Glad to hear that a snapshot saved your day. Probably the most usefull feature in TW.
GRUB2 with BLS is now in MicroOS and Tumbleweed Recently the openSUSE project released for MicroOS and Tumbleweed a new version of the GRUB2 package, with a ...
GRUB2 with BLS is now in MicroOS and Tumbleweed
Recently the openSUSE project released for MicroOS and Tumbleweed a new version of the GRUB2 package, with a new subpackage grub2-$ARCH-efi-bls
. This subpackage deliver a new EFI file, grubbls.efi
, that can be used as replacement of the traditional grub.efi
.
The new PE binary is a version of GRUB2 that includes a set of patches from Fedora, which makes the bootloader follow the Boot Loader Specification (BLS). This will make GRUB2 understand the boot entries from /boot/efi/entries
, and dynamically generate the boot menu showed during boot time.
This is really important for full disk encryption (FDE) because this means that now we can re-use all the architecture and tools designed for systemd-boot
. For example, installing or updating the bootloader can now be done with sdbootutil install
, the suse-module-tools
scriptlets will create new BLS entries when a new kernel is installed, and the tukit
and snapper
plugins will take care of doing the right thing when snapshots are created or removed.
Reusing all those tools without modification was a significant win, but even better, many of the quirks that classical GRUB2 had when extending the event log are no longer present. Before this package, sdbootutil
needed to take ownership of the grub.conf
file, as this will be measured by GRUB2 by executed lines. That is right! For each line that is read and executed by the GRUB2 parser, a new PCR#8 will take place, and because GRUB2 support conditional as other complex constructors, it is very hard to predict the final value of PCR#8 without imposing a very minimal and strict grub.conf
.
However, with the new BLS subpackage, this file, along with the fonts and graphical assets for the theme, and the necessary modules (such as bli.mod
), are now included in the internal squashfs
within the EFI binary. GRUB2 will no longer measure those internal files without compromising security guarantees because now it is the firmware that measures the entire EFI when the bootloader is executed during the boot process.
As today, we cannot use YaST2 to install GRUB2 with BLS, but we can do that manually very easily. We need to make a systemd-boot
installation, replace LOADER_TYPE
from systemd-boot
to grub2-bls
, install the new GRUB2 BLS package, and do sdbootutil install
. Another option is to play with one of the available images for MicroOS or Tumbleweed.
Have a lot of fun!
Hello everyone! I’d like to announce the start of development and the public availability of what we currently refer to as Leap 16.0 pre-Alpha. Since this is...
Hello everyone!
I'd like to announce the start of development and the public availability of what we currently refer to as Leap 16.0 pre-Alpha. Since this is a pre-Alpha version, significant changes may occur, and the final product may look very different in the Alpha, Beta, Release Candidate, or General Availability stages. The installer will currently offer you Base, GNOME, and KDE.
Users can get our new Agama install images from get.opensuse.org/leap/16.0. The installer will currently offer you Base, GNOME, and KDE installation.
Leap 16.0 is a traditional distribution and a successor to Leap 15.6 with expected General Availability arriving in the Fall of 2025.
We intend to provide users with sufficient overlap so that 15.6 users can have a smooth migration, just like they're used to from previous releases.
Further details are available on our roadmap. The roadmap is subject to change since we have to respond to any SUSE Linux Enterprise Server 16 schedule changes.
Users can expect a traditional distribution in a brand new form based on binaries from the latest SLES 16 and community packages from our Factory development codebase.
There is no plan to make a Leap 15.7, however, we still need to deliver previously released community packages from Leap 15 via Package HUB for the upcoming SLES 15 SP7. This is why there are openSUSE:Backports:SLE-15-SP7 project and 15.7 repos in OBS.
<h5>Who should get it?</h5> This is a pre-alpha product that is not intended to be installed as your daily driver. I highly recommend starting with the installation in a virtual machine and becoming familiar with the online installer Agama.
The target audience for pre-Alpha are early adopters and contributors who would like to actively be part of this large effort. Adopters should consider booting Agama Media from time to time just to check compatibility with their hardware.
For non-contributor users, I highly recommend waiting until we have a Beta, which is expected in the late Spring of 2025.
<h5>How to report bugs?</h5> I'd like to kindly ask you to check our Known bugs wikipage before reporting a new issue. If you find a new issue that is likely to affect users, please feel free to add it to the page.
Specifically for Agama I highly recommend using github.com/agama-project and collaborating with the YaST team on suggestions and incorporating any changes.
For the rest of the components, the workflow isn't changing; just select version 16.0 for bug submissions.
<h5>Feature requests</h5> All changes to packages inherited from SLES 16 need to be requested via a feature request.
Feature requests will be reviewed every Monday at a feature review meeting where we'll convert code-o-o requests into JIRA requests used by SUSE Engineering where applicable.
The factory-auto bot will reject all code submit requests against SLES packages with a pointer to code-o-o.
You can get a list of all SLFO/SLES packages simply by running osc ls SUSE:SLFO:1.1:Build
.
Just for clarification SLFO, SUSE Linux Framework One, is the source pool for SLES 16 and SL Micro 6.X.
I highly recommend using code-o-o to co-ordinate larger community efforts such as Xfce enablement, where will likely need to update some of SLES dependencies. This allows us to share the larger story and better reasoning for related SLES update requests. The list of features is also extremely valuable for the Release article.
<h5>Where to submit packages, how is it built, and where is it tested?</h5> Leap 16.0 is built in openSUSE:Leap:16.0 project where we will happily welcome any community submissions until the Beta code submission deadline in the late Spring of 2025. We intend to keep the previous development model and avoid forking SLES packages unless necessary. We no longer can mirror SLES code submissions from OBS into IBS. So all SLES 16 update requests have to be requested via feature requests.
For quality control, we have basic test suites based on Agama installations in Leap 16.0 job group. Later, we plan to rework the existing Leap 16.0 Images job group for testing the remaining appliance images.
The project where we maintain community packages is subject to change as we have not fully finalized yet how to make Package HUB; we may use a similar structure with Backports as in 15.3+).
Further test suite enablement is one of the areas where we currently need the most help. Related progress.opensuse.org trackers poo#164141 Leap 16.0 enablement and poo#166562 upgrade from 15.6.
Another area where you can help is new package submissions and related maintainer review of package submissions to Leap 16.0. These reviews make sense as we'd like to check with maintainers whether that software in a given version makes sense for inclusion into Leap 16.0, rather than blindly copying all packages over.
<h5>Involvement in branding and marketing efforts</h5> I'm very proud to announce fresh branding efforts and want to thank all the people who helped give Leap and Tumbleweed a new look. We plan to publish an article or a video about the changes, and further plans as we still have a surprise or two in our pocket.
Do you want to help us on this front? Spread the news and feel free to join the #openSUSE_Marketing Telegram channel(https://t.me/openSUSE_Marketing)! https://en.opensuse.org/openSUSE:Marketing_team
Many thanks to all who helped us to reach this point.
Lubos Kocman<br/> on behalf of the openSUSE Release team
Hello everyone! I’d like to announce the start of development and the public availability of what we currently refer to as Leap 16.0 pre-Alpha. Since this is...
Hello everyone!
I'd like to announce the start of development and the public availability of what we currently refer to as Leap 16.0 pre-Alpha. Since this is a pre-Alpha version, significant changes may occur, and the final product may look very different in the Alpha, Beta, Release Candidate, or General Availability stages. The installer will currently offer you Base, GNOME, and KDE.
Users can get our new Agama install images from get.opensuse.org/leap/16.0. The installer will currently offer you Base, GNOME, and KDE installation.
Leap 16.0 is a traditional distribution and a successor to Leap 15.6 with expected General Availability arriving in the Fall of 2025.
We intend to provide users with sufficient overlap so that 15.6 users can have a smooth migration, just like they're used to from previous releases.
Further details are available on our roadmap. The roadmap is subject to change since we have to respond to any SUSE Linux Enterprise Server 16 schedule changes.
Users can expect a traditional distribution in a brand new form based on binaries from the latest SLES 16 and community packages from our Factory development codebase.
There is no plan to make a Leap 15.7, however, we still need to deliver previously released community packages from Leap 15 via Package HUB for the upcoming SLES 15 SP7. This is why there are openSUSE:Backports:SLE-15-SP7 project and 15.7 repos in OBS.
<h5>Who should get it?</h5> This is a pre-alpha product that is not intended to be installed as your daily driver. I highly recommend starting with the installation in a virtual machine and becoming familiar with the online installer Agama.
The target audience for pre-Alpha are early adopters and contributors who would like to actively be part of this large effort. Adopters should consider booting Agama Media from time to time just to check compatibility with their hardware.
For non-contributor users, I highly recommend waiting until we have a Beta, which is expected in the late Spring of 2025.
<h5>How to report bugs?</h5> I'd like to kindly ask you to check our Known bugs wikipage before reporting a new issue. If you find a new issue that is likely to affect users, please feel free to add it to the page.
Specifically for Agama I highly recommend using github.com/agama-project and collaborating with the YaST team on suggestions and incorporating any changes.
For the rest of the components, the workflow isn't changing; just select version 16.0 for bug submissions.
<h5>Feature requests</h5> All changes to packages inherited from SLES 16 need to be requested via a feature request.
Feature requests will be reviewed every Monday at a feature review meeting where we'll convert code-o-o requests into JIRA requests used by SUSE Engineering where applicable.
The factory-auto bot will reject all code submit requests against SLES packages with a pointer to code-o-o.
You can get a list of all SLFO/SLES packages simply by running osc ls SUSE:SLFO:1.1:Build
.
Just for clarification SLFO, SUSE Linux Framework One, is the source pool for SLES 16 and SL Micro 6.X.
I highly recommend using code-o-o to co-ordinate larger community efforts such as Xfce enablement, where will likely need to update some of SLES dependencies. This allows us to share the larger story and better reasoning for related SLES update requests. The list of features is also extremely valuable for the Release article.
<h5>Where to submit packages, how is it built, and where is it tested?</h5> Leap 16.0 is built in openSUSE:Leap:16.0 project where we will happily welcome any community submissions until the Beta code submission deadline in the late Spring of 2025. We intend to keep the previous development model and avoid forking SLES packages unless necessary. We no longer can mirror SLES code submissions from OBS into IBS. So all SLES 16 update requests have to be requested via feature requests.
For quality control, we have basic test suites based on Agama installations in Leap 16.0 job group. Later, we plan to rework the existing Leap 16.0 Images job group for testing the remaining appliance images.
The project where we maintain community packages is subject to change as we have not fully finalized yet how to make Package HUB; we may use a similar structure with Backports as in 15.3+).
Further test suite enablement is one of the areas where we currently need the most help. Related progress.opensuse.org trackers poo#164141 Leap 16.0 enablement and poo#166562 upgrade from 15.6.
Another area where you can help is new package submissions and related maintainer review of package submissions to Leap 16.0. These reviews make sense as we'd like to check with maintainers whether that software in a given version makes sense for inclusion into Leap 16.0, rather than blindly copying all packages over.
<h5>Involvement in branding and marketing efforts</h5> I'm very proud to announce fresh branding efforts and want to thank all the people who helped give Leap and Tumbleweed a new look. We plan to publish an article or a video about the changes, and further plans as we still have a surprise or two in our pocket.
Do you want to help us on this front? Spread the news and feel free to join the #openSUSE_Marketing Telegram channel(https://t.me/openSUSE_Marketing)! https://en.opensuse.org/openSUSE:Marketing_team
Many thanks to all who helped us to reach this point.
Lubos Kocman<br/> on behalf of the openSUSE Release team
Really cool project and a good read!
Maybe I am too deep into retro computing and such but my first reaction when I read the headline was "Oh great! A new game engine for the Acorn Archimedes computer." :)
Hey,
No issues from my side so far. Have you tried to rollback to see if it's related to the update? Could also be a hardware error that just happened to occur at the same time as the update.
Welcome to the monthly update for Tumbleweed for September 2024! This month, the rolling-release model has kept pace with numerous important updates and bug ...
Welcome to the monthly update for Tumbleweed for September 2024! This month, the rolling-release model has kept pace with numerous important updates and bug fixes. PostgreSQL received a major update moving to 17 and text shaping engine harfbuzz had a major update to version 10. Packages like systemd, git, bash and qemu were also updated this month in the rolling release. Various packages saw CVE fixes and desktop components for GNOME and KDE were also updated. As always, remember to roll back using snapper if any issues arise.
Happy updating and tumble on!
Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the openSUSE Factory mailing list.
New Features and Enhancements
- Linux Kernel 6.11.0: The latest update brings reversion of the PCI ACS configurability extension to address an issue bsc#1229019. Key updates in the release include a fix to the block subsystem, resolving how the scheduler is handled in
elv_iosched_local_module
. A correction was made in the AMD GPU display driver to address a mistake from a previous revert related to bsc#1228093. Updates also include refreshed ALSA patches to enhance power management blacklist options. The improvements are expected to provide greater stability and performance for various hardware configurations. - postgresql17: This major release provides key improvements like a revamped memory management system for vacuum, boosting efficiency by reducing memory usage by up to 20x along with optimized processing for high concurrency workloads. Version 17 also enhances query execution with faster processing using B-tree indexes and parallel BRIN index builds. Developers benefit from the addition of the SQL/JSON
JSON_TABLE
command and expanded MERGE capabilities, as well as a 2x speed improvement in data exports with theCOPY
command. Logical replication now simplifies major version upgrades by eliminating the need to drop replication slots, improving ease of use in high availability setups. The software package further enhances database security and operational management, with new TLS options, incremental backups, and detailed monitoring tools. - harfbuzz 10.0.1: Significant fixes were made for the text shaping engine including support for Unicode 16.0.0. The version has a new Application Programming Interfaces that allows clients to customize glyphs when a Unicode Variation Selector isn't supported by the font, as well as a callback for getting table tags from
hb_face_t
. Updates also address pair positioning lookup subtable application for compatibility and ensure subsetting fails if no glyphs are present to prevent silent errors. - GNOME 46.5: gnome-shell now addresses issues with smartcard logins, fixes glitches when quick settings menu animations are interrupted, and resolves problems with new Wi-Fi connections for restricted users. It also ensures required animations remain enabled, fixes display of pending PAM messages on the login screen and plugs memory leaks. Un update of the gnome-software has a reduction in power usage when the main window is closed, along with translation updates..
- KDE Plasma 6.1.5: In Discover, snapType mapping is corrected, and Flatpak now properly reports extensions without errors. KWin addresses several crash scenarios, such as null dereference and input event handling from removed devices. Plasma Desktop includes fixes for keyboard navigation in Kickoff, task list alignment in RTL mode and it has proper handling of background icons and test windows. Plasma Workspace enhances touchscreen interaction, system tray tooltips and clipboard functionality. Additional fixes included targeted crashes in hotplugging and svg rendering, while SDDM KCM improves state management.
- Frameworks 6.6.0: Attica adds CI jobs for Alpine/musl, while Baloo sets up crash handling for baloo_file. New icons are introduced in Breeze. KCoreAddons improves dbus error handling and licensing, and KDeclarative adjusts rendering for better DPI positioning. KIO resolves issues with restoring trash entries and enhances service menu handling. KTextEditor receives performance optimizations and additional C++ porting for sorting and unique functionalities. Kirigami continues to improve icon handling and toolbars, while KNewStuff and KWalletf ocus on making shared actions more reliable and enhancing crash handling.
- KDE Gear 24.08.1: Akademy 2024 Videos are out, but a lot of efforts went into last month’s conference. Akonadi resolves a crash related to query cache eviction and fixes configuration file handling. Dolphin improves usability with fixes for button functionality and file list resizing, while Elisa enhances its Now Playing view and toolbar layout. Itinerary and Kalarm both receive updates for better dark mode handling and audio alarm functionality. Kdenlive addresses multiple timeline and rendering issues, optimized keyframe handling and fixes several bugs related to effects and transitions. Kate adds support for the Odin language in its formatter and Okular now sets tooltips for forms.
Key Package Updates
- git 2.46.1: A clarification has been made to
git checkout --ours
to inform users they need to specify paths, avoiding confusion. An issue withgit add -p
failing for users withdiff.suppressBlankEmpty
was corrected. Additionally,git notes add -m '' --allow-empty
no longer improperly invokes an editor, and unnecessary re-encoding operations for tracing have been removed. - qemu 9.1.0: The update introduces new migration capabilities, such as compression offload support via Intel In-Memory Analytics Accelerator (IAA) or User Space Accelerator Development Kit (UADK) and improved postcopy failure recovery. RISC-V architecture also sees support for several extensions, while x86 adds KVM support for AMD SEV-SNP guests and emulation for newer Intel CPU models like Ice Llake and Sapphire Rapids.
- systemd 256.6: This version no longer attempts to restart udev socket units, addressing issue bsc#1228809 where safely restarting socket-activated services and their socket units simultaneously was problematic.
- pipewire 1.2.4: The update addresses a crash during the cleanup of globals and enhances the
RequestProcess
dispatch mechanism. The Simple Plugin API framework now usessystemd-logind
to detect new devices. Pulse-Code Modulation device handling is also improved. - GStreamer 1.24.8: The multimedia framework package improves handling in
decodebin3
andencodebin
for better media decoding and smart rendering, respectively. Enhancements for proper viewport resizing when video size changes were made and audio stream enhancements were made for better compatibility with Firefox. There were some stability fixes for wayland including crash prevention and Application Binary Interface corrections. - Mesa 24.1.7: This release continues to support OpenGL 4.6 and Vulkan 1.3, though the version reported depends on the specific driver used. Key bug fixes include resolving issues with smartcard logins, race conditions when generating enums, and artifacts in games such as Black Myth Wukong and DCS World with certain GPUs.
- GTK4 4.16.1: This GTK Scene Graph Kit layer sees speed optimizations for Vulkan operations, reduces startup time by skipping unnecessary GL and Vulkan initialization and fixes a crash related to certain Vulkan drivers. Memory format conversions in GIMP Drawing Kit are now faster. The builder-tool has also been improved for better box conversion.
- bash 5.2.37: This update has key patches to address issues such as an incorrect handling of quoted text during auto-completion and multibyte character handling in
readline
. The update resolves system compatibility withselect
andpselect
availability and fixes a parsing issue in compound assignments during alias expansion. A typo in the autoconf test affectingstrtold
availability when compiled with GNU Compiler Collection 14 was corrected. - vim 9.1.0718: One notable fix in the text editor resolves issues with personal Vim runtime directory recognition. The update also addresses unnecessary
NULL
checks inparse_command_modifiers()
and corrects color name parsing errors introduced in a previous version. Other improvements include updates to syntax highlighting for various file types such as HCL, Terraform, and tmux. Performance improvements were also made to include the more efficient inserting with a count and resolving cursor position crashes.
Bug Fixes
- curl 8.10.0:
- CVE-2024-8096 may have incorrectly validated certificates using Online Certificate Status Protocol stapling, ignoring certain errors like 'unauthorized'.
- OpenSSL:
- CVE-2024-41996 was fixed, which could have allowed remote attackers to trigger costly server-side DHE calculations via public key order validation in Diffie-Hellman.
- postgresql17
- CVE-2024-7348 fixes a race condition that could allow attackers to execute arbitrary SQL as the user running
pg_dump
.
- CVE-2024-7348 fixes a race condition that could allow attackers to execute arbitrary SQL as the user running
- python311: This package fixed a few CVE’s. Here are a couple of fixes
- CVE-2024-4030 had a fix to ensure Unix "700" permissions are applied to secure the directory.
- tiff 4.7.0:
- CVE-2023-52356 had a segmentation fault allowing remote attackers to trigger a heap-buffer overflow that could cause a denial of service.
- CVE-2024-7006 had a null pointer dereference in that could trigger application crashes and cause denial of service.
- LibreOffice 24.8.1.2
- CVE-2024-5261 was fixed that disabled TLS certificate verification, allowing improper certificate validation during document processing in third-party components.
- Mozilla Firefox 130.0.1:
- This release fixes several CVEs. One of the most critical fixes involves CVE-2024-8385, where a WASM type confusion issue could lead to exploitable vulnerabilities. Another significant fix is for CVE-2024-8381, which could trigger a type confusion vulnerability when looking up property names within a "with" block. CVE-2024-8388 fixed an issue where fullscreen notifications could be hidden on Android devices, potentially leading to UI spoofing attacks. Two memory safety bugs, CVE-2024-8387 and CVE-2024-8389, were also patched.
- apr 1.7.5:
- CVE-2023-49582 had shared memory permissions that could expose sensitive data to local users.
Conclusion
September 2024 brings important updates for Tumbleweed users. Security fixes across packages like PostgreSQL, libtiff, and LibreOffice ensure stability and security. Significant improvements were made in tools like systemd, git, and qemu, enhancing performance and compatibility. Noteworthy updates in PostgreSQL 17 and Harfbuzz 10 also bring major enhancements, contributing to a more robust and refined rolling release environment.
Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Contributing to openSUSE Tumbleweed
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
Congratulations to everyone who took part. That's amazing.
This is a quick start guide for Full Disk Encryption with TPM or FIDO2 and YaST2 on openSUSE Tumbleweed. It focuses on the few steps to install openSUSE Tumb...
This is a quick start guide for Full Disk Encryption with TPM or FIDO2 and YaST2 on openSUSE Tumbleweed. It focuses on the few steps to install openSUSE Tumbleweed with YaST2 and using Full Disk Encryption secured by a TPM2 chip and measured boot or a FIDO2 key.
Hardware Requirement:
- UEFI Firmware
- TPM2 Chip or FIDO2 key which supports the hmac-secret extension
- 2GB Memory
Installation of openSUSE MicroOS
There is an own Quickstart for openSUSE MicroOS
Installation of openSUSE Tumbleweed
Boot installation media
- Follow the workflow until "Suggested Partitioning":
- Partitioning: Select "Guided Setup" and "Enable Disk Encryption", keep the other defaults
- Continue Installation until "Installation Settings":
- Booting:
- Change Boot Loader Type from "GRUB2 for EFI" to "Systemd Boot", ignore "Systemd-boot support is work in progress" and continue
- Software:
- Install additional tmp2.0-tools, tpm2-0-tss and libtss2-tcti-device0
- Booting:
- Finish Installation
Finish FDE Setup
Boot new system
- Enter passphrase to unlock disk during boot
- Login
- Enroll system:
- With TPM2 chip:
sdbootutil enroll --method tpm2
- With FIDO2 key:
sdbootutil enroll --method fido2
- With TPM2 chip:
- Optional, but recommended:
- Upgrade your LUKS key derivation function (do that for every encrypted device listed in
/etc/crypttab
):# cryptsetup luksConvertKey /dev/vdaX --pbkdf argon2id # cryptsetup luksConvertKey /dev/vdaY --pbkdf argon2id
- Upgrade your LUKS key derivation function (do that for every encrypted device listed in
Adjusting kernel boot parameters
The configuration file for kernel command line options is /etc/kernel/cmdline
.
After editing this file, call sdbootutil update-all-entries
to update the
bootloader configuration. If that option does not exist yet or does not work,
a workaround is: sdbootutil remove-all-kernels && sdbootutil add-all-kernels
.
Re-enrollment
If the prediction system fails, a new policy must be created for the new measurements to replace the policy stored in the TPM2.
If you have a recovery PIN: ```
sdbootutil --ask-pin update-predictions
```
If you don't have the recovery PIN, you can set one with this steps: ```
sdbootutil unenroll --method=tpm2
PIN=<new recovery PIN> sdbootutil enroll --method=tpm2
```
Virtual Machines
If your machine is a VM, it is recommended to remove the "0" from the FDE_SEAL_PCR_LIST
variable in /etc/sysconfig/fde-tools
. An update of the hypervisor can change PCR0. Since such an update is not visible inside the VM, the PCR values cannot be updated. As result, the disk cannot be decrypted automatically at the next boot, the recovery key needs to be entered and a manual re-enrollment is necessary.
Next Steps
The next steps will be:
- Support grub2-BLS (grub2 following the Boot Loader Specification)
- Add support to the installers (YaST2 and Agama)
- Make this the default if a TPM2 chip is present
Any help is welcome!
Further Documentation
New Key for Security Devel Project
On Mon, Sep 23, 2024 at 02:16:49PM +0200, Marcus Meissner wrote: > Hi folks, > > We will switch the "security" development project to a 4096bit RSA key > today. New key fingerprint: Type :……
The "security" development project is switched to a 4096bit RSA key.
New key fingerprint:
Type : GPG public key
User ID : security OBS Project <[email protected]>
Algorithm : rsa
Key size : 4096
Expires : 2026-12-02 13:27:55
Fingerprint : f9fa 0223 b56b 116c 3637 37ef 5da5 7bdd 6dd7 85ca
I totally agree with you. openSUSE Tumbleweed is IMHO the most stable rolling release distro out there.
Arch and some of its derivatives are also nice but still not as stable or polished as Tumbleweed.
So much bullshit in so little text... Again a “news” site that quotes a report from another site but doesn't link to it (probably so most readers don't read the real article). The CNN article says nothing about a plan to “ethnically cleanse northern Gaza” (this is typical Hamas press bullshit). Israel simply wants the civilian population remaining in the Netzarim Corridor to withdraw from the area so they are not longer in line of fire. And it is not an official plan but a plan of a group of retired Israeli military generals. Here is the link to CNN: https://edition.cnn.com/2024/09/22/middleeast/netanyahu-gaza-hamas-expulsions-plan-intl/index.html
And regarding MEE (Wikipedia):
According to its critics, Middle East Eye began forming in London in 2013 as the Islamist influence of Al Jazeera began to wane; several Al Jazeera journalists subsequently joined the project. Jonathan Powell, a senior executive at Al Jazeera, was a consultant ahead of its launch and registered the website's domain names. Bassasso, a Kuwait-born Palestinian living in London, was the sole director of Middle East Eye's parent company, M.E.E. Limited. Bassasso was a former director for the Hamas-controlled Al-Quds TV.[1,2] David Hearst denied that Bessasso was the owner of the news site but refrained from divulging the real owner.
[1] https://www.thenationalnews.com/uae/new-london-connection-to-islamists-1.648408
[2] https://www.aei.org/foreign-and-defense-policy/middle-east/qatars-other-covert-media-arm/
I am not sure if I would trust a website which does not provide any information about ownership, funding, or has a director who worked for the Hamas which is designated as a terrorist group by a lot of countries. Nobody has to agree how Israel handles the situation, but also nobody should simply believe everything that is written on the Internet. War is bad and I think most of us can't even imagine how bad and cruel war can be. Websites like MEE play a big part in creating even more hatred and suffering in this conflict through false information.
I am still missing the sub-folders feature in the application menu. I hope that someday a developer shows mercy and bring back that feature.
I just use Kritas Image Split feature. But it would be nice to download a widescreen picture and just set it as a background for all monitors. We need to wait until someone will implement that feature.
On the right side there are power lines but I am not sure if the thin cables on the left are power lines. They are very thin. Maybe phone lines or telegraph cables.
Yeah. On my phone it looks also more like water than just a wet road.
... but also I presume road building techniques have come a long way in the last 100 years.
That's what I find so fascinating about old photos. You can see how quickly technology has developed in 100 years. And the development is progressing faster and faster every year.
Python 3.13 RC2 is now available in Tumbleweed. This new version of the Python interpreter will be released in October 2024. There is a lot of changes and ne...
Python 3.13 RC2 is now available in Tumbleweed. This new version of the Python interpreter will be released in October 2024.
There is a lot of changes and new features in 3.13, but we're also bringing exiting experimental features in Tumbleweed.
Experimental JIT compiler
The default (python313
) build has the flag --enable-experimental-jit=yes-off
. This means that if you want to use this experimental JIT you can enable with an environment variable:
$ PYTHON_JIT=1 python3.13
You can find more information about the JIT compiler and how it can improve performance in PEP-744.
Free threaded CPython (no GIL)
With this new version of Python interpreter, there is an option to build without the famous Global Interpreter Lock, aka GIL. This is a really experimental feature, but why not have this on Tumbleweed? So we decided to build also this new version with a new package python313-nogil
.
This new package is an isolated interpreter, so you can install without conflicts with python313
. The package is building with the --disable-gil
option and it provides the /usr/bin/python3.13t
binary. It uses by default /usr/lib/python3.13t/site-packages
for third-party libs so, with the default configuration, it won't use any
python 3.13 module.
This means that now you can use threading.Thread
in the Python interpreter, and it will be actual threads so, at the end using threads with python3.13t
, interpreter should be a lot faster.
There's no packages for this interpreter in Tumbleweed, at this moment. So if you want to use third party libraries you should use virtualenv
and pip
for that:
$ python3.13t -m venv free-threaded-env $ source free-threaded-env/bin/activate (free-threaded-env) $ pip install requests (free-threaded-env) $ python3 Python 3.13.0rc2 experimental free-threading build (main, Sep 07 2024, 16:06:06) [GCC] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import sys; sys._is_gil_enabled() False
To me it looks a bit like a wet and worn out bitumen road after heavy rain.
Most streets built before the early 1900s in NZ were made of macadam, which was highly suitable for horse-drawn vehicles. However, with the rise of motor traffic in the 1920s, many areas had to seek more durable options for road surfacing. The most frequently used material became asphalt or bitumen, which gained widespread use starting in the 1920s.