20 Mar 2018

feedFedora People

Daniel Pocock: Can a GSoC project beat Cambridge Analytica at their own game?

A few weeks ago, I proposed a GSoC project on the topic of Firefox and Thunderbird plugins for Free Software Habits.

At first glance, this topic may seem innocent and mundane. After all, we all know what habits are, don't we? There are already plugins that help people avoid visiting Facebook too many times in one day, what difference will another one make?

Yet the success of companies like Facebook and those that prey on their users, like Cambridge Analytica (who are facing the prospect of a search warrant today), is down to habits: in other words, the things that users do over and over again without consciously thinking about it. That is exactly why this plugin is relevant.

Many students have expressed interest and I'm keen to find out if any other people may want to act as co-mentors (more information or email me).

One Facebook whistleblower recently spoke about his abhorrence of the dopamine-driven feedback loops that keep users under a spell.

The game changer

Can we use the transparency of free software to help users re-wire those feedback loops for the benefit of themselves and society at large? In other words, instead of letting their minds be hacked by Facebook and Cambridge Analytica, can we give users the power to hack themselves?

In his book The Power of Habit, Charles Duhigg lays bare the psychology and neuroscience behind habits. While reading the book, I frequently came across concepts that appeared immediately relevant to the habits of software engineers and also the field of computer security, even though neither of these topics is discussed in the book.

where is my cookie?

Most significantly, Duhigg finishes with an appendix on how to identify and re-wire your habits and he has made it available online. In other words, a quickstart guide to hack yourself: could Duhigg's formula help the proposed plugin succeed where others have failed?

If you could change one habit, you could change your life

The book starts with examples of people who changed a single habit and completely reinvented themselves. For example, an overweight alcoholic and smoker who became a super-fit marathon runner. In each case, they show how the person changed a single keystone habit and everything else fell into place. Wouldn't you like to have that power in your own life?

Wouldn't it be even better to share that opportunity with your friends and family?

One of the challenges we face in developing and promoting free software is that every day, with every new cloud service, the average person in the street, including our friends, families and co-workers, is ingesting habits carefully engineered for the benefit of somebody else. Do you feel that asking your friends and co-workers not to engage you in these services has become a game of whack-a-mole?

Providing a simple and concise solution, such as a plugin, can help people to find their keystone habits and then help them change them without stress or criticism. Many people want to do the right thing: if it can be made easier for them, with the right messages, at the right time, delivered in a positive manner, people feel good about taking back control. For example, if somebody has spent 15 minutes creating a Doodle poll and sending the link to 50 people, is there any easy way to communicate your concerns about Doodle? If a plugin could highlight an alternative before they invest their time in Doodle, won't they feel better?

If you would like to provide feedback or even help this project go ahead, you can subscribe here and post feedback to the thread or just email me.

cat plays whack-a-mole

20 Mar 2018 12:15pm GMT

Peter Czanik: syslog-ng at SCALE 2018

It is the fourth year that syslog-ng has participated at Southern California Linux Expo or, as better known to many, SCALE ‒ the largest Linux event in the USA. In many ways, it is similar to FOSDEM in Europe, however, SCALE also focuses on users and administrators, not just developers. It was a pretty busy four days for me.

The conference

The weather in always sunny California was far from perfect this time but I didn't mind. I spent all my time at the conference and I loved every minute of it. The Expo was great - as always - with most of my favorite open source projects collected in a single location. I bought a nice "Release is coming" t-shirt at the openSUSE booth, many stickers at Fedora, and the Containers coloring book at Red Hat. And of course also some FreeBSD goodies. Next to ARM and x86 hardware, this year a POWER9 machine from Raptor Engineering was also on display.

I had to make some tough choices when it came to visiting talks as there were many interesting tracks: community, embedded, monitoring (including logging), security, and others. I do not want to list all the talks I visited (check my twitter feed if you are interested), so I just pick one: Marketing your open source product by Deirdre Straughan. Being part of the documentation team at Balabit, I was very happy to hear her emphasis on the key importance of good documentation. 🙂

Logging Docker using syslog-ng

As the syslog-ng image on the Docker Hub reached almost two million pulls recently, the topic of my talk this year was Logging Docker using syslog-ng. As usual, I started my talk with an overview of logging and syslog-ng functionality, followed by a quick introduction to the syslog-ng configuration language.

When I arrived at containers, I went from easy to progressively more difficult topics. Migrating your central log server into a container is really easy, even if you only know the basics of containerization. Collecting logs from the host machine when syslog-ng is running in a container needs a bit more preparations though: you need to map a few extra directories from the host system and use extra formatting or a NoSQL database if you do not want to lose important information. And reading log messages from other containers needs even more prior design. Best of all: all the previously listed methods can be freely combined, so possibilities are practically endless.

Before finishing my talk, I showed a few interesting uses of syslog-ng:

I measure the success of my talks not by the number of listeners, rather by the number of questions. The SCALE audience is always fantastic from this point of view: I was answering questions for about forty minutes after my presentation.

I briefly discussed Atomic Host - a specialized container host - during my talk without knowing that the track was organized by the Red Hat container team. I learned about it only after my session was over, when I received one of my favorite speakers gift: a box of sweets (or rather sours :-)).

Further reading

My talk was recorded and hopefully will be posted in the coming weeks. If you want to read more in-depth information about containers, there is a white paper on this topic, created from my related blog posts. You can access it on the Balabit website (note: it requires registration): https://pages.balabit.com/logging-in-docker-using-syslog-ng.html

The post syslog-ng at SCALE 2018 appeared first on syslog-ng Blog.

20 Mar 2018 10:10am GMT

Richard W.M. Jones: Part 2: LWN article on Fedora/RISC-V


Part 1 was here: https://lwn.net/Articles/749185/

<script type="text/javascript"> __ATA.cmd.push(function() { __ATA.initSlot('atatags-26942-5ab0dd6454ff0', { collapseEmpty: 'before', sectionId: '26942', width: 300, height: 250 }); }); </script>
<script type="text/javascript"> __ATA.cmd.push(function() { __ATA.initSlot('atatags-114160-5ab0dd6455027', { collapseEmpty: 'before', sectionId: '114160', width: 300, height: 250 }); }); </script>
<script type="text/javascript"> (function(){var c=function(){var a=document.getElementById("crt-1001001624");window.Criteo?(a.parentNode.style.setProperty("display","inline-block","important"),a.style.setProperty("display","block","important"),window.Criteo.DisplayAcceptableAdIfAdblocked({zoneid:388248,containerid:"crt-1001001624",collapseContainerIfNotAdblocked:!0,callifnotadblocked:function(){a.style.setProperty("display","none","important");a.style.setProperty("visbility","hidden","important")}})):(a.style.setProperty("display","none","important"),a.style.setProperty("visibility","hidden","important"))};if(window.Criteo)c();else{if(!__ATA.criteo.script){var b=document.createElement("script");b.src="//static.criteo.net/js/ld/publishertag.js";b.onload=function(){for(var a=0;a<__ATA.criteo.cmd.length;a++){var b=__ATA.criteo.cmd[a];"function"===typeof b&&b()}};(document.head||document.getElementsByTagName("head")[0]).appendChild(b);__ATA.criteo.script=b}__ATA.criteo.cmd.push(c)}})(); </script> <script type="text/javascript"> (function(){var c=function(){var a=document.getElementById("crt-1619662558");window.Criteo?(a.parentNode.style.setProperty("display","inline-block","important"),a.style.setProperty("display","block","important"),window.Criteo.DisplayAcceptableAdIfAdblocked({zoneid:837497,containerid:"crt-1619662558",collapseContainerIfNotAdblocked:!0,callifnotadblocked:function(){a.style.setProperty("display","none","important");a.style.setProperty("visbility","hidden","important")}})):(a.style.setProperty("display","none","important"),a.style.setProperty("visibility","hidden","important"))};if(window.Criteo)c();else{if(!__ATA.criteo.script){var b=document.createElement("script");b.src="//static.criteo.net/js/ld/publishertag.js";b.onload=function(){for(var a=0;a<__ATA.criteo.cmd.length;a++){var b=__ATA.criteo.cmd[a];"function"===typeof b&&b()}};(document.head||document.getElementsByTagName("head")[0]).appendChild(b);__ATA.criteo.script=b}__ATA.criteo.cmd.push(c)}})(); </script>

20 Mar 2018 10:07am GMT

Fedora Magazine: GNOME 3.28 released & coming to Fedora 28

Last week, The GNOME project announced the release of GNOME 3.28. This major release of the GNOME desktop is the default desktop environment in the upcoming release of Fedora 28 Workstation. 3.28 includes a wide range of enhancements, including updates to Files (nautilus), Contacts, Calendar, Clocks and the on-screen keyboard. Additionally, the new application Usage is added to "make it easy to diagnose and resolve performance and capacity issues"

The new Usage application in GNOME 3.28

The new Usage application in GNOME 3.28

Application Updates in GNOME 3.28

GNOME 3.28 provides updated versions of many of the GNOME default applications. The ability to "star" items is added to both the Files and the Contacts applications. This allows the user to star an item - be it a file, folder, or a contact - for quick access later. Calendar now provides a neater month view, and weather updates displayed alongside your appointments.

screenshot of the updated Calendar application in GNOME 3.28 with weather forecasts built in

Updated Calendar application in GNOME 3.28 with weather forecasts built in

Updates to Cantarell

Cantarell is the default interface font in both GNOME and Fedora Workstation. In this updated version of GNOME, Cantarell is refreshed, with updated glyph shapes and spacing. Additionally, there are two new weights: light and extra bold.

Specimen of the new Cantarell in GNOME 3.26

Specimen of the new Cantarell in GNOME 3.26

Read more about this release

There are many more changes and enhancements in this major version of GNOME. Check out the release announcement and the release notes from the GNOME Project for more information. Also, check out this awesome rundown of the best new GNOME 3.28 features from OMGUbuntu.

Screenshots in this post are from the GNOME 3.28 Release Notes

20 Mar 2018 2:21am GMT

Stephen Smoogen: Explaining disk speeds with straws

One of the most common user complaints in an Enterprise systems is 'why can't I have more disk space?' The idea is that they look at the costs of disks on Amazon or New Egg and see that they could get an 8 TB hard disk for $260.00 but the storage administrator says it will cost $26,000.00 for the same amount.

Years ago, I once even had someone buy me a disk and have it delivered to my desk to 'fix' the storage problem. They thought they were being funny so I thanked them for the paper weight. I then handed it back to them and then tried to explain to them why 1 drive was not going to help... I found that the developers eyes glistened over as I talked about RPM speeds of drives, cache sizes, amount of commands a ATA read/write use versus SCSI, etc. All of them are important but not terms useful for a person who just wants to never delete an email.

The best analogy I have is that you have a couple of 2 litre bottles of Coca Cola (fill in Pepsi, Fanta or Mr Pibb as needed) and a cocktail straw. You can only fill one Coke bottle with that straw. Sure the bottle is big enough but it takes a long time to move the soda from one to the other. That is what 1 SATA disk drive is like.

The next step is to add more disks and make a RAID array. Now you can get a bunch of empty coke bottles and empty out that one array through the multiple cocktail straws. Things are moving faster but it still takes a long time and you really can't use each of the large bottles as much as you like because emptying them out will be pretty slow via the cocktail straw.

The next sized solution is regular drinking straws with cans. The straws are bigger, but the cans are smaller.. you can fill the cans up or empty them without as much time waiting for a queue. However you need a lot more of them to equal the original bottle you are emptying. This is the SAS solution where the disks are smaller, faster, and much better throughput because of that. It is a tradeoff in that 15k drives use older technologies so store less data. They also have larger caches and smarter os's on the drive to make the straw bigger.

Finally there are the newest solution which would be the garden hose connected to a balloon to a coffee cup. This is the SAS SSD solution. The garden hose allows for a large amount of data to go up and down the pipe, the balloon is how much you can cache in case you are too fast somewhere in writes or reads. The coffee cup is because it is expensive and there isn't a lot of space. You need a LOT of coffee cups compared to soda cans or 2 litre bottles.

Most enterprise storage is some mixture of all of these to match the use case need.

And now to break the analogy completely.

Software defined storage would be where you are using the cocktail straws with coke bottles but you have spread them around the building. Each time coke gets put on one, a hose spreads that coke around so each block of systems is equivalent. In this case the costs per system have gone down, but there needs to be a larger investment in the networking technology tying the servers together. [A 1 gbit backbone network is like a cocktail straw between systems, A 10 gbit backbone is like a regular straw and the 40G/100G are the hoses.]

Now my question is .. has anyone done this in real life? It seems crazy enough that someone has done a video.. but my google-fu is not working tonight.

20 Mar 2018 12:25am GMT

19 Mar 2018

feedFedora People

nmilosev: Fedora 27 Release Party Novi Sad


Once again, we had an awesome Fedora Release Party at Univeristy of Novi Sad! :)

Thanks everyone for coming, I hope it was informative and useful for you. I would also like to thank the speakers, Doni, Igor and Marko for sharing their experience with us.

The image gallery can be found here (still updating): https://nmilosev.github.io/f27rpns-gallery/

And the talks are here (still updating also): https://github.com/nmilosev/f27rpns-gallery

Fedora 28 is just around the corner, so see you all soon! :)

19 Mar 2018 11:33am GMT

Dan Walsh: SELinux should and does BLOCK access to Docker socket

I get lots of bugs from people complaining about SELinux blocking access to the Docker socket. For example https://bugzilla.redhat.com/show_bug.cgi?id=1557893

The aggravating thing is, this is exactly what we want SELinux to prevent. If a container process got to the point of talking to the /var/run/docker.sock, you know this is a serious security issue. Giving a container access to the Docker socket, means you are giving it full root on your system.

A couple of years ago, I wrote why giving docker.sock to non privileged users is a bad idea.

Now I am getting bug reports about allowing containers access to this socket.

Access to the docker.sock is the equivalent of sudo with NOPASSWD, without any logging. You are giving the process that talks to the socket, the ability to launch a process on the system as full root.

Usually people are doing this because they want the container to do benign operations, like list which containers are on the system, or look a the container logs. But Docker does not have a nice RBAC system, you basically get full access or no access. I choose to default to NO ACCESS.

If you need to give container full access to the system then run it as a --privileged container or disable SELinux separation for the container.

podman run --privileged ...
docker run --privileged ...

podman run --security-opt label:disable ...
docker run --security-opt label:disable ...

Run it privileged

There is a discussion going on in Moby github, about breaking out more security options, specifically adding a flag to container runtimes, to allow users to specify whether they want kernel file systems in the container to be readonly. (/proc, /sys,...)

I am fine with doing this, but my concern with this is people want to make little changes to the security of their containers, but at a certain point you allow full breakout. Like above where you allow a container to talk to the docker.sock.

Security tools are being developed to search for things like containers running as --privileged, but they might not understand that --security-opt selinux:disable -v /run:/run is the SAME THING from a security point of view. If it is simple to break out of container confinement, then we should just be honest and run the container with full privilege. (--privileged).

19 Mar 2018 10:19am GMT

Fedora Magazine: Update on the Meltdown & Spectre vulnerabilities

January saw the annoucement of a series of critical vulnerabilities called Spectre and Meltdown. The nature of these issues meant the solutions were complex and required fixing delicate code. The initial fix for Meltdown on x86 was KPTI, which was available almost immediately. Developing mitigations for Spectre was more complex. Other architectures had to look at their vulnerability status as well, and get mitigation in where it was needed. As a bit of time has passed, what is the exposure on Fedora now?

Meltdown and Spectre mitigation coverage

The mitigation coverage for Spectre and Meltdown is in a pretty good state. For the x86 architecture, KPTI mitigates the Meltdown vulnerability (CVE-2017-5754), and the retpoline fixes mitigate Spectre variant 2 (CVE-2017-5715). Spectre variant 1 (CVE-2017-5753) required patching specific vulnerable code bits, and known problem areas have been mitigated upstream as well. Additionally ARM coverage landed in the 4.15.4 kernel updates for Fedora. Power architectures have initial coverage in Fedora kernel version 4.14.15.

All of this coverage is still being fine tuned. Initial rounds of mitigation development aimed to plug the holes as quickly as possible so that users were not exposed. Once that happened, developers could pay more attention to fine tuning the mitigation for performance.

With mitigation where it currently stands, the Fedora Kernel Team has closed the tracking bugs for these CVEs. It is still important that you keep your kernels updated as initial mitigation is fine tuned. Optimizations to the initial mitigation are still rolling in, and probably will for the foreseeable future. As many of these mitigations are dependent on CPU microcode updates, it is a very good idea to keep firmware updated where possible.

19 Mar 2018 8:00am GMT

Fedora Community Blog: Fedora Diversity: 2017 Year in Review

2017 was a milestone year for Fedora Diversity and Inclusion Team. We experienced structural changes, established new directions and mapped our goals to a long-term plan improving diversity outreach in the Fedora community. The past year included a lot of 'figuring things out' - including our engagement within the Fedora community but also beyond. We have come out wiser, driven and more committed to our goal then ever. Read on to know more about our past and current efforts to foster diversity and inclusion in Fedora community.

Diversity drives Fedora

We talked to Fedora community members to know more about what they love about the Fedora Project, the community, and their motivations to contribute. We received wonderful answers and got to know our community better. Here is the link to the first edition of our Fedora community video.

<iframe allowfullscreen="true" class="youtube-player" height="461" src="https://www.youtube.com/embed/Ig0gnM9jsm0?version=3&amp;rel=1&amp;fs=1&amp;autohide=2&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" style="border:0;" type="text/html" width="766"></iframe>

Together with Fedora Ambassadors, we showcased these videos at Fedora booths during events and conferences, with an aim to engage a diverse audience. We are especially proud that we could showcase the first video during FLISoL, the biggest event for Free Software in Latin America (and with Spanish subtitles, thanks x3mboy!).

Let us know your feedback through mailing list or IRC.

P.S. - How many new community members did you get to know through the videos?

Commitment to Diversity and Inclusion

Fedora Women Day

For the first time, we organized Fedora Women Day on a global scale. Over the month of September, community members supported by the Diversity Team organized Fedora Women Days in 10 different cities spread over three continents. Locations include Guwahati, Pune, Bangalore, Tirana, Prishtina, Managua, Cusco, Lima and Brno. We had approximately 200 attendees (~40 speakers) with sessions about…

A huge thanks to everyone who helped in organizing Fedora Women Day. Hopefully in 2018, we can have some Fedora Women Day celebrations in North America too. Read more about Fedora Women Day celebrations below.

10 Fedora Women Days across the world

<iframe class="wp-embedded-content" data-secret="NZTIau6UQh" frameborder="0" height="338" marginheight="0" marginwidth="0" sandbox="allow-scripts" scrolling="no" security="restricted" src="https://communityblog.fedoraproject.org/fedora-women-days-2017/embed/#?secret=NZTIau6UQh" title=""10 Fedora Women Days across the world" - Fedora Community Blog" width="600"></iframe>

Do you want to organize a Fedora Women Day celebration in your local community? Send us an email via our mailing list or ping us on IRC.

LGBTQA Awareness Day

We also organized an open community call on LGBTQA Awareness Day to celebrate the LGBT+ community in Fedora, as well as recognize and discuss the unique challenges they face. Read more about the community call below:

Event Report - May 17, LGBTQA Awareness Day

<iframe class="wp-embedded-content" data-secret="wMJLsfcLeV" frameborder="0" height="338" marginheight="0" marginwidth="0" sandbox="allow-scripts" scrolling="no" security="restricted" src="https://communityblog.fedoraproject.org/event-report-may-17-lgbtqa-awareness-day/embed/#?secret=wMJLsfcLeV" title=""Event Report - May 17, LGBTQA Awareness Day" - Fedora Community Blog" width="600"></iframe>

Outreachy internship program

We had four Outreachy interns over the past year working on development for Bodhi, Fedora Hubs, Design, and more. Read more about what our current Outreachy interns are working on below.

Outreachy 2017: Meet the interns!

<iframe class="wp-embedded-content" data-secret="7Ggu8C7NiF" frameborder="0" height="338" marginheight="0" marginwidth="0" sandbox="allow-scripts" scrolling="no" security="restricted" src="https://communityblog.fedoraproject.org/outreachy-2017-meet-interns/embed/#?secret=7Ggu8C7NiF" title=""Outreachy 2017: Meet the interns!" - Fedora Community Blog" width="600"></iframe>

As always, we are committed to supporting programs like Outreachy that bring people from underrepresented groups into FOSS development. Towards this direction, Fedora Diversity Team sponsored Rails Girls Summer of Code for the first time in their upcoming 2018 cycle.

Planning and strategy

The first-ever Diversity FAD took place in early 2017 and was a great opportunity for the Diversity Team to spend time looking at how we can build more inclusive environments for Fedora contributors. We also tackled other issues like understanding who makes up the Fedora community. Our team used this valuable time to work on these issues more personally and intently than IRC or mailing lists provide. Read more about it in our FAD report below.

Mission to understand: Fedora Diversity FAD 2017

<iframe class="wp-embedded-content" data-secret="NfxTvPYAfn" frameborder="0" height="338" marginheight="0" marginwidth="0" sandbox="allow-scripts" scrolling="no" security="restricted" src="https://communityblog.fedoraproject.org/fedora-diversity-fad-2017/embed/#?secret=NfxTvPYAfn" title=""Mission to understand: Fedora Diversity FAD 2017" - Fedora Community Blog" width="600"></iframe>

Hopefully, the community will be able to see the results of our FAD soon, such as the demographic survey.

Looking forward to 2018

Drawing from our experiences in 2017, we better understand how to reach our goal of a diverse and inclusive Fedora community. Here are some D&I initiatives you can expect to see in 2018:

Our Pagure repository contains an updated list of tasks we are currently working on.

Want to get involved?

Group photo from the Fedora Diversity work session at Flock 2017

Group photo from the Fedora Diversity work session at Flock 2017

Want to get involved? We are always looking to involve more community members in our Diversity and Inclusion efforts. Say hello on our mailing list or IRC channel, #fedora-diversity.

Don't have much time but still want to help?

Give us feedback about the community videos or any of our other initiatives. We would love to hear from you.

Special thanks

We want to thank Brian Exelbierd (bex), our F-CAIC, for all the support and helpful advice throughout the year. Also, Marina Zhurakhinskaya and Laura Abbott, Outreachy coordinators for Fedora who manage the whole Outreachy internship process smoothly. Also, all the community members who helped in organizing Fedora Women Day - we know it's never easy to organize a event but thanks for being a part of this celebration. Last but not least to the team, we have done so much but still we have so many things to do!

The post Fedora Diversity: 2017 Year in Review appeared first on Fedora Community Blog.

19 Mar 2018 8:00am GMT

Fedora Magazine: Critical Firefox vulnerability fixed in 59.0.1

On Friday, Mozilla issued a security advisory for Firefox, the default web browser in Fedora. This advisory centered around two CVEs - both of which allowed an out of bounds memory write while processing Vorbis audio data, leading to arbitrary code execution. CVE-2018-5146 is against the bundled library libvorbis that Firefox ships to process Vorbis audio on most architectures. CVE-2018-5147 is against libtremor, which firefox bundles for the same task on ARM architectures.

At the same time as the security advisory was issued, Mozilla released Firefox 59.0.1 that fixes these issues.

Updating Firefox in Fedora

At the time of writing, Firefox 59.0.1 (with the security fixes) is heading through the update process in Fedora, and will be in the stable repositories soon. When it reaches the stable repositories, the fixes will be applied during your next system update.

However, you want to update Firefox now, install the firefox-59.0.1-1 package from the updates-testing repository with the following command:

sudo dnf --enablerepo updates-testing update firefox

19 Mar 2018 2:34am GMT

18 Mar 2018

feedFedora People

Open Source Security Podcast: Episode 88 - Chat with Chris Rosen from IBM about Container Security

Josh and Kurt talk about container security with IBM's Chris Rosen.
<iframe allowfullscreen="" height="90" mozallowfullscreen="" msallowfullscreen="" oallowfullscreen="" scrolling="no" src="https://html5-player.libsyn.com/embed/episode/id/6378524/height/90/theme/custom/autoplay/no/autonext/no/thumbnail/yes/preload/no/no_addthis/no/direction/backward/render-playlist/no/custom-color/6e6a6a/" style="border: none;" webkitallowfullscreen="" width="100%"></iframe>

Show Notes

Join our Facebook Group
Comment on Twitter with the #osspodcast hashtag

18 Mar 2018 8:34pm GMT

Richard W.M. Jones: Playing with PicoRV32 on the iCE40-HX8K FPGA Breakout Board (part 2)

It works!

Press ENTER to continue..
Press ENTER to continue..

  ____  _          ____         ____
 |  _ \(_) ___ ___/ ___|  ___  / ___|
 | |_) | |/ __/ _ \___ \ / _ \| |
 |  __/| | (_| (_) |__) | (_) | |___
 |_|   |_|\___\___/____/ \___/ \____|

SPI State:
Select an action:

   [1] Read SPI Flash ID
   [2] Read SPI Config Regs
   [3] Switch to default mode
   [4] Switch to Dual I/O mode
   [5] Switch to Quad I/O mode
   [6] Switch to Quad DDR mode
   [7] Toggle continuous read mode
   [9] Run simplistic benchmark
   [0] Benchmark all configs

Command> 9
Cycles: 0x00f3d36d
Instns: 0x0003df2d
Chksum: 0x5b8eb866

In the first part I got my reverse-engineered Lattice iCE40-HX8K FPGA using the completely free Project IceStorm toolchain working. I wrote a simple Verilog demo which flashed the LEDs.

Today I played with Clifford Wolf's PicoRV32 core. What he's written is actually a lot more sophisticated than I initially realized. There's a simple memory mapped serial port, a memory mapped SPI bus, & a bit of interactive firmware so you can test it out (see above).

Rather than using Clifford's build scripts (which compile the riscv32 cross-compiler and run sudo at various points) I wrote a Makefile to build and program the FPGA on Fedora.

And it works (see above)! Now what we need is a simple 32 bit operating system that could run on it. swapforth seems to be one but as far as I can tell it hasn't been ported to RV32. Maybe I could port Jonesforth …

<script type="text/javascript"> __ATA.cmd.push(function() { __ATA.initSlot('atatags-26942-5ab0dd6457042', { collapseEmpty: 'before', sectionId: '26942', width: 300, height: 250 }); }); </script>
<script type="text/javascript"> __ATA.cmd.push(function() { __ATA.initSlot('atatags-114160-5ab0dd645707a', { collapseEmpty: 'before', sectionId: '114160', width: 300, height: 250 }); }); </script>
<script type="text/javascript"> (function(){var c=function(){var a=document.getElementById("crt-852003910");window.Criteo?(a.parentNode.style.setProperty("display","inline-block","important"),a.style.setProperty("display","block","important"),window.Criteo.DisplayAcceptableAdIfAdblocked({zoneid:388248,containerid:"crt-852003910",collapseContainerIfNotAdblocked:!0,callifnotadblocked:function(){a.style.setProperty("display","none","important");a.style.setProperty("visbility","hidden","important")}})):(a.style.setProperty("display","none","important"),a.style.setProperty("visibility","hidden","important"))};if(window.Criteo)c();else{if(!__ATA.criteo.script){var b=document.createElement("script");b.src="//static.criteo.net/js/ld/publishertag.js";b.onload=function(){for(var a=0;a<__ATA.criteo.cmd.length;a++){var b=__ATA.criteo.cmd[a];"function"===typeof b&&b()}};(document.head||document.getElementsByTagName("head")[0]).appendChild(b);__ATA.criteo.script=b}__ATA.criteo.cmd.push(c)}})(); </script> <script type="text/javascript"> (function(){var c=function(){var a=document.getElementById("crt-2062297235");window.Criteo?(a.parentNode.style.setProperty("display","inline-block","important"),a.style.setProperty("display","block","important"),window.Criteo.DisplayAcceptableAdIfAdblocked({zoneid:837497,containerid:"crt-2062297235",collapseContainerIfNotAdblocked:!0,callifnotadblocked:function(){a.style.setProperty("display","none","important");a.style.setProperty("visbility","hidden","important")}})):(a.style.setProperty("display","none","important"),a.style.setProperty("visibility","hidden","important"))};if(window.Criteo)c();else{if(!__ATA.criteo.script){var b=document.createElement("script");b.src="//static.criteo.net/js/ld/publishertag.js";b.onload=function(){for(var a=0;a<__ATA.criteo.cmd.length;a++){var b=__ATA.criteo.cmd[a];"function"===typeof b&&b()}};(document.head||document.getElementsByTagName("head")[0]).appendChild(b);__ATA.criteo.script=b}__ATA.criteo.cmd.push(c)}})(); </script>

18 Mar 2018 5:29pm GMT

Fedora Community Blog: Deprecate TCP wrappers Test Day 2018-03-22

Thursday, 2018-03-22, is Deprecate TCP wrappers Test Day! This insallment of Test Day will focus on testing an important change set.

Why test?

Removing this package from Fedora will remove a package from default and minimal installations (removing dependency of daemons such as SSHD). It also makes the configuration straight-forward for new users (no shared files defining access rules, poorly reporting any errors to users).

Removing the dependency from all packages and retiring the package in single release will minimize users confusion and avoids opening sensitive services after the update.

We hope to see whether it's working well enough and catch any remaining issues.

We need your help!

All the instructions are on the wiki page, so please read through and come help us test! As always, the event will be in on #fedora-test-day Freenode IRC.

Share this!

Help promote the Test Day and share the article in your own circles! Use any of the buttons below to help spread the word.

The post Deprecate TCP wrappers Test Day 2018-03-22 appeared first on Fedora Community Blog.

18 Mar 2018 10:01am GMT

Patrick Griffis: Flatpaking application plugins

Sometimes you simply do not want to bundle everything in a single package such as optional plugins with large dependencies or third party plugins that are not supported. In this post I'll show you how to handle this with Flatpak using HexChat as an example.

Flatpak has a feature called extensions that allows a package to be mounted within another package. This is used in a variety of ways but it can be used by any application as a way to insert any optional bits. So lets see how to define one (details omitted for brevity):

  "app-id": "io.github.Hexchat",
  "add-extensions": {
    "io.github.Hexchat.Plugin": {
      "version": "2",
      "directory": "extensions",
      "add-ld-path": "lib",
      "merge-dirs": "lib/hexchat/plugins",
      "subdirectories": true,
      "no-autodownload": true,
      "autodelete": true
  "modules": [
      "name": "hexchat",
      "post-install": [
       "install -d /app/extensions"

The exact details of these are best documented in the Extension section of man flatpak-metadata but I'll go over the ones used here:

So now that we defined an extension point lets make an extension:

  "id": "io.github.Hexchat.Plugin.Perl",
  "branch": "2",
  "runtime": "io.github.Hexchat",
  "runtime-version": "stable",
  "sdk": "org.gnome.Sdk//3.26",
  "build-extension": true,
  "separate-locales": false,
  "appstream-compose": false,
  "build-options": {
    "prefix": "/app/extensions/Perl",
    "env": {
      "PATH": "/app/extensions/Perl/bin:/app/bin:/usr/bin"
  "modules": [
      "name": "perl"
      "name": "hexchat-perl",
      "post-install": [
        "install -Dm644 plugins/perl/perl.so ${FLATPAK_DEST}/lib/hexchat/plugins/perl.so",
        "install -Dm644 --target-directory=${FLATPAK_DEST}/share/metainfo data/misc/io.github.Hexchat.Plugin.Perl.metainfo.xml",
        "appstream-compose --basename=io.github.Hexchat.Plugin.Perl --prefix=${FLATPAK_DEST} --origin=flatpak io.github.Hexchat.Plugin.Perl"

So again going over some key points quickly: id has the correct prefix, branch refers to the extension version, build-extension should be obvious, runtime is what defines the extension-point. Some less obvious things to make note of is that your extensions prefix will not be in $PATH or $PKG_CONFIG_PATH by default so you may need to set them (see build-options in man flatpak-manifest). $FLATPAK_DEST is also defined as your extensions prefix though not everything expands variables.

While not required you also should install appstream metainfo for easy discover-ability. For example:

<?xml version="1.0" encoding="UTF-8"?>
<component type="addon">
  <name>Perl Plugin</name>
  <summary>Provides a scripting interface in Perl</summary>
  <url type="homepage">https://hexchat.github.io/</url>

Which will be shown in GNOME-Software:


18 Mar 2018 4:00am GMT

17 Mar 2018

feedFedora People

mythcat: Fedora 27 : Testing the new Django web framework .

Today I tested the Django web framework version 2.0.3 with python 3 on my Fedora 27 distro.
The main reason is to see if the Django and Fedora working well.
I used the pip to install and activate the virtual environment for python. First you need to create your project into your folder. I make one folder named django_001.

$ mkdir django_001
$ cd django_001

The next step is to create and activate the virtual environment for python language and your project.

$ python3 -m venv django_001_venv
$ source django_001_venv/bin/activate

Into this virtual environment named django_001_venv you will install django web framework.

pip install django

If you have problems with update pip then update this tool. Now start the django project named django_test.

$ django-admin startproject django_test
$ cd django_test
$ python3 manage.py runserver

Open the url with your web browser.
The result is this:

If you try to use the admin web with password and user you will see errors.
One of the most common problem for django come from settings, let's see some file from the project:

The next step is to create first django application.

$ python manage.py startapp django_blog

This make a folder named django_blog into the main django_test folder. Into the main django_test folder you have another django_test folder with settings.py file. Add into settings.py file the django_blog application.


Let's fix some issues about admin and the django_blog application.
Into the main django_test folder with manage.py file use this:

$ python3 manage.py migrate
$ python3 manage.py createsuperuser

This fix the django framework and let you to add your superuser using the admin page, see:

The next issue is: create the website ( see the django_blog folder) using the Django web framework.
I don't have a issue for this django_blog but you can follow this tutorial link.

17 Mar 2018 9:34pm GMT

Richard W.M. Jones: Playing with PicoRV32 on the iCE40-HX8K FPGA Breakout Board (part 1)

It's now possible to get a very small 32 bit RISC-V processor onto the reverse-engineered Lattice iCE40-HX8K FPGA using the completely free Project IceStorm toolchain. That's what I'll be looking at in this series of two articles.

I bought my development board from DigiKey for a very reasonable £41.81 (including tax and next day delivery). It comes with everything you need. This FPGA is very low-end [datasheet (PDF)], containing just 7680 LUTs, but it does have 128 kbits of static RAM, and the board has an oscillator+PLL that can generate 2-12 MHz, a few LEDs and a bunch of GPIO pins. The board is programmed over USB with the supplied cable. The important thing is the bitstream format and the probable chip layout have been reverse-engineered by Clifford Wolf and others. All the software to drive this board is available in Fedora:

dnf install icestorm arachne-pnr yosys emacs-verilog-mode

My first job was to write the equivalent of a "hello, world" program - flash the 8 LEDs in sequence. This is a good test because it makes sure that I've got all the tools installed and working and the Verilog program is not too complicated.

// -*- verilog -*-
// Flash the LEDs in sequence on the Lattice iCE40-HX8K.

module flash (input clk, output reg [7:0] leds);
   // Counter which counts upwards continually (wrapping around).
   // We don't bother to initialize it because the initial value
   // doesn't matter.
   reg [18:0] counter;
   // This register counts from 0-7, incrementing when the
   // counter is 0.  The output is wired to the LEDs.
   reg [2:0] led_select;

   always @(posedge clk) begin
      counter <= counter + 1;

      if (counter[18:0] == 0) begin
         led_select <= led_select + 1;

   // Finally wire each LED so it signals the value of the led_select
   // register.
   genvar i;
   for (i = 0; i < 8; i=i+1) begin
      assign leds[i] = i == led_select;      
endmodule // flash

<iframe allowfullscreen="true" class="youtube-player" height="312" src="https://www.youtube.com/embed/Q5pDgXuywHg?version=3&amp;rel=1&amp;fs=1&amp;autohide=2&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" style="border:0;" type="text/html" width="500"></iframe>

It looks like the base clock frequency is 2 MHz.

The fully working example is in this repo: https://github.com/rwmjones/icestorm-flash-leds

In part 2 I'll try to get PicoRV32 on this board.

<script type="text/javascript"> __ATA.cmd.push(function() { __ATA.initSlot('atatags-26942-5ab0dd64594ca', { collapseEmpty: 'before', sectionId: '26942', width: 300, height: 250 }); }); </script>
<script type="text/javascript"> __ATA.cmd.push(function() { __ATA.initSlot('atatags-114160-5ab0dd6459501', { collapseEmpty: 'before', sectionId: '114160', width: 300, height: 250 }); }); </script>
<script type="text/javascript"> (function(){var c=function(){var a=document.getElementById("crt-1329251103");window.Criteo?(a.parentNode.style.setProperty("display","inline-block","important"),a.style.setProperty("display","block","important"),window.Criteo.DisplayAcceptableAdIfAdblocked({zoneid:388248,containerid:"crt-1329251103",collapseContainerIfNotAdblocked:!0,callifnotadblocked:function(){a.style.setProperty("display","none","important");a.style.setProperty("visbility","hidden","important")}})):(a.style.setProperty("display","none","important"),a.style.setProperty("visibility","hidden","important"))};if(window.Criteo)c();else{if(!__ATA.criteo.script){var b=document.createElement("script");b.src="//static.criteo.net/js/ld/publishertag.js";b.onload=function(){for(var a=0;a<__ATA.criteo.cmd.length;a++){var b=__ATA.criteo.cmd[a];"function"===typeof b&&b()}};(document.head||document.getElementsByTagName("head")[0]).appendChild(b);__ATA.criteo.script=b}__ATA.criteo.cmd.push(c)}})(); </script> <script type="text/javascript"> (function(){var c=function(){var a=document.getElementById("crt-1523188581");window.Criteo?(a.parentNode.style.setProperty("display","inline-block","important"),a.style.setProperty("display","block","important"),window.Criteo.DisplayAcceptableAdIfAdblocked({zoneid:837497,containerid:"crt-1523188581",collapseContainerIfNotAdblocked:!0,callifnotadblocked:function(){a.style.setProperty("display","none","important");a.style.setProperty("visbility","hidden","important")}})):(a.style.setProperty("display","none","important"),a.style.setProperty("visibility","hidden","important"))};if(window.Criteo)c();else{if(!__ATA.criteo.script){var b=document.createElement("script");b.src="//static.criteo.net/js/ld/publishertag.js";b.onload=function(){for(var a=0;a<__ATA.criteo.cmd.length;a++){var b=__ATA.criteo.cmd[a];"function"===typeof b&&b()}};(document.head||document.getElementsByTagName("head")[0]).appendChild(b);__ATA.criteo.script=b}__ATA.criteo.cmd.push(c)}})(); </script>

17 Mar 2018 11:23am GMT