The biggest issue we have on GNU/Linux system is the question 'How do you (install/run/configure) X on distro Y?' (and often the answer to it).
We have awesome package managers, distros, communities, people, helper tools and infrastructure. But one issue is still not solved: Maintainers / packagers. We desperately need people who work on the actual packages. Now we see curl-pipe-sh, virtual machines, docker, snappy, and a lot of other hardly maintainable, irreproducible bullshit. I remember days when I actually read from ISVs that installation meant './configure && make && make install'. You just needed a toolchain. No fancy tools, nobextra terabytes of disk space and memory, and - well - not even a package manager! The latter, however, does something very excellent: It can handle dependencies and track what you have installed. Awesome! However, the assumption is that people create metadata for it. In every package management system, you need to specify a name, version, dependencies (based on the names others use), and build and install commands. That can become way more complex than make && make install nowadays though: For some distros, patches for locations in file systems are necessary, the overall system's configuration may cause collision (say, certain presets, or basic tools like libav vs ffmpeg, libressl vs openssl, openrc vs systemd, implying even more issues with udev, some other daemons, and what not), etc.. For all this extra work, we need people, and we need endurance, knowledge, and strong opinions to keep things aligned. Arch Linux is doing very well here, and it's why it's mostly my distro of choice. And it might be the reason why it is now considerable as a major distribution. There are even different flavors of it/Arch-based distros avaiable like the prominent Manjaro, Antergos, Chakra, Alpine, and more, as you can see here: https://wiki.archlinux.org/index.php/Arch-based_distributions
Yet these are not officially suppotted by Arch, unlike the Ubuntu GNU/Linux flavors like Kubuntu, Xubuntu, Lububtu, Edubuntu, etc.. Canonical Ltd. is actively supporting and even QAing/testing this whole family. Both ways are ok in my view. One means focus (they main driving principle behind are is KISS after all), the other one means looking at the big picture and being omnipresent.
Now still the aforementioned big issue is not solved. So grab a cup of coffee or tea, a cocktail or a beer, calm down, and please, help us out! It does not matter which distro or desktop you prefer to use. :) <3
Welcome to Orange CMS! :)
Me haz RSS at http://test.orangecms.org/rss.Latest posts
-
GNU/Linux, we need help!
2016-12-18 10:54:18 -
FLOSS software distribution
2016-06-18 16:45:30Packaging is the ideal way of bringing software to users. In the FLOSS (free, libre, open source software) world, people can just query a repository from a central tool they know well without visiting obscure websites and simply install things using a single command or click, just like an app store. This tool is called the package manager. It is a trustworthy, convenient, and easy.
However, someone has to do the work behind it, and that is usually another user who wants that certain piece of software themselves or who is asked to do it, someone working in a distro's packaging team, etc..
Now, to actually be able to create a package, the packager will have to know how to build and install the application. Besides that, there are different package formats, helper tools, and standards, depending in the distro.
If you would like to have a package for your system, I stongly encourage you to at least give it a shot, because you can do it easily in surprisingly many cases. Read the guides and tutorials provided in the respective wikis and documentation of your distro or get in touch through IRC or forums.
Many packagers have certain expertise in special fields like Python, Java, KDE, Qt, GNOME, desktop stacks, server applications and so on, and they are willing to share so the community grows and get help themselves.
If you ever read that you should pipe scripts fetched through wget or curl into a shell like bash: That is certainly not a reasonable way of installing software.
It might seem easy because you just run a single command, but you don't know what will actually happen, if it will harm your system (even if the author does not intend it), and it will be very hard to remove it later if you don't want it anymore because your package manager will not even know about it.
You cannot even keep track of things if you don't maintain a list yourself, and probably you won't even have a comfortable desktop shortcut.
These were experiences I made myself and the main reason for me to get started with packaging. Grab a piece of software you want on your system and package it, and I even promise you that it will give you a great understanding of FLOSS software in general, so you and others will benefit in multiple ways. -
DebConf15 retrospective
2016-04-12 14:16:40Last year, for the first time, I attended DebConf, the annual Debian developers conference. Since it was held in my country and a very great chance to get to know the large community behind an awesome open source project, I couldn't miss it, and I am very happy that I had taken the chance.
I was more than impressed to find a real family event (lots of parents came with their children), a very calm and relaxing atmosphere (we had a whole day to discover the beautiful city of Heidelberg), and a very ambitious team at the venue. Having taken away so much from the event, even though I'm not even much of a Debian user, I want to share my insight with the world. Let me summarize some ideas and a very meaningful chat we had with Jacob Appelbaum after his talk, because I agree with many of his views.
Hardware issues with x86 aside, he insists on the liability of operating systems and especially secure communication and privacy. He would love to see a Linux kernel patched with grsec (thus also PaX for memory protection, ASLR etc.) and configured to support AppArmor in the default repository of Debian and protocols like Appletalk dropped from it instead. Connections during installation should be encrypted by default with non-superuser network access, and services like NFS and Avahi removed from the base system. That would be similar to the setup of my Gentoo Linux system. Debian is a very robust distribution, empowering TailsOS and almost half of all distributions currently out there (just check the Linux family tree on Wikipedia), so securing the system would automatically contribute to the safety of so many machines in the world, especially servers. On the other hand, stability in the sense of compatibility is just as high a priority, if not even higher, so that packages cannot simply be dropped or kernel features changed. PaX/grsec can easily render many binaries inexecutable. Offering another installation set would be an option, but quite hard to maintain with the desired properties as described above. From 5 years of experience with Gentoo I know how much effort it takes to patch and build a kernel over and over again, so Debian cannot be blamed for not just doing it. Another aspect Jake stressed is compartmentation. I was first thinking about approaches like the Xen hypervisor in QubesOS, but that is not what he meant. He would prefer jails and tools written in languages like Go to make use of the built-in type safety.
These features would already be a huge challenge to implement, but he also suggested a sensible set of packages to provide by default to begin with: The Tor Browser and the Tor Messenger (he described its features and a beta version was released by the end of the year) or Ricochet (another secure instant messenger).
Those were very technical details, but Debian means a lot more on the ethical and social side. The Debian community has carefully established a web of trust for communication, contribution and maintenance. Not only do they keep discussions very modest, but also authentic. During chats I learned how their key-signing parties work. Checking identities (by means of passports or ID cards) is a crucial and mandatory part of the procedure, so one can feel very safe in their environment.
Finally, here are three quotes from Jacob that touched me the most:
'Debian does a lot of stuff right.'
'[The] main thing is to keep quality assurance [...] at a level.'
'We should try to build a world where we are free.' -
Der Schlaf
2015-11-01 13:22:12I am reading this poem by Georg Trakl:
Verflucht ihr dunklen Gifte,
Weißer Schlaf!
Dieser höchst seltsame Garten
Dämmernder Bäume
Erfüllt von Schlangen, Nachtfaltern,
Spinnen, Fledermäusen.
Fremdling! Dein verlorner Schatten
Im Abendrot,
Ein finsterer Korsar
Im salzigen Meer der Trübsal.
Aufflattern weiße Vögel am Nachtsaum
Über stürzenden Städten
Von Stahl. -
DebConf15 schedule
2015-08-17 05:45:36I have quickly created a mobile-friendly version of the schedule ( http://bit.do/debconf15schedule ). See this screenshot for a quick comparison.
The app based on AngularJS and uses the XML export from the official website ( https://summit.debconf.org/debconf15/ ). Since Summit doesn't send CORS headers I set up a cron job to keep it up to date, refreshing every 5 minutes.
The project can probably be used without much modification for other conferences as well. I was told that there is also an Android app that can read the XML format, but I wanted a web app, so here you are.
Sources are on GitHub ( https://github.com/orangecms/conf-schedule ) and PRs and feedback are always welcome. Enjoy! :) -
Live from DebConf15
2015-08-15 14:36:26This year's DebConf is taking place in Heidelberg, Germany, so I have taken the chance to attend and get to know some Debian folks. Apparently they are very open and welcoming people, and to even push that further, there has been a session for newcomers to meet and get to know each other as well as speak to some recurring visitors. This year they set a new attendees record (~600) and some famous speakers have been invited. Among them is Jacob Appelbaum whom I shall invite for a bottle of Club Mate, should I get to talk to him.
I'm looking forward to enjoying the rest of the conference and shall write about it every now and then, so stay tuned! -
Cocktail session
2015-08-14 05:08:59Do you also love cocktails as much as I do? I am always extending my equipment to make them.
Here we have this delicious delight:
Clover Club (main picture)
Gin Rickey (lower right)
Cheers! -
Hottie-veggie-tasties
2015-08-14 03:47:33Mingle eggs with pieces of garlic and chili in a cup. Spice up with salt and pepper as you desire. Put moderate slices of eggplant and/or zucchini in a pan. Start heating the pan and add a spoonful of the mixture on top of each slice. Fry from both sides.
Tada, you'll have hottie-veggie-tasties! :) -
Gentoo update night
2015-07-20 14:17:25... and here is a photo of what it looks like when upgrading Gentoo. Colourful, powerful, flawless. -
Why I love Gentoo Linux
2015-07-20 14:15:57People who know me might think I'm a total nerd, hacking around and stuff. After all, I'm just simplifying things. And that is the reason why I love Gentoo Linux.
I have told this story many times but never published it like this:
I got started with Linux back when I was in 11th grade I think. A school mate told me to try it out, and that was when Fedora Core 1 was just released in a beta-ish stage. It was pretty horrible, because I was presented with a GUI without proper resolution nor hardware acceleration. I played around with it and couldn't get it to work nicely. So I tossed it away after a while.
Years later I got myself a NAS (Network Attached Storage), a Buffalo LinkStation. I could gain shell access and do some stuff with it, but I didn't know what I was really doing mostly. When the NAS died (stupid thing - the cause might have been the improper firmware I was using or other random circumstancea), it's been another couple of years until I heard about Linux again.
This time it was a fellow student at university who is now a good friend of mine. He recommended me to go with Ubuntu first and see how it works. And to be honest, that was a big, big disaster once again. I was facing an even more complicated GUI than I had ever seen (named Unity), and after trying to install the software I actually wanted (that is, Sage for some courses where we used it to break crypto), I was unsatisfied again. It took me only a short amount of time to break the system by mixing a mere dozen repos. In summary: I hate distros that are based on hundreds of binary repos and don't officially feature what you actually need. That is true for about every rpm- or deb-based distro out there.
My friend then said that Gentoo Linux ( https://gentoo.org ) would be real hardcore, tough work and hard to get through maybe, but highly customizable. Hell, bullocks. It's the simplest, most convenient, most stable system I've ever seen in my entire life! I just write some stupid, simple text files (KISS), and the system builds an entire world of software packages for me (that's the terminology). And it has never, ever failed or broken anything. Isn't that amazing? Portage, the ports/package manager behind the scenes, is such awesome in resolving dependencies, and the Gentoo folks are writing insanely great ebuilds (package descriptions) so that I can just lie back and have my machine build a bunch of like >500 packages for me without trouble, just like today. I'm now upgrading my system after about a month break. It works like a charm!
On my laptops I am using Arch Linux nowadays because it has binary repos (very few but rich ones though!) and is similarly convenient when building packages locally. I say: CoC to me means "Convenience over Complication"!
I've written some few package descriptions for both Arch and Gentoo. You can find them on GitHub ( https://github.com/cyrevolt ) or even in the AUR, the Arch User Repository. -
Google I/O 2015
2015-05-28 10:42:51Andy and I are watching Google I/O 2015 right now.
They have significantly enhanced Android's UX, involving text input, text selection, and even voice input in a certain context. Plus they simplified voice control again and finally provide app permission control by default as you know it from CyanogenMod. And they are promising more battery life by measuring usage times, a feature they call "Doze". Hopefully that will all work as expected. -
Afterthoughts
2015-05-10 16:09:06On my way back home from oSC15, I met a nice German girl in the train and couldn't resist chatting with her. When she asked what I've actually been doing in the Netherlands, I told her that I had attended a conference about Linux and stuff. She's been running Ubuntu on her laptop for quite some years, she said, and that many of her friends do so as well. "Everyone by now knows Ubuntu, right?", she replied when I was curious how she got in touch with it. But she had never heard about openSUSE until then.
I started asking myself if the community was willing to change that by opening up and telling the world that the project is still alive. I'm very confident that the new website will help spreading the word, but there's way more to be done: Wake up, activate, help improving the wiki, invite your friends and enemies, and get ready for the next release! -
Game over
2015-05-04 09:39:47The network has been taken down. A marvelous oSC15 / Kolab Summit double-event is over now, and I say thanks to everyone who participated, especially the organizers and even more the volunteers who managed to get everything going. I hope to see many of you again soon, maybe this year at DebConf or next year for another round of openSUSE Conference, oSC16 at home in Nuremberg.
I am glad to say that I have learned so much about message brokers, packaging automation, and configuration management. But having met so many awesome people was surely the best part of it. Keep up your great work and continue being this wonderful and welcoming community. Tot ziens! -
Response and responsibility
2015-05-04 03:10:44Today morning, we've been openly discussing the current state of and plans for openSUSE. Without many people knowing, openSUSE is doing an amazing job by packaging very recent and high quality software in light speed, thanks to openQA and OBS, the Open Build Service. Both are very great tools, and both allow us to advance and save a huge amount of time. They are like emerald and diamond castles.
Now that openSUSE has opened the doors to these castles, the need to prepare the paths that lead there arises and is right now becoming very urgent. The wiki needs updates and maintenance, and the board members understand that. The website is about to be relaunched, and it demands content, which unfortunately isn't all there yet. They are aware of that fact as well. And they say: We have to work on that. And we need people!
Establishing a platform for (new) contributors requires hard and tedious work, which you can actually help with.
If you love openSUSE, you just tried it, or you would like to take a look at it, please go ahead - contribute, give feedback, download and boot the iso images! And remember: Have a lot of fun! -
Your browser scores 503
2015-05-03 02:16:47To me as a web developer, this screenshot is just too funny. For those not in the know: 503 is the HTTP status code meaning that something on the server went wrong.
Anyway, Richard Brown just presented how openQA can be used to test apps, installers, console output and whatnot. It does automated keypresses and mouse clicks, taking screenshots and partial image comparison (defined as "needles") and outputs the results in a nice web frontend. All the capturing happens from a virtual machine, so you can easily test different architectures and monitor the whole boot process. As a bonus, you can watch the test running and even get a video recording of the whole suite in the end. -
"Invest in open source!"
2015-05-02 05:10:19says Brenno de Winter, and I totally agree. Too much software is poor, not because it is built on top of open source software, but rather because it is not verified. If you use free software, you are obliged to check that it works properly and securely, just like you do with proprietary software. That is exactly my standpoint and the reason why I want to see more testing and CI/CD processes implemented. I am a huge fan of TDD for that reason, and BDD in addition. But that isn't everything. You must never forget pentesting, i.e. checking weird cases but also - in especially - very common attacks and techniques. Thankfully, OWASP (http://owasp.org) is regularly publishing a top 10 list of common issues, and many security people are blogging about their expertise, like Gareth Heyes (http://thespanner.co.uk) for example. Many put their talks from conferences online, in forms of recordings, slides, demos and so on. So please, open up your minds and wallets a bit to provide more secure software. You *can* do that for sure, no excuses! -
Day 2
2015-05-02 00:42:48The sun has risen, the birds are singing, and a bunch of geeks is gathered in a sports center for the second day of oSC15. Today is also the first day of Kolab Summit, and we're both gathered at the same venue, allowing for more exchange amd enabling each other to join. Kolab Summit is mainly about healthcare, security, and groupware. I'm partially a security guy, so I might attend some of their talks as well. Oh, and we are sharing a common Wi-fi! :) -
Meanwhile...
2015-05-01 08:12:30... somewhere in Den Haag, The Netherlands, Ramon de la Fuente is speaking about Ansible, a configuration management, deployment and provisioning tool that I am starting to like. When working on PHP projects like Shopware, I got in touch with it for the first time. Shopware provides a Vagrantfile (Vagrant is a virtualization wrapper, sort of) for developers that provisions through Ansible. As my projects grow and become more, I want to be able to easily set up a new system. That makes Ansible my tool of choice for now. -
Packaging
2015-05-01 05:39:54In the world of Linux, *BSD and whatnot, packages are a core feature to deliver software to end users. Craig Gardner, Tomáš Chvátal and Lars Vogdt are explaining how it works while the elePHPant is sniffing on the network. -
Preparation and schedule
2015-05-01 04:11:58We just quickly set up the workshop room and the final schedule is now available at https://events.opensuse.org/. If you aren't here but want to follow the talks, you can watch them through the livestream at http://bambuser.com/channel/opensusetv. -
Goede morgen!
2015-05-01 00:51:51Good morning everyone, and let the show begin. -
oSC15 Artwork
2015-04-30 09:07:08 -
Live from oSC15!
2015-04-30 08:56:04Hello everypony,
this year I am attending the openSUSE Conference again and this time I will be blogging live from there. :)
If you want to follow me, feel free to add the RSS feed or just come here every once in a while. Yay! =)