IBM/Red Hat/Fedora: Community, RPMs, OpenShift and More Seven questions to steer open source project community development In my role as a community architect at Red Hat, I advise a number of project leaders on the ways in which they can develop the audience and community for their projects. In that capacity, I often talk to the leaders of projects with which I am not very familiar. Over time, I have found myself asking the same questions over and over, and I have found them useful, not only to help me understand the projects, but to help the project leaders understand what they are trying to achieve. I have asked these questions so often, I have created a template that I use during these conversations, to take notes and share the results with the project leaders afterwards. In this post, I will run through the seven questions I ask, and how the answers to these questions can shape all follow-up recommendations for community development.

Tor rpm package repository for Fedora and CentOS/RHEL Now we have official Tor RPM repositories for Fedora, CentOS/RHEL. The support documentation is already in place. Using this repository, you can get the latest Tor build for your distribution from the upstream project itself. Tor already provides similar packages for Debian/Ubuntu systems.

Daniel Berrange: libvirt: split of the monolithic libvirtd daemon Anyone who has used libvirt should be familiar with the libvirtd daemon which runs most of the virtualization and secondary drivers that libvirt distributes. Only a few libvirt drivers are stateless and run purely in the library. Internally libvirt has always tried to maintain a fairly modular architecture, with each hypervisor driver being a separated from other drivers. There are also secondary drivers providing storage, network, firewall functionality which are notionally separate from all the virtualization drivers. Over time the separation has broken down with hypervisor drivers directly invoking internal methods from the secondary drivers, but last year there was a major effort to reverse this and re-gain full separation between every driver. There are various problems with having a monolithic daemon like libvirtd. From a security POV, it is hard to provide any meaningful protections to libvirtd. The range of functionality it exposes, provides an access level that is more or less equivalent to having a root shell. So although libvirtd runs with a “virtd_t” SELinux context, this should be considered little better than running “unconfined_t“. As well as providing direct local access to the APIs, the libvirtd daemon also has the job of exposing remote access over TCP, most commonly needed when doing live migration. Exposing the drivers directly over TCP is somewhat undesirable given the size of the attack surface they have. The biggest problems users have seen are around reliability of the daemon. A bug in any single driver in libvirt can impact on the functionality of all other drivers. As an example, if something goes wrong in the libvirt storage mgmt APIs, this can harm management of any QEMU VMs. Problems can be things like crashes of the daemon due to memory corruption, or more subtle things like main event loop starvation due to long running file handle event callbacks, or accidental resource cleanup such as closing a file descriptor belonging to another thread. Libvirt drivers are shipped as loadable modules, and an installation of libvirt does not have to include all drivers. Thus a minimal installation of libvirt is a lot smaller than users typically imagine it is. The existance of the monolithic libvirtd daemon, however, and the fact the many apps pull in broader RPM dependencies than they truly need, results in a perception that libvirt is bloated / heavyweight.

Fedora: Call for Projects and Mentors – GSoC 2020 Google Summer of Code is a global program focused on bringing more student developers into open source software development. Students work with an open source organization on a 3 month programming project during their break from school. In the previous year, Fedora had an awesome participation and we would like to continue to be mentoring Org this year too.

Audiocasts/Shows: Linux in the Ham Shack, Cyber Security Mistakes and Python Podcast LHS Episode #323: Sloppy Seconds Welcome to the 323rd installment of Linux in the Ham Shack. In this episode, the hosts discuss amateur radio and the fires in Australia, state QSO parties, Brexit and CEPT, new extra pool questions, CERN, Facebook, Jericho, UNICEF and much, much more. Thank you for downloading and listening. We hope you have a fantastic week.

Cyber Security Mistakes You’re Probably Making: Duncan McAlynn | Jupiter Extras 52 Wes and Ell sit down with Duncan McAlynn to discuss what mistakes we might all be making that could be putting our privacy and security at risk.

Python Podcast: Build Your Own Personal Data Repository With Nostalgia The companies that we entrust our personal data to are using that information to gain extensive insights into our lives and habits while not always making those findings accessible to us. Pascal van Kooten decided that he wanted to have the same capabilities to mine his personal data, so he created the Nostalgia project to integrate his various data sources and query across them. In this episode he shares his motivation for creating the project, how he is using it in his day-to-day, and how he is planning to evolve it in the future. If you're interested in learning more about yourself and your habits using the personal data that you share with the various services you use then listen now to learn more.