Sunday, May 11, 2014

Coffee: my personal history

As always, long time no blog. These days, I don't have enough energy (nor content, IMO) to write blog posts, mostly on Free Software, which would relevant for other people.

Why, would you ask ? Mostly because with my not-so-new-anymore position at SUSE (Enterprise Desktop Release Manager), I'm mostly working behind the scene (discovery the joy of OBS to create ISO images and lot of crazy similar stuff) which might not be that sexy to describe but still need to be done ;)

So, instead of closing this blog for new posts, I'm trying something new to me: writing about things which aren't Free Software but might still interest people:

My new thing these days (asks my wife ;) is coffee.

I've always been fond of coffee (and tea, they aren't mutually exclusive, fortunately), probably because when I was a child, my parents loved good coffee and I was happy to be the one taking care of both electric grinder and Expresso machine we had. And I remember how difficult it was to find good coffee, even more when you were living in a very rural area of France and when the only online services were accessible with a Minitel and were definitively not selling coffee ;)

Fast forward ten years, when I started to work in Paris, I was still into coffee and I discovered something which wasn't known at all at that time (it was in 2002 and George was still working in ER ;): Nespresso. This was a great thing (even if I was a bit worried by the closed system around it) because I was able to get a expresso at home which was always good (IMO at that time) and which also allowed me to switch between various coffees without any hassle (try that with several ground opened coffee bags when you are single and only drink one expresso per day ;)

And then started my love story with Nespresso, which has not ended (yet), with its ups (being part of a customer panel once, including UI designers, very interesting) and downs. I often skipped coffee in cafés and restaurants because I knew it wouldn't be good!

Nespresso Drinker
Fast forward again 10 years. We are in 2014. Caps war is on for few years in France, since some of Nespresso patents are in public domain and competitors are trying to get a share of this huge market (France is apparently one of the biggest markets for Nespresso). I've tried various alternative caps and most of them are just cheaper and not as good as the original caps, except one or two caps done by some "small" roasters (Terre de Café for instance). I ended up sticky with the original, until something better "happens".

And it has happened these days, somehow unexpectedly: for a few years, I was reading about strange devices (Aeropress being cited often) and tasty filter coffee (which, for me, as always been synonym of bad coffee) and I also heared some radio shows on coffee which make me think: let's try.
I ordered an Aeropress and tried it (with some fair trade coffee from my supermarket since I don't have any grinded coffee at home and opening caps wasn't really a good idea). Result: not bad, compared to the consistency of Nespresso but not that great. I knew I wasn't using great coffee.

The Aeropress
So, I decided to expand a bit more and searched for good coffee roasters in Paris. And one of those which was often mentionned is Coutume Café (their main website is not great ATM, better to look at their FB account), who also have a coffee shop. I went there, tried one of their coffee and I was astonished. This was the best ever coffee I ever tasted, with flavor like red fruits and chocolate. This was incredible and it wasn't even an expresso (which has been my reference for coffee) but filter coffee which looks like dishwater ;)

So, I'm now with this exact same coffee at home, waiting for delivery of a freshly ordered manual grinder to try to duplicate this coffee experience, because I try other coffee and other Paris roasters.

Let's see if I succeed :)

Saturday, February 2, 2013

Secure Boot on openSUSE talk at FOSDEM cancelled

Hi folks,

for those of you who are attending FOSDEM this year and were planning to attend my talk about Secure Boot on openSUSE on Sunday, I'm sorry to announce I had to cancel my travel to Brussels (and my talk) for family reasons.

Since my slides were already written, I thought I could still share them with you Feel free to ask questions / comments on this blog post.

Friday, November 23, 2012

Secure Boot on openSUSE, a battleplan

At openSUSE Conference in Prague last month, we had a BoF about Secure Boot, where I describe the various tasks which are needed to ensure openSUSE can support Secure Boot. They are listed on my slides, but I thought it would be more useful to describe them here.

Before we begin, if you need some refresh about Secure Boot, I suggest the blog posts from Olaf Kirch and Vojtěch Pavlík on SUSE Blog (overview, details and approach to it) and of course, all the war stories of Matthew Garrett on this topic ;)

To have openSUSE installable (and runnable) on a Secure Boot enabled system, without any additional user intervention (like adding your own key in UEFI firmware or disabling Secure Boot), we need to do the following to the distribution :

  • to the kernel (many of those features are in 3.7 or in upcoming 3.8):
    • convert the kernel as a EFI executable (it will be used to store kernel signature)
    • UEFI variable access
    • UEFI clock support (nice to have)
    • UEFI getvideomode (if we want flicker-free boot)
    • UEFI reboot (we already have 4 other way to reboot a system, why not add yet another one ;)
    • KMS drivers (for old chipsets like Matrox, AST).
    • sign main kernel
    • sign all in-tree kernel modules
    • generate a private/public key pair to be used out of tree modules
    • add Secure Boot support in KExec / KDump and Xen (optional)
    • disable hibernation in Secure Boot mode (or have a secure way to save / restore suspended system)
    • add signature check in kernel
  • to bootloader:
    • package shim loader
    • modify grub2 so it uses shim loader to check kernel signature at boot
  • to Build Service:
    • to be able to build external kernel modules (think KMP) using the private/public key generated at kernel build
    • but do not allow this key to be used for any random KMP build (otherwise, you defeat the purpose of signing the module)
  • to userspace tools:
    • package xf86-video-modesettings, for graphics chipset with non-accelerated KMS drivers
    • add support for signature check in modutils / kmod
    • package tools to sign kernel / modules
    • package tools to manage UEFI variables and keys
  • to the installer / DVD image
    • maybe display some warnings about installing a system in Secure Boot mode (not 100% sure we should do this)
    • maybe signing the initial installer (and make sure it can't load non-signed modules)
    • ensure the DVD image has shim + grub2 as bootloader when booting on UEFI system
  • and we also need to do the signing part:
    • if we want Secure Boot to be transparent to users, we need our shim loader to be signed by the authority handling UEFI key, ie Microsoft
    • this requires some legal paperwork (getting MS developer account, getting a Authenticode certificate, etc..), some obligation (making sure you can't circumvent Secure Boot once Linux is booted) and once it is done, sending shim loader to be signed by MS and package the result.
As you can see, this is a lot of work but I think we will be able to have everything in order for next openSUSE release !

Tuesday, November 20, 2012

systemd (and dracut) in next openSUSE

Some weeks ago, I had the pleasure to do a talk at the openSUSE conference in Prague, about systemd (its current state in openSUSE and what we plan for the future) and dracut (mkinitrd replacement).

For those of you who didn't attend the conference, you can watch my talk on YouTube or (thanks to openSUSE awesome video team for the recording):

And you can even get my slides ;)

Monday, July 30, 2012

My hackweek8 project: dracut

Now that SUSE Hackweek 8 is over, here is recap of my own project and how it went:

I've worked on dracut (a mkinitrd replacement), to see if it works nicely on openSUSE (with the hope to replace the three different initrd we have in openSUSE, main one created by mkinitrd, the one used by YaST installer and a third one in kiwi).

Fortunately, I was not alone working on dracut for openSUSE. Thomas Renniger had started packaging dracut for openSUSE and I was able to reuse his work and improve it. Moreover, Mike Gorse uses his hackweek to also improve dracut (adding support for CIFS for instance).

  • Day 1:
    • modified my own grub2 configuration to add a additional dracut menu entry (hard coded atm)
    • succesfully booted a 12.2 VM with dracut image !
  • Day 2:
    • discussed with upstream if they would accept "compatibility" patches to team dracut about openSUSE / SLE own initrd command line and got no as an answer, because they don't want to maintain compability cruft on their own side.
    • worked on a separate module which is able to convert at boot time SUSE initrd commands into dracut one (when they are available). Works fine for "shell=1" "linuxrc=trace" and "sysrq". Upstream proposed to review the module for mistake when we are done with it
    • asked upstream if they were interested in "sysrq" feature for dracut. No response yet
    • worked on separate journal (reiserfs / XFS). Need to create VM to test it and ask upstream if they want to integrate it
  • Day 3:
    • got trenn cflags patch merged upstream
    • continue digging into dracut internals
    • journaldev is working on boot command line (tested with XFS)
    • need improvement to configure initrd with system fstab value, when available and try to use a more generic term (root.journaldev)
  • Day 4:
    • subscribed to initramfs mailing list
    • got my first patch merged upstream (journaldev support)
    • added cmdline support for mduuid and isci (TargetAddress / TargetPort / TargetName), untested (don't have the right setup)
    • ran test suite, found some issues: some in dracut upstream (fixed immediatly by upstream), some in our package (fixed mdadm and device-mapper to not call blkid binary but use udev builtin-blkid, will be faster and we save some fork ;)
  • Day 5:
    • sr mdadm and device-mapper fixes
    • tried to get all test suite to pass
      • some fixes were made to dracut, with more test passing
      • still getting issue with network based test (NFS, iSCSI, etc..). Partially working (DHCP server is working now in test suite), partially not (impossible to mount stuff in server test image, getting "EUID=1000" for root, even when booting the image with init=/bin/sh .. No clue to fix that and upstream never got this issue either, if you have an idea, I'm all ears..)

In short, this hackweek worked well for me, even if I didn't finished all I wanted to do. I'll make sure everything is pushed in Factory soon, so we could try (maybe) to switch openSUSE 12.3 to dracut.

Tuesday, August 23, 2011

GNOME 3.0 Live image release 1.5.0 available

Hi all,
Geeko from the inside
I just push a new GNOME 3.0 live image labelled as 1.5.0 (yes, I forgot to push 1.4.0 after I built it, so we are at 1.5.0 now ;)

No big changes, it is based on GNOME 3.0.2 + some additional fixes.

As always, it can be downloaded from

For people interested, here are some download hits (it doesn't include SUSE Studio appliance nor promo dvd which is also available from GNOME ftp) :

on GNOME 3.0 release day : 4526 hits
April :  145904 hits
May : 46551 hits
June : 24747 hits
July : 23611 hits
August (from 1 to 15) : 13063 hits

Enjoy !

Thursday, August 4, 2011

Map for Desktop Summit 2011

I've cooked with other people from #gnomefr channel a Google Map with the various useful addresses for Desktop Summit 2011.

It is available here, you can also get KML file or import this map in your favorite software (for Android users, I suggest using Locus Free which can download offline OpenStreetMap data and merge our map on it, no roaming data needed !).