AMA: openSUSE dev for 15 years

Also on Reddit - Dive into anything

Ask me Anything

3 Likes

Any suggestion for people who want to start on the development side?

Here are some previous answers. If these are not enough, you could ask for something more specific. Reddit - Dive into anything
Reddit - Dive into anything
Reddit - Dive into anything

1 Like

I missed the AMA, but itā€™s cool to know you were instrumental in the development of openQA. I have a lot on my plate for the foreseeable future, but once I have more time I would like to contribute to openQA recipes for Slowroll :heart_eyes_cat:

@bmwiedemann Thank you for the work you are doing with Slowroll. I continue to enjoy using it and last night, additionally installed it to a USB thumb drive (with Xfce desktop). It runs well off the thumb drive. :+1:

1: What is your preferred desktop environment?
2: Why did you choose to get into openSUSE rather than another distro?
3: What did you do before working with SUSE?
4: What OS is your daily driver?

I appreciate the fine work there.

Question: what are the ā€œfreak out or emergencyā€ events that stick out to you? Tell us about the time(s) some update went awry and everyone went into triage mode to fix and how it impacted your life. Comes to mind making a breaking update, or even the xz emergency. That kinda thing. Iā€™m always curious about those software developer equivalent situations to the hardware guys ā€œSo I was leaving the office and suddenly hear a bunch of alarms in the server rack, and two days later I went homeā€¦ā€

  1. On all my desktops I use icewm with 9 virtual desktops reachable through win+1 to win+9 key (or the green chameleon key on my cherry MX keyboard)
  2. I started with SuSE 6.1 in 1999 when some fellow student handed me a set of 5 CDRs to try. And that remained my main distro all those years. On the server I used Debian stable for a long time, because openSUSEā€™s update cycles were too fast+unreliable and I contributed a handful of bugreports and fixes there over the years.
  3. I was working for a startup in Berlin that made HD video decoders. They needed better Linux drivers and I had just published my ā€˜translucencyā€™ (ugly but working kernel hack for filesystem overlay). I also started a private Debian fork to operate their appliances with a compressed, read-only rootfs and aufs overlay for configs. It made factory-reset trivial. Their decoders might still work these days in cinema 4K 3D HFR installations made by Qube(s?).
  4. I got multiple machines and they run Leap and Slowroll.
2 Likes

We once had a network outage that turned out to be caused by a software misconfiguration (Linux-VLAN-bridge-loop). I call it a ā€œsoftware-defined network outageā€ (SDNO). It was really hard to debug for our IT team, because the involved machines noticed that network was broken and rebooted, which fixed it for a few minutes. And the expensive Cisco switches did not do well with these billions of packets that needed processing by their weak CPU.
Developers went home early that afternoon.

Another case was when the power went away for 3 minutes and we found out the hard way that our UPS for the server-room had not received maintenance for years. Bonus points, because the KVM-hosts were not designed to start without the services that ran as VMs on these very hosts (DNS, LDAP, DHCP). Many improvements were made after this incident.

1 Like

The AMA is only over, if you guys stop asking new questions.

Iā€™d appreciate your contribution towards Slowroll openQA testing. action #137189: [core][opensuse] Enable Slowroll tests - openQA Tests - openSUSE Project Management Tool has some details.

1 Like

What language do you most often in your suse projects?

Personally, Iā€™m a big fan of perl and bash. Sometimes I write 3 pages of code and it just works as intended (after adding a missing semicolon).

Both of them are pretty old and code remained working for 10+ years without having to port it to a new version, as happened with python and ruby.

In shared projects, I sometimes use python, because we have more devs that are able to maintain it. And in the case of obsbugzilla/opensuserabbit.py at master Ā· bmwiedemann/obsbugzilla Ā· GitHub it is, because there are better libraries+examples available.

3 Likes

If you were just starting to learn to code today what language do you think you would focus on?

If SUSE disappeared tomorrow, which distro would you switch to?

1 Like

Iā€™d probably start with a scripting language (e.g. python) because the fast experimentation helps learning. Or rust if I was more interested in embedded devices and system-level code.

Iā€™d use Debian (ā€˜stableā€™ for servers, ā€˜testingā€™ for desktop). It got solid tech and project governance.
Maybe Fedora would be interesting, too, because they use the more familiar directory layouts and rpm packages.

At some point, I thought it might be a worthy idea to create a Debian-based or Fedora-based openSUSE. It should take less effort than packaging everything from scratch. On the down side, it would then be harder to change things in the core OS.

2 Likes

Are there any features that you wanted to add to openSUSE that got rejected?

Certainly.
Apart from the ā€œI have this idea, but someone else has to code itā€-type, I also created some patches that were never accepted. Usually boring stuff, such as being able to override the build date in ghostscript-generated postscript files for reproducible-builds. Or allowing HTTP compression in zypper downloads (because only rpm payload is compressed).

Deviating from upstream has some cost in long-term maintenance. It might appear small for a single patch, but if you look at all the 15795 Tumbleweed packages, those have 12601 patches in openSUSE. That needs some effort to manage.

1 Like

Dear Bernhard,

thank you for your effort on Slowroll!

My question: do you take any measures to harden an openSUSE standard install?

Like, what I have done or would like or one could doā€¦

  • a different umask (mine is 0077)
  • use of AppArmor (it is preinstalled, but what about extra profiles to be enabled manually?)
  • use of SELinux (it is not preinstalled with openSUSE, but with Fedora I guess)
  • use of FireJail (some people use it and recommend it strongly)
  • use of FlatPak to use their sandbox
  • DisplayManager (DM): rootless or not? (I use LightDM which is NOT rootless.)
  • delete/disable certain packages/apps/services/daemons? if yes: which?
  • further possible measures?

Thank you!

Another question:

which editor/notepad (maybe even IDE) do you use for daily ā€œsimpleā€ tasks (i.e. note taking, drafts of texts or codes ā€” but not regular programming)? (I donā€™t use ā€” donā€™t even have them ā€” vi(m) or (x)emacs ā€” I used to use Geany, now itā€™s VSCodium, on konsole itā€™s nano.)

  • For security, I use disk-encryption for /home and ensure secrets (e.g. VPN creds) are stored there.
  • all my ssh keys have a passphrase added. Some need a FIDO2 USB-stick to be touched (Yubikey, Nitrokey, Google Titankey).
  • I try to enable 2FA on relevant websites and avoid SMS+email modes. The good ones are TOTP/FIDO2/Passkey.
  • I use a different password on every website using a variant of bmwtools/pwhash at master Ā· bmwiedemann/bmwtools Ā· GitHub
  • I try to stick to packages from the main openSUSE repos so I know those went through a review.
  • In Firefox I use the NoScript, Multi-Account-Container + Sticky-Window-Container addons, so work+banking cookies are kept away from other tabs.
  • I use podman instead of docker, when possible. It runs rootless by default.
  • On my server, everything runs with KVM under its own user with GitHub - bmwiedemann/bmwvm-tools: scripts to start/stop/manage VMs so even when there was an exploit in KVM, there is still some isolation.

I mostly use vim for everything. Sometimes gvim -p for the tabs to edit multiple files. And occasionally gedit when I want to copy-paste large text to a browser window.

1 Like