elstel.org

Firefox: make https the default protocol
It is a security flaw in modern browsers that if you enter a web address it will first try to connect via http. Then most sites have a redirect to https. However this redirect is still insecure and it can be spoofed so that the user stays with unencrypted http without noticing. Moreover forced http→https redirects have numerous detriments an would be unnecessary if https was the default protocol. This is important as arbitrary code execution bugs continue to be discovered with all known browsers.

Apache: log reload/restart messages into domain specific error.log-s
This would be necessary to support DANE through a wide variety of hosters. DANE would greatly improve the security of the world wide web as we know it today by asserting that you really visit the domain/site that is displayed in the address bar of your browser. The current certificate signing system involving certification authorities can not sufficiently guarantee this.

Firefox/https: better support for secure ciphers
Currently Firefox can not make use of all important ciphers offered by servers in the internet and may fall back to an insecure cipher.

openssl: support of DNSSEC/DANE for webkit based browsers (Safari, QupZilla, Konqueror, etc.)
DNSSEC/DANE could overcome much of the weakness in the current certificate managment by asserting that a given certificate belongs to the given site in deed. Many rogue certificates are said to have been issued for intelligence agencies. This allows intelligence agencies to mirror a site apparently 1:1 but then insert malicious code into the site.

[NV96] Amilo Xi 3650: G96M [GeForce 9600M GT]: HDMI monitor stays black after s2ram
The only current drawback of using a Xi3650 we can think of are certain s2ram issues with the nouveau driver. The proprietary nvidia driver has no such issue. The Intel ME can be disabled fully with the Xi3650 by using the mecleaner program.

provide a BD/ Blue Ray download image for openSUSE
If you do not have a fast flat internet connection or want to keep a computer offline because of security reasons an official openSUSE blue ray would be great relieve. Furthermore tools like checkroot could verify from BD against malware, rootkits and errors. This is already reality for Debian.

SystemRescueCd: include public keys of all major distros
secure downloads, openVPN: The additional security of signed downloads of f.i. openSUSE over pure sha256sums can only be harvested if the .key file can be fetched from a more secure source than the internet i.e. from dvd. That is why the SystemRescueCd should include these files. Compromizing the connection to download or update servers is f.i. a common possibility to attack by intelligence services. The key feature about it is that you can buy a SystemRescueCd at any news shop anonymously and originally packaged. Regularly updated public keys provide additional security; for sure. Including at least the key files shields against meet in the middle attacks when using free openVPN services like arethusa.su. If you do not need a certain country as outgoing server the Tor network is usually the better alternative towards openVPN.

smart online package search
If I enter ‘web browser‘ at the YaST package module it will not find konqueror, arora, epiphany, lynx, pinfo, p3m and many others though these packages are available. The goal would be to furnish the online package search at packages.opensuse-community.org with the full power of the YaST package search mechanism which should be improved by consequently tagging all packages (f.i. as web browser).

provide FreeBSD, Solaris and OSX build targets for the openSUSE Build Service
While just rebuilding for different distros and Linux versions is often a rather cosmetic issue this would greatly enhance the capabilities of the automated package creation. It should not be undoable since there are also plans for a Windows build target. However the support of the program environment will be much better met on a Unix based system. What a pleasure for Mac OS users!

disable TCP-window scaling (seems to be buggy)
May be useful for those who dial in via modem or wirelessly into the internet.

back to Programs and TechDoc

multiple suspend and hibernate issues
Current Standby/Suspend (s2ram) and Hibernate (s2disk) bugs under Mageia and other distros including a way by me to resolve them. Also about how to make Grub pre-select the last booted OS for resume from hibernation (error message: sparse file not allowed).

Firefox/https: SEC_ERROR_UNKNOWN_ISSUER though all CA certs have been loaded
Firefox does not allow you to configure your own certificates instead of the default certification authorities. However this would be necessary for secure browsing as some certification authorities are known to issue rogue certificates for central intelligence. Unsuspecting users who visit such a site are infected by an operating system rootkit.

radeon: enjoye 4K/UHD/2160p even with elder graphics cards: at kernel.org and at freedesktop.org
Some straight-forward changes around radeon_dvi_mode_valid may allow for TMDS overclocking with the radeon driver as well (see for the respective feature of the nouveau driver at the right.).

nouveau: enjoye 4K/UHD/2160p even with elder graphics cards
We have been one of the first to test the new nouveau.hdmimhz kernel parameter. An article about how it is done in detail even if your graphics card is not said to support such resolutions shall be available soon on elstel.org.

[flashrom] Amilo Xi 3650 - patch works
The FTS Amilo Xi 3650 is one of the more classy Core 2 Duo notebooks. It can be used with a 2,8Ghz Core 2 Duo and up to 8GB of DDR3 1066MHz RAM if the CPU allows for it. Now it does not just feature 4K/UHD/2160p via the HDMI output by TMDS overclocking. ExpressCard, eSATAp and an SDHC card reader are included and working well under Linux.

qemu-kvm multi-booting *** resolved with contribution from elstel *** (confinedrv: see for the software section)
Allowing to boot another existent OS installation without having to reinstall as vmware would be a good enhancement to qemu-kvm. It is a free virtualisation technic with the graphics support of vmware drivers and hardware accelarated virtualization. The feature should not be hard to implement since we only need to free individual partitions instead of a whole hard disk.

support for KDE3 in Opensuse_11.2 (done)
KDE3 is still more stable and elaborate than KDE4. By voting for this feature you can save your choosability between KDE3 and KDE4. Note that migrating to KDE4 will require a certain effort because it may need to be configured from scratch. It should be the decision of the user when to switch. It is also possible to use KDE3 and KDE4 applications simultaneously thus taking the best out of both systems (f.i. there is no kdesktop and kicker in KDE4, many configuration options are not provided so far.). Some apps like warp and wmiface have not been ported at all yet!

comprehensive xinerama support    (main issue done) *** nouveau support: upcoming xinerama bugfixes 2013-10 ***
Preconfiguring screen orientation (left/right), screen size (font size!) and the selection of the primary screen for the task bar is something that can only be done by an appropriate xorg.conf. Alternative desktop environments will perhaps never present xrandr-workarounds to emulate even some of that functionality. If you are interested in ongoing xinerama support (with full xorg.configurability) you should give your vote at Novells bugzilla.

create a chroot environment for Opensuse (done)
Creating a chroot environment enables you to run another Linux version or release without having to reboot. A simple chroot taking almost no time suffices. Besides this creating a chroot environment usually poses the basic step to set up a virtual machine via Xen or qemu-kvm. Nonetheless having a mere chroot environment requires per se much less space than a full virtualized OS-installation. The usage of such chroot environments may leverage the usage of apps only available for elder/other Linux distros. Besides this it may be heavily used for development purposes (Setting up a chroot via rpm is very tedious and intricated.).

package wishlist (done)
Suggest and vote for those packages which you wanna see in Opensuse; now at features.opensuse.org.

Apparmor for Opensuse_11.2 / 11.1 kernel 2.6.30 (done; still included)
Apparmor has been Novells easy-to-use, straight-forward security solution for Opensuse. It can sandbox an application f.i. your webbrowser or email messanger so that a cracker using an exploit can not penetrate further into your system. However Apparmor has recently been ’outsourced’ so that a continuing support for Apparmor in Opensuse is at question. Without Apparmor Opensuse will lack an appropriate security framework (There does not seem to be any plan to adopt the more complex SELinux securtiy framework).

use a safe hashing algorithm for dvd images and rpm file headers (done)
At the moment only sha1 and md5sum are offered in the web download area of opensuse.org. However I believe that we should offer only hash values of algorithms generally considered as safe like sha256 and sha512 here whereby I would prefer sha512 as the stronger hashing method. Similarely a stronger hashing algorithm should be used to check individual files by the rpm header with rpm --verify.

better graphics driver support for Google Earth
Comment on this issue and make Google engage in the development of an open source drivers for ATI graphics cards. The open source dirvers radeon and radeonhd are not mature enogh for a good 3D-experience while the proprietary fglrx is often broken on kernel updates and crashing quite frequently. Should be in the interest of Google as Google wants to offer an own Linux based operating system.

+ many small bugfixes and features
visit my openSUSE testing page or bugzilla.novell.com.
SSD support on installation, realtime capable Linux, print OS & kernel version on boot screen, & many many other bugs