want everybody to be there! Even if you think you would not qualify for travel support, just submit a request! If you don’t ask we can’t help you!
- The Travel Committee can reimburse up to 80% of travel and/or lodging costs. That includes plane ticket, train or bus tickets, even car gas on some occasions, and/or hotel/hostel costs.
Remember: Food and all local expenses are on you!
- The Travel Team won’t be able to book or pay anything in advance, reimbursement comes after the event is over, based on your receipts expenses. Again: no receipts = no money – it’s the rule!
- Those sponsored by the Travel Support Team will be welcomed to write a blog or report about the event.
- The TSP expects the sponsored to be available for helping with tasks at the Conference. Please, in any way step in.
- Sponsorship decisions are influenced by the openSUSE history of the requester. Your involvement with openSUSE is really relevant!
- Having an abstract submitted for presentation at the conference is relevant. Note that the CfP ends on February 28th so there is
still time https://conference.opensuse.
- If you got support before and complied with all the requirements, this gets you bonus points too.
- The amount requested must be detailed according to your request, like the airport you will be departing from, sharing hotel/hostel rooms, all the costs associated with your trip.
Our goal is to support as many people as possible. We will attempt to send the approvals before March 5th, 2014 then you can start to book.
Remember, the request can not garantee you’ll be sponsored.
The conference is getting close and the deadline for travel support is tight so start searching for flights right now! Set up your openSUSE Connect account and send in a request as soon as possible!
Hope to see you there!
Your Travel Support Team
“The early bird gets the worm” That was the theme of our awakening at 5AM this morning. We arose to 22 notifications of retweets by new followers we made at the conference. We started a campaign today to acquire new followers by including a simple note with our Twitter handle @SoCalSUSE with our install discs. After a quick setup, the team started pitching openSUSE to a vast number of attendees roaming the show floor. We demoed “What does the chameleon say?” http://www.youtube.com/watch?v=VNkDJk5_9eU . Our mascot, Romy Meyerson dressed as the chameleon and explored the convention while giving out stickers and yo-yos as well as the newest release in exchange for hugs.
Back at the booth, undressing efforts and distribution of the install discs were very successful. A handful of the team attended a few talks and enjoyed the lectures. Ron Collins, Zeak Dreger, Andrew Heintz, and Chris Adams attended “Magical System Admin Incantations For New Freedom Fighters” by George Robinson. When asked about the class Zeak Dreger said, “I really liked learning the old way of doing things and how it relates the new way of doing things when it comes to the basic command line.” Daniel Hodges attended “Raspberry Pi Hacks” by Ruth Suehle. When asked about the talk he said, “What made me have to come to this class is the tag line in the description what hack upgraded a girlfriend wife. Turns out the hack was a functional R2D2 powered by Raspberry Pi. I want. I want. I want.” Drew Adams attended Automated deployment Django Docker and Salt by Roberto Aguilar. “It was good given the short amount of time we had.”
At the end of the night, Tony Su did a fantastic job organizing a last minute openSUSE BoF talk. The day went exceptionally well on all fronts. Tomorrow should be an exciting conclusion to SCaLE 12x 2014. Don’t forget our raffle for the Raspberry pi is being held at 3pm on Sunday afternoon.
This article written by Ezekiel Dreger and Ron Collins
Following the recent participation by our team at FOSDEM we would also like to continue in the tradition of showing our team’s outreach to different audiences. Over the past couple of years we have also asked a small part of our team to participate in the popular SCALE (Souther California Linux Expo) taking place on Feb. 21-23, 2014, at the Hilton Los Angeles Airport hotel. SCALE is the first Linux event in the US every year, therefore, they feature over 100 exhibitors and the attendance to the event is quite high. For this reason we will be reporting on each day at the conference.
Our openSUSE team decided to pack bags early on and set up the openSUSE Booth for this year. Just so they can also represent their own local community they also created a banner with a special Southern California twist.
We arrived at 9am and did not leave until nearly 11:00pm! Our rather large team of 9 and counting led by Drew Adams., Daniel Hodges, and Roger Luedecke had a blast bonding and working together as a team to set up the booth. We began with a team meeting to discuss how we want to do things and to delegate tasks. Each person has a job to do and each one is passionate about the responsibility they hold. The KDE team has been coordinating with Drew for the last few weeks and we agreed to combine forces and loan some of our man power and enthusiasm to their booth which is next door to ours. So not only are we participating in representation of openSUSE but now we have a beloved KDE team also join us.
To make things more interesting and draw a bigger crowd we will be raffling off the following prizes:
- Grand Prize: Complete Rasberry Pi Starter kit, openSUSE Shirt, openSUSE Aluminum Drinking Vessel, and a copy of the book, “SUSE Linux Toolbox” (My goodness! If I wasn’t part of the booth I would have put my own name down.)
- 2nd – 5th place: copy of “SUSE Linux Toolbox”, openSUSE Aluminum Drinking Vessel, and openSUSE Shirt (Sizes: S – XXL while supplies lasts)
And to also raise some funds for the team and local communities we will be selling the following:
- Aluminum Drinking Vessel
The big drawing will be held on Sunday at 3:00pm (15:00) and the winner announced on Twitter @SoCalSUSE (winner does not have to be present to claim prizes. We will ship within the U.S.)
Andrew Heintz attended the LPI cram exam course which is a prep course for the LPI exam that will be administered on Sunday. The course was 4 hours long and according to Andrew, “It was a good primer for the test, and got us prepared for what the test is going to be like.”
To catch everyone’s eyes to our booth we will be posing shirtless on a cube… Just kidding… We will just set up demos of the following:
- Gaming capabilities and Steam
- Open Build Service
- openSUSE 13.1 Install
- SUSE Studio
- SUSE Cloud presented by Peter Lennell, Sales Engineer for m SUSE
And for your viewing pleasure some pics for you!
Article by Zeak Dreger
[Update]: the problem seems to be a broken hard disk – and a hardware controller who can not really handle this degraded RAID array. For the moment, everything is up and running again, but we are now actively searching for replacement hardware…
Looks like the hardware behind rsync.opensuse.org now finally reaches it “end of life” status: we did not see any output on the serial console any more and even a power cycle did not reanimate the system.
As the hardware is located in the data center of our sponsor IP Exchange, we apologize for the delay it will take to fix the problem: we just need a field worker at the location who has the appropriate permissions and skills.
During the downtime (and maybe also a good tip afterward), please check on http://mirrors.opensuse.org/ for the closest mirror nearby your location that also offers rsync for you.
Starting today, the oSC14 Program Committee is ready to accept your proposals for sessions!We’re also ready to register visitors interested in joining us. Your talk and workshop submissions should be fit in one of the four main tracks: end users, business, community and project, technology and development.
You can submit your abstracts in our conference submission tool. The submission period begins today, 29 January, and closes 28 February. Note that we will start accepting talks before the deadline.
First acceptance emails will be sent 14th February, allowing you to start planning your trip already. And –of course– First come, first served! So, be in time!
The four tracks
The openSUSE conference traditionally has a theme. This year, the theme is: “The Strength to Change“.
Change has been a constant in Free Software. With the rise of mobile devices and the associated operating systems like Android and Chromebooks, we have to adopt as a project. We discussed strategy again on our mailing lists and by the time of the conference, we can hopefully all talk together and come to some conclusions. Change is never easy, but it is important!
Session proposals that connect in a meaningful way with change and strength would be appreciated!
End user track (Geeko Enthusiast):
The user track provides the opportunity for the power users of any application to share their knowledge and share tricks they apply to get the most out of the applications they use. Know of a non-obvious but very useful feature, present it’s usage to fellow Geekos and users in this track. Topics include, but not limited to, applications, desktop environments, multimedia solutions and games.
Business track (Geeko for suits):
The business track provides the opportunity for those that use openSUSE and/or FOSS in their business to describe the unique challenges they face. This includes, but not limited to, issues and solutions of interfacing with regulatory institutions, other business, staff training, and changing technology course.
Community and Project (Geekos around the world):
Sessions in this area should focus on project and community activities,
including, but not limited to, project governance, marketing, artwork and advocate reports. In many cases, this sessions bring a strong sense of unity to the project as a whole as we discuss some of the unique challenges that an Open Source Community confronts. If you have ideas that can help a community be stronger, join this track.
Technology & Development (Geeko tech):
Sessions in this area should focus on system technology and distribution development. Including, but not limited to, software packaging, development/testing/debugging tools/practices/methods. Infrastructure
software, deployment strategies and monitoring. These sessions will help a few of our members gain understanding of the many tools they can use when working in development for the distribution and other exciting projects.
We will have four types of sessions:
- Short talk (30 min)
- Long Talk (60 min)
- Lightning Talk (15 min)
- Workshop (2 – 4 hours)
You can send in proposals until February 28 but the sooner the better as we will start accepting submissions on February 14.
Registration for oSC14
In other great news: registration has opened! That means you can now visit the conference site and register yourself for oSC14.
As we reported last week, our public forums have been compromised and defaced. Passwords were safe but the cracker did manage to get access to the database with our forum posts as well as email addresses. Read on to find out what happened, what we did to prevent further damage and what we’re going to do in the future.
openSUSE has used vBullentin forum software for a very long time. While we haven’t always been happy with it, the issues never prompted us to put in the (substantial!) time and effort required to move to another solution.
On January 7, 2014, we received word from The Hacker News that our public forums were compromised and defaced by a cracker exploiting a zero day flaw in the underlying vBulletin forum software (vBulletin 4.2.1). A Pakistani cracker has claimed responsibility. According to The Hacker News, the cracker confirmed that he/she uploaded a PHP shell to the openSUSE Forum server using a private vBulletin’s zero-day exploit, that allows him/her to browse, read or overwrite any file on the Forum server without root privileges.
The cracker claimed he had accessed almost 80.000 openSUSE Forum users’ passwords. However, openSUSE uses a Single Sign-on system (Access Manager from NetIQ) and the ‘passwords’ the hacker obtained were random strings. The cracker did however get access to the forum database which also contains the email addresses of our users.
As Matthew Ehle told infoworld.com, the openSUSE admin team believes the crackers’ claim that a zero-day exploit was used. The openSUSE Forums were one patch behind the current release but the change/release log of the latest patch does not indicate it would have prevented this attack.
Because the vulnerability in vBullentin did not have a fix available, we took our forums offline and started looking for a solution.
As Matthew said, “VBulletin provides some highly functional software, which is of course why it is so popular”. But last summer, the same attacker also breached the openSUSE vBullentin software and Matthew has had “a number of concerns about the architecture and security” of vBullentin for a while. We are therefor going to look for an alternative.
In the mean time, of course, we will update the vBullentin software with the latest patch. But even small patches have been known to cause issues with themes, plugins and other things, so this will take time. vBulletin v4 is still supported so there’s no real reason to move to v5 soon.
Protecting the current set-up
But there are ways to protect the server even when we don’t trust some of the software on it. Since the attack in the summer, our sysadmins have locked down the file system and the folder used in the attack has now also been made read-only.
Thanks to this locking, the hacker was only was able to read and overwrite some of the files on the forums server without root privileges. We were using “paranoid” file permissions, which greatly restricted his access on the server and did not allow him to escalate privileges and take over the system. This unlike some recent high-profile vBullentin breaches which compromised the entire operating system.
Kim Groneman, taking care of our forums, noted: “Though we will probably never know exactly how the cracker was able to put a script file in our system, with the file system locked down, here’s a good probability that it can’t happen again. Also, because we use Access Manager, there never was any danger of the cracker gaining access to user passwords. They are and always have been secure.”
Based on that, the team felt confident that the forums could be put back online.
The openSUSE sysadmins have the use of Apparmor or SELinux in their public policy. This is enforced on all new services, but the old ones (including the forums) have not all yet been updated. Obviously, priorities have been re-shuffled in this regard.
But in the long run, working around the security problems of proprietary software is not the ideal solution. The team is thus looking at other solutions. bbPress and PHPbb are on the top of the list and people experienced with these solutions (and especially migrating to them from vBullentin) would be very welcome. Another piece of work needed is to move the NNTP gateway script to whatever the new solution will be – a PHP developer could be a great help. The team is working on a list of features that are required (and nice to have) and suggestions for other solutions can be ran by this.