WebProNews

Tag: SuSE

  • Linux Distro Reviews: openSUSE Tumbleweed — Part 1

    Linux Distro Reviews: openSUSE Tumbleweed — Part 1

    openSUSE Tumbleweed is a rolling release Linux distro, one that is something of a two-edged sword in terms of its features and usability.

    openSUSE Tumbleweed is a well-engineered Linux distro and is often brought up as an alternative to Arch, the best-known rolling distro.

    For the uninitiated, a rolling release distro is one that has no major or minor versions but is updated constantly as new packages become available. For example, Ubuntu is currently on version 22.10, with 23.04 right around the corner. Similarly, Fedora is on version 37, with 38 soon to be released. In contrast, a rolling release updates packages as they become available, eliminating the need to do a major upgrade or reinstall every couple of years.

    Given how complicated a product openSUSE Tumbleweed is, this review will be broken into two parts. In this first part, we’ll provide an overview of some of openSUSE Tumbleweed’s hallmark features.

    Background

    openSUSE Tumbleweed is the upstream distro for SUSE Enterprise Linux (SLE), much like Fedora is upstream to Red Hat Enterprise Linux. This means that Tumbleweed essentially serves as a testing ground for what will eventually become SLE.

    In contrast, openSUSE Leap is a point-release distro that is functionally identical to SLE, just without the paid support.

    microOS, on the other hand, is openSUSE’s equivalent of Fedora Silverblue, an immutable distro where the root file system is protected from tampering.

    ‘Rolling Done Right,’ Thanks to openQA

    One of the most common things said about Tumbleweed is that it’s “rolling done right.” Much of this is the result of openSUSE’s reliance on openQA, an automated quality control tool that runs packages and updates through their paces before pushing them out to users.

    openQA allows openSUSE to accomplish one of the most reliable and rock-solid rolling releases with a much smaller team than some other distros have.

    Despite the extra QA that goes into Tumbleweed, the distro still manages to roll at an impressive pace. In fact, it usually runs neck-and-neck with Arch. On any given day, Tumbleweed may get a package first, Arch may get it first, or they may get it at the same time.

    However, the big difference between Tumbleweed and Arch is that the former generally manages to avoid some of the bigger issues that Arch users sometimes face.

    Installer

    openSuse Installer Time Zone – Credit The Linux Cast

    The openSUSE installer is often maligned for being overly complicated, but that is an extremely unfair assessment. Calamares is the installer that most distros use and compared to it, openSUSE’s installer is a lot more complex.

    It’s important to note, however, that complex doesn’t equal bad. The openSUSE installer is certainly more complex than Calamares, but it offers a level of control that is unrivaled by virtually any other graphical installer on any platform.

    The installer gives you the option of choosing your partitioning scheme, setting up your network, and choosing the individual packages you want installed.

    Desktop Environments

    While some distributions focus on a single desktop environment (DE), openSUSE has options to install KDE, Gnome, and Xfce. With a little effort, users can install almost any other DE.

    openSUSE Installer DEs – Credit The Linux Cast

    What makes openSUSE unique when it comes to DEs is that no single DE ever feels like a second-class citizen. In fact, thanks to the quality of openSUSE and its openQA, every DE is rock-solid and feels like it’s the only DE on the distro.

    It should be noted, however, that contrary to popular opinion, KDE is not the default desktop environment. While that certainly may have been the case at one time, when Novell bought openSUSE, the focus for SLE shifted to Gnome, according to Richard Brown, Linux Distribution Engineer at SUSE. Therefore, it can be argued that openSUSE Tumbleweed does not have a default desktop, treating Gnome, KDE, and Xfce equally. If there was such a thing as a default, it would actually be Gnome, not KDE.

    Security

    Another area where openSUSE shines is in the area of security. Tumbleweed is built with a number of hardening options enabled that are not usually enabled. This results in one of the most secure Linux distros available.

    In fact, using the Lynis security auditing tool — where 70 is considered a passing score — Tumbleweed routinely scores in the upper 80s. In contrast, the next best score I’ve gotten out of the-box is Fedora, which only comes in right at 70.

    In Part 2 of this review, we’ll look at openSUSE Patterns, Yast, and how everything comes together.

  • openSUSE Begins Enforcing Secure Boot Kernel Lockdown

    openSUSE Begins Enforcing Secure Boot Kernel Lockdown

    Linux distro openSUSE has begun enforcing Kernel Lockdown when Secure Boot is enabled, creating issues for many users.

    Kernel Lockdown was introduced in version 5.4 of the Linux kernel and is designed to help protect the kernel from tampering and unauthorized modification, and serves as an important security feature. It works together with Secure Boot, which is a system to ensure the bootloader process is running legitimate, trusted code signed by Microsoft-controlled master keys.

    While openSUSE has long supported Secure Boot, it did not have Kernel Lockdown enabled for its Tumbleweed distro. Because Tumbleweed is a rolling distro, where updates are pushed out as they become available instead of waiting for a point release, leaving Kernel Lockdown disabled made it easier for users to deal with unsigned kernel modules and drivers, such as Nvidia drivers.

    Evidently, according to a Reddit thread that also links to an openSUSE mailing list, Microsoft evidently refused to continue signing openSUSE’s bootload shim unless Kernel Lockdown was enabled. As a result, beginning with kernel 6.2.1, openSUSE Tumbleweed will enable Kernel Lockdown whenever Secure Boot is also enabled.

    Microsoft’s reasons for insisting on Kernel Lockdown being enabled are easy to understand. Without it, Secure Boot is essentially useless, giving anyone who had it enabled a false sense of security.

    At the same time, users that rely on Nvidia drivers on the fast-moving Tumbleweed now have a choice to make: either disable Secure Boot or manually sign those modules so that the kernel can load them.

    Even for users without Nvidia cards, hibernation is another casualty of the change, and no longer works on systems with Secure Boot enabled, although there is ongoing discussion about how to re-enable it with Secure Boot.

    Contrary to many opinions, while Microsoft does serve as the central signing authority, Secure Boot is not a Microsoft attempt to control people’s hardware, as evidenced by the fact that users can sign their own modules. openSUSE provides instructions on how to do so in the following link:

    https://en.opensuse.org/SDB:NVIDIA_drivers#Secureboot

  • Fedora and openSUSE Disable GPU-Accelerated Video Over Patent Concerns

    Fedora and openSUSE Disable GPU-Accelerated Video Over Patent Concerns

    Fedora and openSUSE have taken a step backward in usability, disabling GPU-accelerated decoding for H.264, H.265, and VC1 codecs.

    Video codecs often rely on the GPU for encoding and decoding, as it is faster and less resource-intensive than relying on the CPU. After Red Hat’s lawyers raised concerns about the drivers, and associated patents, for the Mesa VA-API, specific to AMD GPUs. In response, Red Hat opted to drop support for the video acceleration feature, impacting H.264, H.265, and VC1 codecs, some of the most common video codecs.

    In short order, openSUSE followed suit, announcing VA-API would be disabled in that distro moving forward.

    Both distributions seemed to indicate they would disable the driver not only for upcoming builds but also retroactively for any build that had the feature enabled.

    Fortunately, Red Hat developers are already hard at work bundling Mesa libraries supporting VA-API for the RPM Fusion repository. Since Red Hat has a strict FOSS-only policy about what it bundles with its distribution, RPM Fusion is a community repo that contains many of the non-FOSS software, codecs, and drivers that are not shipped with Fedora.

    On the openSUSE side of things, nothing has been officially stated regarding a solution, although one is sure to be forthcoming.

    In both cases, the distros shipped VA-API support by mistake, without realizing the legal implications.

    To be clear, computers running Fedora and openSUSE will still be able to view videos encoded with H.264/H.265/VC1. However, the videos will be decoded by the CPU, which could lead to lower battery life on laptops. Desktop users will, obviously, not be impacted nearly as much.

    In the meantime, Ubuntu appears to be immune to the issue since it is based in the UK, with no offices in the US, unlike Red Hat, which is a US company. While SUSE is based in Germany, it still has offices in the US, making it subject to US patent law.

  • Nvidia Is Finally Open-Sourcing Its Linux GPU Kernel Drivers

    Nvidia Is Finally Open-Sourcing Its Linux GPU Kernel Drivers

    Nvidia is — at long last — open-sourcing its GPU kernel drivers for Linux, potentially ending a major pain point for users.

    Hardware support for Linux has come miles in recent years, but Nvidia drivers have continued to be a sore point for many users. Unlike AMD, Nvidia steadfastly refused to open-source its drivers. Users with Nvidia cards have had to use Nvidia’s proprietary drivers. Depending on the specific Linux distribution (distro), accessing Nvidia’s drivers could range from easy to painfully difficult.

    According to Phoronix, Nvidia has finally agreed to open-source its drivers. This means that even the most free and open source (FOSS) focused distro will now be able to include the drivers in their standard repositories (repos). Canonical / Ubuntu, Red Hat, and SUSE are already preparing to include the drivers. While Ubuntu already made it easy to install non-FOSS drivers and software, Red Hat and SUSE required users to enable specific, non-official repos to access the drivers.

    Nvidia’s previous stance not only drew constant criticism from the open source community, but it also drew the wrath of hackers. The Lapsus$ ransomware group stole Nvidia code, demanding the company open-source its drivers if it wanted to avoid having its source code leaked to the world. While company CEO Jensen Huang called the breach a “wake-up call,” few suspected the company would go this far.

    Either way, Nvidia’s decision is a major win for Linux users and FOSS advocates alike.

  • Microsoft Relies on SUSE Linux for SAP Applications in Azure

    Microsoft Relies on SUSE Linux for SAP Applications in Azure

    Gone are the days of Linux and Microsoft being rivals, with the Redmond giant embracing SUSE Linux to run SAP applications in Azure.

    Anyone who has been around technology longer than the past decade remembers the time when Microsoft was notoriously territorial about its operating system. The company aggressively fought anything it felt was a threat to Windows, including Linux.

    The company’s culture shifted under CEO Satya Nadella, with a new emphasis on cloud computing and providing the best software and services on many different platforms. The strategy has paid off in spades, with Microsoft reaching all-new heights.

    Microsoft is even embracing Linux, including Windows Subsystem for Linux in the most recent editions of Windows, allowing users to run Linux apps natively. The same is true for the company’s approach to SAP applications in Azure, choosing SUSE Linux as the foundation, according to SUSE’s Paul Fox.

    “SLES for SAP Applications makes our complete deployment process way easier. It comes preconfigured with SAP requirements so we can deploy without having to take any extra steps,” Elke Bregler, Principal Service Architect, Microsoft, told Fox. “It also allows us to resize [VMs] without having to change any configurations. It’s quite easy to use and makes for a much better experience for everyone involved.”

    SAP’s own trust in SUSE was a major factor in Microsoft’s decision-making process, as SUSE has been an SAP “partner longer than any other open source company.” With so much on the line — proving Azure could be a robust cloud solution — SUSE offered a solid track record that aligned with Microsoft’s needs.

    SUSE Linux Enterprise Server (SLES) for SAP Applications soon proved itself a highly available, easy to maintain and fast scaling database management solution. As a Premium Certified SAP Endorsed App, SLES for SAP Applications provides an environment for optimal SAP performance: reduced risk from service outages; less time and effort for system maintenance; and faster services deployment on premises and in the cloud for SAP solutions.

    SUSE Consulting provided another major benefit.

    The addition of SUSE Consulting completed the picture for Microsoft, providing direct access to subject matter experts, which meant faster resolution times, mitigation of potential issues and the enablement of more precise planning for future projects.

    In recent years Microsoft has become a major force within the open source community, a community it once viewed as an enemy. Its success and contributions demonstrate the good that can come when companies embrace open source software.