Dominique Leuenberger: openSUSE Tumbleweed – Review of the week 2019/33

Week 2019/33 ‘only’ saw three snapshots being published (3 more were given to openQA but discarded).

FPgM report: 2019-33

Here’s your report of what has happened in Fedora Program Management this week. I have weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. (Just not this week because I will be traveling)

Security updates for Friday

Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, python, subversion, and vlc), Oracle (ghostscript and kernel), Red Hat (mysql:8.0 and subversion:1.10), SUSE (389-ds, libvirt and libvirt-python, and openjpeg2), and Ubuntu (nginx).

A compendium of container escapes

My name is Brandon Edwards, I’m Chief Scientist at Capsule8. Today we’ll be talking about a compendium of container escapes in the podcast. We’ve previously talked about escaping containers and the sorts of vulnerabilities people should be concerned with a while back. In particular we’re discussing how the RunC vulnerability had engendered all this interest, or concern, or almost shock, the trust the people are placing in containers was broken. Oh wow, an escape could happen! I think it’s really valuable to be able to communicate and show all the other ways that that sort of thing can happen, either from misconfiguration, or over granting privileges, or providing host mounts into the container, or having kernel vulnerabilities that could somehow compromise any of the elements of the security model of container, which is both fragile and complex.

Apollo data graph brings managed federation to enterprises

Data graph vendor Apollo is aiming to help overcome several obstacles to enterprises using graph databases with its latest Apollo Data Graph Platform update, which became generally available on July 16. Among the key new features in the platform are federated management capabilities that enable more scalability across different GraphQL data graph instances. GraphQL is an open source query language for APIs, originally created by Facebook that is used to enable data graph capabilities.

Pardus 19 Gnome overview | a competitive and sustainable operating system

In this video, I am going to show an overview of Pardus 19 Gnome and some of the applications pre-installed.

Linux Action News 119

We go hands-on with the big Xfce release that took four years and five months to develop. Kubernetes gets an audit that might just set a precedent, and Google has a new feature for AMP that has us all worked up.

How to use apt Command in Linux

FreeBSD Display Information About The System Hardware

btLr text direction in Writer, part 4

You can get a snapshot / demo of Collabora Office and try it out yourself right now: try unstable snapshot. Collabora is a major contributor to LibreOffice and all of this work will be available in TDF’s next release, too (6.4).

LibreOffice Community at FrOSCon 2019

LibreOffice development takes place mostly via the internet: volunteers, certified developers and other community members collaborate on programming, design, quality assurance, documentation and other tasks. But we also like to meet up in person, to share information, bring new people into the project, and have fun! So on the weekend of 10 and 11 August, we attended FrOSCon 2019 in Sankt Augustin, a town just outside Bonn, Germany. FrOSCon is one of the largest free and open source software (FOSS) conferences in the country, with around 2,000 attendees. Most of the visitors know about FOSS already, but some had only learnt about it recently, and were eager to discover more.

10 ways DevOps helps digital transformation

DevOps helps organizations succeed with digital transformation by shifting the cultural mindset of the business, breaking down detrimental silos, and paving the way for continuous change and rapid experimentation: All those elements help organizations meet evolving customer demands, experts point out. This helps organizations “self-steer” toward better solutions to continually improve, says Matthew Skelton, head of consulting at Conflux and co-author of Team Topologies.

CloudBees Advances State of the DevOps World

At its annual user conference, CloudBees previews a new Software Delivery Management platform as the DevOps vendor celebrates 15 years of Jenkins.

How do you verify that PyPI can be trusted?

Now Go's packaging story is rather different from Python's since in Go you specify the location of a module by the URL you fetch it from, e.g. github.com/you/hello specifies the hello module as found at https://github.com/you/hello. This means Go's module ecosystem is distributed, which leads to interesting problems of caching so code doesn't disappear off the internet (e.g. a left-pad incident), and needing to verify that a module's provider isn't suddenly changing the code they provide with something malicious. But since the Python community has PyPI our problems are slightly different in that we just have to worry about a single point of failure (which has its own downsides). Now obviously you can run your own mirror of PyPI (and plenty of companies do), but for the general community no one wants to bother to set something up like that and try to keep it maintained (do you really need your own mirror to download some dependencies for the script you just wrote to help clean up your photos from your latest trip?). But we should still care about whether PyPI has been compromised such that packages hosted there have not been tampered with somehow between when the project owner uploaded their release's files and from when you download them.

Spyder 4.0 beta4: Kite integration is here

As part of our next release, we are proud to announce an additional completion client for Spyder, Kite. Kite is a novel completion client that uses Machine Learning techniques to find and predict the best autocompletion for a given text. Additionally, it collects improved documentation for compiled packages, i.e., Matplotlib, NumPy, SciPy that cannot be obtained easily by using traditional code analysis packages such as Jedi.

DebConf19: Brazil

My first DebConf was DebConf4, held in Porte Alegre, Brazil back in 2004. Uncle Steve did the majority of the travel arrangements for 6 of us to go. We had some mishaps which we still tease him about, but it was a great experience. So when I learnt DebConf19 was to be in Brazil again, this time in Curitiba, I had to go. So last November I realised flights were only likely to get more expensive, that I’d really kick myself if I didn’t go, and so I booked my tickets. A bunch of life happened in the meantime that mean the timing wasn’t particularly great for me - it’s been a busy 6 months - but going was still the right move. One thing that struck me about DC19 is that a lot of the faces I’m used to seeing at a DebConf weren’t there. Only myself and Steve from the UK DC4 group made it, for example. I don’t know if that’s due to the travelling distances involved, or just the fact that attendance varies and this happened to be a year where a number of people couldn’t make it. Nonetheless I was able to catch up with a number of people I only really see at DebConfs, as well as getting to hang out with some new folk. Given how busy I’ve been this year and expect to be for at least the next year I set myself a hard goal of not committing to any additional tasks. That said DebConf often provides a welcome space to concentrate on technical bits. I reviewed and merged dkg’s work on WKD and DANE for the Debian keyring under debian.org - we’re not exposed to the recent keyserver network issues due to the fact the keyring is curated, but providing additional access to our keyring makes sense if it can be done easily. I spent some time with Ian Jackson talking about dgit - I’m not a user of it at present, but I’m intrigued by the potential for being able to do Debian package uploads via signed git tags. Of course I also attended a variety of different talks (and, as usual, at times the schedule conflicted such that I had a difficult choice about which option to chose for a particular slot).

PyBay 2019: Talking about Python in SF

We are back to San Francisco! Our team will be joining PyBay's conference, one of the biggest Python events in the Bay Area. For this year, we'll be giving the talk: Building effective Django queries with expressions. PyBay has been a fantastic place to meet new people, connect with new ideas, and integrate this thriving community.

Tantek Çelik: IndieWebCamps Timeline 2011-2019: Amsterdam to Utrecht

While not a post directly about IndieWeb Summit 2019, this post provides a bit of background and is certainly related, so I’m including it in my series of posts about the Summit. Previous post in this series: Reflecting On IndieWeb Summit: A Start [...] I don’t know of any tools to take something like this kind of locations vs years data and graph it as such. So I built an HTML table with a cell for each IndieWebCamp, as well as cells for the colspans of empty space. Each colored cell is hyperlinked to the IndieWebCamp for that city for that year.

Meet SUSE at Cloud Foundry Summit in The Hague

If you’re looking for a great excuse to visit the Netherlands, learn about Cloud Foundry and Kubernetes, and hang out with a cool and interesting community, come meet the SUSE Cloud Application Platform team at the Cloud Foundry Summit EU in The Hague. SUSE is a gold sponsor of the event, so we’ll have a booth complete with live demos and plenty of the cool chameleons that you’ve come to expect of us. 

Helping The Hispanic/Latinx Community With Open Source | Open Infrastructure Summit, 2019

At the Open Infrastructure Summit, 2019, we sat down with Joseph Sandoval, SRE Manager for the Adobe Advertising Cloud platform, to talk about the work he is doing with the Hispanic/Latinx Community.