Home Home > Announcements
Sign up | Login

Archive for the ‘Announcements’ Category

openSUSE Forums – back on-line

January 16th, 2014 by

OWN-oxygen-openSUSE-ForumsAs we reported last week, our public forums have been compromised and defaced. Passwords were safe but the cracker did manage to get access to the database with our forum posts as well as email addresses. Read on to find out what happened, what we did to prevent further damage and what we’re going to do in the future.

vBulletin hacked

openSUSE has used vBullentin forum software for a very long time. While we haven’t always been happy with it, the issues never prompted us to put in the (substantial!) time and effort required to move to another solution.

On January 7, 2014, we received word from The Hacker News that our public forums were compromised and defaced by a cracker exploiting a zero day flaw in the underlying vBulletin forum software (vBulletin 4.2.1). A Pakistani cracker has claimed responsibility. According to The Hacker News, the cracker confirmed that he/she uploaded a PHP shell to the openSUSE Forum server using a private vBulletin’s zero-day exploit, that allows him/her to browse, read or overwrite any file on the Forum server without root privileges.

Damage?

The cracker claimed he had accessed almost 80.000 openSUSE Forum users’ passwords. However, openSUSE uses a Single Sign-on system (Access Manager from NetIQ) and the ‘passwords’ the hacker obtained were random strings. The cracker did however get access to the forum database which also contains the email addresses of our users.

Forums down

As Matthew Ehle told infoworld.com, the openSUSE admin team believes the crackers’ claim that a zero-day exploit was used. The openSUSE Forums were one patch behind the current release but the change/release log of the latest patch does not indicate it would have prevented this attack.

Because the vulnerability in vBullentin did not have a fix available, we took our forums offline and started looking for a solution.

The forums are back!

The forums are back!

What now

As Matthew said, “VBulletin provides some highly functional software, which is of course why it is so popular”. But last summer, the same attacker also breached the openSUSE vBullentin software and Matthew has had “a number of concerns about the architecture and security” of vBullentin for a while. We are therefor going to look for an alternative.

In the mean time, of course, we will update the vBullentin software with the latest patch. But even small patches have been known to cause issues with themes, plugins and other things, so this will take time. vBulletin v4 is still supported so there’s no real reason to move to v5 soon.

Protecting the current set-up

But there are ways to protect the server even when we don’t trust some of the software on it. Since the attack in the summer, our sysadmins have locked down the file system and the folder used in the attack has now also been made read-only.

Thanks to this locking, the hacker was only was able to read and overwrite some of the files on the forums server without root privileges. We were using “paranoid” file permissions, which greatly restricted his access on the server and did not allow him to escalate privileges and take over the system. This unlike some recent high-profile vBullentin breaches which compromised the entire operating system.

Back online

Kim Groneman, taking care of our forums, noted: “Though we will probably never know exactly how the cracker was able to put a script file in our system, with the file system locked down, here’s a good probability that it can’t happen again. Also, because we use Access Manager, there never was any danger of the cracker gaining access to user passwords. They are and always have been secure.”

Based on that, the team felt confident that the forums could be put back online.

Future

The openSUSE sysadmins have the use of Apparmor or SELinux in their public policy. This is enforced on all new services, but the old ones (including the forums) have not all yet been updated. Obviously, priorities have been re-shuffled in this regard.

But in the long run, working around the security problems of proprietary software is not the ideal solution. The team is thus looking at other solutions. bbPress and PHPbb are on the top of the list and people experienced with these solutions (and especially migrating to them from vBullentin) would be very welcome. Another piece of work needed is to move the NNTP gateway script to whatever the new solution will be – a PHP developer could be a great help. The team is working on a list of features that are required (and nice to have) and suggestions for other solutions can be ran by this.

openSUSE Conference 2014 Takes Place April 24th – 28th in Dubrovnik, Croatia

January 9th, 2014 by

Logo_Final
As announced at the openSUSE Conference 2013, this years openSUSE conference will take place in Dubrovnik, Croatia. This beautiful city will welcome us Geekos from the 24th to the 28th of April. The team has been hard at work to prepare things and below they start by giving you a taste of the city, the venue and themselves!

The openSUSE Conference

The openSUSE Conference is the annual gathering of the openSUSE Community and other Free and Open Source contributors and enthusiasts. This year will be the 6th event where the talks, workshops and discussions provide the framework to exchange knowledge, collaborate and create lasting connections and incredible memories. Last year our event took place in Greece – read reports on day one, day two and day three. Before we’ve had a smashing time in Prague and in a old factory hall in Nüremberg.

The theme this year

The openSUSE conference traditionally has a theme. This year, the theme is: “The Strength to Change“.

Change has been a constant in Free Software. With the rise of mobile devices and the associated operating systems like Android and Chromebooks, we have to adopt as a project. We discussed strategy again on our mailing lists and by the time of the conference, we can hopefully all talk together and come to some conclusions. Change is never easy, but it is important!

Subjects and conference schedule

Like always, we will cover a wide range of subjects at the event. This year, there will be the following tracks:

  • End user track
  • Business track
  • Community and Project
  • Technology & Development

More details are coming in the Call for Papers on the 20th of January, with proposals starting to get accepted February 14. The submission period will end on February 28.
CC by trishhartmann on flickr

Croatia and Dubrovnik

Republic of Croatia is a unitary democratic parliamentary republic at the crossroads of Central Europe, Balkans, and the Mediterranean. It joined the EU on 1st of July 2013, and it is best known for it’s sunny beaches, islands and warm adriatic sea as it is a summer vacation destination for many Europeans.

Dubrovnik is the southernmost city in Croatia, a gorgeous former city state which joined the UNESCO list of World Heritage Sites in 1979. The prosperity of the city of Dubrovnik was historically based on maritime trade. As the capital of the Republic of Ragusa, a maritime republic, the city achieved a high level of development, particularly during the 15th and 16th centuries. Dubrovnik became notable for its wealth and skilled diplomacy. The Republic was an early adopter of what are now regarded as modern laws and institutions and Dubrovnik became a cradle of Croatian literature. The city successfully balanced its sovereignty between the interests of Venice and the Ottoman Empire for centuries.

(Gorgeous picture on the right Creative Commons photo from Trishhartmann)

Local Community

The openSUSE conference proposal came from a team from the Croatian Association for Open Systems and Internet (HrOpen) and the Croatian Linux Users’ Association (HULK). The team has support from the UNIDU (which is where the event will take place) and is also backed by the Faculty of Electrical Engineering and Computing of University of Zagreb.

The leadership of the core team:

  • Svebor Prstačić, president of HrOpen
  • Tomo Sjekavica, assistant professor at UNIDU
  • Ivan Guštin, president of HULK
  • Darko Grabar, vice president of HrOpen

SVEUCILISTE - OTVARANJE CAMPUSA, 07.05.2012. BY ZT - (2)

The conference venue

The conference venue is provided by the University of Dubrovnik, (UNIDU). The University of Dubrovnik is the ‘youngest‘ university in Croatia. It was established in 2003 on the foundations of a very long tradition which goes back to the 17th century, but also on decades of modern higher education. In terms of program, organization and technical equipment, the University of Dubrovnik stands among the most modern of educational institutions.

The venue, called the New Campus, is situated just 5 minutes walk from the Dubrovnik old town, and is in walking distance of many hotels and private apartments that offer affordable accommodation deals. It was originally built as a hospital, then renewed and repurposed for the University in 2012. From the outside it displays the soul of Dubrovnik, but from the inside it is a very sleek and modern design.

Find it on Google Maps here and see some more pictures here.

If you want to get to know the university in advance of joining us, check out this great walk-around video on youtube!

(Pictures provided by the university)

What’s next

Next up is setting up the conference website and opening the Call for Papers and registration. This is all planned to take place later this month – keep an eye on this site! We will let you know when conference.opensuse.org is updated. You can already join our visitors’ mailing list (subscribe).

Want to help with oSC14?

Awesome! Please join our team mailing list (subscribe)and our regular IRC meetings. We can use every helping hand to work the program, the promotion and the local organization. Tasks range from keeping our news outlets up to date over designing artwork to lay cables at the venue. There is so much to do, we need you!

Article written by Svebor and the openSUSE conference team

openSUSE forums defaced, user emails leaked

January 7th, 2014 by

Testing-Group-Logo As hackernews.com noted, the public openSUSE forums have been compromised and defaced. A cracker managed to exploit a vulnerability in the forum software which made it possible to upload files and gave access to the forum database.

Passwords: Safe! Emails: Not so much :-/

Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.

However, some user data is stored in the local database for convenience, in the case of the forum the user email addresses. Those the hackers had access too and we’re very sorry for this data leak!

And now?

As the exploit is in the forum software we use and there are no known fixes or workarounds we have decided to take the forums offline for now, until we have found a solution. Stay tuned for updates here, on twitter, facebook or g+.

The openSUSE Travel Support Team wishes you a Happy New Year!

January 1st, 2014 by

Great News!!!

For almost 2 years Izabel Valverde and Kostas Koudaras run the Travel Support Program Team with the openSUSE Board & SUSE support.

After a great job done into TSP, Kostas is now member of the openSUSE Board so we have have 2 new members on TSP filling his spot and giving us an extra help. At the dawn of the new year we are pleased to announce the current openSUSE Travel Support Team: Efstathios Iosifidis a.k.a Diamond_gr, Izabel Valverde and Marcel Kühlhorn a.k.a. Tux93.

The new TSP Team wishes to Kostas good luck on his new journey and is thankful for all the work done.

Happy 2014 to everyone in the openSUSE Project!

Your TSP Team

Announcing openSUSE Education Li-f-e 13.1

December 18th, 2013 by

Get Li-f-e from here : Direct Download | Torrents | Metalinks | md5sum

openSUSE Education community is proud to bring you an early Christmas and New Year’s present: openSUSE Education Li-f-e. It is based on the recently released openSUSE 13.1 with all the official online updates applied.

We have put together a nice set of tools for everyone including teachers, students, parents and IT administrators. It covers quite a lot of territory: from chemistry, mathematics to astronomy and Geography. Whether you are into software development or just someone looking for Linux distribution that comes with everything working out of the box, your search ends here. (more…)

Reminder: Vote for the openSUSE Board!

December 14th, 2013 by

GeekoVote
It is december 14, dear Geekos! That means that tomorrow, December 15, the official deadline for voting for the openSUSE Board Elections ends! That’s right, you have only about 24 hours to cast your vote.

Elections

As we explained in the earlier announcement, there are 4 seats up this year and all openSUSE Members are eligible to vote. This year, the candidates are:

You can find each candidate’s Election Platform on the last link. Candidates marked with a (*) are SUSE employees.

Once you’ve done your democratic duty and decided who to vote for, click here to cast your vote! Note that you have to be logged in with your usual openSUSE credentials to see this page and cast your vote.

 

Be a part of it!

openSUSE 13.1: Ready For Action!

November 19th, 2013 by

Dear contributors, friends and fans: The release is here! Eight months of planning, packaging, adding features, fixing issues, testing and fixing more issues has brought you the best that Free and Open Source has to offer, with our Green touch: Stable and Awesome.The geeko has landed

(In other languages: cs de es fr it ja nl ru zh zh-tw)

This release did benefit from the improvements to our testing infrastructure and much attention for bug fixing. While a combination of over 6000 packages supporting 5 architectures can never be perfect, we’re proud to say this really does represent the best Free Software has to offer! The latest desktops (five of them!), server and cloud technologies, software development tools and everything in between are included as well as a number of exciting, new technologies for you to play with. Enjoy!

openSUSE 13.1 is:

Stabilized
Much effort was put in testing openSUSE 13.1, with improvements to our automated openQA testing tool, a global bug fixing hackathon and more. The btrfs file system has received a serious workout and while not default, is considered stable for everyday usage. This release has been selected for Evergreen maintenance extending its life cycle to 3 years.

 

Networked
This release introduces the latest OpenStack Havana with almost 400 new features. Web server admins will appreciate the latest Apache, MySQL and MariaDB updates. Web developers benefit from an updated Ruby 2.0 on Rails 4 with improvements from core classes to better caching in the Rails framework and the latest php 5.4.2 comes with a build-in testing server. End users can now mount Amazon s3 buckets as local file system and use much improved Samba 4.1 with better windows domains support.

 

Evolved
openSUSE moves forward with AArch64, making openSUSE ready for development on the upcoming generation of 64bit ARM devices. 32bit ARM support has been heavily improved and a special Raspberry Pi build for openSUSE is available. This release also delivers GCC 4.8 with new error reporting abilities, the latest glibc supporting AArch64, C11 and Intel TSX Lock Elision, the new SDL2 and Qt 5.1, bringing QML and C++11 features to developers..

 

Polished
openSUSE 13.1 comes with much improved font hinting thanks to the new font engine in Freetype 2.5. YaST has been ported to Ruby, opening contribution up to a large number of skilled developers. In this release, ActiveDoc replaces doc.opensuse.org and the majority of packaged documents in openSUSE, lowering the barrier to contribution.

 

Faster
New is accelerated video with VDPAU support in MESA and an optimized version of glibc for 32bit systems. Linux 3.11 includes work on ‘page reclaim’, maintaining performance during disk operations.

 

Feature-full
Desktop users will appreciate the Android devices integration in the KDE file manager, in the shell and in music player Amarok. Artists have to try out the new Krita improvements with textured painting, greyscale masks & selections and more. GNOME Shell introduces a redesign of the system status bar and Header Bars in many applications, making better use of screen space. Enlightenment now also has an openSUSE theme.

 

Innovative
This release comes with a number of experimental technologies to try out. This includes preliminary Wayland support with Weston compositor in GNOME Shell and KDE Plasma Desktop as well as improved support for Ultra high-resolution in applications and shells. New is also the LightDM KDE greeter and a plasma NetworkManagement applet for testing.

“We’re proud of this release and of all those who worked on it. With a steady increase in contributors there was a lot of hard work put in by so many people from around the globe. Without all these contributors, initiatives like support for ARM would not be possible and we’re very thankful for their input.”

– said openSUSE Board member Andrew Wafaa.
(more…)

Sneak Peek openSUSE 13.1: Geeko Tips

November 13th, 2013 by

WinterIsComingFinalWelcome to our fourth Sneak Peek for openSUSE 13.1! The release is getting very close and you’ve already learned about all the awesome new Cloud features, the new YaST and what our new GNOME and KDE fans will get. Today, we feature a much requested article: some in-depth Geeko Tips!

Tips?

Last release, we featured a set of geeko tips for new users. If you come from Fedora, Gentoo or Ubuntu, that’s the article to read. It not only explains what all that green is about but also gives openSUSE equivalents of your familiar terminal commands and introduces you to YaST, getting software on openSUSE and more. Talking about software, we featured some interesting tips in that area with in this article about getting the latest fresh software from the Open Build Service. Finally, find some more tips and information on using the repositories on OBS and One-Click-Install in this blog post.
OWN-oxygen-Tips-and-Tricks

Going advanced

In this article, we’re going a step deeper, bringing you some more tips and tricks we got from the openSUSE community.

zypper

We got many zypper tips. Lots is already in the article for new geekos but we have some ‘deeper’ tips here.
Some useful commands:

  • rpmqpack – lists currently installed packages (without version)
  • rpm -qa –qf ‘%{name}-%{version}-%{release}.%{arch}\n’ – lists currently installed packages (with full version and architecture)
  • rpm -q –qf “%{DISTURL}\n” PACKAGE – gives you an OBS URL to the exact sources for the package PACKAGE. You can, for instance, check them out with osc co DISTURL
  • awk -F\| ‘$6 && $2 == “install” {print $3}’ /var/log/zypp/history – list all packages explicitly installed
  • zypper sh – runs zypper shell, no need to type zypper for each command
  • zypper -v dup -D – simulate(Dry run) an upgrade on all active repositories
  • zypper moo – makes debian users feel at home
The Geekos in Greece!

The Geekos in Greece!

journald

journald is replacing the old logging technologies in openSUSE (at least for most common cases). The two most important commands you need to know:

  • journalctl – the old “cat /var/log/messages”
  • journalctl -f – the old “tail -f /var/log/messages”

Network installation

Network install is native to openSUSE. Just use the dvd as source to install from network. This tool can help a lot for network deployments (or VMs): openSUSE-ipxe on github.

etc-update

New in this release is a Gentoo tool ported to openSUSE: etc-update. This tool goes through your configuration in /etc and merges new configuration files with your own modifications automatically or presents you the differences and lets you merge the changes.
etc-update is used to merge config files in non-intrusive cli way. It goes file by file in etc, where you can show unified diff and merge the changes as whole or interactively. It can merge trivial changes by itself “-p” preen option, or you can also set the default action to take on all files “automerge, discard, …”. Basically you just run “etc-update” and then press numbers on what action you want to take :)

Easy OBS

A major technology in openSUSE is the Open Build Service or OBS. We’ve got it running on build.opensuse.org where it servers tens of thousands of packagers building hundreds of thousands of packages for one or more of the 15+ different distributions on 8+ architectures. And this can be massively useful – to you! Information on using the repositories on OBS and One-Click-Install in this blog post, but here we’ll focus on how to use OBS to BUILD packages. A simple and graphical tutorial for re-building a package for a different openSUSE version can be found here.

For you command line aficionados interested in more deep changes, here’s the nitty gritty way of customizing/updating or rebuilding packages (we call this process BURPing). If you haven’t set the OBS tool up yet, find a how-to of your first steps with osc here.

geekos!Branch
osc bco /
Update
cd home::branches:/
Change it, fix it, break it
Test your changes with

osc build
Commit your changes to OBS with
osc ci
Request a submit of your changes
osc sr
to the Package

Fixing a package in a released openSUSE distribution and releasing it as maintenance update is as easy as that.
Branch
osc branch -M -c openSUSE:12.3
Update
cd home::branches:openSUSE:12.3:Update/
Change it, fix it, break it
Test your changes with

osc build
Commit your changes to OBS with
osc ci
Request a submit of your changes
osc mr
to the Package

And done! Yes, it really is that easy to contribute to openSUSE and make the distro better for yourself <em>and</em> everybody else.

That’s it for now

We’re out of tips for now, but if you’ve got any – please share them below! We can use them in the next article with Geeko Tips…

Have a lot of fun!

openSUSE 13.1 RC2 Hits the Web, Last Chance for Testing

October 31st, 2013 by

RC2 is coming
The openSUSE 13.1 release is getting very close – just a little over two weeks, according to the Roadmap. Today, Release Candidate 2 is available on software.opensuse.org. Grab one of the images and help us test!

What’s new

The changes in this update are not very big or ground shaking. This is a sign of openSUSE 13.1 maturing quickly: we focused on bug fixing. Obviously, the bugfixing hackathon helped a lot. Below is a limited list of changes (omitting most bug fixes):

  • systemd was updated to version 208
  • Shim should now work which means the secure boot is possible
  • Plasma-nm no longer replaces the knetworkmanager
  • Calibre is now fully operational
  • kernel was updated with more fixes and one speedy improvement everyone could read about on phoronix (the radeon/nouveau timer improvements)
  • In the area of virtualization the xen and libvirt packages were updated
  • A lot of migration issues were fixed so zypper dup from older release will go smoother
  • Apper should no longer choke on multiple license agreements
  • YaST parts were updated fixing bunch of installer bugs
  • XFCE can now properly suspend
  • e17 artwork was openSUSEfied (yay!)
  • Akonadi should better handle PostgreSQL as backend
  • Our vlc version was updated to 2.1 which is the latest and coolest provided
  • Translations updates

And again, this is a partial list: there are bugfixes for many issues reported by testers included.
Testing-Group-Logo

Testing

openSUSE 13.1 will have to stand up right in a proud tradition of great stability so it will need a final serious workout before we release it upon the world! We wrote about testing a while ago, and we urge you to check out that article and help out!

We ask you to give some extra attention to:

  • btrfs!
  • livecd’s and usb live sticks – these did not work in RC1, which was in part because this is hard to test automatically. We have some tests set up but manual testing is really needed to ensure the live images work well.
  • Secure Boot/UEFI. If you have a machine with Secure Boot and UEFI and 12.3 didn’t work for you, please, test this 13.1 RC2. With this RC2 we added a fix related with the alignment of certificates that can cause fails on some UEFI firmware.

A list of the most annoying bugs can be found here.

Have a lot of fun!

Board Elections Coming!

October 30th, 2013 by

GeekoVote
The end of the year is approaching. And besides Santa and fireworks, Geekos know: the openSUSE board gets a refresh! The openSUSE Election Committee has announced the time line for this year’s elections and asked candidates to step forward for the job!

Elections

This year, 4 seats are to be elected, two for a two year term and two for a 1 year term. As always, all openSUSE members are eligible to vote. Anybody contributing to openSUSE over a longer period of time can become a member – if you’re not a member yet, you should apply and get your vote in!

Anybody can step up to be on the board, as long as they are openSUSE Members (and not a member of the Election Committee). You can announce your candidacy by emailing the openSUSE Project mailing list AND the Election Committee, best with a short introduction about yourself and information on why people should vote for you.

Role of the board

As board member, you’re a central point of contact for openSUSE. SUSE talks to you about what they’re up to but also people in the project itself will come to the board with issues, conflicts or wishes. The board handles the regular project meetings on IRC (and once a year at the openSUSE conference) as well as trademark issues. The board works with teams like the Travel Support Team and the Marketing team, where travel- and material budgets are involved as well. Find some information about current and past board members on the wiki.

Time line for the elections

For these elections, this is the time line:

  • 28.10. Start of standing up for candidacy, nominating candidates, apply for membership
  • 18.11. Start of candidates campaign
  • 2.12. Ballots open
  • 15.12. End of voting
  • 16.12. Announcement of the results

Be a part of it!

Click here to cast your vote! Note that you have to be logged in with your usual openSUSE credentials to see this page and cast your vote.